21 #include <openssl/ssl.h> 22 #include <openssl/evp.h> 23 #include <openssl/rand.h> 24 #include <openssl/err.h> 25 #include <openssl/md5.h> 26 #include <openssl/bn.h> 27 #include <openssl/rsa.h> 29 #include <openssl/dsa.h> 112 ldns_rdf *sname, *hashed_sname, *tmp;
115 bool exact_match_found;
143 exact_match_found =
false;
144 in_range_found =
false;
168 exact_match_found =
true;
170 in_range_found =
true;
174 if (!exact_match_found && in_range_found) {
176 }
else if (exact_match_found && flag) {
181 }
else if (exact_match_found && !flag) {
238 t_netorder = htons(type);
262 t_netorder = htons(type);
300 keysize= ldns_buffer_position(keybuf);
320 memmove(&ac16, key + keysize - 3, 2);
323 return (uint16_t) ac16;
326 for (i = 0; (size_t)i < keysize; ++i) {
327 ac32 += (i & 1) ? key[i] : key[i] << 8;
329 ac32 += (ac32 >> 16) & 0xFFFF;
330 return (uint16_t) (ac32 & 0xFFFF);
339 ldns_buffer_position(key));
349 BIGNUM *Q; BIGNUM *P;
350 BIGNUM *G; BIGNUM *Y;
355 length = (64 + T * 8);
361 if(len < (
size_t)1 + SHA_DIGEST_LENGTH + 3*length)
364 Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
365 offset += SHA_DIGEST_LENGTH;
367 P = BN_bin2bn(key+offset, (
int)length, NULL);
370 G = BN_bin2bn(key+offset, (
int)length, NULL);
373 Y = BN_bin2bn(key+offset, (
int)length, NULL);
376 if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
383 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) 391 if (!DSA_set0_pqg(dsa, P, Q, G)) {
401 if (!DSA_set0_key(dsa, Y, NULL)) {
415 ldns_buffer_position(key));
436 memmove(&int16, key+1, 2);
445 if(len < (
size_t)offset + exp + 1)
450 if(!exponent)
return NULL;
451 (void) BN_bin2bn(key+offset, (
int)exp, exponent);
461 (void) BN_bin2bn(key+offset, (
int)(len - offset), modulus);
469 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) 475 if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
491 ctx = EVP_MD_CTX_create();
494 if(!EVP_DigestInit_ex(ctx, md, NULL) ||
495 !EVP_DigestUpdate(ctx, data, len) ||
496 !EVP_DigestFinal_ex(ctx, dest, NULL)) {
497 EVP_MD_CTX_destroy(ctx);
500 EVP_MD_CTX_destroy(ctx);
515 const EVP_MD* md = NULL;
551 md = EVP_get_digestbyname(
"md_gost94");
607 sha1hash = (uint8_t)h;
636 (void)
ldns_sha1((
unsigned char *) ldns_buffer_begin(data_buf),
637 (
unsigned int) ldns_buffer_position(data_buf),
638 (
unsigned char *) digest);
647 (void)
ldns_sha256((
unsigned char *) ldns_buffer_begin(data_buf),
648 (
unsigned int) ldns_buffer_position(data_buf),
649 (
unsigned char *) digest);
658 (
unsigned int) ldns_buffer_position(data_buf),
659 (
unsigned char *) digest, md)) {
666 (
size_t)EVP_MD_size(md),
673 (void) SHA384((
unsigned char *) ldns_buffer_begin(data_buf),
674 (
unsigned int) ldns_buffer_position(data_buf),
675 (
unsigned char *) digest);
677 SHA384_DIGEST_LENGTH,
724 uint8_t windowpresent[256];
729 uint8_t* data = NULL;
737 memset(windows, 0,
sizeof(
int)*256);
738 memset(windowpresent, 0, 256);
742 for (d = rr_type_list; d < rr_type_list + size; d++) {
745 windowpresent[window] = 1;
746 if (windows[window] < (
int)subtype) {
747 windows[window] = (int)subtype;
754 for (i = 0; i < 256; i++) {
755 if (windowpresent[i]) {
756 sz += windows[i] / 8 + 3;
766 for (i = 0; i < 256; i++) {
767 if (windowpresent[i]) {
768 *dptr++ = (uint8_t)i;
769 *dptr++ = (uint8_t)(windows[i] / 8 + 1);
774 windows[i] = (int)(dptr - data);
783 for (d = rr_type_list; d < rr_type_list + size; d++) {
785 data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8));
804 if (cur_rrset->
type == type) {
807 cur_rrset = cur_rrset->
next;
