dnssec.h

Go to the documentation of this file.
00001 /*
00002  * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC)
00003  *
00004  * Copyright (c) 2005-2006, NLnet Labs. All rights reserved.
00005  *
00006  * See LICENSE for the license.
00007  *
00008  * A bunch of defines that are used in the DNS
00009  */
00010 
00022 #ifndef LDNS_DNSSEC_H
00023 #define LDNS_DNSSEC_H
00024 
00025 #ifdef HAVE_SSL
00026 #include <openssl/ssl.h>
00027 #endif /* HAVE_SSL */
00028 #include <ldns/common.h>
00029 #include <ldns/packet.h>
00030 #include <ldns/keys.h>
00031 #include <ldns/zone.h>
00032 
00033 #define LDNS_MAX_KEYLEN         2048
00034 #define LDNS_DNSSEC_KEYPROTO    3
00035 /* default time before sigs expire */
00036 #define LDNS_DEFAULT_EXP_TIME   2419200 /* 4 weeks */
00037 
00044 uint16_t ldns_calc_keytag(const ldns_rr *key);
00045 
00055 ldns_status ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys); 
00056 
00067 ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf, ldns_buffer *key_buf, uint8_t algo);
00068 
00077 ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys);
00078 
00086 ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key);
00087 
00096 ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00105 ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00114 ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00115 
00116 #ifdef HAVE_SSL
00117 
00123 DSA *ldns_key_buf2dsa(ldns_buffer *key);
00124 #endif /* HAVE_SSL */
00125 
00126 #ifdef HAVE_SSL
00127 
00133 RSA *ldns_key_buf2rsa(ldns_buffer *key);
00134 #endif /* HAVE_SSL */
00135 
00143 ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
00144 
00145 /* sign functions */
00146 
00153 ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
00154 
00155 #ifdef HAVE_SSL
00156 
00162 ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
00169 ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
00176 ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
00177 #endif /* HAVE_SSL */
00178 
00186 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
00187 
00194 bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type);
00195 
00206 bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name);
00207 
00219 ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
00220 
00230 ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list);
00231  
00232 #endif /* LDNS_DNSSEC_H */

Generated on Wed Feb 20 06:40:43 2008 for ldns by  doxygen 1.5.4