1249136Sdes/* 2249136Sdes * validator/val_secalgo.h - validator security algorithm functions. 3249136Sdes * 4249136Sdes * Copyright (c) 2012, NLnet Labs. All rights reserved. 5249136Sdes * 6249136Sdes * This software is open source. 7249136Sdes * 8249136Sdes * Redistribution and use in source and binary forms, with or without 9249136Sdes * modification, are permitted provided that the following conditions 10249136Sdes * are met: 11249136Sdes * 12249136Sdes * Redistributions of source code must retain the above copyright notice, 13249136Sdes * this list of conditions and the following disclaimer. 14249136Sdes * 15249136Sdes * Redistributions in binary form must reproduce the above copyright notice, 16249136Sdes * this list of conditions and the following disclaimer in the documentation 17249136Sdes * and/or other materials provided with the distribution. 18249136Sdes * 19249136Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20249136Sdes * be used to endorse or promote products derived from this software without 21249136Sdes * specific prior written permission. 22249136Sdes * 23249136Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24269257Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25269257Sdes * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26269257Sdes * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27269257Sdes * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28269257Sdes * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29269257Sdes * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30269257Sdes * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31269257Sdes * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32269257Sdes * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33269257Sdes * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34249136Sdes */ 35249136Sdes 36249136Sdes/** 37249136Sdes * \file 38249136Sdes * 39249136Sdes * This file contains helper functions for the validator module. 40249136Sdes * The functions take buffers with raw data and convert to library calls. 41249136Sdes */ 42249136Sdes 43249136Sdes#ifndef VALIDATOR_VAL_SECALGO_H 44249136Sdes#define VALIDATOR_VAL_SECALGO_H 45269257Sdesstruct sldns_buffer; 46249136Sdes 47294190Sdes/** Return size of nsec3 hash algorithm, 0 if not supported */ 48294190Sdessize_t nsec3_hash_algo_size_supported(int id); 49294190Sdes 50249136Sdes/** 51294190Sdes * Hash a single hash call of an NSEC3 hash algorithm. 52294190Sdes * Iterations and salt are done by the caller. 53294190Sdes * @param algo: nsec3 hash algorithm. 54294190Sdes * @param buf: the buffer to digest 55294190Sdes * @param len: length of buffer to digest. 56294190Sdes * @param res: result stored here (must have sufficient space). 57294190Sdes * @return false on failure. 58294190Sdes*/ 59294190Sdesint secalgo_nsec3_hash(int algo, unsigned char* buf, size_t len, 60294190Sdes unsigned char* res); 61294190Sdes 62294190Sdes/** 63249136Sdes * Return size of DS digest according to its hash algorithm. 64249136Sdes * @param algo: DS digest algo. 65249136Sdes * @return size in bytes of digest, or 0 if not supported. 66249136Sdes */ 67249136Sdessize_t ds_digest_size_supported(int algo); 68249136Sdes 69249136Sdes/** 70249136Sdes * @param algo: the DS digest algo 71249136Sdes * @param buf: the buffer to digest 72249136Sdes * @param len: length of buffer to digest. 73249136Sdes * @param res: result stored here (must have sufficient space). 74249136Sdes * @return false on failure. 75249136Sdes */ 76249136Sdesint secalgo_ds_digest(int algo, unsigned char* buf, size_t len, 77249136Sdes unsigned char* res); 78249136Sdes 79249136Sdes/** return true if DNSKEY algorithm id is supported */ 80249136Sdesint dnskey_algo_id_is_supported(int id); 81249136Sdes 82249136Sdes/** 83249136Sdes * Check a canonical sig+rrset and signature against a dnskey 84249136Sdes * @param buf: buffer with data to verify, the first rrsig part and the 85249136Sdes * canonicalized rrset. 86249136Sdes * @param algo: DNSKEY algorithm. 87249136Sdes * @param sigblock: signature rdata field from RRSIG 88249136Sdes * @param sigblock_len: length of sigblock data. 89249136Sdes * @param key: public key data from DNSKEY RR. 90249136Sdes * @param keylen: length of keydata. 91249136Sdes * @param reason: bogus reason in more detail. 92249136Sdes * @return secure if verification succeeded, bogus on crypto failure, 93249136Sdes * unchecked on format errors and alloc failures. 94249136Sdes */ 95269257Sdesenum sec_status verify_canonrrset(struct sldns_buffer* buf, int algo, 96249136Sdes unsigned char* sigblock, unsigned int sigblock_len, 97249136Sdes unsigned char* key, unsigned int keylen, char** reason); 98249136Sdes 99249136Sdes#endif /* VALIDATOR_VAL_SECALGO_H */ 100