ldns  1.7.0
dnssec_sign.h
Go to the documentation of this file.
1
3#ifndef LDNS_DNSSEC_SIGN_H
4#define LDNS_DNSSEC_SIGN_H
5
6#include <ldns/dnssec.h>
7
8#ifdef __cplusplus
9extern "C" {
10#endif
11
12/* sign functions */
13
15#define LDNS_SIGN_DNSKEY_WITH_ZSK 1
16#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
17#define LDNS_SIGN_NO_KEYS_NO_NSECS 4
18#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8
19#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16
20
27ldns_rr *
28ldns_create_empty_rrsig(const ldns_rr_list *rrset,
29 const ldns_key *key);
30
38ldns_rdf *
39ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key);
40
47ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
48
49#if LDNS_BUILD_CONFIG_HAVE_SSL
56ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
57
68ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign,
69 EVP_PKEY *key,
70 const EVP_MD *digest_type);
71
78ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
79
86ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
87#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
88
103ldns_status
104ldns_dnssec_zone_mark_and_get_glue(
105 ldns_dnssec_zone *zone, ldns_rr_list *glue_list);
106
117ldns_status
118ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
119
128ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node);
129
138ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
139 ldns_rr_list *new_rrs);
140
144ldns_status
145ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
146 ldns_rr_list *new_rrs,
147 uint8_t algorithm,
148 uint8_t flags,
149 uint16_t iterations,
150 uint8_t salt_length,
151 uint8_t *salt);
152
167ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
168 ldns_key_list *key_list,
169 int (*func)(ldns_rr *, void *),
170 void *arg);
171
190ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone,
191 ldns_rr_list *new_rrs,
192 ldns_key_list *key_list,
193 int (*func)(ldns_rr *, void*),
194 void *arg,
195 int flags);
196
210ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
211 ldns_rr_list *new_rrs,
212 ldns_key_list *key_list,
213 int (*func)(ldns_rr *, void*),
214 void *arg);
215
241ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone,
242 ldns_rr_list *new_rrs,
243 ldns_key_list *key_list,
244 int (*func)(ldns_rr *, void *),
245 void *arg,
246 int flags);
247
264ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone,
265 ldns_rr_list *new_rrs,
266 ldns_key_list *key_list,
267 int (*func)(ldns_rr *, void *),
268 void *arg,
269 uint8_t algorithm,
270 uint8_t flags,
271 uint16_t iterations,
272 uint8_t salt_length,
273 uint8_t *salt,
274 int signflags);
275
295ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone,
296 ldns_rr_list *new_rrs,
297 ldns_key_list *key_list,
298 int (*func)(ldns_rr *, void *),
299 void *arg,
300 uint8_t algorithm,
301 uint8_t flags,
302 uint16_t iterations,
303 uint8_t salt_length,
304 uint8_t *salt,
305 int signflags,
306 ldns_rbtree_t **map
307 );
308
309
330ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone,
331 ldns_rr_list *new_rrs,
332 ldns_key_list *key_list,
333 int (*func)(ldns_rr *, void *),
334 void *arg);
335
351ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
352 ldns_rr_list *new_rrs,
353 ldns_key_list *key_list,
354 int (*func)(ldns_rr *, void *),
355 void *arg,
356 uint8_t algorithm,
357 uint8_t flags,
358 uint16_t iterations,
359 uint8_t salt_length,
360 uint8_t *salt);
361
368ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
369
381ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt);
382
383#ifdef __cplusplus
384}
385#endif
386
387#endif
dnssec.h
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_sign_public_evp
ldns_rdf * ldns_sign_public_evp(ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
Sign data with EVP (general method for different algorithms)
Definition dnssec_sign.c:451
ldns_sign_public
ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
Sign an rrset.
Definition dnssec_sign.c:227
ldns_zone_sign
ldns_zone * ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list)
Signs the zone, and returns a newly allocated signed zone.
