system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-21 10:17:21 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Merge pull request #21170 from keszybz/delibgcryptify

Browse source 
Allow systemd-resolved and systemd-importd to use libgcrypt or libopenssl
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-12-03 13:44:53 +01:00 committed by GitHub
parent 4b9aa29bc9 e37ad765c8
commit 939387bdc6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 1005 additions and 300 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/unit_tests.sh vendored
View file

@ -29,6 +29,8 @@ function info() {
set -ex
MESON_ARGS=(-Dcryptolib=${CRYPTOLIB:-auto})
for phase in "${PHASES[@]}"; do
case $phase in
SETUP)

10
.github/workflows/unit_tests.yml vendored
View file

@ -22,10 +22,18 @@ jobs:
fail-fast: false
matrix:
run_phase: [GCC, GCC_ASAN_UBSAN, CLANG, CLANG_ASAN_UBSAN]
cryptolib: [auto]
include:
- run_phase: GCC
cryptolib: openssl
- run_phase: CLANG
cryptolib: gcrypt
steps:
- name: Repository checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
- name: Install build dependencies
run: sudo -E .github/workflows/unit_tests.sh SETUP
- name: Build & test (${{ matrix.run_phase }})
- name: Build & test (${{ matrix.run_phase }}-${{ matrix.cryptolib }})
run: sudo -E .github/workflows/unit_tests.sh RUN_${{ matrix.run_phase }}
env:
CRYPTOLIB: ${{ matrix.cryptolib }}

3
.packit.yml
View file

@ -31,6 +31,9 @@ actions:
# [0] https://github.com/mesonbuild/meson/issues/7360
# [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
- 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
# FIXME: temporarily disable the deprecated-declarations check to suppress
# OpenSSL 3.0 warnings in Rawhide
- 'sed -i "1 i %global optflags %{optflags} -Wno-deprecated-declarations" .packit_rpm/systemd.spec'
jobs:
- job: copr_build

5
TODO
View file

@ -432,11 +432,8 @@ Features:
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
with matches, then activate app through that passing socket over
* unify on openssl (as soon as OpenSSL 3.0 is out, and the Debian license
confusion is gone)
- port resolved over from libgcrypt (DNSSEC code)
* unify on openssl:
- port journald + fsprg over from libgcrypt
- port importd over from libgcrypt
- when that's done: kill gnutls support in resolved
* add growvol and makevol options for /etc/crypttab, similar to

55
meson.build
View file

@ -1448,21 +1448,25 @@ else
endif
conf.set10('HAVE_DBUS', have)
default_dnssec = get_option('default-dnssec')
if skip_deps
default_dnssec = 'no'
# We support one or the other. If gcrypt is available, we assume it's there to
# be used, and use it in preference.
opt = get_option('cryptolib')
if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
error('openssl requested as the default cryptolib, but not available')
endif
if default_dnssec != 'no' and conf.get('HAVE_GCRYPT') == 0
message('default-dnssec cannot be set to yes or allow-downgrade when gcrypt is disabled. Setting default-dnssec to no.')
default_dnssec = 'no'
endif
conf.set('DEFAULT_DNSSEC_MODE',
'DNSSEC_' + default_dnssec.underscorify().to_upper())
conf.set_quoted('DEFAULT_DNSSEC_MODE_STR', default_dnssec)
conf.set10('PREFER_OPENSSL',
opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
conf.set10('HAVE_OPENSSL_OR_GCRYPT',
conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? libopenssl : libgcrypt
dns_over_tls = get_option('dns-over-tls')
if dns_over_tls != 'false'
if dns_over_tls == 'openssl'
if dns_over_tls == 'gnutls' and conf.get('PREFER_OPENSSL') == 1
error('Sorry, -Ddns-over-tls=gnutls is not supported when openssl is used as the cryptolib')
endif
if dns_over_tls == 'openssl' or conf.get('PREFER_OPENSSL') == 1
have_gnutls = false
else
have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0'))
@ -1523,12 +1527,24 @@ else
endif
conf.set10('ENABLE_REPART', have)
default_dnssec = get_option('default-dnssec')
if skip_deps
default_dnssec = 'no'
endif
if default_dnssec != 'no' and conf.get('HAVE_OPENSSL_OR_GCRYPT') == 0
message('default-dnssec cannot be set to yes or allow-downgrade openssl and gcrypt are disabled. Setting default-dnssec to no.')
default_dnssec = 'no'
endif
conf.set('DEFAULT_DNSSEC_MODE',
'DNSSEC_' + default_dnssec.underscorify().to_upper())
conf.set_quoted('DEFAULT_DNSSEC_MODE_STR', default_dnssec)
want_importd = get_option('importd')
if want_importd != 'false'
have = (conf.get('HAVE_LIBCURL') == 1 and
conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and
conf.get('HAVE_ZLIB') == 1 and
conf.get('HAVE_XZ') == 1 and
conf.get('HAVE_GCRYPT') == 1)
conf.get('HAVE_XZ') == 1)
if want_importd == 'true' and not have
error('importd support was requested, but dependencies are not available')
endif
@ -2139,6 +2155,7 @@ if conf.get('ENABLE_RESOLVE') == 1
libbasic_gcrypt,
libsystemd_resolve_core],
dependencies : [threads,
lib_openssl_or_gcrypt,
libgpg_error,
libm,
libidn],
@ -2717,10 +2734,10 @@ if conf.get('ENABLE_IMPORTD') == 1
link_with : [libshared],
dependencies : [versiondep,
libcurl,
lib_openssl_or_gcrypt,
libz,
libbzip2,
libxz,
libgcrypt],
libxz],
install_rpath : rootlibexecdir,
install : true,
install_dir : rootlibexecdir)
@ -4021,6 +4038,14 @@ else
found += 'static-libudev(@0@)'.format(static_libudev)
endif
if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1
found += 'cryptolib(openssl)'
elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1
found += 'cryptolib(gcrypt)'
else
missing += 'cryptolib'
endif
if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
found += 'DNS-over-TLS(gnutls)'
elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1

2
meson_options.txt
View file

@ -380,6 +380,8 @@ option('gnutls', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'gnutls support')
option('openssl', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'openssl support')
option('cryptolib', type : 'combo', choices : ['auto', 'openssl', 'gcrypt'],
description : 'whether to use openssl or gcrypt where both are supported')
option('p11kit', type : 'combo', choices : ['auto', 'true', 'false'],
description : 'p11kit support')
option('libfido2', type : 'combo', choices : ['auto', 'true', 'false'],

2
src/basic/build.c
View file

@ -48,7 +48,7 @@ const char* const systemd_features =
" -SECCOMP"
#endif
/* crypto libraries */
/* cryptographic libraries */
#if HAVE_GCRYPT
" +GCRYPT"

2
src/basic/gcrypt-util.c
View file

@ -18,6 +18,7 @@ void initialize_libgcrypt(bool secmem) {
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
}
# if !PREFER_OPENSSL
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
gcry_error_t err;
@ -47,4 +48,5 @@ int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
*out = enc;
return 0;
}
# endif
#endif

19
src/basic/gcrypt-util.h
View file

@ -12,23 +12,28 @@
#include "macro.h"
void initialize_libgcrypt(bool secmem);
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(gcry_md_hd_t, gcry_md_close, NULL);
#endif
#if !PREFER_OPENSSL
# if HAVE_GCRYPT
int string_hashsum(const char *s, size_t len, int md_algorithm, char **out);
# endif
static inline int string_hashsum_sha224(const char *s, size_t len, char **out) {
#if HAVE_GCRYPT
# if HAVE_GCRYPT
return string_hashsum(s, len, GCRY_MD_SHA224, out);
#else
# else
return -EOPNOTSUPP;
#endif
# endif
}
static inline int string_hashsum_sha256(const char *s, size_t len, char **out) {
#if HAVE_GCRYPT
# if HAVE_GCRYPT
return string_hashsum(s, len, GCRY_MD_SHA256, out);
#else
# else
return -EOPNOTSUPP;
#endif
# endif
}
#endif

