<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1"> <title>ldns documentation</title> <link href="doxygen.css" rel="stylesheet" type="text/css"> <link href="tabs.css" rel="stylesheet" type="text/css"> </head><body> <div class="logo"> <img src="LogoInGradientBar2-y100.png"/> </div> <!-- Generated by Doxygen 1.7.4 --> <div id="navrow1" class="tabs"> <ul class="tablist"> <li><a href="index.html"><span>Main Page</span></a></li> <li><a href="pages.html"><span>Related Pages</span></a></li> <li><a href="annotated.html"><span>Data Structures</span></a></li> <li class="current"><a href="files.html"><span>Files</span></a></li> <li><a href="dirs.html"><span>Directories</span></a></li> </ul> </div> <div id="navrow2" class="tabs2"> <ul class="tablist"> <li><a href="files.html"><span>File List</span></a></li> <li><a href="globals.html"><span>Globals</span></a></li> </ul> </div> <div class="header"> <div class="headertitle"> <div class="title">dnssec.c</div> </div> </div> <div class="contents"> <a href="dnssec_8c.html">Go to the documentation of this file.</a><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 <span class="comment">/*</span> <a name="l00002"></a>00002 <span class="comment"> * dnssec.c</span> <a name="l00003"></a>00003 <span class="comment"> *</span> <a name="l00004"></a>00004 <span class="comment"> * contains the cryptographic function needed for DNSSEC in ldns</span> <a name="l00005"></a>00005 <span class="comment"> * The crypto library used is openssl</span> <a name="l00006"></a>00006 <span class="comment"> *</span> <a name="l00007"></a>00007 <span class="comment"> * (c) NLnet Labs, 2004-2008</span> <a name="l00008"></a>00008 <span class="comment"> *</span> <a name="l00009"></a>00009 <span class="comment"> * See the file LICENSE for the license</span> <a name="l00010"></a>00010 <span class="comment"> */</span> <a name="l00011"></a>00011 <a name="l00012"></a>00012 <span class="preprocessor">#include <<a class="code" href="ldns_2config_8h.html">ldns/config.h</a>></span> <a name="l00013"></a>00013 <a name="l00014"></a>00014 <span class="preprocessor">#include <<a class="code" href="ldns_8h.html" title="Including this file will include all ldns files, and define some lookup tables.">ldns/ldns.h</a>></span> <a name="l00015"></a>00015 <span class="preprocessor">#include <<a class="code" href="dnssec_8h.html" title="This module contains base functions for DNSSEC operations (RFC4033 t/m RFC4035).">ldns/dnssec.h</a>></span> <a name="l00016"></a>00016 <a name="l00017"></a>00017 <span class="preprocessor">#include <strings.h></span> <a name="l00018"></a>00018 <span class="preprocessor">#include <time.h></span> <a name="l00019"></a>00019 <a name="l00020"></a>00020 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00021"></a>00021 <span class="preprocessor"></span><span class="preprocessor">#include <openssl/ssl.h></span> <a name="l00022"></a>00022 <span class="preprocessor">#include <openssl/evp.h></span> <a name="l00023"></a>00023 <span class="preprocessor">#include <openssl/rand.h></span> <a name="l00024"></a>00024 <span class="preprocessor">#include <openssl/err.h></span> <a name="l00025"></a>00025 <span class="preprocessor">#include <openssl/md5.h></span> <a name="l00026"></a>00026 <span class="preprocessor">#endif</span> <a name="l00027"></a>00027 <span class="preprocessor"></span> <a name="l00028"></a>00028 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00029"></a><a class="code" href="dnssec_8h.html#a52a865495fbba2c612ac4eebce4a2d24">00029</a> <a class="code" href="dnssec_8c.html#a52a865495fbba2c612ac4eebce4a2d24" title="Returns the first RRSIG rr that corresponds to the rrset with the given name and type.">ldns_dnssec_get_rrsig_for_name_and_type</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *name, <a name="l00030"></a>00030 <span class="keyword">const</span> <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> type, <a name="l00031"></a>00031 <span class="keyword">const</span> <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrs) <a name="l00032"></a>00032 { <a name="l00033"></a>00033 <span class="keywordtype">size_t</span> i; <a name="l00034"></a>00034 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *candidate; <a name="l00035"></a>00035 <a name="l00036"></a>00036 <span class="keywordflow">if</span> (!name || !rrs) { <a name="l00037"></a>00037 <span class="keywordflow">return</span> NULL; <a name="l00038"></a>00038 } <a name="l00039"></a>00039 <a name="l00040"></a>00040 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrs); i++) { <a name="l00041"></a>00041 candidate = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrs, i); <a name="l00042"></a>00042 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(candidate) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>) { <a name="l00043"></a>00043 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(candidate), <a name="l00044"></a>00044 name) == 0 && <a name="l00045"></a>00045 <a class="code" href="rr_8c.html#a200e1bec3ba2cdafc8cfcf4a9dbd8091" title="convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual LDNS_RR_TYPE.">ldns_rdf2rr_type</a>(<a class="code" href="rr__functions_8c.html#ac8a561bf0b0409c11e6168bf2095b612" title="returns the type covered of a LDNS_RR_TYPE_RRSIG rr">ldns_rr_rrsig_typecovered</a>(candidate)) <a name="l00046"></a>00046 == type <a name="l00047"></a>00047 ) { <a name="l00048"></a>00048 <span class="keywordflow">return</span> candidate; <a name="l00049"></a>00049 } <a name="l00050"></a>00050 } <a name="l00051"></a>00051 } <a name="l00052"></a>00052 <a name="l00053"></a>00053 <span class="keywordflow">return</span> NULL; <a name="l00054"></a>00054 } <a name="l00055"></a>00055 <a name="l00056"></a>00056 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00057"></a><a class="code" href="dnssec_8h.html#a49756b6a7126033cd426d757643e7398">00057</a> <a class="code" href="dnssec_8c.html#a49756b6a7126033cd426d757643e7398" title="Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if any.">ldns_dnssec_get_dnskey_for_rrsig</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *rrsig, <a name="l00058"></a>00058 <span class="keyword">const</span> <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrs) <a name="l00059"></a>00059 { <a name="l00060"></a>00060 <span class="keywordtype">size_t</span> i; <a name="l00061"></a>00061 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *candidate; <a name="l00062"></a>00062 <a name="l00063"></a>00063 <span class="keywordflow">if</span> (!rrsig || !rrs) { <a name="l00064"></a>00064 <span class="keywordflow">return</span> NULL; <a name="l00065"></a>00065 } <a name="l00066"></a>00066 <a name="l00067"></a>00067 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrs); i++) { <a name="l00068"></a>00068 candidate = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrs, i); <a name="l00069"></a>00069 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(candidate) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>) { <a name="l00070"></a>00070 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(candidate), <a name="l00071"></a>00071 <a class="code" href="rr__functions_8c.html#ad4be0d7e446c740c857f257448f2b998" title="returns the signers name of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_signame</a>(rrsig)) == 0 && <a name="l00072"></a>00072 <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>(<a class="code" href="rr__functions_8c.html#a5eb09e1c820357f339f9140a0c1f48a7" title="returns the keytag of a LDNS_RR_TYPE_RRSIG RR">ldns_rr_rrsig_keytag</a>(rrsig)) == <a name="l00073"></a>00073 <a class="code" href="dnssec_8c.html#a7cf8c4687caff6153a61052c5523e7ab" title="calculates a keytag of a key for use in DNSSEC.">ldns_calc_keytag</a>(candidate) <a name="l00074"></a>00074 ) { <a name="l00075"></a>00075 <span class="keywordflow">return</span> candidate; <a name="l00076"></a>00076 } <a name="l00077"></a>00077 } <a name="l00078"></a>00078 } <a name="l00079"></a>00079 <a name="l00080"></a>00080 <span class="keywordflow">return</span> NULL; <a name="l00081"></a>00081 } <a name="l00082"></a>00082 <a name="l00083"></a>00083 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00084"></a><a class="code" href="dnssec_8h.html#a259d9689fcc1560d4085f44ab8151654">00084</a> <a class="code" href="dnssec_8c.html#a259d9689fcc1560d4085f44ab8151654" title="Returns the rdata field that contains the bitmap of the covered types of the given NSEC record...">ldns_nsec_get_bitmap</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec) { <a name="l00085"></a>00085 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>) { <a name="l00086"></a>00086 <span class="keywordflow">return</span> <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec, 1); <a name="l00087"></a>00087 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l00088"></a>00088 <span class="keywordflow">return</span> <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec, 5); <a name="l00089"></a>00089 } <span class="keywordflow">else</span> { <a name="l00090"></a>00090 <span class="keywordflow">return</span> NULL; <a name="l00091"></a>00091 } <a name="l00092"></a>00092 } <a name="l00093"></a>00093 <a name="l00094"></a>00094 <span class="comment">/*return the owner name of the closest encloser for name from the list of rrs */</span> <a name="l00095"></a>00095 <span class="comment">/* this is NOT the hash, but the original name! */</span> <a name="l00096"></a>00096 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00097"></a><a class="code" href="dnssec_8c.html#a95f42eec7fdbf06c1683033eab6334f2">00097</a> <a class="code" href="dnssec_8c.html#a95f42eec7fdbf06c1683033eab6334f2">ldns_dnssec_nsec3_closest_encloser</a>(<a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *qname, <a name="l00098"></a>00098 <a class="code" href="common_8h.html#ade436d89899edbffbc53514d440d28b9">ATTR_UNUSED</a>(<a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> qtype), <a name="l00099"></a>00099 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *nsec3s) <a name="l00100"></a>00100 { <a name="l00101"></a>00101 <span class="comment">/* remember parameters, they must match */</span> <a name="l00102"></a>00102 uint8_t algorithm; <a name="l00103"></a>00103 uint32_t iterations; <a name="l00104"></a>00104 uint8_t salt_length; <a name="l00105"></a>00105 uint8_t *salt; <a name="l00106"></a>00106 <a name="l00107"></a>00107 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sname, *hashed_sname, *tmp; <a name="l00108"></a>00108 <span class="keywordtype">bool</span> flag; <a name="l00109"></a>00109 <a name="l00110"></a>00110 <span class="keywordtype">bool</span> exact_match_found; <a name="l00111"></a>00111 <span class="keywordtype">bool</span> in_range_found; <a name="l00112"></a>00112 <a name="l00113"></a>00113 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status; <a name="l00114"></a>00114 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *zone_name; <a name="l00115"></a>00115 <a name="l00116"></a>00116 <span class="keywordtype">size_t</span> nsec_i; <a name="l00117"></a>00117 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec; <a name="l00118"></a>00118 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *result = NULL; <a name="l00119"></a>00119 qtype = qtype; <a name="l00120"></a>00120 <a name="l00121"></a>00121 <span class="keywordflow">if</span> (!qname || !nsec3s || <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(nsec3s) < 1) { <a name="l00122"></a>00122 <span class="keywordflow">return</span> NULL; <a name="l00123"></a>00123 } <a name="l00124"></a>00124 <a name="l00125"></a>00125 nsec = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3s, 0); <a name="l00126"></a>00126 algorithm = <a class="code" href="dnssec_8c.html#ac3466657ba6e849ddcf44547729b7654" title="Returns the hash algorithm used in the given NSEC3 RR.">ldns_nsec3_algorithm</a>(nsec); <a name="l00127"></a>00127 salt_length = <a class="code" href="dnssec_8c.html#a7fa2f6a7ad9c4c69a3705e2fa3065556" title="Returns the length of the salt used in the given NSEC3 RR.">ldns_nsec3_salt_length</a>(nsec); <a name="l00128"></a>00128 salt = <a class="code" href="dnssec_8c.html#a96ef18b4efc39b04aba2df85a272b958" title="Returns the salt bytes used in the given NSEC3 RR.">ldns_nsec3_salt_data</a>(nsec); <a name="l00129"></a>00129 iterations = <a class="code" href="dnssec_8c.html#a30ee21fd35125587a36cfddab232af60" title="Returns the number of hash iterations used in the given NSEC3 RR.">ldns_nsec3_iterations</a>(nsec); <a name="l00130"></a>00130 <a name="l00131"></a>00131 sname = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(qname); <a name="l00132"></a>00132 <a name="l00133"></a>00133 flag = <span class="keyword">false</span>; <a name="l00134"></a>00134 <a name="l00135"></a>00135 zone_name = <a class="code" href="dname_8c.html#aa2b0413896e1c06fd2cc685d4026d8ac" title="chop one label off the left side of a dname.">ldns_dname_left_chop</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec)); <a name="l00136"></a>00136 <a name="l00137"></a>00137 <span class="comment">/* algorithm from nsec3-07 8.3 */</span> <a name="l00138"></a>00138 <span class="keywordflow">while</span> (<a class="code" href="dname_8c.html#add94977e68ceab64921e9ae69cd92ef3" title="count the number of labels inside a LDNS_RDF_DNAME type rdf.">ldns_dname_label_count</a>(sname) > 0) { <a name="l00139"></a>00139 exact_match_found = <span class="keyword">false</span>; <a name="l00140"></a>00140 in_range_found = <span class="keyword">false</span>; <a name="l00141"></a>00141 <a name="l00142"></a>00142 hashed_sname = <a class="code" href="dnssec_8c.html#aa516dac9f07ce8b5734b9dfd19376cae" title="Calculates the hashed name using the given parameters.">ldns_nsec3_hash_name</a>(sname, <a name="l00143"></a>00143 algorithm, <a name="l00144"></a>00144 iterations, <a name="l00145"></a>00145 salt_length, <a name="l00146"></a>00146 salt); <a name="l00147"></a>00147 <a name="l00148"></a>00148 status = <a class="code" href="dname_8c.html#a8cca5c83c1eb85f9697c20978da31592" title="concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)">ldns_dname_cat</a>(hashed_sname, zone_name); <a name="l00149"></a>00149 <span class="keywordflow">if</span>(status != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00150"></a>00150 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(salt); <a name="l00151"></a>00151 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(zone_name); <a name="l00152"></a>00152 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(sname); <a name="l00153"></a>00153 <span class="keywordflow">return</span> NULL; <a name="l00154"></a>00154 } <a name="l00155"></a>00155 <a name="l00156"></a>00156 <span class="keywordflow">for</span> (nsec_i = 0; nsec_i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(nsec3s); nsec_i++) { <a name="l00157"></a>00157 nsec = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3s, nsec_i); <a name="l00158"></a>00158 <a name="l00159"></a>00159 <span class="comment">/* check values of iterations etc! */</span> <a name="l00160"></a>00160 <a name="l00161"></a>00161 <span class="comment">/* exact match? */</span> <a name="l00162"></a>00162 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec), hashed_sname) == 0) { <a name="l00163"></a>00163 exact_match_found = <span class="keyword">true</span>; <a name="l00164"></a>00164 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<a class="code" href="dnssec_8c.html#ae580eb88c6a29558c572e097890099dc" title="Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (i...">ldns_nsec_covers_name</a>(nsec, hashed_sname)) { <a name="l00165"></a>00165 in_range_found = <span class="keyword">true</span>; <a name="l00166"></a>00166 } <a name="l00167"></a>00167 <a name="l00168"></a>00168 } <a name="l00169"></a>00169 <span class="keywordflow">if</span> (!exact_match_found && in_range_found) { <a name="l00170"></a>00170 flag = <span class="keyword">true</span>; <a name="l00171"></a>00171 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (exact_match_found && flag) { <a name="l00172"></a>00172 result = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(sname); <a name="l00173"></a>00173 <span class="comment">/* RFC 5155: 8.3. 