"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/lib/dns/rdata/generic/nsec3_50.h" (7 Sep 2020, 3579 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "nsec3_50.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 
   13 #ifndef GENERIC_NSEC3_50_H
   14 #define GENERIC_NSEC3_50_H 1
   15 
   16 
   17 /*!
   18  * \brief Per RFC 5155 */
   19 
   20 #include <isc/iterated_hash.h>
   21 
   22 typedef struct dns_rdata_nsec3 {
   23     dns_rdatacommon_t   common;
   24     isc_mem_t       *mctx;
   25     dns_hash_t      hash;
   26     unsigned char       flags;
   27     dns_iterations_t    iterations;
   28     unsigned char       salt_length;
   29     unsigned char       next_length;
   30     uint16_t        len;
   31     unsigned char       *salt;
   32     unsigned char       *next;
   33     unsigned char       *typebits;
   34 } dns_rdata_nsec3_t;
   35 
   36 /*
   37  * The corresponding NSEC3 interval is OPTOUT indicating possible
   38  * insecure delegations.
   39  */
   40 #define DNS_NSEC3FLAG_OPTOUT 0x01U
   41 
   42 /*%
   43  * The following flags are used in the private-type record (implemented in
   44  * lib/dns/private.c) which is used to store NSEC3PARAM data during the
   45  * time when it is not legal to have an actual NSEC3PARAM record in the
   46  * zone.  They are defined here because the private-type record uses the
   47  * same flags field for the OPTOUT flag above and for the private flags
   48  * below.  XXX: This should be considered for refactoring.
   49  */
   50 
   51 /*%
   52  * Non-standard, private type only.
   53  *
   54  * Create a corresponding NSEC3 chain.
   55  * Once the NSEC3 chain is complete this flag will be removed to signal
   56  * that there is a complete chain.
   57  *
   58  * This flag is automatically set when a NSEC3PARAM record is added to
   59  * the zone via UPDATE.
   60  *
   61  * NSEC3PARAM records containing this flag should never be published,
   62  * but if they are, they should be ignored by RFC 5155 compliant
   63  * nameservers.
   64  */
   65 #define DNS_NSEC3FLAG_CREATE 0x80U
   66 
   67 /*%
   68  * Non-standard, private type only.
   69  *
   70  * The corresponding NSEC3 set is to be removed once the NSEC chain
   71  * has been generated.
   72  *
   73  * This flag is automatically set when the last active NSEC3PARAM record
   74  * is removed from the zone via UPDATE.
   75  *
   76  * NSEC3PARAM records containing this flag should never be published,
   77  * but if they are, they should be ignored by RFC 5155 compliant
   78  * nameservers.
   79  */
   80 #define DNS_NSEC3FLAG_REMOVE 0x40U
   81 
   82 /*%
   83  * Non-standard, private type only.
   84  *
   85  * When set with the CREATE flag, a corresponding NSEC3 chain will be
   86  * created when the zone becomes capable of supporting one (i.e., when it
   87  * has a DNSKEY RRset containing at least one NSEC3-capable algorithm).
   88  * Without this flag, NSEC3 chain creation would be attempted immediately,
   89  * fail, and the private type record would be removed.  With it, the NSEC3
   90  * parameters are stored until they can be used.  When the zone has the
   91  * necessary prerequisites for NSEC3, then the INITIAL flag can be cleared,
   92  * and the record will be cleaned up normally.
   93  *
   94  * NSEC3PARAM records containing this flag should never be published, but
   95  * if they are, they should be ignored by RFC 5155 compliant nameservers.
   96  */
   97 #define DNS_NSEC3FLAG_INITIAL 0x20U
   98 
   99 /*%
  100  * Non-standard, private type only.
  101  *
  102  * Prevent the creation of a NSEC chain before the last NSEC3 chain
  103  * is removed.  This will normally only be set when the zone is
  104  * transitioning from secure with NSEC3 chains to insecure.
  105  *
  106  * NSEC3PARAM records containing this flag should never be published,
  107  * but if they are, they should be ignored by RFC 5155 compliant
  108  * nameservers.
  109  */
  110 #define DNS_NSEC3FLAG_NONSEC 0x10U
  111 
  112 #endif /* GENERIC_NSEC3_50_H */