2 * validator/val_sigcrypt.c - validator signature crypto functions.
4 * Copyright (c) 2007, NLnet Labs. All rights reserved.
6 * This software is open source.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * Redistributions of source code must retain the above copyright notice,
13 * this list of conditions and the following disclaimer.
15 * Redistributions in binary form must reproduce the above copyright notice,
16 * this list of conditions and the following disclaimer in the documentation
17 * and/or other materials provided with the distribution.
19 * Neither the name of the NLNET LABS nor the names of its contributors may
20 * be used to endorse or promote products derived from this software without
21 * specific prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39 * This file contains helper functions for the validator module.
40 * The functions help with signature verification and checking, the
41 * bridging between RR wireformat data and crypto calls.
44 #include "validator/val_sigcrypt.h"
45 #include "validator/val_secalgo.h"
46 #include "validator/validator.h"
47 #include "util/data/msgreply.h"
48 #include "util/data/msgparse.h"
49 #include "util/data/dname.h"
50 #include "util/rbtree.h"
51 #include "util/module.h"
52 #include "util/net_help.h"
53 #include "util/regional.h"
54 #include "util/config_file.h"
55 #include "sldns/keyraw.h"
56 #include "sldns/sbuffer.h"
57 #include "sldns/parseutil.h"
58 #include "sldns/wire2str.h"
61 #if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE)
62 #error "Need crypto library to do digital signature cryptography"
65 #ifdef HAVE_OPENSSL_ERR_H
66 #include <openssl/err.h>
69 #ifdef HAVE_OPENSSL_RAND_H
70 #include <openssl/rand.h>
73 #ifdef HAVE_OPENSSL_CONF_H
74 #include <openssl/conf.h>
77 #ifdef HAVE_OPENSSL_ENGINE_H
78 #include <openssl/engine.h>
81 /** return number of rrs in an rrset */
83 rrset_get_count(struct ub_packed_rrset_key* rrset)
85 struct packed_rrset_data* d = (struct packed_rrset_data*)
92 * Get RR signature count
95 rrset_get_sigcount(struct ub_packed_rrset_key* k)
97 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
98 return d->rrsig_count;
102 * Get signature keytag value
103 * @param k: rrset (with signatures)
104 * @param sig_idx: signature index.
105 * @return keytag or 0 if malformed rrsig.
108 rrset_get_sig_keytag(struct ub_packed_rrset_key* k, size_t sig_idx)
111 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
112 log_assert(sig_idx < d->rrsig_count);
113 if(d->rr_len[d->count + sig_idx] < 2+18)
115 memmove(&t, d->rr_data[d->count + sig_idx]+2+16, 2);
120 * Get signature signing algorithm value
121 * @param k: rrset (with signatures)
122 * @param sig_idx: signature index.
123 * @return algo or 0 if malformed rrsig.
126 rrset_get_sig_algo(struct ub_packed_rrset_key* k, size_t sig_idx)
128 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
129 log_assert(sig_idx < d->rrsig_count);
130 if(d->rr_len[d->count + sig_idx] < 2+3)
132 return (int)d->rr_data[d->count + sig_idx][2+2];
135 /** get rdata pointer and size */
137 rrset_get_rdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** rdata,
140 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
141 log_assert(d && idx < (d->count + d->rrsig_count));
142 *rdata = d->rr_data[idx];
143 *len = d->rr_len[idx];
147 dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx)
152 rrset_get_rdata(k, idx, &rdata, &len);
155 memmove(&f, rdata+2, 2);
161 * Get DNSKEY protocol value from rdata
162 * @param k: DNSKEY rrset.
163 * @param idx: which key.
164 * @return protocol octet value
167 dnskey_get_protocol(struct ub_packed_rrset_key* k, size_t idx)
171 rrset_get_rdata(k, idx, &rdata, &len);
174 return (int)rdata[2+2];
178 dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx)
182 rrset_get_rdata(k, idx, &rdata, &len);
185 return (int)rdata[2+3];
188 /** get public key rdata field from a dnskey RR and do some checks */
190 dnskey_get_pubkey(struct ub_packed_rrset_key* k, size_t idx,
191 unsigned char** pk, unsigned int* pklen)
195 rrset_get_rdata(k, idx, &rdata, &len);
201 *pk = (unsigned char*)rdata+2+4;
202 *pklen = (unsigned)len-2-4;
206 ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx)
210 rrset_get_rdata(k, idx, &rdata, &len);
213 return (int)rdata[2+2];
217 ds_get_digest_algo(struct ub_packed_rrset_key* k, size_t idx)
221 rrset_get_rdata(k, idx, &rdata, &len);
224 return (int)rdata[2+3];
228 ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx)
233 rrset_get_rdata(ds_rrset, ds_idx, &rdata, &len);
236 memmove(&t, rdata+2, 2);
241 * Return pointer to the digest in a DS RR.
242 * @param k: DS rrset.
243 * @param idx: which DS.
244 * @param digest: digest data is returned.
245 * on error, this is NULL.
246 * @param len: length of digest is returned.
247 * on error, the length is 0.
250 ds_get_sigdata(struct ub_packed_rrset_key* k, size_t idx, uint8_t** digest,
255 rrset_get_rdata(k, idx, &rdata, &rdlen);
261 *digest = rdata + 2 + 4;
262 *len = rdlen - 2 - 4;
266 * Return size of DS digest according to its hash algorithm.
267 * @param k: DS rrset.
268 * @param idx: which DS.
269 * @return size in bytes of digest, or 0 if not supported.
272 ds_digest_size_algo(struct ub_packed_rrset_key* k, size_t idx)
274 return ds_digest_size_supported(ds_get_digest_algo(k, idx));
278 * Create a DS digest for a DNSKEY entry.
280 * @param env: module environment. Uses scratch space.