2.** "The proof is complete" */</span> <a name="l00174"></a>00174 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(hashed_sname); <a name="l00175"></a>00175 <span class="keywordflow">goto</span> done; <a name="l00176"></a>00176 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (exact_match_found && !flag) { <a name="l00177"></a>00177 <span class="comment">/* error! */</span> <a name="l00178"></a>00178 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(hashed_sname); <a name="l00179"></a>00179 <span class="keywordflow">goto</span> done; <a name="l00180"></a>00180 } <span class="keywordflow">else</span> { <a name="l00181"></a>00181 flag = <span class="keyword">false</span>; <a name="l00182"></a>00182 } <a name="l00183"></a>00183 <a name="l00184"></a>00184 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(hashed_sname); <a name="l00185"></a>00185 tmp = sname; <a name="l00186"></a>00186 sname = <a class="code" href="dname_8c.html#aa2b0413896e1c06fd2cc685d4026d8ac" title="chop one label off the left side of a dname.">ldns_dname_left_chop</a>(sname); <a name="l00187"></a>00187 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(tmp); <a name="l00188"></a>00188 } <a name="l00189"></a>00189 <a name="l00190"></a>00190 done: <a name="l00191"></a>00191 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(salt); <a name="l00192"></a>00192 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(zone_name); <a name="l00193"></a>00193 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(sname); <a name="l00194"></a>00194 <a name="l00195"></a>00195 <span class="keywordflow">return</span> result; <a name="l00196"></a>00196 } <a name="l00197"></a>00197 <a name="l00198"></a>00198 <span class="keywordtype">bool</span> <a name="l00199"></a><a class="code" href="dnssec_8h.html#a33f64fecc8522504169629bf8dd79d5a">00199</a> <a class="code" href="dnssec_8c.html#a33f64fecc8522504169629bf8dd79d5a" title="Checks whether the packet contains rrsigs.">ldns_dnssec_pkt_has_rrsigs</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__pkt.html" title="DNS packet.">ldns_pkt</a> *pkt) <a name="l00200"></a>00200 { <a name="l00201"></a>00201 <span class="keywordtype">size_t</span> i; <a name="l00202"></a>00202 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="packet_8c.html#a801e0c9c3766dde74347793984ecd417" title="Return the packet's an count.">ldns_pkt_ancount</a>(pkt); i++) { <a name="l00203"></a>00203 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="packet_8c.html#abe3507def1f75f9a369334f75a4b4799" title="Return the packet's answer section.">ldns_pkt_answer</a>(pkt), i)) == <a name="l00204"></a>00204 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>) { <a name="l00205"></a>00205 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l00206"></a>00206 } <a name="l00207"></a>00207 } <a name="l00208"></a>00208 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="packet_8c.html#ac551c3cfc6a48241e1d4cd4d1390df1c" title="Return the packet's ns count.">ldns_pkt_nscount</a>(pkt); i++) { <a name="l00209"></a>00209 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(<a class="code" href="packet_8c.html#a7edc2a338e1adfce9ef3ae137e6aa5d6" title="Return the packet's authority section.">ldns_pkt_authority</a>(pkt), i)) == <a name="l00210"></a>00210 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>) { <a name="l00211"></a>00211 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l00212"></a>00212 } <a name="l00213"></a>00213 } <a name="l00214"></a>00214 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l00215"></a>00215 } <a name="l00216"></a>00216 <a name="l00217"></a>00217 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> * <a name="l00218"></a><a class="code" href="dnssec_8h.html#a5644e8426fded2e1c57ef6f643399219">00218</a> <a class="code" href="dnssec_8c.html#a5644e8426fded2e1c57ef6f643399219" title="Returns a ldns_rr_list containing the signatures covering the given name and type.">ldns_dnssec_pkt_get_rrsigs_for_name_and_type</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__pkt.html" title="DNS packet.">ldns_pkt</a> *pkt, <a name="l00219"></a>00219 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *name, <a name="l00220"></a>00220 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> type) <a name="l00221"></a>00221 { <a name="l00222"></a>00222 uint16_t t_netorder; <a name="l00223"></a>00223 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs; <a name="l00224"></a>00224 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs_covered; <a name="l00225"></a>00225 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *rdf_t; <a name="l00226"></a>00226 <a name="l00227"></a>00227 sigs = <a class="code" href="packet_8c.html#a817ba0b6b178f84d9a83b09e4fdf6772" title="return all the rr with a specific type and type from a packet.">ldns_pkt_rr_list_by_name_and_type</a>(pkt, <a name="l00228"></a>00228 name, <a name="l00229"></a>00229 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>, <a name="l00230"></a>00230 <a class="code" href="packet_8h.html#adad42096a5200b78a988227bd8c59b71ae9ba705eaab3d3f49701f2405568c104" title="used to get all non-question rrs from a packet">LDNS_SECTION_ANY_NOQUESTION</a> <a name="l00231"></a>00231 ); <a name="l00232"></a>00232 <a name="l00233"></a>00233 t_netorder = htons(type); <span class="comment">/* rdf are in network order! */</span> <a name="l00234"></a>00234 rdf_t = <a class="code" href="rdata_8c.html#a5074dfaf129822d72061d81b290bd332" title="allocates a new rdf structure and fills it.">ldns_rdf_new</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9af943c7b93856ac0cfcda816c7c952c9f" title="a RR type">LDNS_RDF_TYPE_TYPE</a>, <a class="code" href="rdata_8h.html#a36a3c3e1aabff6107f3f5d5f723a94c6">LDNS_RDF_SIZE_WORD</a>, &t_netorder); <a name="l00235"></a>00235 sigs_covered = <a class="code" href="rr_8c.html#a5bb990fd3ac15e23d799bc4b7bfa7934" title="Return the rr_list which matches the rdf at position field.">ldns_rr_list_subtype_by_rdf</a>(sigs, rdf_t, 0); <a name="l00236"></a>00236 <a name="l00237"></a>00237 <a class="code" href="rdata_8c.html#ae31cf54f363a70e01db4b6d15c3ad190" title="frees a rdf structure, leaving the data pointer intact.">ldns_rdf_free</a>(rdf_t); <a name="l00238"></a>00238 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(sigs); <a name="l00239"></a>00239 <a name="l00240"></a>00240 <span class="keywordflow">return</span> sigs_covered; <a name="l00241"></a>00241 <a name="l00242"></a>00242 } <a name="l00243"></a>00243 <a name="l00244"></a>00244 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> * <a name="l00245"></a><a class="code" href="dnssec_8h.html#ad03207fb98d700dba5b9433c692145d3">00245</a> <a class="code" href="dnssec_8c.html#ad03207fb98d700dba5b9433c692145d3" title="Returns a ldns_rr_list containing the signatures covering the given type.">ldns_dnssec_pkt_get_rrsigs_for_type</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__pkt.html" title="DNS packet.">ldns_pkt</a> *pkt, <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> type) <a name="l00246"></a>00246 { <a name="l00247"></a>00247 uint16_t t_netorder; <a name="l00248"></a>00248 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs; <a