18ed2b524SDag-Erling Smørgrav /* 28ed2b524SDag-Erling Smørgrav * validator/val_secalgo.c - validator security algorithm functions. 38ed2b524SDag-Erling Smørgrav * 48ed2b524SDag-Erling Smørgrav * Copyright (c) 2012, NLnet Labs. All rights reserved. 58ed2b524SDag-Erling Smørgrav * 68ed2b524SDag-Erling Smørgrav * This software is open source. 78ed2b524SDag-Erling Smørgrav * 88ed2b524SDag-Erling Smørgrav * Redistribution and use in source and binary forms, with or without 98ed2b524SDag-Erling Smørgrav * modification, are permitted provided that the following conditions 108ed2b524SDag-Erling Smørgrav * are met: 118ed2b524SDag-Erling Smørgrav * 128ed2b524SDag-Erling Smørgrav * Redistributions of source code must retain the above copyright notice, 138ed2b524SDag-Erling Smørgrav * this list of conditions and the following disclaimer. 148ed2b524SDag-Erling Smørgrav * 158ed2b524SDag-Erling Smørgrav * Redistributions in binary form must reproduce the above copyright notice, 168ed2b524SDag-Erling Smørgrav * this list of conditions and the following disclaimer in the documentation 178ed2b524SDag-Erling Smørgrav * and/or other materials provided with the distribution. 188ed2b524SDag-Erling Smørgrav * 198ed2b524SDag-Erling Smørgrav * Neither the name of the NLNET LABS nor the names of its contributors may 208ed2b524SDag-Erling Smørgrav * be used to endorse or promote products derived from this software without 218ed2b524SDag-Erling Smørgrav * specific prior written permission. 228ed2b524SDag-Erling Smørgrav * 238ed2b524SDag-Erling Smørgrav * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24*17d15b25SDag-Erling Smørgrav * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25*17d15b25SDag-Erling Smørgrav * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26*17d15b25SDag-Erling Smørgrav * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27*17d15b25SDag-Erling Smørgrav * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28*17d15b25SDag-Erling Smørgrav * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29*17d15b25SDag-Erling Smørgrav * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30*17d15b25SDag-Erling Smørgrav * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31*17d15b25SDag-Erling Smørgrav * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32*17d15b25SDag-Erling Smørgrav * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33*17d15b25SDag-Erling Smørgrav * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 348ed2b524SDag-Erling Smørgrav */ 358ed2b524SDag-Erling Smørgrav 368ed2b524SDag-Erling Smørgrav /** 378ed2b524SDag-Erling Smørgrav * \file 388ed2b524SDag-Erling Smørgrav * 398ed2b524SDag-Erling Smørgrav * This file contains helper functions for the validator module. 408ed2b524SDag-Erling Smørgrav * These functions take raw data buffers, formatted for crypto verification, 418ed2b524SDag-Erling Smørgrav * and do the library calls (for the crypto library in use). 428ed2b524SDag-Erling Smørgrav */ 438ed2b524SDag-Erling Smørgrav #include "config.h" 448ed2b524SDag-Erling Smørgrav #include "validator/val_secalgo.h" 458ed2b524SDag-Erling Smørgrav #include "util/data/packed_rrset.h" 468ed2b524SDag-Erling Smørgrav #include "util/log.h" 47*17d15b25SDag-Erling Smørgrav #include "ldns/rrdef.h" 48*17d15b25SDag-Erling Smørgrav #include "ldns/keyraw.h" 49*17d15b25SDag-Erling Smørgrav #include "ldns/sbuffer.h" 508ed2b524SDag-Erling Smørgrav 518ed2b524SDag-Erling Smørgrav #if !defined(HAVE_SSL) && !defined(HAVE_NSS) 528ed2b524SDag-Erling Smørgrav #error "Need crypto library to do digital signature cryptography" 538ed2b524SDag-Erling Smørgrav #endif 548ed2b524SDag-Erling Smørgrav 558ed2b524SDag-Erling Smørgrav /* OpenSSL implementation */ 568ed2b524SDag-Erling Smørgrav #ifdef HAVE_SSL 578ed2b524SDag-Erling Smørgrav #ifdef HAVE_OPENSSL_ERR_H 588ed2b524SDag-Erling Smørgrav #include <openssl/err.h> 598ed2b524SDag-Erling Smørgrav #endif 608ed2b524SDag-Erling Smørgrav 618ed2b524SDag-Erling Smørgrav #ifdef HAVE_OPENSSL_RAND_H 628ed2b524SDag-Erling Smørgrav #include <openssl/rand.h> 638ed2b524SDag-Erling Smørgrav #endif 648ed2b524SDag-Erling Smørgrav 658ed2b524SDag-Erling Smørgrav #ifdef HAVE_OPENSSL_CONF_H 668ed2b524SDag-Erling Smørgrav #include <openssl/conf.h> 678ed2b524SDag-Erling Smørgrav #endif 688ed2b524SDag-Erling Smørgrav 698ed2b524SDag-Erling Smørgrav #ifdef HAVE_OPENSSL_ENGINE_H 708ed2b524SDag-Erling Smørgrav #include <openssl/engine.h> 718ed2b524SDag-Erling Smørgrav #endif 728ed2b524SDag-Erling Smørgrav 738ed2b524SDag-Erling Smørgrav /** 748ed2b524SDag-Erling Smørgrav * Return size of DS digest according to its hash algorithm. 758ed2b524SDag-Erling Smørgrav * @param algo: DS digest algo. 768ed2b524SDag-Erling Smørgrav * @return size in bytes of digest, or 0 if not supported. 778ed2b524SDag-Erling Smørgrav */ 788ed2b524SDag-Erling Smørgrav size_t 798ed2b524SDag-Erling Smørgrav ds_digest_size_supported(int algo) 808ed2b524SDag-Erling Smørgrav { 818ed2b524SDag-Erling Smørgrav switch(algo) { 828ed2b524SDag-Erling Smørgrav #ifdef HAVE_EVP_SHA1 838ed2b524SDag-Erling Smørgrav case LDNS_SHA1: 848ed2b524SDag-Erling Smørgrav return SHA_DIGEST_LENGTH; 858ed2b524SDag-Erling Smørgrav #endif 868ed2b524SDag-Erling Smørgrav #ifdef HAVE_EVP_SHA256 878ed2b524SDag-Erling Smørgrav case LDNS_SHA256: 888ed2b524SDag-Erling Smørgrav return SHA256_DIGEST_LENGTH; 898ed2b524SDag-Erling Smørgrav #endif 908ed2b524SDag-Erling Smørgrav #ifdef USE_GOST 918ed2b524SDag-Erling Smørgrav case LDNS_HASH_GOST: 928ed2b524SDag-Erling Smørgrav if(EVP_get_digestbyname("md_gost94")) 938ed2b524SDag-Erling Smørgrav return 32; 948ed2b524SDag-Erling Smørgrav else return 0; 958ed2b524SDag-Erling Smørgrav #endif 968ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 978ed2b524SDag-Erling Smørgrav case LDNS_SHA384: 988ed2b524SDag-Erling Smørgrav return SHA384_DIGEST_LENGTH; 998ed2b524SDag-Erling Smørgrav #endif 1008ed2b524SDag-Erling Smørgrav default: break; 1018ed2b524SDag-Erling Smørgrav } 1028ed2b524SDag-Erling Smørgrav return 0; 1038ed2b524SDag-Erling Smørgrav } 1048ed2b524SDag-Erling Smørgrav 1058ed2b524SDag-Erling Smørgrav #ifdef USE_GOST 1068ed2b524SDag-Erling Smørgrav /** Perform GOST hash */ 1078ed2b524SDag-Erling Smørgrav static int 1088ed2b524SDag-Erling Smørgrav do_gost94(unsigned char* data, size_t len, unsigned char* dest) 1098ed2b524SDag-Erling Smørgrav { 1108ed2b524SDag-Erling Smørgrav const EVP_MD* md = EVP_get_digestbyname("md_gost94"); 1118ed2b524SDag-Erling Smørgrav if(!md) 1128ed2b524SDag-Erling Smørgrav return 0; 113*17d15b25SDag-Erling Smørgrav return sldns_digest_evp(data, (unsigned int)len, dest, md); 1148ed2b524SDag-Erling Smørgrav } 1158ed2b524SDag-Erling Smørgrav #endif 1168ed2b524SDag-Erling Smørgrav 1178ed2b524SDag-Erling Smørgrav int 1188ed2b524SDag-Erling Smørgrav secalgo_ds_digest(int algo, unsigned char* buf, size_t len, 1198ed2b524SDag-Erling Smørgrav unsigned char* res) 1208ed2b524SDag-Erling Smørgrav { 1218ed2b524SDag-Erling Smørgrav switch(algo) { 1228ed2b524SDag-Erling Smørgrav #ifdef HAVE_EVP_SHA1 1238ed2b524SDag-Erling Smørgrav case LDNS_SHA1: 1248ed2b524SDag-Erling Smørgrav (void)SHA1(buf, len, res); 1258ed2b524SDag-Erling Smørgrav return 1; 1268ed2b524SDag-Erling Smørgrav #endif 1278ed2b524SDag-Erling Smørgrav #ifdef HAVE_EVP_SHA256 1288ed2b524SDag-Erling Smørgrav case LDNS_SHA256: 1298ed2b524SDag-Erling Smørgrav (void)SHA256(buf, len, res); 1308ed2b524SDag-Erling Smørgrav return 1; 1318ed2b524SDag-Erling Smørgrav #endif 1328ed2b524SDag-Erling Smørgrav #ifdef