This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035). More...
Go to the source code of this file.
Defines | |
#define | LDNS_MAX_KEYLEN 2048 |
#define | LDNS_DNSSEC_KEYPROTO 3 |
#define | LDNS_DEFAULT_EXP_TIME 2419200 |
#define | LDNS_SIGNATURE_LEAVE_ADD_NEW 0 |
return values for the old-signature callback | |
#define | LDNS_SIGNATURE_LEAVE_NO_ADD 1 |
#define | LDNS_SIGNATURE_REMOVE_ADD_NEW 2 |
#define | LDNS_SIGNATURE_REMOVE_NO_ADD 3 |
#define | LDNS_NSEC3_MAX_ITERATIONS 65535 |
Functions | |
ldns_rr * | ldns_dnssec_get_rrsig_for_name_and_type (const ldns_rdf *name, const ldns_rr_type type, const ldns_rr_list *rrs) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type. | |
ldns_rr * | ldns_dnssec_get_dnskey_for_rrsig (const ldns_rr *rrsig, const ldns_rr_list *rrs) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any. | |
ldns_rdf * | ldns_nsec_get_bitmap (ldns_rr *nsec) |
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record. | |
ldns_rdf * | ldns_dnssec_nsec3_closest_encloser (ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) |
Returns the dname of the closest (provable) encloser. | |
bool | ldns_dnssec_pkt_has_rrsigs (const ldns_pkt *pkt) |
Checks whether the packet contains rrsigs. | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_name_and_type (const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given name and type. | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_type (const ldns_pkt *pkt, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given type. | |
uint16_t | ldns_calc_keytag (const ldns_rr *key) |
calculates a keytag of a key for use in DNSSEC. | |
uint16_t | ldns_calc_keytag_raw (uint8_t *key, size_t keysize) |
Calculates keytag of DNSSEC key, operates on wireformat rdata. | |
DSA * | ldns_key_buf2dsa (ldns_buffer *key) |
converts a buffer holding key material to a DSA key in openssl. | |
DSA * | ldns_key_buf2dsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2dsa, but uses raw buffer. | |
int | ldns_digest_evp (unsigned char *data, unsigned int len, unsigned char *dest, const EVP_MD *md) |
Utility function to calculate hash using generic EVP_MD pointer. | |
EVP_PKEY * | ldns_gost2pkey_raw (unsigned char *key, size_t keylen) |
Converts a holding buffer with key material to EVP PKEY in openssl. | |
EVP_PKEY * | ldns_ecdsa2pkey_raw (unsigned char *key, size_t keylen, uint8_t algo) |
Converts a holding buffer with key material to EVP PKEY in openssl. | |
RSA * | ldns_key_buf2rsa (ldns_buffer *key) |
converts a buffer holding key material to a RSA key in openssl. | |
RSA * | ldns_key_buf2rsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2rsa, but uses raw buffer. | |
ldns_rr * | ldns_key_rr2ds (const ldns_rr *key, ldns_hash h) |
returns a new DS rr that represents the given key rr. | |
ldns_rdf * | ldns_dnssec_create_nsec_bitmap (ldns_rr_type rr_type_list[], size_t size, ldns_rr_type nsec_type) |
Create the type bitmap for an NSEC(3) record. | |
int | ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type) |
returns whether a rrset of the given type is found in the rrsets. | |
ldns_rr * | ldns_dnssec_create_nsec (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type) |
Creates NSEC. | |
ldns_rr * | ldns_dnssec_create_nsec3 (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Creates NSEC3. | |
ldns_rr * | ldns_create_nsec (ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) |
Create a NSEC record. | |
ldns_rdf * | ldns_nsec3_hash_name (ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Calculates the hashed name using the given parameters. | |
void | ldns_nsec3_add_param_rdfs (ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Sets all the NSEC3 options. | |
ldns_rr * | ldns_create_nsec3 (ldns_rdf *cur_owner, ldns_rdf *cur_zone, ldns_rr_list *rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, bool emptynonterminal) |
