Go to the source code of this file.
Defines | |
#define | LDNS_MAX_KEYLEN 2048 |
#define | LDNS_DNSSEC_KEYPROTO 3 |
#define | LDNS_DEFAULT_EXP_TIME 2419200 |
#define | LDNS_SIGNATURE_LEAVE_ADD_NEW 0 |
return values for the old-signature callback | |
#define | LDNS_SIGNATURE_LEAVE_NO_ADD 1 |
#define | LDNS_SIGNATURE_REMOVE_ADD_NEW 2 |
#define | LDNS_SIGNATURE_REMOVE_NO_ADD 3 |
#define | LDNS_NSEC3_MAX_ITERATIONS 65535 |
Functions | |
ldns_rr * | ldns_dnssec_get_rrsig_for_name_and_type (const ldns_rdf *name, const ldns_rr_type type, const ldns_rr_list *rrs) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type. | |
ldns_rr * | ldns_dnssec_get_dnskey_for_rrsig (const ldns_rr *rrsig, const ldns_rr_list *rrs) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any. | |
ldns_rdf * | ldns_nsec_get_bitmap (ldns_rr *nsec) |
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record. | |
ldns_rdf * | ldns_dnssec_nsec3_closest_encloser (ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) |
Returns the dname of the closest (provable) encloser. | |
bool | ldns_dnssec_pkt_has_rrsigs (const ldns_pkt *pkt) |
Checks whether the packet contains rrsigs. | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_name_and_type (const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given name and type. | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_type (const ldns_pkt *pkt, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given type. | |
uint16_t | ldns_calc_keytag (const ldns_rr *key) |
calculates a keytag of a key for use in DNSSEC. | |
uint16_t | ldns_calc_keytag_raw (uint8_t *key, size_t keysize) |
Calculates keytag of DNSSEC key, operates on wireformat rdata. | |
DSA * | ldns_key_buf2dsa (ldns_buffer *key) |
converts a buffer holding key material to a DSA key in openssl. | |
DSA * | ldns_key_buf2dsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2dsa, but uses raw buffer. | |
RSA * | ldns_key_buf2rsa (ldns_buffer *key) |
converts a buffer holding key material to a RSA key in openssl. | |
RSA * | ldns_key_buf2rsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2rsa, but uses raw buffer. | |
ldns_rr * | ldns_key_rr2ds (const ldns_rr *key, ldns_hash h) |
returns a new DS rr that represents the given key rr. | |
ldns_rdf * | ldns_dnssec_create_nsec_bitmap (ldns_rr_type rr_type_list[], size_t size, ldns_rr_type nsec_type) |
Create the type bitmap for an NSEC(3) record. | |
ldns_rr * | ldns_dnssec_create_nsec (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type) |
Creates NSEC. | |
ldns_rr * | ldns_dnssec_create_nsec3 (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Creates NSEC3. | |
ldns_rr * | ldns_create_nsec (ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) |
Create a NSEC record. | |
ldns_rdf * | ldns_nsec3_hash_name (ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Calculates the hashed name using the given parameters. | |
void | ldns_nsec3_add_param_rdfs (ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Sets all the NSEC3 options. | |
ldns_rr * | ldns_create_nsec3 (ldns_rdf *cur_owner, ldns_rdf *cur_zone, ldns_rr_list *rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, bool emptynonterminal) |
uint8_t | ldns_nsec3_algorithm (const ldns_rr *nsec3_rr) |
Returns the hash algorithm used in the given NSEC3 RR. | |
uint8_t | ldns_nsec3_flags (const ldns_rr *nsec3_rr) |
Returns flags field. | |
bool | ldns_nsec3_optout (const ldns_rr *nsec3_rr) |
Returns true if the opt-out flag has been set in the given NSEC3 RR. | |
uint16_t | ldns_nsec3_iterations (const ldns_rr *nsec3_rr) |
Returns the number of hash iterations used in the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_salt (const ldns_rr *nsec3_rr) |
Returns the salt used in the given NSEC3 RR. | |
uint8_t | ldns_nsec3_salt_length (const ldns_rr *nsec3_rr) |
Returns the length of the salt used in the given NSEC3 RR. | |
uint8_t * | ldns_nsec3_salt_data (const ldns_rr *nsec3_rr) |
