X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fvalidation.rs;h=fc188a46dff0d04c8ee3e330b12e63bcccc69f90;hb=HEAD;hp=615146eb399648812fd7edf1809cceb96389a086;hpb=0aacbde897980f8b67e9106ee7b2295f4d1dfd24;p=dnssec-prover diff --git a/src/validation.rs b/src/validation.rs index 615146e..fc188a4 100644 --- a/src/validation.rs +++ b/src/validation.rs @@ -1,13 +1,15 @@ //! Utilities to deserialize and validate RFC 9102 proofs +use alloc::borrow::ToOwned; use alloc::vec::Vec; use alloc::vec; -use core::cmp; - -use ring::signature; +use core::cmp::{self, Ordering}; +use crate::base32; +use crate::crypto; use crate::rr::*; use crate::ser::write_name; +use crate::MAX_PROOF_STEPS; /// Gets the trusted root anchors /// @@ -42,30 +44,12 @@ pub enum ValidationError { UnsupportedAlgorithm, /// The provided data was invalid or signatures did not validate. Invalid, + /// We would need to validate more than [`MAX_PROOF_STEPS`] sets of [`RRSig`]s to validate the + /// proof we were given. + ValidationCountLimited, } -pub(crate) fn bytes_to_rsa_pk<'a>(pubkey: &'a [u8]) --> Result, ()> { - if pubkey.len() <= 3 { return Err(()); } - - let mut pos = 0; - let exponent_length; - if pubkey[0] == 0 { - exponent_length = ((pubkey[1] as usize) << 8) | (pubkey[2] as usize); - pos += 3; - } else { - exponent_length = pubkey[0] as usize; - pos += 1; - } - - if pubkey.len() <= pos + exponent_length { return Err(()); } - Ok(signature::RsaPublicKeyComponents { - n: &pubkey[pos + exponent_length..], - e: &pubkey[pos..pos + exponent_length] - }) -} - -fn verify_rrsig<'a, RR: Record, Keys>(sig: &RRSig, dnskeys: Keys, mut records: Vec<&RR>) +fn verify_rrsig<'a, RR: WriteableRecord, Keys>(sig: &RRSig, dnskeys: Keys, mut records: Vec<&RR>) -> Result<(), ValidationError> where Keys: IntoIterator { for record in records.iter() { @@ -79,82 +63,87 @@ where Keys: IntoIterator { if dnskey.flags & 0b1_0000_0000 == 0 { continue; } if dnskey.alg != sig.alg { continue; } - let mut signed_data = Vec::with_capacity(2048); - signed_data.extend_from_slice(&sig.ty.to_be_bytes()); - signed_data.extend_from_slice(&sig.alg.to_be_bytes()); - signed_data.extend_from_slice(&sig.labels.to_be_bytes()); - signed_data.extend_from_slice(&sig.orig_ttl.to_be_bytes()); - signed_data.extend_from_slice(&sig.expiration.to_be_bytes()); - signed_data.extend_from_slice(&sig.inception.to_be_bytes()); - signed_data.extend_from_slice(&sig.key_tag.to_be_bytes()); - write_name(&mut signed_data, &sig.key_name); + let mut hash_ctx = match sig.alg { + 8 => crypto::hash::Hasher::sha256(), + 10 => crypto::hash::Hasher::sha512(), + 13 => crypto::hash::Hasher::sha256(), + 14 => crypto::hash::Hasher::sha384(), + 15 => crypto::hash::Hasher::sha512(), + _ => return Err(ValidationError::UnsupportedAlgorithm), + }; + + hash_ctx.update(&sig.ty.to_be_bytes()); + hash_ctx.update(&sig.alg.to_be_bytes()); + hash_ctx.update(&sig.labels.to_be_bytes()); + hash_ctx.update(&sig.orig_ttl.to_be_bytes()); + hash_ctx.update(&sig.expiration.to_be_bytes()); + hash_ctx.update(&sig.inception.to_be_bytes()); + hash_ctx.update(&sig.key_tag.to_be_bytes()); + write_name(&mut hash_ctx, &sig.key_name); - records.sort(); + records.sort_unstable(); for record in records.iter() { - let periods = record.name().as_str().chars().filter(|c| *c == '.').count(); + let record_labels = record.name().labels() as usize; let labels = sig.labels.into(); - if periods != 1 && periods != labels { - if periods < labels { return Err(ValidationError::Invalid); } - let signed_name = record.name().as_str().splitn(periods - labels + 1, ".").last(); + // For NSec types, the name should already match the wildcard, so we don't do any + // filtering here. This is relied upon in `verify_rr_stream` to check whether an + // NSec record is matching via wildcard (as otherwise we'd allow a resolver to + // change the name out from under us and change the wildcard to something else). + if record.ty() != NSec::TYPE && record_labels != labels { + if record_labels < labels { return Err(ValidationError::Invalid); } + let signed_name = record.name().trailing_n_labels(sig.labels); debug_assert!(signed_name.is_some()); if let Some(name) = signed_name { - signed_data.extend_from_slice(b"\x01*"); - write_name(&mut signed_data, name); + hash_ctx.update(b"\x01*"); + write_name(&mut hash_ctx, name); } else { return Err(ValidationError::Invalid); } } else { - write_name(&mut signed_data, record.name()); + write_name(&mut hash_ctx, record.name()); } - signed_data.extend_from_slice(&record.ty().to_be_bytes()); - signed_data.extend_from_slice(&1u16.to_be_bytes()); // The INternet class - signed_data.extend_from_slice(&sig.orig_ttl.to_be_bytes()); - record.write_u16_len_prefixed_data(&mut signed_data); + hash_ctx.update(&record.ty().to_be_bytes()); + hash_ctx.update(&1u16.to_be_bytes()); // The INternet class + hash_ctx.update(&sig.orig_ttl.to_be_bytes()); + record.serialize_u16_len_prefixed(&mut hash_ctx); } - match sig.alg { - 8|10 => { - let alg = if sig.alg == 8 { - &signature::RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY - } else { - &signature::RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY - }; - bytes_to_rsa_pk(&dnskey.pubkey).map_err(|_| ValidationError::Invalid)? - .verify(alg, &signed_data, &sig.signature) - .map_err(|_| ValidationError::Invalid)?; - }, - 13|14 => { - let alg = if sig.alg == 13 { - &signature::ECDSA_P256_SHA256_FIXED - } else { - &signature::ECDSA_P384_SHA384_FIXED - }; - - // Add 0x4 identifier to the ECDSA pubkey as expected by ring. - let mut key = Vec::with_capacity(dnskey.pubkey.len() + 1); - key.push(0x4); - key.extend_from_slice(&dnskey.pubkey); - - signature::UnparsedPublicKey::new(alg, &key) - .verify(&signed_data, &sig.signature) - .map_err(|_| ValidationError::Invalid)?; - }, - 15 => { - signature::UnparsedPublicKey::new(&signature::ED25519, &dnskey.pubkey) - .verify(&signed_data, &sig.signature) - .map_err(|_| ValidationError::Invalid)?; - }, + let hash = hash_ctx.finish(); + let sig_validation = match sig.alg { + 8|10 => crypto::rsa::validate_rsa(&dnskey.pubkey, &sig.signature, hash.as_ref()) + .map_err(|_| ValidationError::Invalid), + 13 => crypto::secp256r1::validate_ecdsa(&dnskey.pubkey, &sig.signature, hash.as_ref()) + .map_err(|_| ValidationError::Invalid), + 14 => crypto::secp384r1::validate_ecdsa(&dnskey.pubkey, &sig.signature, hash.as_ref()) + .map_err(|_| ValidationError::Invalid), + // TODO: 15 => ED25519 _ => return Err(ValidationError::UnsupportedAlgorithm), + }; + #[cfg(fuzzing)] { + // When fuzzing, treat any signature starting with a 1 as valid, but only after + // parsing and checking signatures to give that code a chance to panic. + if sig.signature.get(0) == Some(&1) { + return Ok(()); + } } + // Note that technically there could be a key tag collision here, causing spurious + // verification failure. In most zones, there's only 2-4 DNSKEY entries, meaning a + // spurious collision shouldn't be much more often than one every billion zones. Much + // more likely in such a case, someone is just trying to do a KeyTrap attack, so we + // simply hard-fail and return an error immediately. + sig_validation?; + return Ok(()); } } Err(ValidationError::Invalid) } -fn verify_dnskey_rrsig<'a, T, I>(sig: &RRSig, dses: T, records: Vec<&DnsKey>) --> Result<(), ValidationError> -where T: IntoIterator, I: Iterator + Clone { +/// Verify [`RRSig`]s over [`DnsKey`], returning a reference to the [`RRSig`] that matched, if any. +fn verify_dnskeys<'r, 'd, RI, R, DI, D>(sigs: RI, dses: DI, records: Vec<&DnsKey>) +-> Result<&'r RRSig, ValidationError> +where RI: IntoIterator, R: Iterator, + DI: IntoIterator, D: Iterator + Clone { let mut validated_dnskeys = Vec::with_capacity(records.len()); let dses = dses.into_iter(); @@ -176,27 +165,52 @@ where T: IntoIterator, I: Iterator + Clone { for ds in dses.clone() { if ds.alg != dnskey.alg { continue; } if dnskey.key_tag() == ds.key_tag { - let alg = match ds.digest_type { - 1 if trust_sha1 => &ring::digest::SHA1_FOR_LEGACY_USE_ONLY, - 2 => &ring::digest::SHA256, - 4 => &ring::digest::SHA384, + let mut ctx = match ds.digest_type { + 1 if trust_sha1 => crypto::hash::Hasher::sha1(), + 2 => crypto::hash::Hasher::sha256(), + 4 => crypto::hash::Hasher::sha384(), _ => continue, }; - let mut ctx = ring::digest::Context::new(alg); write_name(&mut ctx, &dnskey.name); ctx.update(&dnskey.flags.to_be_bytes()); ctx.update(&dnskey.protocol.to_be_bytes()); ctx.update(&dnskey.alg.to_be_bytes()); ctx.update(&dnskey.pubkey); let hash = ctx.finish(); - if hash.as_ref() == &ds.digest { + if hash.as_ref() == ds.digest { validated_dnskeys.push(*dnskey); break; } } } } - verify_rrsig(sig, validated_dnskeys.iter().map(|k| *k), records) + + let mut found_unsupported_alg = false; + for sig in sigs { + match verify_rrsig(sig, validated_dnskeys.iter().copied(), records.clone()) { + Ok(()) => return Ok(sig), + Err(ValidationError::UnsupportedAlgorithm) => { + // There may be redundant signatures by different keys, where one we don't + // supprt and another we do. Ignore ones we don't support, but if there are + // no more, return UnsupportedAlgorithm + found_unsupported_alg = true; + }, + Err(ValidationError::ValidationCountLimited) => { + debug_assert!(false, "verify_rrsig doesn't internally limit"); + return Err(ValidationError::ValidationCountLimited); + }, + Err(ValidationError::Invalid) => { + // If a signature is invalid, just immediately fail, avoiding KeyTrap issues. + return Err(ValidationError::Invalid); + }, + } + } + + if found_unsupported_alg { + Err(ValidationError::UnsupportedAlgorithm) + } else { + Err(ValidationError::Invalid) + } } /// Given a set of [`RR`]s, [`verify_rr_stream`] checks what it can and returns the set of @@ -206,10 +220,11 @@ where T: IntoIterator, I: Iterator + Clone { /// contained records verified. #[derive(Debug, Clone)] pub struct VerifiedRRStream<'a> { - /// The set of verified [`RR`]s. + /// The set of verified [`RR`]s, not including [`DnsKey`], [`RRSig`], [`NSec`], and [`NSec3`] + /// records. /// /// These are not valid unless the current UNIX time is between [`Self::valid_from`] and - /// [`Self::expiration`]. + /// [`Self::expires`]. pub verified_rrs: Vec<&'a RR>, /// The latest [`RRSig::inception`] of all the [`RRSig`]s validated to verify /// [`Self::verified_rrs`]. @@ -245,6 +260,53 @@ fn resolve_time(time: u32) -> u64 { } } +fn nsec_ord(a: &str, b: &str) -> Ordering { + let mut a_label_iter = a.rsplit('.'); + let mut b_label_iter = b.rsplit('.'); + loop { + match (a_label_iter.next(), b_label_iter.next()) { + (Some(_), None) => return Ordering::Greater, + (None, Some(_)) => return Ordering::Less, + (Some(a_label), Some(b_label)) => { + let mut a_bytes = a_label.bytes(); + let mut b_bytes = b_label.bytes(); + loop { + match (a_bytes.next(), b_bytes.next()) { + (Some(_), None) => return Ordering::Greater, + (None, Some(_)) => return Ordering::Less, + (Some(mut a), Some(mut b)) => { + if a.is_ascii_uppercase() { + a += b'a' - b'A'; + } + if b.is_ascii_uppercase() { + b += b'a' - b'A'; + } + if a != b { return a.cmp(&b); } + }, + (None, None) => break, + } + } + }, + (None, None) => return Ordering::Equal, + } + } +} +fn nsec_ord_extra(a: &(&str, T, U), b: &(&str, T, U)) -> Ordering { + nsec_ord(a.0, b.0) +} + +#[cfg(test)] +#[test] +fn rfc4034_sort_test() { + // Test nsec_ord based on RFC 4034 section 6.1's example + // Note that we replace the \200 example with \7f as I have no idea what \200 is + let v = vec!["example.", "a.example.", "yljkjljk.a.example.", "Z.a.example.", + "zABC.a.EXAMPLE.", "z.example.", "\001.z.example.", "*.z.example.", "\x7f.z.example."]; + let mut sorted = v.clone(); + sorted.sort_unstable_by(|a, b| nsec_ord(*a, *b)); + assert_eq!(sorted, v); +} + /// Verifies the given set of resource records. /// /// Given a set of arbitrary records, this attempts to validate DNSSEC data from the [`root_hints`] @@ -253,17 +315,18 @@ fn resolve_time(time: u32) -> u64 { /// All records which could be validated are returned, though if an error is found validating any /// contained record, only `Err` will be returned. /// -/// You MUST check that the current UNIX time is between [`VerifiedRRStream::latest_inception`] and -/// [`VerifiedRRStream::earliest_expiry`]. +/// You MUST check that the current UNIX time is between [`VerifiedRRStream::valid_from`] and +/// [`VerifiedRRStream::expires`]. pub fn verify_rr_stream<'a>(inp: &'a [RR]) -> Result, ValidationError> { let mut zone = "."; let mut res = Vec::new(); + let mut rrs_needing_non_existence_proofs = Vec::new(); let mut pending_ds_sets = Vec::with_capacity(1); let mut latest_inception = 0; let mut earliest_expiry = u64::MAX; let mut min_ttl = u32::MAX; + let mut rrsig_sets_validated = 0; 'next_zone: while zone == "." || !pending_ds_sets.is_empty() { - let mut found_unsupported_alg = false; let next_ds_set; if let Some((next_zone, ds_set)) = pending_ds_sets.pop() { next_ds_set = Some(ds_set); @@ -273,80 +336,228 @@ pub fn verify_rr_stream<'a>(inp: &'a [RR]) -> Result, Valid next_ds_set = None; } + rrsig_sets_validated += 1; + if rrsig_sets_validated > MAX_PROOF_STEPS { + return Err(ValidationError::ValidationCountLimited); + } + + let dnskey_rrsigs = inp.iter() + .filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None }) + .filter(|rrsig| rrsig.name.as_str() == zone && rrsig.ty == DnsKey::TYPE); + let dnskeys = inp.iter() + .filter_map(|rr| if let RR::DnsKey(dnskey) = rr { Some(dnskey) } else { None }) + .filter(move |dnskey| dnskey.name.as_str() == zone); + let root_hints = root_hints(); + let verified_dnskey_rrsig = if zone == "." { + verify_dnskeys(dnskey_rrsigs, &root_hints, dnskeys.clone().collect())? + } else { + debug_assert!(next_ds_set.is_some()); + if next_ds_set.is_none() { break 'next_zone; } + verify_dnskeys(dnskey_rrsigs, next_ds_set.clone().unwrap(), dnskeys.clone().collect())? + }; + latest_inception = cmp::max(latest_inception, resolve_time(verified_dnskey_rrsig.inception)); + earliest_expiry = cmp::min(earliest_expiry, resolve_time(verified_dnskey_rrsig.expiration)); + min_ttl = cmp::min(min_ttl, verified_dnskey_rrsig.orig_ttl); + for rrsig in inp.iter() .filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None }) - .filter(|rrsig| rrsig.name.as_str() == zone && rrsig.ty == DnsKey::TYPE) + .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.ty != DnsKey::TYPE) { - let dnskeys = inp.iter() - .filter_map(|rr| if let RR::DnsKey(dnskey) = rr { Some(dnskey) } else { None }) - .filter(move |dnskey| dnskey.name.as_str() == zone); - let dnskeys_verified = if zone == "." { - verify_dnskey_rrsig(rrsig, &root_hints(), dnskeys.clone().collect()) - } else { - debug_assert!(next_ds_set.is_some()); - if next_ds_set.is_none() { break 'next_zone; } - verify_dnskey_rrsig(rrsig, next_ds_set.clone().unwrap(), dnskeys.clone().collect()) - }; - if dnskeys_verified.is_ok() { - latest_inception = cmp::max(latest_inception, resolve_time(rrsig.inception)); - earliest_expiry = cmp::min(earliest_expiry, resolve_time(rrsig.expiration)); - min_ttl = cmp::min(min_ttl, rrsig.orig_ttl); - for rrsig in inp.iter() - .filter_map(|rr| if let RR::RRSig(sig) = rr { Some(sig) } else { None }) - .filter(move |rrsig| rrsig.key_name.as_str() == zone && rrsig.ty != DnsKey::TYPE) - { - if !rrsig.name.ends_with(zone) { return Err(ValidationError::Invalid); } - let signed_records = inp.iter() - .filter(|rr| rr.name() == &rrsig.name && rr.ty() == rrsig.ty); - verify_rrsig(rrsig, dnskeys.clone(), signed_records.clone().collect())?; - latest_inception = cmp::max(latest_inception, resolve_time(rrsig.inception)); - earliest_expiry = cmp::min(earliest_expiry, resolve_time(rrsig.expiration)); - min_ttl = cmp::min(min_ttl, rrsig.orig_ttl); - match rrsig.ty { - // RRSigs shouldn't cover child `DnsKey`s or other `RRSig`s - RRSig::TYPE|DnsKey::TYPE => return Err(ValidationError::Invalid), - DS::TYPE => { - if !pending_ds_sets.iter().any(|(pending_zone, _)| pending_zone == &rrsig.name.as_str()) { - pending_ds_sets.push(( - &rrsig.name, - signed_records.filter_map(|rr| - if let RR::DS(ds) = rr { Some(ds) } - else { debug_assert!