uint8_t | ldns_nsec3_algorithm (const ldns_rr *nsec3_rr) |
Returns the hash algorithm used in the given NSEC3 RR. | |
uint8_t | ldns_nsec3_flags (const ldns_rr *nsec3_rr) |
Returns flags field. | |
bool | ldns_nsec3_optout (const ldns_rr *nsec3_rr) |
Returns true if the opt-out flag has been set in the given NSEC3 RR. | |
uint16_t | ldns_nsec3_iterations (const ldns_rr *nsec3_rr) |
Returns the number of hash iterations used in the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_salt (const ldns_rr *nsec3_rr) |
Returns the salt used in the given NSEC3 RR. | |
uint8_t | ldns_nsec3_salt_length (const ldns_rr *nsec3_rr) |
Returns the length of the salt used in the given NSEC3 RR. | |
uint8_t * | ldns_nsec3_salt_data (const ldns_rr *nsec3_rr) |
Returns the salt bytes used in the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_next_owner (const ldns_rr *nsec3_rr) |
Returns the first label of the next ownername in the NSEC3 chain (ie. | |
ldns_rdf * | ldns_nsec3_bitmap (const ldns_rr *nsec3_rr) |
Returns the bitmap specifying the covered types of the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_hash_name_frm_nsec3 (const ldns_rr *nsec, ldns_rdf *name) |
Calculates the hashed name using the parameters of the given NSEC3 RR. | |
bool | ldns_nsec_bitmap_covers_type (const ldns_rdf *bitmap, ldns_rr_type type) |
Check if RR type t is enumerated and set in the RR type bitmap rdf. | |
ldns_status | ldns_nsec_bitmap_set_type (ldns_rdf *bitmap, ldns_rr_type type) |
Checks if RR type t is enumerated in the type bitmap rdf and sets the bit. | |
ldns_status | ldns_nsec_bitmap_clear_type (ldns_rdf *bitmap, ldns_rr_type type) |
Checks if RR type t is enumerated in the type bitmap rdf and clears the bit. | |
bool | ldns_nsec_covers_name (const ldns_rr *nsec, const ldns_rdf *name) |
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function). | |
ldns_status | ldns_pkt_verify (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) |
verify a packet | |
ldns_status | ldns_pkt_verify_time (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys) |
verify a packet | |
ldns_status | ldns_dnssec_chain_nsec3_list (ldns_rr_list *nsec3_rrs) |
chains nsec3 list | |
int | qsort_rr_compare_nsec3 (const void *a, const void *b) |
compare for nsec3 sort | |
void | ldns_rr_list_sort_nsec3 (ldns_rr_list *unsorted) |
sort nsec3 list | |
int | ldns_dnssec_default_add_to_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add new ones. | |
int | ldns_dnssec_default_leave_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add no new ones for the keys of these signatures. | |
int | ldns_dnssec_default_delete_signatures (ldns_rr *sig, void *n) |
Default callback function to always remove present signatures, but add no new ones. | |
int | ldns_dnssec_default_replace_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add new ones. | |
ldns_rdf * | ldns_convert_dsa_rrsig_asn12rdf (const ldns_buffer *sig, const long sig_len) |
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature data as used in DNS (rfc2536). | |
ldns_status | ldns_convert_dsa_rrsig_rdf2asn1 (ldns_buffer *target_buffer, const ldns_rdf *sig_rdf) |
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format. | |
ldns_rdf * | ldns_convert_ecdsa_rrsig_asn12rdf (const ldns_buffer *sig, const long sig_len) |
Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as used in DNS This routine is only present if ldns is compiled with ecdsa support. | |
ldns_status | ldns_convert_ecdsa_rrsig_rdf2asn1 (ldns_buffer *target_buffer, const ldns_rdf *sig_rdf) |
Converts the RRSIG signature RDF (from DNS) to a buffer with the signature in ASN1 format as openssl uses it. |
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
Since those functions heavily rely op cryptographic operations, this module is dependent on openssl.