67
src/import/pull-job.c
View file

@ -41,8 +41,12 @@ PullJob* pull_job_unref(PullJob *j) {
import_compress_free(&j->compress);
if (j->checksum_context)
gcry_md_close(j->checksum_context);
if (j->checksum_ctx)
#if PREFER_OPENSSL
EVP_MD_CTX_free(j->checksum_ctx);
#else
gcry_md_close(j->checksum_ctx);
#endif
free(j->url);
free(j->etag);
@ -102,9 +106,13 @@ static int pull_job_restart(PullJob *j, const char *new_url) {
import_compress_free(&j->compress);
if (j->checksum_context) {
gcry_md_close(j->checksum_context);
j->checksum_context = NULL;
if (j->checksum_ctx) {
#if PREFER_OPENSSL
EVP_MD_CTX_free(j->checksum_ctx);
#else
gcry_md_close(j->checksum_ctx);
#endif
j->checksum_ctx = NULL;
}
r = pull_job_begin(j);
@ -200,16 +208,30 @@ void pull_job_curl_on_finished(CurlGlue *g, CURL *curl, CURLcode result) {
goto finish;
}
if (j->checksum_context) {
uint8_t *k;
if (j->checksum_ctx) {
unsigned checksum_len;
#if PREFER_OPENSSL
uint8_t k[EVP_MAX_MD_SIZE];
k = gcry_md_read(j->checksum_context, GCRY_MD_SHA256);
r = EVP_DigestFinal_ex(j->checksum_ctx, k, &checksum_len);
if (r == 0) {
r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get checksum.");
goto finish;
}
assert(checksum_len <= sizeof k);
#else
const uint8_t *k;
k = gcry_md_read(j->checksum_ctx, GCRY_MD_SHA256);
if (!k) {
r = log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to get checksum.");
goto finish;
}
j->checksum = hexmem(k, gcry_md_get_algo_dlen(GCRY_MD_SHA256));
checksum_len = gcry_md_get_algo_dlen(GCRY_MD_SHA256);
#endif
j->checksum = hexmem(k, checksum_len);
if (!j->checksum) {
r = log_oom();
goto finish;
@ -358,8 +380,16 @@ static int pull_job_write_compressed(PullJob *j, void *p, size_t sz) {
return log_error_errno(SYNTHETIC_ERRNO(EFBIG),
"Content length incorrect.");
if (j->checksum_context)
gcry_md_write(j->checksum_context, p, sz);
if (j->checksum_ctx) {
#if PREFER_OPENSSL
r = EVP_DigestUpdate(j->checksum_ctx, p, sz);
if (r == 0)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Could not hash chunk.");
#else
gcry_md_write(j->checksum_ctx, p, sz);
#endif
}
r = import_uncompress(&j->compress, p, sz, pull_job_write_uncompressed, j);
if (r < 0)
@ -392,11 +422,22 @@ static int pull_job_open_disk(PullJob *j) {
}
if (j->calc_checksum) {
initialize_libgcrypt(false);
#if PREFER_OPENSSL
j->checksum_ctx = EVP_MD_CTX_new();
if (!j->checksum_ctx)
return log_oom();
if (gcry_md_open(&j->checksum_context, GCRY_MD_SHA256, 0) != 0)
r = EVP_DigestInit_ex(j->checksum_ctx, EVP_sha256(), NULL);
if (r == 0)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to initialize hash context.");
#else
initialize_libgcrypt(false);
if (gcry_md_open(&j->checksum_ctx, GCRY_MD_SHA256, 0) != 0)
return log_error_errno(SYNTHETIC_ERRNO(EIO),
"Failed to initialize hash context.");
#endif
}
return 0;

4
src/import/pull-job.h
View file

@ -1,12 +1,12 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <gcrypt.h>
#include <sys/stat.h>
#include "curl-util.h"
#include "import-compress.h"
#include "macro.h"
#include "openssl-util.h"
#include "pull-common.h"
typedef struct PullJob PullJob;
@ -74,7 +74,7 @@ struct PullJob {
usec_t last_status_usec;
bool calc_checksum;
gcry_md_hd_t checksum_context;
hash_context_t checksum_ctx;
char *checksum;
bool sync;

23
src/partition/repart.c
View file

@ -12,9 +12,6 @@
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <openssl/hmac.h>
#include <openssl/sha.h>
#include "sd-id128.h"
#include "alloc-util.h"
@ -38,6 +35,7 @@
#include "glyph-util.h"
#include "gpt.h"
#include "hexdecoct.h"
#include "hmac.h"
#include "id128-util.h"
#include "json.h"
#include "list.h"
@ -1519,7 +1517,7 @@ static int fdisk_set_disklabel_id_by_uuid(struct fdisk_context *c, sd_id128_t id
static int derive_uuid(sd_id128_t base, const char *token, sd_id128_t *ret) {
union {
unsigned char md[SHA256_DIGEST_LENGTH];
uint8_t md[SHA256_DIGEST_SIZE];
sd_id128_t id;
} result;
@ -1531,11 +1529,7 @@ static int derive_uuid(sd_id128_t base, const char *token, sd_id128_t *ret) {
* machine ID). We use the machine ID as key (and not as cleartext!) of the HMAC operation since it's
* the machine ID we don't want to leak. */
if (!HMAC(EVP_sha256(),
&base, sizeof(base),
(const unsigned char*) token, strlen(token),
result.md, NULL))
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "HMAC-SHA256 calculation failed.");
hmac_sha256(base.bytes, sizeof(base.bytes), token, strlen(token), result.md);
/* Take the first half, mark it as v4 UUID */
assert_cc(sizeof(result.md) == sizeof(result.id) * 2);
@ -3067,7 +3061,7 @@ static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *re
uint64_t counter;
} _packed_ plaintext = {};
union {
unsigned char md[SHA256_DIGEST_LENGTH];
uint8_t md[SHA256_DIGEST_SIZE];
sd_id128_t id;
} result;
@ -3111,11 +3105,10 @@ static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *re
plaintext.type_uuid = p->type_uuid;
plaintext.counter = htole64(k);
if (!HMAC(EVP_sha256(),
&context->seed, sizeof(context->seed),
(const unsigned char*) &plaintext, k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext),
result.md, NULL))
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "SHA256 calculation failed.");
hmac_sha256(context->seed.bytes, sizeof(context->seed.bytes),
&plaintext,
k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext),
result.md);
/* Take the first half, mark it as v4 UUID */
assert_cc(sizeof(result.md) == sizeof(result.id) * 2);

24
src/resolve/meson.build
View file

@ -176,14 +176,16 @@ tests += [
[['src/resolve/test-resolve-tables.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
[['src/resolve/test-dns-packet.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
@ -192,28 +194,33 @@ tests += [
'src/resolve/resolved-etc-hosts.h'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
[['src/resolve/test-resolved-packet.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
[['src/resolve/test-dnssec.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
libm],
[], 'HAVE_OPENSSL_OR_GCRYPT'],
[['src/resolve/test-dnssec-complex.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm],
[], '', 'manual'],
@ -223,7 +230,8 @@ fuzzers += [
[['src/resolve/fuzz-dns-packet.c'],
[libsystemd_resolve_core,
libshared],
[libgcrypt,
[lib_openssl_or_gcrypt,
libgcrypt,
libgpg_error,
libm]],
]

1
src/resolve/resolvectl.c
View file

@ -23,6 +23,7 @@
#include "main-func.h"
#include "missing_network.h"
#include "netlink-util.h"
#include "openssl-util.h"
#include "pager.h"
#include "parse-argument.h"
#include "parse-util.h"

6
src/resolve/resolved-conf.c
View file

@ -498,14 +498,14 @@ int manager_parse_config_file(Manager *m) {
return r;
}
#if ! HAVE_GCRYPT
#if !HAVE_OPENSSL_OR_GCRYPT
if (m->dnssec_mode != DNSSEC_NO) {
log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without a cryptographic library. Turning off DNSSEC support.");
m->dnssec_mode = DNSSEC_NO;
}
#endif
#if ! ENABLE_DNS_OVER_TLS
#if !ENABLE_DNS_OVER_TLS
if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
log_warning("DNS-over-TLS option cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
m->dns_over_tls_mode = DNS_OVER_TLS_NO;

