21 #include <openssl/ssl.h>
22 #include <openssl/evp.h>
23 #include <openssl/rand.h>
24 #include <openssl/err.h>
25 #include <openssl/md5.h>
107 ldns_rdf *sname, *hashed_sname, *tmp;
110 bool exact_match_found;
138 exact_match_found =
false;
139 in_range_found =
false;
162 exact_match_found =
true;
164 in_range_found =
true;
168 if (!exact_match_found && in_range_found) {
170 }
else if (exact_match_found && flag) {
175 }
else if (exact_match_found && !flag) {
232 t_netorder = htons(type);
256 t_netorder = htons(type);
294 keysize= ldns_buffer_position(keybuf);
314 memmove(&ac16, key + keysize - 3, 2);
317 return (uint16_t) ac16;
320 for (i = 0; (size_t)i < keysize; ++i) {
321 ac32 += (i & 1) ? key[i] : key[i] << 8;
323 ac32 += (ac32 >> 16) & 0xFFFF;
324 return (uint16_t) (ac32 & 0xFFFF);
333 ldns_buffer_position(key));
343 BIGNUM *Q; BIGNUM *P;
344 BIGNUM *G; BIGNUM *Y;
349 length = (64 + T * 8);
355 if(len < (
size_t)1 + SHA_DIGEST_LENGTH + 3*length)
358 Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
359 offset += SHA_DIGEST_LENGTH;
361 P = BN_bin2bn(key+offset, (
int)length, NULL);
364 G = BN_bin2bn(key+offset, (
int)length, NULL);
367 Y = BN_bin2bn(key+offset, (
int)length, NULL);
371 if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
392 ldns_buffer_position(key));
413 memmove(&int16, key+1, 2);
422 if(len < (
size_t)offset + exp + 1)
427 if(!exponent)
return NULL;
428 (void) BN_bin2bn(key+offset, (
int)exp, exponent);
438 (void) BN_bin2bn(key+offset, (
int)(len - offset), modulus);
459 ctx = EVP_MD_CTX_create();
462 if(!EVP_DigestInit_ex(ctx, md, NULL) ||
463 !EVP_DigestUpdate(ctx, data, len) ||
464 !EVP_DigestFinal_ex(ctx, dest, NULL)) {
465 EVP_MD_CTX_destroy(ctx);
468 EVP_MD_CTX_destroy(ctx);
483 const EVP_MD* md = NULL;
519 md = EVP_get_digestbyname(
"md_gost94");
575 sha1hash = (uint8_t)h;
604 (void)
ldns_sha1((
unsigned char *) ldns_buffer_begin(data_buf),
605 (
unsigned int) ldns_buffer_position(data_buf),
606 (
unsigned char *) digest);
615 (void)
ldns_sha256((
unsigned char *) ldns_buffer_begin(data_buf),
616 (
unsigned int) ldns_buffer_position(data_buf),
617 (
unsigned char *) digest);
626 (
unsigned int) ldns_buffer_position(data_buf),
627 (
unsigned char *) digest, md)) {
634 (
size_t)EVP_MD_size(md),
641 (void) SHA384((
unsigned char *) ldns_buffer_begin(data_buf),
642 (
unsigned int) ldns_buffer_position(data_buf),
643 (
unsigned char *) digest);
645 SHA384_DIGEST_LENGTH,
691 uint16_t windows[256]
700 uint8_t* data = NULL;
711 for (d = rr_type_list; d < rr_type_list + size; d++) {
714 if (windows[window] < subtype) {
715 windows[window] = subtype;
722 for (i = 0; i < 256; i++) {
724 sz += windows[i] / 8 + 3;
734 for (i = 0; i < 256; i++) {
736 *dptr++ = (uint8_t)i;
737 *dptr++ = (uint8_t)(windows[i] / 8 + 1);
742 windows[i] = (uint16_t)(dptr - data);
751 for (d = rr_type_list; d < rr_type_list + size; d++) {
753 data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8));
772 if (cur_rrset->
type == type) {
775 cur_rrset = cur_rrset->
next;
787 size_t type_count = 0;
789 int on_delegation_point;
805 cur_rrsets = from->
rrsets;
809 if ((on_delegation_point && (
812 || (!on_delegation_point &&
816 types[type_count] = cur_rrsets->
type;
819 cur_rrsets = cur_rrsets->
next;
846 size_t type_count = 0;
849 int on_delegation_point;
878 cur_rrsets = from->
rrsets;
886 if ((on_delegation_point && (
889 || (!on_delegation_point &&
892 types[type_count] = cur_rrsets->
type;
895 cur_rrsets = cur_rrsets->
next;
900 if (type_count > 0 &&
940 size_t type_count = 0;
953 if (type_count == 0 || i_type_list[type_count-1] != i_type) {
954 i_type_list[type_count] = i_type;
980 size_t hashed_owner_str_len;
