val_secalgo.h File Reference

This file contains helper functions for the validator module. More...

Functions
size_t	nsec3_hash_algo_size_supported (int id)
	Return size of nsec3 hash algorithm, 0 if not supported.
int	secalgo_nsec3_hash (int algo, unsigned char *buf, size_t len, unsigned char *res)
	Hash a single hash call of an NSEC3 hash algorithm. More...
void	secalgo_hash_sha256 (unsigned char *buf, size_t len, unsigned char *res)
	Calculate the sha256 hash for the data buffer into the result. More...
struct secalgo_hash *	secalgo_hash_create_sha384 (void)
	Start a hash of type sha384. More...
struct secalgo_hash *	secalgo_hash_create_sha512 (void)
	Start a hash of type sha512. More...
int	secalgo_hash_update (struct secalgo_hash *hash, uint8_t *data, size_t len)
	Update a hash with more information to add to it. More...
int	secalgo_hash_final (struct secalgo_hash *hash, uint8_t *result, size_t maxlen, size_t *resultlen)
	Get the final result of the hash. More...
void	secalgo_hash_delete (struct secalgo_hash *hash)
	Delete the hash structure. More...
size_t	ds_digest_size_supported (int algo)
	Return size of DS digest according to its hash algorithm. More...
int	secalgo_ds_digest (int algo, unsigned char *buf, size_t len, unsigned char *res)
int	dnskey_algo_id_is_supported (int id)
	return true if DNSKEY algorithm id is supported
enum sec_status	verify_canonrrset (struct sldns_buffer *buf, int algo, unsigned char *sigblock, unsigned int sigblock_len, unsigned char *key, unsigned int keylen, char **reason)
	Check a canonical sig+rrset and signature against a dnskey. More...

Detailed Description

This file contains helper functions for the validator module.

The functions take buffers with raw data and convert to library calls.

Function Documentation

secalgo_nsec3_hash()

int secalgo_nsec3_hash	(	int	algo,
		unsigned char *	buf,
		size_t	len,
		unsigned char *	res
	)

Hash a single hash call of an NSEC3 hash algorithm.

Iterations and salt are done by the caller.

Parameters

algo	nsec3 hash algorithm.
buf	the buffer to digest
len	length of buffer to digest.
res	result stored here (must have sufficient space).

Returns

false on failure.

Referenced by az_nsec3_hash(), nsec3_calc_hash(), and nsec3_get_hashed().

secalgo_hash_sha256()

void secalgo_hash_sha256	(	unsigned char *	buf,
		size_t	len,
		unsigned char *	res
	)

Calculate the sha256 hash for the data buffer into the result.

Parameters

buf	buffer to digest.
len	length of the buffer to digest.
res	result is stored here (space 256/8 bytes).

secalgo_hash_create_sha384()

struct secalgo_hash* secalgo_hash_create_sha384

(

void

)

Start a hash of type sha384.

Allocates structure, then inits it, so that a series of updates can be performed, before the final result.

Returns

hash structure. NULL on malloc failure or no support.

Referenced by zonemd_digest_init().

secalgo_hash_create_sha512()

struct secalgo_hash* secalgo_hash_create_sha512

(

void

)

Start a hash of type sha512.

Allocates structure, then inits it, so that a series of updates can be performed, before the final result.

Returns

hash structure. NULL on malloc failure or no support.

Referenced by zonemd_digest_init().

secalgo_hash_update()

int secalgo_hash_update	(	struct secalgo_hash *	hash,
		uint8_t *	data,
		size_t	len
	)

Update a hash with more information to add to it.

Parameters

hash	the hash that is updated.
data	data to add.
len	length of data.

Returns

false on failure.

Referenced by zonemd_digest_update().

secalgo_hash_final()

int secalgo_hash_final	(	struct secalgo_hash *	hash,
		uint8_t *	result,
		size_t	maxlen,
		size_t *	resultlen
	)

Get the final result of the hash.

Parameters

hash	the hash that has had updates to it.
result	where to store the result.
maxlen	length of the result buffer, eg. size of the allocation. If not large enough the routine fails.
resultlen	the length of the result, returned to the caller. How much of maxlen is used.

Returns

false on failure.

Referenced by zonemd_digest_finish().

secalgo_hash_delete()

void secalgo_hash_delete

(

struct secalgo_hash *

hash

)

Delete the hash structure.

Parameters

hash	the hash to delete.

Referenced by auth_zone_generate_zonemd_hash().

ds_digest_size_supported()

size_t ds_digest_size_supported

(

int

algo

)

Return size of DS digest according to its hash algorithm.

Parameters

algo	DS digest algo.

Returns

size in bytes of digest, or 0 if not supported.

Referenced by ds_digest_size_algo().

secalgo_ds_digest()

int secalgo_ds_digest	(	int	algo,
		unsigned char *	buf,
		size_t	len,
		unsigned char *	res
	)

Parameters

algo	the DS digest algo
buf	the buffer to digest
len	length of buffer to digest.
res	result stored here (must have sufficient space).

Returns

false on failure.

Referenced by ds_create_dnskey_digest().

verify_canonrrset()

enum sec_status verify_canonrrset	(	struct sldns_buffer *	buf,
		int	algo,
		unsigned char *	sigblock,
		unsigned int	sigblock_len,
		unsigned char *	key,
		unsigned int	keylen,
		char **	reason
	)

Check a canonical sig+rrset and signature against a dnskey.

Parameters

buf	buffer with data to verify, the first rrsig part and the canonicalized rrset.
algo	DNSKEY algorithm.
sigblock	signature rdata field from RRSIG
sigblock_len	length of sigblock data.
key	public key data from DNSKEY RR.
keylen	length of keydata.
reason	bogus reason in more detail.

Returns

secure if verification succeeded, bogus on crypto failure, unchecked on format errors and alloc failures.