USE_GOST 1338ed2b524SDag-Erling Smørgrav case LDNS_HASH_GOST: 1348ed2b524SDag-Erling Smørgrav if(do_gost94(buf, len, res)) 1358ed2b524SDag-Erling Smørgrav return 1; 1368ed2b524SDag-Erling Smørgrav break; 1378ed2b524SDag-Erling Smørgrav #endif 1388ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 1398ed2b524SDag-Erling Smørgrav case LDNS_SHA384: 1408ed2b524SDag-Erling Smørgrav (void)SHA384(buf, len, res); 1418ed2b524SDag-Erling Smørgrav return 1; 1428ed2b524SDag-Erling Smørgrav #endif 1438ed2b524SDag-Erling Smørgrav default: 1448ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "unknown DS digest algorithm %d", 1458ed2b524SDag-Erling Smørgrav algo); 1468ed2b524SDag-Erling Smørgrav break; 1478ed2b524SDag-Erling Smørgrav } 1488ed2b524SDag-Erling Smørgrav return 0; 1498ed2b524SDag-Erling Smørgrav } 1508ed2b524SDag-Erling Smørgrav 1518ed2b524SDag-Erling Smørgrav /** return true if DNSKEY algorithm id is supported */ 1528ed2b524SDag-Erling Smørgrav int 1538ed2b524SDag-Erling Smørgrav dnskey_algo_id_is_supported(int id) 1548ed2b524SDag-Erling Smørgrav { 1558ed2b524SDag-Erling Smørgrav switch(id) { 1568ed2b524SDag-Erling Smørgrav case LDNS_RSAMD5: 1578ed2b524SDag-Erling Smørgrav /* RFC 6725 deprecates RSAMD5 */ 1588ed2b524SDag-Erling Smørgrav return 0; 1598ed2b524SDag-Erling Smørgrav case LDNS_DSA: 1608ed2b524SDag-Erling Smørgrav case LDNS_DSA_NSEC3: 1618ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1: 1628ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1_NSEC3: 1638ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) 1648ed2b524SDag-Erling Smørgrav case LDNS_RSASHA256: 1658ed2b524SDag-Erling Smørgrav #endif 1668ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) 1678ed2b524SDag-Erling Smørgrav case LDNS_RSASHA512: 1688ed2b524SDag-Erling Smørgrav #endif 1698ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 1708ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP256SHA256: 1718ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP384SHA384: 1728ed2b524SDag-Erling Smørgrav #endif 1738ed2b524SDag-Erling Smørgrav return 1; 1748ed2b524SDag-Erling Smørgrav #ifdef USE_GOST 1758ed2b524SDag-Erling Smørgrav case LDNS_ECC_GOST: 1768ed2b524SDag-Erling Smørgrav /* we support GOST if it can be loaded */ 177*17d15b25SDag-Erling Smørgrav return sldns_key_EVP_load_gost_id(); 1788ed2b524SDag-Erling Smørgrav #endif 1798ed2b524SDag-Erling Smørgrav default: 1808ed2b524SDag-Erling Smørgrav return 0; 1818ed2b524SDag-Erling Smørgrav } 1828ed2b524SDag-Erling Smørgrav } 1838ed2b524SDag-Erling Smørgrav 1848ed2b524SDag-Erling Smørgrav /** 1858ed2b524SDag-Erling Smørgrav * Output a libcrypto openssl error to the logfile. 1868ed2b524SDag-Erling Smørgrav * @param str: string to add to it. 1878ed2b524SDag-Erling Smørgrav * @param e: the error to output, error number from ERR_get_error(). 1888ed2b524SDag-Erling Smørgrav */ 1898ed2b524SDag-Erling Smørgrav static void 1908ed2b524SDag-Erling Smørgrav log_crypto_error(const char* str, unsigned long e) 1918ed2b524SDag-Erling Smørgrav { 1928ed2b524SDag-Erling Smørgrav char buf[128]; 1938ed2b524SDag-Erling Smørgrav /* or use ERR_error_string if ERR_error_string_n is not avail TODO */ 1948ed2b524SDag-Erling Smørgrav ERR_error_string_n(e, buf, sizeof(buf)); 1958ed2b524SDag-Erling Smørgrav /* buf now contains */ 1968ed2b524SDag-Erling Smørgrav /* error:[error code]:[library name]:[function name]:[reason string] */ 1978ed2b524SDag-Erling Smørgrav log_err("%s crypto %s", str, buf); 1988ed2b524SDag-Erling Smørgrav } 1998ed2b524SDag-Erling Smørgrav 2008ed2b524SDag-Erling Smørgrav /** 2018ed2b524SDag-Erling Smørgrav * Setup DSA key digest in DER encoding ... 2028ed2b524SDag-Erling Smørgrav * @param sig: input is signature output alloced ptr (unless failure). 2038ed2b524SDag-Erling Smørgrav * caller must free alloced ptr if this routine returns true. 2048ed2b524SDag-Erling Smørgrav * @param len: input is initial siglen, output is output len. 2058ed2b524SDag-Erling Smørgrav * @return false on failure. 2068ed2b524SDag-Erling Smørgrav */ 2078ed2b524SDag-Erling Smørgrav static int 2088ed2b524SDag-Erling Smørgrav setup_dsa_sig(unsigned char** sig, unsigned int* len) 2098ed2b524SDag-Erling Smørgrav { 2108ed2b524SDag-Erling Smørgrav unsigned char* orig = *sig; 2118ed2b524SDag-Erling Smørgrav unsigned int origlen = *len; 2128ed2b524SDag-Erling Smørgrav int newlen; 2138ed2b524SDag-Erling Smørgrav BIGNUM *R, *S; 2148ed2b524SDag-Erling Smørgrav DSA_SIG *dsasig; 2158ed2b524SDag-Erling Smørgrav 2168ed2b524SDag-Erling Smørgrav /* extract the R and S field from the sig buffer */ 2178ed2b524SDag-Erling Smørgrav if(origlen < 1 + 2*SHA_DIGEST_LENGTH) 2188ed2b524SDag-Erling Smørgrav return 0; 2198ed2b524SDag-Erling Smørgrav R = BN_new(); 2208ed2b524SDag-Erling Smørgrav if(!R) return 0; 2218ed2b524SDag-Erling Smørgrav (void) BN_bin2bn(orig + 1, SHA_DIGEST_LENGTH, R); 2228ed2b524SDag-Erling Smørgrav S = BN_new(); 2238ed2b524SDag-Erling Smørgrav if(!S) return 0; 2248ed2b524SDag-Erling Smørgrav (void) BN_bin2bn(orig + 21, SHA_DIGEST_LENGTH, S); 2258ed2b524SDag-Erling Smørgrav dsasig = DSA_SIG_new(); 2268ed2b524SDag-Erling Smørgrav if(!dsasig) return 0; 2278ed2b524SDag-Erling Smørgrav 2288ed2b524SDag-Erling Smørgrav dsasig->r = R; 2298ed2b524SDag-Erling Smørgrav dsasig->s = S; 2308ed2b524SDag-Erling Smørgrav *sig = NULL; 2318ed2b524SDag-Erling Smørgrav newlen = i2d_DSA_SIG(dsasig, sig); 2328ed2b524SDag-Erling Smørgrav if(newlen < 0) { 2338ed2b524SDag-Erling Smørgrav DSA_SIG_free(dsasig); 2348ed2b524SDag-Erling Smørgrav free(*sig); 2358ed2b524SDag-Erling Smørgrav return 0; 2368ed2b524SDag-Erling Smørgrav } 2378ed2b524SDag-Erling Smørgrav *len = (unsigned int)newlen; 2388ed2b524SDag-Erling Smørgrav DSA_SIG_free(dsasig); 2398ed2b524SDag-Erling Smørgrav return 1; 2408ed2b524SDag-Erling Smørgrav } 2418ed2b524SDag-Erling Smørgrav 2428ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 2438ed2b524SDag-Erling Smørgrav /** 2448ed2b524SDag-Erling Smørgrav * Setup the ECDSA signature in its encoding that the library wants. 2458ed2b524SDag-Erling Smørgrav * Converts from plain numbers to ASN formatted. 2468ed2b524SDag-Erling Smørgrav * @param sig: input is signature, output alloced ptr (unless failure). 2478ed2b524SDag-Erling Smørgrav * caller must free alloced ptr if this routine returns true. 2488ed2b524SDag-Erling Smørgrav * @param len: input is initial siglen, output is output len. 2498ed2b524SDag-Erling Smørgrav * @return false on failure. 2508ed2b524SDag-Erling Smørgrav */ 2518ed2b524SDag-Erling Smørgrav static int 2528ed2b524SDag-Erling Smørgrav setup_ecdsa_sig(unsigned char** sig, unsigned int* len) 2538ed2b524SDag-Erling Smørgrav { 2548ed2b524SDag-Erling Smørgrav ECDSA_SIG* ecdsa_sig; 2558ed2b524SDag-Erling Smørgrav int newlen; 2568ed2b524SDag-Erling Smørgrav int bnsize = (int)((*len)/2); 2578ed2b524SDag-Erling Smørgrav /* if too short or not even length, fails */ 2588ed2b524SDag-Erling Smørgrav if(*len < 16 || bnsize*2 != (int)*len) 2598ed2b524SDag-Erling Smørgrav return 0; 2608ed2b524SDag-Erling Smørgrav /* use the raw data to parse two evenly long BIGNUMs, "r | s". */ 2618ed2b524SDag-Erling Smørgrav ecdsa_sig = ECDSA_SIG_new(); 2628ed2b524SDag-Erling Smørgrav if(!ecdsa_sig) return 0; 2638ed2b524SDag-Erling Smørgrav ecdsa_sig->r = BN_bin2bn(*sig, bnsize, ecdsa_sig->r); 2648ed2b524SDag-Erling Smørgrav ecdsa_sig->s = BN_bin2bn(*sig+bnsize, bnsize, ecdsa_sig->s); 2658ed2b524SDag-Erling Smørgrav if(!ecdsa_sig->r || !ecdsa_sig->s) { 2668ed2b524SDag-Erling Smørgrav ECDSA_SIG_free(ecdsa_sig); 2678ed2b524SDag-Erling Smørgrav return 0; 2688ed2b524SDag-Erling Smørgrav } 2698ed2b524SDag-Erling Smørgrav 2708ed2b524SDag-Erling Smørgrav /* spool it into ASN format */ 2718ed2b524SDag-Erling Smørgrav *sig = NULL; 2728ed2b524SDag-Erling Smørgrav newlen = i2d_ECDSA_SIG(ecdsa_sig, sig); 2738ed2b524SDag-Erling Smørgrav if(newlen <= 0) { 2748ed2b524SDag-Erling Smørgrav ECDSA_SIG_free(ecdsa_sig); 2758ed2b524SDag-Erling Smørgrav free(*sig); 2768ed2b524SDag-Erling Smørgrav return 0; 2778ed2b524SDag-Erling Smørgrav } 2788ed2b524SDag-Erling Smørgrav *len = (unsigned int)newlen; 2798ed2b524SDag-Erling Smørgrav ECDSA_SIG_free(ecdsa_sig); 2808ed2b524SDag-Erling Smørgrav return 1; 2818ed2b524SDag-Erling Smørgrav } 2828ed2b524SDag-Erling Smørgrav #endif /* USE_ECDSA */ 2838ed2b524SDag-Erling Smørgrav 2848ed2b524SDag-Erling Smørgrav /** 2858ed2b524SDag-Erling Smørgrav * Setup key and digest for verification. Adjust sig if necessary. 