983 unsigned char *hashed_owner_str;
984 char *hashed_owner_b32;
985 size_t hashed_owner_b32_len;
1001 fprintf(stderr,
"Memory error\n");
1008 hashed_owner_str =
LDNS_XMALLOC(
unsigned char, hashed_owner_str_len);
1009 if(!hashed_owner_str) {
1014 memcpy(hashed_owner_str +
ldns_rdf_size(cann), salt, salt_length);
1017 for (cur_it = iterations + 1; cur_it > 0; cur_it--) {
1018 (void)
ldns_sha1((
unsigned char *) hashed_owner_str,
1019 (
unsigned int) hashed_owner_str_len, hash);
1023 hashed_owner_str =
LDNS_XMALLOC(
unsigned char, hashed_owner_str_len);
1024 if (!hashed_owner_str) {
1027 memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH);
1028 memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length);
1029 hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length;
1033 hashed_owner_str = hash;
1037 ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
1038 if(!hashed_owner_b32) {
1042 (uint8_t *) hashed_owner_str,
1043 hashed_owner_str_len,
1045 ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1);
1046 if (hashed_owner_b32_len < 1) {
1048 fprintf(stderr,
"Error in base32 extended hex encoding ");
1049 fprintf(stderr,
"of hashed owner name (name: ");
1051 fprintf(stderr,
", return code: %u)\n",
1052 (
unsigned int) hashed_owner_b32_len);
1057 hashed_owner_b32[hashed_owner_b32_len] =
'\0';
1062 fprintf(stderr,
"Error creating rdf from %s\n", hashed_owner_b32);
1069 return hashed_owner;
1076 uint16_t iterations,
1077 uint8_t salt_length,
1081 uint8_t *salt_data = NULL;
1086 1, (
void*)&algorithm),
1107 salt_data[0] = salt_length;
1108 memcpy(salt_data + 1, salt, salt_length);
1128 if (!origin || !rr_list)
return 0;
1149 uint16_t iterations,
1150 uint8_t salt_length,
1152 bool emptynonterminal)
1164 size_t type_count = 0;
1198 if (type_count == 0 || i_type_list[type_count-1] != i_type) {
1199 i_type_list[type_count] = i_type;
1207 if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) {
1297 uint8_t salt_length;
1304 if(!salt)
return NULL;
1335 uint16_t iterations;
1336 uint8_t salt_length;
1353 return hashed_owner;
1367 uint8_t window = type >> 8;
1368 uint8_t subtype = type & 0xff;
1381 while (dptr < dend && dptr[0] <= window) {
1383 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1384 dptr + dptr[1] + 2 <= dend) {
1386 return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8));
1388 dptr += dptr[1] + 2;
1404 uint8_t window = type >> 8;
1405 uint8_t subtype = type & 0xff;
1418 while (dptr < dend && dptr[0] <= window) {
1420 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1421 dptr + dptr[1] + 2 <= dend) {
1423 dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8));
1426 dptr += dptr[1] + 2;
1442 uint8_t window = type >> 8;
1443 uint8_t subtype = type & 0xff;
1457 while (dptr < dend && dptr[0] <= window) {
1459 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1460 dptr + dptr[1] + 2 <= dend) {
1462 dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8));
1465 dptr += dptr[1] + 2;
1476 char *next_hash_str;
1561 t_netorder = htons(t);
1567 if (! sigs_covered) {
1598 char *next_nsec_owner_str;
1605 next_nsec_owner_label =
1608 next_nsec_owner_str =
ldns_rdf2str(next_nsec_owner_label);
1609 if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1611 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1615 next_nsec_owner_str);
1617 next_nsec_rdf, 4)) {
1624 next_nsec_owner_label =
1628 next_nsec_owner_str =
ldns_rdf2str(next_nsec_owner_label);
1629 if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1631 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1635 next_nsec_owner_str);
1639 next_nsec_rdf, 4)) {
1652 if (rr1 == NULL && rr2 == NULL) {
1667 qsort(unsorted->
