unbound  0.1
Functions
val_secalgo.h File Reference

This file contains helper functions for the validator module. More...

Functions

size_t nsec3_hash_algo_size_supported (int id)
 Return size of nsec3 hash algorithm, 0 if not supported.
 
int secalgo_nsec3_hash (int algo, unsigned char *buf, size_t len, unsigned char *res)
 Hash a single hash call of an NSEC3 hash algorithm. More...
 
void secalgo_hash_sha256 (unsigned char *buf, size_t len, unsigned char *res)
 Calculate the sha256 hash for the data buffer into the result. More...
 
size_t ds_digest_size_supported (int algo)
 Return size of DS digest according to its hash algorithm. More...
 
int secalgo_ds_digest (int algo, unsigned char *buf, size_t len, unsigned char *res)
 
int dnskey_algo_id_is_supported (int id)
 return true if DNSKEY algorithm id is supported
 
enum sec_status verify_canonrrset (struct sldns_buffer *buf, int algo, unsigned char *sigblock, unsigned int sigblock_len, unsigned char *key, unsigned int keylen, char **reason)
 Check a canonical sig+rrset and signature against a dnskey. More...
 

Detailed Description

This file contains helper functions for the validator module.

The functions take buffers with raw data and convert to library calls.

Function Documentation

◆ secalgo_nsec3_hash()

int secalgo_nsec3_hash ( int  algo,
unsigned char *  buf,
size_t  len,
unsigned char *  res 
)

Hash a single hash call of an NSEC3 hash algorithm.

Iterations and salt are done by the caller.

Parameters
algonsec3 hash algorithm.
bufthe buffer to digest
lenlength of buffer to digest.
resresult stored here (must have sufficient space).
Returns
false on failure.

Referenced by az_nsec3_hash(), nsec3_calc_hash(), and nsec3_get_hashed().

◆ secalgo_hash_sha256()

void secalgo_hash_sha256 ( unsigned char *  buf,
size_t  len,
unsigned char *  res 
)

Calculate the sha256 hash for the data buffer into the result.

Parameters
bufbuffer to digest.
lenlength of the buffer to digest.
resresult is stored here (space 256/8 bytes).

◆ ds_digest_size_supported()

size_t ds_digest_size_supported ( int  algo)

Return size of DS digest according to its hash algorithm.

Parameters
algoDS digest algo.
Returns
size in bytes of digest, or 0 if not supported.

Referenced by ds_digest_size_algo().

◆ secalgo_ds_digest()

int secalgo_ds_digest ( int  algo,
unsigned char *  buf,
size_t  len,
unsigned char *  res 
)
Parameters
algothe DS digest algo
bufthe buffer to digest
lenlength of buffer to digest.
resresult stored here (must have sufficient space).
Returns
false on failure.

Referenced by ds_create_dnskey_digest().

◆ verify_canonrrset()

enum sec_status verify_canonrrset ( struct sldns_buffer buf,
int  algo,
unsigned char *  sigblock,
unsigned int  sigblock_len,
unsigned char *  key,
unsigned int  keylen,
char **  reason 
)

Check a canonical sig+rrset and signature against a dnskey.

Parameters
bufbuffer with data to verify, the first rrsig part and the canonicalized rrset.
algoDNSKEY algorithm.
sigblocksignature rdata field from RRSIG
sigblock_lenlength of sigblock data.
keypublic key data from DNSKEY RR.
keylenlength of keydata.
reasonbogus reason in more detail.
Returns
secure if verification succeeded, bogus on crypto failure, unchecked on format errors and alloc failures.