dnssec.h File Reference

Go to the source code of this file.

Defines

#define LDNS_MAX_KEYLEN   2048
#define LDNS_DNSSEC_KEYPROTO   3
#define LDNS_DEFAULT_EXP_TIME   1209600

Functions

uint16_t ldns_calc_keytag (ldns_rr *key)
 calculates a keytag of a key for use in DNSSEC.
ldns_status ldns_verify (ldns_rr_list *rrset, ldns_rr_list *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys)
 verifies an rrsig rrset.
ldns_status ldns_verify_rrsig_keylist (ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr_list *keys, ldns_rr_list *good_keys)
 Verifies an rrsig.
ldns_status ldns_verify_rrsig (ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key)
ldns_status ldns_verify_rrsig_dsa (ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
 verifies a buffer with signature data (DSA) for a buffer with rrset data with a buffer with key data.
ldns_status ldns_verify_rrsig_rsasha1 (ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
 verifies a buffer with signature data (RSASHA1) for a buffer with rrset data with a buffer with key data.
ldns_status ldns_verify_rrsig_rsamd5 (ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key)
 verifies a buffer with signature data (RSAMD5) for a buffer with rrset data with a buffer with key data.
DSA * ldns_key_buf2dsa (ldns_buffer *key)
 converts a buffer holding key material to a DSA key in openssl.
RSA * ldns_key_buf2rsa (ldns_buffer *key)
 converts a buffer holding key material to a RSA key in openssl.
ldns_rrldns_key_rr2ds (const ldns_rr *key)
 returns a new DS rr that represents the given key rr.
ldns_rr_listldns_sign_public (ldns_rr_list *rrset, ldns_key_list *keys)
ldns_rdfldns_sign_public_dsa (ldns_buffer *to_sign, DSA *key)
ldns_rdfldns_sign_public_rsamd5 (ldns_buffer *to_sign, RSA *key)
ldns_rdfldns_sign_public_rsasha1 (ldns_buffer *to_sign, RSA *key)
ldns_rrldns_create_nsec (ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
 Create a NSEC record.
ldns_status ldns_pkt_verify (ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys)
ldns_zoneldns_zone_sign (ldns_zone *zone, ldns_key_list *key_list)
 signs the given zone with the given new zone returns a newly allocated signed zone extra arguments will come later (expiration etc.
ldns_status ldns_init_random (FILE *fd, uint16_t bytes)


Define Documentation

#define LDNS_DEFAULT_EXP_TIME   1209600
 

Definition at line 25 of file dnssec.h.

#define LDNS_DNSSEC_KEYPROTO   3
 

Definition at line 23 of file dnssec.h.

#define LDNS_MAX_KEYLEN   2048
 

Definition at line 22 of file dnssec.h.


Function Documentation

uint16_t ldns_calc_keytag ldns_rr key  ) 
 

calculates a keytag of a key for use in DNSSEC.

Parameters:
[in] key the key as an RR to use for the calc.
Returns:
the keytag

ldns_rr* ldns_create_nsec ldns_rdf cur_owner,
ldns_rdf next_owner,
ldns_rr_list rrs
 

Create a NSEC record.

Parameters:
[in] cur_owner the current owner which should be taken as the starting point
[in] next_owner the rrlist which the nsec rr should point to
[in] rrs all rrs from the zone, to find all RR types of cur_owner in
Returns:
a ldns_rr with the nsec record in it

ldns_status ldns_init_random FILE *  fd,
uint16_t  bytes
 

DSA* ldns_key_buf2dsa ldns_buffer key  ) 
 

converts a buffer holding key material to a DSA key in openssl.

Parameters:
[in] key the key to convert
Returns:
a DSA * structure with the key material

RSA* ldns_key_buf2rsa ldns_buffer key  ) 
 

converts a buffer holding key material to a RSA key in openssl.

Parameters:
[in] key the key to convert
Returns:
a RSA * structure with the key material

ldns_rr* ldns_key_rr2ds const ldns_rr key  ) 
 

returns a new DS rr that represents the given key rr.

Parameters:
[in] *key the key to convert
Returns:
ldns_rr* a new rr pointer to a DS

ldns_status ldns_pkt_verify ldns_pkt p,
ldns_rr_type  t,
ldns_rdf o,
ldns_rr_list k,
ldns_rr_list s,
ldns_rr_list good_keys
 

ldns_rr_list* ldns_sign_public ldns_rr_list rrset,
ldns_key_list keys
 

ldns_rdf * ldns_sign_public_dsa ldns_buffer to_sign,
DSA *  key
 

ldns_rdf* ldns_sign_public_rsamd5 ldns_buffer to_sign,
RSA *  key
 

ldns_rdf* ldns_sign_public_rsasha1 ldns_buffer to_sign,
RSA *  key
 

ldns_status ldns_verify ldns_rr_list rrset,
ldns_rr_list rrsig,
ldns_rr_list keys,
ldns_rr_list good_keys
 

verifies an rrsig rrset.

Parameters:
[in] rrset the rrset to verify
[in] rrsig a list of signatures to check
[in] keys a list of keys to check with
[out] good_keys if this is a (initialized) list, the keys from keys that validate one of the signatures are added to it
Returns:
status LDNS_STATUS_OK if there is at least one correct key

ldns_status ldns_verify_rrsig ldns_rr_list rrset,
ldns_rr rrsig,
ldns_rr key
 

ldns_status ldns_verify_rrsig_dsa ldns_buffer sig,
ldns_buffer rrset,
ldns_buffer key
 

verifies a buffer with signature data (DSA) for a buffer with rrset data with a buffer with key data.

Parameters:
[in] sig the signature data
[in] rrset the rrset data, sorted and processed for verification
[in] key the key data

ldns_status ldns_verify_rrsig_keylist ldns_rr_list rrset,
ldns_rr rrsig,
ldns_rr_list keys,
ldns_rr_list good_keys
 

Verifies an rrsig.

All keys in the keyset are tried.

Parameters:
[in] rrset the rrset to check
[in] rrsig the signature of the rrset
[in] keys the keys to try
[out] good_keys if this is a (initialized) list, the keys from keys that validate one of the signatures are added to it
Returns:
a list of keys which validate the rrsig + rrset. Return NULL when none of the keys validate.

ldns_status ldns_verify_rrsig_rsamd5 ldns_buffer sig,
ldns_buffer rrset,
ldns_buffer key
 

verifies a buffer with signature data (RSAMD5) for a buffer with rrset data with a buffer with key data.

Parameters:
[in] sig the signature data
[in] rrset the rrset data, sorted and processed for verification
[in] key the key data

ldns_status ldns_verify_rrsig_rsasha1 ldns_buffer sig,
ldns_buffer rrset,
ldns_buffer key
 

verifies a buffer with signature data (RSASHA1) for a buffer with rrset data with a buffer with key data.

Parameters:
[in] sig the signature data
[in] rrset the rrset data, sorted and processed for verification
[in] key the key data

ldns_zone* ldns_zone_sign ldns_zone zone,
ldns_key_list key_list
 

signs the given zone with the given new zone returns a newly allocated signed zone extra arguments will come later (expiration etc.

)

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
Returns:
the signed zone


Generated on Mon Feb 20 15:41:27 2006 for ldns by  doxygen 1.4.6