Definition dnssec_sign.c:1623
ldns_zone_sign_nsec3
ldns_zone * ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Signs the zone with NSEC3, and returns a newly allocated signed zone.
Definition dnssec_sign.c:1664
ldns_dnssec_zone_mark_glue
ldns_status ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
Marks the names in the zone that are occluded.
Definition dnssec_sign.c:783
ldns_dnssec_zone_mark_and_get_glue
ldns_status ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, ldns_rr_list *glue_list)
Marks the names in the zone that are occluded.
Definition dnssec_sign.c:694
ldns_dnssec_zone_create_nsec3s
ldns_status ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Adds NSEC3 records to the zone.
Definition dnssec_sign.c:1036
ldns_dnssec_zone_sign
ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
signs the given zone with the given keys
Definition dnssec_sign.c:1383
ldns_dnssec_zone_sign_nsec3_flg
ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags)
signs the given zone with the given new zone, with NSEC3
Definition dnssec_sign.c:1605
ldns_sign_public_rsasha1
ldns_rdf * ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with SHA1)
Definition dnssec_sign.c:580
ldns_dnssec_zone_create_rrsigs
ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
Adds signatures to the zone.
Definition dnssec_sign.c:1142
ldns_sign_public_rsamd5
ldns_rdf * ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
Sign a buffer with the RSA key (hash with MD5)
Definition dnssec_sign.c:616
ldns_dnssec_zone_sign_nsec3_flg_mkmap
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
signs the given zone with the given new zone, with NSEC3
Definition dnssec_sign.c:1482
ldns_sign_public_buffer
ldns_rdf * ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key)
Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with th...
Definition dnssec_sign.c:128
ldns_dnssec_name_node_next_nonglue
ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node)
Finds the first dnssec_name node in the rbtree that is not occluded.
Definition dnssec_sign.c:789
ldns_dnssec_zone_sign_flg
ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
signs the given zone with the given keys
Definition dnssec_sign.c:1395
ldns_dnssec_remove_signatures
ldns_dnssec_rrs * ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
remove signatures if callback function tells to
ldns_sign_public_dsa
ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
Sign a buffer with the DSA key (hash with SHA1)
Definition dnssec_sign.c:340
ldns_create_empty_rrsig
ldns_rr * ldns_create_empty_rrsig(const ldns_rr_list *rrset, const ldns_key *key)
Create an empty RRSIG RR (i.e.
Definition dnssec_sign.c:31
ldns_dnssec_zone_create_nsecs
ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
Adds NSEC records to the given dnssec_zone.
Definition dnssec_sign.c:815
ldns_dnssec_zone_sign_nsec3
ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
signs the given zone with the given new zone, with NSEC3
Definition dnssec_sign.c:1465
ldns_dnssec_zone_create_rrsigs_flg
ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
Adds signatures to the zone.
Definition dnssec_sign.c:1237
ldns_status
enum ldns_enum_status ldns_status
Definition error.h:146
ldns_rbnode_t
The rbnode_t struct definition.
Definition rbtree.h:60
ldns_rbtree_t
definition for tree struct
Definition rbtree.h:83
ldns_struct_buffer
implementation of buffers to ease operations
Definition buffer.h:51
ldns_struct_dnssec_rrs
Definition dnssec_zone.h:23
ldns_struct_dnssec_zone
Structure containing a dnssec zone.
Definition dnssec_zone.h:91
ldns_struct_key_list
Same as rr_list, but now for keys.
Definition keys.h:181
ldns_struct_key
General key structure, can contain all types of keys that are used in DNSSEC.
Definition keys.h:130
ldns_struct_rdf
Resource record data field.
Definition rdata.h:196
ldns_struct_rr_list
List or Set of Resource Records.
Definition rr.h:338
ldns_struct_rr
Resource Record.
Definition rr.h:310
ldns_struct_zone
DNS Zone.
Definition zone.h:43
Generated on Fri May 5 2023 17:54:06 for ldns by doxygen 1.11.0