name="l00249"></a>00249 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs_covered; <a name="l00250"></a>00250 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *rdf_t; <a name="l00251"></a>00251 <a name="l00252"></a>00252 sigs = <a class="code" href="packet_8c.html#aff953969fdd5f6bbbae10569f3455505" title="return all the rr with a specific type from a packet.">ldns_pkt_rr_list_by_type</a>(pkt, <a name="l00253"></a>00253 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>, <a name="l00254"></a>00254 <a class="code" href="packet_8h.html#adad42096a5200b78a988227bd8c59b71ae9ba705eaab3d3f49701f2405568c104" title="used to get all non-question rrs from a packet">LDNS_SECTION_ANY_NOQUESTION</a> <a name="l00255"></a>00255 ); <a name="l00256"></a>00256 <a name="l00257"></a>00257 t_netorder = htons(type); <span class="comment">/* rdf are in network order! */</span> <a name="l00258"></a>00258 rdf_t = <a class="code" href="rdata_8c.html#a5074dfaf129822d72061d81b290bd332" title="allocates a new rdf structure and fills it.">ldns_rdf_new</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9af943c7b93856ac0cfcda816c7c952c9f" title="a RR type">LDNS_RDF_TYPE_TYPE</a>, <a name="l00259"></a>00259 2, <a name="l00260"></a>00260 &t_netorder); <a name="l00261"></a>00261 sigs_covered = <a class="code" href="rr_8c.html#a5bb990fd3ac15e23d799bc4b7bfa7934" title="Return the rr_list which matches the rdf at position field.">ldns_rr_list_subtype_by_rdf</a>(sigs, rdf_t, 0); <a name="l00262"></a>00262 <a name="l00263"></a>00263 <a class="code" href="rdata_8c.html#ae31cf54f363a70e01db4b6d15c3ad190" title="frees a rdf structure, leaving the data pointer intact.">ldns_rdf_free</a>(rdf_t); <a name="l00264"></a>00264 <a class="code" href="rr_8c.html#a25181bd133a53f132abce4eefd8e33af" title="frees an rr_list structure and all rrs contained therein.">ldns_rr_list_deep_free</a>(sigs); <a name="l00265"></a>00265 <a name="l00266"></a>00266 <span class="keywordflow">return</span> sigs_covered; <a name="l00267"></a>00267 <a name="l00268"></a>00268 } <a name="l00269"></a>00269 <a name="l00270"></a>00270 <span class="comment">/* used only on the public key RR */</span> <a name="l00271"></a>00271 uint16_t <a name="l00272"></a><a class="code" href="dnssec_8h.html#a7cf8c4687caff6153a61052c5523e7ab">00272</a> <a class="code" href="dnssec_8c.html#a7cf8c4687caff6153a61052c5523e7ab" title="calculates a keytag of a key for use in DNSSEC.">ldns_calc_keytag</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *key) <a name="l00273"></a>00273 { <a name="l00274"></a>00274 uint16_t ac16; <a name="l00275"></a>00275 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *keybuf; <a name="l00276"></a>00276 <span class="keywordtype">size_t</span> keysize; <a name="l00277"></a>00277 <a name="l00278"></a>00278 <span class="keywordflow">if</span> (!key) { <a name="l00279"></a>00279 <span class="keywordflow">return</span> 0; <a name="l00280"></a>00280 } <a name="l00281"></a>00281 <a name="l00282"></a>00282 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(key) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a> && <a name="l00283"></a>00283 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(key) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa68446f9eb39fbde3c655675024529f5a" title="2535typecode">LDNS_RR_TYPE_KEY</a> <a name="l00284"></a>00284 ) { <a name="l00285"></a>00285 <span class="keywordflow">return</span> 0; <a name="l00286"></a>00286 } <a name="l00287"></a>00287 <a name="l00288"></a>00288 <span class="comment">/* rdata to buf - only put the rdata in a buffer */</span> <a name="l00289"></a>00289 keybuf = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="buffer_8h.html#af725b95a81365884b13c31a2f5d4c107" title="number of initial bytes in buffer of which we cannot tell the size before hand">LDNS_MIN_BUFLEN</a>); <span class="comment">/* grows */</span> <a name="l00290"></a>00290 <span class="keywordflow">if</span> (!keybuf) { <a name="l00291"></a>00291 <span class="keywordflow">return</span> 0; <a name="l00292"></a>00292 } <a name="l00293"></a>00293 (void)<a class="code" href="host2wire_8c.html#abf2bee8d29d4a8e29e4f64ea79b7c645" title="Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdat...">ldns_rr_rdata2buffer_wire</a>(keybuf, key); <a name="l00294"></a>00294 <span class="comment">/* the current pos in the buffer is the keysize */</span> <a name="l00295"></a>00295 keysize= ldns_buffer_position(keybuf); <a name="l00296"></a>00296 <a name="l00297"></a>00297 ac16 = <a class="code" href="dnssec_8c.html#ace2d1cad66229876b3cec66db12f30f4" title="Calculates keytag of DNSSEC key, operates on wireformat rdata.">ldns_calc_keytag_raw</a>(ldns_buffer_begin(keybuf), keysize); <a name="l00298"></a>00298 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(keybuf); <a name="l00299"></a>00299 <span class="keywordflow">return</span> ac16; <a name="l00300"></a>00300 } <a name="l00301"></a>00301 <a name="l00302"></a><a class="code" href="dnssec_8h.html#ace2d1cad66229876b3cec66db12f30f4">00302</a> uint16_t <a class="code" href="dnssec_8c.html#ace2d1cad66229876b3cec66db12f30f4" title="Calculates keytag of DNSSEC key, operates on wireformat rdata.">ldns_calc_keytag_raw</a>(uint8_t* key, <span class="keywordtype">size_t</span> keysize) <a name="l00303"></a>00303 { <a name="l00304"></a>00304 <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> i; <a name="l00305"></a>00305 uint32_t ac32; <a name="l00306"></a>00306 uint16_t ac16; <a name="l00307"></a>00307 <a name="l00308"></a>00308 <span class="keywordflow">if</span>(keysize < 4) { <a name="l00309"></a>00309 <span class="keywordflow">return</span> 0; <a name="l00310"></a>00310 } <a name="l00311"></a>00311 <span class="comment">/* look at the algorithm field, copied from 2535bis */</span> <a name="l00312"></a>00312 <span class="keywordflow">if</span> (key[3] == <a class="code" href="keys_8h.html#a7263c18ede33d95a849cc07f54bc5b10a13e3a2a9c94b219ec314ac60ee65237c">LDNS_RSAMD5</a>) { <a name="l00313"></a>00313 ac16 = 0; <a name="l00314"></a>00314 <span class="keywordflow">if</span> (keysize > 4) { <a name="l00315"></a>00315 <a class="code" href="config_8h.html#a802c986820d3866639922b6bc9484f90">memmove</a>(&ac16, key + keysize - 3, 2); <a name="l00316"></a>00316 } <a name="l00317"></a>00317 ac16 = ntohs(ac16); <a name="l00318"></a>00318 <span class="keywordflow">return</span> (uint16_t) ac16; <a name="l00319"></a>00319 } <span class="keywordflow">else</span> { <a name="l00320"></a>00320 ac32 = 0; <a name="l00321"></a>00321 <span class="keywordflow">for</span> (i = 0; (size_t)i < keysize; ++i) { <a name="l00322"></a>00322 ac32 += (i & 1) ? key[i] : key[i] << 8; <a name="l00323"></a>00323 } <a name="l00324"></a>00324 ac32 += (ac32 >> 16) & 0xFFFF; <a name="l00325"></a>00325 <span class="keywordflow">return</span> (uint16_t) (ac32 & 0xFFFF); <a name="l00326"></a>00326 } <a name="l00327"></a>00327 } <a name="l00328"></a>00328 <a name="l00329"></a>00329 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l00330"></a>00330 <span class="preprocessor"></span>DSA * <a name="l00331"></a><a class="code" href="dnssec_8h.html#adbaf1b9197285c071a959f87ed8fb17d">00331</a> <a class="code" href="dnssec_8c.html#adbaf1b9197285c071a959f87ed8fb17d" title="converts a buffer holding key material to a DSA key in openssl.">ldns_key_buf2dsa</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *key) <a name="l00332"></a>00332 { <a name="l00333"></a>00333 <span class="keywordflow">return</span> <a class="code" href="dnssec_8c.html#a5f90e74b05b4cdf65d11c17e5c887b30" title="Like ldns_key_buf2dsa, but uses raw buffer.">ldns_key_buf2dsa_raw</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(key), <a name="l00334"></a>00334 ldns_buffer_position(key)); <a name="l00335"></a>00335 } <a