isc_result_t
ns_verify_tcp(u_char *msg, unsigned *msglen, ns_tcp_tsig_state *state,
int required)
{
HEADER *hp = (HEADER *)msg;
u_char *recstart, *rdatastart, *sigstart;
unsigned sigfieldlen, otherfieldlen;
u_char *cp, *eom = msg + *msglen, *cp2;
char name[MAXDNAME], alg[MAXDNAME];
u_char buf[MAXDNAME];
int n, type, length, fudge, id, error;
time_t timesigned;
if (msg == NULL || msglen == NULL || state == NULL)
return ISC_R_INVALIDARG;
state->counter++;
if (state->counter == 0)
return (ns_verify(msg, msglen, state->key,
state->sig, state->siglen,
state->sig, &state->siglen, ×igned, 0));
if (state->siglen > 0) {
u_int16_t siglen_n = htons(state->siglen);
dst_verify_data(SIG_MODE_INIT, state->key, &state->ctx,
NULL, 0, NULL, 0);
dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
(u_char *)&siglen_n, INT16SZ, NULL, 0);
dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
state->sig, state->siglen, NULL, 0);
state->siglen = 0;
}
cp = recstart = ns_find_tsig(msg, eom);
if (recstart == NULL) {
if (required)
return ISC_R_NO_TSIG;
dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
msg, *msglen, NULL, 0);
return ISC_R_SUCCESS;
}
hp->arcount = htons(ntohs(hp->arcount) - 1);
dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
msg, (unsigned)(recstart - msg), NULL, 0);
/* Read the key name. */
n = dn_expand(msg, eom, cp, name, MAXDNAME);
if (n < 0)
return ISC_R_FORMERR;
cp += n;
/* Read the type. */
BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);
GETSHORT(type, cp);
if (type != ns_t_tsig)
return ISC_R_NO_TSIG;
/* Skip the class and TTL, save the length. */
cp += INT16SZ + INT32SZ;
GETSHORT(length, cp);
if (eom - cp != length)
return ISC_R_FORMERR;
/* Read the algorithm name. */
rdatastart = cp;
n = dn_expand(msg, eom, cp, alg, MAXDNAME);
if (n < 0)
return ISC_R_FORMERR;
if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)
return ISC_R_BADKEY;
cp += n;
/* Verify that the key used is OK. */
if ((ns_samename(state->key->dk_key_name, name) != 1 ||
state->key->dk_alg != KEY_HMAC_MD5))
return ISC_R_BADKEY;
/* Read the time signed and fudge. */
BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
cp += INT16SZ;
GETLONG(timesigned, cp);
GETSHORT(fudge, cp);
/* Read the signature. */
BOUNDS_CHECK(cp, INT16SZ);
GETSHORT(sigfieldlen, cp);
BOUNDS_CHECK(cp, sigfieldlen);
sigstart = cp;
cp += sigfieldlen;
/* Read the original id and error. */
BOUNDS_CHECK(cp, 2*INT16SZ);
GETSHORT(id, cp);
GETSHORT(error, cp);
/* Parse the other data. */
BOUNDS_CHECK(cp, INT16SZ);
GETSHORT(otherfieldlen, cp);
BOUNDS_CHECK(cp, otherfieldlen);
cp += otherfieldlen;
if (cp != eom)
return ISC_R_FORMERR;
/*
* Do the verification.
*/
/* Digest the time signed and fudge. */
cp2 = buf;
PUTSHORT(0, cp2); /* Top 16 bits of time. */
PUTLONG(timesigned, cp2);
PUTSHORT(NS_TSIG_FUDGE, cp2);
dst_verify_data(SIG_MODE_UPDATE, state->key, &state->ctx,
buf, (unsigned)(cp2 - buf), NULL, 0);
n = dst_verify_data(SIG_MODE_FINAL, state->key, &state->ctx, NULL, 0,
sigstart, sigfieldlen);
if (n < 0)
return ISC_R_BADSIG;
if (sigfieldlen > sizeof(state->sig))
return ISC_R_BADSIG;
if (sigfieldlen > sizeof(state->sig))
return ISC_R_NOSPACE;
memcpy(state->sig, sigstart, sigfieldlen);
state->siglen = sigfieldlen;
/* Verify the time. */
if (abs(timesigned - time(NULL)) > fudge)
return ISC_R_BADTIME;
