dnssec.h

Go to the documentation of this file.
00001 /*
00002  * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
00003  *
00004  * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
00005  *
00006  * See LICENSE for the license.
00007  *
00008  * A bunch of defines that are used in the DNS
00009  */
00010 
00023 #ifndef LDNS_DNSSEC_H
00024 #define LDNS_DNSSEC_H
00025 
00026 #include <ldns/common.h>
00027 #if LDNS_BUILD_CONFIG_HAVE_SSL
00028 #include <openssl/ssl.h>
00029 #include <openssl/evp.h>
00030 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00031 #include <ldns/packet.h>
00032 #include <ldns/keys.h>
00033 #include <ldns/zone.h>
00034 #include <ldns/resolver.h>
00035 #include <ldns/dnssec_zone.h>
00036 
00037 #ifdef __cplusplus
00038 extern "C" {
00039 #endif
00040 
00041 #define LDNS_MAX_KEYLEN         2048
00042 #define LDNS_DNSSEC_KEYPROTO    3
00043 /* default time before sigs expire */
00044 #define LDNS_DEFAULT_EXP_TIME   2419200 /* 4 weeks */
00045 
00047 #define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
00048 #define LDNS_SIGNATURE_LEAVE_NO_ADD 1
00049 #define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
00050 #define LDNS_SIGNATURE_REMOVE_NO_ADD 3
00051 
00062 ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
00063                                                                             const ldns_rr_type type,
00064                                                                             const ldns_rr_list *rrs);
00065 
00075 ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
00076 
00084 ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
00085 
00086 
00087 #define LDNS_NSEC3_MAX_ITERATIONS 65535
00088 
00092 ldns_rdf *
00093 ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
00094                                                         ldns_rr_type qtype,
00095                                                         ldns_rr_list *nsec3s);
00096 
00100 bool
00101 ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
00102 
00107 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
00108 
00112 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
00113 
00120 uint16_t ldns_calc_keytag(const ldns_rr *key);
00121 
00128 uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
00129 
00130 #if LDNS_BUILD_CONFIG_HAVE_SSL
00131 
00137 DSA *ldns_key_buf2dsa(ldns_buffer *key);
00144 DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
00145 
00154 int ldns_digest_evp(unsigned char* data, unsigned int len, 
00155         unsigned char* dest, const EVP_MD* md);
00156 
00164 EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
00165 
00174 EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
00175 
00176 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00177 
00178 #if LDNS_BUILD_CONFIG_HAVE_SSL
00179 
00185 RSA *ldns_key_buf2rsa(ldns_buffer *key);
00186 
00193 RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
00194 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00195 
00204 ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
00205 
00209 ldns_rdf *
00210 ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
00211                                                  size_t size,
00212                                                  ldns_rr_type nsec_type);
00213 
00221 int
00222 ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
00223 
00227 ldns_rr *
00228 ldns_dnssec_create_nsec(ldns_dnssec_name *from,
00229                                     ldns_dnssec_name *to,
00230                                     ldns_rr_type nsec_type);
00231 
00232 
00236 ldns_rr *
00237 ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
00238                                         ldns_dnssec_name *to,
00239                                         ldns_rdf *zone_name,
00240                                         uint8_t algorithm,
00241                                         uint8_t flags,
00242                                         uint16_t iterations,
00243                                         uint8_t salt_length,
00244                                         uint8_t *salt);
00245 
00253 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
00254 
00264 ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
00265 
00276 void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
00277                                                  uint8_t algorithm,
00278                                                  uint8_t flags,
00279                                                  uint16_t iterations,
00280                                                  uint8_t salt_length,
00281                                                  uint8_t *salt);
00282 
00283 /* this will NOT return the NSEC3  completed, you will have to run the
00284    finalize function on the rrlist later! */
00285 ldns_rr *
00286 ldns_create_nsec3(ldns_rdf *cur_owner,
00287                   ldns_rdf *cur_zone,
00288                   ldns_rr_list *rrs,
00289                   uint8_t algorithm,
00290                   uint8_t flags,
00291                   uint16_t iterations,
00292                   uint8_t salt_length,
00293                   uint8_t *salt,
00294                   bool emptynonterminal);
00295 
00301 uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
00302 
00306 uint8_t
00307 ldns_nsec3_flags(const ldns_rr *nsec3_rr);
00308 
00314 bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
00315 
00321 uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
00322 
00328 ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
00329 
00335 uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
00336 
00342 uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
00343 
00349 ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
00350 
00356 ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
00357 
00364 ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
00365 
00372 bool ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type);
00373 
00381 ldns_status ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type);
00382 
00390 ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type);
00391 
00402 bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
00403 
00404 #if LDNS_BUILD_CONFIG_HAVE_SSL
00405 
00416 ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
00417 
00430 ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
00431 
00432 #endif
00433 
00437 ldns_status
00438 ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
00439 
00443 int
00444 qsort_rr_compare_nsec3(const void *a, const void *b);
00445 
00449 void
00450 ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
00451 
00459 int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
00467 int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
00475 int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
00483 int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
00484 
00485 #if LDNS_BUILD_CONFIG_HAVE_SSL
00486 
00494 ldns_rdf *
00495 ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
00496                                                   const long sig_len);
00497 
00506 ldns_status
00507 ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
00508                                                   const ldns_rdf *sig_rdf);
00509 
00519 ldns_rdf *
00520 ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
00521 
00531 ldns_status
00532 ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
00533         const ldns_rdf *sig_rdf);
00534 
00535 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00536 
00537 #ifdef __cplusplus
00538 }
00539 #endif
00540 
00541 #endif /* LDNS_DNSSEC_H */

Generated on 21 Apr 2016 for ldns by  doxygen 1.6.1