Go to the source code of this file.
Functions | |
ldns_rr * | ldns_dnssec_get_rrsig_for_name_and_type (const ldns_rdf *name, const ldns_rr_type type, const ldns_rr_list *rrs) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type. More... | |
ldns_rr * | ldns_dnssec_get_dnskey_for_rrsig (const ldns_rr *rrsig, const ldns_rr_list *rrs) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any. More... | |
ldns_rdf * | ldns_nsec_get_bitmap (ldns_rr *nsec) |
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record. More... | |
ldns_rdf * | ldns_dnssec_nsec3_closest_encloser (ldns_rdf *qname, ldns_rr_type qtype __attribute__((unused)), ldns_rr_list *nsec3s) |
bool | ldns_dnssec_pkt_has_rrsigs (const ldns_pkt *pkt) |
Checks whether the packet contains rrsigs. More... | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_name_and_type (const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given name and type. More... | |
ldns_rr_list * | ldns_dnssec_pkt_get_rrsigs_for_type (const ldns_pkt *pkt, ldns_rr_type type) |
Returns a ldns_rr_list containing the signatures covering the given type. More... | |
uint16_t | ldns_calc_keytag (const ldns_rr *key) |
calculates a keytag of a key for use in DNSSEC. More... | |
uint16_t | ldns_calc_keytag_raw (uint8_t *key, size_t keysize) |
Calculates keytag of DNSSEC key, operates on wireformat rdata. More... | |
DSA * | ldns_key_buf2dsa (ldns_buffer *key) |
converts a buffer holding key material to a DSA key in openssl. More... | |
DSA * | ldns_key_buf2dsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2dsa, but uses raw buffer. More... | |
RSA * | ldns_key_buf2rsa (ldns_buffer *key) |
converts a buffer holding key material to a RSA key in openssl. More... | |
RSA * | ldns_key_buf2rsa_raw (unsigned char *key, size_t len) |
Like ldns_key_buf2rsa, but uses raw buffer. More... | |
int | ldns_digest_evp (unsigned char *data, unsigned int len, unsigned char *dest, const EVP_MD *md) |
Utility function to calculate hash using generic EVP_MD pointer. More... | |
ldns_rr * | ldns_key_rr2ds (const ldns_rr *key, ldns_hash h) |
returns a new DS rr that represents the given key rr. More... | |
ldns_rdf * | ldns_dnssec_create_nsec_bitmap (ldns_rr_type rr_type_list[], size_t size, ldns_rr_type nsec_type) |
Create the type bitmap for an NSEC(3) record. More... | |
int | ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type) |
returns whether a rrset of the given type is found in the rrsets. More... | |
ldns_rr * | ldns_dnssec_create_nsec (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type) |
Creates NSEC. More... | |
ldns_rr * | ldns_dnssec_create_nsec3 (ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Creates NSEC3. More... | |
ldns_rr * | ldns_create_nsec (ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) |
Create a NSEC record. More... | |
ldns_rdf * | ldns_nsec3_hash_name (ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Calculates the hashed name using the given parameters. More... | |
void | ldns_nsec3_add_param_rdfs (ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) |
Sets all the NSEC3 options. More... | |
ldns_rr * | ldns_create_nsec3 (ldns_rdf *cur_owner, ldns_rdf *cur_zone, ldns_rr_list *rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, bool emptynonterminal) |
uint8_t | ldns_nsec3_algorithm (const ldns_rr *nsec3_rr) |
Returns the hash algorithm used in the given NSEC3 RR. More... | |
uint8_t | ldns_nsec3_flags (const ldns_rr *nsec3_rr) |
Returns flags field. More... | |
bool | ldns_nsec3_optout (const ldns_rr *nsec3_rr) |
Returns true if the opt-out flag has been set in the given NSEC3 RR. More... | |
uint16_t | ldns_nsec3_iterations (const ldns_rr *nsec3_rr) |
Returns the number of hash iterations used in the given NSEC3 RR. More... | |
ldns_rdf * | ldns_nsec3_salt (const ldns_rr *nsec3_rr) |
Returns the salt used in the given NSEC3 RR. More... | |
uint8_t | ldns_nsec3_salt_length (const ldns_rr *nsec3_rr) |
Returns the length of the salt used in the given NSEC3 RR. More... | |
