44 uint16_t dnssec_keytag(DnsResourceRecord *dnskey, bool mask_revoke) {  in dnssec_keytag()  argument
50         assert(dnskey);  in dnssec_keytag()
51         assert(dnskey->key->type == DNS_TYPE_DNSKEY);  in dnssec_keytag()
53         f = (uint32_t) dnskey->dnskey.flags;  in dnssec_keytag()
58 …     sum = f + ((((uint32_t) dnskey->dnskey.protocol) << 8) + (uint32_t) dnskey->dnskey.algorithm);  in dnssec_keytag()
60         p = dnskey->dnskey.key;  in dnssec_keytag()
62         for (size_t i = 0; i < dnskey->dnskey.key_size; i++)  in dnssec_keytag()
242                 DnsResourceRecord *dnskey) {  in dnssec_rsa_verify()  argument
251         assert(dnskey);  in dnssec_rsa_verify()
253         if (*(uint8_t*) dnskey->dnskey.key == 0) {  in dnssec_rsa_verify()
256                 exponent = (uint8_t*) dnskey->dnskey.key + 3;  in dnssec_rsa_verify()
258                         ((size_t) (((uint8_t*) dnskey->dnskey.key)[1]) << 8) |  in dnssec_rsa_verify()
259                         ((size_t) ((uint8_t*) dnskey->dnskey.key)[2]);  in dnssec_rsa_verify()
264                 if (3 + exponent_size >= dnskey->dnskey.key_size)  in dnssec_rsa_verify()
267                 modulus = (uint8_t*) dnskey->dnskey.key + 3 + exponent_size;  in dnssec_rsa_verify()
268                 modulus_size = dnskey->dnskey.key_size - 3 - exponent_size;  in dnssec_rsa_verify()
273                 exponent = (uint8_t*) dnskey->dnskey.key + 1;  in dnssec_rsa_verify()
274                 exponent_size = (size_t) ((uint8_t*) dnskey->dnskey.key)[0];  in dnssec_rsa_verify()
279                 if (1 + exponent_size >= dnskey->dnskey.key_size)  in dnssec_rsa_verify()
282                 modulus = (uint8_t*) dnskey->dnskey.key + 1 + exponent_size;  in dnssec_rsa_verify()
283                 modulus_size = dnskey->dnskey.key_size - 1 - exponent_size;  in dnssec_rsa_verify()
454                 DnsResourceRecord *dnskey) {  in dnssec_ecdsa_verify()  argument
463         assert(dnskey);  in dnssec_ecdsa_verify()
474         if (dnskey->dnskey.key_size != key_size * 2)  in dnssec_ecdsa_verify()
482         memcpy(q+1, dnskey->dnskey.key, key_size*2);  in dnssec_ecdsa_verify()
605                 DnsResourceRecord *dnskey) {  in dnssec_eddsa_verify()  argument
615         if (dnskey->dnskey.key_size != key_size)  in dnssec_eddsa_verify()
625                         dnskey->dnskey.key, key_size);  in dnssec_eddsa_verify()
881                 DnsResourceRecord *dnskey,  in dnssec_rrset_verify_sig()  argument
886         assert(dnskey);  in dnssec_rrset_verify_sig()
910                                 dnskey);  in dnssec_rrset_verify_sig()
965                                 dnskey);  in dnssec_rrset_verify_sig()
974                                 dnskey);  in dnssec_rrset_verify_sig()
985                 DnsResourceRecord *dnskey,  in dnssec_verify_rrset()  argument
999         assert(dnskey);  in dnssec_verify_rrset()
1002         assert(dnskey->key->type == DNS_TYPE_DNSKEY);  in dnssec_verify_rrset()
1102         r = dnssec_rrset_verify_sig(rrsig, dnskey, sig_data, sig_size);  in dnssec_verify_rrset()
1124 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok)…  in dnssec_rrsig_match_dnskey()  argument
1127         assert(dnskey);  in dnssec_rrsig_match_dnskey()
1135         if (dnskey->key->type != DNS_TYPE_DNSKEY)  in dnssec_rrsig_match_dnskey()
1137         if (dnskey->key->class != rrsig->key->class)  in dnssec_rrsig_match_dnskey()
1139         if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)  in dnssec_rrsig_match_dnskey()
1141         if (!revoked_ok && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))  in dnssec_rrsig_match_dnskey()
1143         if (dnskey->dnskey.protocol != 3)  in dnssec_rrsig_match_dnskey()