819 size_t type_count = 0;
821 int on_delegation_point;
837 cur_rrsets = from->
rrsets;
841 if ((on_delegation_point && (
844 || (!on_delegation_point &&
848 types[type_count] = cur_rrsets->
type;
851 cur_rrsets = cur_rrsets->
next;
878 size_t type_count = 0;
881 int on_delegation_point;
910 cur_rrsets = from->
rrsets;
918 if ((on_delegation_point && (
921 || (!on_delegation_point &&
924 types[type_count] = cur_rrsets->
type;
927 cur_rrsets = cur_rrsets->
next;
932 if (type_count > 0 &&
972 size_t type_count = 0;
985 if (type_count == 0 || i_type_list[type_count-1] != i_type) {
986 i_type_list[type_count] = i_type;
1008 uint16_t iterations,
1009 uint8_t salt_length,
1010 const uint8_t *salt)
1012 size_t hashed_owner_str_len;
1015 unsigned char *hashed_owner_str;
1016 char *hashed_owner_b32;
1017 size_t hashed_owner_b32_len;
1033 fprintf(stderr,
"Memory error\n");
1040 hashed_owner_str =
LDNS_XMALLOC(
unsigned char, hashed_owner_str_len);
1041 if(!hashed_owner_str) {
1046 memcpy(hashed_owner_str +
ldns_rdf_size(cann), salt, salt_length);
1049 for (cur_it = iterations + 1; cur_it > 0; cur_it--) {
1050 (void)
ldns_sha1((
unsigned char *) hashed_owner_str,
1051 (
unsigned int) hashed_owner_str_len, hash);
1055 hashed_owner_str =
LDNS_XMALLOC(
unsigned char, hashed_owner_str_len);
1056 if (!hashed_owner_str) {
1065 hashed_owner_str = hash;
1069 ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1);
1070 if(!hashed_owner_b32) {
1074 (uint8_t *) hashed_owner_str,
1075 hashed_owner_str_len,
1077 ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1);
1078 if (hashed_owner_b32_len < 1) {
1080 fprintf(stderr,
"Error in base32 extended hex encoding ");
1081 fprintf(stderr,
"of hashed owner name (name: ");
1083 fprintf(stderr,
", return code: %u)\n",
1084 (
unsigned int) hashed_owner_b32_len);
1089 hashed_owner_b32[hashed_owner_b32_len] =
'\0';
1094 fprintf(stderr,
"Error creating rdf from %s\n", hashed_owner_b32);
1101 return hashed_owner;
1108 uint16_t iterations,
1109 uint8_t salt_length,
1110 const uint8_t *salt)
1113 uint8_t *salt_data = NULL;
1118 1, (
void*)&algorithm),
1139 salt_data[0] = salt_length;
1140 memcpy(salt_data + 1, salt, salt_length);
1160 if (!origin || !rr_list)
return 0;
1181 uint16_t iterations,
1182 uint8_t salt_length,
1183 const uint8_t *salt,
1184 bool emptynonterminal)
1196 size_t type_count = 0;
1230 if (type_count == 0 || i_type_list[type_count-1] != i_type) {
1231 i_type_list[type_count] = i_type;
1239 if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) {
1329 uint8_t salt_length;
1338 if(!salt)
return NULL;
1369 uint16_t iterations;
1370 uint8_t salt_length;
1387 return hashed_owner;
1401 uint8_t window = type >> 8;
1402 uint8_t subtype = type & 0xff;
1415 while (dptr < dend && dptr[0] <= window) {
1417 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1418 dptr + dptr[1] + 2 <= dend) {
1420 return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8));
1422 dptr += dptr[1] + 2;
1438 uint8_t window = type >> 8;
1439 uint8_t subtype = type & 0xff;
1452 while (dptr < dend && dptr[0] <= window) {
1454 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1455 dptr + dptr[1] + 2 <= dend) {
1457 dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8));
1460 dptr += dptr[1] + 2;
1476 uint8_t window = type >> 8;
1477 uint8_t subtype = type & 0xff;
1491 while (dptr < dend && dptr[0] <= window) {
1493 if (dptr[0] == window && subtype / 8 < dptr[1] &&
1494 dptr + dptr[1] + 2 <= dend) {
1496 dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8));
