Go to the source code of this file.
Functions | |
ldns_rr_list * | ldns_sign_public (ldns_rr_list *rrset, ldns_key_list *keys) |
use this function to sign with a public/private key alg return the created signatures | |
ldns_rdf * | ldns_sign_public_dsa (ldns_buffer *to_sign, DSA *key) |
Sign data with DSA. | |
ldns_rdf * | ldns_sign_public_evp (ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type) |
Sign data with EVP (general method for different algorithms). | |
ldns_rdf * | ldns_sign_public_rsasha1 (ldns_buffer *to_sign, RSA *key) |
Sign a buffer with the RSA key (hash with SHA1). | |
ldns_rdf * | ldns_sign_public_rsamd5 (ldns_buffer *to_sign, RSA *key) |
Sign a buffer with the RSA key (hash with MD5). | |
ldns_status | ldns_dnssec_zone_create_nsecs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs) |
Adds NSEC records to the given dnssec_zone. | |
ldns_dnssec_rrs * | ldns_dnssec_remove_signatures (ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg) |
remove signatures if callback function tells to | |
ldns_status | ldns_dnssec_zone_create_rrsigs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg) |
Adds signatures to the zone. | |
ldns_status | ldns_dnssec_zone_sign (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg) |
signs the given zone with the given keys | |
ldns_status | ldns_dnssec_zone_sign_nsec3 (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
signs the given zone with the given new zone, with NSEC3 | |
ldns_zone * | ldns_zone_sign (const ldns_zone *zone, ldns_key_list *key_list) |
Signs the zone, and returns a newly allocated signed zone. | |
ldns_zone * | ldns_zone_sign_nsec3 (ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Signs the zone with NSEC3, and returns a newly allocated signed zone. |
ldns_rr_list* ldns_sign_public | ( | ldns_rr_list * | rrset, | |
ldns_key_list * | keys | |||
) |
use this function to sign with a public/private key alg return the created signatures
dnssec_verify
Definition at line 27 of file dnssec_sign.c.
References ldns_buffer_free(), ldns_buffer_new(), LDNS_DEFAULT_EXP_TIME, ldns_dname_cat_clone(), ldns_dname_label(), ldns_dname_label_count(), ldns_dname_left_chop(), LDNS_DSA_NSEC3, ldns_key_algorithm(), ldns_key_evp_key(), ldns_key_expiration(), ldns_key_flags(), ldns_key_inception(), ldns_key_keytag(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_pubkey_owner(), LDNS_KEY_SEP_KEY, ldns_key_use(), LDNS_KEY_ZONE_KEY, LDNS_MAX_PACKETLEN, ldns_native2rdf_int16(), ldns_native2rdf_int32(), ldns_native2rdf_int8(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rdf_deep_free(), LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TYPE, ldns_rr2canonical(), ldns_rr_get_type(), ldns_rr_list2buffer_wire(), ldns_rr_list_clone(), ldns_rr_list_deep_free(), ldns_rr_list_new(), ldns_rr_list_print(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_sort(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_rrsig_set_algorithm(), ldns_rr_rrsig_set_expiration(), ldns_rr_rrsig_set_inception(), ldns_rr_rrsig_set_keytag(), ldns_rr_rrsig_set_labels(), ldns_rr_rrsig_set_origttl(), ldns_rr_rrsig_set_sig(), ldns_rr_rrsig_set_signame(), ldns_rr_rrsig_set_typecovered(), ldns_rr_set_owner(), ldns_rr_set_ttl(), ldns_rr_ttl(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_RRSIG, ldns_rrsig2buffer_wire(), LDNS_SIGN_DSA, ldns_sign_public_evp(), LDNS_SIGN_RSAMD5, LDNS_SIGN_RSASHA1, LDNS_SIGN_RSASHA1_NSEC3, LDNS_SIGN_RSASHA256, LDNS_SIGN_RSASHA256_NSEC3, LDNS_SIGN_RSASHA512, LDNS_SIGN_RSASHA512_NSEC3, LDNS_STATUS_OK, and ldns_str2rdf_dname().
ldns_rdf* ldns_sign_public_dsa | ( | ldns_buffer * | to_sign, | |
DSA * | key | |||
) |
Sign data with DSA.
Sign a buffer with the DSA key (hash with SHA1).
[in] | to_sign | The ldns_buffer containing raw data that is to be signed |
[in] | key | The DSA key structure to sign with |
Definition at line 235 of file dnssec_sign.c.
