|
Electroneum
|

Go to the source code of this file.
Classes | |
| struct | algo_needs |
Macros | |
| #define | ALGO_NEEDS_MAX 256 |
Functions | |
| void | algo_needs_init_dnskey_add (struct algo_needs *n, struct ub_packed_rrset_key *dnskey, uint8_t *sigalg) |
| void | algo_needs_init_list (struct algo_needs *n, uint8_t *sigalg) |
| void | algo_needs_init_ds (struct algo_needs *n, struct ub_packed_rrset_key *ds, int fav_ds_algo, uint8_t *sigalg) |
| int | algo_needs_set_secure (struct algo_needs *n, uint8_t algo) |
| void | algo_needs_set_bogus (struct algo_needs *n, uint8_t algo) |
| size_t | algo_needs_num_missing (struct algo_needs *n) |
| int | algo_needs_missing (struct algo_needs *n) |
| void | algo_needs_reason (struct module_env *env, int alg, char **reason, char *s) |
| int | ds_digest_match_dnskey (struct module_env *env, struct ub_packed_rrset_key *dnskey_rrset, size_t dnskey_idx, struct ub_packed_rrset_key *ds_rrset, size_t ds_idx) |
| uint16_t | dnskey_calc_keytag (struct ub_packed_rrset_key *dnskey_rrset, size_t dnskey_idx) |
| uint16_t | ds_get_keytag (struct ub_packed_rrset_key *ds_rrset, size_t ds_idx) |
| int | dnskey_algo_is_supported (struct ub_packed_rrset_key *dnskey_rrset, size_t dnskey_idx) |
| int | ds_digest_algo_is_supported (struct ub_packed_rrset_key *ds_rrset, size_t ds_idx) |
| int | ds_get_digest_algo (struct ub_packed_rrset_key *ds_rrset, size_t ds_idx) |
| int | ds_key_algo_is_supported (struct ub_packed_rrset_key *ds_rrset, size_t ds_idx) |
| int | ds_get_key_algo (struct ub_packed_rrset_key *k, size_t idx) |
| int | dnskey_get_algo (struct ub_packed_rrset_key *k, size_t idx) |
| uint16_t | dnskey_get_flags (struct ub_packed_rrset_key *k, size_t idx) |
| enum sec_status | dnskeyset_verify_rrset (struct module_env *env, struct val_env *ve, struct ub_packed_rrset_key *rrset, struct ub_packed_rrset_key *dnskey, uint8_t *sigalg, char **reason, sldns_pkt_section section, struct module_qstate *qstate) |
| enum sec_status | dnskey_verify_rrset (struct module_env *env, struct val_env *ve, struct ub_packed_rrset_key *rrset, struct ub_packed_rrset_key *dnskey, size_t dnskey_idx, char **reason, sldns_pkt_section section, struct module_qstate *qstate) |
| enum sec_status | dnskeyset_verify_rrset_sig (struct module_env *env, struct val_env *ve, time_t now, struct ub_packed_rrset_key *rrset, struct ub_packed_rrset_key *dnskey, size_t sig_idx, struct rbtree_type **sortree, char **reason, sldns_pkt_section section, struct module_qstate *qstate) |
| enum sec_status | dnskey_verify_rrset_sig (struct regional *region, struct sldns_buffer *buf, struct val_env *ve, time_t now, struct ub_packed_rrset_key *rrset, struct ub_packed_rrset_key *dnskey, size_t dnskey_idx, size_t sig_idx, struct rbtree_type **sortree, int *buf_canon, char **reason, sldns_pkt_section section, struct module_qstate *qstate) |
| int | canonical_tree_compare (const void *k1, const void *k2) |
| int | rrset_canonical_equal (struct regional *region, struct ub_packed_rrset_key *k1, struct ub_packed_rrset_key *k2) |
This file contains helper functions for the validator module. The functions help with signature verification and checking, the bridging between RR wireformat data and crypto calls.
Definition in file val_sigcrypt.h.
| #define ALGO_NEEDS_MAX 256 |
number of entries in algorithm needs array
Definition at line 57 of file val_sigcrypt.h.
| void algo_needs_init_dnskey_add | ( | struct algo_needs * | n, |
| struct ub_packed_rrset_key * | dnskey, | ||
| uint8_t * | sigalg | ||
| ) |
Initialize algo needs structure, set algos from rrset as needed. Results are added to an existing need structure.
| n | struct with storage. |
| dnskey | algos from this struct set as necessary. DNSKEY set. |
| sigalg | adds to signalled algorithm list too. |
| void algo_needs_init_ds | ( | struct algo_needs * | n, |
| struct ub_packed_rrset_key * | ds, | ||
| int | fav_ds_algo, | ||
| uint8_t * | sigalg | ||
| ) |
Initialize algo needs structure, set algos from rrset as needed.