2868ed2b524SDag-Erling Smørgrav * 2878ed2b524SDag-Erling Smørgrav * @param algo: key algorithm 2888ed2b524SDag-Erling Smørgrav * @param evp_key: EVP PKEY public key to create. 2898ed2b524SDag-Erling Smørgrav * @param digest_type: digest type to use 2908ed2b524SDag-Erling Smørgrav * @param key: key to setup for. 2918ed2b524SDag-Erling Smørgrav * @param keylen: length of key. 2928ed2b524SDag-Erling Smørgrav * @return false on failure. 2938ed2b524SDag-Erling Smørgrav */ 2948ed2b524SDag-Erling Smørgrav static int 2958ed2b524SDag-Erling Smørgrav setup_key_digest(int algo, EVP_PKEY** evp_key, const EVP_MD** digest_type, 2968ed2b524SDag-Erling Smørgrav unsigned char* key, size_t keylen) 2978ed2b524SDag-Erling Smørgrav { 2988ed2b524SDag-Erling Smørgrav DSA* dsa; 2998ed2b524SDag-Erling Smørgrav RSA* rsa; 3008ed2b524SDag-Erling Smørgrav 3018ed2b524SDag-Erling Smørgrav switch(algo) { 3028ed2b524SDag-Erling Smørgrav case LDNS_DSA: 3038ed2b524SDag-Erling Smørgrav case LDNS_DSA_NSEC3: 3048ed2b524SDag-Erling Smørgrav *evp_key = EVP_PKEY_new(); 3058ed2b524SDag-Erling Smørgrav if(!*evp_key) { 3068ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 3078ed2b524SDag-Erling Smørgrav return 0; 3088ed2b524SDag-Erling Smørgrav } 309*17d15b25SDag-Erling Smørgrav dsa = sldns_key_buf2dsa_raw(key, keylen); 3108ed2b524SDag-Erling Smørgrav if(!dsa) { 3118ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 312*17d15b25SDag-Erling Smørgrav "sldns_key_buf2dsa_raw failed"); 3138ed2b524SDag-Erling Smørgrav return 0; 3148ed2b524SDag-Erling Smørgrav } 3158ed2b524SDag-Erling Smørgrav if(EVP_PKEY_assign_DSA(*evp_key, dsa) == 0) { 3168ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 3178ed2b524SDag-Erling Smørgrav "EVP_PKEY_assign_DSA failed"); 3188ed2b524SDag-Erling Smørgrav return 0; 3198ed2b524SDag-Erling Smørgrav } 3208ed2b524SDag-Erling Smørgrav *digest_type = EVP_dss1(); 3218ed2b524SDag-Erling Smørgrav 3228ed2b524SDag-Erling Smørgrav break; 3238ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1: 3248ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1_NSEC3: 3258ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) 3268ed2b524SDag-Erling Smørgrav case LDNS_RSASHA256: 3278ed2b524SDag-Erling Smørgrav #endif 3288ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) 3298ed2b524SDag-Erling Smørgrav case LDNS_RSASHA512: 3308ed2b524SDag-Erling Smørgrav #endif 3318ed2b524SDag-Erling Smørgrav *evp_key = EVP_PKEY_new(); 3328ed2b524SDag-Erling Smørgrav if(!*evp_key) { 3338ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 3348ed2b524SDag-Erling Smørgrav return 0; 3358ed2b524SDag-Erling Smørgrav } 336*17d15b25SDag-Erling Smørgrav rsa = sldns_key_buf2rsa_raw(key, keylen); 3378ed2b524SDag-Erling Smørgrav if(!rsa) { 3388ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 339*17d15b25SDag-Erling Smørgrav "sldns_key_buf2rsa_raw SHA failed"); 3408ed2b524SDag-Erling Smørgrav return 0; 3418ed2b524SDag-Erling Smørgrav } 3428ed2b524SDag-Erling Smørgrav if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { 3438ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 3448ed2b524SDag-Erling Smørgrav "EVP_PKEY_assign_RSA SHA failed"); 3458ed2b524SDag-Erling Smørgrav return 0; 3468ed2b524SDag-Erling Smørgrav } 3478ed2b524SDag-Erling Smørgrav 3488ed2b524SDag-Erling Smørgrav /* select SHA version */ 3498ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA256) && defined(USE_SHA2) 3508ed2b524SDag-Erling Smørgrav if(algo == LDNS_RSASHA256) 3518ed2b524SDag-Erling Smørgrav *digest_type = EVP_sha256(); 3528ed2b524SDag-Erling Smørgrav else 3538ed2b524SDag-Erling Smørgrav #endif 3548ed2b524SDag-Erling Smørgrav #if defined(HAVE_EVP_SHA512) && defined(USE_SHA2) 3558ed2b524SDag-Erling Smørgrav if(algo == LDNS_RSASHA512) 3568ed2b524SDag-Erling Smørgrav *digest_type = EVP_sha512(); 3578ed2b524SDag-Erling Smørgrav else 3588ed2b524SDag-Erling Smørgrav #endif 3598ed2b524SDag-Erling Smørgrav *digest_type = EVP_sha1(); 3608ed2b524SDag-Erling Smørgrav 3618ed2b524SDag-Erling Smørgrav break; 3628ed2b524SDag-Erling Smørgrav case LDNS_RSAMD5: 3638ed2b524SDag-Erling Smørgrav *evp_key = EVP_PKEY_new(); 3648ed2b524SDag-Erling Smørgrav if(!*evp_key) { 3658ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 3668ed2b524SDag-Erling Smørgrav return 0; 3678ed2b524SDag-Erling Smørgrav } 368*17d15b25SDag-Erling Smørgrav rsa = sldns_key_buf2rsa_raw(key, keylen); 3698ed2b524SDag-Erling Smørgrav if(!rsa) { 3708ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 371*17d15b25SDag-Erling Smørgrav "sldns_key_buf2rsa_raw MD5 failed"); 3728ed2b524SDag-Erling Smørgrav return 0; 3738ed2b524SDag-Erling Smørgrav } 3748ed2b524SDag-Erling Smørgrav if(EVP_PKEY_assign_RSA(*evp_key, rsa) == 0) { 3758ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 3768ed2b524SDag-Erling Smørgrav "EVP_PKEY_assign_RSA MD5 failed"); 3778ed2b524SDag-Erling Smørgrav return 0; 3788ed2b524SDag-Erling Smørgrav } 3798ed2b524SDag-Erling Smørgrav *digest_type = EVP_md5(); 3808ed2b524SDag-Erling Smørgrav 3818ed2b524SDag-Erling Smørgrav break; 3828ed2b524SDag-Erling Smørgrav #ifdef USE_GOST 3838ed2b524SDag-Erling Smørgrav case LDNS_ECC_GOST: 384*17d15b25SDag-Erling Smørgrav *evp_key = sldns_gost2pkey_raw(key, keylen); 3858ed2b524SDag-Erling Smørgrav if(!*evp_key) { 3868ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 387*17d15b25SDag-Erling Smørgrav "sldns_gost2pkey_raw failed"); 3888ed2b524SDag-Erling Smørgrav return 0; 3898ed2b524SDag-Erling Smørgrav } 3908ed2b524SDag-Erling Smørgrav *digest_type = EVP_get_digestbyname("md_gost94"); 3918ed2b524SDag-Erling Smørgrav if(!*digest_type) { 3928ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 3938ed2b524SDag-Erling Smørgrav "EVP_getdigest md_gost94 failed"); 3948ed2b524SDag-Erling Smørgrav return 0; 3958ed2b524SDag-Erling Smørgrav } 3968ed2b524SDag-Erling Smørgrav break; 3978ed2b524SDag-Erling Smørgrav #endif 3988ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 3998ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP256SHA256: 400*17d15b25SDag-Erling Smørgrav *evp_key = sldns_ecdsa2pkey_raw(key, keylen, 4018ed2b524SDag-Erling Smørgrav LDNS_ECDSAP256SHA256); 4028ed2b524SDag-Erling Smørgrav if(!