_rrs,
1712 unsigned char *dsasig_data = (
unsigned char*)ldns_buffer_begin(sig);
1715 dsasig = d2i_DSA_SIG(NULL,
1716 (
const unsigned char **)&dsasig_data,
1719 DSA_SIG_free(dsasig);
1725 DSA_SIG_free(dsasig);
1729 byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r));
1730 if (byte_offset > 20) {
1731 DSA_SIG_free(dsasig);
1735 memset(&dsasig_data[1], 0, byte_offset);
1736 BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]);
1737 byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s));
1738 if (byte_offset > 20) {
1739 DSA_SIG_free(dsasig);
1743 memset(&dsasig_data[21], 0, byte_offset);
1744 BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]);
1750 DSA_SIG_free(dsasig);
1762 unsigned char *raw_sig = NULL;
1770 (void) BN_bin2bn((
unsigned char *)
ldns_rdf_data(sig_rdf) + 1,
1771 SHA_DIGEST_LENGTH,
R);
1777 (void) BN_bin2bn((
unsigned char *)
ldns_rdf_data(sig_rdf) + 21,
1778 SHA_DIGEST_LENGTH, S);
1780 dsasig = DSA_SIG_new();
1790 raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig);
1791 if (raw_sig_len < 0) {
1792 DSA_SIG_free(dsasig);
1797 ldns_buffer_write(target_buffer, raw_sig, (
size_t)raw_sig_len);
1800 DSA_SIG_free(dsasig);
1803 return ldns_buffer_status(target_buffer);
1811 ECDSA_SIG* ecdsa_sig;
1812 unsigned char *data = (
unsigned char*)ldns_buffer_begin(sig);
1814 ecdsa_sig = d2i_ECDSA_SIG(NULL, (
const unsigned char **)&data, sig_len);
1815 if(!ecdsa_sig)
return NULL;
1819 BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s));
1821 ECDSA_SIG_free(ecdsa_sig);
1824 BN_bn2bin(ecdsa_sig->r, data);
1825 BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r));
1827 BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data);
1828 ECDSA_SIG_free(ecdsa_sig);
1840 if(bnsize < 16 || (
size_t)bnsize*2 !=
ldns_rdf_size(sig_rdf))
1844 sig = ECDSA_SIG_new();
1846 sig->r = BN_bin2bn((
const unsigned char*)
ldns_rdf_data(sig_rdf),
1848 sig->s = BN_bin2bn((
const unsigned char*)
ldns_rdf_data(sig_rdf)+bnsize,
1850 if(!sig->r || !sig->s) {
1851 ECDSA_SIG_free(sig);
1855 raw_sig_len = i2d_ECDSA_SIG(sig, NULL);
1857 unsigned char* pp = (
unsigned char*)
1858 ldns_buffer_current(target_buffer);
1859 raw_sig_len = i2d_ECDSA_SIG(sig, &pp);
1860 ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len);
1862 ECDSA_SIG_free(sig);
1864 return ldns_buffer_status(target_buffer);
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
implementation of buffers to ease operations
_Bool ldns_nsec_bitmap_covers_type(const ldns_rdf *bitmap, ldns_rr_type type)
Check if RR type t is enumerated and set in the RR type bitmap rdf.
ldns_rdf * ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
sets a rdf member, it will be set on the position given.
#define LDNS_SIGNATURE_LEAVE_ADD_NEW
return values for the old-signature callback
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
uint8_t ldns_dname_label_count(const ldns_rdf *r)
count the number of labels inside a LDNS_RDF_DNAME type rdf.
RSA * ldns_key_buf2rsa_raw(unsigned char *key, size_t len)
Like ldns_key_buf2rsa, but uses raw buffer.
ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd)
convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual LDNS_RR_TYPE.
ldns_rr_list * ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec)
return all the rr with a specific type and type from a packet.
int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr)
Returns the number of hash iterations used in the given NSEC3 RR.
uint8_t * ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
Returns the salt bytes used in the given NSEC3 RR.
ldns_rdf * ldns_nsec_get_bitmap(ldns_rr *nsec)
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record...