1499 dptr += dptr[1] + 2;
1510 char *next_hash_str;
1596 t_netorder = htons(t);
1602 if (! sigs_covered) {
1635 char *next_nsec_owner_str;
1642 next_nsec_owner_label =
1645 next_nsec_owner_str =
ldns_rdf2str(next_nsec_owner_label);
1646 if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1648 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1652 next_nsec_owner_str);
1654 next_nsec_rdf, 4)) {
1661 next_nsec_owner_label =
1665 next_nsec_owner_str =
ldns_rdf2str(next_nsec_owner_label);
1666 if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1668 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1]
1672 next_nsec_owner_str);
1676 next_nsec_rdf, 4)) {
1689 if (rr1 == NULL && rr2 == NULL) {
1704 qsort(unsorted->
_rrs,
1750 const BIGNUM *
R, *S;
1751 unsigned char *dsasig_data = (
unsigned char*)ldns_buffer_begin(sig);
1754 dsasig = d2i_DSA_SIG(NULL,
1755 (
const unsigned char **)&dsasig_data,
1758 DSA_SIG_free(dsasig);
1764 DSA_SIG_free(dsasig);
1768 # ifdef HAVE_DSA_SIG_GET0 1769 DSA_SIG_get0(dsasig, &
R, &S);
1774 byte_offset = (size_t) (20 - BN_num_bytes(
R));
1775 if (byte_offset > 20) {
1776 DSA_SIG_free(dsasig);
1780 memset(&dsasig_data[1], 0, byte_offset);
1781 BN_bn2bin(
R, &dsasig_data[1 + byte_offset]);
1782 byte_offset = (size_t) (20 - BN_num_bytes(S));
1783 if (byte_offset > 20) {
1784 DSA_SIG_free(dsasig);
1788 memset(&dsasig_data[21], 0, byte_offset);
1789 BN_bn2bin(S, &dsasig_data[21 + byte_offset]);
1795 DSA_SIG_free(dsasig);
1799 (void)sig; (void)sig_len;
1812 unsigned char *raw_sig = NULL;
1820 (void) BN_bin2bn((
unsigned char *)
ldns_rdf_data(sig_rdf) + 1,
1821 SHA_DIGEST_LENGTH,
R);
1827 (void) BN_bin2bn((
unsigned char *)
ldns_rdf_data(sig_rdf) + 21,
1828 SHA_DIGEST_LENGTH, S);
1830 dsasig = DSA_SIG_new();
1836 # ifdef HAVE_DSA_SIG_SET0 1837 if (! DSA_SIG_set0(dsasig,
R, S))
1844 raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig);
1845 if (raw_sig_len < 0) {
1846 DSA_SIG_free(dsasig);
1851 ldns_buffer_write(target_buffer, raw_sig, (
size_t)raw_sig_len);
1854 DSA_SIG_free(dsasig);
1857 return ldns_buffer_status(target_buffer);
1859 (void)target_buffer; (void)sig_rdf;
1868 const long sig_len,
int num_bytes)
1870 ECDSA_SIG* ecdsa_sig;
1871 const BIGNUM *r, *s;
1872 unsigned char *data = (
unsigned char*)ldns_buffer_begin(sig);
1874 ecdsa_sig = d2i_ECDSA_SIG(NULL, (
const unsigned char **)&data, sig_len);
1875 if(!ecdsa_sig)
return NULL;
1877 #ifdef HAVE_ECDSA_SIG_GET0 1878 ECDSA_SIG_get0(ecdsa_sig, &r, &s);
1884 if(BN_num_bytes(r) > num_bytes ||
1885 BN_num_bytes(s) > num_bytes) {
1886 ECDSA_SIG_free(ecdsa_sig);
1891 ECDSA_SIG_free(ecdsa_sig);
1896 memset(data, 0, num_bytes*2);
1897 BN_bn2bin(r, data+num_bytes-BN_num_bytes(r));
1898 BN_bn2bin(s, data+num_bytes*2-BN_num_bytes(s));
1900 ECDSA_SIG_free(ecdsa_sig);
1915 uint8_t pre[] = {0x30, 0x44, 0x02, 0x20};
1917 uint8_t mid[] = {0x02, 0x20};
1919 int raw_sig_len, r_high, s_high, r_rem=0, s_rem=0;
1923 if(bnsize < 16 || (
size_t)bnsize*2 !=
ldns_rdf_size(sig_rdf))
1926 while(r_rem < bnsize-1 && d[r_rem] == 0)
1929 while(s_rem < bnsize-1 && d[bnsize+s_rem] == 0)
1932 r_high = ((d[0+r_rem]&0x80)?1:0);
1933 s_high = ((d[bnsize+s_rem]&0x80)?1:0);
1934 raw_sig_len = pre_len + r_high + bnsize - r_rem + mid_len +
1935 s_high + bnsize - s_rem;
1937 ldns_buffer_write_u8(target_buffer, pre[0]);
1938 ldns_buffer_write_u8(target_buffer, raw_sig_len-2);
1939 ldns_buffer_write_u8(target_buffer, pre[2]);
1940 ldns_buffer_write_u8(target_buffer, bnsize + r_high - r_rem);
1942 ldns_buffer_write_u8(target_buffer, 0);