Definition in file dnssec.h.
#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 |
ldns_rr* ldns_dnssec_get_rrsig_for_name_and_type | ( | const ldns_rdf * | name, | |
const ldns_rr_type | type, | |||
const ldns_rr_list * | rrs | |||
) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type.
[in] | name | The dname of the RRset covered by the RRSIG to find |
[in] | type | The type of the RRset covered by the RRSIG to find |
[in] | rrs | List of rrs to search in |
Definition at line 29 of file dnssec.c.
References ldns_dname_compare(), ldns_rdf2rr_type(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_typecovered(), and LDNS_RR_TYPE_RRSIG.
ldns_rr* ldns_dnssec_get_dnskey_for_rrsig | ( | const ldns_rr * | rrsig, | |
const ldns_rr_list * | rrs | |||
) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.
[in] | rrsig | The rrsig to find the DNSKEY for |
[in] | rrs | The rr list to find the key in |
Definition at line 57 of file dnssec.c.
References ldns_calc_keytag(), ldns_dname_compare(), ldns_rdf2native_int16(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_keytag(), ldns_rr_rrsig_signame(), and LDNS_RR_TYPE_DNSKEY.
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record.
[in] | nsec | The nsec to get the covered type bitmap of |
Definition at line 84 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_NSEC3.
ldns_rdf* ldns_dnssec_nsec3_closest_encloser | ( | ldns_rdf * | qname, | |
ldns_rr_type | qtype, | |||
ldns_rr_list * | nsec3s | |||
) |
Returns the dname of the closest (provable) encloser.
bool ldns_dnssec_pkt_has_rrsigs | ( | const ldns_pkt * | pkt | ) |
Checks whether the packet contains rrsigs.
Definition at line 198 of file dnssec.c.
References ldns_pkt_ancount(), ldns_pkt_answer(), ldns_pkt_authority(), ldns_pkt_nscount(), ldns_rr_get_type(), ldns_rr_list_rr(), and LDNS_RR_TYPE_RRSIG.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_name_and_type | ( | const ldns_pkt * | pkt, | |
ldns_rdf * | name, | |||
ldns_rr_type | type | |||
) |
Returns a ldns_rr_list containing the signatures covering the given name and type.
Definition at line 217 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_SIZE_WORD, LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_type | ( | const ldns_pkt * | pkt, | |
ldns_rr_type | type | |||
) |
Returns a ldns_rr_list containing the signatures covering the given type.
Definition at line 244 of file dnssec.c.
References ldns_pkt_rr_list_by_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
uint16_t ldns_calc_keytag | ( | const ldns_rr * | key | ) |
calculates a keytag of a key for use in DNSSEC.
[in] | key | the key as an RR to use for the calc. |
Definition at line 271 of file dnssec.c.
References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), ldns_calc_keytag_raw(), LDNS_MIN_BUFLEN, ldns_rr_get_type(), ldns_rr_rdata2buffer_wire(), LDNS_RR_TYPE_DNSKEY, and LDNS_RR_TYPE_KEY.
uint16_t ldns_calc_keytag_raw | ( | uint8_t * | key, | |
size_t | keysize | |||
) |
Calculates keytag of DNSSEC key, operates on wireformat rdata.
[in] | key | the key as uncompressed wireformat rdata. |
[in] | keysize | length of key data. |
Definition at line 301 of file dnssec.c.
References LDNS_RSAMD5.
DSA* ldns_key_buf2dsa | ( | ldns_buffer * | key | ) |
converts a buffer holding key material to a DSA key in openssl.
[in] | key | the key to convert |
Definition at line 330 of file dnssec.c.
References ldns_buffer_begin(), ldns_buffer_position(), and ldns_key_buf2dsa_raw().