728
src/resolve/resolved-dns-dnssec.c
View file

@ -7,6 +7,7 @@
#include "gcrypt-util.h"
#include "hexdecoct.h"
#include "memory-util.h"
#include "openssl-util.h"
#include "resolved-dns-dnssec.h"
#include "resolved-dns-packet.h"
#include "sort-util.h"
@ -58,7 +59,7 @@ uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {
return sum & UINT32_C(0xFFFF);
}
#if HAVE_GCRYPT
#if HAVE_OPENSSL_OR_GCRYPT
static int rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b) {
const DnsResourceRecord *x = *a, *y = *b;
@ -82,12 +83,67 @@ static int rr_compare(DnsResourceRecord * const *a, DnsResourceRecord * const *b
}
static int dnssec_rsa_verify_raw(
const char *hash_algorithm,
hash_algorithm_t hash_algorithm,
const void *signature, size_t signature_size,
const void *data, size_t data_size,
const void *exponent, size_t exponent_size,
const void *modulus, size_t modulus_size) {
#if PREFER_OPENSSL
_cleanup_(RSA_freep) RSA *rpubkey = NULL;
_cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
_cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL;
int r;
assert(hash_algorithm);
e = BN_bin2bn(exponent, exponent_size, NULL);
if (!e)
return -EIO;
m = BN_bin2bn(modulus, modulus_size, NULL);
if (!m)
return -EIO;
rpubkey = RSA_new();
if (!rpubkey)
return -ENOMEM;
if (RSA_set0_key(rpubkey, m, e, NULL) <= 0)
return -EIO;
e = m = NULL;
assert((size_t) RSA_size(rpubkey) == signature_size);
epubkey = EVP_PKEY_new();
if (!epubkey)
return -ENOMEM;
if (EVP_PKEY_assign_RSA(epubkey, RSAPublicKey_dup(rpubkey)) <= 0)
return -EIO;
ctx = EVP_PKEY_CTX_new(epubkey, NULL);
if (!ctx)
return -ENOMEM;
if (EVP_PKEY_verify_init(ctx) <= 0)
return -EIO;
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
return -EIO;
if (EVP_PKEY_CTX_set_signature_md(ctx, hash_algorithm) <= 0)
return -EIO;
r = EVP_PKEY_verify(ctx, signature, signature_size, data, data_size);
if (r < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Signature verification failed: 0x%lx", ERR_get_error());
return r;
#else
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
gcry_mpi_t n = NULL, e = NULL, s = NULL;
gcry_error_t ge;
@ -147,10 +203,10 @@ static int dnssec_rsa_verify_raw(
ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
r = 0;
else if (ge != 0) {
log_debug("RSA signature check failed: %s", gpg_strerror(ge));
r = -EIO;
} else
else if (ge != 0)
r = log_debug_errno(SYNTHETIC_ERRNO(EIO),
"RSA signature check failed: %s", gpg_strerror(ge));
else
r = 1;
finish:
@ -169,10 +225,11 @@ finish:
gcry_sexp_release(data_sexp);
return r;
#endif
}
static int dnssec_rsa_verify(
const char *hash_algorithm,
hash_algorithm_t hash_algorithm,
const void *hash, size_t hash_size,
DnsResourceRecord *rrsig,
DnsResourceRecord *dnskey) {
@ -228,13 +285,78 @@ static int dnssec_rsa_verify(
}
static int dnssec_ecdsa_verify_raw(
const char *hash_algorithm,
const char *curve,
hash_algorithm_t hash_algorithm,
elliptic_curve_t curve,
const void *signature_r, size_t signature_r_size,
const void *signature_s, size_t signature_s_size,
const void *data, size_t data_size,
const void *key, size_t key_size) {
#if PREFER_OPENSSL
_cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL;
_cleanup_(EC_POINT_freep) EC_POINT *p = NULL;
_cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL;
_cleanup_(BN_CTX_freep) BN_CTX *bctx = NULL;
_cleanup_(BN_freep) BIGNUM *r = NULL, *s = NULL;
_cleanup_(ECDSA_SIG_freep) ECDSA_SIG *sig = NULL;
int k;
assert(hash_algorithm);
ec_group = EC_GROUP_new_by_curve_name(curve);
if (!ec_group)
return -ENOMEM;
p = EC_POINT_new(ec_group);
if (!p)
return -ENOMEM;
bctx = BN_CTX_new();
if (!bctx)
return -ENOMEM;
if (EC_POINT_oct2point(ec_group, p, key, key_size, bctx) <= 0)
return -EIO;
eckey = EC_KEY_new();
if (!eckey)
return -ENOMEM;
if (EC_KEY_set_group(eckey, ec_group) <= 0)
return -EIO;
if (EC_KEY_set_public_key(eckey, p) <= 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"EC_POINT_bn2point failed: 0x%lx", ERR_get_error());
assert(EC_KEY_check_key(eckey) == 1);
r = BN_bin2bn(signature_r, signature_r_size, NULL);
if (!r)
return -EIO;
s = BN_bin2bn(signature_s, signature_s_size, NULL);
if (!s)
return -EIO;
/* TODO: We should eventually use use the EVP API once it supports ECDSA signature verification */
sig = ECDSA_SIG_new();
if (!sig)
return -ENOMEM;
if (ECDSA_SIG_set0(sig, r, s) <= 0)
return -EIO;
r = s = NULL;
k = ECDSA_do_verify(data, data_size, sig, eckey);
if (k < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Signature verification failed: 0x%lx", ERR_get_error());
return k;
#else
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
gcry_mpi_t q = NULL, r = NULL, s = NULL;
gcry_error_t ge;
@ -315,16 +437,17 @@ finish:
gcry_sexp_release(data_sexp);
return k;
#endif
}
static int dnssec_ecdsa_verify(
const char *hash_algorithm,
hash_algorithm_t hash_algorithm,
int algorithm,
const void *hash, size_t hash_size,
DnsResourceRecord *rrsig,
DnsResourceRecord *dnskey) {
const char *curve;
elliptic_curve_t curve;
size_t key_size;
uint8_t *q;
@ -334,11 +457,11 @@ static int dnssec_ecdsa_verify(
assert(dnskey);
if (algorithm == DNSSEC_ALGORITHM_ECDSAP256SHA256) {
curve = OPENSSL_OR_GCRYPT(NID_X9_62_prime256v1, "NIST P-256"); /* NIST P-256 */
key_size = 32;
curve = "NIST P-256";
} else if (algorithm == DNSSEC_ALGORITHM_ECDSAP384SHA384) {
curve = OPENSSL_OR_GCRYPT(NID_secp384r1, "NIST P-384"); /* NIST P-384 */
key_size = 48;
curve = "NIST P-384";
} else
return -EOPNOTSUPP;
@ -361,25 +484,66 @@ static int dnssec_ecdsa_verify(
q, key_size*2+1);
}
#if GCRYPT_VERSION_NUMBER >= 0x010600
static int dnssec_eddsa_verify_raw(
const char *curve,
const void *signature_r, size_t signature_r_size,
const void *signature_s, size_t signature_s_size,
const void *data, size_t data_size,
const void *key, size_t key_size) {
elliptic_curve_t curve,
const uint8_t *signature, size_t signature_size,
const uint8_t *data, size_t data_size,
const uint8_t *key, size_t key_size) {
#if PREFER_OPENSSL
_cleanup_(EVP_PKEY_freep) EVP_PKEY *evkey = NULL;
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *pctx = NULL;
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
int r;
assert(curve == NID_ED25519);
assert(signature_size == key_size * 2);
uint8_t *q = newa(uint8_t, signature_size + 1);
q[0] = 0x04; /* Prepend 0x04 to indicate an uncompressed key */
memcpy(q+1, signature, signature_size);
evkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, key, key_size);
if (!evkey)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"EVP_PKEY_new_raw_public_key failed: 0x%lx", ERR_get_error());
pctx = EVP_PKEY_CTX_new(evkey, NULL);
if (!pctx)
return -ENOMEM;
ctx = EVP_MD_CTX_new();
if (!ctx)
return -ENOMEM;
/* This prevents EVP_DigestVerifyInit from managing pctx and complicating our free logic. */
EVP_MD_CTX_set_pkey_ctx(ctx, pctx);
/* One might be tempted to use EVP_PKEY_verify_init, but see Ed25519(7ssl). */
if (EVP_DigestVerifyInit(ctx, &pctx, NULL, NULL, evkey) <= 0)
return -EIO;
r = EVP_DigestVerify(ctx, signature, signature_size, data, data_size);
if (r < 0)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Signature verification failed: 0x%lx", ERR_get_error());
return r;
#elif GCRYPT_VERSION_NUMBER >= 0x010600
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
gcry_error_t ge;
int k;
assert(signature_size == key_size * 2);
ge = gcry_sexp_build(&signature_sexp,
NULL,
"(sig-val (eddsa (r %b) (s %b)))",
(int) signature_r_size,
signature_r,
(int) signature_s_size,
signature_s);
(int) key_size,
signature,
(int) key_size,
signature + key_size);
if (ge != 0) {
k = -EIO;
goto finish;
@ -409,10 +573,10 @@ static int dnssec_eddsa_verify_raw(
ge = gcry_pk_verify(signature_sexp, data_sexp, public_key_sexp);
if (gpg_err_code(ge) == GPG_ERR_BAD_SIGNATURE)
k = 0;
else if (ge != 0) {
log_debug("EdDSA signature check failed: %s", gpg_strerror(ge));
k = -EIO;
} else
else if (ge != 0)
k = log_debug_errno(SYNTHETIC_ERRNO(EIO),
"EdDSA signature check failed: %s", gpg_strerror(ge));
else
k = 1;
finish:
if (public_key_sexp)
@ -423,6 +587,9 @@ finish:
gcry_sexp_release(data_sexp);
return k;
#else
return -EOPNOTSUPP;
#endif
}
static int dnssec_eddsa_verify(
@ -430,11 +597,11 @@ static int dnssec_eddsa_verify(
const void *data, size_t data_size,
DnsResourceRecord *rrsig,
DnsResourceRecord *dnskey) {
const char *curve;
elliptic_curve_t curve;
size_t key_size;
if (algorithm == DNSSEC_ALGORITHM_ED25519) {
curve = "Ed25519";