*evp_key) { 4038ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 404*17d15b25SDag-Erling Smørgrav "sldns_ecdsa2pkey_raw failed"); 4058ed2b524SDag-Erling Smørgrav return 0; 4068ed2b524SDag-Erling Smørgrav } 4078ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA_EVP_WORKAROUND 4088ed2b524SDag-Erling Smørgrav /* openssl before 1.0.0 fixes RSA with the SHA256 4098ed2b524SDag-Erling Smørgrav * hash in EVP. We create one for ecdsa_sha256 */ 4108ed2b524SDag-Erling Smørgrav { 4118ed2b524SDag-Erling Smørgrav static int md_ecdsa_256_done = 0; 4128ed2b524SDag-Erling Smørgrav static EVP_MD md; 4138ed2b524SDag-Erling Smørgrav if(!md_ecdsa_256_done) { 4148ed2b524SDag-Erling Smørgrav EVP_MD m = *EVP_sha256(); 4158ed2b524SDag-Erling Smørgrav md_ecdsa_256_done = 1; 4168ed2b524SDag-Erling Smørgrav m.required_pkey_type[0] = (*evp_key)->type; 4178ed2b524SDag-Erling Smørgrav m.verify = (void*)ECDSA_verify; 4188ed2b524SDag-Erling Smørgrav md = m; 4198ed2b524SDag-Erling Smørgrav } 4208ed2b524SDag-Erling Smørgrav *digest_type = &md; 4218ed2b524SDag-Erling Smørgrav } 4228ed2b524SDag-Erling Smørgrav #else 4238ed2b524SDag-Erling Smørgrav *digest_type = EVP_sha256(); 4248ed2b524SDag-Erling Smørgrav #endif 4258ed2b524SDag-Erling Smørgrav break; 4268ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP384SHA384: 427*17d15b25SDag-Erling Smørgrav *evp_key = sldns_ecdsa2pkey_raw(key, keylen, 4288ed2b524SDag-Erling Smørgrav LDNS_ECDSAP384SHA384); 4298ed2b524SDag-Erling Smørgrav if(!*evp_key) { 4308ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: " 431*17d15b25SDag-Erling Smørgrav "sldns_ecdsa2pkey_raw failed"); 4328ed2b524SDag-Erling Smørgrav return 0; 4338ed2b524SDag-Erling Smørgrav } 4348ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA_EVP_WORKAROUND 4358ed2b524SDag-Erling Smørgrav /* openssl before 1.0.0 fixes RSA with the SHA384 4368ed2b524SDag-Erling Smørgrav * hash in EVP. We create one for ecdsa_sha384 */ 4378ed2b524SDag-Erling Smørgrav { 4388ed2b524SDag-Erling Smørgrav static int md_ecdsa_384_done = 0; 4398ed2b524SDag-Erling Smørgrav static EVP_MD md; 4408ed2b524SDag-Erling Smørgrav if(!md_ecdsa_384_done) { 4418ed2b524SDag-Erling Smørgrav EVP_MD m = *EVP_sha384(); 4428ed2b524SDag-Erling Smørgrav md_ecdsa_384_done = 1; 4438ed2b524SDag-Erling Smørgrav m.required_pkey_type[0] = (*evp_key)->type; 4448ed2b524SDag-Erling Smørgrav m.verify = (void*)ECDSA_verify; 4458ed2b524SDag-Erling Smørgrav md = m; 4468ed2b524SDag-Erling Smørgrav } 4478ed2b524SDag-Erling Smørgrav *digest_type = &md; 4488ed2b524SDag-Erling Smørgrav } 4498ed2b524SDag-Erling Smørgrav #else 4508ed2b524SDag-Erling Smørgrav *digest_type = EVP_sha384(); 4518ed2b524SDag-Erling Smørgrav #endif 4528ed2b524SDag-Erling Smørgrav break; 4538ed2b524SDag-Erling Smørgrav #endif /* USE_ECDSA */ 4548ed2b524SDag-Erling Smørgrav default: 4558ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: unknown algorithm %d", 4568ed2b524SDag-Erling Smørgrav algo); 4578ed2b524SDag-Erling Smørgrav return 0; 4588ed2b524SDag-Erling Smørgrav } 4598ed2b524SDag-Erling Smørgrav return 1; 4608ed2b524SDag-Erling Smørgrav } 4618ed2b524SDag-Erling Smørgrav 4628ed2b524SDag-Erling Smørgrav /** 4638ed2b524SDag-Erling Smørgrav * Check a canonical sig+rrset and signature against a dnskey 4648ed2b524SDag-Erling Smørgrav * @param buf: buffer with data to verify, the first rrsig part and the 4658ed2b524SDag-Erling Smørgrav * canonicalized rrset. 4668ed2b524SDag-Erling Smørgrav * @param algo: DNSKEY algorithm. 4678ed2b524SDag-Erling Smørgrav * @param sigblock: signature rdata field from RRSIG 4688ed2b524SDag-Erling Smørgrav * @param sigblock_len: length of sigblock data. 4698ed2b524SDag-Erling Smørgrav * @param key: public key data from DNSKEY RR. 4708ed2b524SDag-Erling Smørgrav * @param keylen: length of keydata. 4718ed2b524SDag-Erling Smørgrav * @param reason: bogus reason in more detail. 4728ed2b524SDag-Erling Smørgrav * @return secure if verification succeeded, bogus on crypto failure, 4738ed2b524SDag-Erling Smørgrav * unchecked on format errors and alloc failures. 4748ed2b524SDag-Erling Smørgrav */ 4758ed2b524SDag-Erling Smørgrav enum sec_status 476*17d15b25SDag-Erling Smørgrav verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, 4778ed2b524SDag-Erling Smørgrav unsigned int sigblock_len, unsigned char* key, unsigned int keylen, 4788ed2b524SDag-Erling Smørgrav char** reason) 4798ed2b524SDag-Erling Smørgrav { 4808ed2b524SDag-Erling Smørgrav const EVP_MD *digest_type; 4818ed2b524SDag-Erling Smørgrav EVP_MD_CTX ctx; 4828ed2b524SDag-Erling Smørgrav int res, dofree = 0; 4838ed2b524SDag-Erling Smørgrav EVP_PKEY *evp_key = NULL; 4848ed2b524SDag-Erling Smørgrav 4858ed2b524SDag-Erling Smørgrav if(!setup_key_digest(algo, &evp_key, &digest_type, key, keylen)) { 4868ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: failed to setup key"); 4878ed2b524SDag-Erling Smørgrav *reason = "use of key for crypto failed"; 4888ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 4898ed2b524SDag-Erling Smørgrav return sec_status_bogus; 4908ed2b524SDag-Erling Smørgrav } 4918ed2b524SDag-Erling Smørgrav /* if it is a DSA signature in bind format, convert to DER format */ 4928ed2b524SDag-Erling Smørgrav if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3) && 4938ed2b524SDag-Erling Smørgrav sigblock_len == 1+2*SHA_DIGEST_LENGTH) { 4948ed2b524SDag-Erling Smørgrav if(!setup_dsa_sig(&sigblock, &sigblock_len)) { 4958ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: failed to setup DSA sig"); 4968ed2b524SDag-Erling Smørgrav *reason = "use of key for DSA crypto failed"; 4978ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 4988ed2b524SDag-Erling Smørgrav return sec_status_bogus; 4998ed2b524SDag-Erling Smørgrav } 5008ed2b524SDag-Erling Smørgrav dofree = 1; 5018ed2b524SDag-Erling Smørgrav } 5028ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 5038ed2b524SDag-Erling Smørgrav else if(algo == LDNS_ECDSAP256SHA256 || algo == LDNS_ECDSAP384SHA384) { 5048ed2b524SDag-Erling Smørgrav /* EVP uses ASN prefix on sig, which is not in the wire data */ 5058ed2b524SDag-Erling Smørgrav if(!setup_ecdsa_sig(&sigblock, &sigblock_len)) { 5068ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: failed to setup ECDSA sig"); 5078ed2b524SDag-Erling Smørgrav *reason = "use of signature for ECDSA crypto failed"; 5088ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 5098ed2b524SDag-Erling Smørgrav return sec_status_bogus; 5108ed2b524SDag-Erling Smørgrav } 5118ed2b524SDag-Erling Smørgrav dofree = 1; 5128ed2b524SDag-Erling Smørgrav } 5138ed2b524SDag-Erling Smørgrav #endif /* USE_ECDSA */ 5148ed2b524SDag-Erling Smørgrav 5158ed2b524SDag-Erling Smørgrav /* do the signature cryptography work */ 5168ed2b524SDag-Erling Smørgrav EVP_MD_CTX_init(&ctx); 5178ed2b524SDag-Erling Smørgrav if(EVP_VerifyInit(&ctx, digest_type) == 0) { 5188ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: EVP_VerifyInit failed"); 5198ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 5208ed2b524SDag-Erling Smørgrav if(dofree) free(sigblock); 5218ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 5228ed2b524SDag-Erling Smørgrav } 523*17d15b25SDag-Erling Smørgrav if(EVP_VerifyUpdate(&ctx, (unsigned char*)sldns_buffer_begin(buf), 524*17d15b25SDag-Erling Smørgrav (unsigned int)sldns_buffer_limit(buf)) == 0) { 5258ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: EVP_VerifyUpdate failed"); 5268ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 5278ed2b524SDag-Erling Smørgrav if(dofree) free(sigblock); 5288ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 5298ed2b524SDag-Erling Smørgrav } 5308ed2b524SDag-Erling Smørgrav 5318ed2b524SDag-Erling Smørgrav res = EVP_VerifyFinal(&ctx, sigblock, sigblock_len, evp_key); 5328ed2b524SDag-Erling Smørgrav if(EVP_MD_CTX_cleanup(&ctx) == 0) { 5338ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: EVP_MD_CTX_cleanup failed"); 