uint8_t * | ldns_nsec3_salt_data (const ldns_rr *nsec3_rr) |
Returns the salt bytes used in the given NSEC3 RR. More... | |
ldns_rdf * | ldns_nsec3_next_owner (const ldns_rr *nsec3_rr) |
Returns the first label of the next ownername in the NSEC3 chain (ie. More... | |
ldns_rdf * | ldns_nsec3_bitmap (const ldns_rr *nsec3_rr) |
Returns the bitmap specifying the covered types of the given NSEC3 RR. More... | |
ldns_rdf * | ldns_nsec3_hash_name_frm_nsec3 (const ldns_rr *nsec, ldns_rdf *name) |
Calculates the hashed name using the parameters of the given NSEC3 RR. More... | |
bool | ldns_nsec_bitmap_covers_type (const ldns_rdf *nsec_bitmap, ldns_rr_type type) |
Checks coverage of NSEC RR type bitmap. More... | |
bool | ldns_nsec_covers_name (const ldns_rr *nsec, const ldns_rdf *name) |
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function) More... | |
ldns_status | ldns_pkt_verify_time (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys) |
verify a packet More... | |
ldns_status | ldns_pkt_verify (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) |
verify a packet More... | |
ldns_status | ldns_dnssec_chain_nsec3_list (ldns_rr_list *nsec3_rrs) |
chains nsec3 list More... | |
int | qsort_rr_compare_nsec3 (const void *a, const void *b) |
compare for nsec3 sort More... | |
void | ldns_rr_list_sort_nsec3 (ldns_rr_list *unsorted) |
sort nsec3 list More... | |
int | ldns_dnssec_default_add_to_signatures (ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused))) |
int | ldns_dnssec_default_leave_signatures (ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused))) |
int | ldns_dnssec_default_delete_signatures (ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused))) |
int | ldns_dnssec_default_replace_signatures (ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused))) |
ldns_rdf * | ldns_convert_dsa_rrsig_asn12rdf (const ldns_buffer *sig, const long sig_len) |
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature data as used in DNS (rfc2536) More... | |
ldns_status | ldns_convert_dsa_rrsig_rdf2asn1 (ldns_buffer *target_buffer, const ldns_rdf *sig_rdf) |
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format. More... | |
ldns_rr* ldns_dnssec_get_rrsig_for_name_and_type | ( | const ldns_rdf * | name, |
const ldns_rr_type | type, | ||
const ldns_rr_list * | rrs | ||
) |
Returns the first RRSIG rr that corresponds to the rrset with the given name and type.
[in] | name | The dname of the RRset covered by the RRSIG to find |
[in] | type | The type of the RRset covered by the RRSIG to find |
[in] | rrs | List of rrs to search in |
Definition at line 29 of file dnssec.c.
References ldns_dname_compare(), ldns_rdf2rr_type(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_typecovered(), and LDNS_RR_TYPE_RRSIG.
ldns_rr* ldns_dnssec_get_dnskey_for_rrsig | ( | const ldns_rr * | rrsig, |
const ldns_rr_list * | rrs | ||
) |
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.
[in] | rrsig | The rrsig to find the DNSKEY for |
[in] | rrs | The rr list to find the key in |
Definition at line 57 of file dnssec.c.
References ldns_calc_keytag(), ldns_dname_compare(), ldns_rdf2native_int16(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_rrsig_keytag(), ldns_rr_rrsig_signame(), and LDNS_RR_TYPE_DNSKEY.
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record.
[in] | nsec | The nsec to get the covered type bitmap of |
Definition at line 84 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_NSEC3.
ldns_rdf* ldns_dnssec_nsec3_closest_encloser | ( | ldns_rdf * | qname, |
ldns_rr_type qtype | __attribute__(unused), | ||
ldns_rr_list * | nsec3s | ||
) |
Definition at line 97 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dname_label_count(), ldns_dname_left_chop(), LDNS_FREE, ldns_nsec3_algorithm(), ldns_nsec3_hash_name(), ldns_nsec3_iterations(), ldns_nsec3_salt_data(), ldns_nsec3_salt_length(), ldns_nsec_covers_name(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), and LDNS_STATUS_OK.
Checks whether the packet contains rrsigs.
Definition at line 198 of file dnssec.c.