281 * @param dnskey_rrset: DNSKEY rrset.
282 * @param dnskey_idx: index of RR in rrset.
283 * @param ds_rrset: DS rrset
284 * @param ds_idx: index of RR in DS rrset.
285 * @param digest: digest is returned in here (must be correctly sized).
286 * @return false on error.
289 ds_create_dnskey_digest(struct module_env* env,
290 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
291 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx,
294 sldns_buffer* b = env->scratch_buffer;
295 uint8_t* dnskey_rdata;
297 rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len);
299 /* create digest source material in buffer
300 * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
301 * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */
302 sldns_buffer_clear(b);
303 sldns_buffer_write(b, dnskey_rrset->rk.dname,
304 dnskey_rrset->rk.dname_len);
305 query_dname_tolower(sldns_buffer_begin(b));
306 sldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
307 sldns_buffer_flip(b);
309 return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
310 (unsigned char*)sldns_buffer_begin(b), sldns_buffer_limit(b),
311 (unsigned char*)digest);
314 int ds_digest_match_dnskey(struct module_env* env,
315 struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
316 struct ub_packed_rrset_key* ds_rrset, size_t ds_idx)
318 uint8_t* ds; /* DS digest */
320 uint8_t* digest; /* generated digest */
321 size_t digestlen = ds_digest_size_algo(ds_rrset, ds_idx);
324 verbose(VERB_QUERY, "DS fail: not supported, or DS RR "
326 return 0; /* not supported, or DS RR format error */
329 if(fake_sha1 && ds_get_digest_algo(ds_rrset, ds_idx)==LDNS_SHA1)
333 /* check digest length in DS with length from hash function */
334 ds_get_sigdata(ds_rrset, ds_idx, &ds, &dslen);
335 if(!ds || dslen != digestlen) {
336 verbose(VERB_QUERY, "DS fail: DS RR algo and digest do not "
338 return 0; /* DS algorithm and digest do not match */
341 digest = regional_alloc(env->scratch, digestlen);
343 verbose(VERB_QUERY, "DS fail: out of memory");
344 return 0; /* mem error */
346 if(!ds_create_dnskey_digest(env, dnskey_rrset, dnskey_idx, ds_rrset,
348 verbose(VERB_QUERY, "DS fail: could not calc key digest");
349 return 0; /* digest algo failed */
351 if(memcmp(digest, ds, dslen) != 0) {
352 verbose(VERB_QUERY, "DS fail: digest is different");
353 return 0; /* digest different */
359 ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
362 return (ds_digest_size_algo(ds_rrset, ds_idx) != 0);
366 ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset,
369 return dnskey_algo_id_is_supported(ds_get_key_algo(ds_rrset, ds_idx));
373 dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx)
377 rrset_get_rdata(dnskey_rrset, dnskey_idx, &data, &len);
378 /* do not pass rdatalen to ldns */
379 return sldns_calc_keytag_raw(data+2, len-2);
382 int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset,
385 return dnskey_algo_id_is_supported(dnskey_get_algo(dnskey_rrset,
389 void algo_needs_init_dnskey_add(struct algo_needs* n,
390 struct ub_packed_rrset_key* dnskey, uint8_t* sigalg)
393 size_t i, total = n->num;
394 size_t num = rrset_get_count(dnskey);
396 for(i=0; i<num; i++) {
397 algo = (uint8_t)dnskey_get_algo(dnskey, i);
398 if(!dnskey_algo_id_is_supported((int)algo))
400 if(n->needs[algo] == 0) {
402 sigalg[total] = algo;
410 void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg)
415 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
416 while( (algo=*sigalg++) != 0) {
417 log_assert(dnskey_algo_id_is_supported((int)algo));
418 log_assert(n->needs[algo] == 0);
425 void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds,
426 int fav_ds_algo, uint8_t* sigalg)
430 size_t num = rrset_get_count(ds);
432 memset(n->needs, 0, sizeof(uint8_t)*ALGO_NEEDS_MAX);
433 for(i=0; i<num; i++) {
434 if(ds_get_digest_algo(ds, i) != fav_ds_algo)
436 algo = (uint8_t)ds_get_key_algo(ds, i);
437 if(!dnskey_algo_id_is_supported((int)algo))
439 log_assert(algo != 0); /* we do not support 0 and is EOS */
440 if(n->needs[algo] == 0) {
442 sigalg[total] = algo;
450 int algo_needs_set_secure(struct algo_needs* n, uint8_t algo)
455 if(n->num == 0) /* done! */
461 void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo)
463 if(n->needs[algo]) n->needs[algo] = 2; /* need it, but bogus */
466 size_t algo_needs_num_missing(struct algo_needs* n)
471 int algo_needs_missing(struct algo_needs* n)
474 /* first check if a needed algo was bogus - report that */
475 for(i=0; i<ALGO_NEEDS_MAX; i++)
478 /* now check which algo is missing */
479 for(i=0; i<ALGO_NEEDS_MAX; i++)
486 dnskeyset_verify_rrset(struct module_env* env, struct val_env* ve,
487 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
488 uint8_t* sigalg, char** reason, sldns_pkt_section section,
489 struct module_qstate* qstate)
493 rbtree_type* sortree = NULL;