5348ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 5358ed2b524SDag-Erling Smørgrav if(dofree) free(sigblock); 5368ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 5378ed2b524SDag-Erling Smørgrav } 5388ed2b524SDag-Erling Smørgrav EVP_PKEY_free(evp_key); 5398ed2b524SDag-Erling Smørgrav 5408ed2b524SDag-Erling Smørgrav if(dofree) 5418ed2b524SDag-Erling Smørgrav free(sigblock); 5428ed2b524SDag-Erling Smørgrav 5438ed2b524SDag-Erling Smørgrav if(res == 1) { 5448ed2b524SDag-Erling Smørgrav return sec_status_secure; 5458ed2b524SDag-Erling Smørgrav } else if(res == 0) { 5468ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: signature mismatch"); 5478ed2b524SDag-Erling Smørgrav *reason = "signature crypto failed"; 5488ed2b524SDag-Erling Smørgrav return sec_status_bogus; 5498ed2b524SDag-Erling Smørgrav } 5508ed2b524SDag-Erling Smørgrav 5518ed2b524SDag-Erling Smørgrav log_crypto_error("verify:", ERR_get_error()); 5528ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 5538ed2b524SDag-Erling Smørgrav } 5548ed2b524SDag-Erling Smørgrav 5558ed2b524SDag-Erling Smørgrav /**************************************************/ 5568ed2b524SDag-Erling Smørgrav #elif defined(HAVE_NSS) 5578ed2b524SDag-Erling Smørgrav /* libnss implementation */ 5588ed2b524SDag-Erling Smørgrav /* nss3 */ 5598ed2b524SDag-Erling Smørgrav #include "sechash.h" 5608ed2b524SDag-Erling Smørgrav #include "pk11pub.h" 5618ed2b524SDag-Erling Smørgrav #include "keyhi.h" 5628ed2b524SDag-Erling Smørgrav #include "secerr.h" 5638ed2b524SDag-Erling Smørgrav #include "cryptohi.h" 5648ed2b524SDag-Erling Smørgrav /* nspr4 */ 5658ed2b524SDag-Erling Smørgrav #include "prerror.h" 5668ed2b524SDag-Erling Smørgrav 5678ed2b524SDag-Erling Smørgrav size_t 5688ed2b524SDag-Erling Smørgrav ds_digest_size_supported(int algo) 5698ed2b524SDag-Erling Smørgrav { 5708ed2b524SDag-Erling Smørgrav /* uses libNSS */ 5718ed2b524SDag-Erling Smørgrav switch(algo) { 5728ed2b524SDag-Erling Smørgrav case LDNS_SHA1: 5738ed2b524SDag-Erling Smørgrav return SHA1_LENGTH; 5748ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 5758ed2b524SDag-Erling Smørgrav case LDNS_SHA256: 5768ed2b524SDag-Erling Smørgrav return SHA256_LENGTH; 5778ed2b524SDag-Erling Smørgrav #endif 5788ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 5798ed2b524SDag-Erling Smørgrav case LDNS_SHA384: 5808ed2b524SDag-Erling Smørgrav return SHA384_LENGTH; 5818ed2b524SDag-Erling Smørgrav #endif 5828ed2b524SDag-Erling Smørgrav /* GOST not supported in NSS */ 5838ed2b524SDag-Erling Smørgrav case LDNS_HASH_GOST: 5848ed2b524SDag-Erling Smørgrav default: break; 5858ed2b524SDag-Erling Smørgrav } 5868ed2b524SDag-Erling Smørgrav return 0; 5878ed2b524SDag-Erling Smørgrav } 5888ed2b524SDag-Erling Smørgrav 5898ed2b524SDag-Erling Smørgrav int 5908ed2b524SDag-Erling Smørgrav secalgo_ds_digest(int algo, unsigned char* buf, size_t len, 5918ed2b524SDag-Erling Smørgrav unsigned char* res) 5928ed2b524SDag-Erling Smørgrav { 5938ed2b524SDag-Erling Smørgrav /* uses libNSS */ 5948ed2b524SDag-Erling Smørgrav switch(algo) { 5958ed2b524SDag-Erling Smørgrav case LDNS_SHA1: 5968ed2b524SDag-Erling Smørgrav return HASH_HashBuf(HASH_AlgSHA1, res, buf, len) 5978ed2b524SDag-Erling Smørgrav == SECSuccess; 5988ed2b524SDag-Erling Smørgrav #if defined(USE_SHA2) 5998ed2b524SDag-Erling Smørgrav case LDNS_SHA256: 6008ed2b524SDag-Erling Smørgrav return HASH_HashBuf(HASH_AlgSHA256, res, buf, len) 6018ed2b524SDag-Erling Smørgrav == SECSuccess; 6028ed2b524SDag-Erling Smørgrav #endif 6038ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 6048ed2b524SDag-Erling Smørgrav case LDNS_SHA384: 6058ed2b524SDag-Erling Smørgrav return HASH_HashBuf(HASH_AlgSHA384, res, buf, len) 6068ed2b524SDag-Erling Smørgrav == SECSuccess; 6078ed2b524SDag-Erling Smørgrav #endif 6088ed2b524SDag-Erling Smørgrav case LDNS_HASH_GOST: 6098ed2b524SDag-Erling Smørgrav default: 6108ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "unknown DS digest algorithm %d", 6118ed2b524SDag-Erling Smørgrav algo); 6128ed2b524SDag-Erling Smørgrav break; 6138ed2b524SDag-Erling Smørgrav } 6148ed2b524SDag-Erling Smørgrav return 0; 6158ed2b524SDag-Erling Smørgrav } 6168ed2b524SDag-Erling Smørgrav 6178ed2b524SDag-Erling Smørgrav int 6188ed2b524SDag-Erling Smørgrav dnskey_algo_id_is_supported(int id) 6198ed2b524SDag-Erling Smørgrav { 6208ed2b524SDag-Erling Smørgrav /* uses libNSS */ 6218ed2b524SDag-Erling Smørgrav switch(id) { 6228ed2b524SDag-Erling Smørgrav case LDNS_RSAMD5: 6238ed2b524SDag-Erling Smørgrav /* RFC 6725 deprecates RSAMD5 */ 6248ed2b524SDag-Erling Smørgrav return 0; 6258ed2b524SDag-Erling Smørgrav case LDNS_DSA: 6268ed2b524SDag-Erling Smørgrav case LDNS_DSA_NSEC3: 6278ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1: 6288ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1_NSEC3: 6298ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 6308ed2b524SDag-Erling Smørgrav case LDNS_RSASHA256: 6318ed2b524SDag-Erling Smørgrav #endif 6328ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 6338ed2b524SDag-Erling Smørgrav case LDNS_RSASHA512: 6348ed2b524SDag-Erling Smørgrav #endif 6358ed2b524SDag-Erling Smørgrav return 1; 6368ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 6378ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP256SHA256: 6388ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP384SHA384: 6398ed2b524SDag-Erling Smørgrav return PK11_TokenExists(CKM_ECDSA); 6408ed2b524SDag-Erling Smørgrav #endif 6418ed2b524SDag-Erling Smørgrav case LDNS_ECC_GOST: 6428ed2b524SDag-Erling Smørgrav default: 6438ed2b524SDag-Erling Smørgrav return 0; 6448ed2b524SDag-Erling Smørgrav } 6458ed2b524SDag-Erling Smørgrav } 6468ed2b524SDag-Erling Smørgrav 6478ed2b524SDag-Erling Smørgrav /* return a new public key for NSS */ 6488ed2b524SDag-Erling Smørgrav static SECKEYPublicKey* nss_key_create(KeyType ktype) 6498ed2b524SDag-Erling Smørgrav { 6508ed2b524SDag-Erling Smørgrav SECKEYPublicKey* key; 6518ed2b524SDag-Erling Smørgrav PLArenaPool* arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 6528ed2b524SDag-Erling Smørgrav if(!arena) { 6538ed2b524SDag-Erling Smørgrav log_err("out of memory, PORT_NewArena failed"); 6548ed2b524SDag-Erling Smørgrav return NULL; 6558ed2b524SDag-Erling Smørgrav } 6568ed2b524SDag-Erling Smørgrav key = PORT_ArenaZNew(arena, SECKEYPublicKey); 6578ed2b524SDag-Erling Smørgrav if(!key) { 6588ed2b524SDag-Erling Smørgrav log_err("out of memory, PORT_ArenaZNew failed"); 6598ed2b524SDag-Erling Smørgrav PORT_FreeArena(arena, PR_FALSE); 6608ed2b524SDag-Erling Smørgrav return NULL; 6618ed2b524SDag-Erling Smørgrav } 6628ed2b524SDag-Erling Smørgrav key->arena = arena; 6638ed2b524SDag-Erling Smørgrav key->keyType = ktype; 6648ed2b524SDag-Erling Smørgrav key->pkcs11Slot = NULL; 6658ed2b524SDag-Erling Smørgrav key->pkcs11ID = CK_INVALID_HANDLE; 6668ed2b524SDag-Erling Smørgrav return key; 6678ed2b524SDag-Erling Smørgrav } 6688ed2b524SDag-Erling Smørgrav 6698ed2b524SDag-Erling Smørgrav static SECKEYPublicKey* nss_buf2ecdsa(unsigned char* key, size_t len, int algo) 6708ed2b524SDag-Erling Smørgrav { 6718ed2b524SDag-Erling Smørgrav SECKEYPublicKey* pk; 6728ed2b524SDag-Erling Smørgrav SECItem pub = {siBuffer, NULL, 0}; 6738ed2b524SDag-Erling Smørgrav SECItem params = {siBuffer, NULL, 0}; 674*17d15b25SDag-Erling Smørgrav static unsigned char param256[] = { 6758ed2b524SDag-Erling Smørgrav /* OBJECTIDENTIFIER 1.2.840.10045.3.1.7 (P-256) 6768ed2b524SDag-Erling Smørgrav * {iso(1) member-body(2) us(840) ansi-x962(10045) curves(3) prime(1) prime256v1(7)} */ 