dnssec_verify.h

Go to the documentation of this file.
00001 
00003 #ifndef LDNS_DNSSEC_VERIFY_H
00004 #define LDNS_DNSSEC_VERIFY_H
00005 
00006 #define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10
00007 
00008 #include <ldns/dnssec.h>
00009 
00010 typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain;
00015 struct ldns_dnssec_data_chain_struct {
00016         ldns_rr_list *rrset;
00017         ldns_rr_list *signatures;
00018         ldns_rr_type parent_type;
00019         ldns_dnssec_data_chain *parent;
00020         ldns_pkt_rcode packet_rcode;
00021         ldns_rr_type packet_qtype;
00022         bool packet_nodata;
00023 };
00024 
00029 ldns_dnssec_data_chain *ldns_dnssec_data_chain_new();
00030 
00036 void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain);
00037 
00043 void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain);
00044 
00051 void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain);
00052 
00058 ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res,
00059                                                                                    const uint16_t qflags,
00060                                                                                    const ldns_rr_list *data_set,
00061                                                                                    const ldns_pkt *pkt,
00062                                                                                    ldns_rr *orig_rr);
00063 
00090 typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree;
00091 struct ldns_dnssec_trust_tree_struct {
00092         ldns_rr *rr;
00093         /* the complete rrset this rr was in */
00094         ldns_rr_list *rrset;
00095         ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
00096         ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
00099         ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS];
00100         size_t parent_count;
00101 };
00102 
00108 ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new();
00109 
00117 void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree);
00118 
00125 size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree);
00126 
00138 void ldns_dnssec_trust_tree_print(FILE *out,
00139                                                     ldns_dnssec_trust_tree *tree,
00140                                                     size_t tabs,
00141                                                     bool extended);
00142 
00153 ldns_status
00154 ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree,
00155                                   const ldns_dnssec_trust_tree *parent,
00156                                   const ldns_rr *parent_signature,
00157                                   const ldns_status parent_status);
00158 
00167 ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr);
00168 
00176 void
00177 ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree,
00178                                            ldns_dnssec_data_chain *data_chain,
00179                                            ldns_rr *cur_sig_rr);
00180 
00189 void
00190 ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree,
00191                                            ldns_dnssec_data_chain *data_chain,
00192                                            ldns_rr *cur_rr,
00193                                            ldns_rr *cur_sig_rr);
00194 
00202 void
00203 ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree,
00204                                        ldns_dnssec_data_chain *data_chain,
00205                                        ldns_rr *cur_rr);
00206 
00214 void
00215 ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree,
00216                                      ldns_dnssec_data_chain *data_chain);
00217 
00228 ldns_status ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree,
00229                                                                             ldns_rr_list *keys);
00230 
00242 ldns_status ldns_verify(ldns_rr_list *rrset,
00243                                     ldns_rr_list *rrsig,
00244                                     const ldns_rr_list *keys,
00245                                     ldns_rr_list *good_keys);   
00246 
00261 ldns_rr_list *
00262 ldns_fetch_valid_domain_keys(const ldns_resolver * res,
00263                                             const ldns_rdf * domain,
00264                                             const ldns_rr_list * keys,
00265                                             ldns_status *status);
00266 
00277 ldns_rr_list *
00278 ldns_validate_domain_dnskey (const ldns_resolver *res,
00279                                             const ldns_rdf *domain,
00280                                             const ldns_rr_list *keys);
00281 
00290 ldns_rr_list *
00291 ldns_validate_domain_ds(const ldns_resolver *res,
00292                                     const ldns_rdf *
00293                                     domain,
00294                                     const ldns_rr_list * keys);
00295 
00307 ldns_status
00308 ldns_verify_trusted(ldns_resolver *res,
00309                                 ldns_rr_list *rrset,
00310                                 ldns_rr_list *rrsigs,
00311                                 ldns_rr_list *validating_keys);
00312 
00323 ldns_status
00324 ldns_dnssec_verify_denial(ldns_rr *rr,
00325                           ldns_rr_list *nsecs,
00326                           ldns_rr_list *rrsigs);
00327 
00345 ldns_status
00346 ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
00347                                                   ldns_rr_list *nsecs,
00348                                                   ldns_rr_list *rrsigs,
00349                                                   ldns_pkt_rcode packet_rcode,
00350                                                   ldns_rr_type packet_qtype,
00351                                                   bool packet_nodata);
00352 
00363 ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf,
00364                                                            ldns_buffer *verify_buf,
00365                                                            ldns_buffer *key_buf,
00366                                                            uint8_t algo);
00367 
00379 ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig,
00380                                                                   size_t siglen, 
00381                                                                   ldns_buffer *verify_buf,
00382                                                                   unsigned char* key,
00383                                                                   size_t keylen, 
00384                                                                   uint8_t algo);
00385 
00397 ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, ldns_rr *rrsig, const ldns_rr_list *keys, ldns_rr_list *good_keys);
00398 
00406 ldns_status
00407 ldns_convert_dsa_rrsig_rdata(ldns_buffer *target_buffer,
00408                              ldns_rdf *sig_rdf);
00409 
00417 ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key);
00418 
00428 #ifdef HAVE_SSL
00429 ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig,
00430                                                     ldns_buffer *rrset,
00431                                                     EVP_PKEY *key,
00432                                                     const EVP_MD *digest_type);
00433 #endif
00434 
00443 #ifdef HAVE_SSL
00444 ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig,
00445                                                            size_t siglen,
00446                                                            ldns_buffer *rrset,
00447                                                            EVP_PKEY *key,
00448                                                            const EVP_MD *digest_type);
00449 #endif
00450 
00459 ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig,
00460                                                     ldns_buffer *rrset,
00461                                                     ldns_buffer *key);
00462 
00471 ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig,
00472                                                            ldns_buffer *rrset,
00473                                                            ldns_buffer *key);
00474 
00483 ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig,
00484                                                           ldns_buffer *rrset,
00485                                                           ldns_buffer *key);
00486 
00495 ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig,
00496                                                            size_t siglen,
00497                                                            ldns_buffer* rrset,
00498                                                            unsigned char* key,
00499                                                            size_t keylen);
00500 
00509 ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig,
00510                                                                   size_t siglen,
00511                                                                   ldns_buffer* rrset,
00512                                                                   unsigned char* key,
00513                                                                   size_t keylen);
00514 
00524 ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig,
00525                                                                     size_t siglen,
00526                                                                     ldns_buffer* rrset,
00527                                                                     unsigned char* key,
00528                                                                     size_t keylen);
00529 
00538 ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig,
00539                                                                     size_t siglen,
00540                                                                     ldns_buffer* rrset,
00541                                                                     unsigned char* key,
00542                                                                     size_t keylen);
00543 
00552 ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig,
00553                                                                  size_t siglen,
00554                                                                  ldns_buffer* rrset,
00555                                                                  unsigned char* key,
00556                                                                  size_t keylen);
00557 
00558 #endif
00559 

Generated on Fri Aug 8 03:40:19 2008 for ldns by  doxygen 1.5.6