Returns the salt bytes used in the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_next_owner (const ldns_rr *nsec3_rr) |
Returns the first label of the next ownername in the NSEC3 chain (ie. | |
ldns_rdf * | ldns_nsec3_bitmap (const ldns_rr *nsec3_rr) |
Returns the bitmap specifying the covered types of the given NSEC3 RR. | |
ldns_rdf * | ldns_nsec3_hash_name_frm_nsec3 (const ldns_rr *nsec, ldns_rdf *name) |
Calculates the hashed name using the parameters of the given NSEC3 RR. | |
bool | ldns_nsec_bitmap_covers_type (const ldns_rdf *nsec_bitmap, ldns_rr_type type) |
Checks coverage of NSEC RR type bitmap. | |
bool | ldns_nsec_covers_name (const ldns_rr *nsec, const ldns_rdf *name) |
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function). | |
ldns_status | ldns_pkt_verify (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) |
verify a packet | |
ldns_status | ldns_dnssec_chain_nsec3_list (ldns_rr_list *nsec3_rrs) |
chains nsec3 list | |
int | qsort_rr_compare_nsec3 (const void *a, const void *b) |
compare for nsec3 sort | |
void | ldns_rr_list_sort_nsec3 (ldns_rr_list *unsorted) |
sort nsec3 list | |
ldns_status | ldns_dnssec_zone_create_nsec3s (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Adds NSEC3 records to the zone. | |
int | ldns_dnssec_default_add_to_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add new ones. | |
int | ldns_dnssec_default_leave_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add no new ones for the keys of these signatures. | |
int | ldns_dnssec_default_delete_signatures (ldns_rr *sig, void *n) |
Default callback function to always remove present signatures, but add no new ones. | |
int | ldns_dnssec_default_replace_signatures (ldns_rr *sig, void *n) |
Default callback function to always leave present signatures, and add new ones. |
Since those functions heavily rely op cryptographic operations, this module is dependent on openssl.
Definition in file dnssec.h.
#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 |
ldns_rr* ldns_dnssec_get_rrsig_for_name_and_type | ( | const ldns_rdf * | name, | |
const ldns_rr_type | type, | |||
const ldns_rr_list * | rrs | |||
) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type.
[in] | name | The dname of the RRset covered by the RRSIG to find |
[in] | type | The type of the RRset covered by the RRSIG to find |
[in] | rrs | List of rrs to search in |
Definition at line 32 of file dnssec.c.
References ldns_dname_compare(), ldns_rdf2native_int8(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_typecovered(), and LDNS_RR_TYPE_RRSIG.
ldns_rr* ldns_dnssec_get_dnskey_for_rrsig | ( | const ldns_rr * | rrsig, | |
const ldns_rr_list * | rrs | |||
) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.
[in] | rrsig | The rrsig to find the DNSKEY for |
[in] | rrs | The rr list to find the key in |
Definition at line 60 of file dnssec.c.
References ldns_calc_keytag(), ldns_dname_compare(), ldns_rdf2native_int16(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_keytag(), ldns_rr_rrsig_signame(), and LDNS_RR_TYPE_DNSKEY.
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record.
[in] | nsec | The nsec to get the covered type bitmap of |
Definition at line 86 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_NSEC3.
ldns_rdf* ldns_dnssec_nsec3_closest_encloser | ( | ldns_rdf * | qname, | |
ldns_rr_type | qtype, | |||
ldns_rr_list * | nsec3s | |||
) |
Returns the dname of the closest (provable) encloser.
Definition at line 102 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dname_label_count(), ldns_dname_left_chop(), LDNS_FREE, ldns_nsec3_algorithm(), ldns_nsec3_hash_name(), ldns_nsec3_iterations(), ldns_nsec3_salt_data(), ldns_nsec3_salt_length(), ldns_nsec_covers_name(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rdf_print(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), and verbosity.
Checks whether the packet contains rrsigs.
Definition at line 223 of file dnssec.c.