494 /* make sure that for all DNSKEY algorithms there are valid sigs */
495 struct algo_needs needs;
498 num = rrset_get_sigcount(rrset);
500 verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
502 *reason = "no signatures";
503 return sec_status_bogus;
507 algo_needs_init_list(&needs, sigalg);
508 if(algo_needs_num_missing(&needs) == 0) {
509 verbose(VERB_QUERY, "zone has no known algorithms");
510 *reason = "zone has no known algorithms";
511 return sec_status_insecure;
514 for(i=0; i<num; i++) {
515 sec = dnskeyset_verify_rrset_sig(env, ve, *env->now, rrset,
516 dnskey, i, &sortree, reason, section, qstate);
517 /* see which algorithm has been fixed up */
518 if(sec == sec_status_secure) {
520 return sec; /* done! */
521 else if(algo_needs_set_secure(&needs,
522 (uint8_t)rrset_get_sig_algo(rrset, i)))
523 return sec; /* done! */
524 } else if(sigalg && sec == sec_status_bogus) {
525 algo_needs_set_bogus(&needs,
526 (uint8_t)rrset_get_sig_algo(rrset, i));
529 if(sigalg && (alg=algo_needs_missing(&needs)) != 0) {
530 verbose(VERB_ALGO, "rrset failed to verify: "
531 "no valid signatures for %d algorithms",
532 (int)algo_needs_num_missing(&needs));
533 algo_needs_reason(env, alg, reason, "no signatures");
535 verbose(VERB_ALGO, "rrset failed to verify: "
536 "no valid signatures");
538 return sec_status_bogus;
541 void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s)
544 sldns_lookup_table *t = sldns_lookup_by_id(sldns_algorithms, alg);
546 snprintf(buf, sizeof(buf), "%s with algorithm %s", s, t->name);
547 else snprintf(buf, sizeof(buf), "%s with algorithm ALG%u", s,
549 *reason = regional_strdup(env->scratch, buf);
555 dnskey_verify_rrset(struct module_env* env, struct val_env* ve,
556 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
557 size_t dnskey_idx, char** reason, sldns_pkt_section section,
558 struct module_qstate* qstate)
561 size_t i, num, numchecked = 0;
562 rbtree_type* sortree = NULL;
564 uint16_t tag = dnskey_calc_keytag(dnskey, dnskey_idx);
565 int algo = dnskey_get_algo(dnskey, dnskey_idx);
567 num = rrset_get_sigcount(rrset);
569 verbose(VERB_QUERY, "rrset failed to verify due to a lack of "
571 *reason = "no signatures";
572 return sec_status_bogus;
574 for(i=0; i<num; i++) {
575 /* see if sig matches keytag and algo */
576 if(algo != rrset_get_sig_algo(rrset, i) ||
577 tag != rrset_get_sig_keytag(rrset, i))
580 sec = dnskey_verify_rrset_sig(env->scratch,
581 env->scratch_buffer, ve, *env->now, rrset,
582 dnskey, dnskey_idx, i, &sortree, &buf_canon, reason,
584 if(sec == sec_status_secure)
588 verbose(VERB_ALGO, "rrset failed to verify: all signatures are bogus");
589 if(!numchecked) *reason = "signature missing";
590 return sec_status_bogus;
594 dnskeyset_verify_rrset_sig(struct module_env* env, struct val_env* ve,
595 time_t now, struct ub_packed_rrset_key* rrset,
596 struct ub_packed_rrset_key* dnskey, size_t sig_idx,
597 struct rbtree_type** sortree, char** reason, sldns_pkt_section section,
598 struct module_qstate* qstate)
600 /* find matching keys and check them */
601 enum sec_status sec = sec_status_bogus;
602 uint16_t tag = rrset_get_sig_keytag(rrset, sig_idx);
603 int algo = rrset_get_sig_algo(rrset, sig_idx);
604 size_t i, num = rrset_get_count(dnskey);
605 size_t numchecked = 0;
607 verbose(VERB_ALGO, "verify sig %d %d", (int)tag, algo);
608 if(!dnskey_algo_id_is_supported(algo)) {
609 verbose(VERB_QUERY, "verify sig: unknown algorithm");
610 return sec_status_insecure;
613 for(i=0; i<num; i++) {
614 /* see if key matches keytag and algo */
615 if(algo != dnskey_get_algo(dnskey, i) ||
616 tag != dnskey_calc_keytag(dnskey, i))
620 /* see if key verifies */
621 sec = dnskey_verify_rrset_sig(env->scratch,
622 env->scratch_buffer, ve, now, rrset, dnskey, i,
623 sig_idx, sortree, &buf_canon, reason, section, qstate);
624 if(sec == sec_status_secure)
627 if(numchecked == 0) {
628 *reason = "signatures from unknown keys";
629 verbose(VERB_QUERY, "verify: could not find appropriate key");
630 return sec_status_bogus;
632 return sec_status_bogus;
636 * RR entries in a canonical sorted tree of RRs
639 /** rbtree node, key is this structure */
641 /** rrset the RR is in */
642 struct ub_packed_rrset_key* rrset;
643 /** which RR in the rrset */
648 * Compare two RR for canonical order, in a field-style sweep.
649 * @param d: rrset data
650 * @param desc: ldns wireformat descriptor.
651 * @param i: first RR to compare
652 * @param j: first RR to compare
653 * @return comparison code.
656 canonical_compare_byfield(struct packed_rrset_data* d,
657 const sldns_rr_descriptor* desc, size_t i, size_t j)
659 /* sweep across rdata, keep track of some state:
660 * which rr field, and bytes left in field.
661 * current position in rdata, length left.
662 * are we in a dname, length left in a label.
