ldns  1.7.0
dnssec_sign.h
Go to the documentation of this file.
1 
3 #ifndef LDNS_DNSSEC_SIGN_H
4 #define LDNS_DNSSEC_SIGN_H
5 
6 #include <ldns/dnssec.h>
7 
8 #ifdef __cplusplus
9 extern "C" {
10 #endif
11 
12 /* sign functions */
13 
15 #define LDNS_SIGN_DNSKEY_WITH_ZSK 1
16 #define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
17 
24 ldns_rr *
26  const ldns_key *key);
27 
35 ldns_rdf *
37 
45 
46 #if LDNS_BUILD_CONFIG_HAVE_SSL
47 
53 ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
54 
66  EVP_PKEY *key,
67  const EVP_MD *digest_type);
68 
75 ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
76 
83 ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
84 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
85 
102  ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
103 
116 
126 
136  ldns_rr_list *new_rrs);
137 
143  ldns_rr_list *new_rrs,
144  uint8_t algorithm,
145  uint8_t flags,
146  uint16_t iterations,
147  uint8_t salt_length,
148  uint8_t *salt);
149 
165  ldns_key_list *key_list,
166  int (*func)(ldns_rr *, void *),
167  void *arg);
168 
188  ldns_rr_list *new_rrs,
189  ldns_key_list *key_list,
190  int (*func)(ldns_rr *, void*),
191  void *arg,
192  int flags);
193 
208  ldns_rr_list *new_rrs,
209  ldns_key_list *key_list,
210  int (*func)(ldns_rr *, void*),
211  void *arg);
212 
239  ldns_rr_list *new_rrs,
240  ldns_key_list *key_list,
241  int (*func)(ldns_rr *, void *),
242  void *arg,
243  int flags);
244 
262  ldns_rr_list *new_rrs,
263  ldns_key_list *key_list,
264  int (*func)(ldns_rr *, void *),
265  void *arg,
266  uint8_t algorithm,
267  uint8_t flags,
268  uint16_t iterations,
269  uint8_t salt_length,
270  uint8_t *salt,
271  int signflags);
272 
293  ldns_rr_list *new_rrs,
294  ldns_key_list *key_list,
295  int (*func)(ldns_rr *, void *),
296  void *arg,
297  uint8_t algorithm,
298  uint8_t flags,
299  uint16_t iterations,
300  uint8_t salt_length,
301  uint8_t *salt,
302  int signflags,
303  ldns_rbtree_t **map
304  );
305 
306 
328  ldns_rr_list *new_rrs,
329  ldns_key_list *key_list,
330  int (*func)(ldns_rr *, void *),
331  void *arg);
332 
349  ldns_rr_list *new_rrs,
350  ldns_key_list *key_list,
351  int (*func)(ldns_rr *, void *),
352  void *arg,
353  uint8_t algorithm,
354  uint8_t flags,
355  uint16_t iterations,
356  uint8_t salt_length,
357  uint8_t *salt);
358 
365 ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
366 
378 ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
379 
380 #ifdef __cplusplus
381 }
382 #endif
383 
384 #endif
implementation of buffers to ease operations
Definition: buffer.h:50
ldns_rdf * ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key)
Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...
Definition: dnssec_sign.c:120
ldns_status ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, ldns_rr_list *glue_list)
Marks the names in the zone that are occluded.
Definition: dnssec_sign.c:671
ldns_zone * ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
Signs the zone, and returns a newly allocated signed zone.
Definition: dnssec_sign.c:1512
List or Set of Resource Records.
Definition: rr.h:330
ldns_rr * ldns_create_empty_rrsig(const ldns_rr_list *rrset, const ldns_key *key)
Create an empty RRSIG RR (i.e.
Definition: dnssec_sign.c:23
ldns_status ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Adds NSEC3 records to the zone.
Definition: dnssec_sign.c:1000
DNS Zone.
Definition: zone.h:42
Structure containing a dnssec zone.
Definition: dnssec_zone.h:91
Resource Record.
Definition: rr.h:302
General key structure, can contain all types of keys that are used in DNSSEC.
Definition: keys.h:126
ldns_dnssec_rrs * ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
remove signatures if callback function tells to
The rbnode_t struct definition.
Definition: rbtree.h:60
ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1392
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
Definition: dnssec_sign.c:1354
Same as rr_list, but now for keys.
Definition: keys.h:176
ldns_zone * ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Signs the zone with NSEC3, and returns a newly allocated signed zone.
Definition: dnssec_sign.c:1553
ldns_status ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
Marks the names in the zone that are occluded.
Definition: dnssec_sign.c:760
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1409
definition for tree struct
Definition: rbtree.h:83
ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
Finds the first dnssec_name node in the rbtree that is not occluded.
Definition: dnssec_sign.c:766
ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
signs the given zone with the given keys
Definition: dnssec_sign.c:1344
enum ldns_enum_status ldns_status
Definition: error.h:134
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
Sign an rrset.
Definition: dnssec_sign.c:219
ldns_rdf * ldns_sign_public_evp(ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
Sign data with EVP (general method for different algorithms)
Definition: dnssec_sign.c:440
ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags)
signs the given zone with the given new zone, with NSEC3
Definition: dnssec_sign.c:1494
ldns_rdf * ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with MD5)
Definition: dnssec_sign.c:593
Resource record data field.
Definition: rdata.h:174
ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
Sign a buffer with the DSA key (hash with SHA1)
Definition: dnssec_sign.c:332
ldns_rdf * ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with SHA1)
Definition: dnssec_sign.c:557
ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
Adds signatures to the zone.
Definition: dnssec_sign.c:1201
ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
Adds NSEC records to the given dnssec_zone.
Definition: dnssec_sign.c:792
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
Adds signatures to the zone.
Definition: dnssec_sign.c:1106