| n | struct with storage. |
| ds | algos from this struct set as necessary. DS set. |
| fav_ds_algo | filter to use only this DS algo. |
| sigalg | list of signalled algos, constructed as output, provide size ALGO_NEEDS_MAX+1. list of algonumbers, ends with a zero. |
| void algo_needs_init_list | ( | struct algo_needs * | n, |
| uint8_t * | sigalg | ||
| ) |
Initialize algo needs structure from a signalled algo list.
| n | struct with storage. |
| sigalg | signalled algorithm list, numbers ends with 0. |
| int algo_needs_missing | ( | struct algo_needs * | n | ) |
See which algo is missing.
| n | struct after processing. |
| size_t algo_needs_num_missing | ( | struct algo_needs * | n | ) |
See how many algorithms are missing (not bogus or secure, but not processed)
| n | storage structure processed. |
| void algo_needs_reason | ( | struct module_env * | env, |
| int | alg, | ||
| char ** | reason, | ||
| char * | s | ||
| ) |
Format error reason for algorithm missing.
| env | module env with scratch for temp storage of string. |
| alg | DNSKEY-algorithm missing. |
| reason | destination. |
| s | string, appended with 'with algorithm ..'. |
| void algo_needs_set_bogus | ( | struct algo_needs * | n, |
| uint8_t | algo | ||
| ) |
Mark this algorithm a failure, sec_bogus. It can later be overridden by a success for this algorithm (with a different signature).
| n | storage structure processed. |
| algo | the algorithm processed to be bogus. |
| int algo_needs_set_secure | ( | struct algo_needs * | n, |
| uint8_t | algo | ||
| ) |
Mark this algorithm as a success, sec_secure, and see if we are done.
| n | storage structure processed. |
| algo | the algorithm processed to be secure. |
| int canonical_tree_compare | ( | const void * | k1, |
| const void * | k2 | ||
| ) |
canonical compare for two tree entries
| int dnskey_algo_is_supported | ( | struct ub_packed_rrset_key * | dnskey_rrset, |
| size_t | dnskey_idx | ||
| ) |
See if DNSKEY algorithm is supported
| dnskey_rrset | DNSKEY rrset. |
| dnskey_idx | index of RR in rrset. |
| uint16_t dnskey_calc_keytag | ( | struct ub_packed_rrset_key * | dnskey_rrset, |
| size_t | dnskey_idx | ||
| ) |
Get dnskey keytag, footprint value
| dnskey_rrset | DNSKEY rrset. |
| dnskey_idx | index of RR in rrset. |
| int dnskey_get_algo | ( | struct ub_packed_rrset_key * | k, |
| size_t | idx | ||
| ) |
Get DNSKEY RR signature algorithm
| k | DNSKEY rrset. |
| idx | which DNSKEY RR. |
| uint16_t dnskey_get_flags | ( | struct ub_packed_rrset_key * | k, |
| size_t | idx | ||
| ) |
Get DNSKEY RR flags
| k | DNSKEY rrset. |
| idx | which DNSKEY RR. |
| enum sec_status dnskey_verify_rrset | ( | struct module_env * | env, |
| struct val_env * | ve, | ||
| struct ub_packed_rrset_key * | rrset, | ||
| struct ub_packed_rrset_key * | dnskey, | ||
| size_t | dnskey_idx, | ||
| char ** | reason, | ||
| sldns_pkt_section | section, | ||
| struct module_qstate * | qstate | ||
| ) |
verify rrset against one specific dnskey (from rrset)
| env | module environment, scratch space is used. |
| ve | validator environment, date settings. |
| rrset | to be validated. |
| dnskey | DNSKEY rrset, keyset. |
| dnskey_idx | which key from the rrset to try. |
| reason | if bogus, a string returned, fixed or alloced in scratch. |
| section | section of packet where this rrset comes from. |
| qstate | qstate with region. |
| enum sec_status dnskey_verify_rrset_sig | ( | struct regional * | region, |
| struct sldns_buffer * | buf, | ||
| struct val_env * | ve, | ||
| time_t | now, | ||
| struct ub_packed_rrset_key * | rrset, | ||
| struct ub_packed_rrset_key * | dnskey, | ||
| size_t | dnskey_idx, | ||
| size_t | sig_idx, | ||
| struct rbtree_type ** | sortree, | ||
| int * | buf_canon, | ||
| char ** | reason, | ||
| sldns_pkt_section | section, | ||
| struct module_qstate * | qstate | ||
| ) |
verify rrset, with specific dnskey(from set), for a specific rrsig
| region | scratch region used for temporary allocation. |
| buf | scratch buffer used for canonicalized rrset data. |
| ve | validator environment, date settings. |
| now | current time for validation (can be overridden). |
| rrset | to be validated. |
| dnskey | DNSKEY rrset, keyset. |
| dnskey_idx | which key from the rrset to try. |
| sig_idx | which signature to try to validate. |
| sortree | pass NULL at start, the sorted rrset order is returned. pass it again for the same rrset. |
| buf_canon | if true, the buffer is already canonical. pass false at start. pass old value only for same rrset and same signature (but perhaps different key) for reuse. |
| reason | if bogus, a string returned, fixed or alloced in scratch. |
| section | section of packet where this rrset comes from. |
| qstate | qstate with region. |
| enum sec_status dnskeyset_verify_rrset | ( | struct module_env * | env, |
| struct val_env * | ve, | ||
| struct ub_packed_rrset_key * | rrset, | ||
| struct ub_packed_rrset_key * | dnskey, | ||
| uint8_t * | sigalg, | ||
| char ** | reason, | ||
| sldns_pkt_section | section, | ||
| struct module_qstate * | qstate | ||
| ) |
Verify rrset against dnskey rrset.