References ldns_buffer_free(), ldns_buffer_new(), LDNS_FREE, LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.
ldns_rdf* ldns_sign_public_evp | ( | ldns_buffer * | to_sign, | |
EVP_PKEY * | key, | |||
const EVP_MD * | digest_type | |||
) |
Sign data with EVP (general method for different algorithms).
[in] | to_sign | The ldns_buffer containing raw data that is to be signed |
[in] | key | The EVP_PKEY key structure to sign with |
[in] | digest_type | The digest algorithm to use in the creation of the signature |
Definition at line 284 of file dnssec_sign.c.
References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.
ldns_rdf* ldns_sign_public_rsasha1 | ( | ldns_buffer * | to_sign, | |
RSA * | key | |||
) |
Sign a buffer with the RSA key (hash with SHA1).
[in] | to_sign | buffer with the data |
[in] | key | the key to use |
Definition at line 331 of file dnssec_sign.c.
References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.
ldns_rdf* ldns_sign_public_rsamd5 | ( | ldns_buffer * | to_sign, | |
RSA * | key | |||
) |
Sign a buffer with the RSA key (hash with MD5).
[in] | to_sign | buffer with the data |
[in] | key | the key to use |
Definition at line 370 of file dnssec_sign.c.
References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.
ldns_status ldns_dnssec_zone_create_nsecs | ( | ldns_dnssec_zone * | zone, | |
ldns_rr_list * | new_rrs | |||
) |
Adds NSEC records to the given dnssec_zone.
[in] | zone | the zone to add the records to |
[in] | new_rrs | ldns_rr's created by this function are added to this rr list, so the caller can free them later |
Definition at line 400 of file dnssec_sign.c.
References ldns_rbnode_t::data, ldns_dnssec_create_nsec(), ldns_dnssec_name_add_rr(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_push_rr(), LDNS_RR_TYPE_NSEC, LDNS_STATUS_ERR, LDNS_STATUS_OK, and ldns_struct_dnssec_zone::names.
ldns_dnssec_rrs* ldns_dnssec_remove_signatures | ( | ldns_dnssec_rrs * | signatures, | |
ldns_key_list * | key_list, | |||
int(*)(ldns_rr *, void *) | func, | |||
void * | arg | |||
) |
remove signatures if callback function tells to
[in] | signatures | list of signatures to check, and possibly remove, depending on the value of the callback |
[in] | key_list | these are marked to be used or not, on the return value of the callback |
[in] | func | this function is called to specify what to do with each signature (and corresponding key) |
[in] | arg | Optional argument for the callback function |
Definition at line 443 of file dnssec_sign.c.
References LDNS_FREE, ldns_key_keytag(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_list_set_use(), ldns_key_set_use(), ldns_rdf2native_int16(), ldns_rr_rrsig_keytag(), LDNS_SIGNATURE_LEAVE_ADD_NEW, LDNS_SIGNATURE_LEAVE_NO_ADD, LDNS_SIGNATURE_REMOVE_ADD_NEW, LDNS_SIGNATURE_REMOVE_NO_ADD, ldns_struct_dnssec_rrs::next, and ldns_struct_dnssec_rrs::rr.
ldns_status ldns_dnssec_zone_create_rrsigs | ( | ldns_dnssec_zone * | zone, | |
ldns_rr_list * | new_rrs, | |||
ldns_key_list * | key_list, | |||
int(*)(ldns_rr *, void *) | func, | |||
void * | arg | |||
) |
Adds signatures to the zone.
[in] | zone | the zone to add RRSIG Resource Records to |
[in] | new_rrs | the RRSIG RRs that are created are also added to this list, so the caller can free them later |
[in] | key_list | list of keys to sign with. |
[in] | func | Callback function to decide what keys to use and what to do with old signatures |
[in] | arg | Optional argument for the callback function |
Definition at line 529 of file dnssec_sign.c.
References ldns_rbnode_t::data, ldns_dnssec_remove_signatures(), ldns_dnssec_rrs_add_rr(), ldns_dnssec_rrs_new(), ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_list_set_use(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_sign_public(), LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_rrs::next, ldns_struct_dnssec_name::nsec, ldns_struct_dnssec_name::nsec_signatures, ldns_struct_dnssec_rrs::rr, ldns_struct_dnssec_rrsets::rrs, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::signatures.
ldns_status ldns_dnssec_zone_sign | ( | ldns_dnssec_zone * | zone, | |
ldns_rr_list * | new_rrs, | |||
ldns_key_list * | key_list, | |||
int(*)(ldns_rr *, void *) | func, | |||
void * | arg | |||
) |
signs the given zone with the given keys
[in] | zone | the zone to sign |
[in] | key_list | the list of keys to sign the zone with |
[in] | new_rrs | newly created resource records are added to this list, to free them later |
[in] | func | callback function that decides what to do with old signatures This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW: remove the signature and replace is with a new one from the same key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not add a new one with the corresponding key LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not replace |
[in] | arg | optional argument for the callback function |
Definition at line 639 of file dnssec_sign.c.
