dnssec_sign.h
Go to the documentation of this file.
1 
3 #ifndef LDNS_DNSSEC_SIGN_H
4 #define LDNS_DNSSEC_SIGN_H
5 
6 #include <ldns/dnssec.h>
7 
8 #ifdef __cplusplus
9 extern "C" {
10 #endif
11 
12 /* sign functions */
13 
15 #define LDNS_SIGN_DNSKEY_WITH_ZSK 1
16 #define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
17 #define LDNS_SIGN_NO_KEYS_NO_NSECS 4
18 #define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8
19 #define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16
20 
27 ldns_rr *
28 ldns_create_empty_rrsig(const ldns_rr_list *rrset,
29  const ldns_key *key);
30 
38 ldns_rdf *
39 ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key);
40 
47 ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
48 
49 #if LDNS_BUILD_CONFIG_HAVE_SSL
57 ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
58 
69 ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign,
70  EVP_PKEY *key,
71  const EVP_MD *digest_type);
72 
79 ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
80 
87 ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
88 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
89 
104 ldns_status
105 ldns_dnssec_zone_mark_and_get_glue(
106  ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
107 
118 ldns_status
119 ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
120 
129 ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
130 
139 ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
140  ldns_rr_list *new_rrs);
141 
145 ldns_status
146 ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
147  ldns_rr_list *new_rrs,
148  uint8_t algorithm,
149  uint8_t flags,
150  uint16_t iterations,
151  uint8_t salt_length,
152  uint8_t *salt);
153 
168 ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
169  ldns_key_list *key_list,
170  int (*func)(ldns_rr *, void *),
171  void *arg);
172 
191 ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
192  ldns_rr_list *new_rrs,
193  ldns_key_list *key_list,
194  int (*func)(ldns_rr *, void*),
195  void *arg,
196  int flags);
197 
211 ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
212  ldns_rr_list *new_rrs,
213  ldns_key_list *key_list,
214  int (*func)(ldns_rr *, void*),
215  void *arg);
216 
242 ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
243  ldns_rr_list *new_rrs,
244  ldns_key_list *key_list,
245  int (*func)(ldns_rr *, void *),
246  void *arg,
247  int flags);
248 
265 ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
266  ldns_rr_list *new_rrs,
267  ldns_key_list *key_list,
268  int (*func)(ldns_rr *, void *),
269  void *arg,
270  uint8_t algorithm,
271  uint8_t flags,
272  uint16_t iterations,
273  uint8_t salt_length,
274  uint8_t *salt,
275  int signflags);
276 
296 ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
297  ldns_rr_list *new_rrs,
298  ldns_key_list *key_list,
299  int (*func)(ldns_rr *, void *),
300  void *arg,
301  uint8_t algorithm,
302  uint8_t flags,
303  uint16_t iterations,
304  uint8_t salt_length,
305  uint8_t *salt,
306  int signflags,
307  ldns_rbtree_t **map
308  );
309 
310 
331 ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
332  ldns_rr_list *new_rrs,
333  ldns_key_list *key_list,
334  int (*func)(ldns_rr *, void *),
335  void *arg);
336 
352 ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
353  ldns_rr_list *new_rrs,
354  ldns_key_list *key_list,
355  int (*func)(ldns_rr *, void *),
356  void *arg,
357  uint8_t algorithm,
358  uint8_t flags,
359  uint16_t iterations,
360  uint8_t salt_length,
361  uint8_t *salt);
362 
369 ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
370 
382 ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
383 
384 #ifdef __cplusplus
385 }
386 #endif
387 
388 #endif
dnssec.h
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_sign_public
ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
Sign an rrset.
Definition: dnssec_sign.c:227
ldns_dnssec_remove_signatures
ldns_dnssec_rrs * ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
remove signatures if callback function tells to
ldns_sign_public_rsamd5
ldns_rdf * ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with MD5)
Definition: dnssec_sign.c:608
ldns_dnssec_name_node_next_nonglue
ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
Finds the first dnssec_name node in the rbtree that is not occluded.
Definition: dnssec_sign.c:757
ldns_zone_sign
ldns_zone * ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
Signs the zone, and returns a newly allocated signed zone.
Definition: dnssec_sign.c:1601
ldns_dnssec_zone_mark_glue
ldns_status ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
Marks the names in the zone that are occluded.
Definition: dnssec_sign.c:751
ldns_sign_public_evp
ldns_rdf * ldns_sign_public_evp(ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
Sign data with EVP (general method for different algorithms)
Definition: dnssec_sign.c:443
ldns_dnssec_zone_mark_and_get_glue
ldns_status ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, ldns_rr_list *glue_list)
Marks the names in the zone that are occluded.
Definition: dnssec_sign.c:672
ldns_dnssec_zone_create_nsec3s
ldns_status ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Adds NSEC3 records to the zone.
Definition: dnssec_sign.c:1004
ldns_dnssec_zone_sign
ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
signs the given zone with the given keys
Definition: dnssec_sign.c:1361
ldns_dnssec_zone_sign_nsec3_flg
ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1583
ldns_create_empty_rrsig
ldns_rr * ldns_create_empty_rrsig(const ldns_rr_list *rrset, const ldns_key *key)
Create an empty RRSIG RR (i.e.
Definition: dnssec_sign.c:31
ldns_dnssec_zone_create_rrsigs
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
Adds signatures to the zone.
Definition: dnssec_sign.c:1110
ldns_dnssec_zone_sign_nsec3_flg_mkmap
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1460
ldns_dnssec_zone_sign_flg
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
Definition: dnssec_sign.c:1373
ldns_sign_public_dsa
ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
Sign a buffer with the DSA key (hash with SHA1)
Definition: dnssec_sign.c:332
ldns_zone_sign_nsec3
ldns_zone * ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Signs the zone with NSEC3, and returns a newly allocated signed zone.
Definition: dnssec_sign.c:1642
ldns_dnssec_zone_create_nsecs
ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
Adds NSEC records to the given dnssec_zone.
Definition: dnssec_sign.c:783
ldns_dnssec_zone_sign_nsec3
ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1443
ldns_dnssec_zone_create_rrsigs_flg
ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
Adds signatures to the zone.
Definition: dnssec_sign.c:1215
ldns_sign_public_buffer
ldns_rdf * ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key)
Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...
Definition: dnssec_sign.c:128
ldns_sign_public_rsasha1
ldns_rdf * ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with SHA1)
Definition: dnssec_sign.c:572
ldns_status
enum ldns_enum_status ldns_status
Definition: error.h:146
ldns_rbnode_t
The rbnode_t struct definition.
Definition: rbtree.h:60
ldns_rbtree_t
definition for tree struct
Definition: rbtree.h:83
ldns_struct_buffer
implementation of buffers to ease operations
Definition: buffer.h:51
ldns_struct_dnssec_rrs
Definition: dnssec_zone.h:23
ldns_struct_dnssec_zone
Structure containing a dnssec zone.
Definition: dnssec_zone.h:91
ldns_struct_key_list
Same as rr_list, but now for keys.
Definition: keys.h:173
ldns_struct_key
General key structure, can contain all types of keys that are used in DNSSEC.
Definition: keys.h:122
ldns_struct_rdf
Resource record data field.
Definition: rdata.h:197
ldns_struct_rr_list
List or Set of Resource Records.
Definition: rr.h:338
ldns_struct_rr
Resource Record.
Definition: rr.h:310
ldns_struct_zone
DNS Zone.
Definition: zone.h:43