(false, "We already filtered by type"); None }) - )); - } - }, - _ => { - for record in signed_records { - if !res.contains(&record) { res.push(record); } - } - }, - } + rrsig_sets_validated += 1; + if rrsig_sets_validated > MAX_PROOF_STEPS { + return Err(ValidationError::ValidationCountLimited); + } + + if !rrsig.name.ends_with(zone) { return Err(ValidationError::Invalid); } + let signed_records = inp.iter() + .filter(|rr| rr.name() == &rrsig.name && rr.ty() == rrsig.ty); + match verify_rrsig(rrsig, dnskeys.clone(), signed_records.clone().collect()) { + Ok(()) => {}, + Err(ValidationError::UnsupportedAlgorithm) => continue, + Err(ValidationError::ValidationCountLimited) => { + debug_assert!(false, "verify_rrsig doesn't internally limit"); + return Err(ValidationError::ValidationCountLimited); + }, + Err(ValidationError::Invalid) => { + // If a signature is invalid, just immediately fail, avoiding KeyTrap issues. + return Err(ValidationError::Invalid); } - continue 'next_zone; - } else if dnskeys_verified == Err(ValidationError::UnsupportedAlgorithm) { - // There may be redundant signatures by different keys, where one we don't supprt - // and another we do. Ignore ones we don't support, but if there are no more, - // return UnsupportedAlgorithm - found_unsupported_alg = true; - } else { - // We don't explicitly handle invalid signatures here, instead we move on to the - // next RRSig (if there is one) and return `Invalid` if no `RRSig`s match. + } + latest_inception = cmp::max(latest_inception, resolve_time(rrsig.inception)); + earliest_expiry = cmp::min(earliest_expiry, resolve_time(rrsig.expiration)); + min_ttl = cmp::min(min_ttl, rrsig.orig_ttl); + match rrsig.ty { + // RRSigs shouldn't cover child `DnsKey`s or other `RRSig`s + RRSig::TYPE|DnsKey::TYPE => return Err(ValidationError::Invalid), + DS::TYPE => { + if !pending_ds_sets.iter().any(|(pending_zone, _)| pending_zone == &rrsig.name.as_str()) { + pending_ds_sets.push(( + &rrsig.name, + signed_records.filter_map(|rr| + if let RR::DS(ds) = rr { Some(ds) } + else { debug_assert!(false, "We already filtered by type"); None }) + )); + } + }, + _ => { + if rrsig.labels != rrsig.name.labels() && rrsig.ty != NSec::TYPE { + if rrsig.ty == NSec3::TYPE { + // NSEC3 records should never appear on wildcards, so treat the + // whole proof as invalid + return Err(ValidationError::Invalid); + } + // If the RR used a wildcard, we need an NSEC/NSEC3 proof, which we + // check for at the end. Note that the proof should be for the + // "next closest" name, i.e. if the name here is a.b.c and it was + // signed as *.c, we want a proof for nothing being in b.c. + // Alternatively, if it was signed as *.b.c, we'd want a proof for + // a.b.c. + let proof_name = rrsig.name.trailing_n_labels(rrsig.labels + 1) + .ok_or(ValidationError::Invalid)?; + rrs_needing_non_existence_proofs.push((proof_name, &rrsig.key_name, rrsig.ty)); + } + for record in signed_records { + if !res.contains(&record) { res.push(record); } + } + }, } } - // No RRSigs were able to verify our DnsKey set - if found_unsupported_alg { - return Err(ValidationError::UnsupportedAlgorithm); - } else { - return Err(ValidationError::Invalid); + continue 'next_zone; + } + if res.is_empty() { return Err(ValidationError::Invalid) } + if latest_inception >= earliest_expiry { return Err(ValidationError::Invalid) } + + // First sort the proofs we're looking for so that the retains below avoid shifting. + rrs_needing_non_existence_proofs.sort_unstable_by(nsec_ord_extra); + 'proof_search_loop: while let Some((name, zone, ty)) = rrs_needing_non_existence_proofs.pop() { + let nsec_search = res.iter() + .filter_map(|rr| if let RR::NSec(nsec) = rr { Some(nsec) } else { None }) + .filter(|nsec| nsec.name.ends_with(zone.as_str())); + for nsec in nsec_search { + let name_matches = nsec.name.as_str() == name; + let name_contained = nsec_ord(&nsec.name, name) != Ordering::Greater && + nsec_ord(&nsec.next_name, name) == Ordering::Greater; + if (name_matches && !nsec.types.contains_type(ty)) || name_contained { + rrs_needing_non_existence_proofs + .retain(|(n, _, t)| *n != name || (name_matches && nsec.types.contains_type(*t))); + continue 'proof_search_loop; + } } + let nsec3_search = res.iter() + .filter_map(|rr| if let RR::NSec3(nsec3) = rr { Some(nsec3) } else { None }) + .filter(|nsec3| nsec3.name.ends_with(zone.as_str())); + + // Because we will only ever have two entries, a Vec is simpler than a map here. + let mut nsec3params_to_name_hash = Vec::new(); + for nsec3 in nsec3_search.clone() { + if nsec3.hash_iterations > 2500 { + // RFC 5115 places different limits on the iterations based on the signature key + // length, but we just use 2500 for all key types + continue; + } + if nsec3.hash_algo != 1 { continue; } + if nsec3params_to_name_hash.iter() + .any(|(iterations, salt, _)| *iterations == nsec3.hash_iterations && *salt == &nsec3.salt) + { continue; } + + let mut hasher = crypto::hash::Hasher::sha1(); + write_name(&mut hasher, name); + hasher.update(&nsec3.salt); + for _ in 0..nsec3.hash_iterations { + let res = hasher.finish(); + hasher = crypto::hash::Hasher::sha1(); + hasher.update(res.as_ref()); + hasher.update(&nsec3.salt); + } + nsec3params_to_name_hash.push((nsec3.hash_iterations, &nsec3.salt, hasher.finish())); + + if nsec3params_to_name_hash.len() >= 2 { + // We only allow for up to two sets of hash_iterations/salt per zone. Beyond that + // we assume this is a malicious DoSing proof and give up. + break; + } + } + for nsec3 in nsec3_search { + if nsec3.flags != 0 { + // This is an opt-out NSEC3 (or has unknown flags set). Thus, we shouldn't rely on + // it as proof that some record doesn't exist. + continue; + } + if nsec3.hash_algo != 1 { continue; } + let name_hash = if let Some((_, _, hash)) = + nsec3params_to_name_hash.iter() + .find(|(iterations, salt, _)| *iterations == nsec3.hash_iterations && *salt == &nsec3.salt) + { + hash + } else { continue }; + + let (start_hash_base32, _) = nsec3.name.split_once('.') + .unwrap_or_else(|| { debug_assert!(false); ("", "")}); + let start_hash = if let Ok(start_hash) = base32::decode(start_hash_base32) { + start_hash + } else { continue }; + if start_hash.len() != 20 || nsec3.next_name_hash.len() != 20 { continue; } + + let hash_matches = &start_hash[..] == name_hash.as_ref(); + let hash_contained = + &start_hash[..] <= name_hash.as_ref() && &nsec3.next_name_hash[..] > name_hash.as_ref(); + if (hash_matches && !nsec3.types.contains_type(ty)) || hash_contained { + rrs_needing_non_existence_proofs + .retain(|(n, _, t)| *n != name || (hash_matches && nsec3.types.contains_type(*t))); + continue 'proof_search_loop; + } + } + return Err(ValidationError::Invalid); } - if res.is_empty() { Err(ValidationError::Invalid) } - else if latest_inception >= earliest_expiry { Err(ValidationError::Invalid) } - else { - Ok(VerifiedRRStream { - verified_rrs: res, valid_from: latest_inception, expires: earliest_expiry, - max_cache_ttl: min_ttl, - }) + + res.retain(|rr| rr.ty() != NSec::TYPE && rr.ty() != NSec3::TYPE); + + Ok(VerifiedRRStream { + verified_rrs: res, valid_from: latest_inception, expires: earliest_expiry, + max_cache_ttl: min_ttl, + }) +} + +impl<'a> VerifiedRRStream<'a> { + /// Given a name, resolve any [`CName`] records and return any verified