References ldns_pkt_ancount(), ldns_pkt_answer(), ldns_pkt_authority(), ldns_pkt_nscount(), ldns_rr_get_type(), ldns_rr_list_rr(), and LDNS_RR_TYPE_RRSIG.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_name_and_type | ( | const ldns_pkt * | pkt, | |
ldns_rdf * | name, | |||
ldns_rr_type | type | |||
) |
Returns a ldns_rr_list containing the signatures covering the given name and type.
Definition at line 242 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_type | ( | const ldns_pkt * | pkt, | |
ldns_rr_type | type | |||
) |
Returns a ldns_rr_list containing the signatures covering the given type.
Definition at line 267 of file dnssec.c.
References ldns_pkt_rr_list_by_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
uint16_t ldns_calc_keytag | ( | const ldns_rr * | key | ) |
calculates a keytag of a key for use in DNSSEC.
[in] | key | the key as an RR to use for the calc. |
Definition at line 292 of file dnssec.c.
References ldns_buffer_free(), ldns_buffer_new(), ldns_calc_keytag_raw(), LDNS_MIN_BUFLEN, ldns_rr_get_type(), ldns_rr_rdata2buffer_wire(), LDNS_RR_TYPE_DNSKEY, and LDNS_RR_TYPE_KEY.
uint16_t ldns_calc_keytag_raw | ( | uint8_t * | key, | |
size_t | keysize | |||
) |
Calculates keytag of DNSSEC key, operates on wireformat rdata.
[in] | key | the key as uncompressed wireformat rdata. |
[in] | keysize | length of key data. |
Definition at line 326 of file dnssec.c.
References LDNS_RSAMD5.
DSA* ldns_key_buf2dsa | ( | ldns_buffer * | key | ) |
converts a buffer holding key material to a DSA key in openssl.
[in] | key | the key to convert |
Definition at line 354 of file dnssec.c.
References ldns_key_buf2dsa_raw().
DSA* ldns_key_buf2dsa_raw | ( | unsigned char * | key, | |
size_t | len | |||
) |
RSA* ldns_key_buf2rsa | ( | ldns_buffer * | key | ) |
converts a buffer holding key material to a RSA key in openssl.
[in] | key | the key to convert |
Definition at line 405 of file dnssec.c.
References ldns_key_buf2rsa_raw().
RSA* ldns_key_buf2rsa_raw | ( | unsigned char * | key, | |
size_t | len | |||
) |
returns a new DS rr that represents the given key rr.
[in] | *key | the key to convert |
[in] | h | the hash to use LDNS_SHA1/LDNS_SHA256 |
Definition at line 459 of file dnssec.c.
References ldns_buffer_free(), ldns_buffer_new(), ldns_calc_keytag(), ldns_dname2canonical(), LDNS_FREE, LDNS_MAX_PACKETLEN, ldns_rdf2buffer_wire(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_HEX, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, ldns_rr_free(), ldns_rr_get_class(), ldns_rr_get_type(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_rdata2buffer_wire(), ldns_rr_rdf(), ldns_rr_set_class(), ldns_rr_set_owner(), ldns_rr_set_ttl(), ldns_rr_set_type(), ldns_rr_ttl(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_DS, LDNS_SHA1, LDNS_SHA256, LDNS_STATUS_OK, and LDNS_XMALLOC.
ldns_rdf* ldns_dnssec_create_nsec_bitmap | ( | ldns_rr_type | rr_type_list[], | |
size_t | size, | |||
ldns_rr_type | nsec_type | |||
) |
Create the type bitmap for an NSEC(3) record.
Definition at line 573 of file dnssec.c.
References LDNS_FREE, ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_NSEC, LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, ldns_set_bit(), LDNS_XMALLOC, and LDNS_XREALLOC.
ldns_rr* ldns_dnssec_create_nsec | ( | ldns_dnssec_name * | from, | |
ldns_dnssec_name * | to, | |||
ldns_rr_type | nsec_type | |||
) |
Creates NSEC.
Definition at line 663 of file dnssec.c.
References ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_rdf_clone(), ldns_rr_new(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_dnssec_create_nsec3 | ( | ldns_dnssec_name * | from, | |
ldns_dnssec_name * | to, | |||
ldns_rdf * | zone_name, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Creates NSEC3.
Definition at line 695 of file dnssec.c.