References ldns_pkt_ancount(), ldns_pkt_answer(), ldns_pkt_authority(), ldns_pkt_nscount(), ldns_rr_get_type(), ldns_rr_list_rr(), and LDNS_RR_TYPE_RRSIG.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_name_and_type | ( | const ldns_pkt * | pkt, |
ldns_rdf * | name, | ||
ldns_rr_type | type | ||
) |
Returns a ldns_rr_list containing the signatures covering the given name and type.
Definition at line 217 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_SIZE_WORD, LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
ldns_rr_list* ldns_dnssec_pkt_get_rrsigs_for_type | ( | const ldns_pkt * | pkt, |
ldns_rr_type | type | ||
) |
Returns a ldns_rr_list containing the signatures covering the given type.
Definition at line 244 of file dnssec.c.
References ldns_pkt_rr_list_by_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, and LDNS_SECTION_ANY_NOQUESTION.
uint16_t ldns_calc_keytag | ( | const ldns_rr * | key) |
calculates a keytag of a key for use in DNSSEC.
[in] | key | the key as an RR to use for the calc. |
Definition at line 271 of file dnssec.c.
References ldns_buffer_free(), ldns_buffer_new(), ldns_calc_keytag_raw(), LDNS_MIN_BUFLEN, ldns_rr_get_type(), ldns_rr_rdata2buffer_wire(), LDNS_RR_TYPE_DNSKEY, and LDNS_RR_TYPE_KEY.
uint16_t ldns_calc_keytag_raw | ( | uint8_t * | key, |
size_t | keysize | ||
) |
Calculates keytag of DNSSEC key, operates on wireformat rdata.
[in] | key | the key as uncompressed wireformat rdata. |
[in] | keysize | length of key data. |
Definition at line 301 of file dnssec.c.
References LDNS_RSAMD5.
DSA* ldns_key_buf2dsa | ( | ldns_buffer * | key) |
converts a buffer holding key material to a DSA key in openssl.
[in] | key | the key to convert |
Definition at line 330 of file dnssec.c.
References ldns_key_buf2dsa_raw().
DSA* ldns_key_buf2dsa_raw | ( | unsigned char * | key, |
size_t | len | ||
) |
RSA* ldns_key_buf2rsa | ( | ldns_buffer * | key) |
converts a buffer holding key material to a RSA key in openssl.
[in] | key | the key to convert |
Definition at line 389 of file dnssec.c.
References ldns_key_buf2rsa_raw().
RSA* ldns_key_buf2rsa_raw | ( | unsigned char * | key, |
size_t | len | ||
) |
int ldns_digest_evp | ( | unsigned char * | data, |
unsigned int | len, | ||
unsigned char * | dest, | ||
const EVP_MD * | md | ||
) |
returns a new DS rr that represents the given key rr.
[in] | *key | the key to convert |
[in] | h | the hash to use LDNS_SHA1/LDNS_SHA256 |
Definition at line 474 of file dnssec.c.
References ldns_buffer_free(), ldns_buffer_new(), ldns_calc_keytag(), ldns_digest_evp(), ldns_dname2canonical(), LDNS_FREE, LDNS_HASH_GOST, ldns_key_EVP_load_gost_id(), LDNS_MAX_PACKETLEN, ldns_rdf2buffer_wire(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_HEX, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, ldns_rr_free(), ldns_rr_get_class(), ldns_rr_get_type(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_rdata2buffer_wire(), ldns_rr_rdf(), ldns_rr_set_class(), ldns_rr_set_owner(), ldns_rr_set_ttl(), ldns_rr_set_type(), ldns_rr_ttl(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_DS, LDNS_SHA1, ldns_sha1(), LDNS_SHA1_DIGEST_LENGTH, LDNS_SHA256, ldns_sha256(), LDNS_SHA256_DIGEST_LENGTH, LDNS_SHA384, LDNS_STATUS_OK, and LDNS_XMALLOC.
ldns_rdf* ldns_dnssec_create_nsec_bitmap | ( | ldns_rr_type | rr_type_list[], |
size_t | size, | ||
ldns_rr_type | nsec_type | ||
) |
Create the type bitmap for an NSEC(3) record.
Definition at line 658 of file dnssec.c.
