dnssec_sign.c File Reference

Go to the source code of this file.

Functions

ldns_rr_listldns_sign_public (ldns_rr_list *rrset, ldns_key_list *keys)
 use this function to sign with a public/private key alg return the created signatures
ldns_rdfldns_sign_public_dsa (ldns_buffer *to_sign, DSA *key)
 Sign data with DSA.
ldns_rdfldns_sign_public_evp (ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
 Sign data with EVP (general method for different algorithms).
ldns_rdfldns_sign_public_rsasha1 (ldns_buffer *to_sign, RSA *key)
 Sign a buffer with the RSA key (hash with SHA1).
ldns_rdfldns_sign_public_rsamd5 (ldns_buffer *to_sign, RSA *key)
 Sign a buffer with the RSA key (hash with MD5).
ldns_status ldns_dnssec_zone_create_nsecs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
 Adds NSEC records to the given dnssec_zone.
ldns_dnssec_rrsldns_dnssec_remove_signatures (ldns_dnssec_rrs *signatures, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
 remove signatures if callback function tells to
ldns_status ldns_dnssec_zone_create_rrsigs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
 Adds signatures to the zone.
ldns_status ldns_dnssec_zone_sign (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
 signs the given zone with the given keys
ldns_status ldns_dnssec_zone_sign_nsec3 (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
 signs the given zone with the given new zone, with NSEC3
ldns_zoneldns_zone_sign (const ldns_zone *zone, ldns_key_list *key_list)
 Signs the zone, and returns a newly allocated signed zone.
ldns_zoneldns_zone_sign_nsec3 (ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
 Signs the zone with NSEC3, and returns a newly allocated signed zone.


Function Documentation

ldns_rr_list* ldns_sign_public ( ldns_rr_list rrset,
ldns_key_list keys 
)

use this function to sign with a public/private key alg return the created signatures

dnssec_verify

Definition at line 27 of file dnssec_sign.c.

References ldns_buffer_free(), ldns_buffer_new(), LDNS_DEFAULT_EXP_TIME, ldns_dname_cat_clone(), ldns_dname_label(), ldns_dname_label_count(), ldns_dname_left_chop(), LDNS_DSA_NSEC3, ldns_key_algorithm(), ldns_key_evp_key(), ldns_key_expiration(), ldns_key_flags(), ldns_key_inception(), ldns_key_keytag(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_pubkey_owner(), LDNS_KEY_SEP_KEY, ldns_key_use(), LDNS_KEY_ZONE_KEY, LDNS_MAX_PACKETLEN, ldns_native2rdf_int16(), ldns_native2rdf_int32(), ldns_native2rdf_int8(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rdf_deep_free(), LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT32, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TYPE, ldns_rr2canonical(), ldns_rr_get_type(), ldns_rr_list2buffer_wire(), ldns_rr_list_clone(), ldns_rr_list_deep_free(), ldns_rr_list_new(), ldns_rr_list_print(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_sort(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_rrsig_set_algorithm(), ldns_rr_rrsig_set_expiration(), ldns_rr_rrsig_set_inception(), ldns_rr_rrsig_set_keytag(), ldns_rr_rrsig_set_labels(), ldns_rr_rrsig_set_origttl(), ldns_rr_rrsig_set_sig(), ldns_rr_rrsig_set_signame(), ldns_rr_rrsig_set_typecovered(), ldns_rr_set_owner(), ldns_rr_set_ttl(), ldns_rr_ttl(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_RRSIG, ldns_rrsig2buffer_wire(), LDNS_SIGN_DSA, ldns_sign_public_evp(), LDNS_SIGN_RSAMD5, LDNS_SIGN_RSASHA1, LDNS_SIGN_RSASHA1_NSEC3, LDNS_SIGN_RSASHA256, LDNS_SIGN_RSASHA256_NSEC3, LDNS_SIGN_RSASHA512, LDNS_SIGN_RSASHA512_NSEC3, LDNS_STATUS_OK, and ldns_str2rdf_dname().

ldns_rdf* ldns_sign_public_dsa ( ldns_buffer to_sign,
DSA *  key 
)

Sign data with DSA.

Sign a buffer with the DSA key (hash with SHA1).

Parameters:
[in] to_sign The ldns_buffer containing raw data that is to be signed
[in] key The DSA key structure to sign with
Returns:
ldns_rdf for the RRSIG ldns_rr

Definition at line 235 of file dnssec_sign.c.

References ldns_buffer_free(), ldns_buffer_new(), LDNS_FREE, LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.

ldns_rdf* ldns_sign_public_evp ( ldns_buffer to_sign,
EVP_PKEY *  key,
const EVP_MD *  digest_type 
)

Sign data with EVP (general method for different algorithms).

Parameters:
[in] to_sign The ldns_buffer containing raw data that is to be signed
[in] key The EVP_PKEY key structure to sign with
[in] digest_type The digest algorithm to use in the creation of the signature
Returns:
ldns_rdf for the RRSIG ldns_rr

Definition at line 284 of file dnssec_sign.c.

References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_rdf* ldns_sign_public_rsasha1 ( ldns_buffer to_sign,
RSA *  key 
)

Sign a buffer with the RSA key (hash with SHA1).

Parameters:
[in] to_sign buffer with the data
[in] key the key to use
Returns:
a ldns_rdf with the signed data

Definition at line 331 of file dnssec_sign.c.

References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_rdf* ldns_sign_public_rsamd5 ( ldns_buffer to_sign,
RSA *  key 
)

Sign a buffer with the RSA key (hash with MD5).

Parameters:
[in] to_sign buffer with the data
[in] key the key to use
Returns:
a ldns_rdf with the signed data

Definition at line 370 of file dnssec_sign.c.