curve = OPENSSL_OR_GCRYPT(NID_ED25519, "Ed25519");
key_size = 32;
} else
return -EOPNOTSUPP;
@ -447,20 +614,28 @@ static int dnssec_eddsa_verify(
return dnssec_eddsa_verify_raw(
curve,
rrsig->rrsig.signature, key_size,
(uint8_t*) rrsig->rrsig.signature + key_size, key_size,
rrsig->rrsig.signature, rrsig->rrsig.signature_size,
data, data_size,
dnskey->dnskey.key, key_size);
}
#endif
static void md_add_uint8(gcry_md_hd_t md, uint8_t v) {
gcry_md_write(md, &v, sizeof(v));
static int md_add_uint8(hash_context_t ctx, uint8_t v) {
#if PREFER_OPENSSL
return EVP_DigestUpdate(ctx, &v, sizeof(v));
#else
gcry_md_write(ctx, &v, sizeof(v));
return 0;
#endif
}
static void md_add_uint16(gcry_md_hd_t md, uint16_t v) {
static int md_add_uint16(hash_context_t ctx, uint16_t v) {
v = htobe16(v);
gcry_md_write(md, &v, sizeof(v));
#if PREFER_OPENSSL
return EVP_DigestUpdate(ctx, &v, sizeof(v));
#else
gcry_md_write(ctx, &v, sizeof(v));
return 0;
#endif
}
static void fwrite_uint8(FILE *fp, uint8_t v) {
@ -565,36 +740,32 @@ static int dnssec_rrsig_expired(DnsResourceRecord *rrsig, usec_t realtime) {
return realtime < inception || realtime > expiration;
}
static int algorithm_to_gcrypt_md(uint8_t algorithm) {
static hash_md_t algorithm_to_implementation_id(uint8_t algorithm) {
/* Translates a DNSSEC signature algorithm into a gcrypt
* digest identifier.
/* Translates a DNSSEC signature algorithm into an openssl/gcrypt digest identifier.
*
* Note that we implement all algorithms listed as "Must
* implement" and "Recommended to Implement" in RFC6944. We
* don't implement any algorithms that are listed as
* "Optional" or "Must Not Implement". Specifically, we do not
* implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and
* GOST-ECC. */
* Note that we implement all algorithms listed as "Must implement" and "Recommended to Implement" in
* RFC6944. We don't implement any algorithms that are listed as "Optional" or "Must Not Implement".
* Specifically, we do not implement RSAMD5, DSASHA1, DH, DSA-NSEC3-SHA1, and GOST-ECC. */
switch (algorithm) {
case DNSSEC_ALGORITHM_RSASHA1:
case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
return GCRY_MD_SHA1;
return OPENSSL_OR_GCRYPT(EVP_sha1(), GCRY_MD_SHA1);
case DNSSEC_ALGORITHM_RSASHA256:
case DNSSEC_ALGORITHM_ECDSAP256SHA256:
return GCRY_MD_SHA256;
return OPENSSL_OR_GCRYPT(EVP_sha256(), GCRY_MD_SHA256);
case DNSSEC_ALGORITHM_ECDSAP384SHA384:
return GCRY_MD_SHA384;
return OPENSSL_OR_GCRYPT(EVP_sha384(), GCRY_MD_SHA384);
case DNSSEC_ALGORITHM_RSASHA512:
return GCRY_MD_SHA512;
return OPENSSL_OR_GCRYPT(EVP_sha512(), GCRY_MD_SHA512);
default:
return -EOPNOTSUPP;
return OPENSSL_OR_GCRYPT(NULL, -EOPNOTSUPP);
}
}
@ -625,6 +796,183 @@ static void dnssec_fix_rrset_ttl(
rrsig->expiry = rrsig->rrsig.expiration * USEC_PER_SEC;
}
static int dnssec_rrset_serialize_sig(
DnsResourceRecord *rrsig,
const char *source,
DnsResourceRecord **list,
size_t list_len,
bool wildcard,
char **ret_sig_data,
size_t *ret_sig_size) {
_cleanup_free_ char *sig_data = NULL;
size_t sig_size = 0;
_cleanup_fclose_ FILE *f = NULL;
uint8_t wire_format_name[DNS_WIRE_FORMAT_HOSTNAME_MAX];
DnsResourceRecord *rr;
int r;
assert(rrsig);
assert(source);
assert(list || list_len == 0);
assert(ret_sig_data);
assert(ret_sig_size);
f = open_memstream_unlocked(&sig_data, &sig_size);
if (!f)
return -ENOMEM;
fwrite_uint16(f, rrsig->rrsig.type_covered);
fwrite_uint8(f, rrsig->rrsig.algorithm);
fwrite_uint8(f, rrsig->rrsig.labels);
fwrite_uint32(f, rrsig->rrsig.original_ttl);
fwrite_uint32(f, rrsig->rrsig.expiration);
fwrite_uint32(f, rrsig->rrsig.inception);
fwrite_uint16(f, rrsig->rrsig.key_tag);
r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
if (r < 0)
return r;
fwrite(wire_format_name, 1, r, f);
/* Convert the source of synthesis into wire format */
r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
if (r < 0)
return r;
for (size_t k = 0; k < list_len; k++) {
size_t l;
rr = list[k];
/* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
if (wildcard)
fwrite((uint8_t[]) { 1, '*'}, sizeof(uint8_t), 2, f);
fwrite(wire_format_name, 1, r, f);
fwrite_uint16(f, rr->key->type);
fwrite_uint16(f, rr->key->class);
fwrite_uint32(f, rrsig->rrsig.original_ttl);
l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
assert(l <= 0xFFFF);
fwrite_uint16(f, (uint16_t) l);
fwrite(DNS_RESOURCE_RECORD_RDATA(rr), 1, l, f);
}
r = fflush_and_check(f);
f = safe_fclose(f); /* sig_data may be reallocated when f is closed. */
if (r < 0)
return r;
*ret_sig_data = TAKE_PTR(sig_data);
*ret_sig_size = sig_size;
return 0;
}
static int dnssec_rrset_verify_sig(
DnsResourceRecord *rrsig,
DnsResourceRecord *dnskey,
const char *sig_data,
size_t sig_size) {
assert(rrsig);
assert(dnskey);
assert(sig_data);
assert(sig_size > 0);
hash_md_t md_algorithm;
#if PREFER_OPENSSL
uint8_t hash[EVP_MAX_MD_SIZE];
unsigned hash_size;
#else
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
void *hash;
size_t hash_size;
initialize_libgcrypt(false);
#endif
switch (rrsig->rrsig.algorithm) {
case DNSSEC_ALGORITHM_ED25519:
#if PREFER_OPENSSL || GCRYPT_VERSION_NUMBER >= 0x010600
return dnssec_eddsa_verify(
rrsig->rrsig.algorithm,
sig_data, sig_size,
rrsig,
dnskey);
#endif
case DNSSEC_ALGORITHM_ED448:
return -EOPNOTSUPP;
default:
/* OK, the RRs are now in canonical order. Let's calculate the digest */
md_algorithm = algorithm_to_implementation_id(rrsig->rrsig.algorithm);
#if PREFER_OPENSSL
if (!md_algorithm)
return -EOPNOTSUPP;
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (!ctx)
return -ENOMEM;
if (EVP_DigestInit_ex(ctx, md_algorithm, NULL) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, sig_data, sig_size) <= 0)
return -EIO;
if (EVP_DigestFinal_ex(ctx, hash, &hash_size) <= 0)
return -EIO;
assert(hash_size > 0);
#else
if (md_algorithm < 0)
return md_algorithm;
gcry_error_t err = gcry_md_open(&md, md_algorithm, 0);
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
hash_size = gcry_md_get_algo_dlen(md_algorithm);
assert(hash_size > 0);
gcry_md_write(md, sig_data, sig_size);
hash = gcry_md_read(md, 0);
if (!hash)
return -EIO;
#endif
}
switch (rrsig->rrsig.algorithm) {
case DNSSEC_ALGORITHM_RSASHA1:
case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
case DNSSEC_ALGORITHM_RSASHA256:
case DNSSEC_ALGORITHM_RSASHA512:
return dnssec_rsa_verify(
OPENSSL_OR_GCRYPT(md_algorithm, gcry_md_algo_name(md_algorithm)),
hash, hash_size,
rrsig,
dnskey);
case DNSSEC_ALGORITHM_ECDSAP256SHA256:
case DNSSEC_ALGORITHM_ECDSAP384SHA384:
return dnssec_ecdsa_verify(
OPENSSL_OR_GCRYPT(md_algorithm, gcry_md_algo_name(md_algorithm)),
rrsig->rrsig.algorithm,
hash, hash_size,
rrsig,
dnskey);
default:
assert_not_reached();
}
}
int dnssec_verify_rrset(
DnsAnswer *a,
const DnsResourceKey *key,
@ -633,18 +981,12 @@ int dnssec_verify_rrset(
usec_t realtime,
DnssecResult *result) {
uint8_t wire_format_name[DNS_WIRE_FORMAT_HOSTNAME_MAX];
DnsResourceRecord **list, *rr;
const char *source, *name;
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
int r, md_algorithm;
size_t n = 0;
size_t sig_size = 0;
size_t n = 0, sig_size;
_cleanup_free_ char *sig_data = NULL;
_cleanup_fclose_ FILE *f = NULL;
size_t hash_size;
void *hash;
bool wildcard;
int r;
assert(key);
assert(rrsig);
@ -746,123 +1088,15 @@ int dnssec_verify_rrset(
/* Bring the RRs into canonical order */
typesafe_qsort(list, n, rr_compare);
f = open_memstream_unlocked(&sig_data, &sig_size);
if (!f)
return -ENOMEM;
fwrite_uint16(f, rrsig->rrsig.type_covered);
fwrite_uint8(f, rrsig->rrsig.algorithm);
fwrite_uint8(f, rrsig->rrsig.labels);
fwrite_uint32(f, rrsig->rrsig.original_ttl);
fwrite_uint32(f, rrsig->rrsig.expiration);
fwrite_uint32(f, rrsig->rrsig.inception);
fwrite_uint16(f, rrsig->rrsig.key_tag);
r = dns_name_to_wire_format(rrsig->rrsig.signer, wire_format_name, sizeof(wire_format_name), true);
if (r < 0)
return r;
fwrite(wire_format_name, 1, r, f);
/* Convert the source of synthesis into wire format */
r = dns_name_to_wire_format(source, wire_format_name, sizeof(wire_format_name), true);
r = dnssec_rrset_serialize_sig(rrsig, source, list, n, wildcard,
&sig_data, &sig_size);
if (r < 0)
return r;
for (size_t k = 0; k < n; k++) {
size_t l;
rr = list[k];
/* Hash the source of synthesis. If this is a wildcard, then prefix it with the *. label */
if (wildcard)
fwrite((uint8_t[]) { 1, '*'}, sizeof(uint8_t), 2, f);
fwrite(wire_format_name, 1, r, f);