664 int wfi = -1; /* current wireformat rdata field (rdf) */
666 uint8_t* di = d->rr_data[i]+2; /* ptr to current rdata byte */
667 uint8_t* dj = d->rr_data[j]+2;
668 size_t ilen = d->rr_len[i]-2; /* length left in rdata */
669 size_t jlen = d->rr_len[j]-2;
670 int dname_i = 0; /* true if these bytes are part of a name */
672 size_t lablen_i = 0; /* 0 for label length byte,for first byte of rdf*/
673 size_t lablen_j = 0; /* otherwise remaining length of rdf or label */
674 int dname_num_i = (int)desc->_dname_count; /* decreased at root label */
675 int dname_num_j = (int)desc->_dname_count;
677 /* loop while there are rdata bytes available for both rrs,
678 * and still some lowercasing needs to be done; either the dnames
679 * have not been reached yet, or they are currently being processed */
680 while(ilen > 0 && jlen > 0 && (dname_num_i > 0 || dname_num_j > 0)) {
681 /* compare these two bytes */
682 /* lowercase if in a dname and not a label length byte */
683 if( ((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di)
684 != ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj)
686 if(((dname_i && lablen_i)?(uint8_t)tolower((int)*di):*di)
687 < ((dname_j && lablen_j)?(uint8_t)tolower((int)*dj):*dj))
693 /* bytes are equal */
695 /* advance field i */
696 /* lablen 0 means that this byte is the first byte of the
697 * next rdata field; inspect this rdata field and setup
698 * to process the rest of this rdata field.
699 * The reason to first read the byte, then setup the rdf,
700 * is that we are then sure the byte is available and short
701 * rdata is handled gracefully (even if it is a formerr). */
704 /* scan this dname label */
705 /* capture length to lowercase */
706 lablen_i = (size_t)*di;
711 /* if dname num is 0, then the
712 * remainder is binary only */
717 /* scan this rdata field */
719 if(desc->_wireformat[wfi]
720 == LDNS_RDF_TYPE_DNAME) {
722 lablen_i = (size_t)*di;
729 } else if(desc->_wireformat[wfi]
730 == LDNS_RDF_TYPE_STR)
731 lablen_i = (size_t)*di;
732 else lablen_i = get_rdf_size(
733 desc->_wireformat[wfi]) - 1;
737 /* advance field j; same as for i */
740 lablen_j = (size_t)*dj;
749 if(desc->_wireformat[wfj]
750 == LDNS_RDF_TYPE_DNAME) {
752 lablen_j = (size_t)*dj;
759 } else if(desc->_wireformat[wfj]
760 == LDNS_RDF_TYPE_STR)
761 lablen_j = (size_t)*dj;
762 else lablen_j = get_rdf_size(
763 desc->_wireformat[wfj]) - 1;
769 /* end of the loop; because we advanced byte by byte; now we have
770 * that the rdata has ended, or that there is a binary remainder */
772 if(ilen == 0 && jlen == 0)
778 /* binary remainder, capture comparison in wfi variable */
779 if((wfi = memcmp(di, dj, (ilen<jlen)?ilen:jlen)) != 0)
789 * Compare two RRs in the same RRset and determine their relative
791 * @param rrset: the rrset in which to perform compares.
792 * @param i: first RR to compare
793 * @param j: first RR to compare
794 * @return 0 if RR i== RR j, -1 if <, +1 if >.
797 canonical_compare(struct ub_packed_rrset_key* rrset, size_t i, size_t j)
799 struct packed_rrset_data* d = (struct packed_rrset_data*)
801 const sldns_rr_descriptor* desc;
802 uint16_t type = ntohs(rrset->rk.type);
810 /* These RR types have only a name as RDATA.
811 * This name has to be canonicalized.*/
812 case LDNS_RR_TYPE_NS:
813 case LDNS_RR_TYPE_MD:
814 case LDNS_RR_TYPE_MF:
815 case LDNS_RR_TYPE_CNAME:
816 case LDNS_RR_TYPE_MB:
817 case LDNS_RR_TYPE_MG:
818 case LDNS_RR_TYPE_MR:
819 case LDNS_RR_TYPE_PTR:
820 case LDNS_RR_TYPE_DNAME:
821 /* the wireread function has already checked these
822 * dname's for correctness, and this double checks */
823 if(!dname_valid(d->rr_data[i]+2, d->rr_len[i]-2) ||
824 !dname_valid(d->rr_data[j]+2, d->rr_len[j]-2))
826 return query_dname_compare(d->rr_data[i]+2,
829 /* These RR types have STR and fixed size rdata fields
830 * before one or more name fields that need canonicalizing,
831 * and after that a byte-for byte remainder can be compared.
833 /* type starts with the name; remainder is binary compared */
834 case LDNS_RR_TYPE_NXT:
835 /* use rdata field formats */
836 case LDNS_RR_TYPE_MINFO:
837 case LDNS_RR_TYPE_RP:
838 case LDNS_RR_TYPE_SOA:
839 case LDNS_RR_TYPE_RT:
840 case LDNS_RR_TYPE_AFSDB:
841 case LDNS_RR_TYPE_KX:
842 case LDNS_RR_TYPE_MX:
843 case LDNS_RR_TYPE_SIG:
844 /* RRSIG signer name has to be downcased */
845 case LDNS_RR_TYPE_RRSIG:
846 case LDNS_RR_TYPE_PX:
847 case LDNS_RR_TYPE_NAPTR:
848 case LDNS_RR_TYPE_SRV:
849 desc = sldns_rr_descript(type);
851 /* this holds for the types that need canonicalizing */
852 log_assert(desc->_minimum == desc->_maximum);
853 return canonical_compare_byfield(d, desc, i, j);
855 case LDNS_RR_TYPE_HINFO: /* no longer downcased */
856 case LDNS_RR_TYPE_NSEC:
858 /* For unknown RR types, or types not listed above,
859 * no canonicalization is needed, do binary compare */
860 /* byte for byte compare, equal means shortest first*/
861 minlen = d->rr_len[i]-2;
862 if(minlen > d->rr_len[j]-2)
863 minlen = d->rr_len[j]-2;
864 c = memcmp(d->rr_data[i]+2, d->rr_data[j]+2, minlen);
867 /* rdata equal, shortest is first */
868 if(d->rr_len[i] < d->rr_len[j])
870 if(d->rr_len[i] > d->rr_len[j])
872 /* rdata equal, length equal */
879 canonical_tree_compare(const void* k1, const void* k2)
881 struct canon_rr* r1 = (struct canon_rr*)k1;
882 struct canon_rr* r2 = (struct canon_rr*)k2;
883 log_assert(r1->rrset == r2->rrset);
884 return canonical_compare(r1->rrset, r1->rr_idx, r2->rr_idx);
888 * Sort RRs for rrset in canonical order.