List or Set of Resource Records.
ldns_status ldns_str2rdf_dname(ldns_rdf **d, const char *str)
convert a dname string into wireformat
ldns_rdf * ldns_nsec3_salt(const ldns_rr *nsec3_rr)
Returns the salt used in the given NSEC3 RR.
ldns_rr * ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs)
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.
uint8_t ldns_rdf2native_int8(const ldns_rdf *rd)
returns the native uint8_t representation from the rdf.
ldns_dnssec_rrsets * rrsets
The rrsets for this name.
#define LDNS_CALLOC(type, count)
#define LDNS_XMALLOC(type, count)
#define LDNS_MIN_BUFLEN
number of initial bytes in buffer of which we cannot tell the size before hand
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
ldns_status ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, const ldns_rdf *sig_rdf)
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format...
void ldns_nsec3_add_param_rdfs(ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Sets all the NSEC3 options.
ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
convert the string with the b32 ext hex data into wireformat
enum ldns_enum_hash ldns_hash
#define LDNS_SHA256_DIGEST_LENGTH
void ldns_rr_list_deep_free(ldns_rr_list *rr_list)
frees an rr_list structure and all rrs contained therein.
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
ldns_rr_list * ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos)
Return the rr_list which matches the rdf at position field.
ldns_rr * ldns_rr_new_frm_type(ldns_rr_type t)
creates a new rr structure, based on the given type.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
void ldns_dname2canonical(const ldns_rdf *rd)
Put a dname into canonical fmt - ie.
ldns_rdf * ldns_rr_rrsig_keytag(const ldns_rr *r)
returns the keytag of a LDNS_RR_TYPE_RRSIG RR
ldns_rdf * ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name)
Calculates the hashed name using the parameters of the given NSEC3 RR.
#define LDNS_MAX_PACKETLEN
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
ldns_rdf * ldns_dname_left_chop(const ldns_rdf *d)
chop one label off the left side of a dname.
ldns_status ldns_nsec_bitmap_set_type(ldns_rdf *bitmap, ldns_rr_type type)
Checks if RR type t is enumerated in the type bitmap rdf and sets the bit.
unsigned char * ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
ldns_rr_list * ldns_pkt_rr_list_by_type(const ldns_pkt *packet, ldns_rr_type type, ldns_pkt_section sec)
return all the rr with a specific type from a packet.
ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf *bitmap, ldns_rr_type type)
Checks if RR type t is enumerated in the type bitmap rdf and clears the bit.
_Bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
ensures BUFFER can contain at least AMOUNT more bytes.
void ldns_rdf_free(ldns_rdf *rd)
frees a rdf structure, leaving the data pointer intact.
ldns_status ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
Copies the rdata data to the buffer in wire format.
Including this file will include all ldns files, and define some lookup tables.
ldns_rdf * ldns_dname_new_frm_str(const char *str)
creates a new dname rdf from a string.
_Bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (i...
marks the start of a zone of authority
ldns_rr_list * ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type)
Returns a ldns_rr_list containing the signatures covering the given name and type.
int ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets, ldns_rr_type type)
returns whether a rrset of the given type is found in the rrsets.
ldns_rr_list * ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type)
Returns a ldns_rr_list containing the signatures covering the given type.
uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr)
Returns the length of the salt used in the given NSEC3 RR.
uint16_t ldns_pkt_nscount(const ldns_pkt *packet)
Return the packet's ns count.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
ldns_rdf * ldns_nsec3_next_owner(const ldns_rr *nsec3_rr)
Returns the first label of the next ownername in the NSEC3 chain (ie.
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
Create a NSEC record.
void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
sets the class in the rr.
#define LDNS_SIGNATURE_REMOVE_NO_ADD
ldns_rr * ldns_dnssec_create_nsec(ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rr_type nsec_type)
Creates NSEC.
uint16_t ldns_pkt_ancount(const ldns_pkt *packet)
Return the packet's an count.
_Bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys)
verify a packet
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
int ldns_dnssec_default_delete_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
ldns_rr * ldns_dnssec_create_nsec3(ldns_dnssec_name *from, ldns_dnssec_name *to, ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Creates NSEC3.
#define LDNS_NSEC3_VARS_OPTOUT_MASK
ldns_status ldns_verify_time(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys, time_t check_time, ldns_rr_list *good_keys)
Verifies a list of signatures for one rrset.
