2 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (c) 1999 by Internet Software Consortium, Inc.
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
15 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 static const char rcsid
[] = "$Id: ns_verify.c,v 1.1.206.3 2006/03/10 00:17:21 marka Exp $";
24 #include "port_before.h"
25 #include "fd_setsize.h"
27 #include <sys/types.h>
28 #include <sys/param.h>
30 #include <netinet/in.h>
31 #include <arpa/nameser.h>
32 #include <arpa/inet.h>
45 #include "port_after.h"
49 #define BOUNDS_CHECK(ptr, count) \
51 if ((ptr) + (count) > eom) { \
52 return (NS_TSIG_ERROR_FORMERR); \
59 ns_find_tsig(u_char
*msg
, u_char
*eom
) {
60 HEADER
*hp
= (HEADER
*)msg
;
62 u_char
*cp
= msg
, *start
;
64 if (msg
== NULL
|| eom
== NULL
|| msg
> eom
)
67 if (cp
+ HFIXEDSZ
>= eom
)
75 n
= ns_skiprr(cp
, eom
, ns_s_qd
, ntohs(hp
->qdcount
));
80 n
= ns_skiprr(cp
, eom
, ns_s_an
, ntohs(hp
->ancount
));
85 n
= ns_skiprr(cp
, eom
, ns_s_ns
, ntohs(hp
->nscount
));
90 n
= ns_skiprr(cp
, eom
, ns_s_ar
, ntohs(hp
->arcount
) - 1);
96 n
= dn_skipname(cp
, eom
);
100 if (cp
+ INT16SZ
>= eom
)
104 if (type
!= ns_t_tsig
)
112 * msg received message
113 * msglen length of message
114 * key tsig key used for verifying.
115 * querysig (response), the signature in the query
116 * querysiglen (response), the length of the signature in the query
117 * sig (query), a buffer to hold the signature
118 * siglen (query), input - length of signature buffer
119 * output - length of signature
123 * - invalid dns message (NS_TSIG_ERROR_FORMERR)
124 * - TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
125 * - key doesn't match (-ns_r_badkey)
126 * - TSIG verification fails with BADKEY (-ns_r_badkey)
127 * - TSIG verification fails with BADSIG (-ns_r_badsig)
128 * - TSIG verification fails with BADTIME (-ns_r_badtime)
129 * - TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
130 * - TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
131 * - TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
134 ns_verify(u_char
*msg
, int *msglen
, void *k
,
135 const u_char
*querysig
, int querysiglen
, u_char
*sig
, int *siglen
,
136 time_t *timesigned
, int nostrip
)
138 HEADER
*hp
= (HEADER
*)msg
;
139 DST_KEY
*key
= (DST_KEY
*)k
;
140 u_char
*cp
= msg
, *eom
;
141 char name
[MAXDNAME
], alg
[MAXDNAME
];
142 u_char
*recstart
, *rdatastart
;
143 u_char
*sigstart
, *otherstart
;
146 u_int16_t type
, length
;
147 u_int16_t fudge
, sigfieldlen
, otherfieldlen
;
150 if (msg
== NULL
|| msglen
== NULL
|| *msglen
< 0)
155 recstart
= ns_find_tsig(msg
, eom
);
156 if (recstart
== NULL
)
157 return (NS_TSIG_ERROR_NO_TSIG
);
161 /* Read the key name. */
162 n
= dn_expand(msg
, eom
, cp
, name
, MAXDNAME
);
164 return (NS_TSIG_ERROR_FORMERR
);
168 BOUNDS_CHECK(cp
, 2*INT16SZ
+ INT32SZ
+ INT16SZ
);
170 if (type
!= ns_t_tsig
)
171 return (NS_TSIG_ERROR_NO_TSIG
);
173 /* Skip the class and TTL, save the length. */
174 cp
+= INT16SZ
+ INT32SZ
;
175 GETSHORT(length
, cp
);
176 if (eom
- cp
!= length
)
177 return (NS_TSIG_ERROR_FORMERR
);
179 /* Read the algorithm name. */
181 n
= dn_expand(msg
, eom
, cp
, alg
, MAXDNAME
);
183 return (NS_TSIG_ERROR_FORMERR
);
184 if (ns_samename(alg
, NS_TSIG_ALG_HMAC_MD5
) != 1)
185 return (-ns_r_badkey
);
188 /* Read the time signed and fudge. */
189 BOUNDS_CHECK(cp
, INT16SZ
+ INT32SZ
+ INT16SZ
);
191 GETLONG((*timesigned
), cp
);
194 /* Read the signature. */
195 BOUNDS_CHECK(cp
, INT16SZ
);
196 GETSHORT(sigfieldlen
, cp
);
197 BOUNDS_CHECK(cp
, sigfieldlen
);
201 /* Skip id and read error. */
202 BOUNDS_CHECK(cp
, 2*INT16SZ
);
206 /* Parse the other data. */
207 BOUNDS_CHECK(cp
, INT16SZ
);
208 GETSHORT(otherfieldlen
, cp
);
209 BOUNDS_CHECK(cp
, otherfieldlen
);
214 return (NS_TSIG_ERROR_FORMERR
);
216 /* Verify that the key used is OK. */
218 if (key
->dk_alg
!= KEY_HMAC_MD5
)
219 return (-ns_r_badkey
);
220 if (error
!= ns_r_badsig
&& error
!= ns_r_badkey
) {
221 if (ns_samename(key
->dk_key_name
, name
) != 1)
222 return (-ns_r_badkey
);
226 hp
->arcount
= htons(ntohs(hp
->arcount
) - 1);
229 * Do the verification.
