5 // Copyright (c) 2020 Apple Inc. All rights reserved.
8 #ifndef DNSSEC_V2_CRYPTO_H
9 #define DNSSEC_V2_CRYPTO_H
11 #include "mDNSEmbeddedAPI.h"
12 #if MDNSRESPONDER_SUPPORTS(APPLE, DNSSECv2)
14 #include <corecrypto/ccsha1.h>
15 #include "dnssec_v2_structs.h"
17 #define SHA1_OUTPUT_SIZE 20
18 #define SHA256_OUTPUT_SIZE 32
19 #define SHA384_OUTPUT_SIZE 48
20 #define SHA512_OUTPUT_SIZE 64
21 #define MAX_HASH_OUTPUT_SIZE SHA512_OUTPUT_SIZE // to ensure that the buffer has enough space to store digest
23 // Taken from https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
24 typedef enum dnskey_algorithm_type
{
25 DNSKEY_ALGORITHM_DELETE
= 0,
26 DNSKEY_ALGORITHM_RSAMD5
= 1,
27 DNSKEY_ALGORITHM_DH
= 2,
28 DNSKEY_ALGORITHM_DSA
= 3,
30 DNSKEY_ALGORITHM_RSASHA1
= 5,
31 DNSKEY_ALGORITHM_DSA_NSEC3_SHA1
= 6,
32 DNSKEY_ALGORITHM_RSASHA1_NSEC3_SHA1
= 7,
33 DNSKEY_ALGORITHM_RSASHA256
= 8,
35 DNSKEY_ALGORITHM_RSASHA512
= 10,
37 DNSKEY_ALGORITHM_ECC_GOST
= 12,
38 DNSKEY_ALGORITHM_ECDSAP256SHA256
= 13,
39 DNSKEY_ALGORITHM_ECDSAP384SHA384
= 14,
40 DNSKEK_ALGORITHM_ED25519
= 15,
41 DNSKEY_ALGORITHM_ED448
= 16,
42 // Unassigned 17 - 122
44 DNSKEY_ALGORITHM_INDIRECT
= 252,
45 DNSKEY_ALGORITHM_PRIVATEDNS
= 253,
46 DNSKEY_ALGORITHM_PRIVATEOID
= 254
48 } dnskey_algorithm_type_t
;
50 // Taken from https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml too
51 typedef enum ds_digest_type
{
54 DS_DIGEST_SHA_256
= 2,
55 DS_DIGEST_GOST_R_34_11_94
= 3,
60 typedef enum nsec3_hash_algorithm_type
{
62 NSEC3_HASH_ALGORITHM_SHA_1
= 1
64 } nsec3_hash_algorithm_type_t
;
66 typedef enum digest_type
{
75 get_priority_of_ds_digest(mDNSu8 digest
);
78 get_priority_of_dnskey_algorithm(mDNSu8 algorithm
);
81 validate_signed_data_with_rrsig_and_dnskey(
82 const mDNSu32 request_id
,
83 const mDNSu8
* const _Nonnull signed_data
,
84 const mDNSu32 signed_data_length
,
85 const dnssec_rrsig_t
* const _Nonnull rrsig
,
86 const dnssec_dnskey_t
* const _Nonnull dnskey
);
89 calculate_digest_for_data(
90 const mDNSu8
* const _Nonnull data
,
91 const mDNSu32 data_length
,
92 const digest_type_t digest_type
,
93 mDNSu8
* const _Nonnull digest_buffer
,
96 mDNSexport mDNSu8
* _Nullable
97 calculate_b32_hash_for_nsec3(
98 const mDNSu8
* const _Nonnull name
,
99 const mDNSu16 name_length
,
100 const mDNSu8 hash_type
,
101 const mDNSu8
* const _Nullable salt
,
102 const mDNSu32 salt_length
,
103 const mDNSu16 iterations
);
106 calculate_hash_for_nsec3(
107 mDNSu8
* const _Nonnull hash_buffer
,
108 const mDNSu32 buffer_size
,
109 const mDNSu8 hash_type
,
110 const mDNSu8
* const _Nonnull name
,
111 const mDNSu16 name_length
,
112 const mDNSu8
* const _Nullable salt
,
113 const mDNSu32 salt_length
,
114 const mDNSu16 iterations
);
117 get_hash_length_for_nsec3_hash_type(const nsec3_hash_algorithm_type_t nsec3_hash_type
);
120 get_digest_length_for_ds_digest_type(const ds_digest_type_t ds_digest_type
);
123 get_digest_length_for_digest_type(const digest_type_t digest_type
);
126 canonical_form_name_length(const mDNSu8
* const _Nonnull name
);
129 compare_canonical_dns_name(const mDNSu8
* const _Nonnull left
, const mDNSu8
* const _Nonnull right
);
132 compare_canonical_dns_label(
133 const mDNSu8
* _Nonnull left_label
,
134 const mDNSu8 left_label_length
,
135 const mDNSu8
* _Nonnull right_label
,
136 const mDNSu8 right_label_length
);
139 copy_canonical_name(mDNSu8
* const _Nonnull dst
, const mDNSu8
* const _Nonnull name
);
143 copy_canonical_name_ut(mDNSu8
* const _Nonnull dst
, const mDNSu8
* const _Nonnull name
);
146 #endif // MDNSRESPONDER_SUPPORTS(APPLE, DNSSECv2)
147 #endif // DNSSEC_V2_CRYPTO_H