References LDNS_FREE, ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_NSEC, LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, ldns_set_bit(), LDNS_XMALLOC, and LDNS_XREALLOC.
int ldns_dnssec_rrsets_contains_type | ( | ldns_dnssec_rrsets * | rrsets, |
ldns_rr_type | type | ||
) |
returns whether a rrset of the given type is found in the rrsets.
[in] | rrsets | the rrsets to be tested |
[in] | type | the type to test for |
Definition at line 757 of file dnssec.c.
References ldns_struct_dnssec_rrsets::next, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_dnssec_create_nsec | ( | ldns_dnssec_name * | from, |
ldns_dnssec_name * | to, | ||
ldns_rr_type | nsec_type | ||
) |
Creates NSEC.
Definition at line 771 of file dnssec.c.
References ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_dnssec_rrsets_contains_type(), ldns_rdf_clone(), ldns_rr_new(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_dnssec_create_nsec3 | ( | ldns_dnssec_name * | from, |
ldns_dnssec_name * | to, | ||
ldns_rdf * | zone_name, | ||
uint8_t | algorithm, | ||
uint8_t | flags, | ||
uint16_t | iterations, | ||
uint8_t | salt_length, | ||
uint8_t * | salt | ||
) |
Creates NSEC3.
Definition at line 825 of file dnssec.c.
References ldns_struct_dnssec_name::hashed_name, ldns_dname_cat(), ldns_dnssec_create_nsec_bitmap(), ldns_dnssec_name_name(), ldns_dnssec_rrsets_contains_type(), ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rdf_clone(), ldns_rr_free(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, LDNS_STATUS_OK, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::type.
ldns_rr* ldns_create_nsec | ( | ldns_rdf * | cur_owner, |
ldns_rdf * | next_owner, | ||
ldns_rr_list * | rrs | ||
) |
Create a NSEC record.
[in] | cur_owner | the current owner which should be taken as the starting point |
[in] | next_owner | the rrlist which the nsec rr should point to |
[in] | rrs | all rrs from the zone, to find all RR types of cur_owner in |
Definition at line 914 of file dnssec.c.
References ldns_dnssec_create_nsec_bitmap(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC, and LDNS_RR_TYPE_RRSIG.
ldns_rdf* ldns_nsec3_hash_name | ( | ldns_rdf * | name, |
uint8_t | algorithm, | ||
uint16_t | iterations, | ||
uint8_t | salt_length, | ||
uint8_t * | salt | ||
) |
Calculates the hashed name using the given parameters.
[in] | *name | The owner name to calculate the hash for |
[in] | algorithm | The hash algorithm to use |
[in] | iterations | The number of hash iterations to use |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt to use |
Definition at line 964 of file dnssec.c.
References ldns_b32_ntop_extended_hex(), ldns_dname2canonical(), LDNS_FREE, ldns_rdf_clone(), ldns_rdf_data(), ldns_rdf_deep_free(), ldns_rdf_print(), ldns_rdf_size(), LDNS_SHA1, ldns_sha1(), LDNS_SHA1_DIGEST_LENGTH, LDNS_STATUS_OK, ldns_str2rdf_dname(), and LDNS_XMALLOC.
void ldns_nsec3_add_param_rdfs | ( | ldns_rr * | rr, |
uint8_t | algorithm, | ||
uint8_t | flags, | ||
uint16_t | iterations, | ||
uint8_t | salt_length, | ||
uint8_t * | salt | ||
) |
Sets all the NSEC3 options.
The rr to set them in must be initialized with _new() and type LDNS_RR_TYPE_NSEC3
[in] | *rr | The RR to set the values in |
[in] | algorithm | The NSEC3 hash algorithm |
[in] | flags | The flags field |
[in] | iterations | The number of hash iterations |
[in] | salt_length | The length of the salt in bytes |
[in] | salt | The salt bytes |
Definition at line 1057 of file dnssec.c.