232 if (key
!= NULL
&& error
!= ns_r_badsig
&& error
!= ns_r_badkey
) {
234 u_char buf
[MAXDNAME
];
235 u_char buf2
[MAXDNAME
];
237 /* Digest the query signature, if this is a response. */
238 dst_verify_data(SIG_MODE_INIT
, key
, &ctx
, NULL
, 0, NULL
, 0);
239 if (querysiglen
> 0 && querysig
!= NULL
) {
240 u_int16_t len_n
= htons(querysiglen
);
241 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
,
242 (u_char
*)&len_n
, INT16SZ
, NULL
, 0);
243 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
,
244 querysig
, querysiglen
, NULL
, 0);
247 /* Digest the message. */
248 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
, msg
, recstart
- msg
,
251 /* Digest the key name. */
252 n
= ns_name_pton(name
, buf2
, sizeof(buf2
));
255 n
= ns_name_ntol(buf2
, buf
, sizeof(buf
));
258 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
, buf
, n
, NULL
, 0);
260 /* Digest the class and TTL. */
261 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
,
262 recstart
+ dn_skipname(recstart
, eom
) + INT16SZ
,
263 INT16SZ
+ INT32SZ
, NULL
, 0);
265 /* Digest the algorithm. */
266 n
= ns_name_pton(alg
, buf2
, sizeof(buf2
));
269 n
= ns_name_ntol(buf2
, buf
, sizeof(buf
));
272 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
, buf
, n
, NULL
, 0);
274 /* Digest the time signed and fudge. */
275 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
,
276 rdatastart
+ dn_skipname(rdatastart
, eom
),
277 INT16SZ
+ INT32SZ
+ INT16SZ
, NULL
, 0);
279 /* Digest the error and other data. */
280 dst_verify_data(SIG_MODE_UPDATE
, key
, &ctx
,
281 otherstart
- INT16SZ
- INT16SZ
,
282 otherfieldlen
+ INT16SZ
+ INT16SZ
, NULL
, 0);
284 n
= dst_verify_data(SIG_MODE_FINAL
, key
, &ctx
, NULL
, 0,
285 sigstart
, sigfieldlen
);
288 return (-ns_r_badsig
);
290 if (sig
!= NULL
&& siglen
!= NULL
) {
291 if (*siglen
< sigfieldlen
)
292 return (NS_TSIG_ERROR_NO_SPACE
);
293 memcpy(sig
, sigstart
, sigfieldlen
);
294 *siglen
= sigfieldlen
;
298 return (NS_TSIG_ERROR_FORMERR
);
299 if (sig
!= NULL
&& siglen
!= NULL
)
303 /* Reset the counter, since we still need to check for badtime. */
304 hp
->arcount
= htons(ntohs(hp
->arcount
) + 1);
306 /* Verify the time. */
307 if (abs((*timesigned
) - time(NULL
)) > fudge
)
308 return (-ns_r_badtime
);
311 *msglen
= recstart
- msg
;
312 hp
->arcount
= htons(ntohs(hp
->arcount
) - 1);
315 if (error
!= NOERROR
)
322 ns_verify_tcp_init(void *k
, const u_char
*querysig
, int querysiglen
,
323 ns_tcp_tsig_state
*state
)
326 if (state
== NULL
|| k
== NULL
|| querysig
== NULL
|| querysiglen
< 0)
330 if (state
->key
->dk_alg
!= KEY_HMAC_MD5
)
331 return (-ns_r_badkey
);
332 if (querysiglen
> (int)sizeof(state
->sig
))
334 memcpy(state
->sig
, querysig
, querysiglen
);
335 state
->siglen
= querysiglen
;
340 ns_verify_tcp(u_char
*msg
, int *msglen
, ns_tcp_tsig_state
*state
,
343 HEADER
*hp
= (HEADER
*)msg
;
344 u_char
*recstart
, *sigstart
;
345 unsigned int sigfieldlen
, otherfieldlen
;
346 u_char
*cp
, *eom
, *cp2
;
347 char name
[MAXDNAME
], alg
[MAXDNAME
];
348 u_char buf
[MAXDNAME
];
