"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/lib/dns/include/dns/nsec3.h" (4 Sep 2020, 8306 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "nsec3.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 #ifndef DNS_NSEC3_H
   13 #define DNS_NSEC3_H 1
   14 
   15 #include <stdbool.h>
   16 
   17 #include <isc/iterated_hash.h>
   18 #include <isc/lang.h>
   19 
   20 #include <dns/db.h>
   21 #include <dns/diff.h>
   22 #include <dns/name.h>
   23 #include <dns/rdatastruct.h>
   24 #include <dns/types.h>
   25 
   26 #define DNS_NSEC3_SALTSIZE 255
   27 
   28 /*
   29  * hash = 1, flags =1, iterations = 2, salt length = 1, salt = 255 (max)
   30  * hash length = 1, hash = 255 (max), bitmap = 8192 + 512 (max)
   31  */
   32 #define DNS_NSEC3_BUFFERSIZE (6 + 255 + 255 + 8192 + 512)
   33 /*
   34  * hash = 1, flags = 1, iterations = 2, salt length = 1, salt = 255 (max)
   35  */
   36 #define DNS_NSEC3PARAM_BUFFERSIZE (5 + 255)
   37 
   38 /*
   39  * Test "unknown" algorithm.  Is mapped to dns_hash_sha1.
   40  */
   41 #define DNS_NSEC3_UNKNOWNALG ((dns_hash_t)245U)
   42 
   43 ISC_LANG_BEGINDECLS
   44 
   45 isc_result_t
   46 dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
   47              unsigned int hashalg, unsigned int optin,
   48              unsigned int iterations, const unsigned char *salt,
   49              size_t salt_length, const unsigned char *nexthash,
   50              size_t hash_length, unsigned char *buffer,
   51              dns_rdata_t *rdata);
   52 /*%<
   53  * Build the rdata of a NSEC3 record for the data at 'node'.
   54  * Note: 'node' is not the node where the NSEC3 record will be stored.
   55  *
   56  * Requires:
   57  *  buffer  Points to a temporary buffer of at least
   58  *      DNS_NSEC_BUFFERSIZE bytes.
   59  *  rdata   Points to an initialized dns_rdata_t.
   60  *
   61  * Ensures:
   62  *      *rdata  Contains a valid NSEC3 rdata.  The 'data' member refers
   63  *      to 'buffer'.
   64  */
   65 
   66 bool
   67 dns_nsec3_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
   68 /*%<
   69  * Determine if a type is marked as present in an NSEC3 record.
   70  *
   71  * Requires:
   72  *  'nsec' points to a valid rdataset of type NSEC3
   73  */
   74 
   75 isc_result_t
   76 dns_nsec3_hashname(dns_fixedname_t *result,
   77            unsigned char    rethash[NSEC3_MAX_HASH_LENGTH],
   78            size_t *hash_length, const dns_name_t *name,
   79            const dns_name_t *origin, dns_hash_t hashalg,
   80            unsigned int iterations, const unsigned char *salt,
   81            size_t saltlength);
   82 /*%<
   83  * Make a hashed domain name from an unhashed one. If rethash is not NULL
   84  * the raw hash is stored there.
   85  */
   86 
   87 unsigned int
   88 dns_nsec3_hashlength(dns_hash_t hash);
   89 /*%<
   90  * Return the length of the hash produced by the specified algorithm
   91  * or zero when unknown.
   92  */
   93 
   94 bool
   95 dns_nsec3_supportedhash(dns_hash_t hash);
   96 /*%<
   97  * Return whether we support this hash algorithm or not.
   98  */
   99 
  100 isc_result_t
  101 dns_nsec3_addnsec3(dns_db_t *db, dns_dbversion_t *version,
  102            const dns_name_t *        name,
  103            const dns_rdata_nsec3param_t *nsec3param, dns_ttl_t nsecttl,
  104            bool unsecure, dns_diff_t *diff);
  105 
  106 isc_result_t
  107 dns_nsec3_addnsec3s(dns_db_t *db, dns_dbversion_t *version,
  108             const dns_name_t *name, dns_ttl_t nsecttl, bool unsecure,
  109             dns_diff_t *diff);
  110 
  111 isc_result_t
  112 dns_nsec3_addnsec3sx(dns_db_t *db, dns_dbversion_t *version,
  113              const dns_name_t *name, dns_ttl_t nsecttl, bool unsecure,
  114              dns_rdatatype_t private, dns_diff_t *diff);
  115 /*%<
  116  * Add NSEC3 records for 'name', recording the change in 'diff'.
  117  * Adjust previous NSEC3 records, if any, to reflect the addition.
  118  * The existing NSEC3 records are removed.
  119  *
  120  * dns_nsec3_addnsec3() will only add records to the chain identified by
  121  * 'nsec3param'.
  122  *
  123  * 'unsecure' should be set to reflect if this is a potentially
  124  * unsecure delegation (no DS record).
  125  *
  126  * dns_nsec3_addnsec3s() will examine the NSEC3PARAM RRset to determine which
  127  * chains to be updated.  NSEC3PARAM records with the DNS_NSEC3FLAG_CREATE
  128  * will be preferentially chosen over NSEC3PARAM records without
  129  * DNS_NSEC3FLAG_CREATE set.  NSEC3PARAM records with DNS_NSEC3FLAG_REMOVE
  130  * set will be ignored by dns_nsec3_addnsec3s().  If DNS_NSEC3FLAG_CREATE
  131  * is set then the new NSEC3 will have OPTOUT set to match the that in the
  132  * NSEC3PARAM record otherwise OPTOUT will be inherited from the previous
  133  * record in the chain.