records which were + /// pointed to by the original name. + /// + /// Note that because of [`CName`]s, the [`RR::name`] in the returned records may or may not be + /// equal to `name`. + /// + /// You MUST still check that the current UNIX time is between + /// [`VerifiedRRStream::valid_from`] and [`VerifiedRRStream::expires`] before + /// using any records returned here. + pub fn resolve_name<'b>(&self, name_param: &'b Name) -> Vec<&'a RR> where 'a: 'b { + let mut dname_name; + let mut name = name_param; + loop { + let mut cname_search = self.verified_rrs.iter() + .filter(|rr| rr.name() == name) + .filter_map(|rr| if let RR::CName(cn) = rr { Some(cn) } else { None }); + if let Some(cname) = cname_search.next() { + name = &cname.canonical_name; + continue; + } + + let mut dname_search = self.verified_rrs.iter() + .filter(|rr| name.ends_with(&**rr.name())) + .filter_map(|rr| if let RR::DName(dn) = rr { Some(dn) } else { None }); + if let Some(dname) = dname_search.next() { + let prefix = name.strip_suffix(&*dname.name).expect("We just filtered for this"); + let resolved_name = prefix.to_owned() + &dname.delegation_name; + dname_name = if let Ok(name) = resolved_name.try_into() { + name + } else { + // This should only happen if the combined name ended up being too long + return Vec::new(); + }; + name = &dname_name; + continue; + } + + return self.verified_rrs.iter().filter(|rr| rr.name() == name).copied().collect(); + } } } @@ -373,11 +584,11 @@ mod tests { }]; let dnskey_rrsig = RRSig { name: ".".try_into().unwrap(), ty: DnsKey::TYPE, alg: 8, labels: 0, orig_ttl: 172800, - expiration: 1708473600, inception: 1706659200, key_tag: 20326, key_name: ".".try_into().unwrap(), - signature: base64::decode("ZO8LbjtwAiVkkBzOnGbiI/3ilGUPmmJpagsLSBVbIZRG6o/8a+hUZpIPTvk5ERZ1rAW4x0YxKAU8qtaHQpKIp3qYA6u97DYytVD7RdtXKHmGYAvR6QbD5eVTkCw1Sz705rJxbwt6+YM5OBweSUAy5Glo6JSQPDQwRDwj/bV2fLRhJbvfsBgxqaXJA0SaE/ceyvK8gB2NIaguTJNrztr2TENrHxi86OKOuHYDHthOW0TFoPfr19qj/P2eEC6dYniTVovUwHT7e+Hqrb05dJF4mI4ZjaIb5mFf8i5RehT1aRlnb3CLiwJ01bEjrRBo3xUn5I3PkCnglHhx3EvkO73OzA==").unwrap(), + expiration: 1710201600, inception: 1708387200, key_tag: 20326, key_name: ".".try_into().unwrap(), + signature: base64::decode("GIgwndRLXgt7GX/JNEqSvpYw5ij6EgeQivdC/hmNNuOd2MCQRSxZx2DdLZUoK0tmn2XmOd0vYP06DgkIMUpIXcBstw/Um55WQhvBkBTPIhuB3UvKYJstmq+8hFHWVJwKHTg9xu38JA43VgCV2AbzurbzNOLSgq+rDPelRXzpLr5aYE3y+EuvL+I5gusm4MMajnp5S+ioWOL+yWOnQE6XKoDmlrfcTrYfRSxRtJewPmGeCbNdwEUBOoLUVdkCjQG4uFykcKL40cY8EOhVmM3kXAyuPuNe2Xz1QrIcVad/U4FDns+hd8+W+sWnr8QAtIUFT5pBjXooGS02m6eMdSeU6g==").unwrap(), }; let root_hints = root_hints(); - verify_dnskey_rrsig(&dnskey_rrsig, &root_hints, dnskeys.iter().collect()).unwrap(); + verify_dnskeys([&dnskey_rrsig], &root_hints, dnskeys.iter().collect()).unwrap(); let rrs = vec![dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()]; (dnskeys, rrs) } @@ -390,8 +601,8 @@ mod tests { }]; let ds_rrsig = RRSig { name: "com.".try_into().unwrap(), ty: DS::TYPE, alg: 8, labels: 1, orig_ttl: 86400, - expiration: 1708189200, inception: 1707062400, key_tag: 30903, key_name: ".".try_into().unwrap(), - signature: base64::decode("vwMOBBwqRBdlmGZB+0FKfyMSignEtpYW9sD4TzPW2E+wdbF7O7epR5cmKmvcv0RUJdM0dGC/QmhCfgf/yqw1Xp7TpmPaYzaruW70hjGXZJO2nY3G6stUVe4S7lM2CzHL7nbbpaB5B+iSu6Ua9dZ+nyKrxfB7855HBLCLrHrkMGxWQiEPTallXXS8tEM1Y2XrsuzAQu2vZ2D2ClhFspFbPwwOdw+G6+NsZ8PnIfTkCj6DuKcgbdxjmGaYmw/6hVt9OU3kGCOBaJaEy4LrD8Kwzfu4S7axMwTKP4y4c5Y/E4k/mVAW0cuUtv549HaDfD2V0CvW1bDl6PqRkOiVsqM/lA==").unwrap(), + expiration: 1710133200, inception: 1709006400, key_tag: 30903, key_name: ".".try_into().unwrap(), + signature: base64::decode("WEf7UPqoulxab83nVy/518TpZcC3og0paZ7Lag5iOqGdmGvZnB0yQ42s25iqB/mL6ZU+sSUwYoclcW36Tv/yHgS813T2wOgQ4Jh01aCsjkjvpgpbtnDTxg8bL30LV1obhQhOBFu5SqD4FOMeaV9Fqcff7Z72vC1UdVy0us2Kbhti3uQYrKQlGYcDMlgQAyOE0WEaLT74YfKFTpZvIK0UfUfdUAAiM0Z6PUi7BoyToIN+eKKPvny/+4BP9iVvAOmPMgr+kq/qIWOdsvUaq/S+k7VEPTJEi+i2gODgbMC+3EZZpZie9kv1EEAwGwBtGjE7bLlA1QUbuVeTgczIzrYriQ==").unwrap(), }; verify_rrsig(&ds_rrsig, &root_dnskeys, com_ds.iter().collect()).unwrap(); let dnskeys = vec![DnsKey { @@ -403,15 +614,49 @@ mod tests { }]; let dnskey_rrsig = RRSig { name: "com.".try_into().unwrap(), ty: DnsKey::TYPE, alg: 13, labels: 1, orig_ttl: 86400, - expiration: 1707750155, inception: 1706453855, key_tag: 19718, key_name: "com.".try_into().unwrap(), - signature: base64::decode("ZFGChM7QfJt0QSqVWerWnG5pMjpL1pXyJAmuHe8dHI/olmaNCxm+mqNHv9i3AploFY6JoNtiHmeBiC6zuFj/ZQ==").unwrap(), + expiration: 1710342155, inception: 1709045855, key_tag: 19718, key_name: "com.".try_into().unwrap(), + signature: base64::decode("lF2B9nXZn0CgytrHH6xB0NTva4G/aWvg/ypnSxJ8+ZXlvR0C4974yB+nd2ZWzWMICs/oPYMKoQHqxVjnGyu8nA==").unwrap(), }; - verify_dnskey_rrsig(&dnskey_rrsig, &com_ds, dnskeys.iter().collect()).unwrap(); + verify_dnskeys([&dnskey_rrsig], &com_ds, dnskeys.iter().collect()).unwrap(); let rrs = vec![com_ds.pop().unwrap().into(), ds_rrsig.into(), dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()]; (dnskeys, rrs) } + fn ninja_dnskey() -> (Vec, Vec) { + let root_dnskeys = root_dnskey().0; + let mut ninja_ds = vec![DS { + name: "ninja.".try_into().unwrap(), key_tag: 46082, alg: 8, digest_type: 2, + digest: Vec::from_hex("C8F816A7A575BDB2F997F682AAB2653BA2CB5EDDB69B036A30742A33BEFAF141").unwrap(), + }]; + let ds_rrsig = RRSig { + name: "ninja.".try_into().unwrap(), ty: DS::TYPE, alg: 8, labels: 1, orig_ttl: 86400, + expiration: 1710133200, inception: 1709006400, key_tag: 30903, key_name: ".".try_into().unwrap(), + signature: base64::decode("4fLiekxJy1tHW3sMzmPA/i4Mn6TYoCHDKbcvk3t3N6IXMkACSgU+6P5NxSMxo5Xa7YL5UuE1ICDKxel5o5WzyvjaRQA//hZomjwnCzqyG2XoS6Va8cULSOA5jOU153NSCvos39iHeJnuPINzbMAfsKcg6Ib/IDmNnpouQF53hQzVy+5MGLlGPUZjSO6b4GIslyKpLG0tBLKXM5rZXREPJClEY+LWKOtAS1iARqdsWmSnKxZCpgnEjmkqJBtjCus+s6AtMteBHIFyebwA7oUDNtJ3Im1dO5b6sUoGP8gUgnqdFELSLEeEhKYKpO+jSruI8g/gjNIb5C9vDwAtcSoAew==").unwrap(), + }; + verify_rrsig(&ds_rrsig, &root_dnskeys, ninja_ds.iter().collect()).unwrap(); + let dnskeys = vec![DnsKey { + name: "ninja.".try_into().unwrap(), flags: 256, protocol: 3, alg: 8, + pubkey: base64::decode("AwEAAb6FWe0O0qxUkA+LghF71OPWt0WNqBaCi34HCV6Agjz70RN/j7yGi3xCExM8MkzyrbXd5yYFP4X7TCGEzI5ofLNq7GVIj9laZO0WYS8DNdCMN7qkVVaYeR2UeeGsdvIJqRWzlynABAKnCzX+y5np77FBsle4cAIGxJE/0F5kn61F").unwrap(), + }, DnsKey { + name: "ninja.".try_into().unwrap(), flags: 256, protocol: 3, alg: 8, + pubkey: base64::decode("AwEAAZlkeshgX2Q9i/X4zZMc2ciKO2a3+mOiOCuYHYbwt/43XXdcHdjtOUrWFFJkGBBWsHQZ/Bg0CeUGqvUGywd3ndY5IAX+e7PnuIUlhKDcNmntcQbxhrH+cpmOoB3Xo/96JoVjurPxTuJE23I1oA+0aESc581f4pKEbTp4WI7m5xNn").unwrap(), + }, DnsKey { + name: "ninja.".try_into().unwrap(), flags: 257, protocol: 3, alg: 8, + pubkey: base64::decode("AwEAAcceTJ3Ekkmiez70L8uNVrTDrHZxXHrQHEHQ1DJZDRXDxizuSy0prDXy1yybMqcKAkPL0IruvJ9vHg5j2eHN/hM8RVqCQ1wHgLdQASyUL37VtmLuyNmuiFpYmT+njXVh/tzRHZ4cFxrLAtACWDe6YaPApnVkJ0FEcMnKCQaymBaLX02WQOYuG3XdBr5mQQTtMs/kR/oh83QBcSxyCg3KS7G8IPP6MQPK0za94gsW9zlI5rgN2gpSjbU2qViGjDhw7N3PsC37PLTSLirUmkufeMkP9sfhDjAbP7Nv6FmpTDAIRmBmV0HBT/YNBTUBP89DmEDsrYL8knjkrOaLqV5wgkk=").unwrap(), + }]; + let dnskey_rrsig = RRSig { + name: "ninja.".try_into().unwrap(), ty: DnsKey::TYPE, alg: 8, labels: 1, orig_ttl: 3600, + expiration: 1710689605, inception: 1708871605, key_tag: 46082, key_name: "ninja.".try_into().unwrap(), + signature: base64::decode("kYxV1z+9Ikxqbr13N+8HFWWnAUcvHkr/dmkdf21mliUhH4cxeYCXC6a95X+YzjYQEQi3fU+S346QBDJkbFYCca5q/TzUdE7ej1B/0uTzhgNrQznm0O6sg6DI3HuqDfZp2oaBQm2C/H4vjkcUW9zxgKP8ON0KKLrZUuYelGazeGSOscjDDlmuNMD7tHhFrmK9BiiX+8sp8Cl+IE5ArP+CPXsII+P+R2QTmTqw5ovJch2FLRMRqCliEzTR/IswBI3FfegZR8h9xJ0gfyD2rDqf6lwJhD1K0aS5wxia+bgzpRIKwiGfP87GDYzkygHr83QbmZS2YG1nxlnQ2rgkqTGgXA==").unwrap(), + }; + verify_dnskeys([&dnskey_rrsig], &ninja_ds, dnskeys.iter().collect()).unwrap(); + let rrs = vec![ninja_ds.pop().unwrap().into(), ds_rrsig.into(), + dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskeys[2].clone().into(), + dnskey_rrsig.into()]; + (dnskeys, rrs) + } + fn mattcorallo_dnskey() -> (Vec, Vec) { let com_dnskeys = com_dnskey().0; let mut mattcorallo_ds = vec![DS { @@ -420,8 +665,8 @@ mod tests { }]; let ds_rrsig = RRSig { name: "mattcorallo.com.".try_into().unwrap(), ty: DS::TYPE, alg: 13, labels: 2, orig_ttl: 86400, - expiration: 1707631252, inception: 1707022252, key_tag: 4534, key_name: "com.".try_into().unwrap(), - signature: base64::decode("M7Fk+CjfLz6hRsY5iSuw5bwc2OqlS3XtKH8FDs7lcbhEiR63n+DzOF0I8L+3k06SXFnE89uuofQECzWmAyef6Q==").unwrap(), + expiration: 1709359258, inception: 1708750258, key_tag: 4534, key_name: "com.".try_into().unwrap(), + signature: base64::decode("VqYztN78+g170QPeFOqWFkU1ZrKIsndUYj3Y+8x1ZR1v/YGJXLQe5qkcLWjrl/vMyCgknC3Q/dhcS2ag0a7W1w==").unwrap(), }; verify_rrsig(&ds_rrsig, &com_dnskeys, mattcorallo_ds.iter().collect()).unwrap(); let dnskeys = vec![DnsKey { @@ -430,15 +675,19 @@ mod tests { }, DnsKey { name: "mattcorallo.com.