References ldns_dname_cat(), ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_set_owner(), ldns_rr_set_rdf(), LDNS_RR_TYPE_NSEC3, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_create_nsec | ( | ldns_rdf * | cur_owner, | |
ldns_rdf * | next_owner, | |||
ldns_rr_list * | rrs | |||
) |
Create a NSEC record.
[in] | cur_owner | the current owner which should be taken as the starting point |
[in] | next_owner | the rrlist which the nsec rr should point to |
[in] | rrs | all rrs from the zone, to find all RR types of cur_owner in |
Definition at line 740 of file dnssec.c.
References LDNS_FREE, ldns_rdf_clone(), ldns_rdf_compare(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_NSEC, ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_RRSIG, ldns_set_bit(), LDNS_XMALLOC, and LDNS_XREALLOC.
ldns_rdf* ldns_nsec3_hash_name | ( | ldns_rdf * | name, | |
uint8_t | algorithm, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Calculates the hashed name using the given parameters.
[in] | *name | The owner name to calculate the hash for |
[in] | algorithm | The hash algorithm to use |
[in] | iterations | The number of hash iterations to use |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt to use |
Definition at line 851 of file dnssec.c.
References b32_ntop_extended_hex(), LDNS_FREE, ldns_rdf2str(), ldns_rdf_data(), ldns_rdf_print(), ldns_rdf_size(), LDNS_STATUS_OK, ldns_str2rdf_dname(), and LDNS_XMALLOC.
void ldns_nsec3_add_param_rdfs | ( | ldns_rr * | rr, | |
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Sets all the NSEC3 options.
The rr to set them in must be initialized with _new() and type LDNS_RR_TYPE_NSEC3
[in] | *rr | The RR to set the values in |
[in] | algorithm | The NSEC3 hash algorithm |
[in] | flags | The flags field |
[in] | iterations | The number of hash iterations |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt bytes |
Definition at line 917 of file dnssec.c.
References LDNS_FREE, ldns_native2rdf_int16(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_NSEC3_SALT, ldns_rr_set_rdf(), and LDNS_XMALLOC.
ldns_rr* ldns_create_nsec3 | ( | ldns_rdf * | cur_owner, | |
ldns_rdf * | cur_zone, | |||
ldns_rr_list * | rrs, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt, | |||
bool | emptynonterminal | |||
) |
Definition at line 943 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), LDNS_FREE, ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rdf_compare(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_NSEC, ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_set_owner(), ldns_rr_set_rdf(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, ldns_set_bit(), LDNS_XMALLOC, and LDNS_XREALLOC.
uint8_t ldns_nsec3_algorithm | ( | const ldns_rr * | nsec3_rr | ) |
Returns the hash algorithm used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1086 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
uint8_t ldns_nsec3_flags | ( | const ldns_rr * | nsec3_rr | ) |
Returns flags field.
Definition at line 1098 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Returns true if the opt-out flag has been set in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1110 of file dnssec.c.
References ldns_nsec3_flags(), and LDNS_NSEC3_VARS_OPTOUT_MASK.
uint16_t ldns_nsec3_iterations | ( | const ldns_rr * | nsec3_rr | ) |
Returns the number of hash iterations used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1116 of file dnssec.c.
References ldns_rdf2native_int16(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Returns the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1128 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
uint8_t ldns_nsec3_salt_length | ( | const ldns_rr * | nsec3_rr | ) |
Returns the length of the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1137 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), and ldns_rdf_size().
uint8_t* ldns_nsec3_salt_data | ( | const ldns_rr * | nsec3_rr | ) |
Returns the salt bytes used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1148 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), ldns_rdf_size(), and LDNS_XMALLOC.
Returns the first label of the next ownername in the NSEC3 chain (ie.
without the domain)
[in] | nsec3_rr | The RR to read from |
Definition at line 1164 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Returns the bitmap specifying the covered types of the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1174 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Calculates the hashed name using the parameters of the given NSEC3 RR.
[in] | *nsec | The RR to use the parameters from |
[in] | *name | The owner name to calculate the hash for |
Definition at line 1184 of file dnssec.c.