name="l00336"></a>00336 <a name="l00337"></a>00337 DSA * <a name="l00338"></a><a class="code" href="dnssec_8h.html#a5f90e74b05b4cdf65d11c17e5c887b30">00338</a> <a class="code" href="dnssec_8c.html#a5f90e74b05b4cdf65d11c17e5c887b30" title="Like ldns_key_buf2dsa, but uses raw buffer.">ldns_key_buf2dsa_raw</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>* key, <span class="keywordtype">size_t</span> len) <a name="l00339"></a>00339 { <a name="l00340"></a>00340 uint8_t T; <a name="l00341"></a>00341 uint16_t length; <a name="l00342"></a>00342 uint16_t offset; <a name="l00343"></a>00343 DSA *dsa; <a name="l00344"></a>00344 BIGNUM *Q; BIGNUM *P; <a name="l00345"></a>00345 BIGNUM *G; BIGNUM *Y; <a name="l00346"></a>00346 <a name="l00347"></a>00347 <span class="keywordflow">if</span>(len == 0) <a name="l00348"></a>00348 <span class="keywordflow">return</span> NULL; <a name="l00349"></a>00349 T = (uint8_t)key[0]; <a name="l00350"></a>00350 length = (64 + T * 8); <a name="l00351"></a>00351 offset = 1; <a name="l00352"></a>00352 <a name="l00353"></a>00353 <span class="keywordflow">if</span> (T > 8) { <a name="l00354"></a>00354 <span class="keywordflow">return</span> NULL; <a name="l00355"></a>00355 } <a name="l00356"></a>00356 <span class="keywordflow">if</span>(len < (<span class="keywordtype">size_t</span>)1 + SHA_DIGEST_LENGTH + 3*length) <a name="l00357"></a>00357 <span class="keywordflow">return</span> NULL; <a name="l00358"></a>00358 <a name="l00359"></a>00359 Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); <a name="l00360"></a>00360 offset += SHA_DIGEST_LENGTH; <a name="l00361"></a>00361 <a name="l00362"></a>00362 P = BN_bin2bn(key+offset, (<span class="keywordtype">int</span>)length, NULL); <a name="l00363"></a>00363 offset += length; <a name="l00364"></a>00364 <a name="l00365"></a>00365 G = BN_bin2bn(key+offset, (<span class="keywordtype">int</span>)length, NULL); <a name="l00366"></a>00366 offset += length; <a name="l00367"></a>00367 <a name="l00368"></a>00368 Y = BN_bin2bn(key+offset, (<span class="keywordtype">int</span>)length, NULL); <a name="l00369"></a>00369 offset += length; <a name="l00370"></a>00370 <a name="l00371"></a>00371 <span class="comment">/* create the key and set its properties */</span> <a name="l00372"></a>00372 <span class="keywordflow">if</span>(!Q || !P || !G || !Y || !(dsa = DSA_new())) { <a name="l00373"></a>00373 BN_free(Q); <a name="l00374"></a>00374 BN_free(P); <a name="l00375"></a>00375 BN_free(G); <a name="l00376"></a>00376 BN_free(Y); <a name="l00377"></a>00377 <span class="keywordflow">return</span> NULL; <a name="l00378"></a>00378 } <a name="l00379"></a>00379 <span class="preprocessor">#ifndef S_SPLINT_S</span> <a name="l00380"></a>00380 <span class="preprocessor"></span> dsa->p = P; <a name="l00381"></a>00381 dsa->q = Q; <a name="l00382"></a>00382 dsa->g = G; <a name="l00383"></a>00383 dsa->pub_key = Y; <a name="l00384"></a>00384 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span> <a name="l00385"></a>00385 <a name="l00386"></a>00386 <span class="keywordflow">return</span> dsa; <a name="l00387"></a>00387 } <a name="l00388"></a>00388 <a name="l00389"></a>00389 RSA * <a name="l00390"></a><a class="code" href="dnssec_8h.html#aeafba65095aa59f1ba109591701949c5">00390</a> <a class="code" href="dnssec_8c.html#aeafba65095aa59f1ba109591701949c5" title="converts a buffer holding key material to a RSA key in openssl.">ldns_key_buf2rsa</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *key) <a name="l00391"></a>00391 { <a name="l00392"></a>00392 <span class="keywordflow">return</span> <a class="code" href="dnssec_8c.html#a37eb5a2d4b58a903884222cdabe56a76" title="Like ldns_key_buf2rsa, but uses raw buffer.">ldns_key_buf2rsa_raw</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(key), <a name="l00393"></a>00393 ldns_buffer_position(key)); <a name="l00394"></a>00394 } <a name="l00395"></a>00395 <a name="l00396"></a>00396 RSA * <a name="l00397"></a><a class="code" href="dnssec_8h.html#a37eb5a2d4b58a903884222cdabe56a76">00397</a> <a class="code" href="dnssec_8c.html#a37eb5a2d4b58a903884222cdabe56a76" title="Like ldns_key_buf2rsa, but uses raw buffer.">ldns_key_buf2rsa_raw</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>* key, <span class="keywordtype">size_t</span> len) <a name="l00398"></a>00398 { <a name="l00399"></a>00399 uint16_t offset; <a name="l00400"></a>00400 uint16_t exp; <a name="l00401"></a>00401 uint16_t int16; <a name="l00402"></a>00402 RSA *rsa; <a name="l00403"></a>00403 BIGNUM *modulus; <a name="l00404"></a>00404 BIGNUM *exponent; <a name="l00405"></a>00405 <a name="l00406"></a>00406 <span class="keywordflow">if</span> (len == 0) <a name="l00407"></a>00407 <span class="keywordflow">return</span> NULL; <a name="l00408"></a>00408 <span class="keywordflow">if</span> (key[0] == 0) { <a name="l00409"></a>00409 <span class="keywordflow">if</span>(len < 3) <a name="l00410"></a>00410 <span class="keywordflow">return</span> NULL; <a name="l00411"></a>00411 <span class="comment">/* need some smart comment here XXX*/</span> <a name="l00412"></a>00412 <span class="comment">/* the exponent is too large so it's places</span> <a name="l00413"></a>00413 <span class="comment"> * futher...???? */</span> <a name="l00414"></a>00414 <a class="code" href="config_8h.html#a802c986820d3866639922b6bc9484f90">memmove</a>(&int16, key+1, 2); <a name="l00415"></a>00415 exp = ntohs(int16); <a name="l00416"></a>00416 offset = 3; <a name="l00417"></a>00417 } <span class="keywordflow">else</span> { <a name="l00418"></a>00418 exp = key[0]; <a name="l00419"></a>00419 offset = 1; <a name="l00420"></a>00420 } <a name="l00421"></a>00421 <a name="l00422"></a>00422 <span class="comment">/* key length at least one */</span> <a name="l00423"></a>00423 <span class="keywordflow">if</span>(len < (<span class="keywordtype">size_t</span>)offset + exp + 1) <a name="l00424"></a>00424 <span class="keywordflow">return</span> NULL; <a name="l00425"></a>00425 <a name="l00426"></a>00426 <span class="comment">/* Exponent */</span> <a name="l00427"></a>00427 exponent = BN_new(); <a name="l00428"></a>00428 <span class="keywordflow">if</span>(!exponent) <span class="keywordflow">return</span> NULL; <a name="l00429"></a>00429 (void) BN_bin2bn(key+offset, (<span class="keywordtype">int</span>)exp, exponent); <a name="l00430"></a>00430 offset += exp; <a name="l00431"></a>00431 <a name="l00432"></a>00432 <span class="comment">/* Modulus */</span> <a name="l00433"></a>00433 modulus = BN_new(); <a name="l00434"></a>00434 <span class="keywordflow">if</span>(!modulus) { <a name="l00435"></a>00435 BN_free(exponent); <a name="l00436"></a>00436 <span class="keywordflow">return</span> NULL; <a name="l00437"></a>00437 } <a name="l00438"></a>00438 <span class="comment">/* length of the buffer must match the key length! */</span> <a name="l00439"></a>00439 (void) BN_bin2bn(key+offset, (<span class="keywordtype">int</span>)(len - offset), modulus); <a name="l00440"></a>00440 <a name="l00441"></a>00441 rsa = RSA_new(); <a name="l00442"></a>00442 <span class="keywordflow">if</span>(!rsa) { <a name="l00443"></a>00443 BN_free(exponent); <a name="l00444"></a>00444 BN_free(modulus); <a name="l00445"></a>00445 <span class="keywordflow">return</span> NULL; <a name="l00446"></a>00446 } <a name="l00447"></a>00447 <span class="preprocessor">#ifndef S_SPLINT_S</span> <a name="l00448"></a>00448 <span class="preprocessor"></span> rsa->n = modulus; <a name="l00449"></a>00449 rsa->e = exponent; <a name="l00450"></a>00450 <span class="preprocessor">#endif </span><span class="comment">/* splint */</span> <a name="l00451"></a>00451 <a name="l00452"></a>00452 <span class="keywordflow">return</span> rsa; <a name="l00453"></a>00453 } <a name="l00454"></a>00454 <a name="l00455"></a>00455 <span