References ldns_buffer_free(), ldns_buffer_new(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_status ldns_dnssec_zone_create_nsecs ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs 
)

Adds NSEC records to the given dnssec_zone.

Parameters:
[in] zone the zone to add the records to
[in] new_rrs ldns_rr's created by this function are added to this rr list, so the caller can free them later
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 400 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_create_nsec(), ldns_dnssec_name_add_rr(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_push_rr(), LDNS_RR_TYPE_NSEC, LDNS_STATUS_ERR, LDNS_STATUS_OK, and ldns_struct_dnssec_zone::names.

ldns_dnssec_rrs* ldns_dnssec_remove_signatures ( ldns_dnssec_rrs signatures,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)

remove signatures if callback function tells to

Parameters:
[in] signatures list of signatures to check, and possibly remove, depending on the value of the callback
[in] key_list these are marked to be used or not, on the return value of the callback
[in] func this function is called to specify what to do with each signature (and corresponding key)
[in] arg Optional argument for the callback function
Returns:
pointer to the new signatures rrs (the original passed to this function may have been removed)

Definition at line 443 of file dnssec_sign.c.

References LDNS_FREE, ldns_key_keytag(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_list_set_use(), ldns_key_set_use(), ldns_rdf2native_int16(), ldns_rr_rrsig_keytag(), LDNS_SIGNATURE_LEAVE_ADD_NEW, LDNS_SIGNATURE_LEAVE_NO_ADD, LDNS_SIGNATURE_REMOVE_ADD_NEW, LDNS_SIGNATURE_REMOVE_NO_ADD, ldns_struct_dnssec_rrs::next, and ldns_struct_dnssec_rrs::rr.

ldns_status ldns_dnssec_zone_create_rrsigs ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)

Adds signatures to the zone.

Parameters:
[in] zone the zone to add RRSIG Resource Records to
[in] new_rrs the RRSIG RRs that are created are also added to this list, so the caller can free them later
[in] key_list list of keys to sign with.
[in] func Callback function to decide what keys to use and what to do with old signatures
[in] arg Optional argument for the callback function
Returns:
LDNS_STATUS_OK on success, error otherwise

Definition at line 529 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_remove_signatures(), ldns_dnssec_rrs_add_rr(), ldns_dnssec_rrs_new(), ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_list_set_use(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_sign_public(), LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_rrs::next, ldns_struct_dnssec_name::nsec, ldns_struct_dnssec_name::nsec_signatures, ldns_struct_dnssec_rrs::rr, ldns_struct_dnssec_rrsets::rrs, ldns_struct_dnssec_name::rrsets, and ldns_struct_dnssec_rrsets::signatures.

ldns_status ldns_dnssec_zone_sign ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)

signs the given zone with the given keys

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW: remove the signature and replace is with a new one from the same key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not add a new one with the corresponding key LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not replace
[in] arg optional argument for the callback function
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 639 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_zone_create_nsecs(), ldns_dnssec_zone_create_rrsigs(), LDNS_STATUS_ERR, LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, and ldns_rbtree_t::root.

ldns_status ldns_dnssec_zone_sign_nsec3 ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt 
)

signs the given zone with the given new zone, with NSEC3

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures
[in] arg optional argument for the callback function
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 673 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_zone_add_empty_nonterminals(), ldns_dnssec_zone_add_rr(), ldns_dnssec_zone_create_nsec3s(), ldns_dnssec_zone_create_rrsigs(), ldns_dnssec_zone_find_rrset(), ldns_nsec3_add_param_rdfs(), ldns_rdf_clone(), ldns_rr_get_type(), ldns_rr_list_push_rr(), ldns_rr_new_frm_type(), ldns_rr_set_owner(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_NSEC3PARAMS, LDNS_STATUS_OK, ldns_struct_dnssec_name::name, ldns_struct_dnssec_zone::names, ldns_rbtree_t::root, and ldns_struct_dnssec_zone::soa.

ldns_zone* ldns_zone_sign ( const ldns_zone zone,
ldns_key_list key_list 
)

ldns_zone* ldns_zone_sign_nsec3 ( ldns_zone zone,
ldns_key_list key_list,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt 
)

Signs the zone with NSEC3, and returns a newly allocated signed zone.

Parameters:
[in] zone the zone to sign
[in] key_list list of keys to sign with
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
Returns:
signed zone

Definition at line 838 of file dnssec_sign.c.

References ldns_create_nsec3(), ldns_dname_cat_clone(), ldns_dname_compare(), ldns_dname_is_subdomain(), ldns_dname_label(), ldns_dname_label_count(), ldns_dname_new_frm_str(), ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_nsec3_add_param_rdfs(), ldns_rdf2native_int32(), ldns_rdf2str(), ldns_rdf_clone(), ldns_rdf_compare(), ldns_rdf_deep_free(), ldns_rdf_print(), ldns_rr_clone(), ldns_rr_get_type(), ldns_rr_list_cat(), ldns_rr_list_clone(), ldns_rr_list_contains_rr(), ldns_rr_list_deep_free(), ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_pop_rrset(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_set_rr(), ldns_rr_list_sort(), ldns_rr_list_sort_nsec3(), ldns_rr_new_frm_type(), ldns_rr_owner(), ldns_rr_rdf(), ldns_rr_set_owner(), ldns_rr_set_rdf(), ldns_rr_set_ttl(), LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC3PARAMS, LDNS_RR_TYPE_RRSIG, ldns_sign_public(), ldns_str2rdf_b32_ext(), ldns_zone_glue_rr_list(), ldns_zone_new(), ldns_zone_push_rr_list(), ldns_zone_rrs(), ldns_zone_set_soa(), and ldns_zone_soa().


Generated on Fri Sep 19 13:35:25 2008 for ldns by  doxygen 1.5.5