val_secalgo.c (287917) | val_secalgo.c (292206) |
---|---|
1/* 2 * validator/val_secalgo.c - validator security algorithm functions. 3 * 4 * Copyright (c) 2012, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 30 unchanged lines hidden (view full) --- 39 * This file contains helper functions for the validator module. 40 * These functions take raw data buffers, formatted for crypto verification, 41 * and do the library calls (for the crypto library in use). 42 */ 43#include "config.h" 44/* packed_rrset on top to define enum types (forced by c99 standard) */ 45#include "util/data/packed_rrset.h" 46#include "validator/val_secalgo.h" | 1/* 2 * validator/val_secalgo.c - validator security algorithm functions. 3 * 4 * Copyright (c) 2012, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without --- 30 unchanged lines hidden (view full) --- 39 * This file contains helper functions for the validator module. 40 * These functions take raw data buffers, formatted for crypto verification, 41 * and do the library calls (for the crypto library in use). 42 */ 43#include "config.h" 44/* packed_rrset on top to define enum types (forced by c99 standard) */ 45#include "util/data/packed_rrset.h" 46#include "validator/val_secalgo.h" |
47#include "validator/val_nsec3.h" |
|
47#include "util/log.h" 48#include "sldns/rrdef.h" 49#include "sldns/keyraw.h" 50#include "sldns/sbuffer.h" 51 | 48#include "util/log.h" 49#include "sldns/rrdef.h" 50#include "sldns/keyraw.h" 51#include "sldns/sbuffer.h" 52 |
52#if !defined(HAVE_SSL) && !defined(HAVE_NSS) | 53#if !defined(HAVE_SSL) && !defined(HAVE_NSS) && !defined(HAVE_NETTLE) |
53#error "Need crypto library to do digital signature cryptography" 54#endif 55 56/* OpenSSL implementation */ 57#ifdef HAVE_SSL 58#ifdef HAVE_OPENSSL_ERR_H 59#include <openssl/err.h> 60#endif --- 5 unchanged lines hidden (view full) --- 66#ifdef HAVE_OPENSSL_CONF_H 67#include <openssl/conf.h> 68#endif 69 70#ifdef HAVE_OPENSSL_ENGINE_H 71#include <openssl/engine.h> 72#endif 73 | 54#error "Need crypto library to do digital signature cryptography" 55#endif 56 57/* OpenSSL implementation */ 58#ifdef HAVE_SSL 59#ifdef HAVE_OPENSSL_ERR_H 60#include <openssl/err.h> 61#endif --- 5 unchanged lines hidden (view full) --- 67#ifdef HAVE_OPENSSL_CONF_H 68#include <openssl/conf.h> 69#endif 70 71#ifdef HAVE_OPENSSL_ENGINE_H 72#include <openssl/engine.h> 73#endif 74 |
75/* return size of digest if supported, or 0 otherwise */ 76size_t 77nsec3_hash_algo_size_supported(int id) 78{ 79 switch(id) { 80 case NSEC3_HASH_SHA1: 81 return SHA_DIGEST_LENGTH; 82 default: 83 return 0; 84 } 85} 86 87/* perform nsec3 hash. return false on failure */ 88int 89secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, 90 unsigned char* res) 91{ 92 switch(algo) { 93 case NSEC3_HASH_SHA1: 94 (void)SHA1(buf, len, res); 95 return 1; 96 default: 97 return 0; 98 } 99} 100 |
|
74/** 75 * Return size of DS digest according to its hash algorithm. 76 * @param algo: DS digest algo. | 101/** 102 * Return size of DS digest according to its hash algorithm. 103 * @param algo: DS digest algo. |
77 * @return size in bytes of digest, or 0 if not supported. | 104 * @return size in bytes of digest, or 0 if not supported. |