fwrite_uint16(f, rr->key->type);
fwrite_uint16(f, rr->key->class);
fwrite_uint32(f, rrsig->rrsig.original_ttl);
l = DNS_RESOURCE_RECORD_RDATA_SIZE(rr);
assert(l <= 0xFFFF);
fwrite_uint16(f, (uint16_t) l);
fwrite(DNS_RESOURCE_RECORD_RDATA(rr), 1, l, f);
}
r = fflush_and_check(f);
if (r < 0)
return r;
initialize_libgcrypt(false);
switch (rrsig->rrsig.algorithm) {
#if GCRYPT_VERSION_NUMBER >= 0x010600
case DNSSEC_ALGORITHM_ED25519:
break;
#else
case DNSSEC_ALGORITHM_ED25519:
#endif
case DNSSEC_ALGORITHM_ED448:
r = dnssec_rrset_verify_sig(rrsig, dnskey, sig_data, sig_size);
if (r == -EOPNOTSUPP) {
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
return 0;
default: {
gcry_error_t err;
/* OK, the RRs are now in canonical order. Let's calculate the digest */
md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm);
if (md_algorithm == -EOPNOTSUPP) {
*result = DNSSEC_UNSUPPORTED_ALGORITHM;
return 0;
}
if (md_algorithm < 0)
return md_algorithm;
err = gcry_md_open(&md, md_algorithm, 0);
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
hash_size = gcry_md_get_algo_dlen(md_algorithm);
assert(hash_size > 0);
gcry_md_write(md, sig_data, sig_size);
hash = gcry_md_read(md, 0);
if (!hash)
return -EIO;
}
}
switch (rrsig->rrsig.algorithm) {
case DNSSEC_ALGORITHM_RSASHA1:
case DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1:
case DNSSEC_ALGORITHM_RSASHA256:
case DNSSEC_ALGORITHM_RSASHA512:
r = dnssec_rsa_verify(
gcry_md_algo_name(md_algorithm),
hash, hash_size,
rrsig,
dnskey);
break;
case DNSSEC_ALGORITHM_ECDSAP256SHA256:
case DNSSEC_ALGORITHM_ECDSAP384SHA384:
r = dnssec_ecdsa_verify(
gcry_md_algo_name(md_algorithm),
rrsig->rrsig.algorithm,
hash, hash_size,
rrsig,
dnskey);
break;
#if GCRYPT_VERSION_NUMBER >= 0x010600
case DNSSEC_ALGORITHM_ED25519:
r = dnssec_eddsa_verify(
rrsig->rrsig.algorithm,
sig_data, sig_size,
rrsig,
dnskey);
break;
#endif
}
if (r < 0)
return r;
@ -1067,33 +1301,29 @@ int dnssec_has_rrsig(DnsAnswer *a, const DnsResourceKey *key) {
return 0;
}
static int digest_to_gcrypt_md(uint8_t algorithm) {
static hash_md_t digest_to_hash_md(uint8_t algorithm) {
/* Translates a DNSSEC digest algorithm into a gcrypt digest identifier */
/* Translates a DNSSEC digest algorithm into an openssl/gcrypt digest identifier */
switch (algorithm) {
case DNSSEC_DIGEST_SHA1:
return GCRY_MD_SHA1;
return OPENSSL_OR_GCRYPT(EVP_sha1(), GCRY_MD_SHA1);
case DNSSEC_DIGEST_SHA256:
return GCRY_MD_SHA256;
return OPENSSL_OR_GCRYPT(EVP_sha256(), GCRY_MD_SHA256);
case DNSSEC_DIGEST_SHA384:
return GCRY_MD_SHA384;
return OPENSSL_OR_GCRYPT(EVP_sha384(), GCRY_MD_SHA384);
default:
return -EOPNOTSUPP;
return OPENSSL_OR_GCRYPT(NULL, -EOPNOTSUPP);
}
}
int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
gcry_error_t err;
size_t hash_size;
int md_algorithm, r;
void *result;
int r;
assert(dnskey);
assert(ds);
@ -1116,23 +1346,65 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)
return 0;
initialize_libgcrypt(false);
r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof wire_format, true);
if (r < 0)
return r;
md_algorithm = digest_to_gcrypt_md(ds->ds.digest_type);
if (md_algorithm < 0)
return md_algorithm;
hash_md_t md_algorithm = digest_to_hash_md(ds->ds.digest_type);
hash_size = gcry_md_get_algo_dlen(md_algorithm);
#if PREFER_OPENSSL
if (!md_algorithm)
return -EOPNOTSUPP;
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
uint8_t result[EVP_MAX_MD_SIZE];
unsigned hash_size = EVP_MD_size(md_algorithm);
assert(hash_size > 0);
if (ds->ds.digest_size != hash_size)
return 0;
r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof(wire_format), true);
if (r < 0)
return r;
ctx = EVP_MD_CTX_new();
if (!ctx)
return -ENOMEM;
err = gcry_md_open(&md, md_algorithm, 0);
if (EVP_DigestInit_ex(ctx, md_algorithm, NULL) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, wire_format, r) <= 0)
return -EIO;
if (mask_revoke)
md_add_uint16(ctx, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);
else
md_add_uint16(ctx, dnskey->dnskey.flags);
r = md_add_uint8(ctx, dnskey->dnskey.protocol);
if (r <= 0)
return r;
r = md_add_uint8(ctx, dnskey->dnskey.algorithm);
if (r <= 0)
return r;
if (EVP_DigestUpdate(ctx, dnskey->dnskey.key, dnskey->dnskey.key_size) <= 0)
return -EIO;
if (EVP_DigestFinal_ex(ctx, result, NULL) <= 0)
return -EIO;
#else
if (md_algorithm < 0)
return -EOPNOTSUPP;
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
size_t hash_size = gcry_md_get_algo_dlen(md_algorithm);
assert(hash_size > 0);
if (ds->ds.digest_size != hash_size)
return 0;
gcry_error_t err = gcry_md_open(&md, md_algorithm, 0);
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
@ -1145,9 +1417,10 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
md_add_uint8(md, dnskey->dnskey.algorithm);
gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);
result = gcry_md_read(md, 0);
void *result = gcry_md_read(md, 0);
if (!result)
return -EIO;
#endif
return memcmp(result, ds->ds.digest, ds->ds.digest_size) == 0;
}
@ -1190,27 +1463,22 @@ int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *vali
return 0;
}
static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
static hash_md_t nsec3_hash_to_hash_md(uint8_t algorithm) {
/* Translates a DNSSEC NSEC3 hash algorithm into a gcrypt digest identifier */
/* Translates a DNSSEC NSEC3 hash algorithm into an openssl/gcrypt digest identifier */
switch (algorithm) {
case NSEC3_ALGORITHM_SHA1:
return GCRY_MD_SHA1;
return OPENSSL_OR_GCRYPT(EVP_sha1(), GCRY_MD_SHA1);
default:
return -EOPNOTSUPP;
return OPENSSL_OR_GCRYPT(NULL, -EOPNOTSUPP);
}
}
int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
gcry_error_t err;
size_t hash_size;
int algorithm;
void *result;
int r;
assert(nsec3);
@ -1225,13 +1493,55 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
"Ignoring NSEC3 RR %s with excessive number of iterations.",
dns_resource_record_to_string(nsec3));
algorithm = nsec3_hash_to_gcrypt_md(nsec3->nsec3.algorithm);
hash_md_t algorithm = nsec3_hash_to_hash_md(nsec3->nsec3.algorithm);
#if PREFER_OPENSSL
if (!algorithm)
return -EOPNOTSUPP;
size_t hash_size = EVP_MD_size(algorithm);
assert(hash_size > 0);
if (nsec3->nsec3.next_hashed_name_size != hash_size)
return -EINVAL;
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = EVP_MD_CTX_new();
if (!ctx)
return -ENOMEM;
if (EVP_DigestInit_ex(ctx, algorithm, NULL) <= 0)
return -EIO;
r = dns_name_to_wire_format(name, wire_format, sizeof(wire_format), true);
if (r < 0)
return r;
if (EVP_DigestUpdate(ctx, wire_format, r) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, nsec3->nsec3.salt, nsec3->nsec3.salt_size) <= 0)
return -EIO;
uint8_t result[EVP_MAX_MD_SIZE];
if (EVP_DigestFinal_ex(ctx, result, NULL) <= 0)
return -EIO;
for (unsigned k = 0; k < nsec3->nsec3.iterations; k++) {
if (EVP_DigestInit_ex(ctx, algorithm, NULL) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, result, hash_size) <= 0)
return -EIO;
if (EVP_DigestUpdate(ctx, nsec3->nsec3.salt, nsec3->nsec3.salt_size) <= 0)
return -EIO;
if (EVP_DigestFinal_ex(ctx, result, NULL) <= 0)
return -EIO;
}
#else
if (algorithm < 0)
return algorithm;
initialize_libgcrypt(false);
hash_size = gcry_md_get_algo_dlen(algorithm);
unsigned hash_size = gcry_md_get_algo_dlen(algorithm);
assert(hash_size > 0);
if (nsec3->nsec3.next_hashed_name_size != hash_size)
@ -1241,14 +1551,15 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
if (r < 0)
return r;
err = gcry_md_open(&md, algorithm, 0);
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
gcry_error_t err = gcry_md_open(&md, algorithm, 0);
if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, wire_format, r);
gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
result = gcry_md_read(md, 0);
void *result = gcry_md_read(md, 0);
if (!result)
return -EIO;
@ -1264,6 +1575,7 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
if (!result)
return -EIO;
}
#endif
memcpy(ret, result, hash_size);
return (int) hash_size;
@ -1283,8 +1595,14 @@ static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
return 0;
/* Ignore NSEC3 RRs whose algorithm we don't know */
if (nsec3_hash_to_gcrypt_md(rr->nsec3.algorithm) < 0)
#if PREFER_OPENSSL
if (!nsec3_hash_to_hash_md(rr->nsec3.algorithm))
return 0;
#else
if (nsec3_hash_to_hash_md(rr->nsec3.algorithm) < 0)
return 0;
#endif
/* Ignore NSEC3 RRs with an excessive number of required iterations */
if (rr->nsec3.iterations > NSEC3_ITERATIONS_MAX)
return 0;