889 * Does not actually canonicalize the RR rdatas.
890 * Does not touch rrsigs.
891 * @param rrset: to sort.
892 * @param d: rrset data.
893 * @param sortree: tree to sort into.
894 * @param rrs: rr storage.
897 canonical_sort(struct ub_packed_rrset_key* rrset, struct packed_rrset_data* d,
898 rbtree_type* sortree, struct canon_rr* rrs)
901 /* insert into rbtree to sort and detect duplicates */
902 for(i=0; i<d->count; i++) {
903 rrs[i].node.key = &rrs[i];
904 rrs[i].rrset = rrset;
906 if(!rbtree_insert(sortree, &rrs[i].node)) {
907 /* this was a duplicate */
913 * Insert canonical owner name into buffer.
914 * @param buf: buffer to insert into at current position.
915 * @param k: rrset with its owner name.
916 * @param sig: signature with signer name and label count.
917 * must be length checked, at least 18 bytes long.
918 * @param can_owner: position in buffer returned for future use.
919 * @param can_owner_len: length of canonical owner name.
922 insert_can_owner(sldns_buffer* buf, struct ub_packed_rrset_key* k,
923 uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len)
925 int rrsig_labels = (int)sig[3];
926 int fqdn_labels = dname_signame_label_count(k->rk.dname);
927 *can_owner = sldns_buffer_current(buf);
928 if(rrsig_labels == fqdn_labels) {
930 sldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
931 query_dname_tolower(*can_owner);
932 *can_owner_len = k->rk.dname_len;
935 log_assert(rrsig_labels < fqdn_labels);
936 /* *. | fqdn(rightmost rrsig_labels) */
937 if(rrsig_labels < fqdn_labels) {
939 uint8_t* nm = k->rk.dname;
940 size_t len = k->rk.dname_len;
941 /* so skip fqdn_labels-rrsig_labels */
942 for(i=0; i<fqdn_labels-rrsig_labels; i++) {
943 dname_remove_label(&nm, &len);
945 *can_owner_len = len+2;
946 sldns_buffer_write(buf, (uint8_t*)"\001*", 2);
947 sldns_buffer_write(buf, nm, len);
948 query_dname_tolower(*can_owner);
953 * Canonicalize Rdata in buffer.
954 * @param buf: buffer at position just after the rdata.
955 * @param rrset: rrset with type.
956 * @param len: length of the rdata (including rdatalen uint16).
959 canonicalize_rdata(sldns_buffer* buf, struct ub_packed_rrset_key* rrset,
962 uint8_t* datstart = sldns_buffer_current(buf)-len+2;
963 switch(ntohs(rrset->rk.type)) {
964 case LDNS_RR_TYPE_NXT:
965 case LDNS_RR_TYPE_NS:
966 case LDNS_RR_TYPE_MD:
967 case LDNS_RR_TYPE_MF:
968 case LDNS_RR_TYPE_CNAME:
969 case LDNS_RR_TYPE_MB:
970 case LDNS_RR_TYPE_MG:
971 case LDNS_RR_TYPE_MR:
972 case LDNS_RR_TYPE_PTR:
973 case LDNS_RR_TYPE_DNAME:
974 /* type only has a single argument, the name */
975 query_dname_tolower(datstart);
977 case LDNS_RR_TYPE_MINFO:
978 case LDNS_RR_TYPE_RP:
979 case LDNS_RR_TYPE_SOA:
980 /* two names after another */
981 query_dname_tolower(datstart);
982 query_dname_tolower(datstart +
983 dname_valid(datstart, len-2));
985 case LDNS_RR_TYPE_RT:
986 case LDNS_RR_TYPE_AFSDB:
987 case LDNS_RR_TYPE_KX:
988 case LDNS_RR_TYPE_MX:
989 /* skip fixed part */
990 if(len < 2+2+1) /* rdlen, skiplen, 1byteroot */
993 query_dname_tolower(datstart);
995 case LDNS_RR_TYPE_SIG:
996 /* downcase the RRSIG, compat with BIND (kept it from SIG) */
997 case LDNS_RR_TYPE_RRSIG:
998 /* skip fixed part */
1002 query_dname_tolower(datstart);
1004 case LDNS_RR_TYPE_PX:
1005 /* skip, then two names after another */
1009 query_dname_tolower(datstart);
1010 query_dname_tolower(datstart +
1011 dname_valid(datstart, len-2-2));
1013 case LDNS_RR_TYPE_NAPTR:
1018 if(len < (size_t)datstart[0]+1) /* skip text field */
1020 len -= (size_t)datstart[0]+1;
1021 datstart += (size_t)datstart[0]+1;
1022 if(len < (size_t)datstart[0]+1) /* skip text field */
1024 len -= (size_t)datstart[0]+1;
1025 datstart += (size_t)datstart[0]+1;
1026 if(len < (size_t)datstart[0]+1) /* skip text field */
1028 len -= (size_t)datstart[0]+1;
1029 datstart += (size_t)datstart[0]+1;
1030 if(len < 1) /* check name is at least 1 byte*/
1032 query_dname_tolower(datstart);
1034 case LDNS_RR_TYPE_SRV:
1035 /* skip fixed part */
1039 query_dname_tolower(datstart);
1042 /* do not canonicalize NSEC rdata name, compat with
1043 * from bind 9.4 signer, where it does not do so */
1044 case LDNS_RR_TYPE_NSEC: /* type starts with the name */
1045 case LDNS_RR_TYPE_HINFO: /* not downcased */
1046 /* A6 not supported */
1048 /* nothing to do for unknown types */
1053 int rrset_canonical_equal(struct regional* region,
1054 struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2)