class="keywordtype">int</span> <a name="l00456"></a><a class="code" href="dnssec_8h.html#a9483392f157e2ab100459c685eb7ea95">00456</a> <a class="code" href="dnssec_8c.html#a9483392f157e2ab100459c685eb7ea95" title="Utility function to calculate hash using generic EVP_MD pointer.">ldns_digest_evp</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>* data, <span class="keywordtype">unsigned</span> <span class="keywordtype">int</span> len, <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>* dest, <a name="l00457"></a>00457 <span class="keyword">const</span> EVP_MD* md) <a name="l00458"></a>00458 { <a name="l00459"></a>00459 EVP_MD_CTX* ctx; <a name="l00460"></a>00460 ctx = EVP_MD_CTX_create(); <a name="l00461"></a>00461 <span class="keywordflow">if</span>(!ctx) <a name="l00462"></a>00462 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l00463"></a>00463 <span class="keywordflow">if</span>(!EVP_DigestInit_ex(ctx, md, NULL) || <a name="l00464"></a>00464 !EVP_DigestUpdate(ctx, data, len) || <a name="l00465"></a>00465 !EVP_DigestFinal_ex(ctx, dest, NULL)) { <a name="l00466"></a>00466 EVP_MD_CTX_destroy(ctx); <a name="l00467"></a>00467 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l00468"></a>00468 } <a name="l00469"></a>00469 EVP_MD_CTX_destroy(ctx); <a name="l00470"></a>00470 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l00471"></a>00471 } <a name="l00472"></a>00472 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l00473"></a>00473 <a name="l00474"></a>00474 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00475"></a><a class="code" href="dnssec_8h.html#acf9bb930301fbc1a2724321a7f2c8d90">00475</a> <a class="code" href="dnssec_8c.html#acf9bb930301fbc1a2724321a7f2c8d90" title="returns a new DS rr that represents the given key rr.">ldns_key_rr2ds</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *key, <a class="code" href="keys_8h.html#ab53d559230792e3951c8974631808fc5">ldns_hash</a> h) <a name="l00476"></a>00476 { <a name="l00477"></a>00477 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *tmp; <a name="l00478"></a>00478 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *ds; <a name="l00479"></a>00479 uint16_t keytag; <a name="l00480"></a>00480 uint8_t sha1hash; <a name="l00481"></a>00481 uint8_t *digest; <a name="l00482"></a>00482 <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *data_buf; <a name="l00483"></a>00483 <span class="preprocessor">#ifdef USE_GOST</span> <a name="l00484"></a>00484 <span class="preprocessor"></span> <span class="keyword">const</span> EVP_MD* md = NULL; <a name="l00485"></a>00485 <span class="preprocessor">#endif</span> <a name="l00486"></a>00486 <span class="preprocessor"></span> <a name="l00487"></a>00487 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(key) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa316efb0ac15f31b6891fa6fba833eae8">LDNS_RR_TYPE_DNSKEY</a>) { <a name="l00488"></a>00488 <span class="keywordflow">return</span> NULL; <a name="l00489"></a>00489 } <a name="l00490"></a>00490 <a name="l00491"></a>00491 ds = <a class="code" href="rr_8c.html#af0921b9dc51c173c6e7007c2fcedfce3" title="creates a new rr structure.">ldns_rr_new</a>(); <a name="l00492"></a>00492 <span class="keywordflow">if</span> (!ds) { <a name="l00493"></a>00493 <span class="keywordflow">return</span> NULL; <a name="l00494"></a>00494 } <a name="l00495"></a>00495 <a class="code" href="rr_8c.html#a613e90c7efbdbb3da546fe1f244023c0" title="sets the type in the rr.">ldns_rr_set_type</a>(ds, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6014f51afd4f88ae81c2d0e8afef8894" title="draft-ietf-dnsext-delegation">LDNS_RR_TYPE_DS</a>); <a name="l00496"></a>00496 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(ds, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>( <a name="l00497"></a>00497 <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(key))); <a name="l00498"></a>00498 <a class="code" href="rr_8c.html#a84a12460eb7ffe5c5fd3d84e9efbe3cf" title="sets the ttl in the rr structure.">ldns_rr_set_ttl</a>(ds, <a class="code" href="rr_8c.html#a144e619c75e8cef52fa5a1de7d74c695" title="returns the ttl of an rr structure.">ldns_rr_ttl</a>(key)); <a name="l00499"></a>00499 <a class="code" href="rr_8c.html#aac682e10305e017760e65a423e6e6374" title="sets the class in the rr.">ldns_rr_set_class</a>(ds, <a class="code" href="rr_8c.html#a9674642920718eda5c65483e03587fff" title="returns the class of the rr.">ldns_rr_get_class</a>(key)); <a name="l00500"></a>00500 <a name="l00501"></a>00501 <span class="keywordflow">switch</span>(h) { <a name="l00502"></a>00502 <span class="keywordflow">default</span>: <a name="l00503"></a>00503 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820adf4af90b5cdcad12c5aeae3cc9b123e7">LDNS_SHA1</a>: <a name="l00504"></a>00504 digest = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, <a class="code" href="sha1_8h.html#a5426eb9c967f56cb3d53d0b6fe14d2ac">LDNS_SHA1_DIGEST_LENGTH</a>); <a name="l00505"></a>00505 <span class="keywordflow">if</span> (!digest) { <a name="l00506"></a>00506 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00507"></a>00507 <span class="keywordflow">return</span> NULL; <a name="l00508"></a>00508 } <a name="l00509"></a>00509 <span class="keywordflow">break</span>; <a name="l00510"></a>00510 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820a8d165863f88382ac7f167967a30ebe2f">LDNS_SHA256</a>: <a name="l00511"></a>00511 digest = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, <a class="code" href="sha2_8h.html#ac16c6fa6913b570cefc43082b682544a">LDNS_SHA256_DIGEST_LENGTH</a>); <a name="l00512"></a>00512 <span class="keywordflow">if</span> (!digest) { <a name="l00513"></a>00513 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00514"></a>00514 <span class="keywordflow">return</span> NULL; <a name="l00515"></a>00515 } <a name="l00516"></a>00516 <span class="keywordflow">break</span>; <a name="l00517"></a>00517 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820a32d75cfcd473fc6c34ac32c200b1abcf">LDNS_HASH_GOST</a>: <a name="l00518"></a>00518 <span class="preprocessor">#ifdef USE_GOST</span> <a name="l00519"></a>00519 <span class="preprocessor"></span> (void)<a class="code" href="keys_8h.html#a631eb1d2915d9c72cd12a0e44a549f45" title="Get the PKEY id for GOST, loads GOST into openssl as a side effect.">ldns_key_EVP_load_gost_id</a>(); <a name="l00520"></a>00520 md = EVP_get_digestbyname(<span class="stringliteral">"md_gost94"</span>); <a name="l00521"></a>00521 <span class="keywordflow">if</span>(!md) { <a name="l00522"></a>00522 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00523"></a>00523 <span class="keywordflow">return</span> NULL; <a name="l00524"></a>00524 } <a name="l00525"></a>00525 digest = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, EVP_MD_size(md)); <a name="l00526"></a>00526 <span class="keywordflow">if</span> (!digest) { <a name="l00527"></a>00527 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00528"></a>00528 <span class="keywordflow">return</span> NULL; <a name="l00529"></a>00529 } <a name="l00530"></a>00530 <span class="keywordflow">break</span>; <a name="l00531"></a>00531 <span class="preprocessor">#else</span> <a name="l00532"></a>00532 <span class="preprocessor"></span> <span class="comment">/* not implemented */</span> <a name="l00533"></a>00533 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00534"></a>00534 <span class="keywordflow">return</span> NULL; <a name="l00535"></a>00535 <span class="preprocessor">#endif</span> <a name="l00536"></a>00536 <span class="preprocessor"></span><span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l00537"></a>00537 <span class="preprocessor"></span> <span class="comment">/* Make similar ``not implemented'' construct as above when </span> <a name="l00538"></a>00538 <span