DSA* ldns_key_buf2dsa_raw | ( | unsigned char * | key, | |
size_t | len | |||
) |
int ldns_digest_evp | ( | unsigned char * | data, | |
unsigned int | len, | |||
unsigned char * | dest, | |||
const EVP_MD * | md | |||
) |
Utility function to calculate hash using generic EVP_MD pointer.
[in] | data | the data to hash. |
[in] | len | length of data. |
[out] | dest | the destination of the hash, must be large enough. |
[in] | md | the message digest to use. |
EVP_PKEY* ldns_gost2pkey_raw | ( | unsigned char * | key, | |
size_t | keylen | |||
) |
Converts a holding buffer with key material to EVP PKEY in openssl.
Only available if ldns was compiled with GOST.
[in] | key | data to convert |
[in] | keylen | length of the key data |
EVP_PKEY* ldns_ecdsa2pkey_raw | ( | unsigned char * | key, | |
size_t | keylen, | |||
uint8_t | algo | |||
) |
Converts a holding buffer with key material to EVP PKEY in openssl.
Only available if ldns was compiled with ECDSA.
[in] | key | data to convert |
[in] | keylen | length of the key data |
[in] | algo | precise algorithm to initialize ECC group values. |
Definition at line 1859 of file dnssec_verify.c.
References LDNS_ECDSAP256SHA256, and LDNS_ECDSAP384SHA384.
RSA* ldns_key_buf2rsa | ( | ldns_buffer * | key | ) |
converts a buffer holding key material to a RSA key in openssl.
[in] | key | the key to convert |
Definition at line 389 of file dnssec.c.
References ldns_buffer_begin(), ldns_buffer_position(), and ldns_key_buf2rsa_raw().
RSA* ldns_key_buf2rsa_raw | ( | unsigned char * | key, | |
size_t | len | |||
) |
returns a new DS rr that represents the given key rr.
[in] | *key | the key to convert |
[in] | h | the hash to use LDNS_SHA1/LDNS_SHA256 |
Definition at line 474 of file dnssec.c.
References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), ldns_calc_keytag(), ldns_digest_evp(), ldns_dname2canonical(), LDNS_FREE, LDNS_HASH_GOST, ldns_key_EVP_load_gost_id(), LDNS_MAX_PACKETLEN, ldns_rdf2buffer_wire(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_HEX, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, ldns_rr_free(), ldns_rr_get_class(), ldns_rr_get_type(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_rdata2buffer_wire(), ldns_rr_rdf(), ldns_rr_set_class(), ldns_rr_set_owner(), ldns_rr_set_ttl(), ldns_rr_set_type(), ldns_rr_ttl(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_DS, ldns_sha1(), LDNS_SHA1, LDNS_SHA1_DIGEST_LENGTH, ldns_sha256(), LDNS_SHA256, LDNS_SHA256_DIGEST_LENGTH, LDNS_SHA384, LDNS_STATUS_OK, and LDNS_XMALLOC.
ldns_rdf* ldns_dnssec_create_nsec_bitmap | ( | ldns_rr_type | rr_type_list[], | |
size_t | size, | |||
ldns_rr_type | nsec_type | |||
) |
Create the type bitmap for an NSEC(3) record.
Definition at line 685 of file dnssec.c.
References LDNS_CALLOC, LDNS_FREE, ldns_rdf_new(), LDNS_RDF_TYPE_BITMAP, LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_NSEC3.
int ldns_dnssec_rrsets_contains_type | ( | ldns_dnssec_rrsets * | rrsets, | |
ldns_rr_type | type | |||
) |
returns whether a rrset of the given type is found in the rrsets.
[in] | rrsets | the rrsets to be tested |
[in] | type | the type to test for |
Definition at line 767 of file dnssec.c.
References ldns_struct_dnssec_rrsets::next, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_dnssec_create_nsec | ( | ldns_dnssec_name * | from, | |
ldns_dnssec_name * | to, | |||
ldns_rr_type | nsec_type | |||
) |
Creates NSEC.
Definition at line 781 of file dnssec.c.
References ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_dnssec_rrsets_contains_type(), ldns_rdf_clone(), ldns_rr_new(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_dnssec_create_nsec3 | ( | ldns_dnssec_name * | from, | |
ldns_dnssec_name * | to, | |||
ldns_rdf * | zone_name, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Creates NSEC3.
Definition at line 835 of file dnssec.c.
References ldns_struct_dnssec_name::hashed_name, ldns_dname_cat(), ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_dnssec_rrsets_contains_type(), ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rdf_clone(), ldns_rr_free(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, LDNS_STATUS_OK, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_create_nsec | ( | ldns_rdf * | cur_owner, | |
ldns_rdf * | next_owner, | |||
ldns_rr_list * | rrs | |||
) |
Create a NSEC record.
[in] | cur_owner | the current owner which should be taken as the starting point |
[in] | next_owner | the rrlist which the nsec rr should point to |
[in] | rrs | all rrs from the zone, to find all RR types of cur_owner in |
Definition at line 924 of file dnssec.c.
References ldns_dnssec_create_nsec_bitmap(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_RRSIG.
ldns_rdf* ldns_nsec3_hash_name | ( | ldns_rdf * | name, | |
uint8_t | algorithm, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Calculates the hashed name using the given parameters.
[in] | *name | The owner name to calculate the hash for |
[in] | algorithm | The hash algorithm to use |
[in] | iterations | The number of hash iterations to use |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt to use |
Definition at line 974 of file dnssec.c.
References ldns_b32_ntop_extended_hex(), ldns_dname2canonical(), LDNS_FREE, ldns_rdf_clone(), ldns_rdf_data(), ldns_rdf_deep_free(), ldns_rdf_print(), ldns_rdf_size(), ldns_sha1(), LDNS_SHA1, LDNS_SHA1_DIGEST_LENGTH, LDNS_STATUS_OK, ldns_str2rdf_dname(), and LDNS_XMALLOC.
void ldns_nsec3_add_param_rdfs | ( | ldns_rr * | rr, | |
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Sets all the NSEC3 options.
The rr to set them in must be initialized with _new() and type LDNS_RR_TYPE_NSEC3
[in] | *rr | The RR to set the values in |
[in] | algorithm | The NSEC3 hash algorithm |
[in] | flags | The flags field |
[in] | iterations | The number of hash iterations |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt bytes |
Definition at line 1073 of file dnssec.c.
References LDNS_FREE, ldns_native2rdf_int16(), ldns_rdf_deep_free(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_NSEC3_SALT, ldns_rr_set_rdf(), and LDNS_XMALLOC.
ldns_rr* ldns_create_nsec3 | ( | ldns_rdf * | cur_owner, | |
ldns_rdf * | cur_zone, | |||
ldns_rr_list * | rrs, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt, | |||
bool | emptynonterminal | |||
) |
Definition at line 1144 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dnssec_create_nsec_bitmap(), ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rdf_compare(), ldns_rdf_deep_free(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, and LDNS_STATUS_OK.
uint8_t ldns_nsec3_algorithm | ( | const ldns_rr * | nsec3_rr | ) |
Returns the hash algorithm used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1226 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
uint8_t ldns_nsec3_flags | ( | const ldns_rr * | nsec3_rr | ) |
Returns flags field.
Definition at line 1239 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
bool ldns_nsec3_optout | ( | const ldns_rr * | nsec3_rr | ) |
Returns true if the opt-out flag has been set in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1252 of file dnssec.c.
References ldns_nsec3_flags(), and LDNS_NSEC3_VARS_OPTOUT_MASK.
uint16_t ldns_nsec3_iterations | ( | const ldns_rr * | nsec3_rr | ) |
Returns the number of hash iterations used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1258 of file dnssec.c.
References ldns_rdf2native_int16(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
Returns the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1272 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
uint8_t ldns_nsec3_salt_length | ( | const ldns_rr * | nsec3_rr | ) |
Returns the length of the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1284 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), and ldns_rdf_size().
uint8_t* ldns_nsec3_salt_data | ( | const ldns_rr * | nsec3_rr | ) |
Returns the salt bytes used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1295 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), ldns_rdf_size(), and LDNS_XMALLOC.