1056 struct rbtree_type sortree1, sortree2;
1057 struct canon_rr *rrs1, *rrs2, *p1, *p2;
1058 struct packed_rrset_data* d1=(struct packed_rrset_data*)k1->entry.data;
1059 struct packed_rrset_data* d2=(struct packed_rrset_data*)k2->entry.data;
1060 struct ub_packed_rrset_key fk;
1061 struct packed_rrset_data fd;
1066 if(k1->rk.dname_len != k2->rk.dname_len ||
1067 k1->rk.flags != k2->rk.flags ||
1068 k1->rk.type != k2->rk.type ||
1069 k1->rk.rrset_class != k2->rk.rrset_class ||
1070 query_dname_compare(k1->rk.dname, k2->rk.dname) != 0)
1072 if(d1->ttl != d2->ttl ||
1073 d1->count != d2->count ||
1074 d1->rrsig_count != d2->rrsig_count ||
1075 d1->trust != d2->trust ||
1076 d1->security != d2->security)
1080 memset(&fk, 0, sizeof(fk));
1081 memset(&fd, 0, sizeof(fd));
1082 fk.entry.data = &fd;
1086 rbtree_init(&sortree1, &canonical_tree_compare);
1087 rbtree_init(&sortree2, &canonical_tree_compare);
1088 if(d1->count > RR_COUNT_MAX || d2->count > RR_COUNT_MAX)
1089 return 1; /* protection against integer overflow */
1090 rrs1 = regional_alloc(region, sizeof(struct canon_rr)*d1->count);
1091 rrs2 = regional_alloc(region, sizeof(struct canon_rr)*d2->count);
1092 if(!rrs1 || !rrs2) return 1; /* alloc failure */
1095 canonical_sort(k1, d1, &sortree1, rrs1);
1096 canonical_sort(k2, d2, &sortree2, rrs2);
1098 /* compare canonical-sorted RRs for canonical-equality */
1099 if(sortree1.count != sortree2.count)
1101 p1 = (struct canon_rr*)rbtree_first(&sortree1);
1102 p2 = (struct canon_rr*)rbtree_first(&sortree2);
1103 while(p1 != (struct canon_rr*)RBTREE_NULL &&
1104 p2 != (struct canon_rr*)RBTREE_NULL) {
1105 flen[0] = d1->rr_len[p1->rr_idx];
1106 flen[1] = d2->rr_len[p2->rr_idx];
1107 fdata[0] = d1->rr_data[p1->rr_idx];
1108 fdata[1] = d2->rr_data[p2->rr_idx];
1110 if(canonical_compare(&fk, 0, 1) != 0)
1112 p1 = (struct canon_rr*)rbtree_next(&p1->node);
1113 p2 = (struct canon_rr*)rbtree_next(&p2->node);
1119 * Create canonical form of rrset in the scratch buffer.
1120 * @param region: temporary region.
1121 * @param buf: the buffer to use.
1122 * @param k: the rrset to insert.
1123 * @param sig: RRSIG rdata to include.
1124 * @param siglen: RRSIG rdata len excluding signature field, but inclusive
1125 * signer name length.
1126 * @param sortree: if NULL is passed a new sorted rrset tree is built.
1127 * Otherwise it is reused.
1128 * @param section: section of packet where this rrset comes from.
1129 * @param qstate: qstate with region.
1130 * @return false on alloc error.
1133 rrset_canonical(struct regional* region, sldns_buffer* buf,
1134 struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
1135 struct rbtree_type** sortree, sldns_pkt_section section,
1136 struct module_qstate* qstate)
1138 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
1139 uint8_t* can_owner = NULL;
1140 size_t can_owner_len = 0;
1141 struct canon_rr* walk;
1142 struct canon_rr* rrs;
1145 *sortree = (struct rbtree_type*)regional_alloc(region,
1146 sizeof(rbtree_type));
1149 if(d->count > RR_COUNT_MAX)
1150 return 0; /* integer overflow protection */
1151 rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
1156 rbtree_init(*sortree, &canonical_tree_compare);
1157 canonical_sort(k, d, *sortree, rrs);
1160 sldns_buffer_clear(buf);
1161 sldns_buffer_write(buf, sig, siglen);
1162 /* canonicalize signer name */
1163 query_dname_tolower(sldns_buffer_begin(buf)+18);
1164 RBTREE_FOR(walk, struct canon_rr*, (*sortree)) {
1165 /* see if there is enough space left in the buffer */
1166 if(sldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
1167 + d->rr_len[walk->rr_idx]) {
1168 log_err("verify: failed to canonicalize, "
1172 /* determine canonical owner name */
1174 sldns_buffer_write(buf, can_owner, can_owner_len);
1175 else insert_can_owner(buf, k, sig, &can_owner,
1177 sldns_buffer_write(buf, &k->rk.type, 2);
1178 sldns_buffer_write(buf, &k->rk.rrset_class, 2);
1179 sldns_buffer_write(buf, sig+4, 4);
1180 sldns_buffer_write(buf, d->rr_data[walk->rr_idx],
1181 d->rr_len[walk->rr_idx]);
1182 canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
1184 sldns_buffer_flip(buf);
1186 /* Replace RR owner with canonical owner for NSEC records in authority
1187 * section, to prevent that a wildcard synthesized NSEC can be used in
1188 * the non-existence proves. */
1189 if(ntohs(k->rk.type) == LDNS_RR_TYPE_NSEC &&
1190 section == LDNS_SECTION_AUTHORITY) {