6
src/resolve/resolved-dns-packet.c
View file

@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#if HAVE_GCRYPT
#include <gcrypt.h>
# include <gcrypt.h>
#endif
#include "alloc-util.h"
@ -776,7 +776,7 @@ int dns_packet_append_opt(
static const uint8_t rfc6975[] = {
0, 5, /* OPTION_CODE: DAU */
#if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
#if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
0, 7, /* LIST_LENGTH */
#else
0, 6, /* LIST_LENGTH */
@ -787,7 +787,7 @@ int dns_packet_append_opt(
DNSSEC_ALGORITHM_RSASHA512,
DNSSEC_ALGORITHM_ECDSAP256SHA256,
DNSSEC_ALGORITHM_ECDSAP384SHA384,
#if HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600
#if PREFER_OPENSSL || (HAVE_GCRYPT && GCRYPT_VERSION_NUMBER >= 0x010600)
DNSSEC_ALGORITHM_ED25519,
#endif

4
src/resolve/resolved-link.c
View file

@ -414,9 +414,9 @@ void link_set_dnssec_mode(Link *l, DnssecMode mode) {
assert(l);
#if ! HAVE_GCRYPT
#if !HAVE_OPENSSL_OR_GCRYPT
if (IN_SET(mode, DNSSEC_YES, DNSSEC_ALLOW_DOWNGRADE))
log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
log_warning("DNSSEC option for the link cannot be enabled or set to allow-downgrade when systemd-resolved is built without a cryptographic library. Turning off DNSSEC support.");
return;
#endif