  134  *
  135  * dns_nsec3_addnsec3sx() is similar to dns_nsec3_addnsec3s() but 'private'
  136  * specifies the type of the private rdataset to be checked in addition to
  137  * the nsec3param rdataset at the zone apex.
  138  *
  139  * Requires:
  140  *  'db' to be valid.
  141  *  'version' to be valid or NULL.
  142  *  'name' to be valid.
  143  *  'nsec3param' to be valid.
  144  *  'diff' to be valid.
  145  */
  146 
  147 isc_result_t
  148 dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version,
  149            const dns_name_t *        name,
  150            const dns_rdata_nsec3param_t *nsec3param, dns_diff_t *diff);
  151 
  152 isc_result_t
  153 dns_nsec3_delnsec3s(dns_db_t *db, dns_dbversion_t *version,
  154             const dns_name_t *name, dns_diff_t *diff);
  155 
  156 isc_result_t
  157 dns_nsec3_delnsec3sx(dns_db_t *db, dns_dbversion_t *version,
  158              const dns_name_t *name, dns_rdatatype_t private,
  159              dns_diff_t *      diff);
  160 /*%<
  161  * Remove NSEC3 records for 'name', recording the change in 'diff'.
  162  * Adjust previous NSEC3 records, if any, to reflect the removal.
  163  *
  164  * dns_nsec3_delnsec3() performs the above for the chain identified by
  165  * 'nsec3param'.
  166  *
  167  * dns_nsec3_delnsec3s() examines the NSEC3PARAM RRset in a similar manner
  168  * to dns_nsec3_addnsec3s().  Unlike dns_nsec3_addnsec3s() updated NSEC3
  169  * records have the OPTOUT flag preserved.
  170  *
  171  * dns_nsec3_delnsec3sx() is similar to dns_nsec3_delnsec3s() but 'private'
  172  * specifies the type of the private rdataset to be checked in addition to
  173  * the nsec3param rdataset at the zone apex.
  174  *
  175  * Requires:
  176  *  'db' to be valid.
  177  *  'version' to be valid or NULL.
  178  *  'name' to be valid.
  179  *  'nsec3param' to be valid.
  180  *  'diff' to be valid.
  181  */
  182 
  183 isc_result_t
  184 dns_nsec3_active(dns_db_t *db, dns_dbversion_t *version, bool complete,
  185          bool *answer);
  186 
  187 isc_result_t
  188 dns_nsec3_activex(dns_db_t *db, dns_dbversion_t *version, bool complete,
  189           dns_rdatatype_t private, bool *answer);
  190 /*%<
  191  * Check if there are any complete/to be built NSEC3 chains.
  192  * If 'complete' is true only complete chains will be recognized.
  193  *
  194  * dns_nsec3_activex() is similar to dns_nsec3_active() but 'private'
  195  * specifies the type of the private rdataset to be checked in addition to
  196  * the nsec3param rdataset at the zone apex.
  197  *
  198  * Requires:
  199  *  'db' to be valid.
  200  *  'version' to be valid or NULL.
  201  *  'answer' to be non NULL.
  202  */
  203 
  204 isc_result_t
  205 dns_nsec3_maxiterations(dns_db_t *db, dns_dbversion_t *version, isc_mem_t *mctx,
  206             unsigned int *iterationsp);
  207 /*%<
  208  * Find the maximum permissible number of iterations allowed based on
  209  * the key strength.
  210  *
  211  * Requires:
  212  *  'db' to be valid.
  213  *  'version' to be valid or NULL.
  214  *  'mctx' to be valid.
  215  *  'iterationsp' to be non NULL.
  216  */
  217 
  218 bool
  219 dns_nsec3param_fromprivate(dns_rdata_t *src, dns_rdata_t *target,
  220                unsigned char *buf, size_t buflen);
  221 /*%<
  222  * Convert a private rdata to a nsec3param rdata.
  223  *
  224  * Return true if 'src' could be successfully converted.
  225  *
  226  * 'buf' should be at least DNS_NSEC3PARAM_BUFFERSIZE in size.
  227  */
  228 
  229 void
  230 dns_nsec3param_toprivate(dns_rdata_t *src, dns_rdata_t *target,
  231              dns_rdatatype_t privatetype, unsigned char *buf,
  232              size_t buflen);
  233 /*%<
  234  * Convert a nsec3param rdata to a private rdata.
  235  *
  236  * 'buf' should be at least src->length + 1 in size.
  237  */
  238 
  239 isc_result_t
  240 dns_nsec3param_salttotext(dns_rdata_nsec3param_t *nsec3param, char *dst,
  241               size_t dstlen);
  242 /*%<
  243  * Convert the salt of given NSEC3PARAM RDATA into hex-encoded, NULL-terminated
  244  * text stored at "dst".
  245  *
  246  * Requires:
  247  *
  248  *\li   "dst" to have enough space (as indicated by "dstlen") to hold the
  249  *  resulting text and its NULL-terminating byte.
  250  */
  251 
  252 isc_result_t
  253 dns_nsec3param_deletechains(dns_db_t *db, dns_dbversion_t *ver,
  254                 dns_zone_t *zone, bool nonsec, dns_diff_t *diff);
  255 
  256 /*%<
  257  * Mark NSEC3PARAM for deletion.
  258  */
  259 
  260 isc_result_t
  261 dns_nsec3_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
  262             const dns_name_t *nsec3name, dns_rdataset_t *nsec3set,
  263             dns_name_t *zonename, bool *exists, bool *data,
  264             bool *optout, bool *unknown, bool *setclosest,
  265             bool *setnearest, dns_name_t *closest,
  266             dns_name_t *nearest, dns_nseclog_t logit, void *arg);
  267 
  268 ISC_LANG_ENDDECLS
  269 
  270 #endif /* DNS_NSEC3_H */