1191 k->rk.dname = regional_alloc_init(qstate->region, can_owner,
1195 k->rk.dname_len = can_owner_len;
1202 /** pretty print rrsig error with dates */
1204 sigdate_error(const char* str, int32_t expi, int32_t incep, int32_t now)
1212 if(verbosity < VERB_QUERY)
1217 memset(&tm, 0, sizeof(tm));
1218 if(gmtime_r(&te, &tm) && strftime(expi_buf, 15, "%Y%m%d%H%M%S", &tm)
1219 &&gmtime_r(&ti, &tm) && strftime(incep_buf, 15, "%Y%m%d%H%M%S", &tm)
1220 &&gmtime_r(&tn, &tm) && strftime(now_buf, 15, "%Y%m%d%H%M%S", &tm)) {
1221 log_info("%s expi=%s incep=%s now=%s", str, expi_buf,
1222 incep_buf, now_buf);
1224 log_info("%s expi=%u incep=%u now=%u", str, (unsigned)expi,
1225 (unsigned)incep, (unsigned)now);
1228 /** RFC 1982 comparison, uses unsigned integers, and tries to avoid
1229 * compiler optimization (eg. by avoiding a-b<0 comparisons),
1230 * this routine matches compare_serial(), for SOA serial number checks */
1232 compare_1982(uint32_t a, uint32_t b)
1234 /* for 32 bit values */
1235 const uint32_t cutoff = ((uint32_t) 1 << (32 - 1));
1239 } else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) {
1246 /** if we know that b is larger than a, return the difference between them,
1247 * that is the distance between them. in RFC1982 arith */
1249 subtract_1982(uint32_t a, uint32_t b)
1251 /* for 32 bit values */
1252 const uint32_t cutoff = ((uint32_t) 1 << (32 - 1));
1256 if(a < b && b - a < cutoff) {
1259 if(a > b && a - b > cutoff) {
1260 return ((uint32_t)0xffffffff) - (a-b-1);
1262 /* wrong case, b smaller than a */
1266 /** check rrsig dates */
1268 check_dates(struct val_env* ve, uint32_t unow,
1269 uint8_t* expi_p, uint8_t* incep_p, char** reason)
1271 /* read out the dates */
1272 uint32_t expi, incep, now;
1273 memmove(&expi, expi_p, sizeof(expi));
1274 memmove(&incep, incep_p, sizeof(incep));
1276 incep = ntohl(incep);
1278 /* get current date */
1279 if(ve->date_override) {
1280 if(ve->date_override == -1) {
1281 verbose(VERB_ALGO, "date override: ignore date");
1284 now = ve->date_override;
1285 verbose(VERB_ALGO, "date override option %d", (int)now);
1289 if(compare_1982(incep, expi) > 0) {
1290 sigdate_error("verify: inception after expiration, "
1291 "signature bad", expi, incep, now);
1292 *reason = "signature inception after expiration";
1295 if(compare_1982(incep, now) > 0) {
1296 /* within skew ? (calc here to avoid calculation normally) */
1297 uint32_t skew = subtract_1982(incep, expi)/10;
1298 if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
1299 if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
1300 if(subtract_1982(now, incep) > skew) {
1301 sigdate_error("verify: signature bad, current time is"
1302 " before inception date", expi, incep, now);
1303 *reason = "signature before inception date";
1306 sigdate_error("verify warning suspicious signature inception "
1307 " or bad local clock", expi, incep, now);
1309 if(compare_1982(now, expi) > 0) {
1310 uint32_t skew = subtract_1982(incep, expi)/10;
1311 if(skew < (uint32_t)ve->skew_min) skew = ve->skew_min;
1312 if(skew > (uint32_t)ve->skew_max) skew = ve->skew_max;
1313 if(subtract_1982(expi, now) > skew) {
1314 sigdate_error("verify: signature expired", expi,
1316 *reason = "signature expired";
1319 sigdate_error("verify warning suspicious signature expiration "
1320 " or bad local clock", expi, incep, now);
1325 /** adjust rrset TTL for verified rrset, compare to original TTL and expi */
1327 adjust_ttl(struct val_env* ve, uint32_t unow,
1328 struct ub_packed_rrset_key* rrset, uint8_t* orig_p,
1329 uint8_t* expi_p, uint8_t* incep_p)
1331 struct packed_rrset_data* d =
1332 (struct packed_rrset_data*)rrset->entry.data;
1333 /* read out the dates */
1334 int32_t origttl, expittl, expi, incep, now;
1335 memmove(&origttl, orig_p, sizeof(origttl));
1336 memmove(&expi, expi_p, sizeof(expi));
1337 memmove(&incep, incep_p, sizeof(incep));
1339 incep = ntohl(incep);
1340 origttl = ntohl(origttl);
1342 /* get current date */
1343 if(ve->date_override) {
1344 now = ve->date_override;
1345 } else now = (int32_t)unow;
1346 expittl = (int32_t)((uint32_t)expi - (uint32_t)now);
1349 * d->ttl: rrset ttl read from message or cache. May be reduced
1350 * origttl: original TTL from signature, authoritative TTL max.
1351 * MIN_TTL: minimum TTL from config.
1352 * expittl: TTL until the signature expires.
1354 * Use the smallest of these, but don't let origttl set the TTL
1355 * below the minimum.