1943 ldns_buffer_write(target_buffer, d+r_rem, bnsize-r_rem);
1944 ldns_buffer_write(target_buffer, mid, mid_len-1);
1945 ldns_buffer_write_u8(target_buffer, bnsize + s_high - s_rem);
1947 ldns_buffer_write_u8(target_buffer, 0);
1948 ldns_buffer_write(target_buffer, d+bnsize+s_rem, bnsize-s_rem);
1950 return ldns_buffer_status(target_buffer);
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
implementation of buffers to ease operations
bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name)
Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (i...
ldns_rdf * ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position)
sets a rdf member, it will be set on the position given.
#define LDNS_SIGNATURE_LEAVE_ADD_NEW
return values for the old-signature callback
ldns_rr * ldns_dnssec_create_nsec(const ldns_dnssec_name *from, const ldns_dnssec_name *to, ldns_rr_type nsec_type)
Creates NSEC.
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
uint8_t ldns_dname_label_count(const ldns_rdf *r)
count the number of labels inside a LDNS_RDF_DNAME type rdf.
ldns_rr * ldns_dnssec_create_nsec3(const ldns_dnssec_name *from, const ldns_dnssec_name *to, const ldns_rdf *zone_name, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, const uint8_t *salt)
Creates NSEC3.
RSA * ldns_key_buf2rsa_raw(const unsigned char *key, size_t len)
Like ldns_key_buf2rsa, but uses raw buffer.
ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd)
convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual LDNS_RR_TYPE.
ldns_rr_list * ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec)
return all the rr with a specific type and type from a packet.
int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2)
Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6.
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
bool ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt)
Checks whether the packet contains rrsigs.
uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr)
Returns the number of hash iterations used in the given NSEC3 RR.
uint8_t * ldns_nsec3_salt_data(const ldns_rr *nsec3_rr)
Returns the salt bytes used in the given NSEC3 RR.
List or Set of Resource Records.
ldns_status ldns_str2rdf_dname(ldns_rdf **d, const char *str)
convert a dname string into wireformat
ldns_rdf * ldns_nsec3_salt(const ldns_rr *nsec3_rr)
Returns the salt used in the given NSEC3 RR.
ldns_rr * ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs)
Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.
uint8_t ldns_rdf2native_int8(const ldns_rdf *rd)
returns the native uint8_t representation from the rdf.
ldns_status ldns_verify_time(const ldns_rr_list *rrset, const ldns_rr_list *rrsig, const ldns_rr_list *keys, time_t check_time, ldns_rr_list *good_keys)
Verifies a list of signatures for one rrset.
ldns_dnssec_rrsets * rrsets
The rrsets for this name.
#define LDNS_CALLOC(type, count)
#define LDNS_XMALLOC(type, count)
#define LDNS_MIN_BUFLEN
number of initial bytes in buffer of which we cannot tell the size before hand
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
ldns_status ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, const ldns_rdf *sig_rdf)
Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format...
ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str)
convert the string with the b32 ext hex data into wireformat
enum ldns_enum_hash ldns_hash
#define LDNS_SHA256_DIGEST_LENGTH
void ldns_rr_list_deep_free(ldns_rr_list *rr_list)
frees an rr_list structure and all rrs contained therein.