Returns the first label of the next ownername in the NSEC3 chain (ie.
without the domain)
[in] | nsec3_rr | The RR to read from |
Definition at line 1312 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Returns the bitmap specifying the covered types of the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1322 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Calculates the hashed name using the parameters of the given NSEC3 RR.
[in] | *nsec | The RR to use the parameters from |
[in] | *name | The owner name to calculate the hash for |
Definition at line 1332 of file dnssec.c.
References LDNS_FREE, ldns_nsec3_algorithm(), ldns_nsec3_hash_name(), ldns_nsec3_iterations(), ldns_nsec3_salt_data(), and ldns_nsec3_salt_length().
bool ldns_nsec_bitmap_covers_type | ( | const ldns_rdf * | bitmap, | |
ldns_rr_type | type | |||
) |
Check if RR type t is enumerated and set in the RR type bitmap rdf.
[in] | bitmap | the RR type bitmap rdf to look in |
[in] | type | the type to check for |
Definition at line 1357 of file dnssec.c.
References ldns_rdf_data(), ldns_rdf_get_type(), ldns_rdf_size(), and LDNS_RDF_TYPE_BITMAP.
ldns_status ldns_nsec_bitmap_set_type | ( | ldns_rdf * | bitmap, | |
ldns_rr_type | type | |||
) |
Checks if RR type t is enumerated in the type bitmap rdf and sets the bit.
[in] | bitmap | the RR type bitmap rdf to look in |
[in] | type | the type to for which the bit to set |
Definition at line 1394 of file dnssec.c.
References ldns_rdf_data(), ldns_rdf_get_type(), ldns_rdf_size(), LDNS_RDF_TYPE_BITMAP, LDNS_STATUS_OK, and LDNS_STATUS_TYPE_NOT_IN_BITMAP.
ldns_status ldns_nsec_bitmap_clear_type | ( | ldns_rdf * | bitmap, | |
ldns_rr_type | type | |||
) |
Checks if RR type t is enumerated in the type bitmap rdf and clears the bit.
[in] | bitmap | the RR type bitmap rdf to look in |
[in] | type | the type to for which the bit to clear |
Definition at line 1432 of file dnssec.c.
References ldns_rdf_data(), ldns_rdf_get_type(), ldns_rdf_size(), LDNS_RDF_TYPE_BITMAP, LDNS_STATUS_OK, and LDNS_STATUS_TYPE_NOT_IN_BITMAP.
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function).
[in] | nsec | The NSEC RR to check |
[in] | name | The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name |
Definition at line 1472 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dname_left_chop(), ldns_dname_new_frm_str(), LDNS_FREE, ldns_get_errorstr_by_id(), ldns_nsec3_next_owner(), ldns_rdf2str(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rr_get_type(), ldns_rr_owner(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, and LDNS_STATUS_OK.
ldns_status ldns_pkt_verify | ( | ldns_pkt * | p, | |
ldns_rr_type | t, | |||
ldns_rdf * | o, | |||
ldns_rr_list * | k, | |||
ldns_rr_list * | s, | |||
ldns_rr_list * | good_keys | |||
) |
verify a packet
[in] | p | the packet |
[in] | t | the rr set type to check |
[in] | o | the rr set name to check |
[in] | k | list of keys |
[in] | s | list of sigs (may be null) |
[out] | good_keys | keys which validated the packet |
Definition at line 1587 of file dnssec.c.
