rrset-sign.c 10.4 KB
Newer Older
1
/*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
2 3 4 5 6 7 8 9 10 11 12 13

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
14
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
15 16 17
 */

#include <assert.h>
18

19
#include "contrib/wire_ctx.h"
20
#include "libdnssec/error.h"
21
#include "knot/dnssec/rrset-sign.h"
22
#include "libknot/libknot.h"
23 24 25

#define RRSIG_RDATA_SIGNER_OFFSET 18

26 27
#define RRSIG_INCEPT_IN_PAST (90 * 60)

28
/*- Creating of RRSIGs -------------------------------------------------------*/
29 30

/*!
31
 * \brief Get size of RRSIG RDATA for a given key without signature.
32
 */
33
static size_t rrsig_rdata_header_size(const dnssec_key_t *key)
34
{
35 36 37
	if (!key) {
		return 0;
	}
38 39 40 41 42 43 44 45 46 47 48 49 50

	size_t size;

	// static part

	size = sizeof(uint16_t)		// type covered
	     + sizeof(uint8_t)		// algorithm
	     + sizeof(uint8_t)		// labels
	     + sizeof(uint32_t)		// original TTL
	     + sizeof(uint32_t)		// signature expiration
	     + sizeof(uint32_t)		// signature inception
	     + sizeof(uint16_t);	// key tag (footprint)

51 52
	assert(size == RRSIG_RDATA_SIGNER_OFFSET);

53 54
	// variable part

55
	size += knot_dname_size(dnssec_key_get_dname(key));
56 57 58 59 60

	return size;
}

/*!
61
 * \brief Write RRSIG RDATA except signature.
62 63 64
 *
 * \note This can be also used for SIG(0) if proper parameters are supplied.
 *
65
 * \param rdata_len     Length of RDATA.
66 67 68 69 70 71
 * \param rdata         Pointer to RDATA.
 * \param key           Key used for signing.
 * \param covered_type  Type of the covered RR.
 * \param owner_labels  Number of labels covered by the signature.
 * \param sig_incepted  Timestamp of signature inception.
 * \param sig_expires   Timestamp of signature expiration.
72
 */
73 74 75 76 77
static int rrsig_write_rdata(uint8_t *rdata, size_t rdata_len,
                             const dnssec_key_t *key,
                             uint16_t covered_type, uint8_t owner_labels,
                             uint32_t owner_ttl,  uint32_t sig_incepted,
                             uint32_t sig_expires)
78
{
79 80
	if (!rdata || !key || sig_incepted >= sig_expires) {
		return KNOT_EINVAL;
81 82
	}

83 84 85
	uint8_t algorithm = dnssec_key_get_algorithm(key);
	uint16_t keytag = dnssec_key_get_keytag(key);
	const uint8_t *signer = dnssec_key_get_dname(key);
86
	assert(signer);
87

88 89 90 91 92 93 94 95 96 97 98 99 100
	wire_ctx_t wire = wire_ctx_init(rdata, rdata_len);

	wire_ctx_write_u16(&wire, covered_type);	// type covered
	wire_ctx_write_u8(&wire, algorithm);		// algorithm
	wire_ctx_write_u8(&wire, owner_labels);	// labels
	wire_ctx_write_u32(&wire, owner_ttl);		// original TTL
	wire_ctx_write_u32(&wire, sig_expires);	// signature expiration
	wire_ctx_write_u32(&wire, sig_incepted);	// signature inception
	wire_ctx_write_u16(&wire, keytag);		// key fingerprint
	assert(wire_ctx_offset(&wire) == RRSIG_RDATA_SIGNER_OFFSET);
	wire_ctx_write(&wire, signer, knot_dname_size(signer));	// signer

	return wire.error;
101 102 103 104 105 106 107
}

/*- Computation of signatures ------------------------------------------------*/

/*!
 * \brief Add RRSIG RDATA without signature to signing context.
 *
108 109
 * Requires signer name in RDATA in canonical form.
 *
110 111 112 113 114
 * \param ctx   Signing context.
 * \param rdata Pointer to RRSIG RDATA.
 *
 * \return Error code, KNOT_EOK if successful.
 */
115
static int sign_ctx_add_self(dnssec_sign_ctx_t *ctx, const uint8_t *rdata)
116 117 118 119
{
	assert(ctx);
	assert(rdata);

120
	int result;
121

122
	// static header
123

124
	dnssec_binary_t header = { 0 };
125
	header.data = (uint8_t *)rdata;
126
	header.size = RRSIG_RDATA_SIGNER_OFFSET;
127

128 129
	result = dnssec_sign_add(ctx, &header);
	if (result != DNSSEC_EOK) {
130
		return result;
131
	}
132