78 */ 79size_t 80ds_digest_size_supported(int algo) 81{ 82 switch(algo) { 83#ifdef HAVE_EVP_SHA1 84 case LDNS_SHA1: 85 return SHA_DIGEST_LENGTH; --- 474 unchanged lines hidden (view full) --- 560#include "sechash.h" 561#include "pk11pub.h" 562#include "keyhi.h" 563#include "secerr.h" 564#include "cryptohi.h" 565/* nspr4 */ 566#include "prerror.h" 567 | 105 */ 106size_t 107ds_digest_size_supported(int algo) 108{ 109 switch(algo) { 110#ifdef HAVE_EVP_SHA1 111 case LDNS_SHA1: 112 return SHA_DIGEST_LENGTH; --- 474 unchanged lines hidden (view full) --- 587#include "sechash.h" 588#include "pk11pub.h" 589#include "keyhi.h" 590#include "secerr.h" 591#include "cryptohi.h" 592/* nspr4 */ 593#include "prerror.h" 594 |
595/* return size of digest if supported, or 0 otherwise */ |
|
568size_t | 596size_t |
597nsec3_hash_algo_size_supported(int id) 598{ 599 switch(id) { 600 case NSEC3_HASH_SHA1: 601 return SHA1_LENGTH; 602 default: 603 return 0; 604 } 605} 606 607/* perform nsec3 hash. return false on failure */ 608int 609secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, 610 unsigned char* res) 611{ 612 switch(algo) { 613 case NSEC3_HASH_SHA1: 614 (void)HASH_HashBuf(HASH_AlgSHA1, res, buf, (unsigned long)len); 615 return 1; 616 default: 617 return 0; 618 } 619} 620 621size_t |
|
569ds_digest_size_supported(int algo) 570{ 571 /* uses libNSS */ 572 switch(algo) { 573 case LDNS_SHA1: 574 return SHA1_LENGTH; 575#ifdef USE_SHA2 576 case LDNS_SHA256: --- 487 unchanged lines hidden (view full) --- 1064 return sec_status_bogus; 1065 } 1066 verbose(VERB_QUERY, "verify: signature mismatch: %s", 1067 PORT_ErrorToString(err)); 1068 *reason = "signature crypto failed"; 1069 return sec_status_bogus; 1070} 1071 | 622ds_digest_size_supported(int algo) 623{ 624 /* uses libNSS */ 625 switch(algo) { 626 case LDNS_SHA1: 627 return SHA1_LENGTH; 628#ifdef USE_SHA2 629 case LDNS_SHA256: --- 487 unchanged lines hidden (view full) --- 1117 return sec_status_bogus; 1118 } 1119 verbose(VERB_QUERY, "verify: signature mismatch: %s", 1120 PORT_ErrorToString(err)); 1121 *reason = "signature crypto failed"; 1122 return sec_status_bogus; 1123} 1124 |
1125#elif defined(HAVE_NETTLE) |
|
1072 | 1126 |
1073#endif /* HAVE_SSL or HAVE_NSS */ | 1127#include "sha.h" 1128#include "bignum.h" 1129#include "macros.h" 1130#include "rsa.h" 1131#include "dsa.h" 1132#include "asn1.h" 1133#ifdef USE_ECDSA 1134#include "ecdsa.h" 1135#include "ecc-curve.h" 1136#endif 1137 1138static int 1139_digest_nettle(int algo, uint8_t* buf, size_t len, 1140 unsigned char* res) 1141{ 1142 switch(algo) { 1143 case SHA1_DIGEST_SIZE: 1144 { 1145 struct sha1_ctx ctx; 1146 sha1_init(&ctx); 1147 sha1_update(&ctx, len, buf); 1148 sha1_digest(&ctx, SHA1_DIGEST_SIZE, res); 1149 return 1; 1150 } 1151 case SHA256_DIGEST_SIZE: 1152 { 1153 struct sha256_ctx ctx; 1154 sha256_init(&ctx); 1155 sha256_update(&ctx, len, buf); 1156 sha256_digest(&ctx, SHA256_DIGEST_SIZE, res); 1157 return 1; 1158 } 1159 case SHA384_DIGEST_SIZE: 1160 { 1161 struct sha384_ctx ctx; 1162 sha384_init(&ctx); 1163 sha384_update(&ctx, len, buf); 1164 sha384_digest(&ctx, SHA384_DIGEST_SIZE, res); 1165 return 1; 1166 } 1167 case SHA512_DIGEST_SIZE: 1168 { 1169 struct sha512_ctx ctx; 1170 sha512_init(&ctx); 1171 sha512_update(&ctx, len, buf); 1172 sha512_digest(&ctx, SHA512_DIGEST_SIZE, res); 