54 #error "Need crypto library to do digital signature cryptography"
399  * @param sig: input is signature output alloced ptr (unless failure).
448  * Setup the ECDSA signature in its encoding that the library wants.
450  * @param sig: input is signature, output alloced ptr (unless failure).
718  * Check a canonical sig+rrset and signature against a dnskey
722  * @param sigblock: signature rdata field from RRSIG
757 	/* if it is a DSA signature in bind format, convert to DER format */
777 			*reason = "use of signature for ECDSA crypto failed";
785 	/* do the signature cryptography work */
835 		verbose(VERB_QUERY, "verify: signature mismatch");
836 		*reason = "signature crypto failed";
1362  * Check a canonical sig+rrset and signature against a dnskey
1366  * @param sigblock: signature rdata field from RRSIG
1410 				*reason = "signature DER decode failed";
1425 	/* do the signature cryptography work */
1452 	/* verify the signature */
1469 		 * for a bad signature from NSS.  Thus we return bogus,
1471 		*reason = "signature crypto failed";
1474 	verbose(VERB_QUERY, "verify: signature mismatch: %s",
1476 	*reason = "signature crypto failed";
1760 	struct dsa_signature signature;
1763 	/* Extract DSA signature from the record */
1764 	nettle_dsa_signature_init(&signature);
1768 			return "invalid T value in DSA signature or pubkey";
1769 		nettle_mpz_set_str_256_u(signature.r, 20, sigblock+1);
1770 		nettle_mpz_set_str_256_u(signature.s, 20, sigblock+1+20);
1778 			return "malformed DER encoded DSA signature";
1782 			return "malformed DER encoded DSA signature";
1783 		if(!asn1_der_get_bignum(&seq, signature.r, 20*8))
1784 			return "malformed DER encoded DSA signature";
1787 			return "malformed DER encoded DSA signature";
1788 		if(!asn1_der_get_bignum(&seq, signature.s, 20*8))
1789 			return "malformed DER encoded DSA signature";
1791 			return "malformed DER encoded DSA signature";
1825 	/* Digest content of "buf" and verify its DSA signature in "sigblock"*/
1828 	res &= dsa_sha1_verify_digest(&pubkey, digest, &signature);
1831 	nettle_dsa_signature_clear(&signature);
1834 		return "DSA signature verification failed";
1847 	mpz_t signature;
1878 	/* Digest content of "buf" and verify its RSA signature in "sigblock"*/
1879 	nettle_mpz_init_set_str_256_u(signature, sigblock_len, (uint8_t*)sigblock);
1886 			res &= rsa_sha1_verify_digest(&pubkey, digest, signature);
1894 			res &= rsa_sha256_verify_digest(&pubkey, digest, signature);
1902 			res &= rsa_sha512_verify_digest(&pubkey, digest, signature);
1911 	mpz_clear(signature);
1913 		return "RSA signature verification failed";
1926 	struct dsa_signature signature;
1930 		return "wrong ECDSA signature length";
1933 	/* Parse ECDSA signature as per RFC 6605 sec. 4 */
1934 	nettle_dsa_signature_init(&signature);
1943 			nettle_mpz_set_str_256_u(signature.r, SHA256_DIGEST_SIZE, sigblock);
1944 			nettle_mpz_set_str_256_u(signature.s, SHA256_DIGEST_SIZE, sigblock+SHA256_DIGEST_SIZE);
1948 			res &= nettle_ecdsa_verify (&pubkey, SHA256_DIGEST_SIZE, digest, &signature);
1961 			nettle_mpz_set_str_256_u(signature.r, SHA384_DIGEST_SIZE, sigblock);
1962 			nettle_mpz_set_str_256_u(signature.s, SHA384_DIGEST_SIZE, sigblock+SHA384_DIGEST_SIZE);
1966 			res &= nettle_ecdsa_verify (&pubkey, SHA384_DIGEST_SIZE, digest, &signature);
1977 	nettle_dsa_signature_clear(&signature);
1979 		return "ECDSA signature verification failed";
1993 		return "wrong ED25519 signature length";
2003 		return "ED25519 signature verification failed";
2010  * Check a canonical sig+rrset and signature against a dnskey
2014  * @param sigblock: signature rdata field from RRSIG
2030 		*reason = "null signature";
2102 		*reason = "unable to verify signature, unknown algorithm";

Indexes created Mon Sep 09 02:09:33 MDT 2024