class="comment"> draft-hoffman-dnssec-ecdsa-04 becomes a standard</span> <a name="l00539"></a>00539 <span class="comment"> */</span> <a name="l00540"></a>00540 <span class="keywordflow">case</span> LDNS_SHA384: <a name="l00541"></a>00541 digest = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, SHA384_DIGEST_LENGTH); <a name="l00542"></a>00542 <span class="keywordflow">if</span> (!digest) { <a name="l00543"></a>00543 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00544"></a>00544 <span class="keywordflow">return</span> NULL; <a name="l00545"></a>00545 } <a name="l00546"></a>00546 <span class="keywordflow">break</span>; <a name="l00547"></a>00547 <span class="preprocessor">#endif</span> <a name="l00548"></a>00548 <span class="preprocessor"></span> } <a name="l00549"></a>00549 <a name="l00550"></a>00550 data_buf = <a class="code" href="buffer_8c.html#ac6d413e9a76bf7e7c2022f13e36b9900" title="creates a new buffer with the specified capacity.">ldns_buffer_new</a>(<a class="code" href="packet_8h.html#a0335fad1ab5f49839cd6c5a71e3d721b">LDNS_MAX_PACKETLEN</a>); <a name="l00551"></a>00551 <span class="keywordflow">if</span> (!data_buf) { <a name="l00552"></a>00552 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00553"></a>00553 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00554"></a>00554 <span class="keywordflow">return</span> NULL; <a name="l00555"></a>00555 } <a name="l00556"></a>00556 <a name="l00557"></a>00557 <span class="comment">/* keytag */</span> <a name="l00558"></a>00558 keytag = htons(<a class="code" href="dnssec_8c.html#a7cf8c4687caff6153a61052c5523e7ab" title="calculates a keytag of a key for use in DNSSEC.">ldns_calc_keytag</a>((<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a>*)key)); <a name="l00559"></a>00559 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9adef66c8791f83ba190e5f5775791e4c6" title="16 bits">LDNS_RDF_TYPE_INT16</a>, <a name="l00560"></a>00560 <span class="keyword">sizeof</span>(uint16_t), <a name="l00561"></a>00561 &keytag); <a name="l00562"></a>00562 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00563"></a>00563 <a name="l00564"></a>00564 <span class="comment">/* copy the algorithm field */</span> <a name="l00565"></a>00565 <span class="keywordflow">if</span> ((tmp = <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(key, 2)) == NULL) { <a name="l00566"></a>00566 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00567"></a>00567 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(data_buf); <a name="l00568"></a>00568 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00569"></a>00569 <span class="keywordflow">return</span> NULL; <a name="l00570"></a>00570 } <span class="keywordflow">else</span> { <a name="l00571"></a>00571 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>( tmp )); <a name="l00572"></a>00572 } <a name="l00573"></a>00573 <a name="l00574"></a>00574 <span class="comment">/* digest hash type */</span> <a name="l00575"></a>00575 sha1hash = (uint8_t)h; <a name="l00576"></a>00576 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ac18c3e598d6a7a85b8eb1d1a047ac557" title="8 bits">LDNS_RDF_TYPE_INT8</a>, <a name="l00577"></a>00577 <span class="keyword">sizeof</span>(uint8_t), <a name="l00578"></a>00578 &sha1hash); <a name="l00579"></a>00579 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00580"></a>00580 <a name="l00581"></a>00581 <span class="comment">/* digest */</span> <a name="l00582"></a>00582 <span class="comment">/* owner name */</span> <a name="l00583"></a>00583 tmp = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(key)); <a name="l00584"></a>00584 <a class="code" href="dname_8c.html#a86a798d6401b11e85d4592b1609ffd8f" title="Put a dname into canonical fmt - ie.">ldns_dname2canonical</a>(tmp); <a name="l00585"></a>00585 <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#a0147a3a16d5a149a6aee49cc967a9897" title="Copies the rdata data to the buffer in wire format.">ldns_rdf2buffer_wire</a>(data_buf, tmp) != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00586"></a>00586 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00587"></a>00587 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(data_buf); <a name="l00588"></a>00588 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00589"></a>00589 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(tmp); <a name="l00590"></a>00590 <span class="keywordflow">return</span> NULL; <a name="l00591"></a>00591 } <a name="l00592"></a>00592 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(tmp); <a name="l00593"></a>00593 <a name="l00594"></a>00594 <span class="comment">/* all the rdata's */</span> <a name="l00595"></a>00595 <span class="keywordflow">if</span> (<a class="code" href="host2wire_8c.html#abf2bee8d29d4a8e29e4f64ea79b7c645" title="Converts an rr's rdata to wireformat, while excluding the ownername and all the stuff before the rdat...">ldns_rr_rdata2buffer_wire</a>(data_buf, <a name="l00596"></a>00596 (<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a>*)key) != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00597"></a>00597 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00598"></a>00598 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(data_buf); <a name="l00599"></a>00599 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00600"></a>00600 <span class="keywordflow">return</span> NULL; <a name="l00601"></a>00601 } <a name="l00602"></a>00602 <span class="keywordflow">switch</span>(h) { <a name="l00603"></a>00603 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820adf4af90b5cdcad12c5aeae3cc9b123e7">LDNS_SHA1</a>: <a name="l00604"></a>00604 (void) <a class="code" href="sha1_8c.html#a14a9873e7068caf02c57d67fd88fb6d3" title="Convenience function to digest a fixed block of data at once.">ldns_sha1</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) ldns_buffer_begin(data_buf), <a name="l00605"></a>00605 (<span class="keywordtype">unsigned</span> int) ldns_buffer_position(data_buf), <a name="l00606"></a>00606 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) digest); <a name="l00607"></a>00607 <a name="l00608"></a>00608 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9abb1b198b0e4c7dc8a5d659bb60a4d0b0" title="hex string">LDNS_RDF_TYPE_HEX</a>, <a name="l00609"></a>00609 <a class="code" href="sha1_8h.html#a5426eb9c967f56cb3d53d0b6fe14d2ac">LDNS_SHA1_DIGEST_LENGTH</a>, <a name="l00610"></a>00610 digest); <a name="l00611"></a>00611 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00612"></a>00612 <a name="l00613"></a>00613 <span class="keywordflow">break</span>; <a name="l00614"></a>00614 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820a8d165863f88382ac7f167967a30ebe2f">LDNS_SHA256</a>: <a name="l00615"></a>00615 (void) <a class="code" href="sha2_8c.html#af8f3852a5a417bc3fe786a477ec86f0f" title="Convenience function to digest a fixed block of data at once.">ldns_sha256</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) ldns_buffer_begin(data_buf), <a name="l00616"></a>00616 (<span class="keywordtype">unsigned</span> int) ldns_buffer_position(data_buf), <a name="l00617"></a>00617 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) digest); <a name="l00618"></a>00618 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9abb1b198b0e4c7dc8a5d659bb60a4d0b0" title="hex string">LDNS_RDF_TYPE_HEX</a>, <a name="l00619"></a>00619 <a class="code" href="sha2_8h.html#ac16c6fa6913b570cefc43082b682544a">LDNS_SHA256_DIGEST_LENGTH</a>, <a name="l00620"></a>00620 digest); <a name="l00621"></a>00621 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00622"></a>00622 <span class="keywordflow">break</span>; <a name="l00623"></a>00623 <span class="keywordflow">case</span> <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820a32d75cfcd473fc6c34ac32c200b1abcf">LDNS_HASH_GOST</a>: <a name="l00624"></a>00624 <span class="preprocessor">#ifdef USE_GOST</span> <a name="l00625"></a>00625 <span class="preprocessor"></span> <span class="keywordflow">if</span>(!