00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #ifndef _LDNS_DNSSEC_H_
00012 #define _LDNS_DNSSEC_H_
00013
00014 #include <openssl/ssl.h>
00015 #include <ldns/common.h>
00016 #include <ldns/dns.h>
00017 #include <ldns/buffer.h>
00018 #include <ldns/packet.h>
00019 #include <ldns/zone.h>
00020 #include <ldns/keys.h>
00021
00022 #define LDNS_MAX_KEYLEN 2048
00023 #define LDNS_DNSSEC_KEYPROTO 3
00024
00025 #define LDNS_DEFAULT_EXP_TIME 1209600
00026
00027 #if 0
00028
00031 enum ldns_enum_algorithm
00032 {
00033 LDNS_RSAMD5 = 1,
00034 LDNS_DH = 2,
00035 LDNS_DSA = 3,
00036 LDNS_ECC = 4,
00037 LDNS_RSASHA1 = 5,
00038 LDNS_INDIRECT = 252,
00039 LDNS_PRIVATEDNS = 253,
00040 LDNS_PRIVATEOID = 254
00041 };
00042 typedef enum ldns_enum_algorithm ldns_algorithm;
00043 #endif
00044
00051 uint16_t ldns_calc_keytag(ldns_rr *key);
00052
00062 ldns_status ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys);
00063
00072 ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys);
00073
00074
00075 ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key);
00076
00085 ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00094 ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00103 ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key);
00104
00111 DSA *ldns_key_buf2dsa(ldns_buffer *key);
00112
00119 RSA *ldns_key_buf2rsa(ldns_buffer *key);
00120
00121
00122
00123
00124
00125
00132 ldns_rr *ldns_key_rr2ds(const ldns_rr *key);
00133
00134
00135 ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
00136 ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
00137 ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key);
00138 ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key);
00139 ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
00140
00148 ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
00149
00153 ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys);
00154
00164 ldns_zone *ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list);
00165
00166 ldns_status ldns_init_random(FILE *fd, uint16_t bytes);
00167
00168 #endif