207
src/resolve/test-dnssec.c
View file

@ -1,20 +1,19 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <arpa/inet.h>
#if HAVE_GCRYPT
#include <gcrypt.h>
#endif
#include <netinet/in.h>
#include <sys/socket.h>
#if HAVE_GCRYPT
# include <gcrypt.h>
#endif
#include "alloc-util.h"
#include "resolved-dns-dnssec.h"
#include "resolved-dns-rr.h"
#include "string-util.h"
#include "hexdecoct.h"
#if HAVE_GCRYPT
static void test_dnssec_verify_dns_key(void) {
static const uint8_t ds1_fprint[] = {
@ -173,8 +172,8 @@ static void test_dnssec_verify_rfc8080_ed25519_example1(void) {
assert_se(dns_answer_add(answer, mx, 0, DNS_ANSWER_AUTHENTICATED, NULL) >= 0);
assert_se(dnssec_verify_rrset(answer, mx->key, rrsig, dnskey,
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
#if GCRYPT_VERSION_NUMBER >= 0x010600
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
#if PREFER_OPENSSL || GCRYPT_VERSION_NUMBER >= 0x010600
assert_se(result == DNSSEC_VALIDATED);
#else
assert_se(result == DNSSEC_UNSUPPORTED_ALGORITHM);
@ -265,13 +264,196 @@ static void test_dnssec_verify_rfc8080_ed25519_example2(void) {
assert_se(dns_answer_add(answer, mx, 0, DNS_ANSWER_AUTHENTICATED, NULL) >= 0);
assert_se(dnssec_verify_rrset(answer, mx->key, rrsig, dnskey,
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
#if GCRYPT_VERSION_NUMBER >= 0x010600
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
#if PREFER_OPENSSL || GCRYPT_VERSION_NUMBER >= 0x010600
assert_se(result == DNSSEC_VALIDATED);
#else
assert_se(result == DNSSEC_UNSUPPORTED_ALGORITHM);
#endif
}
static void test_dnssec_verify_rfc6605_example1(void) {
static const uint8_t signature_blob[] = {
0xab, 0x1e, 0xb0, 0x2d, 0x8a, 0xa6, 0x87, 0xe9, 0x7d, 0xa0, 0x22, 0x93, 0x37, 0xaa, 0x88, 0x73,
0xe6, 0xf0, 0xeb, 0x26, 0xbe, 0x28, 0x9f, 0x28, 0x33, 0x3d, 0x18, 0x3f, 0x5d, 0x3b, 0x7a, 0x95,
0xc0, 0xc8, 0x69, 0xad, 0xfb, 0x74, 0x8d, 0xae, 0xe3, 0xc5, 0x28, 0x6e, 0xed, 0x66, 0x82, 0xc1,
0x2e, 0x55, 0x33, 0x18, 0x6b, 0xac, 0xed, 0x9c, 0x26, 0xc1, 0x67, 0xa9, 0xeb, 0xae, 0x95, 0x0b,
};
static const uint8_t ds_fprint[] = {
0x6f, 0x87, 0x3c, 0x73, 0x57, 0xde, 0xd9, 0xee, 0xf8, 0xef, 0xbd, 0x76, 0xed, 0xbd, 0xbb, 0xd7,
0x5e, 0x7a, 0xe7, 0xa6, 0x9d, 0xeb, 0x6e, 0x7a, 0x7f, 0x8d, 0xb8, 0xeb, 0x6e, 0x5b, 0x7f, 0x97,
0x35, 0x7b, 0x6e, 0xfb, 0xd1, 0xc7, 0xba, 0x77, 0xa7, 0xb7, 0xed, 0xd7, 0xfa, 0xd5, 0xdd, 0x7b,
};
static const uint8_t dnskey_blob[] = {
0x1a, 0x88, 0xc8, 0x86, 0x15, 0xd4, 0x37, 0xfb, 0xb8, 0xbf, 0x9e, 0x19, 0x42, 0xa1, 0x92, 0x9f,
0x28, 0x56, 0x27, 0x06, 0xae, 0x6c, 0x2b, 0xd3, 0x99, 0xe7, 0xb1, 0xbf, 0xb6, 0xd1, 0xe9, 0xe7,
0x5b, 0x92, 0xb4, 0xaa, 0x42, 0x91, 0x7a, 0xe1, 0xc6, 0x1b, 0x70, 0x1e, 0xf0, 0x35, 0xc3, 0xfe,
0x7b, 0xe3, 0x00, 0x9c, 0xba, 0xfe, 0x5a, 0x2f, 0x71, 0x31, 0x6c, 0x90, 0x2d, 0xcf, 0x0d, 0x00,
};
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *dnskey = NULL, *ds = NULL, *a = NULL,
*rrsig = NULL;
_cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
DnssecResult result;
dnskey = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DNSKEY, "example.net.");
assert_se(dnskey);
dnskey->dnskey.flags = 257;
dnskey->dnskey.protocol = 3;
dnskey->dnskey.algorithm = DNSSEC_ALGORITHM_ECDSAP256SHA256;
dnskey->dnskey.key_size = sizeof(dnskey_blob);
dnskey->dnskey.key = memdup(dnskey_blob, sizeof(dnskey_blob));
assert_se(dnskey->dnskey.key);
log_info("DNSKEY: %s", strna(dns_resource_record_to_string(dnskey)));
ds = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "example.net.");
assert_se(ds);
ds->ds.key_tag = 55648;
ds->ds.algorithm = DNSSEC_ALGORITHM_ECDSAP256SHA256;
ds->ds.digest_type = DNSSEC_DIGEST_SHA256;
ds->ds.digest_size = sizeof(ds_fprint);
ds->ds.digest = memdup(ds_fprint, ds->ds.digest_size);
assert_se(ds->ds.digest);
log_info("DS: %s", strna(dns_resource_record_to_string(ds)));
a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, "www.example.net");
assert_se(a);
a->a.in_addr.s_addr = inet_addr("192.0.2.1");
log_info("A: %s", strna(dns_resource_record_to_string(a)));
rrsig = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.net.");
assert_se(rrsig);
rrsig->rrsig.type_covered = DNS_TYPE_A;
rrsig->rrsig.algorithm = DNSSEC_ALGORITHM_ECDSAP256SHA256;
rrsig->rrsig.labels = 3;
rrsig->rrsig.expiration = 1284026679;
rrsig->rrsig.inception = 1281607479;
rrsig->rrsig.key_tag = 55648;
rrsig->rrsig.original_ttl = 3600;
rrsig->rrsig.signer = strdup("example.net.");
assert_se(rrsig->rrsig.signer);
rrsig->rrsig.signature_size = sizeof(signature_blob);
rrsig->rrsig.signature = memdup(signature_blob, rrsig->rrsig.signature_size);
assert_se(rrsig->rrsig.signature);
log_info("RRSIG: %s", strna(dns_resource_record_to_string(rrsig)));
assert_se(dnssec_key_match_rrsig(a->key, rrsig) > 0);
assert_se(dnssec_rrsig_match_dnskey(rrsig, dnskey, false) > 0);
answer = dns_answer_new(1);
assert_se(answer);
assert_se(dns_answer_add(answer, a, 0, DNS_ANSWER_AUTHENTICATED, NULL) >= 0);
assert_se(dnssec_verify_rrset(answer, a->key, rrsig, dnskey,
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
assert_se(result == DNSSEC_VALIDATED);
}
static void test_dnssec_verify_rfc6605_example2(void) {
static const uint8_t signature_blob[] = {
0xfc, 0xbe, 0x61, 0x0c, 0xa2, 0x2f, 0x18, 0x3c, 0x88, 0xd5, 0xf7, 0x00, 0x45, 0x7d, 0xf3, 0xeb,
0x9a, 0xab, 0x98, 0xfb, 0x15, 0xcf, 0xbd, 0xd0, 0x0f, 0x53, 0x2b, 0xe4, 0x21, 0x2a, 0x3a, 0x22,
0xcf, 0xf7, 0x98, 0x71, 0x42, 0x8b, 0xae, 0xae, 0x81, 0x82, 0x79, 0x93, 0xaf, 0xcc, 0x56, 0xb1,
0xb1, 0x3f, 0x06, 0x96, 0xbe, 0xf8, 0x85, 0xb6, 0xaf, 0x44, 0xa6, 0xb2, 0x24, 0xdb, 0xb2, 0x74,
0x2b, 0xb3, 0x59, 0x34, 0x92, 0x3d, 0xdc, 0xfb, 0xc2, 0x7a, 0x97, 0x2f, 0x96, 0xdd, 0x70, 0x9c,
0xee, 0xb1, 0xd9, 0xc8, 0xd1, 0x14, 0x8c, 0x44, 0xec, 0x71, 0xc0, 0x68, 0xa9, 0x59, 0xc2, 0x66,
};
static const uint8_t ds_fprint[] = {
0xef, 0x67, 0x7b, 0x6f, 0xad, 0xbd, 0xef, 0xa7, 0x1e, 0xd3, 0xae, 0x37, 0xf1, 0xef, 0x5c, 0xd1,
0xb7, 0xf7, 0xd7, 0xdd, 0x35, 0xdd, 0xc7, 0xfc, 0xd3, 0x57, 0xf4, 0xf5, 0xe7, 0x1c, 0xf3, 0x86,
0xfc, 0x77, 0xb7, 0xbd, 0xe3, 0xde, 0x5f, 0xdb, 0xb7, 0xb7, 0xd3, 0x97, 0x3a, 0x6b, 0xd6, 0xf4,
0xe7, 0xad, 0xda, 0xf5, 0xbe, 0x5f, 0xe1, 0xdd, 0xbc, 0xf3, 0x8d, 0x39, 0x73, 0x7d, 0x34, 0xf1,
0xaf, 0x78, 0xe9, 0xd7, 0xfd, 0xf3, 0x77, 0x7a,
};
static const uint8_t dnskey_blob[] = {
0xc4, 0xa6, 0x1a, 0x36, 0x15, 0x9d, 0x18, 0xe7, 0xc9, 0xfa, 0x73, 0xeb, 0x2f, 0xcf, 0xda, 0xae,
0x4c, 0x1f, 0xd8, 0x46, 0x37, 0x30, 0x32, 0x7e, 0x48, 0x4a, 0xca, 0x8a, 0xf0, 0x55, 0x4a, 0xe9,
0xb5, 0xc3, 0xf7, 0xa0, 0xb1, 0x7b, 0xd2, 0x00, 0x3b, 0x4d, 0x26, 0x1c, 0x9e, 0x9b, 0x94, 0x42,
0x3a, 0x98, 0x10, 0xe8, 0xaf, 0x17, 0xd4, 0x34, 0x52, 0x12, 0x4a, 0xdb, 0x61, 0x0f, 0x8e, 0x07,
0xeb, 0xfc, 0xfe, 0xe5, 0xf8, 0xe4, 0xd0, 0x70, 0x63, 0xca, 0xe9, 0xeb, 0x91, 0x7a, 0x1a, 0x5b,
0xab, 0xf0, 0x8f, 0xe6, 0x95, 0x53, 0x60, 0x17, 0xa5, 0xbf, 0xa9, 0x32, 0x37, 0xee, 0x6e, 0x34,
};
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *dnskey = NULL, *ds = NULL, *a = NULL,
*rrsig = NULL;
_cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
DnssecResult result;
dnskey = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DNSKEY, "example.net.");
assert_se(dnskey);
dnskey->dnskey.flags = 257;
dnskey->dnskey.protocol = 3;
dnskey->dnskey.algorithm = DNSSEC_ALGORITHM_ECDSAP384SHA384;
dnskey->dnskey.key_size = sizeof(dnskey_blob);
dnskey->dnskey.key = memdup(dnskey_blob, sizeof(dnskey_blob));
assert_se(dnskey->dnskey.key);
log_info("DNSKEY: %s", strna(dns_resource_record_to_string(dnskey)));
ds = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, "example.net.");
assert_se(ds);
ds->ds.key_tag = 10771;
ds->ds.algorithm = DNSSEC_ALGORITHM_ECDSAP384SHA384;
ds->ds.digest_type = DNSSEC_DIGEST_SHA384;
ds->ds.digest_size = sizeof(ds_fprint);
ds->ds.digest = memdup(ds_fprint, ds->ds.digest_size);
assert_se(ds->ds.digest);
log_info("DS: %s", strna(dns_resource_record_to_string(ds)));
a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, "www.example.net");
assert_se(a);
a->a.in_addr.s_addr = inet_addr("192.0.2.1");
log_info("A: %s", strna(dns_resource_record_to_string(a)));
rrsig = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.net.");
assert_se(rrsig);
rrsig->rrsig.type_covered = DNS_TYPE_A;
rrsig->rrsig.algorithm = DNSSEC_ALGORITHM_ECDSAP384SHA384;
rrsig->rrsig.labels = 3;
rrsig->rrsig.expiration = 1284027625;
rrsig->rrsig.inception = 1281608425;
rrsig->rrsig.key_tag = 10771;
rrsig->rrsig.original_ttl = 3600;
rrsig->rrsig.signer = strdup("example.net.");
assert_se(rrsig->rrsig.signer);
rrsig->rrsig.signature_size = sizeof(signature_blob);
rrsig->rrsig.signature = memdup(signature_blob, rrsig->rrsig.signature_size);
assert_se(rrsig->rrsig.signature);
log_info("RRSIG: %s", strna(dns_resource_record_to_string(rrsig)));
assert_se(dnssec_key_match_rrsig(a->key, rrsig) > 0);
assert_se(dnssec_rrsig_match_dnskey(rrsig, dnskey, false) > 0);
answer = dns_answer_new(1);
assert_se(answer);
assert_se(dns_answer_add(answer, a, 0, DNS_ANSWER_AUTHENTICATED, NULL) >= 0);
assert_se(dnssec_verify_rrset(answer, a->key, rrsig, dnskey,
rrsig->rrsig.inception * USEC_PER_SEC, &result) >= 0);
assert_se(result == DNSSEC_VALIDATED);
}
static void test_dnssec_verify_rrset(void) {
static const uint8_t signature_blob[] = {
@ -605,19 +787,16 @@ static void test_dnssec_nsec3_hash(void) {
assert_se(strcasecmp(b, "PJ8S08RR45VIQDAQGE7EN3VHKNROTBMM") == 0);
}
#endif
int main(int argc, char *argv[]) {
#if HAVE_GCRYPT
test_dnssec_verify_dns_key();
test_dnssec_verify_rfc8080_ed25519_example1();
test_dnssec_verify_rfc8080_ed25519_example2();
test_dnssec_verify_rfc6605_example1();
test_dnssec_verify_rfc6605_example2();
test_dnssec_verify_rrset();
test_dnssec_verify_rrset2();
test_dnssec_verify_rrset3();
test_dnssec_nsec3_hash();
#endif
return 0;
}