6778ed2b524SDag-Erling Smørgrav 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 6788ed2b524SDag-Erling Smørgrav }; 679*17d15b25SDag-Erling Smørgrav static unsigned char param384[] = { 6808ed2b524SDag-Erling Smørgrav /* OBJECTIDENTIFIER 1.3.132.0.34 (P-384) 6818ed2b524SDag-Erling Smørgrav * {iso(1) identified-organization(3) certicom(132) curve(0) ansip384r1(34)} */ 6828ed2b524SDag-Erling Smørgrav 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22 6838ed2b524SDag-Erling Smørgrav }; 6848ed2b524SDag-Erling Smørgrav unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ 6858ed2b524SDag-Erling Smørgrav 6868ed2b524SDag-Erling Smørgrav /* check length, which uncompressed must be 2 bignums */ 6878ed2b524SDag-Erling Smørgrav if(algo == LDNS_ECDSAP256SHA256) { 6888ed2b524SDag-Erling Smørgrav if(len != 2*256/8) return NULL; 6898ed2b524SDag-Erling Smørgrav /* ECCurve_X9_62_PRIME_256V1 */ 6908ed2b524SDag-Erling Smørgrav } else if(algo == LDNS_ECDSAP384SHA384) { 6918ed2b524SDag-Erling Smørgrav if(len != 2*384/8) return NULL; 6928ed2b524SDag-Erling Smørgrav /* ECCurve_X9_62_PRIME_384R1 */ 6938ed2b524SDag-Erling Smørgrav } else return NULL; 6948ed2b524SDag-Erling Smørgrav 6958ed2b524SDag-Erling Smørgrav buf[0] = 0x04; /* POINT_FORM_UNCOMPRESSED */ 6968ed2b524SDag-Erling Smørgrav memmove(buf+1, key, len); 6978ed2b524SDag-Erling Smørgrav pub.data = buf; 6988ed2b524SDag-Erling Smørgrav pub.len = len+1; 6998ed2b524SDag-Erling Smørgrav if(algo == LDNS_ECDSAP256SHA256) { 7008ed2b524SDag-Erling Smørgrav params.data = param256; 7018ed2b524SDag-Erling Smørgrav params.len = sizeof(param256); 7028ed2b524SDag-Erling Smørgrav } else { 7038ed2b524SDag-Erling Smørgrav params.data = param384; 7048ed2b524SDag-Erling Smørgrav params.len = sizeof(param384); 7058ed2b524SDag-Erling Smørgrav } 7068ed2b524SDag-Erling Smørgrav 7078ed2b524SDag-Erling Smørgrav pk = nss_key_create(ecKey); 7088ed2b524SDag-Erling Smørgrav if(!pk) 7098ed2b524SDag-Erling Smørgrav return NULL; 7108ed2b524SDag-Erling Smørgrav pk->u.ec.size = (len/2)*8; 7118ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.ec.publicValue, &pub)) { 7128ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7138ed2b524SDag-Erling Smørgrav return NULL; 7148ed2b524SDag-Erling Smørgrav } 7158ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.ec.DEREncodedParams, ¶ms)) { 7168ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7178ed2b524SDag-Erling Smørgrav return NULL; 7188ed2b524SDag-Erling Smørgrav } 7198ed2b524SDag-Erling Smørgrav 7208ed2b524SDag-Erling Smørgrav return pk; 7218ed2b524SDag-Erling Smørgrav } 7228ed2b524SDag-Erling Smørgrav 7238ed2b524SDag-Erling Smørgrav static SECKEYPublicKey* nss_buf2dsa(unsigned char* key, size_t len) 7248ed2b524SDag-Erling Smørgrav { 7258ed2b524SDag-Erling Smørgrav SECKEYPublicKey* pk; 7268ed2b524SDag-Erling Smørgrav uint8_t T; 7278ed2b524SDag-Erling Smørgrav uint16_t length; 7288ed2b524SDag-Erling Smørgrav uint16_t offset; 7298ed2b524SDag-Erling Smørgrav SECItem Q = {siBuffer, NULL, 0}; 7308ed2b524SDag-Erling Smørgrav SECItem P = {siBuffer, NULL, 0}; 7318ed2b524SDag-Erling Smørgrav SECItem G = {siBuffer, NULL, 0}; 7328ed2b524SDag-Erling Smørgrav SECItem Y = {siBuffer, NULL, 0}; 7338ed2b524SDag-Erling Smørgrav 7348ed2b524SDag-Erling Smørgrav if(len == 0) 7358ed2b524SDag-Erling Smørgrav return NULL; 7368ed2b524SDag-Erling Smørgrav T = (uint8_t)key[0]; 7378ed2b524SDag-Erling Smørgrav length = (64 + T * 8); 7388ed2b524SDag-Erling Smørgrav offset = 1; 7398ed2b524SDag-Erling Smørgrav 7408ed2b524SDag-Erling Smørgrav if (T > 8) { 7418ed2b524SDag-Erling Smørgrav return NULL; 7428ed2b524SDag-Erling Smørgrav } 7438ed2b524SDag-Erling Smørgrav if(len < (size_t)1 + SHA1_LENGTH + 3*length) 7448ed2b524SDag-Erling Smørgrav return NULL; 7458ed2b524SDag-Erling Smørgrav 7468ed2b524SDag-Erling Smørgrav Q.data = key+offset; 7478ed2b524SDag-Erling Smørgrav Q.len = SHA1_LENGTH; 7488ed2b524SDag-Erling Smørgrav offset += SHA1_LENGTH; 7498ed2b524SDag-Erling Smørgrav 7508ed2b524SDag-Erling Smørgrav P.data = key+offset; 7518ed2b524SDag-Erling Smørgrav P.len = length; 7528ed2b524SDag-Erling Smørgrav offset += length; 7538ed2b524SDag-Erling Smørgrav 7548ed2b524SDag-Erling Smørgrav G.data = key+offset; 7558ed2b524SDag-Erling Smørgrav G.len = length; 7568ed2b524SDag-Erling Smørgrav offset += length; 7578ed2b524SDag-Erling Smørgrav 7588ed2b524SDag-Erling Smørgrav Y.data = key+offset; 7598ed2b524SDag-Erling Smørgrav Y.len = length; 7608ed2b524SDag-Erling Smørgrav offset += length; 7618ed2b524SDag-Erling Smørgrav 7628ed2b524SDag-Erling Smørgrav pk = nss_key_create(dsaKey); 7638ed2b524SDag-Erling Smørgrav if(!pk) 7648ed2b524SDag-Erling Smørgrav return NULL; 7658ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.prime, &P)) { 7668ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7678ed2b524SDag-Erling Smørgrav return NULL; 7688ed2b524SDag-Erling Smørgrav } 7698ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.subPrime, &Q)) { 7708ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7718ed2b524SDag-Erling Smørgrav return NULL; 7728ed2b524SDag-Erling Smørgrav } 7738ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.params.base, &G)) { 7748ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7758ed2b524SDag-Erling Smørgrav return NULL; 7768ed2b524SDag-Erling Smørgrav } 7778ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.dsa.publicValue, &Y)) { 7788ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 7798ed2b524SDag-Erling Smørgrav return NULL; 7808ed2b524SDag-Erling Smørgrav } 7818ed2b524SDag-Erling Smørgrav return pk; 7828ed2b524SDag-Erling Smørgrav } 7838ed2b524SDag-Erling Smørgrav 7848ed2b524SDag-Erling Smørgrav static SECKEYPublicKey* nss_buf2rsa(unsigned char* key, size_t len) 7858ed2b524SDag-Erling Smørgrav { 7868ed2b524SDag-Erling Smørgrav SECKEYPublicKey* pk; 7878ed2b524SDag-Erling Smørgrav uint16_t exp; 7888ed2b524SDag-Erling Smørgrav uint16_t offset; 7898ed2b524SDag-Erling Smørgrav uint16_t int16; 7908ed2b524SDag-Erling Smørgrav SECItem modulus = {siBuffer, NULL, 0}; 7918ed2b524SDag-Erling Smørgrav SECItem exponent = {siBuffer, NULL, 0}; 7928ed2b524SDag-Erling Smørgrav if(len == 0) 7938ed2b524SDag-Erling Smørgrav return NULL; 7948ed2b524SDag-Erling Smørgrav if(key[0] == 0) { 7958ed2b524SDag-Erling Smørgrav if(len < 3) 7968ed2b524SDag-Erling Smørgrav return NULL; 7978ed2b524SDag-Erling Smørgrav /* the exponent is too large so it's places further */ 7988ed2b524SDag-Erling Smørgrav memmove(&int16, key+1, 2); 7998ed2b524SDag-Erling Smørgrav exp = ntohs(int16); 8008ed2b524SDag-Erling Smørgrav offset = 3; 8018ed2b524SDag-Erling Smørgrav } else { 8028ed2b524SDag-Erling Smørgrav exp = key[0]; 8038ed2b524SDag-Erling Smørgrav offset = 1; 8048ed2b524SDag-Erling Smørgrav } 8058ed2b524SDag-Erling Smørgrav 8068ed2b524SDag-Erling Smørgrav /* key length at least one */ 8078ed2b524SDag-Erling Smørgrav if(len < (size_t)offset + exp + 1) 8088ed2b524SDag-Erling Smørgrav return NULL; 8098ed2b524SDag-Erling Smørgrav 8108ed2b524SDag-Erling Smørgrav exponent.data = key+offset; 8118ed2b524SDag-Erling Smørgrav exponent.len = exp; 8128ed2b524SDag-Erling Smørgrav offset += exp; 8138ed2b524SDag-Erling Smørgrav modulus.data = key+offset; 8148ed2b524SDag-Erling Smørgrav modulus.len = (len - offset); 8158ed2b524SDag-Erling Smørgrav 8168ed2b524SDag-Erling Smørgrav pk = nss_key_create(rsaKey); 8178ed2b524SDag-Erling Smørgrav if(!pk) 8188ed2b524SDag-Erling Smørgrav return NULL; 8198ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.modulus, &modulus)) { 8208ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 8218ed2b524SDag-Erling Smørgrav return NULL; 8228ed2b524SDag-Erling Smørgrav } 8238ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pk->arena, &pk->u.rsa.publicExponent, &exponent)) { 8248ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pk); 8258ed2b524SDag-Erling Smørgrav return NULL; 8268ed2b524SDag-Erling Smørgrav } 8278ed2b524SDag-Erling Smørgrav return pk; 8288ed2b524SDag-Erling Smørgrav } 8298ed2b524SDag-Erling Smørgrav 8308ed2b524SDag-Erling Smørgrav /** 8318ed2b524SDag-Erling Smørgrav * Setup key and digest for verification. Adjust sig if necessary. 