val_secalgo.h File Reference

Functions

size_t nsec3_hash_algo_size_supported (int id)
 Return size of nsec3 hash algorithm, 0 if not supported.
 
int secalgo_nsec3_hash (int algo, unsigned char *buf, size_t len, unsigned char *res)
 Hash a single hash call of an NSEC3 hash algorithm. More...
 
void secalgo_hash_sha256 (unsigned char *buf, size_t len, unsigned char *res)
 Calculate the sha256 hash for the data buffer into the result. More...
 
struct secalgo_hash * secalgo_hash_create_sha384 (void)
 Start a hash of type sha384. More...
 
struct secalgo_hash * secalgo_hash_create_sha512 (void)
 Start a hash of type sha512. More...
 
int secalgo_hash_update (struct secalgo_hash *hash, uint8_t *data, size_t len)
 Update a hash with more information to add to it. More...
 
int secalgo_hash_final (struct secalgo_hash *hash, uint8_t *result, size_t maxlen, size_t *resultlen)
 Get the final result of the hash. More...
 
void secalgo_hash_delete (struct secalgo_hash *hash)
 Delete the hash structure. More...
 
size_t ds_digest_size_supported (int algo)
 Return size of DS digest according to its hash algorithm. More...
 
int secalgo_ds_digest (int algo, unsigned char *buf, size_t len, unsigned char *res)
 
int dnskey_algo_id_is_supported (int id)
 return true if DNSKEY algorithm id is supported
 
enum sec_status verify_canonrrset (struct sldns_buffer *buf, int algo, unsigned char *sigblock, unsigned int sigblock_len, unsigned char *key, unsigned int keylen, char **reason)
 Check a canonical sig+rrset and signature against a dnskey. More...
 

Detailed Description

This file contains helper functions for the validator module. The functions take buffers with raw data and convert to library calls.

Function Documentation

◆ secalgo_nsec3_hash()

int secalgo_nsec3_hash ( int  algo,
unsigned char *  buf,
size_t  len,
unsigned char *  res 
)

Hash a single hash call of an NSEC3 hash algorithm.

Iterations and salt are done by the caller.

Parameters
algonsec3 hash algorithm.
bufthe buffer to digest
lenlength of buffer to digest.
resresult stored here (must have sufficient space).
Returns
false on failure.

Referenced by az_nsec3_hash(), nsec3_calc_hash(), and nsec3_get_hashed().

◆ secalgo_hash_sha256()

void secalgo_hash_sha256 ( unsigned char *  buf,
size_t  len,
unsigned char *  res 
)

Calculate the sha256 hash for the data buffer into the result.

Parameters
bufbuffer to digest.
lenlength of the buffer to digest.
resresult is stored here (space 256/8 bytes).

◆ secalgo_hash_create_sha384()

struct secalgo_hash* secalgo_hash_create_sha384 ( void  )

Start a hash of type sha384.

Allocates structure, then inits it, so that a series of updates can be performed, before the final result.

Returns
hash structure. NULL on malloc failure or no support.

Referenced by zonemd_digest_init().

◆ secalgo_hash_create_sha512()

struct secalgo_hash* secalgo_hash_create_sha512 ( void  )

Start a hash of type sha512.

Allocates structure, then inits it, so that a series of updates can be performed, before the final result.

Returns
hash structure. NULL on malloc failure or no support.

Referenced by zonemd_digest_init().

◆ secalgo_hash_update()

int secalgo_hash_update ( struct secalgo_hash *  hash,
uint8_t *  data,
size_t  len 
)

Update a hash with more information to add to it.

Parameters
hashthe hash that is updated.
datadata to add.
lenlength of data.
Returns
false on failure.

Referenced by zonemd_digest_update().

◆ secalgo_hash_final()

int secalgo_hash_final ( struct secalgo_hash *  hash,
uint8_t *  result,
size_t  maxlen,
size_t *  resultlen 
)

Get the final result of the hash.

Parameters
hashthe hash that has had updates to it.
resultwhere to store the result.
maxlenlength of the result buffer, eg. size of the allocation. If not large enough the routine fails.
resultlenthe length of the result, returned to the caller. How much of maxlen is used.
Returns
false on failure.

Referenced by zonemd_digest_finish().

◆ secalgo_hash_delete()

void secalgo_hash_delete ( struct secalgo_hash *  hash)

Delete the hash structure.

Parameters
hashthe hash to delete.

Referenced by auth_zone_generate_zonemd_hash().

◆ ds_digest_size_supported()

size_t ds_digest_size_supported ( int  algo)

Return size of DS digest according to its hash algorithm.

Parameters
algoDS digest algo.
Returns
size in bytes of digest, or 0 if not supported.

Referenced by ds_digest_size_algo().

◆ secalgo_ds_digest()

int secalgo_ds_digest ( int  algo,
unsigned char *  buf,
size_t  len,
unsigned char *  res 
)
Parameters
algothe DS digest algo
bufthe buffer to digest
lenlength of buffer to digest.
resresult stored here (must have sufficient space).
Returns
false on failure.

Referenced by ds_create_dnskey_digest().

◆ verify_canonrrset()

enum sec_status verify_canonrrset ( struct sldns_buffer buf,
int  algo,
unsigned char *  sigblock,
unsigned int  sigblock_len,
unsigned char *  key,
unsigned int  keylen,
char **  reason 
)

Check a canonical sig+rrset and signature against a dnskey.

Parameters
bufbuffer with data to verify, the first rrsig part and the canonicalized rrset.
algoDNSKEY algorithm.
sigblocksignature rdata field from RRSIG
sigblock_lenlength of sigblock data.
keypublic key data from DNSKEY RR.
keylenlength of keydata.
reasonbogus reason in more detail.
Returns
secure if verification succeeded, bogus on crypto failure, unchecked on format errors and alloc failures.