ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Use HAWK-512

Browse Source
This commit is contained in:
Ondřej Surý
2025-03-14 11:03:08 +01:00
parent 33d2b567c6
commit 393b6445e1
2 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/dns/hawk_link.c
View File

@@ -68,7 +68,7 @@ dst__hawk_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *key = dctx->key;
isc_region_t sigreg;
uint8_t tmp[HAWK_TMPSIZE_SIGN(8)];
uint8_t tmp[HAWK_TMPSIZE_SIGN(HAWK_LOGN)];
isc_buffer_availableregion(sig, &sigreg);
if (sigreg.length < DNS_SIG_HAWKSIZE) {
@@ -76,9 +76,10 @@ dst__hawk_sign(dst_context_t *dctx, isc_buffer_t *sig) {
goto done;
}
int status = hawk_sign_finish(
8, dst__hawk_rng, NULL, sig->base, &dctx->ctxdata.shake_context,
key->keydata.keypair.priv, tmp, sizeof(tmp));
int status = hawk_sign_finish(HAWK_LOGN, dst__hawk_rng, NULL, sig->base,
&dctx->ctxdata.shake_context,
key->keydata.keypair.priv, tmp,
sizeof(tmp));
if (status == 0) {
result = DST_R_SIGNFAILURE;
isc_log_write(dctx->category, DNS_LOGMODULE_CRYPTO,
@@ -102,7 +103,7 @@ dst__hawk_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *key = dctx->key;
uint8_t tmp[HAWK_TMPSIZE_VERIFY_FAST(8)];
uint8_t tmp[HAWK_TMPSIZE_VERIFY_FAST(HAWK_LOGN)];
if (sig->length != DNS_SIG_HAWKSIZE) {
result = DST_R_VERIFYFAILURE;
@@ -110,7 +111,7 @@ dst__hawk_verify(dst_context_t *dctx, int maxbits ISC_ATTR_UNUSED,
}
int status = hawk_verify_finish(
8, sig->base, sig->length, &dctx->ctxdata.shake_context,
HAWK_LOGN, sig->base, sig->length, &dctx->ctxdata.shake_context,
key->keydata.keypair.pub, DNS_KEY_HAWKSIZE, tmp, sizeof(tmp));
if (status == 0) {
result = DST_R_VERIFYFAILURE;
@@ -169,9 +170,9 @@ dst__hawk_generate(dst_key_t *key, int unused ISC_ATTR_UNUSED,
isc_result_t result = ISC_R_UNSET;
uint8_t *pk = isc_mem_get(key->mctx, DNS_KEY_HAWKSIZE);
uint8_t *sk = isc_mem_get(key->mctx, DNS_SEC_HAWKSIZE);
uint8_t tmp[HAWK_TMPSIZE_KEYGEN(8)];
uint8_t tmp[HAWK_TMPSIZE_KEYGEN(HAWK_LOGN)];
int status = hawk_keygen(8, sk, pk, dst__hawk_rng, NULL, tmp,
int status = hawk_keygen(HAWK_LOGN, sk, pk, dst__hawk_rng, NULL, tmp,
sizeof(tmp));
if (status == 0) {
result = DST_R_CRYPTOFAILURE;

8
lib/dns/include/dns/keyvalues.h
View File

@@ -123,6 +123,8 @@
#define HAWK_SIG_SIZE(logn) \
(249u + 306u * (2u >> (10 - (logn))) + 360u * ((1u >> (10 - (logn)))))
#define DNS_SIG_HAWKSIZE HAWK_SIG_SIZE(8)
#define DNS_KEY_HAWKSIZE HAWK_PUBKEY_SIZE(8)
#define DNS_SEC_HAWKSIZE HAWK_PRIVKEY_SIZE(8)
#define HAWK_LOGN 9
#define DNS_SIG_HAWKSIZE HAWK_SIG_SIZE(HAWK_LOGN)
#define DNS_KEY_HAWKSIZE HAWK_PUBKEY_SIZE(HAWK_LOGN)
#define DNS_SEC_HAWKSIZE HAWK_PRIVKEY_SIZE(HAWK_LOGN)