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)
int ldns_dnssec_default_add_to_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdat...
ldns_rdf * ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
Calculates the hashed name using the given parameters.
ldns_rr * ldns_create_nsec3(ldns_rdf *cur_owner, ldns_rdf *cur_zone, ldns_rr_list *rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, _Bool emptynonterminal)
DSA * ldns_key_buf2dsa(ldns_buffer *key)
converts a buffer holding key material to a DSA key in openssl.
ldns_rdf * ldns_nsec3_bitmap(const ldns_rr *nsec3_rr)
Returns the bitmap specifying the covered types of the given NSEC3 RR.
ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd)
returns the type of the rdf.
uint16_t ldns_calc_keytag_raw(uint8_t *key, size_t keysize)
Calculates keytag of DNSSEC key, operates on wireformat rdata.
DSA * ldns_key_buf2dsa_raw(unsigned char *key, size_t len)
Like ldns_key_buf2dsa, but uses raw buffer.
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
int ldns_digest_evp(unsigned char *data, unsigned int len, unsigned char *dest, const EVP_MD *md)
Utility function to calculate hash using generic EVP_MD pointer.
ldns_rdf * ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype __attribute__((unused)), ldns_rr_list *nsec3s)
#define LDNS_SIGNATURE_REMOVE_ADD_NEW
void ldns_rdf_print(FILE *output, const ldns_rdf *rdf)
Prints the data in the rdata field to the given file stream (in presentation format) ...
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
ldns_rr * ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, const ldns_rr_type type, const ldns_rr_list *rrs)
Returns the first RRSIG rr that corresponds to the rrset with the given name and type.
ldns_rdf * ldns_rr_rrsig_typecovered(const ldns_rr *r)
returns the type covered of a LDNS_RR_TYPE_RRSIG rr
_Bool ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt)
Checks whether the packet contains rrsigs.
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
enum ldns_enum_status ldns_status
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
uint8_t ldns_nsec3_flags(const ldns_rr *nsec3_rr)
Returns flags field.
ldns_rdf * hashed_name
pointer to store the hashed name (only used when in an NSEC3 zone
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_rdf * ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
allocates a new rdf structure and fills it.
RSA * ldns_key_buf2rsa(ldns_buffer *key)
converts a buffer holding key material to a RSA key in openssl.
int ldns_b32_ntop_extended_hex(const uint8_t *src, size_t src_sz, char *dst, size_t dst_sz)
#define LDNS_RDF_SIZE_WORD
int ldns_dnssec_default_leave_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
_Bool ldns_nsec3_optout(const ldns_rr *nsec3_rr)
Returns true if the opt-out flag has been set in the given NSEC3 RR.
ldns_rdf * ldns_rr_rrsig_signame(const ldns_rr *r)
returns the signers name of a LDNS_RR_TYPE_RRSIG RR
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *...
Resource record data field.
ldns_dnssec_rrsets * next
ldns_rdf * ldns_rr_owner(const ldns_rr *rr)
returns the owner name of an rr structure.
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
#define LDNS_SIGNATURE_LEAVE_NO_ADD
enum ldns_enum_rr_type ldns_rr_type
ldns_status ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, const ldns_rdf *sig_rdf)
Converts the RRSIG signature RDF (from DNS) to a buffer with the signature in ASN1 format as openssl ...
ldns_status ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs)
chains nsec3 list
ldns_rr_list * ldns_pkt_authority(const ldns_pkt *packet)
Return the packet's authority section.
an authoritative name server
ldns_rdf * ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], size_t size, ldns_rr_type nsec_type)
Create the type bitmap for an NSEC(3) record.
ldns_rdf * ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...
ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
uint32_t ldns_rr_ttl(const ldns_rr *rr)
returns the ttl of an rr structure.
ldns_rr_class ldns_rr_get_class(const ldns_rr *rr)
returns the class of the rr.
int ldns_dnssec_default_replace_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
used to get all non-question rrs from a packet
ldns_rdf * ldns_dnssec_name_name(ldns_dnssec_name *name)
Returns the domain name of the given dnssec_name structure.
ldns_rr_list * ldns_pkt_answer(const ldns_pkt *packet)
Return the packet's answer section.
int qsort_rr_compare_nsec3(const void *a, const void *b)
compare for nsec3 sort
unsigned char * ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys)
verify a packet
uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr)
Returns the hash algorithm used in the given NSEC3 RR.
ldns_rdf * ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...
void ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
sort nsec3 list
int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
compares two rdf's on their wire formats.
#define LDNS_SHA1_DIGEST_LENGTH
ldns_rr * ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
returns a new DS rr that represents the given key rr.