Page MenuHomeFreeBSD
Differential D40226 Diff 122271 contrib/ldns/ldns/dnssec_sign.h

Changeset View

Standalone View

View Options

contrib/ldns/ldns/dnssec_sign.h

/** dnssec_verify */ /** dnssec_verify */
#ifndef LDNS_DNSSEC_SIGN_H #ifndef LDNS_DNSSEC_SIGN_H
#define LDNS_DNSSEC_SIGN_H #define LDNS_DNSSEC_SIGN_H
#include <ldns/dnssec.h> #include <ldns/dnssec.h>
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
/* sign functions */ /* sign functions */
/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ /** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/
#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 #define LDNS_SIGN_DNSKEY_WITH_ZSK 1
#define LDNS_SIGN_WITH_ALL_ALGORITHMS 2 #define LDNS_SIGN_WITH_ALL_ALGORITHMS 2
#define LDNS_SIGN_NO_KEYS_NO_NSECS 4
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 8
#define LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 16
/** /**
* Create an empty RRSIG RR (i.e. without the actual signature data) * Create an empty RRSIG RR (i.e. without the actual signature data)
* \param[in] rrset The RRset to create the signature for * \param[in] rrset The RRset to create the signature for
* \param[in] key The key that will create the signature * \param[in] key The key that will create the signature
* \return signature rr * \return signature rr
*/ */
ldns_rr * ldns_rr *
Show All 16 Lines
* \param[in] keys the keys to use * \param[in] keys the keys to use
* \return a rr_list with the signatures * \return a rr_list with the signatures
*/ */
ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys);
#if LDNS_BUILD_CONFIG_HAVE_SSL #if LDNS_BUILD_CONFIG_HAVE_SSL
/** /**
* Sign a buffer with the DSA key (hash with SHA1) * Sign a buffer with the DSA key (hash with SHA1)
* \param[in] to_sign buffer with the data *
* \param[in] key the key to use * \param[in] to_sign The ldns_buffer containing raw data that is to be signed
* \return a ldns_rdf with the signed data * \param[in] key The DSA key structure to sign with
* \return a ldns_rdf for the RRSIG ldns_rr
*/ */
ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
/** /**
* Sign data with EVP (general method for different algorithms) * Sign data with EVP (general method for different algorithms)
* *
* \param[in] to_sign The ldns_buffer containing raw data that is * \param[in] to_sign The ldns_buffer containing raw data that is
* to be signed * to be signed
▲ Show 20 LinesShow All 44 Lines▼ Show 20 Lines
/** /**
* Marks the names in the zone that are occluded. Those names will be skipped * Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue() * when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with * function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically * the same name as the delegation) will not be marked and should specifically
* be taken into account separately. * be taken into account separately.
* *
* \param[in] zone the zone in which to mark the names * \param[in] zone the zone in which to mark the names
* \return LDNS_STATUS_OK on succesful completion * \return LDNS_STATUS_OK on successful completion, an error code otherwise
*/ */
ldns_status ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone);
/** /**
* Finds the first dnssec_name node in the rbtree that is not occluded. * Finds the first dnssec_name node in the rbtree that is not occluded.
* It *does* return names that are partially occluded. * It *does* return names that are partially occluded.
* *
▲ Show 20 LinesShow All 264 LinesShow Last 20 Lines