1357 if(MIN_TTL > (time_t)origttl && d->ttl > MIN_TTL) {
1358 verbose(VERB_QUERY, "rrset TTL larger than original and minimum"
1359 " TTL, adjusting TTL downwards to minimum ttl");
1362 else if(MIN_TTL <= origttl && d->ttl > (time_t)origttl) {
1363 verbose(VERB_QUERY, "rrset TTL larger than original TTL, "
1364 "adjusting TTL downwards to original ttl");
1368 if(expittl > 0 && d->ttl > (time_t)expittl) {
1369 verbose(VERB_ALGO, "rrset TTL larger than sig expiration ttl,"
1370 " adjusting TTL downwards");
1376 dnskey_verify_rrset_sig(struct regional* region, sldns_buffer* buf,
1377 struct val_env* ve, time_t now,
1378 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
1379 size_t dnskey_idx, size_t sig_idx,
1380 struct rbtree_type** sortree, int* buf_canon, char** reason,
1381 sldns_pkt_section section, struct module_qstate* qstate)
1383 enum sec_status sec;
1384 uint8_t* sig; /* RRSIG rdata */
1386 size_t rrnum = rrset_get_count(rrset);
1387 uint8_t* signer; /* rrsig signer name */
1389 unsigned char* sigblock; /* signature rdata field */
1390 unsigned int sigblock_len;
1391 uint16_t ktag; /* DNSKEY key tag */
1392 unsigned char* key; /* public key rdata field */
1393 unsigned int keylen;
1394 rrset_get_rdata(rrset, rrnum + sig_idx, &sig, &siglen);
1395 /* min length of rdatalen, fixed rrsig, root signer, 1 byte sig */
1397 verbose(VERB_QUERY, "verify: signature too short");
1398 *reason = "signature too short";
1399 return sec_status_bogus;
1402 if(!(dnskey_get_flags(dnskey, dnskey_idx) & DNSKEY_BIT_ZSK)) {
1403 verbose(VERB_QUERY, "verify: dnskey without ZSK flag");
1404 *reason = "dnskey without ZSK flag";
1405 return sec_status_bogus;
1408 if(dnskey_get_protocol(dnskey, dnskey_idx) != LDNS_DNSSEC_KEYPROTO) {
1409 /* RFC 4034 says DNSKEY PROTOCOL MUST be 3 */
1410 verbose(VERB_QUERY, "verify: dnskey has wrong key protocol");
1411 *reason = "dnskey has wrong protocolnumber";
1412 return sec_status_bogus;
1415 /* verify as many fields in rrsig as possible */
1417 signer_len = dname_valid(signer, siglen-2-18);
1419 verbose(VERB_QUERY, "verify: malformed signer name");
1420 *reason = "signer name malformed";
1421 return sec_status_bogus; /* signer name invalid */
1423 if(!dname_subdomain_c(rrset->rk.dname, signer)) {
1424 verbose(VERB_QUERY, "verify: signer name is off-tree");
1425 *reason = "signer name off-tree";
1426 return sec_status_bogus; /* signer name offtree */
1428 sigblock = (unsigned char*)signer+signer_len;
1429 if(siglen < 2+18+signer_len+1) {
1430 verbose(VERB_QUERY, "verify: too short, no signature data");
1431 *reason = "signature too short, no signature data";
1432 return sec_status_bogus; /* sig rdf is < 1 byte */
1434 sigblock_len = (unsigned int)(siglen - 2 - 18 - signer_len);
1436 /* verify key dname == sig signer name */
1437 if(query_dname_compare(signer, dnskey->rk.dname) != 0) {
1438 verbose(VERB_QUERY, "verify: wrong key for rrsig");
1439 log_nametypeclass(VERB_QUERY, "RRSIG signername is",
1441 log_nametypeclass(VERB_QUERY, "the key name is",
1442 dnskey->rk.dname, 0, 0);
1443 *reason = "signer name mismatches key name";
1444 return sec_status_bogus;
1447 /* verify covered type */
1448 /* memcmp works because type is in network format for rrset */
1449 if(memcmp(sig+2, &rrset->rk.type, 2) != 0) {
1450 verbose(VERB_QUERY, "verify: wrong type covered");
1451 *reason = "signature covers wrong type";
1452 return sec_status_bogus;
1454 /* verify keytag and sig algo (possibly again) */
1455 if((int)sig[2+2] != dnskey_get_algo(dnskey, dnskey_idx)) {
1456 verbose(VERB_QUERY, "verify: wrong algorithm");
1457 *reason = "signature has wrong algorithm";
1458 return sec_status_bogus;
1460 ktag = htons(dnskey_calc_keytag(dnskey, dnskey_idx));
1461 if(memcmp(sig+2+16, &ktag, 2) != 0) {
1462 verbose(VERB_QUERY, "verify: wrong keytag");
1463 *reason = "signature has wrong keytag";
1464 return sec_status_bogus;
1467 /* verify labels is in a valid range */
1468 if((int)sig[2+3] > dname_signame_label_count(rrset->rk.dname)) {
1469 verbose(VERB_QUERY, "verify: labelcount out of range");
1470 *reason = "signature labelcount out of range";
1471 return sec_status_bogus;
1474 /* original ttl, always ok */
1477 /* create rrset canonical format in buffer, ready for
1479 if(!rrset_canonical(region, buf, rrset, sig+2,
1480 18 + signer_len, sortree, section, qstate)) {
1481 log_err("verify: failed due to alloc error");
1482 return sec_status_unchecked;
1487 /* check that dnskey is available */
1488 dnskey_get_pubkey(dnskey, dnskey_idx, &key, &keylen);
1490 verbose(VERB_QUERY, "verify: short DNSKEY RR");
1491 return sec_status_unchecked;
1495 sec = verify_canonrrset(buf, (int)sig[2+2],
1496 sigblock, sigblock_len, key, keylen, reason);
1498 if(sec == sec_status_secure) {
1499 /* check if TTL is too high - reduce if so */
1500 adjust_ttl(ve, now, rrset, sig+2+4, sig+2+8, sig+2+12);
1502 /* verify inception, expiration dates
1503 * Do this last so that if you ignore expired-sigs the
1504 * rest is sure to be OK. */
1505 if(!check_dates(ve, now, sig+2+8, sig+2+12, reason)) {
1506 return sec_status_bogus;