133 134 135 136 137 138 139 140 141
	// signer name

	const uint8_t *rdata_signer = rdata + RRSIG_RDATA_SIGNER_OFFSET;
	dnssec_binary_t signer = { 0 };
	signer.data = knot_dname_copy(rdata_signer, NULL);
	signer.size = knot_dname_size(signer.data);

	result = dnssec_sign_add(ctx, &signer);
	free(signer.data);
142 143

	return result;
144 145 146 147 148
}

/*!
 * \brief Add covered RRs to signing context.
 *
149 150
 * Requires all DNAMEs in canonical form and all RRs ordered canonically.
 *
151 152 153 154 155
 * \param ctx      Signing context.
 * \param covered  Covered RRs.
 *
 * \return Error code, KNOT_EOK if successful.
 */
156
static int sign_ctx_add_records(dnssec_sign_ctx_t *ctx, const knot_rrset_t *covered)
157
{
158
	// huge block of rrsets can be optionally created
159
	uint8_t *rrwf = malloc(KNOT_WIRE_MAX_PKTSIZE);
160 161 162 163
	if (!rrwf) {
		return KNOT_ENOMEM;
	}

164
	int written = knot_rrset_to_wire(covered, rrwf, KNOT_WIRE_MAX_PKTSIZE, NULL);
165
	if (written < 0) {
166
		free(rrwf);
167
		return written;
168 169
	}

170
	dnssec_binary_t rrset_wire = { 0 };
171
	rrset_wire.size = written;
172
	rrset_wire.data = rrwf;
173
	int result = dnssec_sign_add(ctx, &rrset_wire);
174 175
	free(rrwf);

176
	return result;
177 178
}

179 180 181
int knot_sign_ctx_add_data(dnssec_sign_ctx_t *ctx,
                           const uint8_t *rrsig_rdata,
                           const knot_rrset_t *covered)
182
{
183 184 185 186
	if (!ctx || !rrsig_rdata || knot_rrset_empty(covered)) {
		return KNOT_EINVAL;
	}

187 188 189 190 191 192 193 194
	int result = sign_ctx_add_self(ctx, rrsig_rdata);
	if (result != KNOT_EOK) {
		return result;
	}

	return sign_ctx_add_records(ctx, covered);
}

195
/*!
196
 * \brief Create RRSIG RDATA.
197 198
 *
 * \param[in]  rrsigs        RR set with RRSIGS.
199
 * \param[in]  ctx           DNSSEC signing context.
200 201 202 203 204
 * \param[in]  covered       RR covered by the signature.
 * \param[in]  key           Key used for signing.
 * \param[in]  sig_incepted  Timestamp of signature inception.
 * \param[in]  sig_expires   Timestamp of signature expiration.
 *
205
 * \return Error code, KNOT_EOK if successful.
206
 */
207
static int rrsigs_create_rdata(knot_rrset_t *rrsigs, dnssec_sign_ctx_t *ctx,
Jan Včelák's avatar
Jan Včelák committed
208 209 210
                               const knot_rrset_t *covered,
                               const dnssec_key_t *key,
                               uint32_t sig_incepted, uint32_t sig_expires,
211
                               knot_mm_t *mm)
212 213 214 215 216 217
{
	assert(rrsigs);
	assert(rrsigs->type == KNOT_RRTYPE_RRSIG);
	assert(!knot_rrset_empty(covered));
	assert(key);

218
	size_t header_size = rrsig_rdata_header_size(key);
219
	assert(header_size != 0);
220 221 222 223 224 225

	uint8_t owner_labels = knot_dname_labels(covered->owner, NULL);
	if (knot_dname_is_wildcard(covered->owner)) {
		owner_labels -= 1;
	}

226
	uint8_t header[header_size];
227 228
	int res = rrsig_write_rdata(header, header_size,
	                            key, covered->type, owner_labels,
229
	                            covered->ttl, sig_incepted, sig_expires);
230 231
	assert(res == KNOT_EOK);

232
	res = dnssec_sign_init(ctx);
233 234 235 236
	if (res != KNOT_EOK) {
		return res;
	}

237
	res = knot_sign_ctx_add_data(ctx, header, covered);
238 239 240 241
	if (res != KNOT_EOK) {
		return res;
	}

