1 /* 2 * validator/autotrust.h - RFC5011 trust anchor management for unbound. 3 * 4 * Copyright (c) 2009, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * Contains autotrust definitions. 40 */ 41 42 #ifndef VALIDATOR_AUTOTRUST_H 43 #define VALIDATOR_AUTOTRUST_H 44 #include "util/rbtree.h" 45 #include "util/data/packed_rrset.h" 46 struct val_anchors; 47 struct trust_anchor; 48 struct ub_packed_rrset_key; 49 struct module_env; 50 struct module_qstate; 51 struct val_env; 52 struct sldns_buffer; 53 54 /** Autotrust anchor states */ 55 typedef enum { 56 AUTR_STATE_START = 0, 57 AUTR_STATE_ADDPEND = 1, 58 AUTR_STATE_VALID = 2, 59 AUTR_STATE_MISSING = 3, 60 AUTR_STATE_REVOKED = 4, 61 AUTR_STATE_REMOVED = 5 62 } autr_state_type; 63 64 /** 65 * Autotrust metadata for one trust anchor key. 66 */ 67 struct autr_ta { 68 /** next key */ 69 struct autr_ta* next; 70 /** the RR */ 71 uint8_t* rr; 72 /** length of rr */ 73 size_t rr_len, dname_len; 74 /** last update of key state (new pending count keeps date the same) */ 75 time_t last_change; 76 /** 5011 state */ 77 autr_state_type s; 78 /** pending count */ 79 uint8_t pending_count; 80 /** fresh TA was seen */ 81 uint8_t fetched; 82 /** revoked TA was seen */ 83 uint8_t revoked; 84 }; 85 86 /** 87 * Autotrust metadata for a trust point. 88 * This is part of the struct trust_anchor data. 89 */ 90 struct autr_point_data { 91 /** file to store the trust point in. chrootdir already applied. */ 92 char* file; 93 /** rbtree node for probe sort, key is struct trust_anchor */ 94 rbnode_type pnode; 95 96 /** the keys */ 97 struct autr_ta* keys; 98 99 /** last queried DNSKEY set 100 * Not all failures are captured in this entry. 101 * If the validator did not even start (e.g. timeout or localservfail), 102 * then the last_queried and query_failed values are not updated. 103 */ 104 time_t last_queried; 105 /** last successful DNSKEY set */ 106 time_t last_success; 107 /** next probe time */ 108 time_t next_probe_time; 109 110 /** when to query if !failed */ 111 time_t query_interval; 112 /** when to retry if failed */ 113 time_t retry_time; 114 115 /** 116 * How many times did it fail. diagnostic only (has no effect). 117 * Only updated if there was a dnskey rrset that failed to verify. 118 */ 119 uint8_t query_failed; 120 /** true if the trust point has been revoked */ 121 uint8_t revoked; 122 }; 123 124 /** 125 * Autotrust global metadata. 126 */ 127 struct autr_global_data { 128 /** rbtree of autotrust anchors sorted by next probe time. 129 * When time is equal, sorted by anchor class, name. */ 130 rbtree_type probe; 131 }; 132 133 /** 134 * Create new global 5011 data structure. 135 * @return new structure or NULL on malloc failure. 136 */ 137 struct autr_global_data* autr_global_create(void); 138 139 /** 140 * Delete global 5011 data structure. 141 * @param global: global autotrust state to delete. 142 */ 143 void autr_global_delete(struct autr_global_data* global); 144 145 /** 146 * See if autotrust anchors are configured and how many. 147 * @param anchors: the trust anchors structure. 148 * @return number of autotrust trust anchors 149 */ 150 size_t autr_get_num_anchors(struct val_anchors* anchors); 151 152 /** 153 * Process probe timer. Add new probes if needed. 154 * @param env: module environment with time, with anchors and with the mesh. 155 * @return time of next probe (in seconds from now). 156 * If 0, then there is no next probe anymore (trust points deleted). 157 */ 158 time_t autr_probe_timer(struct module_env* env); 159 160 /** probe tree compare function */ 161 int probetree_cmp(const void* x, const void* y); 162 163 /** 164 * Read autotrust file. 165 * @param anchors: the anchors structure. 166 * @param nm: name of the file (copied). 167 * @return false on failure. 168 */ 169 int autr_read_file(struct val_anchors* anchors, const char* nm); 170 171 /** 172 * Write autotrust file. 173 * @param env: environment with scratch space. 174 * @param tp: trust point to write. 175 */ 176 void autr_write_file(struct module_env* env, struct trust_anchor* tp); 177 178 /** 179 * Delete autr anchor, deletes the autr data but does not do 180 * unlinking from trees, caller does that. 181 * @param tp: trust point to delete. 182 */ 183 void autr_point_delete(struct trust_anchor* tp); 184 185 /** 186 * Perform autotrust processing. 187 * @param env: qstate environment with the anchors structure. 188 * @param ve: validator environment for verification of rrsigs. 189 * @param tp: trust anchor to process. 190 * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result). 191 * allocated in a region. Has not been validated yet. 192 * @param qstate: qstate with region. 193 * @return false if trust anchor was revoked completely. 194 * Otherwise logs errors to log, does not change return value. 195 * On errors, likely the trust point has been unchanged. 196 */ 197 int autr_process_prime(struct module_env* env, struct val_env* ve, 198 struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset, 199 struct module_qstate* qstate); 200 201 /** 202 * Debug printout of rfc5011 tracked anchors 203 * @param anchors: all the anchors. 204 */ 205 void autr_debug_print(struct val_anchors* anchors); 206 207 /** callback for query answer to 5011 probe */ 208 void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf, 209 enum sec_status sec, char* errinf, int was_ratelimited); 210 211 #endif /* VALIDATOR_AUTOTRUST_H */ 212