8328ed2b524SDag-Erling Smørgrav * 8338ed2b524SDag-Erling Smørgrav * @param algo: key algorithm 8348ed2b524SDag-Erling Smørgrav * @param evp_key: EVP PKEY public key to create. 8358ed2b524SDag-Erling Smørgrav * @param digest_type: digest type to use 8368ed2b524SDag-Erling Smørgrav * @param key: key to setup for. 8378ed2b524SDag-Erling Smørgrav * @param keylen: length of key. 8388ed2b524SDag-Erling Smørgrav * @param prefix: if returned, the ASN prefix for the hashblob. 8398ed2b524SDag-Erling Smørgrav * @param prefixlen: length of the prefix. 8408ed2b524SDag-Erling Smørgrav * @return false on failure. 8418ed2b524SDag-Erling Smørgrav */ 8428ed2b524SDag-Erling Smørgrav static int 8438ed2b524SDag-Erling Smørgrav nss_setup_key_digest(int algo, SECKEYPublicKey** pubkey, HASH_HashType* htype, 8448ed2b524SDag-Erling Smørgrav unsigned char* key, size_t keylen, unsigned char** prefix, 8458ed2b524SDag-Erling Smørgrav size_t* prefixlen) 8468ed2b524SDag-Erling Smørgrav { 8478ed2b524SDag-Erling Smørgrav /* uses libNSS */ 8488ed2b524SDag-Erling Smørgrav 8498ed2b524SDag-Erling Smørgrav /* hash prefix for md5, RFC2537 */ 850*17d15b25SDag-Erling Smørgrav static unsigned char p_md5[] = {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 8518ed2b524SDag-Erling Smørgrav 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}; 8528ed2b524SDag-Erling Smørgrav /* hash prefix to prepend to hash output, from RFC3110 */ 853*17d15b25SDag-Erling Smørgrav static unsigned char p_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 8548ed2b524SDag-Erling Smørgrav 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; 8558ed2b524SDag-Erling Smørgrav /* from RFC5702 */ 856*17d15b25SDag-Erling Smørgrav static unsigned char p_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 8578ed2b524SDag-Erling Smørgrav 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}; 858*17d15b25SDag-Erling Smørgrav static unsigned char p_sha512[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 8598ed2b524SDag-Erling Smørgrav 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}; 8608ed2b524SDag-Erling Smørgrav /* from RFC6234 */ 8618ed2b524SDag-Erling Smørgrav /* for future RSASHA384 .. 862*17d15b25SDag-Erling Smørgrav static unsigned char p_sha384[] = {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 8638ed2b524SDag-Erling Smørgrav 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}; 8648ed2b524SDag-Erling Smørgrav */ 8658ed2b524SDag-Erling Smørgrav 8668ed2b524SDag-Erling Smørgrav switch(algo) { 8678ed2b524SDag-Erling Smørgrav case LDNS_DSA: 8688ed2b524SDag-Erling Smørgrav case LDNS_DSA_NSEC3: 8698ed2b524SDag-Erling Smørgrav *pubkey = nss_buf2dsa(key, keylen); 8708ed2b524SDag-Erling Smørgrav if(!*pubkey) { 8718ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 8728ed2b524SDag-Erling Smørgrav return 0; 8738ed2b524SDag-Erling Smørgrav } 8748ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA1; 8758ed2b524SDag-Erling Smørgrav /* no prefix for DSA verification */ 8768ed2b524SDag-Erling Smørgrav break; 8778ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1: 8788ed2b524SDag-Erling Smørgrav case LDNS_RSASHA1_NSEC3: 8798ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 8808ed2b524SDag-Erling Smørgrav case LDNS_RSASHA256: 8818ed2b524SDag-Erling Smørgrav #endif 8828ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 8838ed2b524SDag-Erling Smørgrav case LDNS_RSASHA512: 8848ed2b524SDag-Erling Smørgrav #endif 8858ed2b524SDag-Erling Smørgrav *pubkey = nss_buf2rsa(key, keylen); 8868ed2b524SDag-Erling Smørgrav if(!*pubkey) { 8878ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 8888ed2b524SDag-Erling Smørgrav return 0; 8898ed2b524SDag-Erling Smørgrav } 8908ed2b524SDag-Erling Smørgrav /* select SHA version */ 8918ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 8928ed2b524SDag-Erling Smørgrav if(algo == LDNS_RSASHA256) { 8938ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA256; 8948ed2b524SDag-Erling Smørgrav *prefix = p_sha256; 8958ed2b524SDag-Erling Smørgrav *prefixlen = sizeof(p_sha256); 8968ed2b524SDag-Erling Smørgrav } else 8978ed2b524SDag-Erling Smørgrav #endif 8988ed2b524SDag-Erling Smørgrav #ifdef USE_SHA2 8998ed2b524SDag-Erling Smørgrav if(algo == LDNS_RSASHA512) { 9008ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA512; 9018ed2b524SDag-Erling Smørgrav *prefix = p_sha512; 9028ed2b524SDag-Erling Smørgrav *prefixlen = sizeof(p_sha512); 9038ed2b524SDag-Erling Smørgrav } else 9048ed2b524SDag-Erling Smørgrav #endif 9058ed2b524SDag-Erling Smørgrav { 9068ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA1; 9078ed2b524SDag-Erling Smørgrav *prefix = p_sha1; 9088ed2b524SDag-Erling Smørgrav *prefixlen = sizeof(p_sha1); 9098ed2b524SDag-Erling Smørgrav } 9108ed2b524SDag-Erling Smørgrav 9118ed2b524SDag-Erling Smørgrav break; 9128ed2b524SDag-Erling Smørgrav case LDNS_RSAMD5: 9138ed2b524SDag-Erling Smørgrav *pubkey = nss_buf2rsa(key, keylen); 9148ed2b524SDag-Erling Smørgrav if(!*pubkey) { 9158ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 9168ed2b524SDag-Erling Smørgrav return 0; 9178ed2b524SDag-Erling Smørgrav } 9188ed2b524SDag-Erling Smørgrav *htype = HASH_AlgMD5; 9198ed2b524SDag-Erling Smørgrav *prefix = p_md5; 9208ed2b524SDag-Erling Smørgrav *prefixlen = sizeof(p_md5); 9218ed2b524SDag-Erling Smørgrav 9228ed2b524SDag-Erling Smørgrav break; 9238ed2b524SDag-Erling Smørgrav #ifdef USE_ECDSA 9248ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP256SHA256: 9258ed2b524SDag-Erling Smørgrav *pubkey = nss_buf2ecdsa(key, keylen, 9268ed2b524SDag-Erling Smørgrav LDNS_ECDSAP256SHA256); 9278ed2b524SDag-Erling Smørgrav if(!*pubkey) { 9288ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 9298ed2b524SDag-Erling Smørgrav return 0; 9308ed2b524SDag-Erling Smørgrav } 9318ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA256; 9328ed2b524SDag-Erling Smørgrav /* no prefix for DSA verification */ 9338ed2b524SDag-Erling Smørgrav break; 9348ed2b524SDag-Erling Smørgrav case LDNS_ECDSAP384SHA384: 9358ed2b524SDag-Erling Smørgrav *pubkey = nss_buf2ecdsa(key, keylen, 9368ed2b524SDag-Erling Smørgrav LDNS_ECDSAP384SHA384); 9378ed2b524SDag-Erling Smørgrav if(!*pubkey) { 9388ed2b524SDag-Erling Smørgrav log_err("verify: malloc failure in crypto"); 9398ed2b524SDag-Erling Smørgrav return 0; 9408ed2b524SDag-Erling Smørgrav } 9418ed2b524SDag-Erling Smørgrav *htype = HASH_AlgSHA384; 9428ed2b524SDag-Erling Smørgrav /* no prefix for DSA verification */ 9438ed2b524SDag-Erling Smørgrav break; 9448ed2b524SDag-Erling Smørgrav #endif /* USE_ECDSA */ 9458ed2b524SDag-Erling Smørgrav case LDNS_ECC_GOST: 9468ed2b524SDag-Erling Smørgrav default: 9478ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: unknown algorithm %d", 9488ed2b524SDag-Erling Smørgrav algo); 9498ed2b524SDag-Erling Smørgrav return 0; 9508ed2b524SDag-Erling Smørgrav } 9518ed2b524SDag-Erling Smørgrav return 1; 9528ed2b524SDag-Erling Smørgrav } 9538ed2b524SDag-Erling Smørgrav 9548ed2b524SDag-Erling Smørgrav /** 9558ed2b524SDag-Erling Smørgrav * Check a canonical sig+rrset and signature against a dnskey 9568ed2b524SDag-Erling Smørgrav * @param buf: buffer with data to verify, the first rrsig part and the 9578ed2b524SDag-Erling Smørgrav * canonicalized rrset. 