242 243 244
	dnssec_binary_t signature = { 0 };
	res = dnssec_sign_write(ctx, &signature);
	if (res != DNSSEC_EOK) {
245
		return res;
246
	}
247 248 249 250 251 252 253 254
	assert(signature.size > 0);

	size_t rrsig_size = header_size + signature.size;
	uint8_t rrsig[rrsig_size];
	memcpy(rrsig, header, header_size);
	memcpy(rrsig + header_size, signature.data, signature.size);

	dnssec_binary_free(&signature);
255

256
	return knot_rrset_add_rdata(rrsigs, rrsig, rrsig_size, mm);
257 258
}

259
int knot_sign_rrset(knot_rrset_t *rrsigs, const knot_rrset_t *covered,
260
                    const dnssec_key_t *key, dnssec_sign_ctx_t *sign_ctx,
261
                    const kdnssec_ctx_t *dnssec_ctx, knot_mm_t *mm, knot_time_t *expires)
262
{
263
	if (knot_rrset_empty(covered) || !key || !sign_ctx || !dnssec_ctx ||
264
	    rrsigs->type != KNOT_RRTYPE_RRSIG ||
265
	    !knot_dname_is_equal(rrsigs->owner, covered->owner)
266 267 268 269
	) {
		return KNOT_EINVAL;
	}

270 271
	uint32_t sig_incept = dnssec_ctx->now - RRSIG_INCEPT_IN_PAST;
	uint32_t sig_expire = dnssec_ctx->now + dnssec_ctx->policy->rrsig_lifetime;
272

273 274 275 276 277 278
	int ret = rrsigs_create_rdata(rrsigs, sign_ctx, covered, key, sig_incept,
	                              sig_expire, mm);
	if (ret == KNOT_EOK && expires != NULL) {
		*expires = knot_time_min(*expires, sig_expire);
	}
	return ret;
279 280
}

281
int knot_synth_rrsig(uint16_t type, const knot_rdataset_t *rrsig_rrs,
282
                     knot_rdataset_t *out_sig, knot_mm_t *mm)
283 284 285 286 287
{
	if (rrsig_rrs == NULL) {
		return KNOT_ENOENT;
	}

288
	if (out_sig == NULL || out_sig->count > 0) {
289 290 291
		return KNOT_EINVAL;
	}

292
	knot_rdata_t *rr_to_copy = rrsig_rrs->rdata;
293
	for (int i = 0; i < rrsig_rrs->count; ++i) {
294
		if (type == knot_rrsig_type_covered(rr_to_copy)) {
295
			int ret = knot_rdataset_add(out_sig, rr_to_copy, mm);
296
			if (ret != KNOT_EOK) {
297
				knot_rdataset_clear(out_sig, mm);
298 299 300
				return ret;
			}
		}
301
		rr_to_copy = knot_rdataset_next(rr_to_copy);
302 303
	}

304
	return out_sig->count > 0 ? KNOT_EOK : KNOT_ENOENT;
305 306
}

307 308 309 310 311
/*- Verification of signatures -----------------------------------------------*/

/*!
 * \brief Check if the signature is expired.
 *
312
 * \param rrsig   RRSIG rdata.
313 314 315 316
 * \param policy  DNSSEC policy.
 *
 * \return Signature is expired or should be replaced soon.
 */
317 318
static bool is_expired_signature(const knot_rdata_t *rrsig, uint32_t now,
                                 uint32_t refresh_before)
319
{
320
	assert(rrsig);
321

322
	uint32_t expire_at = knot_rrsig_sig_expiration(rrsig);
323
	uint32_t expire_in = expire_at > now ? expire_at - now : 0;
324

325
	return expire_in <= refresh_before;
326 327
}

328 329 330 331 332
int knot_check_signature(const knot_rrset_t *covered,
                    const knot_rrset_t *rrsigs, size_t pos,
                    const dnssec_key_t *key,
                    dnssec_sign_ctx_t *sign_ctx,
                    const kdnssec_ctx_t *dnssec_ctx)
333
{
334 335
	if (knot_rrset_empty(covered) || knot_rrset_empty(rrsigs) || !key ||
	    !sign_ctx || !dnssec_ctx) {
336 337 338
		return KNOT_EINVAL;
	}

339 340 341 342
	knot_rdata_t *rrsig = knot_rdataset_at(&rrsigs->rrs, pos);
	assert(rrsig);

	if (is_expired_signature(rrsig, dnssec_ctx->now,
343
	                         dnssec_ctx->policy->rrsig_refresh_before)) {
344
		return DNSSEC_INVALID_SIGNATURE;
345 346 347 348
	}

	// identify fields in the signature being validated

349 350 351 352 353
	dnssec_binary_t signature = {
		.size = knot_rrsig_signature_len(rrsig),
		.data = (uint8_t *)knot_rrsig_signature(rrsig)
	};
	if (signature.data == NULL) {
354 355 356 357 358
		return KNOT_EINVAL;
	}

	// perform the validation

359
	int result = dnssec_sign_init(sign_ctx);
360 361 362 363
	if (result != KNOT_EOK) {
		return result;
	}

364
	result = knot_sign_ctx_add_data(sign_ctx, rrsig->data, covered);
365 366 367 368
	if (result != KNOT_EOK) {
		return result;
	}

369
	return dnssec_sign_verify(sign_ctx, &signature);
370
}