1173 return 1; 1174 } 1175 default: 1176 break; 1177 } 1178 return 0; 1179} 1180 1181/* return size of digest if supported, or 0 otherwise */ 1182size_t 1183nsec3_hash_algo_size_supported(int id) 1184{ 1185 switch(id) { 1186 case NSEC3_HASH_SHA1: 1187 return SHA1_DIGEST_SIZE; 1188 default: 1189 return 0; 1190 } 1191} 1192 1193/* perform nsec3 hash. return false on failure */ 1194int 1195secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, 1196 unsigned char* res) 1197{ 1198 switch(algo) { 1199 case NSEC3_HASH_SHA1: 1200 return _digest_nettle(SHA1_DIGEST_SIZE, (uint8_t*)buf, len, 1201 res); 1202 default: 1203 return 0; 1204 } 1205} 1206 1207/** 1208 * Return size of DS digest according to its hash algorithm. 1209 * @param algo: DS digest algo. 1210 * @return size in bytes of digest, or 0 if not supported. 1211 */ 1212size_t 1213ds_digest_size_supported(int algo) 1214{ 1215 switch(algo) { 1216 case LDNS_SHA1: 1217 return SHA1_DIGEST_SIZE; 1218#ifdef USE_SHA2 1219 case LDNS_SHA256: 1220 return SHA256_DIGEST_SIZE; 1221#endif 1222#ifdef USE_ECDSA 1223 case LDNS_SHA384: 1224 return SHA384_DIGEST_SIZE; 1225#endif 1226 /* GOST not supported */ 1227 case LDNS_HASH_GOST: 1228 default: 1229 break; 1230 } 1231 return 0; 1232} 1233 1234int 1235secalgo_ds_digest(int algo, unsigned char* buf, size_t len, 1236 unsigned char* res) 1237{ 1238 switch(algo) { 1239 case LDNS_SHA1: 1240 return _digest_nettle(SHA1_DIGEST_SIZE, buf, len, res); 1241#if defined(USE_SHA2) 1242 case LDNS_SHA256: 1243 return _digest_nettle(SHA256_DIGEST_SIZE, buf, len, res); 1244#endif 1245#ifdef USE_ECDSA 1246 case LDNS_SHA384: 1247 return _digest_nettle(SHA384_DIGEST_SIZE, buf, len, res); 1248 1249#endif 1250 case LDNS_HASH_GOST: 1251 default: 1252 verbose(VERB_QUERY, "unknown DS digest algorithm %d", 1253 algo); 1254 break; 1255 } 1256 return 0; 1257} 1258 1259int 1260dnskey_algo_id_is_supported(int id) 1261{ 1262 /* uses libnettle */ 1263 switch(id) { 1264 case LDNS_DSA: 1265 case LDNS_DSA_NSEC3: 1266 case LDNS_RSASHA1: 1267 case LDNS_RSASHA1_NSEC3: 1268#ifdef USE_SHA2 1269 case LDNS_RSASHA256: 1270 case LDNS_RSASHA512: 1271#endif 1272#ifdef USE_ECDSA 1273 case LDNS_ECDSAP256SHA256: 1274 case LDNS_ECDSAP384SHA384: 1275#endif 1276 return 1; 1277 case LDNS_RSAMD5: /* RFC 6725 deprecates RSAMD5 */ 1278 case LDNS_ECC_GOST: 1279 default: 1280 return 0; 1281 } 1282} 1283 1284static char * 1285_verify_nettle_dsa(sldns_buffer* buf, unsigned char* sigblock, 1286 unsigned int sigblock_len, unsigned char* key, unsigned int keylen) 1287{ 1288 uint8_t digest[SHA1_DIGEST_SIZE]; 1289 uint8_t key_t; 1290 int res = 0; 1291 size_t offset; 1292 struct dsa_public_key pubkey; 1293 struct dsa_signature signature; 1294 unsigned int expected_len; 1295 1296 /* Extract DSA signature from the record */ 1297 nettle_dsa_signature_init(&signature); 1298 /* Signature length: 41 bytes - RFC 2536 sec. 3 */ 1299 if(sigblock_len == 41) { 1300 if(key[0] != sigblock[0]) 1301 return "invalid T value in DSA signature or pubkey"; 1302 nettle_mpz_set_str_256_u(signature.r, 20, sigblock+1); 1303 nettle_mpz_set_str_256_u(signature.s, 20, sigblock+1+20); 1304 } else { 1305 /* DER encoded, decode the ASN1 notated R and S bignums */ 1306 /* SEQUENCE { r INTEGER, s INTEGER } */ 