9588ed2b524SDag-Erling Smørgrav * @param algo: DNSKEY algorithm. 9598ed2b524SDag-Erling Smørgrav * @param sigblock: signature rdata field from RRSIG 9608ed2b524SDag-Erling Smørgrav * @param sigblock_len: length of sigblock data. 9618ed2b524SDag-Erling Smørgrav * @param key: public key data from DNSKEY RR. 9628ed2b524SDag-Erling Smørgrav * @param keylen: length of keydata. 9638ed2b524SDag-Erling Smørgrav * @param reason: bogus reason in more detail. 9648ed2b524SDag-Erling Smørgrav * @return secure if verification succeeded, bogus on crypto failure, 9658ed2b524SDag-Erling Smørgrav * unchecked on format errors and alloc failures. 9668ed2b524SDag-Erling Smørgrav */ 9678ed2b524SDag-Erling Smørgrav enum sec_status 968*17d15b25SDag-Erling Smørgrav verify_canonrrset(sldns_buffer* buf, int algo, unsigned char* sigblock, 9698ed2b524SDag-Erling Smørgrav unsigned int sigblock_len, unsigned char* key, unsigned int keylen, 9708ed2b524SDag-Erling Smørgrav char** reason) 9718ed2b524SDag-Erling Smørgrav { 9728ed2b524SDag-Erling Smørgrav /* uses libNSS */ 9738ed2b524SDag-Erling Smørgrav /* large enough for the different hashes */ 9748ed2b524SDag-Erling Smørgrav unsigned char hash[HASH_LENGTH_MAX]; 9758ed2b524SDag-Erling Smørgrav unsigned char hash2[HASH_LENGTH_MAX*2]; 9768ed2b524SDag-Erling Smørgrav HASH_HashType htype = 0; 9778ed2b524SDag-Erling Smørgrav SECKEYPublicKey* pubkey = NULL; 9788ed2b524SDag-Erling Smørgrav SECItem secsig = {siBuffer, sigblock, sigblock_len}; 9798ed2b524SDag-Erling Smørgrav SECItem sechash = {siBuffer, hash, 0}; 9808ed2b524SDag-Erling Smørgrav SECStatus res; 9818ed2b524SDag-Erling Smørgrav unsigned char* prefix = NULL; /* prefix for hash, RFC3110, RFC5702 */ 9828ed2b524SDag-Erling Smørgrav size_t prefixlen = 0; 9838ed2b524SDag-Erling Smørgrav int err; 9848ed2b524SDag-Erling Smørgrav 9858ed2b524SDag-Erling Smørgrav if(!nss_setup_key_digest(algo, &pubkey, &htype, key, keylen, 9868ed2b524SDag-Erling Smørgrav &prefix, &prefixlen)) { 9878ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: failed to setup key"); 9888ed2b524SDag-Erling Smørgrav *reason = "use of key for crypto failed"; 9898ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 9908ed2b524SDag-Erling Smørgrav return sec_status_bogus; 9918ed2b524SDag-Erling Smørgrav } 9928ed2b524SDag-Erling Smørgrav 9938ed2b524SDag-Erling Smørgrav /* need to convert DSA, ECDSA signatures? */ 9948ed2b524SDag-Erling Smørgrav if((algo == LDNS_DSA || algo == LDNS_DSA_NSEC3)) { 9958ed2b524SDag-Erling Smørgrav if(sigblock_len == 1+2*SHA1_LENGTH) { 9968ed2b524SDag-Erling Smørgrav secsig.data ++; 9978ed2b524SDag-Erling Smørgrav secsig.len --; 9988ed2b524SDag-Erling Smørgrav } else { 9998ed2b524SDag-Erling Smørgrav SECItem* p = DSAU_DecodeDerSig(&secsig); 10008ed2b524SDag-Erling Smørgrav if(!p) { 10018ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: failed DER decode"); 10028ed2b524SDag-Erling Smørgrav *reason = "signature DER decode failed"; 10038ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10048ed2b524SDag-Erling Smørgrav return sec_status_bogus; 10058ed2b524SDag-Erling Smørgrav } 10068ed2b524SDag-Erling Smørgrav if(SECITEM_CopyItem(pubkey->arena, &secsig, p)) { 10078ed2b524SDag-Erling Smørgrav log_err("alloc failure in DER decode"); 10088ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10098ed2b524SDag-Erling Smørgrav SECITEM_FreeItem(p, PR_TRUE); 10108ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 10118ed2b524SDag-Erling Smørgrav } 10128ed2b524SDag-Erling Smørgrav SECITEM_FreeItem(p, PR_TRUE); 10138ed2b524SDag-Erling Smørgrav } 10148ed2b524SDag-Erling Smørgrav } 10158ed2b524SDag-Erling Smørgrav 10168ed2b524SDag-Erling Smørgrav /* do the signature cryptography work */ 10178ed2b524SDag-Erling Smørgrav /* hash the data */ 10188ed2b524SDag-Erling Smørgrav sechash.len = HASH_ResultLen(htype); 10198ed2b524SDag-Erling Smørgrav if(sechash.len > sizeof(hash)) { 10208ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: hash too large for buffer"); 10218ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10228ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 10238ed2b524SDag-Erling Smørgrav } 1024*17d15b25SDag-Erling Smørgrav if(HASH_HashBuf(htype, hash, (unsigned char*)sldns_buffer_begin(buf), 1025*17d15b25SDag-Erling Smørgrav (unsigned int)sldns_buffer_limit(buf)) != SECSuccess) { 10268ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: HASH_HashBuf failed"); 10278ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10288ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 10298ed2b524SDag-Erling Smørgrav } 10308ed2b524SDag-Erling Smørgrav if(prefix) { 10318ed2b524SDag-Erling Smørgrav int hashlen = sechash.len; 10328ed2b524SDag-Erling Smørgrav if(prefixlen+hashlen > sizeof(hash2)) { 10338ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: hashprefix too large"); 10348ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10358ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 10368ed2b524SDag-Erling Smørgrav } 10378ed2b524SDag-Erling Smørgrav sechash.data = hash2; 10388ed2b524SDag-Erling Smørgrav sechash.len = prefixlen+hashlen; 10398ed2b524SDag-Erling Smørgrav memcpy(sechash.data, prefix, prefixlen); 10408ed2b524SDag-Erling Smørgrav memmove(sechash.data+prefixlen, hash, hashlen); 10418ed2b524SDag-Erling Smørgrav } 10428ed2b524SDag-Erling Smørgrav 10438ed2b524SDag-Erling Smørgrav /* verify the signature */ 10448ed2b524SDag-Erling Smørgrav res = PK11_Verify(pubkey, &secsig, &sechash, NULL /*wincx*/); 10458ed2b524SDag-Erling Smørgrav SECKEY_DestroyPublicKey(pubkey); 10468ed2b524SDag-Erling Smørgrav 10478ed2b524SDag-Erling Smørgrav if(res == SECSuccess) { 10488ed2b524SDag-Erling Smørgrav return sec_status_secure; 10498ed2b524SDag-Erling Smørgrav } 10508ed2b524SDag-Erling Smørgrav err = PORT_GetError(); 10518ed2b524SDag-Erling Smørgrav if(err != SEC_ERROR_BAD_SIGNATURE) { 10528ed2b524SDag-Erling Smørgrav /* failed to verify */ 10538ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: PK11_Verify failed: %s", 10548ed2b524SDag-Erling Smørgrav PORT_ErrorToString(err)); 10558ed2b524SDag-Erling Smørgrav /* if it is not supported, like ECC is removed, we get, 10568ed2b524SDag-Erling Smørgrav * SEC_ERROR_NO_MODULE */ 10578ed2b524SDag-Erling Smørgrav if(err == SEC_ERROR_NO_MODULE) 10588ed2b524SDag-Erling Smørgrav return sec_status_unchecked; 10598ed2b524SDag-Erling Smørgrav /* but other errors are commonly returned 10608ed2b524SDag-Erling Smørgrav * for a bad signature from NSS. Thus we return bogus, 10618ed2b524SDag-Erling Smørgrav * not unchecked */ 10628ed2b524SDag-Erling Smørgrav *reason = "signature crypto failed"; 10638ed2b524SDag-Erling Smørgrav return sec_status_bogus; 10648ed2b524SDag-Erling Smørgrav } 10658ed2b524SDag-Erling Smørgrav verbose(VERB_QUERY, "verify: signature mismatch: %s", 10668ed2b524SDag-Erling Smørgrav PORT_ErrorToString(err)); 10678ed2b524SDag-Erling Smørgrav *reason = "signature crypto failed"; 10688ed2b524SDag-Erling Smørgrav return sec_status_bogus; 10698ed2b524SDag-Erling Smørgrav } 10708ed2b524SDag-Erling Smørgrav 10718ed2b524SDag-Erling Smørgrav 10728ed2b524SDag-Erling Smørgrav #endif /* HAVE_SSL or HAVE_NSS */ 1073