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13, pubkey: base64::decode("AhUlQ8qk7413R0m4zKfTDHb/FQRlKag+ncGXxNxT+qTzSZTb9E5IGjo9VCEp6+IMqqpkd4GrXpN9AzDvlcU9Ig==").unwrap(), + }, DnsKey { + name: "mattcorallo.com.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13, + pubkey: base64::decode("s165ZpubX31FC2CVeIVVvnPpTnJUoOM8CGt3wk4AtxPftYadgI8uFM43F4QaD67v8B8Vshl63frxN50dc44VHQ==").unwrap(), }]; let dnskey_rrsig = RRSig { name: "mattcorallo.com.".try_into().unwrap(), ty: DnsKey::TYPE, alg: 13, labels: 2, orig_ttl: 604800, - expiration: 1708278650, inception: 1707063650, key_tag: 25630, key_name: "mattcorallo.com.".try_into().unwrap(), - signature: base64::decode("nyVDwG+la8d5dyWgB7m+H3BQwCvTWLQ/kAqNruMzdLmn9B3VC9u/rvM/ortEu0WPbA1FZWJbRKpF1Ohkj3ltNw==").unwrap(), + expiration:1710262250, inception: 1709047250, key_tag: 25630, key_name: "mattcorallo.com.".try_into().unwrap(), + signature: base64::decode("dMLDvNU96m+tfgpDIQPxMBJy7T0xyZDj3Wws4b4E6+g3nt5iULdWJ8Eqrj+86KLerOVt7KH4h/YcHP18hHdMGA==").unwrap(), }; - verify_dnskey_rrsig(&dnskey_rrsig, &mattcorallo_ds, dnskeys.iter().collect()).unwrap(); + verify_dnskeys([&dnskey_rrsig], &mattcorallo_ds, dnskeys.iter().collect()).unwrap(); let rrs = vec![mattcorallo_ds.pop().unwrap().into(), ds_rrsig.into(), - dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()]; + dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskeys[2].clone().into(), + dnskey_rrsig.into()]; (dnskeys, rrs) } @@ -449,144 +698,275 @@ mod tests { }; let txt_rrsig = RRSig { name: "matt.user._bitcoin-payment.mattcorallo.com.".try_into().unwrap(), - ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 3600, expiration: 1708123318, - inception: 1706908318, key_tag: 47959, key_name: "mattcorallo.com.".try_into().unwrap(), - signature: base64::decode("mgU6iwyMWO0w9nj2Gmt1+RmaIJIU3KO7DWVZiCD1bmU9e9zNefXCtnWOC2HtwjUsn/QYkWluvuSfYpBrt1IjpQ==").unwrap(), + ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 3600, expiration: 1710182540, + inception: 1708967540, key_tag: 47959, key_name: "mattcorallo.com.".try_into().unwrap(), + signature: base64::decode("vwI89CkCzWI2Iwgl3UeiSo4GKSaKCh7/E/7nE8Hbb1WQvdpwdKSB6jE4nwM1BN4wdPhi7kxd7hyS/uGiKZjxsg==").unwrap(), }; (txt_resp, txt_rrsig) } - fn matcorallo_dnskey() -> (Vec, Vec) { - let com_dnskeys = com_dnskey().0; - let mut matcorallo_ds = vec![DS { - name: "matcorallo.com.".try_into().unwrap(), key_tag: 24930, alg: 13, digest_type: 2, - digest: Vec::from_hex("693E990CBB1CE1095E387092D3C04BCE907C008891F32A88D41D3ECB129E5E23").unwrap(), + fn bitcoin_ninja_dnskey() -> (Vec, Vec) { + let ninja_dnskeys = ninja_dnskey().0; + let mut bitcoin_ninja_ds = vec![DS { + name: "bitcoin.ninja.".try_into().unwrap(), key_tag: 63175, alg: 13, digest_type: 2, + digest: Vec::from_hex("D554267D7F730B9602BF4436F46BB967EFE3C4202CA7F082F2D5DD24DF4EBDED").unwrap(), }]; let ds_rrsig = RRSig { - name: "matcorallo.com.".try_into().unwrap(), ty: DS::TYPE, alg: 13, labels: 2, orig_ttl: 86400, - expiration: 1707628636, inception: 1707019636, key_tag: 4534, key_name: "com.".try_into().unwrap(), - signature: base64::decode("l9b+DhtnJSIzR6y4Bwx+0L9kep77UNCBoTg74RTSL6oMrQd8w4OobHxzwDyXqnLfyxVP18V+AnQp4DdJ2nUW1g==").unwrap(), + name: "bitcoin.ninja.".try_into().unwrap(), ty: DS::TYPE, alg: 8, labels: 2, orig_ttl: 3600, + expiration: 1710689605, inception: 1708871605, key_tag: 34164, key_name: "ninja.".try_into().unwrap(), + signature: base64::decode("g/Xyv6cwrGlpEyhXDV1vdKpoy9ZH7HF6MK/41q0GyCrd9wL8BrzKQgwvLqOBhvfUWACJd66CJpEMZnSwH8ZDEcWYYsd8nY2giGX7In/zGz+PA35HlFqy2BgvQcWCaN5Ht/+BUTgZXHbJBEko1iWLZ1yhciD/wA+XTqS7ScQUu88=").unwrap(), }; - verify_rrsig(&ds_rrsig, &com_dnskeys, matcorallo_ds.iter().collect()).unwrap(); + verify_rrsig(&ds_rrsig, &ninja_dnskeys, bitcoin_ninja_ds.iter().collect()).unwrap(); let dnskeys = vec![DnsKey { - name: "matcorallo.com.".try_into().unwrap(), flags: 257, protocol: 3, alg: 13, - pubkey: base64::decode("pfO3ow3SrKhLS7AMEi3b5W9P28nCOB9vryxfSXhqMcXFP1x9V4xAt0/JLr0zNodsqRD/8d9Yhu4Wf3hnSlaavw==").unwrap(), + name: "bitcoin.ninja.".try_into().unwrap(), flags: 257, protocol: 3, alg: 13, + pubkey: base64::decode("0lIZI5BH7kk75R/+1RMReQE0J2iQw0lY2aQ6eCM7F1E9ZMNcIGC1cDl5+FcAU1mP8F3Ws2FjgvCC0S2q8OBF2Q==").unwrap(), }, DnsKey { - name: "matcorallo.com.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13, - pubkey: base64::decode("OO6LQTV1mnRsFgn6YQoyeo/SDqS3eajfVv8WGQVnuSYO/bTS9St1tJiox2fgU6wRWDU3chhjz1Pj0unKUAQKig==").unwrap(), + name: "bitcoin.ninja.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13, + pubkey: base64::decode("zbm2rKgzXDtRFV0wFmnlUMdOXWcNKEjGIHsZ7bAnTzbh7TJEzPctSttCaTvdaORxLL4AiOk+VG2iXnL2UuC/xQ==").unwrap(), }]; let dnskey_rrsig = RRSig { - name: "matcorallo.com.".try_into().unwrap(), ty: DnsKey::TYPE, alg: 13, labels: 2, orig_ttl: 604800, - expiration: 1708309135, inception: 1707094135, key_tag: 24930, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("2MKg3bTn9zf4ThwCoKRFadqD6l1D6SuLksRieKxFC0QQnzUOCRgZSK2/IlT0DMEoM0+mGrJZo7UG79UILMGUyg==").unwrap(), + name: "bitcoin.ninja.".try_into().unwrap(), ty: DnsKey::TYPE, alg: 13, labels: 2, orig_ttl: 604800, + expiration: 1709947337, inception: 1708732337, key_tag: 63175, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("Y3To5FZoZuBDUMtIBZXqzRtufyRqOlDqbHVcoZQitXxerCgNQ1CsVdmoFVMmZqRV5n4itINX2x+9G/31j410og==").unwrap(), }; - verify_dnskey_rrsig(&dnskey_rrsig, &matcorallo_ds, dnskeys.iter().collect()).unwrap(); - let rrs = vec![matcorallo_ds.pop().unwrap().into(), ds_rrsig.into(), + verify_dnskeys([&dnskey_rrsig], &bitcoin_ninja_ds, dnskeys.iter().collect()).unwrap(); + let rrs = vec![bitcoin_ninja_ds.pop().unwrap().into(), ds_rrsig.into(), dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()]; (dnskeys, rrs) } - fn matcorallo_txt_record() -> (Txt, RRSig) { + fn bitcoin_ninja_txt_record() -> (Txt, RRSig) { let txt_resp = Txt { - name: "txt_test.matcorallo.com.".try_into().unwrap(), + name: "txt_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "dnssec_prover_test".to_owned().into_bytes(), }; let txt_rrsig = RRSig { - name: "txt_test.matcorallo.com.".try_into().unwrap(), - ty: Txt::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708319203, - inception: 1707104203, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("4vaE5Jex2VvIT39JpuMNT7Ds7O0OfzTik5f8WcRRxO0IJnGAO16syAsNUkNkNqsMYknnjHDF0lI4agszgzdpsw==").unwrap(), + name: "txt_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: Txt::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937, + inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("S5swe6BMTqwLBU6FH2D50j5A9i5hzli79Vlf5xB515s6YhmcqodbPZnFlN49RdBE43PKi9MJcXpHTiBxvTYBeQ==").unwrap(), }; (txt_resp, txt_rrsig) } - fn matcorallo_cname_record() -> (CName, RRSig) { + fn