dnssec.h

Go to the documentation of this file.
00001 /*
00002  * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
00003  *
00004  * Copyright (c) 2005-2006, NLnet Labs. All rights reserved.
00005  *
00006  * See LICENSE for the license.
00007  *
00008  * A bunch of defines that are used in the DNS
00009  */
00010 
00023 #ifndef LDNS_DNSSEC_H
00024 #define LDNS_DNSSEC_H
00025 
00026 #ifdef HAVE_SSL
00027 #include <openssl/ssl.h>
00028 #include <openssl/evp.h>
00029 #endif /* HAVE_SSL */
00030 #include <ldns/common.h>
00031 #include <ldns/packet.h>
00032 #include <ldns/keys.h>
00033 #include <ldns/zone.h>
00034 #include <ldns/resolver.h>
00035 #include <ldns/dnssec_zone.h>
00036 
00037 #define LDNS_MAX_KEYLEN         2048
00038 #define LDNS_DNSSEC_KEYPROTO    3
00039 /* default time before sigs expire */
00040 #define LDNS_DEFAULT_EXP_TIME   2419200 /* 4 weeks */
00041 
00043 #define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
00044 #define LDNS_SIGNATURE_LEAVE_NO_ADD 1
00045 #define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
00046 #define LDNS_SIGNATURE_REMOVE_NO_ADD 3
00047 
00058 ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
00059                                                                             const ldns_rr_type type,
00060                                                                             const ldns_rr_list *rrs);
00061 
00071 ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
00072 
00080 ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
00081 
00082 
00083 #define LDNS_NSEC3_MAX_ITERATIONS 65535
00084 
00088 ldns_rdf *
00089 ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
00090                                                         ldns_rr_type qtype,
00091                                                         ldns_rr_list *nsec3s);
00092 
00096 bool
00097 ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
00098 
00103 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
00104 
00108 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
00109 
00116 uint16_t ldns_calc_keytag(const ldns_rr *key);
00117 
00124 uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
00125 
00126 #ifdef HAVE_SSL
00127 
00133 DSA *ldns_key_buf2dsa(ldns_buffer *key);
00140 DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
00141 #endif /* HAVE_SSL */
00142 
00143 #ifdef HAVE_SSL
00144 
00150 RSA *ldns_key_buf2rsa(ldns_buffer *key);
00151 
00158 RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
00159 #endif /* HAVE_SSL */
00160 
00168 ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
00169 
00173 ldns_rdf *
00174 ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
00175                                                  size_t size,
00176                                                  ldns_rr_type nsec_type);
00177 
00181 ldns_rr *
00182 ldns_dnssec_create_nsec(ldns_dnssec_name *from,
00183                                     ldns_dnssec_name *to,
00184                                     ldns_rr_type nsec_type);
00185 
00189 ldns_rr *
00190 ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
00191                                         ldns_dnssec_name *to,
00192                                         ldns_rdf *zone_name,
00193                                         uint8_t algorithm,
00194                                         uint8_t flags,
00195                                         uint16_t iterations,
00196                                         uint8_t salt_length,
00197                                         uint8_t *salt);
00198 
00206 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
00207 
00217 ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
00218 
00229 void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
00230                                                  uint8_t algorithm,
00231                                                  uint8_t flags,
00232                                                  uint16_t iterations,
00233                                                  uint8_t salt_length,
00234                                                  uint8_t *salt);
00235 
00236 /* this will NOT return the NSEC3  completed, you will have to run the
00237    finalize function on the rrlist later! */
00238 ldns_rr *
00239 ldns_create_nsec3(ldns_rdf *cur_owner,
00240                   ldns_rdf *cur_zone,
00241                   ldns_rr_list *rrs,
00242                   uint8_t algorithm,
00243                   uint8_t flags,
00244                   uint16_t iterations,
00245                   uint8_t salt_length,
00246                   uint8_t *salt,
00247                   bool emptynonterminal);
00248 
00254 uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
00255 
00259 uint8_t
00260 ldns_nsec3_flags(const ldns_rr *nsec3_rr);
00261 
00267 bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
00268 
00274 uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
00275 
00281 ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
00282 
00288 uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
00289 
00295 uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
00296 
00302 ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
00303 
00309 ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
00310 
00317 ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
00318 
00325 bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type);
00326 
00337 bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
00338 
00350 ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
00351 
00355 ldns_status
00356 ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
00357 
00361 int
00362 qsort_rr_compare_nsec3(const void *a, const void *b);
00363 
00367 void
00368 ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
00369 
00373 ldns_status
00374 ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
00375                                                  ldns_rr_list *new_rrs,
00376                                                  uint8_t algorithm,
00377                                                  uint8_t flags,
00378                                                  uint16_t iterations,
00379                                                  uint8_t salt_length,
00380                                                  uint8_t *salt);
00388 int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
00396 int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
00404 int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
00412 int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
00413 
00414 #endif /* LDNS_DNSSEC_H */

Generated on Fri Aug 8 03:40:19 2008 for ldns by  doxygen 1.5.6