67
src/shared/openssl-util.c
View file

@ -2,8 +2,46 @@
#include "openssl-util.h"
#include "alloc-util.h"
#include "hexdecoct.h"
#if HAVE_OPENSSL
int openssl_hash(const EVP_MD *alg,
const void *msg,
size_t msg_len,
uint8_t *ret_hash,
size_t *ret_hash_len) {
_cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *ctx = NULL;
unsigned len;
int r;
ctx = EVP_MD_CTX_new();
if (!ctx)
/* This function just calls OPENSSL_zalloc, so failure
* here is almost certainly a failed allocation. */
return -ENOMEM;
/* The documentation claims EVP_DigestInit behaves just like
* EVP_DigestInit_ex if passed NULL, except it also calls
* EVP_MD_CTX_reset, which deinitializes the context. */
r = EVP_DigestInit_ex(ctx, alg, NULL);
if (r == 0)
return -EIO;
r = EVP_DigestUpdate(ctx, msg, msg_len);
if (r == 0)
return -EIO;
r = EVP_DigestFinal_ex(ctx, ret_hash, &len);
if (r == 0)
return -EIO;
if (ret_hash_len)
*ret_hash_len = len;
return 0;
}
int rsa_encrypt_bytes(
EVP_PKEY *pkey,
const void *decrypted_key,
@ -70,4 +108,33 @@ int rsa_pkey_to_suitable_key_size(
*ret_suitable_key_size = suitable_key_size;
return 0;
}
# if PREFER_OPENSSL
int string_hashsum(
const char *s,
size_t len,
const EVP_MD *md_algorithm,
char **ret) {
uint8_t hash[EVP_MAX_MD_SIZE];
size_t hash_size;
char *enc;
int r;
hash_size = EVP_MD_size(md_algorithm);
assert(hash_size > 0);
r = openssl_hash(md_algorithm, s, len, hash, NULL);
if (r < 0)
return r;
enc = hexmem(hash, hash_size);
if (!enc)
return -ENOMEM;
*ret = enc;
return 0;
}
# endif
#endif

45
src/shared/openssl-util.h
View file

@ -5,6 +5,8 @@
#if HAVE_OPENSSL
# include <openssl/bio.h>
# include <openssl/bn.h>
# include <openssl/err.h>
# include <openssl/evp.h>
# include <openssl/pkcs7.h>
# include <openssl/ssl.h>
@ -13,7 +15,15 @@
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BN_CTX*, BN_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ECDSA_SIG*, ECDSA_SIG_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(PKCS7*, PKCS7_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(SSL*, SSL_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIO*, BIO_free, NULL);
@ -26,8 +36,41 @@ static inline void sk_X509_free_allp(STACK_OF(X509) **sk) {
sk_X509_pop_free(*sk, X509_free);
}
int openssl_hash(const EVP_MD *alg, const void *msg, size_t msg_len, uint8_t *ret_hash, size_t *ret_hash_len);
int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
int rsa_pkey_to_suitable_key_size(EVP_PKEY *pkey, size_t *ret_suitable_key_size);
#endif
#if PREFER_OPENSSL
/* The openssl definition */
typedef const EVP_MD* hash_md_t;
typedef const EVP_MD* hash_algorithm_t;
typedef int elliptic_curve_t;
typedef EVP_MD_CTX* hash_context_t;
# define OPENSSL_OR_GCRYPT(a, b) (a)
#elif HAVE_GCRYPT
# include <gcrypt.h>
/* The gcrypt definition */
typedef int hash_md_t;
typedef const char* hash_algorithm_t;
typedef const char* elliptic_curve_t;
typedef gcry_md_hd_t hash_context_t;
# define OPENSSL_OR_GCRYPT(a, b) (b)
#endif
#if PREFER_OPENSSL
int string_hashsum(const char *s, size_t len, hash_algorithm_t md_algorithm, char **ret);
static inline int string_hashsum_sha224(const char *s, size_t len, char **ret) {
return string_hashsum(s, len, EVP_sha224(), ret);
}
static inline int string_hashsum_sha256(const char *s, size_t len, char **ret) {
return string_hashsum(s, len, EVP_sha256(), ret);
}
#endif

6
src/test/meson.build
View file

@ -594,8 +594,10 @@ tests += [
[['src/test/test-id128.c']],
[['src/test/test-gcrypt-util.c'],
[], [], [], 'HAVE_GCRYPT'],
[['src/test/test-cryptolib.c'],
[libshared],
[lib_openssl_or_gcrypt],
[], 'HAVE_OPENSSL_OR_GCRYPT'],
[['src/test/test-nss-hosts.c',
'src/test/nss-test-util.c',

17
src/test/test-gcrypt-util.c → src/test/test-cryptolib.c
View file

@ -3,25 +3,34 @@
#include "alloc-util.h"
#include "gcrypt-util.h"
#include "macro.h"
#include "openssl-util.h"
#include "string-util.h"
#include "tests.h"
TEST(string_hashsum) {
_cleanup_free_ char *out1 = NULL, *out2 = NULL, *out3 = NULL, *out4 = NULL;
assert_se(string_hashsum("asdf", 4, GCRY_MD_SHA224, &out1) == 0);
assert_se(string_hashsum("asdf", 4,
OPENSSL_OR_GCRYPT(EVP_sha224(), GCRY_MD_SHA224),
&out1) == 0);
/* echo -n 'asdf' | sha224sum - */
assert_se(streq(out1, "7872a74bcbf298a1e77d507cd95d4f8d96131cbbd4cdfc571e776c8a"));
assert_se(string_hashsum("asdf", 4, GCRY_MD_SHA256, &out2) == 0);
assert_se(string_hashsum("asdf", 4,
OPENSSL_OR_GCRYPT(EVP_sha256(), GCRY_MD_SHA256),
&out2) == 0);
/* echo -n 'asdf' | sha256sum - */
assert_se(streq(out2, "f0e4c2f76c58916ec258f246851bea091d14d4247a2fc3e18694461b1816e13b"));
assert_se(string_hashsum("", 0, GCRY_MD_SHA224, &out3) == 0);
assert_se(string_hashsum("", 0,
OPENSSL_OR_GCRYPT(EVP_sha224(), GCRY_MD_SHA224),
&out3) == 0);
/* echo -n '' | sha224sum - */
assert_se(streq(out3, "d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"));
assert_se(string_hashsum("", 0, GCRY_MD_SHA256, &out4) == 0);
assert_se(string_hashsum("", 0,
OPENSSL_OR_GCRYPT(EVP_sha256(), GCRY_MD_SHA256),
&out4) == 0);
/* echo -n '' | sha256sum - */
assert_se(streq(out4, "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
}