References LDNS_FREE, ldns_nsec3_algorithm(), ldns_nsec3_hash_name(), ldns_nsec3_iterations(), ldns_nsec3_salt_data(), and ldns_nsec3_salt_length().
bool ldns_nsec_bitmap_covers_type | ( | const ldns_rdf * | nsec_bitmap, | |
ldns_rr_type | type | |||
) |
Checks coverage of NSEC RR type bitmap.
[in] | nsec_bitmap | The NSEC bitmap rdata field to check |
[in] | type | The type to check |
Definition at line 1219 of file dnssec.c.
References ldns_get_bit(), ldns_rdf_data(), and ldns_rdf_size().
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function).
[in] | nsec | The NSEC RR to check |
[in] | name | The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name |
Definition at line 1248 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dname_left_chop(), ldns_dname_new_frm_str(), LDNS_FREE, ldns_get_errorstr_by_id(), ldns_nsec3_next_owner(), ldns_rdf2str(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rr_get_type(), ldns_rr_owner(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, and LDNS_STATUS_OK.
ldns_status ldns_pkt_verify | ( | ldns_pkt * | p, | |
ldns_rr_type | t, | |||
ldns_rdf * | o, | |||
ldns_rr_list * | k, | |||
ldns_rr_list * | s, | |||
ldns_rr_list * | good_keys | |||
) |
verify a packet
[in] | p | the packet |
[in] | t | the rr set type to check |
[in] | o | the rr set name to ckeck |
[in] | k | list of keys |
[in] | s | list of sigs (may be null) |
[out] | good_keys | keys which validated the packet |
Definition at line 1300 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION, LDNS_STATUS_ERR, and ldns_verify().
ldns_status ldns_dnssec_chain_nsec3_list | ( | ldns_rr_list * | nsec3_rrs | ) |
chains nsec3 list
Definition at line 1435 of file dnssec.c.
References ldns_dname_label(), LDNS_FREE, ldns_rdf2str(), ldns_rdf_deep_free(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_set_rdf(), LDNS_STATUS_OK, and ldns_str2rdf_b32_ext().
int qsort_rr_compare_nsec3 | ( | const void * | a, | |
const void * | b | |||
) |
compare for nsec3 sort
Definition at line 1475 of file dnssec.c.
References ldns_rdf_compare(), and ldns_rr_owner().
void ldns_rr_list_sort_nsec3 | ( | ldns_rr_list * | unsorted | ) |
sort nsec3 list
Definition at line 1492 of file dnssec.c.
References ldns_struct_rr_list::_rrs, ldns_rr_list_rr_count(), and qsort_rr_compare_nsec3().
ldns_status ldns_dnssec_zone_create_nsec3s | ( | ldns_dnssec_zone * | zone, | |
ldns_rr_list * | new_rrs, | |||
uint8_t | algorithm, | |||
uint8_t | flags, | |||
uint16_t | iterations, | |||
uint8_t | salt_length, | |||
uint8_t * | salt | |||
) |
Adds NSEC3 records to the zone.
Definition at line 1501 of file dnssec.c.
References ldns_rbnode_t::data, ldns_dnssec_chain_nsec3_list(), ldns_dnssec_create_nsec3(), ldns_dnssec_name_add_rr(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_sort_nsec3(), LDNS_STATUS_ERR, LDNS_STATUS_OK, ldns_struct_dnssec_name::name, ldns_struct_dnssec_zone::names, and ldns_struct_dnssec_zone::soa.
int ldns_dnssec_default_add_to_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
Definition at line 1567 of file dnssec.c.
References LDNS_SIGNATURE_LEAVE_ADD_NEW.
int ldns_dnssec_default_leave_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add no new ones for the keys of these signatures.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
Definition at line 1575 of file dnssec.c.
References LDNS_SIGNATURE_LEAVE_NO_ADD.
int ldns_dnssec_default_delete_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always remove present signatures, but add no new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
Definition at line 1583 of file dnssec.c.
References LDNS_SIGNATURE_REMOVE_NO_ADD.
int ldns_dnssec_default_replace_signatures | ( | ldns_rr * | sig, | |
void * | n | |||
) |
Default callback function to always leave present signatures, and add new ones.
[in] | sig | The signature to check for removal (unused) |
[in] | n | Optional argument (unused) |
Definition at line 1591 of file dnssec.c.
References LDNS_SIGNATURE_REMOVE_ADD_NEW.