00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00023 #ifndef LDNS_DNSSEC_H
00024 #define LDNS_DNSSEC_H
00025
00026 #include <ldns/common.h>
00027 #if LDNS_BUILD_CONFIG_HAVE_SSL
00028 #include <openssl/ssl.h>
00029 #include <openssl/evp.h>
00030 #endif
00031 #include <ldns/packet.h>
00032 #include <ldns/keys.h>
00033 #include <ldns/zone.h>
00034 #include <ldns/resolver.h>
00035 #include <ldns/dnssec_zone.h>
00036
00037 #ifdef __cplusplus
00038 extern "C" {
00039 #endif
00040
00041 #define LDNS_MAX_KEYLEN 2048
00042 #define LDNS_DNSSEC_KEYPROTO 3
00043
00044 #define LDNS_DEFAULT_EXP_TIME 2419200
00045
00047 #define LDNS_SIGNATURE_LEAVE_ADD_NEW 0
00048 #define LDNS_SIGNATURE_LEAVE_NO_ADD 1
00049 #define LDNS_SIGNATURE_REMOVE_ADD_NEW 2
00050 #define LDNS_SIGNATURE_REMOVE_NO_ADD 3
00051
00062 ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name,
00063 const ldns_rr_type type,
00064 const ldns_rr_list *rrs);
00065
00075 ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs);
00076
00084 ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec);
00085
00086
00087 #define LDNS_NSEC3_MAX_ITERATIONS 65535
00088
00092 ldns_rdf *
00093 ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname,
00094 ldns_rr_type qtype,
00095 ldns_rr_list *nsec3s);
00096
00100 bool
00101 ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt);
00102
00107 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type);
00108
00112 ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type);
00113
00120 uint16_t ldns_calc_keytag(const ldns_rr *key);
00121
00128 uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize);
00129
00130 #if LDNS_BUILD_CONFIG_HAVE_SSL
00131
00137 DSA *ldns_key_buf2dsa(ldns_buffer *key);
00144 DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len);
00145
00154 int ldns_digest_evp(unsigned char* data, unsigned int len,
00155 unsigned char* dest, const EVP_MD* md);
00156
00164 EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen);
00165
00174 EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
00175
00176 #endif
00177
00178 #if LDNS_BUILD_CONFIG_HAVE_SSL
00179
00185 RSA *ldns_key_buf2rsa(ldns_buffer *key);
00186
00193 RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
00194 #endif
00195
00203 ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
00204
00208 ldns_rdf *
00209 ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
00210 size_t size,
00211 ldns_rr_type nsec_type);
00212
00220 int
00221 ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type);
00222
00226 ldns_rr *
00227 ldns_dnssec_create_nsec(ldns_dnssec_name *from,
00228 ldns_dnssec_name *to,
00229 ldns_rr_type nsec_type);
00230
00231
00235 ldns_rr *
00236 ldns_dnssec_create_nsec3(ldns_dnssec_name *from,
00237 ldns_dnssec_name *to,
00238 ldns_rdf *zone_name,
00239 uint8_t algorithm,
00240 uint8_t flags,
00241 uint16_t iterations,
00242 uint8_t salt_length,
00243 uint8_t *salt);
00244
00252 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
00253
00263 ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
00264
00275 void ldns_nsec3_add_param_rdfs(ldns_rr *rr,
00276 uint8_t algorithm,
00277 uint8_t flags,
00278 uint16_t iterations,
00279 uint8_t salt_length,
00280 uint8_t *salt);
00281
00282
00283
00284 ldns_rr *
00285 ldns_create_nsec3(ldns_rdf *cur_owner,
00286 ldns_rdf *cur_zone,
00287 ldns_rr_list *rrs,
00288 uint8_t algorithm,
00289 uint8_t flags,
00290 uint16_t iterations,
00291 uint8_t salt_length,
00292 uint8_t *salt,
00293 bool emptynonterminal);
00294
00300 uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr);
00301
00305 uint8_t
00306 ldns_nsec3_flags(const ldns_rr *nsec3_rr);
00307
00313 bool ldns_nsec3_optout(const ldns_rr *nsec3_rr);
00314
00320 uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr);
00321
00327 ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr);
00328
00334 uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr);
00335
00341 uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr);
00342
00348 ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr);
00349
00355 ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr);
00356
00363 ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name);
00364
00371 bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type);
00372
00383 bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
00384
00385 #if LDNS_BUILD_CONFIG_HAVE_SSL
00386
00397 ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
00398
00411 ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys);
00412
00413 #endif
00414
00418 ldns_status
00419 ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs);
00420
00424 int
00425 qsort_rr_compare_nsec3(const void *a, const void *b);
00426
00430 void
00431 ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted);
00432
00440 int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n);
00448 int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n);
00456 int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n);
00464 int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n);
00465
00466 #if LDNS_BUILD_CONFIG_HAVE_SSL
00467
00475 ldns_rdf *
00476 ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig,
00477 const long sig_len);
00478
00487 ldns_status
00488 ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
00489 const ldns_rdf *sig_rdf);
00490
00500 ldns_rdf *
00501 ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len);
00502
00512 ldns_status
00513 ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer,
00514 const ldns_rdf *sig_rdf);
00515
00516 #endif
00517
00518 #ifdef __cplusplus
00519 }
00520 #endif
00521
00522 #endif