dnssec.h
Go to the documentation of this file.
1 /*
2  * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
3  *
4  * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
5  *
6  * See LICENSE for the license.
7  *
8  * A bunch of defines that are used in the DNS
9  */
10 
23 #ifndef LDNS_DNSSEC_H
24 #define LDNS_DNSSEC_H
25 
26 #include <ldns/common.h>
27 #if LDNS_BUILD_CONFIG_HAVE_SSL
28 #include <openssl/ssl.h>
29 #include <openssl/evp.h>
30 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
31 #include <ldns/packet.h>
32 #include <ldns/keys.h>
33 #include <ldns/zone.h>
34 #include <ldns/resolver.h>
35 #include <ldns/dnssec_zone.h>
36 
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40 
41 #define LDNS_MAX_KEYLEN 2048
42 #define LDNS_DNSSEC_KEYPROTO 3
43 /* default time before sigs expire */
44 #define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */
45 
47 #define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
48 #define LDNS_SIGNATURE_LEAVE_NO_ADD 1
49 #define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
50 #define LDNS_SIGNATURE_REMOVE_NO_ADD 3
51 
63  const ldns_rr_type type,
64  const ldns_rr_list *rrs);
65 
76 
85 
86 
87 #define LDNS_NSEC3_MAX_ITERATIONS 65535
88 
92 ldns_rdf *
94  ldns_rr_type qtype,
95  ldns_rr_list *nsec3s);
96 
100 bool
102 
108 
113 
120 uint16_t ldns_calc_keytag(const ldns_rr *key);
121 
128 uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
129 
130 #if LDNS_BUILD_CONFIG_HAVE_SSL
131 
137 DSA *ldns_key_buf2dsa(ldns_buffer *key);
144 DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
145 
154 int ldns_digest_evp(unsigned char* data, unsigned int len,
155  unsigned char* dest, const EVP_MD* md);
156 
164 EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
165 
174 EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
175 
176 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
177 
178 #if LDNS_BUILD_CONFIG_HAVE_SSL
179 
185 RSA *ldns_key_buf2rsa(ldns_buffer *key);
186 
193 RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
194 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
195 
204 ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
205 
209 ldns_rdf *
211  size_t size,
212  ldns_rr_type nsec_type);
213 
221 int
223 
227 ldns_rr *
229  ldns_dnssec_name *to,
230  ldns_rr_type nsec_type);
231 
232 
236 ldns_rr *
238  ldns_dnssec_name *to,
239  ldns_rdf *zone_name,
240  uint8_t algorithm,
241  uint8_t flags,
242  uint16_t iterations,
243  uint8_t salt_length,
244  uint8_t *salt);
245 
253 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
254 
264 ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
265 
277  uint8_t algorithm,
278  uint8_t flags,
279  uint16_t iterations,
280  uint8_t salt_length,
281  uint8_t *salt);
282 
283 /* this will NOT return the NSEC3 completed, you will have to run the
284  finalize function on the rrlist later! */
285 ldns_rr *
286 ldns_create_nsec3(ldns_rdf *cur_owner,
287  ldns_rdf *cur_zone,
288  ldns_rr_list *rrs,
289  uint8_t algorithm,
290  uint8_t flags,
291  uint16_t iterations,
292  uint8_t salt_length,
293  uint8_t *salt,
294  bool emptynonterminal);
295 
301 uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
302 
306 uint8_t
307 ldns_nsec3_flags(const ldns_rr *nsec3_rr);
308 
314 bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
315 
321 uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
322 
328 ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
329 
335 uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
336 
342 uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
343 
349 ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
350 
356 ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
357 
365 
372 bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type);
373 
384 bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
385 
386 #if LDNS_BUILD_CONFIG_HAVE_SSL
387 
399 
412 ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
413 
414 #endif
415 
421 
425 int
426 qsort_rr_compare_nsec3(const void *a, const void *b);
427 
431 void
433 
466 
467 #if LDNS_BUILD_CONFIG_HAVE_SSL
468 
476 ldns_rdf *
478  const long sig_len);
479 
490  const ldns_rdf *sig_rdf);
491 
501 ldns_rdf *
502 ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
503 
515  const ldns_rdf *sig_rdf);
516 
517 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
518 
519 #ifdef __cplusplus
520 }
521 #endif
522 
523 #endif /* LDNS_DNSSEC_H */