Changeset View
Changeset View
Standalone View
Standalone View
contrib/ldns/ldns/dnssec_sign.h
/** dnssec_verify */ | /** dnssec_verify */ | ||||
#ifndef LDNS_DNSSEC_SIGN_H | #ifndef LDNS_DNSSEC_SIGN_H | ||||
#define LDNS_DNSSEC_SIGN_H | #define LDNS_DNSSEC_SIGN_H | ||||
#include <ldns/dnssec.h> | #include <ldns/dnssec.h> | ||||
#ifdef __cplusplus | #ifdef __cplusplus | ||||
extern "C" { | extern "C" { | ||||
#endif | #endif | ||||
/* sign functions */ | /* sign functions */ | ||||
/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ | /** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ | ||||
#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 | #define LDNS_SIGN_DNSKEY_WITH_ZSK 1 | ||||
#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2 | #define LDNS_SIGN_WITH_ALL_ALGORITHMS 2 | ||||
#define LDNS_SIGN_NO_KEYS_NO_NSECS 4 | |||||
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8 | |||||
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16 | |||||
/** | /** | ||||
* Create an empty RRSIG RR (i.e. without the actual signature data) | * Create an empty RRSIG RR (i.e. without the actual signature data) | ||||
* \param[in] rrset The RRset to create the signature for | * \param[in] rrset The RRset to create the signature for | ||||
* \param[in] key The key that will create the signature | * \param[in] key The key that will create the signature | ||||
* \return signature rr | * \return signature rr | ||||
*/ | */ | ||||
ldns_rr * | ldns_rr * | ||||
Show All 16 Lines | |||||
* \param[in] keys the keys to use | * \param[in] keys the keys to use | ||||
* \return a rr_list with the signatures | * \return a rr_list with the signatures | ||||
*/ | */ | ||||
ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); | ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); | ||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | #if LDNS_BUILD_CONFIG_HAVE_SSL | ||||
/** | /** | ||||
* Sign a buffer with the DSA key (hash with SHA1) | * Sign a buffer with the DSA key (hash with SHA1) | ||||
* \param[in] to_sign buffer with the data | * | ||||
* \param[in] key the key to use | * \param[in] to_sign The ldns_buffer containing raw data that is to be signed | ||||
* \return a ldns_rdf with the signed data | * \param[in] key The DSA key structure to sign with | ||||
* \return a ldns_rdf for the RRSIG ldns_rr | |||||
*/ | */ | ||||
ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); | ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); | ||||
/** | /** | ||||
* Sign data with EVP (general method for different algorithms) | * Sign data with EVP (general method for different algorithms) | ||||
* | * | ||||
* \param[in] to_sign The ldns_buffer containing raw data that is | * \param[in] to_sign The ldns_buffer containing raw data that is | ||||
* to be signed | * to be signed | ||||
▲ Show 20 Lines • Show All 44 Lines • ▼ Show 20 Lines | |||||
/** | /** | ||||
* Marks the names in the zone that are occluded. Those names will be skipped | * Marks the names in the zone that are occluded. Those names will be skipped | ||||
* when walking the tree with the ldns_dnssec_name_node_next_nonglue() | * when walking the tree with the ldns_dnssec_name_node_next_nonglue() | ||||
* function. But watch out! Names that are partially occluded (like glue with | * function. But watch out! Names that are partially occluded (like glue with | ||||
* the same name as the delegation) will not be marked and should specifically | * the same name as the delegation) will not be marked and should specifically | ||||
* be taken into account separately. | * be taken into account separately. | ||||
* | * | ||||
* \param[in] zone the zone in which to mark the names | * \param[in] zone the zone in which to mark the names | ||||
* \return LDNS_STATUS_OK on succesful completion | * \return LDNS_STATUS_OK on successful completion, an error code otherwise | ||||
*/ | */ | ||||
ldns_status | ldns_status | ||||
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); | ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); | ||||
/** | /** | ||||
* Finds the first dnssec_name node in the rbtree that is not occluded. | * Finds the first dnssec_name node in the rbtree that is not occluded. | ||||
* It *does* return names that are partially occluded. | * It *does* return names that are partially occluded. | ||||
* | * | ||||
▲ Show 20 Lines • Show All 264 Lines • Show Last 20 Lines |