val_secalgo.h revision 249136
1249136Sdes/* 2249136Sdes * validator/val_secalgo.h - validator security algorithm functions. 3249136Sdes * 4249136Sdes * Copyright (c) 2012, NLnet Labs. All rights reserved. 5249136Sdes * 6249136Sdes * This software is open source. 7249136Sdes * 8249136Sdes * Redistribution and use in source and binary forms, with or without 9249136Sdes * modification, are permitted provided that the following conditions 10249136Sdes * are met: 11249136Sdes * 12249136Sdes * Redistributions of source code must retain the above copyright notice, 13249136Sdes * this list of conditions and the following disclaimer. 14249136Sdes * 15249136Sdes * Redistributions in binary form must reproduce the above copyright notice, 16249136Sdes * this list of conditions and the following disclaimer in the documentation 17249136Sdes * and/or other materials provided with the distribution. 18249136Sdes * 19249136Sdes * Neither the name of the NLNET LABS nor the names of its contributors may 20249136Sdes * be used to endorse or promote products derived from this software without 21249136Sdes * specific prior written permission. 22249136Sdes * 23249136Sdes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24249136Sdes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25249136Sdes * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26249136Sdes * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27249136Sdes * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28249136Sdes * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29249136Sdes * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30249136Sdes * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31249136Sdes * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32249136Sdes * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33249136Sdes * POSSIBILITY OF SUCH DAMAGE. 34249136Sdes */ 35249136Sdes 36249136Sdes/** 37249136Sdes * \file 38249136Sdes * 39249136Sdes * This file contains helper functions for the validator module. 40249136Sdes * The functions take buffers with raw data and convert to library calls. 41249136Sdes */ 42249136Sdes 43249136Sdes#ifndef VALIDATOR_VAL_SECALGO_H 44249136Sdes#define VALIDATOR_VAL_SECALGO_H 45249136Sdes 46249136Sdes/** 47249136Sdes * Return size of DS digest according to its hash algorithm. 48249136Sdes * @param algo: DS digest algo. 49249136Sdes * @return size in bytes of digest, or 0 if not supported. 50249136Sdes */ 51249136Sdessize_t ds_digest_size_supported(int algo); 52249136Sdes 53249136Sdes/** 54249136Sdes * @param algo: the DS digest algo 55249136Sdes * @param buf: the buffer to digest 56249136Sdes * @param len: length of buffer to digest. 57249136Sdes * @param res: result stored here (must have sufficient space). 58249136Sdes * @return false on failure. 59249136Sdes */ 60249136Sdesint secalgo_ds_digest(int algo, unsigned char* buf, size_t len, 61249136Sdes unsigned char* res); 62249136Sdes 63249136Sdes/** return true if DNSKEY algorithm id is supported */ 64249136Sdesint dnskey_algo_id_is_supported(int id); 65249136Sdes 66249136Sdes/** 67249136Sdes * Check a canonical sig+rrset and signature against a dnskey 68249136Sdes * @param buf: buffer with data to verify, the first rrsig part and the 69249136Sdes * canonicalized rrset. 70249136Sdes * @param algo: DNSKEY algorithm. 71249136Sdes * @param sigblock: signature rdata field from RRSIG 72249136Sdes * @param sigblock_len: length of sigblock data. 73249136Sdes * @param key: public key data from DNSKEY RR. 74249136Sdes * @param keylen: length of keydata. 75249136Sdes * @param reason: bogus reason in more detail. 76249136Sdes * @return secure if verification succeeded, bogus on crypto failure, 77249136Sdes * unchecked on format errors and alloc failures. 78249136Sdes */ 79249136Sdesenum sec_status verify_canonrrset(ldns_buffer* buf, int algo, 80249136Sdes unsigned char* sigblock, unsigned int sigblock_len, 81249136Sdes unsigned char* key, unsigned int keylen, char** reason); 82249136Sdes 83249136Sdes#endif /* VALIDATOR_VAL_SECALGO_H */ 84