References LDNS_FREE, ldns_native2rdf_int16(), ldns_rdf_deep_free(), ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_NSEC3_SALT, ldns_rr_set_rdf(), and LDNS_XMALLOC.
ldns_rr* ldns_create_nsec3 | ( | ldns_rdf * | cur_owner, |
ldns_rdf * | cur_zone, | ||
ldns_rr_list * | rrs, | ||
uint8_t | algorithm, | ||
uint8_t | flags, | ||
uint16_t | iterations, | ||
uint8_t | salt_length, | ||
uint8_t * | salt, | ||
bool | emptynonterminal | ||
) |
Definition at line 1128 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dnssec_create_nsec_bitmap(), ldns_nsec3_add_param_rdfs(), ldns_nsec3_hash_name(), ldns_rdf_compare(), ldns_rdf_deep_free(), ldns_rr_get_type(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_push_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), ldns_rr_set_type(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_RRSIG, LDNS_RR_TYPE_SOA, and LDNS_STATUS_OK.
uint8_t ldns_nsec3_algorithm | ( | const ldns_rr * | nsec3_rr) |
Returns the hash algorithm used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1210 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
uint8_t ldns_nsec3_flags | ( | const ldns_rr * | nsec3_rr) |
Returns flags field.
Definition at line 1223 of file dnssec.c.
References ldns_rdf2native_int8(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
Returns true if the opt-out flag has been set in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1236 of file dnssec.c.
References ldns_nsec3_flags(), and LDNS_NSEC3_VARS_OPTOUT_MASK.
uint16_t ldns_nsec3_iterations | ( | const ldns_rr * | nsec3_rr) |
Returns the number of hash iterations used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1242 of file dnssec.c.
References ldns_rdf2native_int16(), ldns_rdf_size(), ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
Returns the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1256 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC3, and LDNS_RR_TYPE_NSEC3PARAM.
uint8_t ldns_nsec3_salt_length | ( | const ldns_rr * | nsec3_rr) |
Returns the length of the salt used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1268 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), and ldns_rdf_size().
uint8_t* ldns_nsec3_salt_data | ( | const ldns_rr * | nsec3_rr) |
Returns the salt bytes used in the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1279 of file dnssec.c.
References ldns_nsec3_salt(), ldns_rdf_data(), ldns_rdf_size(), and LDNS_XMALLOC.
Returns the first label of the next ownername in the NSEC3 chain (ie.
without the domain)
[in] | nsec3_rr | The RR to read from |
Definition at line 1296 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Returns the bitmap specifying the covered types of the given NSEC3 RR.
[in] | *nsec3_rr | The RR to read from |
Definition at line 1306 of file dnssec.c.
References ldns_rr_get_type(), ldns_rr_rdf(), and LDNS_RR_TYPE_NSEC3.
Calculates the hashed name using the parameters of the given NSEC3 RR.
[in] | *nsec | The RR to use the parameters from |
[in] | *name | The owner name to calculate the hash for |
Definition at line 1316 of file dnssec.c.
References LDNS_FREE, ldns_nsec3_algorithm(), ldns_nsec3_hash_name(), ldns_nsec3_iterations(), ldns_nsec3_salt_data(), and ldns_nsec3_salt_length().
bool ldns_nsec_bitmap_covers_type | ( | const ldns_rdf * | nsec_bitmap, |
ldns_rr_type | type | ||
) |
Checks coverage of NSEC RR type bitmap.
[in] | nsec_bitmap | The NSEC bitmap rdata field to check |
[in] | type | The type to check |
Definition at line 1341 of file dnssec.c.
References ldns_get_bit(), ldns_rdf_data(), and ldns_rdf_size().
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (ie use ldns_rr2canonical and ldns_dname2canonical prior to calling this function)
[in] | nsec | The NSEC RR to check |
[in] | name | The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name |
Definition at line 1374 of file dnssec.c.
References ldns_dname_cat(), ldns_dname_compare(), ldns_dname_left_chop(), ldns_dname_new_frm_str(), LDNS_FREE, ldns_get_errorstr_by_id(), ldns_nsec3_next_owner(), ldns_rdf2str(), ldns_rdf_clone(), ldns_rdf_deep_free(), ldns_rr_get_type(), ldns_rr_owner(), ldns_rr_rdf(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, and LDNS_STATUS_OK.
ldns_status ldns_pkt_verify_time | ( | ldns_pkt * | p, |
ldns_rr_type | t, | ||
ldns_rdf * | o, | ||
ldns_rr_list * | k, | ||
ldns_rr_list * | s, | ||
time_t | check_time, | ||
ldns_rr_list * | good_keys | ||
) |
verify a packet
[in] | p | the packet |
[in] | t | the rr set type to check |
[in] | o | the rr set name to check |
[in] | k | list of keys |
[in] | s | list of sigs (may be null) |
[in] | check_time | the time for which the validation is performed |
[out] | good_keys | keys which validated the packet |
Definition at line 1423 of file dnssec.c.
