"Fossies" - the Fresh Open Source Software Archive

Member "knot-2.8.3/src/libdnssec/sign/der.h" (16 Jul 2019, 2094 Bytes) of package /linux/misc/dns/knot-2.8.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "der.h" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.7.6_vs_2.8.0.

    1 /*  Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
    2 
    3     This program is free software: you can redistribute it and/or modify
    4     it under the terms of the GNU General Public License as published by
    5     the Free Software Foundation, either version 3 of the License, or
    6     (at your option) any later version.
    7 
    8     This program is distributed in the hope that it will be useful,
    9     but WITHOUT ANY WARRANTY; without even the implied warranty of
   10     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   11     GNU General Public License for more details.
   12 
   13     You should have received a copy of the GNU General Public License
   14     along with this program.  If not, see <https://www.gnu.org/licenses/>.
   15 */
   16 
   17 #pragma once
   18 
   19 #include "libdnssec/binary.h"
   20 
   21 /*
   22  * The ECDSA signatures in DNSSEC are encoded differently than in X.509
   23  * (PKCS #1). The cryptographic libraries usually produce the signatures in
   24  * X.509 format, which uses Dss-Sig-Value to encapsulate 'r' and 's' values
   25  * of the signature.
   26  *
   27  * This module provides decoding and encoding of this format.
   28  *
   29  * The 'r' and 's' values are treated as unsigned values: The leading zeroes
   30  * are stripped on decoding; an extra leading zero is added on encoding in case
   31  * the value starts with a set bit.
   32  */
   33 
   34 /*!
   35  * Decode signature parameters from X.509 ECDSA signature.
   36  *
   37  * \param[in]  der  X.509 encoded signature.
   38  * \param[out] s    Value 's' of the signature, will point to the data in DER.
   39  * \param[out] r    Value 'r' of the signature, will point to the data in DER.
   40  *
   41  * \return Error code, DNSSEC_EOK if successful.
   42  */
   43 int dss_sig_value_decode(const dnssec_binary_t *der,
   44              dnssec_binary_t *r, dnssec_binary_t *s);
   45 
   46 /*!
   47  * Encode signature parameters from X.509 ECDSA signature.
   48  *
   49  * \param[in]  s    Value 's' of the signature.
   50  * \param[in]  r    Value 'r' of the signature.
   51  * \param[out] der  X.509 signature, the content will be allocated.
   52  *
   53  * \return Error code, DNSSEC_EOK if successful.
   54  */
   55 int dss_sig_value_encode(const dnssec_binary_t *r, const dnssec_binary_t *s,
   56              dnssec_binary_t *der);