*msglen = recstart - msg;
if (error != NOERROR)
return ns_rcode_to_isc (error);
return ISC_R_SUCCESS;
}
isc_result_t
res_nupdate(res_state statp, ns_updrec *rrecp_in) {
ns_updrec *rrecp;
double answer[PACKETSZ / sizeof (double)];
double packet[2*PACKETSZ / sizeof (double)];
struct zonegrp *zptr, tgrp;
int nscount = 0;
unsigned n;
unsigned rval;
struct sockaddr_in nsaddrs[MAXNS];
ns_tsig_key *key;
void *zcookie = 0;
void *zcookp = &zcookie;
isc_result_t rcode;
again:
/* Make sure all the updates are in the same zone, and find out
what zone they are in. */
zptr = NULL;
for (rrecp = rrecp_in; rrecp; rrecp = ISC_LIST_NEXT(rrecp, r_link)) {
/* Find the origin for it if there is one. */
tgrp.z_class = rrecp->r_class;
rcode = res_findzonecut(statp, rrecp->r_dname, tgrp.z_class,
RES_EXHAUSTIVE,
tgrp.z_origin,
sizeof tgrp.z_origin,
tgrp.z_nsaddrs, MAXNS, &tgrp.z_nscount,
zcookp);
if (rcode != ISC_R_SUCCESS)
goto done;
if (tgrp.z_nscount <= 0) {
rcode = ISC_R_NOTZONE;
goto done;
}
/* Make a group for it if there isn't one. */
if (zptr == NULL) {
zptr = malloc(sizeof *zptr);
if (zptr == NULL) {
rcode = ISC_R_NOMEMORY;
goto done;
}
*zptr = tgrp;
zptr->z_flags = 0;
ISC_LIST_INIT(zptr->z_rrlist);
} else if (ns_samename(tgrp.z_origin, zptr->z_origin) == 0 ||
tgrp.z_class != zptr->z_class) {
/* Some of the records are in different zones. */
rcode = ISC_R_CROSSZONE;
goto done;
}
/* Thread this rrecp onto the zone group. */
ISC_LIST_APPEND(zptr->z_rrlist, rrecp, r_glink);
}
/* Construct zone section and prepend it. */
rrecp = res_mkupdrec(ns_s_zn, zptr->z_origin,
zptr->z_class, ns_t_soa, 0);
if (rrecp == NULL) {
rcode = ISC_R_UNEXPECTED;
goto done;
}
ISC_LIST_PREPEND(zptr->z_rrlist, rrecp, r_glink);
zptr->z_flags |= ZG_F_ZONESECTADDED;
/* Marshall the update message. */
n = sizeof packet;
rcode = res_nmkupdate(statp,
ISC_LIST_HEAD(zptr->z_rrlist), packet, &n);
if (rcode != ISC_R_SUCCESS)
goto done;
/* Temporarily replace the resolver's nameserver set. */
nscount = nscopy(nsaddrs, statp->nsaddr_list, statp->nscount);
statp->nscount = nsprom(statp->nsaddr_list,
zptr->z_nsaddrs, zptr->z_nscount);
/* Send the update and remember the result. */
key = (ns_tsig_key *)0;
rcode = find_tsig_key (&key, zptr->z_origin, zcookie);
if (rcode == ISC_R_SUCCESS) {
rcode = res_nsendsigned(statp, packet, n, key,
answer, sizeof answer, &rval);
tkey_free (&key);
} else if (rcode == ISC_R_NOTFOUND || rcode == ISC_R_KEY_UNKNOWN) {
rcode = res_nsend(statp, packet, n,
answer, sizeof answer, &rval);
}
if (rcode != ISC_R_SUCCESS)
goto undone;
rcode = ns_rcode_to_isc (((HEADER *)answer)->rcode);
if (zcookie && rcode == ISC_R_BADSIG) {
repudiate_zone (&zcookie);
}
undone:
/* Restore resolver's nameserver set. */
statp->nscount = nscopy(statp->nsaddr_list, nsaddrs, nscount);
nscount = 0;
done:
if (zptr) {
if ((zptr->z_flags & ZG_F_ZONESECTADDED) != 0)
res_freeupdrec(ISC_LIST_HEAD(zptr->z_rrlist));
free(zptr);
}
/* If the update failed because we used a cached zone and it
didn't work, try it again without the cached zone. */
if (zcookp && (rcode == ISC_R_NOTZONE || rcode == ISC_R_BADSIG)) {
zcookp = 0;
goto again;
}
if (zcookie)
forget_zone (&zcookie);
return rcode;
}
/* ns_verify
* Parameters:
* statp res stuff
* msg received message
* msglen length of message
* key tsig key used for verifying.