References ldns_pkt_rr_list_by_name_and_type(), ldns_rdf_free(), ldns_rdf_new(), LDNS_RDF_TYPE_TYPE, ldns_rr_list_deep_free(), ldns_rr_list_subtype_by_rdf(), LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION, LDNS_STATUS_ERR, and ldns_verify_time().
ldns_status ldns_pkt_verify | ( | ldns_pkt * | p, |
ldns_rr_type | t, | ||
ldns_rdf * | o, | ||
ldns_rr_list * | k, | ||
ldns_rr_list * | s, | ||
ldns_rr_list * | good_keys | ||
) |
verify a packet
[in] | p | the packet |
[in] | t | the rr set type to check |
[in] | o | the rr set name to check |
[in] | k | list of keys |
[in] | s | list of sigs (may be null) |
[out] | good_keys | keys which validated the packet |
Definition at line 1487 of file dnssec.c.
References ldns_pkt_verify_time().
ldns_status ldns_dnssec_chain_nsec3_list | ( | ldns_rr_list * | nsec3_rrs) |
chains nsec3 list
Definition at line 1495 of file dnssec.c.
References ldns_dname_label(), LDNS_FREE, ldns_rdf2str(), ldns_rdf_deep_free(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_owner(), ldns_rr_set_rdf(), LDNS_STATUS_OK, and ldns_str2rdf_b32_ext().
int qsort_rr_compare_nsec3 | ( | const void * | a, |
const void * | b | ||
) |
compare for nsec3 sort
Definition at line 1548 of file dnssec.c.
References ldns_rdf_compare(), and ldns_rr_owner().
void ldns_rr_list_sort_nsec3 | ( | ldns_rr_list * | unsorted) |
sort nsec3 list
Definition at line 1565 of file dnssec.c.
References ldns_struct_rr_list::_rrs, ldns_rr_list_rr_count(), and qsort_rr_compare_nsec3().
int ldns_dnssec_default_add_to_signatures | ( | ldns_rr *sig | __attribute__(unused), |
void *n | __attribute__(unused) | ||
) |
Definition at line 1574 of file dnssec.c.
References LDNS_SIGNATURE_LEAVE_ADD_NEW.
int ldns_dnssec_default_leave_signatures | ( | ldns_rr *sig | __attribute__(unused), |
void *n | __attribute__(unused) | ||
) |
Definition at line 1582 of file dnssec.c.
References LDNS_SIGNATURE_LEAVE_NO_ADD.
int ldns_dnssec_default_delete_signatures | ( | ldns_rr *sig | __attribute__(unused), |
void *n | __attribute__(unused) | ||
) |
Definition at line 1590 of file dnssec.c.
References LDNS_SIGNATURE_REMOVE_NO_ADD.
int ldns_dnssec_default_replace_signatures | ( | ldns_rr *sig | __attribute__(unused), |
void *n | __attribute__(unused) | ||
) |
Definition at line 1598 of file dnssec.c.
References LDNS_SIGNATURE_REMOVE_ADD_NEW.
ldns_rdf* ldns_convert_dsa_rrsig_asn12rdf | ( | const ldns_buffer * | sig, |
const long | sig_len | ||
) |
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature data as used in DNS (rfc2536)
[in] | sig | The signature in RFC2459 format |
[in] | sig_len | The length of the signature |
Definition at line 1607 of file dnssec.c.
References LDNS_FREE, ldns_rdf_new(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.
ldns_status ldns_convert_dsa_rrsig_rdf2asn1 | ( | ldns_buffer * | target_buffer, |
const ldns_rdf * | sig_rdf | ||
) |
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format.
[out] | target_buffer | buffer to place the signature data |
[in] | sig_rdf | The signature rdf to convert |
Definition at line 1656 of file dnssec.c.
References ldns_buffer_reserve(), ldns_rdf_data(), ldns_rdf_size(), LDNS_STATUS_MEM_ERR, LDNS_STATUS_SSL_ERR, LDNS_STATUS_SYNTAX_RDATA_ERR, and R.