1307 struct asn1_der_iterator i, seq; 1308 if(asn1_der_iterator_first(&i, sigblock_len, 1309 (uint8_t*)sigblock) != ASN1_ITERATOR_CONSTRUCTED 1310 || i.type != ASN1_SEQUENCE) 1311 return "malformed DER encoded DSA signature"; 1312 /* decode this element of i using the seq iterator */ 1313 if(asn1_der_decode_constructed(&i, &seq) != 1314 ASN1_ITERATOR_PRIMITIVE || seq.type != ASN1_INTEGER) 1315 return "malformed DER encoded DSA signature"; 1316 if(!asn1_der_get_bignum(&seq, signature.r, 20*8)) 1317 return "malformed DER encoded DSA signature"; 1318 if(asn1_der_iterator_next(&seq) != ASN1_ITERATOR_PRIMITIVE 1319 || seq.type != ASN1_INTEGER) 1320 return "malformed DER encoded DSA signature"; 1321 if(!asn1_der_get_bignum(&seq, signature.s, 20*8)) 1322 return "malformed DER encoded DSA signature"; 1323 if(asn1_der_iterator_next(&i) != ASN1_ITERATOR_END) 1324 return "malformed DER encoded DSA signature"; 1325 } 1326 1327 /* Validate T values constraints - RFC 2536 sec. 2 & sec. 3 */ 1328 key_t = key[0]; 1329 if (key_t > 8) { 1330 return "invalid T value in DSA pubkey"; 1331 } 1332 1333 /* Pubkey minimum length: 21 bytes - RFC 2536 sec. 2 */ 1334 if (keylen < 21) { 1335 return "DSA pubkey too short"; 1336 } 1337 1338 expected_len = 1 + /* T */ 1339 20 + /* Q */ 1340 (64 + key_t*8) + /* P */ 1341 (64 + key_t*8) + /* G */ 1342 (64 + key_t*8); /* Y */ 1343 if (keylen != expected_len ) { 1344 return "invalid DSA pubkey length"; 1345 } 1346 1347 /* Extract DSA pubkey from the record */ 1348 nettle_dsa_public_key_init(&pubkey); 1349 offset = 1; 1350 nettle_mpz_set_str_256_u(pubkey.q, 20, key+offset); 1351 offset += 20; 1352 nettle_mpz_set_str_256_u(pubkey.p, (64 + key_t*8), key+offset); 1353 offset += (64 + key_t*8); 1354 nettle_mpz_set_str_256_u(pubkey.g, (64 + key_t*8), key+offset); 1355 offset += (64 + key_t*8); 1356 nettle_mpz_set_str_256_u(pubkey.y, (64 + key_t*8), key+offset); 1357 1358 /* Digest content of "buf" and verify its DSA signature in "sigblock"*/ 1359 res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1360 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1361 res &= dsa_sha1_verify_digest(&pubkey, digest, &signature); 1362 1363 /* Clear and return */ 1364 nettle_dsa_signature_clear(&signature); 1365 nettle_dsa_public_key_clear(&pubkey); 1366 if (!res) 1367 return "DSA signature verification failed"; 1368 else 1369 return NULL; 1370} 1371 1372static char * 1373_verify_nettle_rsa(sldns_buffer* buf, unsigned int digest_size, char* sigblock, 1374 unsigned int sigblock_len, uint8_t* key, unsigned int keylen) 1375{ 1376 uint16_t exp_len = 0; 1377 size_t exp_offset = 0, mod_offset = 0; 1378 struct rsa_public_key pubkey; 1379 mpz_t signature; 1380 int res = 0; 1381 1382 /* RSA pubkey parsing as per RFC 3110 sec. 2 */ 1383 if( keylen <= 1) { 1384 return "null RSA key"; 1385 } 1386 if (key[0] != 0) { 1387 /* 1-byte length */ 1388 exp_len = key[0]; 1389 exp_offset = 1; 1390 } else { 1391 /* 1-byte NUL + 2-bytes exponent length */ 1392 if (keylen < 3) { 1393 return "incorrect RSA key length"; 1394 } 1395 exp_len = READ_UINT16(key+1); 1396 if (exp_len == 0) 1397 return "null RSA exponent length"; 1398 exp_offset = 3; 1399 } 1400 /* Check that we are not over-running input length */ 1401 if (keylen < exp_offset + exp_len + 1) { 1402 return "RSA key content shorter than expected"; 1403 } 1404 mod_offset = exp_offset + exp_len; 1405 nettle_rsa_public_key_init(&pubkey); 1406 pubkey.size = keylen - mod_offset; 1407 nettle_mpz_set_str_256_u(pubkey.e, exp_len, &key[exp_offset]); 1408 nettle_mpz_set_str_256_u(pubkey.n, pubkey.size, &key[mod_offset]); 1409 1410 /* Digest content of "buf" and verify its RSA signature in "sigblock"*/ 1411 nettle_mpz_init_set_str_256_u(signature, sigblock_len, (uint8_t*)sigblock); 1412 switch (digest_size) { 1413 case SHA1_DIGEST_SIZE: 1414 { 1415 uint8_t digest[SHA1_DIGEST_SIZE]; 1416 res = _digest_nettle(SHA1_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1417 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1418 res &= rsa_sha1_verify_digest(&pubkey, digest, signature); 1419 break; 1420 } 1421 case SHA256_DIGEST_SIZE: 1422 { 1423 uint8_t digest[SHA256_DIGEST_SIZE]; 1424 res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1425 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1426 res &= rsa_sha256_verify_digest(&pubkey, digest, signature); 1427 break; 1428 } 1429 case SHA512_DIGEST_SIZE: 1430 { 1431 uint8_t digest[SHA512_DIGEST_SIZE]; 1432 res = _digest_nettle(SHA512_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1433 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1434 res &= rsa_sha512_verify_digest(&pubkey, digest, signature); 1435 break; 1436 } 1437 default: 1438 break; 1439 } 1440 1441 /* Clear and return */ 1442 nettle_rsa_public_key_clear(&pubkey); 1443 mpz_clear(signature); 1444 if (!res) { 1445 return "RSA signature verification failed"; 1446 } else { 1447 return NULL; 1448 } 1449} 1450 1451#ifdef USE_ECDSA 1452static char * 1453_verify_nettle_ecdsa(sldns_buffer* buf, unsigned int digest_size, unsigned char* sigblock, 1454 unsigned int sigblock_len, unsigned char* key, unsigned int keylen) 1455{ 1456 int res = 0; 1457 struct ecc_point pubkey; 1458 struct dsa_signature signature; 1459 1460 /* Always matched strength, as per RFC 6605 sec. 1 */ 1461 if (sigblock_len != 2*digest_size || keylen != 2*digest_size) { 1462 return "wrong ECDSA signature length"; 1463 } 1464 1465 /* Parse ECDSA signature as per RFC 6605 sec. 4 */ 1466 nettle_dsa_signature_init(&signature); 1467 switch (digest_size) { 1468 case SHA256_DIGEST_SIZE: 1469 { 1470 uint8_t digest[SHA256_DIGEST_SIZE]; 1471 mpz_t x, y; 1472 nettle_ecc_point_init(&pubkey, &nettle_secp_256r1); 1473 nettle_mpz_init_set_str_256_u(x, SHA256_DIGEST_SIZE, key); 1474 nettle_mpz_init_set_str_256_u(y, SHA256_DIGEST_SIZE, key+SHA256_DIGEST_SIZE); 1475 nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock); 1476 nettle_mpz_set_str_256_u(signature.s, SHA256_DIGEST_SIZE, sigblock+SHA256_DIGEST_SIZE); 1477 res = _digest_nettle(SHA256_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1478 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1479 res &= nettle_ecc_point_set(&pubkey, x, y); 1480 res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature); 1481 mpz_clear(x); 1482 mpz_clear(y); 1483 break; 1484 } 1485 case SHA384_DIGEST_SIZE: 1486 { 1487 uint8_t digest[SHA384_DIGEST_SIZE]; 1488 mpz_t x, y; 1489 nettle_ecc_point_init(&pubkey, &nettle_secp_384r1); 1490 nettle_mpz_init_set_str_256_u(x, SHA384_DIGEST_SIZE, key); 