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
ldns_rr * ldns_rr_new_frm_type(ldns_rr_type t)
creates a new rr structure, based on the given type.
ldns_rdf * ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname, ldns_rr_type qtype __attribute__((unused)), const ldns_rr_list *nsec3s)
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
void ldns_dname2canonical(const ldns_rdf *rd)
Put a dname into canonical fmt - ie.
ldns_rdf * ldns_rr_rrsig_keytag(const ldns_rr *r)
returns the keytag of a LDNS_RR_TYPE_RRSIG RR
#define LDNS_MAX_PACKETLEN
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
ldns_rdf * ldns_dname_left_chop(const ldns_rdf *d)
chop one label off the left side of a dname.
ldns_status ldns_nsec_bitmap_set_type(ldns_rdf *bitmap, ldns_rr_type type)
Checks if RR type t is enumerated in the type bitmap rdf and sets the bit.
unsigned char * ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
DSA * ldns_key_buf2dsa_raw(const unsigned char *key, size_t len)
Like ldns_key_buf2dsa, but uses raw buffer.
ldns_rr_list * ldns_pkt_rr_list_by_type(const ldns_pkt *packet, ldns_rr_type type, ldns_pkt_section sec)
return all the rr with a specific type from a packet.
ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf *bitmap, ldns_rr_type type)
Checks if RR type t is enumerated in the type bitmap rdf and clears the bit.
void ldns_rdf_free(ldns_rdf *rd)
frees a rdf structure, leaving the data pointer intact.
ldns_status ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
Copies the rdata data to the buffer in wire format.
ldns_rdf * ldns_nsec_get_bitmap(const ldns_rr *nsec)
Returns the rdata field that contains the bitmap of the covered types of the given NSEC record.
ldns_rdf * ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig, const long sig_len, int num_bytes)
Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...
Including this file will include all ldns files, and define some lookup tables.
ldns_rdf * ldns_dname_new_frm_str(const char *str)
creates a new dname rdf from a string.
marks the start of a zone of authority
ldns_rr_list * ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type)
Returns a ldns_rr_list containing the signatures covering the given type.
uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr)
Returns the length of the salt used in the given NSEC3 RR.
uint16_t ldns_pkt_nscount(const ldns_pkt *packet)
Return the packet's ns count.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
ldns_rdf * ldns_nsec3_next_owner(const ldns_rr *nsec3_rr)
Returns the first label of the next ownername in the NSEC3 chain (ie.
ldns_rr * ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr)
returns a specific rr of an rrlist.
ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
Create a NSEC record.
void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
sets the class in the rr.
#define LDNS_SIGNATURE_REMOVE_NO_ADD
void ldns_nsec3_add_param_rdfs(ldns_rr *rr, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, const uint8_t *salt)
Sets all the NSEC3 options.
ldns_rr_list * ldns_rr_list_subtype_by_rdf(const ldns_rr_list *l, const ldns_rdf *r, size_t pos)
Return the rr_list which matches the rdf at position field.
uint16_t ldns_pkt_ancount(const ldns_pkt *packet)
Return the packet's an count.
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
int ldns_dnssec_default_delete_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
#define LDNS_NSEC3_VARS_OPTOUT_MASK
int ldns_dnssec_rrsets_contains_type(const ldns_dnssec_rrsets *rrsets, ldns_rr_type type)
returns whether a rrset of the given type is found in the rrsets.
uint16_t ldns_calc_keytag_raw(const uint8_t *key, size_t keysize)
Calculates keytag of DNSSEC key, operates on wireformat rdata.
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
int ldns_dnssec_default_add_to_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
bool ldns_nsec3_optout(const ldns_rr *nsec3_rr)
Returns true if the opt-out flag has been set in the given NSEC3 RR.
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr)
Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdat...
ldns_rr * ldns_create_nsec3(const ldns_rdf *cur_owner, const ldns_rdf *cur_zone, const ldns_rr_list *rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, const uint8_t *salt, bool emptynonterminal)
bool ldns_nsec_bitmap_covers_type(const ldns_rdf *bitmap, ldns_rr_type type)
Check if RR type t is enumerated and set in the RR type bitmap rdf.
ldns_rdf * ldns_nsec3_bitmap(const ldns_rr *nsec3_rr)
Returns the bitmap specifying the covered types of the given NSEC3 RR.
ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd)
returns the type of the rdf.