bitcoin_ninja_cname_record() -> (CName, RRSig) { let cname_resp = CName { - name: "cname_test.matcorallo.com.".try_into().unwrap(), - canonical_name: "txt_test.matcorallo.com.".try_into().unwrap(), + name: "cname_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + canonical_name: "txt_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), }; let cname_rrsig = RRSig { - name: "cname_test.matcorallo.com.".try_into().unwrap(), - ty: CName::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708319203, - inception: 1707104203, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("5HIrmEotbVb95umE6SX3NrPboKsthdcY8b7DdaYQZzm0Nj5m2VgcfOmEPJYS8o1xE4GvGGF4sdfSy3Uw7TibBg==").unwrap(), + name: "cname_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: CName::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937, + inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("S8AYftjBADKutt4XKVzqfY7EpvbanpwOGhMDk0lEDFpvNRjl0fZ1k/FEW6AXSUyX2wOaX8hvwXUuZjpr5INuMw==").unwrap(), }; (cname_resp, cname_rrsig) } - fn matcorallo_wildcard_record() -> (Txt, RRSig) { - let txt_resp = Txt { - name: "test.wildcard_test.matcorallo.com.".try_into().unwrap(), - data: "wildcard_test".to_owned().into_bytes(), - }; - let txt_rrsig = RRSig { - name: "test.wildcard_test.matcorallo.com.".try_into().unwrap(), - ty: Txt::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708321778, - inception: 1707106778, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("vdnXunPY4CnbW/BL8VOOR9o33+dqyKA/4h+u5VM7NjB30Shp8L8gL5UwE0k7TKRNgHC8j3TqEPEmNMIHz87Z4Q==").unwrap(), - }; - (txt_resp, txt_rrsig) - } - - fn matcorallo_cname_wildcard_record() -> (CName, RRSig, Txt, RRSig) { - let cname_resp = CName { - name: "test.cname_wildcard_test.matcorallo.com.".try_into().unwrap(), - canonical_name: "cname.wildcard_test.matcorallo.com.".try_into().unwrap(), - }; - let txt_resp = Txt { - name: "cname.wildcard_test.matcorallo.com.".try_into().unwrap(), - data: "wildcard_test".to_owned().into_bytes(), - }; - let cname_rrsig = RRSig { - name: "test.cname_wildcard_test.matcorallo.com.".try_into().unwrap(), - ty: CName::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708322050, - inception: 1707107050, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("JfJuSemF5dtQYxEw6eKL4IRP8BaDt6FtbtdpZ6HjODTDflhKQRhBEbwT7kwceKPAq18q5sWHFV1bMTqE/F3WLw==").unwrap(), - }; - let txt_rrsig = RRSig { - name: "cname.wildcard_test.matcorallo.com.".try_into().unwrap(), - ty: Txt::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708321778, - inception: 1707106778, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("vdnXunPY4CnbW/BL8VOOR9o33+dqyKA/4h+u5VM7NjB30Shp8L8gL5UwE0k7TKRNgHC8j3TqEPEmNMIHz87Z4Q==").unwrap(), - }; - (cname_resp, cname_rrsig, txt_resp, txt_rrsig) - } - - fn matcorallo_txt_sort_edge_cases_records() -> (Vec, RRSig) { + fn bitcoin_ninja_txt_sort_edge_cases_records() -> (Vec, RRSig) { let txts = vec![Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabaa".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaba".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa".to_owned().into_bytes(), }, Txt { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), data: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaba".to_owned().into_bytes(), }]; let rrsig = RRSig { - name: "txt_sort_order.matcorallo.com.".try_into().unwrap(), - ty: Txt::TYPE, alg: 13, labels: 3, orig_ttl: 30, expiration: 1708449632, - inception: 1707234632, key_tag: 34530, key_name: "matcorallo.com.".try_into().unwrap(), - signature: base64::decode("elAhELwzkGpUMvzeiYZpg1+yRFPjmOeEd1ir1vYx2Dku9kzsXmAlejOYDPWdaJ6ekvHdMejCN/MtyI+iFAYqsw==").unwrap(), + name: "txt_sort_order.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: Txt::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937, + inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("kUKbtoNYM6qnu95QJoyUwtzZoMTcRVfNfIIqSwROLdMYqqq70REjCu99ecjOW/Zm2XRsJ9KgGBB/SuiBdunLew==").unwrap(), }; (txts, rrsig) } + /// Note that the NSEC3 proofs here are for asdf., any other prefix may fail NSEC checks. + fn bitcoin_ninja_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec3, RRSig) { + let name: Name = (pfx.to_owned() + ".wildcard_test.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap(); + let txt_resp = Txt { + name: name.clone(), + data: "wildcard_test".to_owned().into_bytes(), + }; + let txt_rrsig = RRSig { + name: name.clone(), + ty: Txt::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937, + inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("Y+grWXzbZfrcoHRZC9kfRzWp002jZzBDmpSQx6qbUgN0x3aH9kZIOVy0CtQH2vwmLUxoJ+RlezgunNI6LciBzQ==").unwrap(), + }; + let nsec3 = NSec3 { + name: "s5sn15c8lcpo7v7f1p0ms6vlbdejt0kd.bitcoin.ninja.".try_into().unwrap(), + hash_algo: 1, flags: 0, hash_iterations: 0, salt: Vec::from_hex("059855BD1077A2EB").unwrap(), + next_name_hash: crate::base32::decode("T8QO5GO6M76HBR5Q6T3G6BDR79KBMDSA").unwrap(), + types: NSecTypeMask::from_types(&[AAAA::TYPE, RRSig::TYPE]), + }; + let nsec3_rrsig = RRSig { + name: "s5sn15c8lcpo7v7f1p0ms6vlbdejt0kd.bitcoin.ninja.".try_into().unwrap(), + ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710267741, + inception: 1709052741, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("Aiz6My3goWQuIIw/XNUo+kICsp9e4C5XUUs/0Ap+WIEFJsaN/MPGegiR/c5GUGdtHt1GdeP9CU3H1OGkN9MpWQ==").unwrap(), + }; + (txt_resp, txt_rrsig, nsec3, nsec3_rrsig) + } + + fn bitcoin_ninja_cname_wildcard_record() -> (CName, RRSig, Txt, RRSig, [(NSec3, RRSig); 3]) { + let cname_resp = CName { + name: "asdf.cname_wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + canonical_name: "cname.wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + }; + let cname_rrsig = RRSig { + name: "asdf.cname_wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: CName::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937, + inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("qR/zy8JyihI4qCAMwn7jGU6FARW/Hl8/u+cajef9raKs5aOxnZpCrp19Tot9qPG6px9PzqaghAIP1EmxfgxtRQ==").unwrap(), + }; + let nsec3_a = NSec3 { + name: "2tn37cu4ulmlqqke9a3dc9g8bt8b4f6s.bitcoin.ninja.".try_into().unwrap(), + hash_algo: 1, flags: 0, hash_iterations: 0, + salt: Vec::from_hex("059855BD1077A2EB").unwrap(), + next_name_hash: crate::base32::decode("4OKFHSHS41D00EDL0HNPMT7R6IKMJ48H").unwrap(), + types: NSecTypeMask::from_types(&[DName::TYPE, RRSig::TYPE]), + }; + let nsec3_a_rrsig = RRSig { + name: "2tn37cu4ulmlqqke9a3dc9g8bt8b4f6s.bitcoin.ninja.".try_into().unwrap(), + ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710266541, + inception: 1709051541, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("tSsPsYIf1o5+piUZX9YwcWKSZgVQOB37TRdb+VL0PmcPaLpzFGJCwU0snn8tMN/BuILG+KZY+UPmAEZZFz4Fvg==").unwrap(), + }; + let nsec3_b = NSec3 { + name: "cjqf7lfu6ev77k9m2o6iih56kbfnshin.bitcoin.ninja.".try_into().unwrap(), + hash_algo: 1, flags: 0, hash_iterations: 0, + salt: Vec::from_hex("059855BD1077A2EB").unwrap(), + next_name_hash: crate::base32::decode("DD3MT23L63OIHQPIMA5O2NULSVIGIJ3N").unwrap(), + types: NSecTypeMask::from_types(&[A::TYPE, AAAA::TYPE, RRSig::TYPE]), + }; + let nsec3_b_rrsig = RRSig { + name: "cjqf7lfu6ev77k9m2o6iih56kbfnshin.bitcoin.ninja.".try_into().unwrap(), + ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710238940, + inception: 1709023940, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("CtYriOUI6RzoIG3SigHbBYiTkrEvmSEvP+aOLo1wylqkbBT2iG7pK8VNucKETqMZCROLnmRBw8DHK/8rosKYsA==").unwrap(), + }; + let (txt_resp, txt_rrsig, nsec3_c, nsec3_c_rrsig) = bitcoin_ninja_wildcard_record("asdf"); + (cname_resp, cname_rrsig, txt_resp, txt_rrsig, + [(nsec3_a, nsec3_a_rrsig), (nsec3_b, nsec3_b_rrsig), (nsec3_c, nsec3_c_rrsig)]) + } + + fn bitcoin_ninja_nsec_dnskey() -> (Vec, Vec) { + let bitcoin_ninja_dnskeys = bitcoin_ninja_dnskey().0; + let mut bitcoin_ninja_ds = vec![DS { + name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + key_tag: 8036, alg: 13, digest_type: 2, + digest: Vec::from_hex("8EC0DAE4501233979196EBED206212BCCC49E40E086EC2E56558EC1F6FB62715").unwrap(), + }]; + let ds_rrsig = RRSig { + name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: DS::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1710190967, inception: 1708975967, + key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("qUexI1yufru0lzkND4uY1r8bsXrXnMVNjPxTLbLauRo/+YW041w9wFu4sl2/cqq3psWvGcBVTltwIdjDJQUcZQ==").unwrap(), + }; + verify_rrsig(&ds_rrsig, &bitcoin_ninja_dnskeys, bitcoin_ninja_ds.iter().collect()).unwrap(); + let dnskeys = vec![DnsKey { + name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), flags: 257, protocol: 3, alg: 13, + pubkey: base64::decode("MUnIhm31ySIr9WXIBVQc38wlSHHvYaKIOFR8WYl4O9MJBlywWeUdx16oGinCe2FjjMkUkKn9kV5zzWhGmrdIbQ==").unwrap(), + }, DnsKey { + name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13, + pubkey: base64::decode("GGZP8k44sro2iTzWKFoHOnbvrAhNiQv+Ng2hr0WNyb24aA5rLYLFac3N7B82xRU2odd60utYJkmU0yA//zyOzw==").unwrap(), + }]; + let dnskey_rrsig = RRSig { + name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: DnsKey::TYPE, alg: 13, labels: 4, orig_ttl: 604800, expiration: 1710190613, inception: 1708975613, + key_tag: 8036, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("nX+hkH14Kvjp26Z8x/pjYh5CQW3p9lZQQ+FVJcKHyfjAilEubpw6ihlPpb3Ddh9BbyxhCEFhXDMG2g4od9Y2ow==").unwrap(), + }; + verify_dnskeys([&dnskey_rrsig], &bitcoin_ninja_ds, dnskeys.iter().collect()).unwrap(); + let rrs = vec![bitcoin_ninja_ds.pop().unwrap().into(), ds_rrsig.into(), + dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()]; + (dnskeys, rrs) + } + + fn bitcoin_ninja_nsec_record() -> (Txt, RRSig) { + let txt_resp = Txt { + name: "a.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + data: "txt_a".to_owned().into_bytes(), + }; + let txt_rrsig = RRSig { + name: "a.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710201091, inception: 1708986091, + key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("rhDcZvSk4ngyDmMif3oBmoDMO1YoimRrvOp/ErlSaujN+OCMKocgWkssedQCx7hyLxwsFLvaaiNXCr/7ZaSe4Q==").unwrap(), + }; + (txt_resp, txt_rrsig) + } + + fn bitcoin_ninja_nsec_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec, RRSig) { + let name: Name = (pfx.to_owned() + ".wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap(); + let txt_resp = Txt { + name: name.clone(), + data: "wildcard_test".to_owned().into_bytes(), + }; + let txt_rrsig = RRSig { + name: name.clone(), + ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710190613, inception: 1708975613, + key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("E3+tEe5TxI8OSNP+LVHsOagjQ/9heD6a4ICYBgS8mkfRuqgFeXhz22n4f2LzssdXe1xzwayt7nROdHdqdfHDYg==").unwrap(), + }; + let nsec = NSec { + name: "*.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + next_name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + types: NSecTypeMask::from_types(&[Txt::TYPE, RRSig::TYPE, NSec::TYPE]), + }; + let nsec_rrsig = RRSig { + name: "*.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: NSec::TYPE, alg: 13, labels: 5, orig_ttl: 60, expiration: 1710191561, inception: 1708976561, + key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("ZjQMw1dt1a61d4ls3pMkCnBiWRaMyAwn6UapRaYNtdA8cTbbqbhzJZCvc6ZBhZ90CzxCYR0h/eavowlF1j53Gg==").unwrap(), + }; + (txt_resp, txt_rrsig, nsec, nsec_rrsig) + } + + fn bitcoin_ninja_nsec_post_override_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec, RRSig) { + let name: Name = (pfx.to_owned() + ".wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap(); + let txt_resp = Txt { + name: name.clone(), + data: "wildcard_test".to_owned().into_bytes(), + }; + let txt_rrsig = RRSig { + name: name.clone(), + ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710190613, inception: 1708975613, + key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("E3+tEe5TxI8OSNP+LVHsOagjQ/9heD6a4ICYBgS8mkfRuqgFeXhz22n4f2LzssdXe1xzwayt7nROdHdqdfHDYg==").unwrap(), + }; + let nsec = NSec { + name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + next_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + types: NSecTypeMask::from_types(&[Txt::TYPE, RRSig::TYPE, NSec::TYPE]), + }; + let nsec_rrsig = RRSig { + name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + ty: NSec::TYPE, alg: 13, labels: 6, orig_ttl: 60, expiration: 1710201063, inception: 1708986063, + key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), + signature: base64::decode("pBNXnNPR0fiGEtkm/0PlnDW830JWv8KgnyhnOit6wLHtiWoLhMiS48utji3FbTfelCnePjbLh/t7SF941O2QTA==").unwrap(), + }; + (txt_resp, txt_rrsig, nsec, nsec_rrsig) + } + #[test] fn check_txt_record_a() { let dnskeys = mattcorallo_dnskey().0; @@ -612,23 +992,23 @@ mod tests { assert_eq!(txt.name.as_str(), "matt.user._bitcoin-payment.mattcorallo.com."); assert_eq!(txt.data, b"bitcoin:?b12=lno1qsgqmqvgm96frzdg8m0gc6nzeqffvzsqzrxqy32afmr3jn9ggkwg3egfwch2hy0l6jut6vfd8vpsc3h89l6u3dm4q2d6nuamav3w27xvdmv3lpgklhg7l5teypqz9l53hj7zvuaenh34xqsz2sa967yzqkylfu9xtcd5ymcmfp32h083e805y7jfd236w9afhavqqvl8uyma7x77yun4ehe9pnhu2gekjguexmxpqjcr2j822xr7q34p078gzslf9wpwz5y57alxu99s0z2ql0kfqvwhzycqq45ehh58xnfpuek80hw6spvwrvttjrrq9pphh0dpydh06qqspp5uq4gpyt6n9mwexde44qv7lstzzq60nr40ff38u27un6y53aypmx0p4qruk2tf9mjwqlhxak4znvna5y"); } else { panic!(); } - assert_eq!(verified_rrs.valid_from, 1707063650); // The TXT record RRSig was created last - assert_eq!(verified_rrs.expires, 1707631252); // The mattcorallo.com DS RRSig expires first + assert_eq!(verified_rrs.valid_from, 1709047250); // The mattcorallo.com. DNSKEY RRSig was created last + assert_eq!(verified_rrs.expires, 1709359258); // The mattcorallo.com. DS RRSig expires first assert_eq!(verified_rrs.max_cache_ttl, 3600); // The TXT record had the shortest TTL } #[test] fn check_txt_record_b() { - let dnskeys = matcorallo_dnskey().0; - let (txt, txt_rrsig) = matcorallo_txt_record(); + let dnskeys = bitcoin_ninja_dnskey().0; + let (txt, txt_rrsig) = bitcoin_ninja_txt_record(); let txt_resp = [txt]; verify_rrsig(&txt_rrsig, &dnskeys, txt_resp.iter().collect()).unwrap(); } #[test] fn check_cname_record() { - let dnskeys = matcorallo_dnskey().0; - let (cname, cname_rrsig) = matcorallo_cname_record(); + let dnskeys = bitcoin_ninja_dnskey().0; + let (cname, cname_rrsig) = bitcoin_ninja_cname_record(); let cname_resp = [cname]; verify_rrsig(&cname_rrsig, &dnskeys, cname_resp.iter().collect()).unwrap(); } @@ -638,13 +1018,14 @@ mod tests { let mut rr_stream = Vec::new(); for rr in root_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } for rr in com_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } for rr in mattcorallo_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } let (txt, txt_rrsig) = mattcorallo_txt_record(); for rr in [RR::Txt(txt), RR::RRSig(txt_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } - for rr in matcorallo_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - let (txt, txt_rrsig) = matcorallo_txt_record(); + for rr in bitcoin_ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + let (txt, txt_rrsig) = bitcoin_ninja_txt_record(); for rr in [RR::Txt(txt), RR::RRSig(txt_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } - let (cname, cname_rrsig) = matcorallo_cname_record(); + let (cname, cname_rrsig) = bitcoin_ninja_cname_record(); for rr in [RR::CName(cname), RR::RRSig(cname_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } let mut rrs = parse_rr_stream(&rr_stream).unwrap(); @@ -657,19 +1038,36 @@ mod tests { assert_eq!(txt.data, b"bitcoin:?b12=lno1qsgqmqvgm96frzdg8m0gc6nzeqffvzsqzrxqy32afmr3jn9ggkwg3egfwch2hy0l6jut6vfd8vpsc3h89l6u3dm4q2d6nuamav3w27xvdmv3lpgklhg7l5teypqz9l53hj7zvuaenh34xqsz2sa967yzqkylfu9xtcd5ymcmfp32h083e805y7jfd236w9afhavqqvl8uyma7x77yun4ehe9pnhu2gekjguexmxpqjcr2j822xr7q34p078gzslf9wpwz5y57alxu99s0z2ql0kfqvwhzycqq45ehh58xnfpuek80hw6spvwrvttjrrq9pphh0dpydh06qqspp5uq4gpyt6n9mwexde44qv7lstzzq60nr40ff38u27un6y53aypmx0p4qruk2tf9mjwqlhxak4znvna5y"); } else { panic!