References ldns_rbnode_t::data, ldns_dnssec_zone_create_nsecs(), ldns_dnssec_zone_create_rrsigs(), LDNS_STATUS_ERR, LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, and ldns_rbtree_t::root.
ldns_status ldns_dnssec_zone_sign_nsec3 | ( | ldns_dnssec_zone * | zone, | |
ldns_rr_list * | new_rrs, | |||
ldns_key_list * | key_list, | |||
int(*)(ldns_rr *, void *) | func, | |||
void * | arg, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
signs the given zone with the given new zone, with NSEC3
[in] | zone | the zone to sign |
[in] | key_list | the list of keys to sign the zone with |
[in] | new_rrs | newly created resource records are added to this list, to free them later |
[in] | func | callback function that decides what to do with old signatures |
[in] | arg | optional argument for the callback function |
[in] | algorithm | the NSEC3 hashing algorithm to use |
[in] | flags | NSEC3 flags |
[in] | iterations | the number of NSEC3 hash iterations to use |
[in] | salt_length | the length (in octets) of the NSEC3 salt |
[in] | salt | the NSEC3 salt data |
Definition at line 673 of file dnssec_sign.c.
References ldns_rbnode_t::data, ldns_dnssec_zone_add_empty_nonterminals(), ldns_dnssec_zone_add_rr(), ldns_dnssec_zone_create_nsec3s(), ldns_dnssec_zone_create_rrsigs(), ldns_dnssec_zone_find_rrset(), ldns_nsec3_add_param_rdfs(), ldns_rdf_clone(), ldns_rr_get_type(), ldns_rr_list_push_rr(), ldns_rr_new_frm_type(), ldns_rr_set_owner(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_NSEC3PARAMS, LDNS_STATUS_OK, ldns_struct_dnssec_name::name, ldns_struct_dnssec_zone::names, ldns_rbtree_t::root, and ldns_struct_dnssec_zone::soa.
ldns_zone* ldns_zone_sign | ( | const ldns_zone * | zone, | |
ldns_key_list * | key_list | |||
) |
Signs the zone, and returns a newly allocated signed zone.
[in] | zone | the zone to sign |
[in] | key_list | list of keys to sign with |
Definition at line 732 of file dnssec_sign.c.
References ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_rr2canonical(), ldns_rr_clone(), ldns_rr_list_cat(), ldns_rr_list_clone(), ldns_rr_list_deep_free(), ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_sort(), ldns_zone_glue_rr_list(), ldns_zone_new(), ldns_zone_rrs(), ldns_zone_set_rrs(), ldns_zone_set_soa(), and ldns_zone_soa().
ldns_zone* ldns_zone_sign_nsec3 | ( | ldns_zone * | zone, | |
ldns_key_list * | key_list, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Signs the zone with NSEC3, and returns a newly allocated signed zone.
[in] | zone | the zone to sign |
[in] | key_list | list of keys to sign with |
[in] | algorithm | the NSEC3 hashing algorithm to use |
[in] | flags | NSEC3 flags |
[in] | iterations | the number of NSEC3 hash iterations to use |
[in] | salt_length | the length (in octets) of the NSEC3 salt |
[in] | salt | the NSEC3 salt data |
Definition at line 838 of file dnssec_sign.c.
References ldns_create_nsec3(), ldns_dname_cat_clone(), ldns_dname_compare(), ldns_dname_is_subdomain(), ldns_dname_label(), ldns_dname_label_count(), ldns_dname_new_frm_str(), ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_nsec3_add_param_rdfs(), ldns_rdf2native_int32(), ldns_rdf2str(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rdf_deep_free(), ldns_rdf_print(), ldns_rr_clone(), ldns_rr_get_type(), ldns_rr_list_cat(), ldns_rr_list_clone(), ldns_rr_list_contains_rr(), ldns_rr_list_deep_free(), ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_pop_rrset(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_set_rr(), ldns_rr_list_sort(), ldns_rr_list_sort_nsec3(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), ldns_rr_set_ttl(), LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC3PARAMS, LDNS_RR_TYPE_RRSIG, ldns_sign_public(), ldns_str2rdf_b32_ext(), ldns_zone_glue_rr_list(), ldns_zone_new(), ldns_zone_push_rr_list(), ldns_zone_rrs(), ldns_zone_set_soa(), and ldns_zone_soa().