val_sigcrypt.h

Go to the documentation of this file.

/*
 * validator/val_sigcrypt.h - validator signature crypto functions.
 *
 * Copyright (c) 2007, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

 
#ifndef VALIDATOR_VAL_SIGCRYPT_H
#define VALIDATOR_VAL_SIGCRYPT_H
#include "util/data/packed_rrset.h"
#include "sldns/pkthdr.h"
struct val_env;
struct module_env;
struct module_qstate;
struct ub_packed_rrset_key;
struct rbtree_type;
struct regional;
struct sldns_buffer;

#define ALGO_NEEDS_MAX 256

struct algo_needs {
    uint8_t needs[ALGO_NEEDS_MAX];
    size_t num;
};

void algo_needs_init_dnskey_add(struct algo_needs* n,
    struct ub_packed_rrset_key* dnskey, uint8_t* sigalg);

void algo_needs_init_list(struct algo_needs* n, uint8_t* sigalg);

void algo_needs_init_ds(struct algo_needs* n, struct ub_packed_rrset_key* ds,
    int fav_ds_algo, uint8_t* sigalg);

int algo_needs_set_secure(struct algo_needs* n, uint8_t algo);

void algo_needs_set_bogus(struct algo_needs* n, uint8_t algo);

size_t algo_needs_num_missing(struct algo_needs* n);

int algo_needs_missing(struct algo_needs* n);

void algo_needs_reason(struct module_env* env, int alg, char** reason, char* s);

int ds_digest_match_dnskey(struct module_env* env,
    struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
    struct ub_packed_rrset_key* ds_rrset, size_t ds_idx);

uint16_t dnskey_calc_keytag(struct ub_packed_rrset_key* dnskey_rrset, 
    size_t dnskey_idx);
 
uint16_t ds_get_keytag(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx);

int dnskey_algo_is_supported(struct ub_packed_rrset_key* dnskey_rrset, 
    size_t dnskey_idx);

int ds_digest_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, 
    size_t ds_idx);

int ds_get_digest_algo(struct ub_packed_rrset_key* ds_rrset, size_t ds_idx);

int ds_key_algo_is_supported(struct ub_packed_rrset_key* ds_rrset, 
    size_t ds_idx);

int ds_get_key_algo(struct ub_packed_rrset_key* k, size_t idx);

int dnskey_get_algo(struct ub_packed_rrset_key* k, size_t idx);

uint16_t dnskey_get_flags(struct ub_packed_rrset_key* k, size_t idx);

enum sec_status dnskeyset_verify_rrset(struct module_env* env, 
    struct val_env* ve, struct ub_packed_rrset_key* rrset, 
    struct ub_packed_rrset_key* dnskey, uint8_t* sigalg, char** reason,
    sldns_pkt_section section, struct module_qstate* qstate);

enum sec_status dnskey_verify_rrset(struct module_env* env, 
    struct val_env* ve, struct ub_packed_rrset_key* rrset, 
    struct ub_packed_rrset_key* dnskey, size_t dnskey_idx, char** reason,
    sldns_pkt_section section, struct module_qstate* qstate);

enum sec_status dnskeyset_verify_rrset_sig(struct module_env* env, 
    struct val_env* ve, time_t now, struct ub_packed_rrset_key* rrset, 
    struct ub_packed_rrset_key* dnskey, size_t sig_idx, 
    struct rbtree_type** sortree, char** reason, sldns_pkt_section section,
    struct module_qstate* qstate);

enum sec_status dnskey_verify_rrset_sig(struct regional* region, 
    struct sldns_buffer* buf, struct val_env* ve, time_t now,
    struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 
    size_t dnskey_idx, size_t sig_idx,
    struct rbtree_type** sortree, int* buf_canon, char** reason,
    sldns_pkt_section section, struct module_qstate* qstate);

int canonical_tree_compare(const void* k1, const void* k2);

int rrset_canonical_equal(struct regional* region,
    struct ub_packed_rrset_key* k1, struct ub_packed_rrset_key* k2);
 
#endif /* VALIDATOR_VAL_SIGCRYPT_H */