1145         if (dnskey->dnskey.algorithm != rrsig->rrsig.algorithm)  in dnssec_rrsig_match_dnskey()
1148         if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)  in dnssec_rrsig_match_dnskey()
1151         return dns_name_equal(dns_resource_key_name(dnskey->key), rrsig->rrsig.signer);  in dnssec_rrsig_match_dnskey()
1192                 DnsResourceRecord *dnskey;  in dnssec_verify_rrset_search()  local
1205                 DNS_ANSWER_FOREACH_FLAGS(dnskey, flags, validated_dnskeys) {  in dnssec_verify_rrset_search()
1212                         r = dnssec_rrsig_match_dnskey(rrsig, dnskey, false);  in dnssec_verify_rrset_search()
1229                         r = dnssec_verify_rrset(a, key, rrsig, dnskey, realtime, &one_result);  in dnssec_verify_rrset_search()
1330 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {  in dnssec_verify_dnskey_by_ds()  argument
1334         assert(dnskey);  in dnssec_verify_dnskey_by_ds()
1339         if (dnskey->key->type != DNS_TYPE_DNSKEY)  in dnssec_verify_dnskey_by_ds()
1343         if ((dnskey->dnskey.flags & DNSKEY_FLAG_ZONE_KEY) == 0)  in dnssec_verify_dnskey_by_ds()
1345         if (!mask_revoke && (dnskey->dnskey.flags & DNSKEY_FLAG_REVOKE))  in dnssec_verify_dnskey_by_ds()
1347         if (dnskey->dnskey.protocol != 3)  in dnssec_verify_dnskey_by_ds()
1350         if (dnskey->dnskey.algorithm != ds->ds.algorithm)  in dnssec_verify_dnskey_by_ds()
1352         if (dnssec_keytag(dnskey, mask_revoke) != ds->ds.key_tag)  in dnssec_verify_dnskey_by_ds()
1355 …r = dns_name_to_wire_format(dns_resource_key_name(dnskey->key), wire_format, sizeof wire_format, t…  in dnssec_verify_dnskey_by_ds()
1385                 md_add_uint16(ctx, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);  in dnssec_verify_dnskey_by_ds()
1387                 md_add_uint16(ctx, dnskey->dnskey.flags);  in dnssec_verify_dnskey_by_ds()
1389         r = md_add_uint8(ctx, dnskey->dnskey.protocol);  in dnssec_verify_dnskey_by_ds()
1392         r = md_add_uint8(ctx, dnskey->dnskey.algorithm);  in dnssec_verify_dnskey_by_ds()
1395         if (EVP_DigestUpdate(ctx, dnskey->dnskey.key, dnskey->dnskey.key_size) <= 0)  in dnssec_verify_dnskey_by_ds()
1421                 md_add_uint16(md, dnskey->dnskey.flags & ~DNSKEY_FLAG_REVOKE);  in dnssec_verify_dnskey_by_ds()
1423                 md_add_uint16(md, dnskey->dnskey.flags);  in dnssec_verify_dnskey_by_ds()
1424         md_add_uint8(md, dnskey->dnskey.protocol);  in dnssec_verify_dnskey_by_ds()
1425         md_add_uint8(md, dnskey->dnskey.algorithm);  in dnssec_verify_dnskey_by_ds()
1426         gcry_md_write(md, dnskey->dnskey.key, dnskey->dnskey.key_size);  in dnssec_verify_dnskey_by_ds()
1436 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {  in dnssec_verify_dnskey_by_ds_search()  argument
1441         assert(dnskey);  in dnssec_verify_dnskey_by_ds_search()
1443         if (dnskey->key->type != DNS_TYPE_DNSKEY)  in dnssec_verify_dnskey_by_ds_search()
1453                 if (ds->key->class != dnskey->key->class)  in dnssec_verify_dnskey_by_ds_search()
1456 …            r = dns_name_equal(dns_resource_key_name(dnskey->key), dns_resource_key_name(ds->key));  in dnssec_verify_dnskey_by_ds_search()
1462                 r = dnssec_verify_dnskey_by_ds(dnskey, ds, false);  in dnssec_verify_dnskey_by_ds_search()
2497                 DnsResourceRecord *dnskey,  in dnssec_verify_rrset()  argument
2504 int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, bool revoked_ok)…  in dnssec_rrsig_match_dnskey()  argument
2530 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {  in dnssec_verify_dnskey_by_ds()  argument
2535 int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds) {  in dnssec_verify_dnskey_by_ds_search()  argument