* querysig (response), the signature in the query
* querysiglen (response), the length of the signature in the query
* sig (query), a buffer to hold the signature
* siglen (query), input - length of signature buffer
* output - length of signature
*
* Errors:
* - bad input (-1)
* - invalid dns message (NS_TSIG_ERROR_FORMERR)
* - TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
* - key doesn't match (-ns_r_badkey)
* - TSIG verification fails with BADKEY (-ns_r_badkey)
* - TSIG verification fails with BADSIG (-ns_r_badsig)
* - TSIG verification fails with BADTIME (-ns_r_badtime)
* - TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
* - TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
* - TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
*/
isc_result_t
ns_verify(u_char *msg, unsigned *msglen, void *k,
const u_char *querysig, unsigned querysiglen,
u_char *sig, unsigned *siglen, time_t *timesigned, int nostrip)
{
HEADER *hp = (HEADER *)msg;
DST_KEY *key = (DST_KEY *)k;
u_char *cp = msg, *eom;
char name[MAXDNAME], alg[MAXDNAME];
u_char *recstart, *rdatastart;
u_char *sigstart, *otherstart;
unsigned n;
int error;
u_int16_t type, length;
u_int16_t fudge, sigfieldlen, id, otherfieldlen;
dst_init();
if (msg == NULL || msglen == NULL)
return ISC_R_INVALIDARG;
eom = msg + *msglen;
recstart = ns_find_tsig(msg, eom);
if (recstart == NULL)
return ISC_R_NO_TSIG;
cp = recstart;
/* Read the key name. */
n = dn_expand(msg, eom, cp, name, MAXDNAME);
if (n < 0)
return ISC_R_FORMERR;
cp += n;
/* Read the type. */
BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ);
GETSHORT(type, cp);
if (type != ns_t_tsig)
return ISC_R_NO_TSIG;
/* Skip the class and TTL, save the length. */
cp += INT16SZ + INT32SZ;
GETSHORT(length, cp);
if (eom - cp != length)
return ISC_R_FORMERR;
/* Read the algorithm name. */
rdatastart = cp;
n = dn_expand(msg, eom, cp, alg, MAXDNAME);
if (n < 0)
return ISC_R_FORMERR;
if (ns_samename(alg, NS_TSIG_ALG_HMAC_MD5) != 1)
return ISC_R_INVALIDKEY;
cp += n;
/* Read the time signed and fudge. */
BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
cp += INT16SZ;
GETLONG((*timesigned), cp);
GETSHORT(fudge, cp);
/* Read the signature. */
BOUNDS_CHECK(cp, INT16SZ);
GETSHORT(sigfieldlen, cp);
BOUNDS_CHECK(cp, sigfieldlen);
sigstart = cp;
cp += sigfieldlen;
/* Read the original id and error. */
BOUNDS_CHECK(cp, 2*INT16SZ);
GETSHORT(id, cp);
GETSHORT(error, cp);
/* Parse the other data. */
BOUNDS_CHECK(cp, INT16SZ);
GETSHORT(otherfieldlen, cp);
BOUNDS_CHECK(cp, otherfieldlen);
otherstart = cp;
cp += otherfieldlen;
if (cp != eom)
return ISC_R_FORMERR;
/* Verify that the key used is OK. */
if (key != NULL) {
if (key->dk_alg != KEY_HMAC_MD5)
return ISC_R_INVALIDKEY;
if (error != ns_r_badsig && error != ns_r_badkey) {
if (ns_samename(key->dk_key_name, name) != 1)
return ISC_R_INVALIDKEY;
}
}
hp->arcount = htons(ntohs(hp->arcount) - 1);
/*
* Do the verification.
*/
if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) {
void *ctx;
u_char buf[MAXDNAME];
/* Digest the query signature, if this is a response. */
dst_verify_data(SIG_MODE_INIT, key, &ctx, NULL, 0, NULL, 0);
if (querysiglen > 0 && querysig != NULL) {
u_int16_t len_n = htons(querysiglen);
dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
(u_char *)&len_n, INT16SZ, NULL, 0);
dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
querysig, querysiglen, NULL, 0);
}
/* Digest the message. */
dst_verify_data(SIG_MODE_UPDATE, key, &ctx, msg,
(unsigned)(recstart - msg), NULL, 0);
/* Digest the key name. */
n = ns_name_ntol(recstart, buf, sizeof(buf));
dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
/* Digest the class and TTL. */
dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
recstart + dn_skipname(recstart, eom) + INT16SZ,
INT16SZ + INT32SZ, NULL, 0);
/* Digest the algorithm. */
n = ns_name_ntol(rdatastart, buf, sizeof(buf));
dst_verify_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
/* Digest the time signed and fudge. */
dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
rdatastart + dn_skipname(rdatastart, eom),
INT16SZ + INT32SZ + INT16SZ, NULL, 0);
/* Digest the error and other data. */
dst_verify_data(SIG_MODE_UPDATE, key, &ctx,
otherstart - INT16SZ - INT16SZ,
(unsigned)otherfieldlen + INT16SZ + INT16SZ,
NULL, 0);
n = dst_verify_data(SIG_MODE_FINAL, key, &ctx, NULL, 0,
sigstart, sigfieldlen);
if (n < 0)
return ISC_R_BADSIG;
if (sig != NULL && siglen != NULL) {
if (*siglen < sigfieldlen)
return ISC_R_NOSPACE;
memcpy(sig, sigstart, sigfieldlen);
*siglen = sigfieldlen;
}
} else {
if (sigfieldlen > 0)
return ISC_R_FORMERR;
if (sig != NULL && siglen != NULL)
*siglen = 0;
}
/* Reset the counter, since we still need to check for badtime. */
hp->arcount = htons(ntohs(hp->arcount) + 1);
/* Verify the time. */
if (abs((*timesigned) - time(NULL)) > fudge)
return ISC_R_BADTIME;
if (nostrip == 0) {
*msglen = recstart - msg;
hp->arcount = htons(ntohs(hp->arcount) - 1);
}
if (error != NOERROR)
return ns_rcode_to_isc (error);
return ISC_R_SUCCESS;
}