1491 nettle_mpz_init_set_str_256_u(y, SHA384_DIGEST_SIZE, key+SHA384_DIGEST_SIZE); 1492 nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock); 1493 nettle_mpz_set_str_256_u(signature.s, SHA384_DIGEST_SIZE, sigblock+SHA384_DIGEST_SIZE); 1494 res = _digest_nettle(SHA384_DIGEST_SIZE, (unsigned char*)sldns_buffer_begin(buf), 1495 (unsigned int)sldns_buffer_limit(buf), (unsigned char*)digest); 1496 res &= nettle_ecc_point_set(&pubkey, x, y); 1497 res &= nettle_ecdsa_verify (&pubkey, SHA384_DIGEST_SIZE, digest, &signature); 1498 mpz_clear(x); 1499 mpz_clear(y); 1500 nettle_ecc_point_clear(&pubkey); 1501 break; 1502 } 1503 default: 1504 return "unknown ECDSA algorithm"; 1505 } 1506 1507 /* Clear and return */ 1508 nettle_dsa_signature_clear(&signature); 1509 if (!res) 1510 return "ECDSA signature verification failed"; 1511 else 1512 return NULL; 1513} 1514#endif 1515 1516/** 1517 * Check a canonical sig+rrset and signature against a dnskey 1518 * @param buf: buffer with data to verify, the first rrsig part and the 1519 * canonicalized rrset. 1520 * @param algo: DNSKEY algorithm. 1521 * @param sigblock: signature rdata field from RRSIG 1522 * @param sigblock_len: length of sigblock data. 1523 * @param key: public key data from DNSKEY RR. 1524 * @param keylen: length of keydata. 1525 * @param reason: bogus reason in more detail. 1526 * @return secure if verification succeeded, bogus on crypto failure, 1527 * unchecked on format errors and alloc failures. 1528 */ 1529enum sec_status 1530verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, 1531 unsigned int sigblock_len, unsigned char* key, unsigned int keylen, 1532 char** reason) 1533{ 1534 unsigned int digest_size = 0; 1535 1536 if (sigblock_len == 0 || keylen == 0) { 1537 *reason = "null signature"; 1538 return sec_status_bogus; 1539 } 1540 1541 switch(algo) { 1542 case LDNS_DSA: 1543 case LDNS_DSA_NSEC3: 1544 *reason = _verify_nettle_dsa(buf, sigblock, sigblock_len, key, keylen); 1545 if (*reason != NULL) 1546 return sec_status_bogus; 1547 else 1548 return sec_status_secure; 1549 1550 case LDNS_RSASHA1: 1551 case LDNS_RSASHA1_NSEC3: 1552 digest_size = (digest_size ? digest_size : SHA1_DIGEST_SIZE); 1553#ifdef USE_SHA2 1554 case LDNS_RSASHA256: 1555 digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); 1556 case LDNS_RSASHA512: 1557 digest_size = (digest_size ? digest_size : SHA512_DIGEST_SIZE); 1558 1559#endif 1560 *reason = _verify_nettle_rsa(buf, digest_size, (char*)sigblock, 1561 sigblock_len, key, keylen); 1562 if (*reason != NULL) 1563 return sec_status_bogus; 1564 else 1565 return sec_status_secure; 1566 1567#ifdef USE_ECDSA 1568 case LDNS_ECDSAP256SHA256: 1569 digest_size = (digest_size ? digest_size : SHA256_DIGEST_SIZE); 1570 case LDNS_ECDSAP384SHA384: 1571 digest_size = (digest_size ? digest_size : SHA384_DIGEST_SIZE); 1572 *reason = _verify_nettle_ecdsa(buf, digest_size, sigblock, 1573 sigblock_len, key, keylen); 1574 if (*reason != NULL) 1575 return sec_status_bogus; 1576 else 1577 return sec_status_secure; 1578#endif 1579 case LDNS_RSAMD5: 1580 case LDNS_ECC_GOST: 1581 default: 1582 *reason = "unable to verify signature, unknown algorithm"; 1583 return sec_status_bogus; 1584 } 1585} 1586 1587#endif /* HAVE_SSL or HAVE_NSS or HAVE_NETTLE */ |