| env | module environment, scratch space is used. |
| ve | validator environment, date settings. |
| rrset | to be validated. |
| dnskey | DNSKEY rrset, keyset to try. |
| sigalg | if nonNULL provide downgrade protection otherwise one algorithm is enough. |
| reason | if bogus, a string returned, fixed or alloced in scratch. |
| section | section of packet where this rrset comes from. |
| qstate | qstate with region. |
| enum sec_status dnskeyset_verify_rrset_sig | ( | struct module_env * | env, |
| struct val_env * | ve, | ||
| time_t | now, | ||
| struct ub_packed_rrset_key * | rrset, | ||
| struct ub_packed_rrset_key * | dnskey, | ||
| size_t | sig_idx, | ||
| struct rbtree_type ** | sortree, | ||
| char ** | reason, | ||
| sldns_pkt_section | section, | ||
| struct module_qstate * | qstate | ||
| ) |
verify rrset, with dnskey rrset, for a specific rrsig in rrset
| env | module environment, scratch space is used. |
| ve | validator environment, date settings. |
| now | current time for validation (can be overridden). |
| rrset | to be validated. |
| dnskey | DNSKEY rrset, keyset to try. |
| sig_idx | which signature to try to validate. |
| sortree | reused sorted order. Stored in region. Pass NULL at start, and for a new rrset. |
| reason | if bogus, a string returned, fixed or alloced in scratch. |
| section | section of packet where this rrset comes from. |
| qstate | qstate with region. |
| int ds_digest_algo_is_supported | ( | struct ub_packed_rrset_key * | ds_rrset, |
| size_t | ds_idx | ||
| ) |
See if DS digest algorithm is supported
| ds_rrset | DS rrset |
| ds_idx | index of RR in DS rrset. |
| int ds_digest_match_dnskey | ( | struct module_env * | env, |
| struct ub_packed_rrset_key * | dnskey_rrset, | ||
| size_t | dnskey_idx, | ||
| struct ub_packed_rrset_key * | ds_rrset, | ||
| size_t | ds_idx | ||
| ) |
Check if dnskey matches a DS digest Does not check dnskey-keyid footprint, just the digest.
| env | module environment. Uses scratch space. |
| dnskey_rrset | DNSKEY rrset. |
| dnskey_idx | index of RR in rrset. |
| ds_rrset | DS rrset |
| ds_idx | index of RR in DS rrset. |
| int ds_get_digest_algo | ( | struct ub_packed_rrset_key * | ds_rrset, |
| size_t | ds_idx | ||
| ) |
Get DS RR digest algorithm
| ds_rrset | DS rrset. |
| ds_idx | which DS. |
| int ds_get_key_algo | ( | struct ub_packed_rrset_key * | k, |
| size_t | idx | ||
| ) |
Get DS RR key algorithm. This value should match with the DNSKEY algo.
| k | DS rrset. |
| idx | which DS. |
| uint16_t ds_get_keytag | ( | struct ub_packed_rrset_key * | ds_rrset, |
| size_t | ds_idx | ||
| ) |
Get DS keytag, footprint value that matches the DNSKEY keytag it signs.
| ds_rrset | DS rrset |
| ds_idx | index of RR in DS rrset. |
| int ds_key_algo_is_supported | ( | struct ub_packed_rrset_key * | ds_rrset, |
| size_t | ds_idx | ||
| ) |
See if DS key algorithm is supported
| ds_rrset | DS rrset |
| ds_idx | index of RR in DS rrset. |
| int rrset_canonical_equal | ( | struct regional * | region, |
| struct ub_packed_rrset_key * | k1, | ||
| struct ub_packed_rrset_key * | k2 | ||
| ) |
Compare two rrsets and see if they are the same, canonicalised. The rrsets are not altered.
| region | temporary region. |
| k1 | rrset1 |
| k2 | rrset2 |