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
#define LDNS_SIGNATURE_REMOVE_ADD_NEW
void ldns_rdf_print(FILE *output, const ldns_rdf *rdf)
Prints the data in the rdata field to the given file stream (in presentation format)
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
DSA * ldns_key_buf2dsa(const ldns_buffer *key)
converts a buffer holding key material to a DSA key in openssl.
ldns_rr * ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, const ldns_rr_type type, const ldns_rr_list *rrs)
Returns the first RRSIG rr that corresponds to the rrset with the given name and type.
ldns_rdf * ldns_rr_rrsig_typecovered(const ldns_rr *r)
returns the type covered of a LDNS_RR_TYPE_RRSIG rr
int ldns_digest_evp(const unsigned char *data, unsigned int len, unsigned char *dest, const EVP_MD *md)
Utility function to calculate hash using generic EVP_MD pointer.
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
enum ldns_enum_status ldns_status
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
uint8_t ldns_nsec3_flags(const ldns_rr *nsec3_rr)
Returns flags field.
ldns_rdf * hashed_name
pointer to store the hashed name (only used when in an NSEC3 zone
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).
ldns_rdf * ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
allocates a new rdf structure and fills it.
int ldns_b32_ntop_extended_hex(const uint8_t *src, size_t src_sz, char *dst, size_t dst_sz)
#define LDNS_RDF_SIZE_WORD
bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount)
ensures BUFFER can contain at least AMOUNT more bytes.
RSA * ldns_key_buf2rsa(const ldns_buffer *key)
converts a buffer holding key material to a RSA key in openssl.
ldns_rdf * ldns_dnssec_name_name(const ldns_dnssec_name *name)
Returns the domain name of the given dnssec_name structure.
int ldns_dnssec_default_leave_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
ldns_rdf * ldns_rr_rrsig_signame(const ldns_rr *r)
returns the signers name of a LDNS_RR_TYPE_RRSIG RR
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *.
bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
Resource record data field.
ldns_dnssec_rrsets * next
ldns_rdf * ldns_rr_owner(const ldns_rr *rr)
returns the owner name of an rr structure.
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list)
returns the number of rr's in an rr_list.
#define LDNS_SIGNATURE_LEAVE_NO_ADD
enum ldns_enum_rr_type ldns_rr_type
ldns_status ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, const ldns_rdf *sig_rdf)
Converts the RRSIG signature RDF (from DNS) to a buffer with the signature in ASN1 format as openssl ...
ldns_status ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs)
chains nsec3 list
ldns_rr_list * ldns_pkt_authority(const ldns_pkt *packet)
Return the packet's authority section.
an authoritative name server
ldns_rdf * ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], size_t size, ldns_rr_type nsec_type)
Create the type bitmap for an NSEC(3) record.
ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label.
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
uint32_t ldns_rr_ttl(const ldns_rr *rr)
returns the ttl of an rr structure.
ldns_rr_class ldns_rr_get_class(const ldns_rr *rr)
returns the class of the rr.
int ldns_dnssec_default_replace_signatures(ldns_rr *sig __attribute__((unused)), void *n __attribute__((unused)))
used to get all non-question rrs from a packet
ldns_status ldns_pkt_verify(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, const ldns_rr_list *k, const ldns_rr_list *s, ldns_rr_list *good_keys)
verify a packet
ldns_status ldns_dname_cat(ldns_rdf *rd1, const ldns_rdf *rd2)
concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)
ldns_rr_list * ldns_pkt_answer(const ldns_pkt *packet)
Return the packet's answer section.
int qsort_rr_compare_nsec3(const void *a, const void *b)
compare for nsec3 sort
unsigned char * ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest)
Convenience function to digest a fixed block of data at once.
ldns_status ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, const ldns_rr_list *k, const ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys)
verify a packet
ldns_rdf * ldns_nsec3_hash_name(const ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, const uint8_t *salt)
Calculates the hashed name using the given parameters.
uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr)
Returns the hash algorithm used in the given NSEC3 RR.
ldns_rdf * ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len)
Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...
void ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted)
sort nsec3 list
int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
compares two rdf's on their wire formats.
#define LDNS_SHA1_DIGEST_LENGTH
ldns_rdf * ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, const ldns_rdf *name)
Calculates the hashed name using the parameters of the given NSEC3 RR.
ldns_rr_list * ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, const ldns_rdf *name, ldns_rr_type type)
Returns a ldns_rr_list containing the signatures covering the given name and type.
ldns_rr * ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
returns a new DS rr that represents the given key rr.