References ldns_pkt_verify_time().
ldns_status ldns_pkt_verify_time | ( | ldns_pkt * | p, | |
ldns_rr_type | t, | |||
ldns_rdf * | o, | |||
ldns_rr_list * | k, | |||
ldns_rr_list * | s, | |||
time_t | check_time, | |||
ldns_rr_list * | good_keys | |||
) |
verify a packet
[in] | p | the packet |
[in] | t | the rr set type to check |
[in] | o | the rr set name to check |
[in] | k | list of keys |
[in] | s | list of sigs (may be null) |
[in] | check_time | the time for which the validation is performed |
[out] | good_keys | keys which validated the packet |
Definition at line 1523 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION, LDNS_STATUS_ERR, and ldns_verify_time().
ldns_status ldns_dnssec_chain_nsec3_list | ( | ldns_rr_list * | nsec3_rrs | ) |
chains nsec3 list
Definition at line 1595 of file dnssec.c.
References ldns_dname_label(), LDNS_FREE, ldns_rdf2str(), ldns_rdf_deep_free(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_set_rdf(), LDNS_STATUS_OK, and ldns_str2rdf_b32_ext().
int qsort_rr_compare_nsec3 | ( | const void * | a, | |
const void * | b | |||
) |
compare for nsec3 sort
Definition at line 1648 of file dnssec.c.
References ldns_rdf_compare(), and ldns_rr_owner().
void ldns_rr_list_sort_nsec3 | ( | ldns_rr_list * | unsorted | ) |
sort nsec3 list
Definition at line 1665 of file dnssec.c.
References ldns_struct_rr_list::_rrs, ldns_rr_list_rr_count(), and qsort_rr_compare_nsec3().
int ldns_dnssec_default_add_to_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
int ldns_dnssec_default_leave_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add no new ones for the keys of these signatures.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
int ldns_dnssec_default_delete_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always remove present signatures, but add no new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
int ldns_dnssec_default_replace_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
ldns_rdf* ldns_convert_dsa_rrsig_asn12rdf | ( | const ldns_buffer * | sig, | |
const long | sig_len | |||
) |
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature data as used in DNS (rfc2536).
[in] | sig | The signature in RFC2459 format |
[in] | sig_len | The length of the signature |
Definition at line 1707 of file dnssec.c.
References ldns_buffer_begin(), LDNS_FREE, ldns_rdf_new(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.
ldns_status ldns_convert_dsa_rrsig_rdf2asn1 | ( | ldns_buffer * | target_buffer, | |
const ldns_rdf * | sig_rdf | |||
) |
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format.
[out] | target_buffer | buffer to place the signature data |
[in] | sig_rdf | The signature rdf to convert |
Definition at line 1756 of file dnssec.c.
References ldns_buffer_reserve(), ldns_buffer_status(), ldns_buffer_write(), ldns_rdf_data(), ldns_rdf_size(), LDNS_STATUS_MEM_ERR, LDNS_STATUS_SSL_ERR, LDNS_STATUS_SYNTAX_RDATA_ERR, and R.
ldns_rdf* ldns_convert_ecdsa_rrsig_asn12rdf | ( | const ldns_buffer * | sig, | |
const long | sig_len | |||
) |
Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as used in DNS This routine is only present if ldns is compiled with ecdsa support.
[in] | sig | The signature in ASN1 format |
[in] | sig_len | The length of the signature |
Definition at line 1809 of file dnssec.c.
References ldns_buffer_begin(), ldns_rdf_new(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.
ldns_status ldns_convert_ecdsa_rrsig_rdf2asn1 | ( | ldns_buffer * | target_buffer, | |
const ldns_rdf * | sig_rdf | |||
) |
Converts the RRSIG signature RDF (from DNS) to a buffer with the signature in ASN1 format as openssl uses it.
This routine is only present if ldns is compiled with ecdsa support.
[out] | target_buffer | buffer to place the signature data in ASN1. |
[in] | sig_rdf | The signature rdf to convert |
Definition at line 1833 of file dnssec.c.
References ldns_buffer_current(), ldns_buffer_reserve(), ldns_buffer_skip(), ldns_buffer_status(), ldns_rdf_data(), ldns_rdf_size(), LDNS_STATUS_ERR, and LDNS_STATUS_MEM_ERR.