(); } if let RR::Txt(txt) = &verified_rrs.verified_rrs[1] { - assert_eq!(txt.name.as_str(), "txt_test.matcorallo.com."); + assert_eq!(txt.name.as_str(), "txt_test.dnssec_proof_tests.bitcoin.ninja."); assert_eq!(txt.data, b"dnssec_prover_test"); } else { panic!(); } if let RR::CName(cname) = &verified_rrs.verified_rrs[2] { - assert_eq!(cname.name.as_str(), "cname_test.matcorallo.com."); - assert_eq!(cname.canonical_name.as_str(), "txt_test.matcorallo.com."); + assert_eq!(cname.name.as_str(), "cname_test.dnssec_proof_tests.bitcoin.ninja."); + assert_eq!(cname.canonical_name.as_str(), "txt_test.dnssec_proof_tests.bitcoin.ninja."); + } else { panic!(); } + + let filtered_rrs = + verified_rrs.resolve_name(&"cname_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap()); + assert_eq!(filtered_rrs.len(), 1); + if let RR::Txt(txt) = &filtered_rrs[0] { + assert_eq!(txt.name.as_str(), "txt_test.dnssec_proof_tests.bitcoin.ninja."); + assert_eq!(txt.data, b"dnssec_prover_test"); } else { panic!(); } } #[test] fn check_wildcard_record() { - let dnskeys = matcorallo_dnskey().0; - let (txt, txt_rrsig) = matcorallo_wildcard_record(); + // Wildcard proof works for any name, even multiple names + let dnskeys = bitcoin_ninja_dnskey().0; + let (txt, txt_rrsig, _, _) = bitcoin_ninja_wildcard_record("name"); + let txt_resp = [txt]; + verify_rrsig(&txt_rrsig, &dnskeys, txt_resp.iter().collect()).unwrap(); + + let (txt, txt_rrsig, _, _) = bitcoin_ninja_wildcard_record("anoter_name"); + let txt_resp = [txt]; + verify_rrsig(&txt_rrsig, &dnskeys, txt_resp.iter().collect()).unwrap(); + + let (txt, txt_rrsig, _, _) = bitcoin_ninja_wildcard_record("multiple.names"); let txt_resp = [txt]; verify_rrsig(&txt_rrsig, &dnskeys, txt_resp.iter().collect()).unwrap(); } @@ -678,11 +1076,12 @@ mod tests { fn check_wildcard_proof() { let mut rr_stream = Vec::new(); for rr in root_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - for rr in com_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - for rr in matcorallo_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - let (cname, cname_rrsig, txt, txt_rrsig) = matcorallo_cname_wildcard_record(); + for rr in ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + let (cname, cname_rrsig, txt, txt_rrsig, nsec3s) = bitcoin_ninja_cname_wildcard_record(); for rr in [RR::CName(cname), RR::RRSig(cname_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } for rr in [RR::Txt(txt), RR::RRSig(txt_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } + for (rra, rrb) in nsec3s { write_rr(&rra, 1, &mut rr_stream); write_rr(&rrb, 1, &mut rr_stream); } let mut rrs = parse_rr_stream(&rr_stream).unwrap(); rrs.shuffle(&mut rand::rngs::OsRng); @@ -690,22 +1089,105 @@ mod tests { verified_rrs.verified_rrs.sort(); assert_eq!(verified_rrs.verified_rrs.len(), 2); if let RR::Txt(txt) = &verified_rrs.verified_rrs[0] { - assert_eq!(txt.name.as_str(), "cname.wildcard_test.matcorallo.com."); + assert_eq!(txt.name.as_str(), "asdf.wildcard_test.dnssec_proof_tests.bitcoin.ninja."); assert_eq!(txt.data, b"wildcard_test"); } else { panic!(); } if let RR::CName(cname) = &verified_rrs.verified_rrs[1] { - assert_eq!(cname.name.as_str(), "test.cname_wildcard_test.matcorallo.com."); - assert_eq!(cname.canonical_name.as_str(), "cname.wildcard_test.matcorallo.com."); + assert_eq!(cname.name.as_str(), "asdf.cname_wildcard_test.dnssec_proof_tests.bitcoin.ninja."); + assert_eq!(cname.canonical_name.as_str(), "cname.wildcard_test.dnssec_proof_tests.bitcoin.ninja."); + } else { panic!(); } + + let filtered_rrs = + verified_rrs.resolve_name(&"asdf.wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap()); + assert_eq!(filtered_rrs.len(), 1); + if let RR::Txt(txt) = &filtered_rrs[0] { + assert_eq!(txt.name.as_str(), "asdf.wildcard_test.dnssec_proof_tests.bitcoin.ninja."); + assert_eq!(txt.data, b"wildcard_test"); } else { panic!(); } } + #[test] + fn check_simple_nsec_zone_proof() { + let mut rr_stream = Vec::new(); + for rr in root_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_nsec_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + let (txt, txt_rrsig) = bitcoin_ninja_nsec_record(); + for rr in [RR::Txt(txt), RR::RRSig(txt_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } + + let mut rrs = parse_rr_stream(&rr_stream).unwrap(); + rrs.shuffle(&mut rand::rngs::OsRng); + let verified_rrs = verify_rr_stream(&rrs).unwrap(); + let filtered_rrs = + verified_rrs.resolve_name(&"a.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap()); + assert_eq!(filtered_rrs.len(), 1); + if let RR::Txt(txt) = &filtered_rrs[0] { + assert_eq!(txt.name.as_str(), "a.nsec_tests.dnssec_proof_tests.bitcoin.ninja."); + assert_eq!(txt.data, b"txt_a"); + } else { panic!(); } + } + + #[test] + fn check_nsec_wildcard_proof() { + let check_proof = |pfx: &str, post_override: bool| -> Result<(), ()> { + let mut rr_stream = Vec::new(); + for rr in root_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_nsec_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + let (txt, txt_rrsig, nsec, nsec_rrsig) = if post_override { + bitcoin_ninja_nsec_post_override_wildcard_record(pfx) + } else { + bitcoin_ninja_nsec_wildcard_record(pfx) + }; + for rr in [RR::Txt(txt), RR::RRSig(txt_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } + for rr in [RR::NSec(nsec), RR::RRSig(nsec_rrsig)] { write_rr(&rr, 1, &mut rr_stream); } + + let mut rrs = parse_rr_stream(&rr_stream).unwrap(); + rrs.shuffle(&mut rand::rngs::OsRng); + // If the post_override flag is wrong (or the pfx is override), this will fail. No + // other calls in this lambda should fail. + let verified_rrs = verify_rr_stream(&rrs).map_err(|_| ())?; + let name: Name = + (pfx.to_owned() + ".wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap(); + let filtered_rrs = verified_rrs.resolve_name(&name); + assert_eq!(filtered_rrs.len(), 1); + if let RR::Txt(txt) = &filtered_rrs[0] { + assert_eq!(txt.name, name); + assert_eq!(txt.data, b"wildcard_test"); + } else { panic!(); } + Ok(()) + }; + // Records up to override will only work with the pre-override NSEC, and afterwards with + // the post-override NSEC. The literal override will always fail. + check_proof("a", false).unwrap(); + check_proof("a", true).unwrap_err(); + check_proof("a.b", false).unwrap(); + check_proof("a.b", true).unwrap_err(); + check_proof("o", false).unwrap(); + check_proof("o", true).unwrap_err(); + check_proof("a.o", false).unwrap(); + check_proof("a.o", true).unwrap_err(); + check_proof("override", false).unwrap_err(); + check_proof("override", true).unwrap_err(); + // Subdomains of override are also overridden by the override TXT entry and cannot use the + // wildcard record. + check_proof("b.override", false).unwrap_err(); + check_proof("b.override", true).unwrap_err(); + check_proof("z", false).unwrap_err(); + check_proof("z", true).unwrap_err(); + check_proof("a.z", false).unwrap_err(); + check_proof("a.z", true).unwrap_err(); + } + #[test] fn check_txt_sort_order() { let mut rr_stream = Vec::new(); for rr in root_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - for rr in com_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - for rr in matcorallo_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } - let (mut txts, rrsig) = matcorallo_txt_sort_edge_cases_records(); + for rr in ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + for rr in bitcoin_ninja_dnskey().1 { write_rr(&rr, 1, &mut rr_stream); } + let (mut txts, rrsig) = bitcoin_ninja_txt_sort_edge_cases_records(); write_rr(&rrsig, 1, &mut rr_stream); for txt in txts.iter() { write_rr(txt, 1, &mut rr_stream); }