349 int n
, type
, length
, fudge
, error
;
352 if (msg
== NULL
|| msglen
== NULL
|| state
== NULL
)
358 if (state
->counter
== 0)
359 return (ns_verify(msg
, msglen
, state
->key
,
360 state
->sig
, state
->siglen
,
361 state
->sig
, &state
->siglen
, ×igned
, 0));
363 if (state
->siglen
> 0) {
364 u_int16_t siglen_n
= htons(state
->siglen
);
366 dst_verify_data(SIG_MODE_INIT
, state
->key
, &state
->ctx
,
368 dst_verify_data(SIG_MODE_UPDATE
, state
->key
, &state
->ctx
,
369 (u_char
*)&siglen_n
, INT16SZ
, NULL
, 0);
370 dst_verify_data(SIG_MODE_UPDATE
, state
->key
, &state
->ctx
,
371 state
->sig
, state
->siglen
, NULL
, 0);
375 cp
= recstart
= ns_find_tsig(msg
, eom
);
377 if (recstart
== NULL
) {
379 return (NS_TSIG_ERROR_NO_TSIG
);
380 dst_verify_data(SIG_MODE_UPDATE
, state
->key
, &state
->ctx
,
381 msg
, *msglen
, NULL
, 0);
385 hp
->arcount
= htons(ntohs(hp
->arcount
) - 1);
386 dst_verify_data(SIG_MODE_UPDATE
, state
->key
, &state
->ctx
,
387 msg
, recstart
- msg
, NULL
, 0);
389 /* Read the key name. */
390 n
= dn_expand(msg
, eom
, cp
, name
, MAXDNAME
);
392 return (NS_TSIG_ERROR_FORMERR
);
396 BOUNDS_CHECK(cp
, 2*INT16SZ
+ INT32SZ
+ INT16SZ
);
398 if (type
!= ns_t_tsig
)
399 return (NS_TSIG_ERROR_NO_TSIG
);
401 /* Skip the class and TTL, save the length. */
402 cp
+= INT16SZ
+ INT32SZ
;
403 GETSHORT(length
, cp
);
404 if (eom
- cp
!= length
)
405 return (NS_TSIG_ERROR_FORMERR
);
407 /* Read the algorithm name. */
408 n
= dn_expand(msg
, eom
, cp
, alg
, MAXDNAME
);
410 return (NS_TSIG_ERROR_FORMERR
);
411 if (ns_samename(alg
, NS_TSIG_ALG_HMAC_MD5
) != 1)
412 return (-ns_r_badkey
);
415 /* Verify that the key used is OK. */
416 if ((ns_samename(state
->key
->dk_key_name
, name
) != 1 ||
417 state
->key
->dk_alg
!= KEY_HMAC_MD5
))
418 return (-ns_r_badkey
);
420 /* Read the time signed and fudge. */
421 BOUNDS_CHECK(cp
, INT16SZ
+ INT32SZ
+ INT16SZ
);
423 GETLONG(timesigned
, cp
);
426 /* Read the signature. */
427 BOUNDS_CHECK(cp
, INT16SZ
);
428 GETSHORT(sigfieldlen
, cp
);
429 BOUNDS_CHECK(cp
, sigfieldlen
);
433 /* Skip id and read error. */
434 BOUNDS_CHECK(cp
, 2*INT16SZ
);
438 /* Parse the other data. */
439 BOUNDS_CHECK(cp
, INT16SZ
);
440 GETSHORT(otherfieldlen
, cp
);
441 BOUNDS_CHECK(cp
, otherfieldlen
);
445 return (NS_TSIG_ERROR_FORMERR
);
448 * Do the verification.
451 /* Digest the time signed and fudge. */
453 PUTSHORT(0, cp2
); /* Top 16 bits of time. */
454 PUTLONG(timesigned
, cp2
);
455 PUTSHORT(NS_TSIG_FUDGE
, cp2
);
457 dst_verify_data(SIG_MODE_UPDATE
, state
->key
, &state
->ctx
,
458 buf
, cp2
- buf
, NULL
, 0);
460 n
= dst_verify_data(SIG_MODE_FINAL
, state
->key
, &state
->ctx
, NULL
, 0,
461 sigstart
, sigfieldlen
);
463 return (-ns_r_badsig
);
465 if (sigfieldlen
> sizeof(state
->sig
))
466 return (NS_TSIG_ERROR_NO_SPACE
);
468 memcpy(state
->sig
, sigstart
, sigfieldlen
);
469 state
->siglen
= sigfieldlen
;
471 /* Verify the time. */
472 if (abs(timesigned
- time(NULL
)) > fudge
)
473 return (-ns_r_badtime
);
475 *msglen
= recstart
- msg
;
477 if (error
!= NOERROR
)