<a class="code" href="dnssec_8c.html#a9483392f157e2ab100459c685eb7ea95" title="Utility function to calculate hash using generic EVP_MD pointer.">ldns_digest_evp</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) ldns_buffer_begin(data_buf), <a name="l00626"></a>00626 (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span>) ldns_buffer_position(data_buf), <a name="l00627"></a>00627 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) digest, md)) { <a name="l00628"></a>00628 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00629"></a>00629 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(data_buf); <a name="l00630"></a>00630 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(ds); <a name="l00631"></a>00631 <span class="keywordflow">return</span> NULL; <a name="l00632"></a>00632 } <a name="l00633"></a>00633 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9abb1b198b0e4c7dc8a5d659bb60a4d0b0" title="hex string">LDNS_RDF_TYPE_HEX</a>, <a name="l00634"></a>00634 (<span class="keywordtype">size_t</span>)EVP_MD_size(md), <a name="l00635"></a>00635 digest); <a name="l00636"></a>00636 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00637"></a>00637 <span class="preprocessor">#endif</span> <a name="l00638"></a>00638 <span class="preprocessor"></span> <span class="keywordflow">break</span>; <a name="l00639"></a>00639 <span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l00640"></a>00640 <span class="preprocessor"></span> <span class="keywordflow">case</span> LDNS_SHA384: <a name="l00641"></a>00641 (void) SHA384((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) ldns_buffer_begin(data_buf), <a name="l00642"></a>00642 (<span class="keywordtype">unsigned</span> int) ldns_buffer_position(data_buf), <a name="l00643"></a>00643 (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) digest); <a name="l00644"></a>00644 tmp = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9abb1b198b0e4c7dc8a5d659bb60a4d0b0" title="hex string">LDNS_RDF_TYPE_HEX</a>, <a name="l00645"></a>00645 SHA384_DIGEST_LENGTH, <a name="l00646"></a>00646 digest); <a name="l00647"></a>00647 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(ds, tmp); <a name="l00648"></a>00648 <span class="keywordflow">break</span>; <a name="l00649"></a>00649 <span class="preprocessor">#endif</span> <a name="l00650"></a>00650 <span class="preprocessor"></span> } <a name="l00651"></a>00651 <a name="l00652"></a>00652 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(digest); <a name="l00653"></a>00653 <a class="code" href="buffer_8c.html#a1615da957ad5a24a8b5cc1ba2f2b7f44" title="frees the buffer.">ldns_buffer_free</a>(data_buf); <a name="l00654"></a>00654 <span class="keywordflow">return</span> ds; <a name="l00655"></a>00655 } <a name="l00656"></a>00656 <a name="l00657"></a>00657 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00658"></a><a class="code" href="dnssec_8h.html#aa303ec9b0723ed4b954f1a2ff99a226a">00658</a> <a class="code" href="dnssec_8c.html#aa303ec9b0723ed4b954f1a2ff99a226a" title="Create the type bitmap for an NSEC(3) record.">ldns_dnssec_create_nsec_bitmap</a>(<a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> rr_type_list[], <a name="l00659"></a>00659 <span class="keywordtype">size_t</span> size, <a name="l00660"></a>00660 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> nsec_type) <a name="l00661"></a>00661 { <a name="l00662"></a>00662 <span class="keywordtype">size_t</span> i; <a name="l00663"></a>00663 uint8_t *bitmap; <a name="l00664"></a>00664 uint16_t bm_len = 0; <a name="l00665"></a>00665 uint16_t i_type; <a name="l00666"></a>00666 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *bitmap_rdf; <a name="l00667"></a>00667 <a name="l00668"></a>00668 uint8_t *data = NULL; <a name="l00669"></a>00669 uint8_t cur_data[32]; <a name="l00670"></a>00670 uint8_t cur_window = 0; <a name="l00671"></a>00671 uint8_t cur_window_max = 0; <a name="l00672"></a>00672 uint16_t cur_data_size = 0; <a name="l00673"></a>00673 <a name="l00674"></a>00674 <span class="keywordflow">if</span> (nsec_type != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a> && <a name="l00675"></a>00675 nsec_type != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l00676"></a>00676 <span class="keywordflow">return</span> NULL; <a name="l00677"></a>00677 } <a name="l00678"></a>00678 <a name="l00679"></a>00679 i_type = 0; <a name="l00680"></a>00680 <span class="keywordflow">for</span> (i = 0; i < size; i++) { <a name="l00681"></a>00681 <span class="keywordflow">if</span> (i_type < rr_type_list[i]) <a name="l00682"></a>00682 i_type = rr_type_list[i]; <a name="l00683"></a>00683 } <a name="l00684"></a>00684 <span class="keywordflow">if</span> (i_type < nsec_type) { <a name="l00685"></a>00685 i_type = nsec_type; <a name="l00686"></a>00686 } <a name="l00687"></a>00687 <a name="l00688"></a>00688 bm_len = i_type / 8 + 2; <a name="l00689"></a>00689 bitmap = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, bm_len); <a name="l00690"></a>00690 <span class="keywordflow">if</span>(!bitmap) <span class="keywordflow">return</span> NULL; <a name="l00691"></a>00691 <span class="keywordflow">for</span> (i = 0; i < bm_len; i++) { <a name="l00692"></a>00692 bitmap[i] = 0; <a name="l00693"></a>00693 } <a name="l00694"></a>00694 <a name="l00695"></a>00695 <span class="keywordflow">for</span> (i = 0; i < size; i++) { <a name="l00696"></a>00696 i_type = rr_type_list[i]; <a name="l00697"></a>00697 <a class="code" href="util_8c.html#a2d1ca37b28b9053aedc68d9ab4c62cae" title="sets the specified bit in the specified byte to 1 if value is true, 0 if false The bits are counted f...">ldns_set_bit</a>(bitmap + (<span class="keywordtype">int</span>) i_type / 8, <a name="l00698"></a>00698 (<span class="keywordtype">int</span>) (7 - (i_type % 8)), <a name="l00699"></a>00699 <span class="keyword">true</span>); <a name="l00700"></a>00700 } <a name="l00701"></a>00701 <a name="l00702"></a>00702 <span class="comment">/* fold it into windows TODO: can this be done directly? */</span> <a name="l00703"></a>00703 memset(cur_data, 0, 32); <a name="l00704"></a>00704 <span class="keywordflow">for</span> (i = 0; i < bm_len; i++) { <a name="l00705"></a>00705 <span class="keywordflow">if</span> (i / 32 > cur_window) { <a name="l00706"></a>00706 <span class="comment">/* check, copy, new */</span> <a name="l00707"></a>00707 <span class="keywordflow">if</span> (cur_window_max > 0) { <a name="l00708"></a>00708 <span class="comment">/* this window has stuff, add it */</span> <a name="l00709"></a>00709 data = <a class="code" href="util_8h.html#aef91214266c90875fa06e4a47e734538">LDNS_XREALLOC</a>(data, <a name="l00710"></a>00710 uint8_t, <a name="l00711"></a>00711 cur_data_size + cur_window_max + 3); <a name="l00712"></a>00712 <span class="keywordflow">if</span>(!data) { <a name="l00713"></a>00713 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(bitmap); <a name="l00714"></a>00714 <span class="keywordflow">return</span> NULL; <a name="l00715"></a>00715 } <a name="l00716"></a>00716 data[cur_data_size] = cur_window; <a name="l00717"></a>00717 data[cur_data_size + 1] = cur_window_max + 1; <a name="l00718"></a>00718 memcpy(data + cur_data_size + 2, <a name="l00719"></a>00719 cur_data, <a name="l00720"></a>00720 cur_window_max+1); <a name="l00721"></a>00721 cur_data_size += cur_window_max + 3; <a name="l00722"></a>00722 } <a name="l00723"></a>00723 cur_window++; <a name="l00724"></a>00724 cur_window_max = 0; <a name="l00725"></a>00725 memset(cur_data, 0, 32); <a name="l00726"></a>00726 } <a name="l00727"></a>00727 cur_data[i%32] = bitmap[i]; <a name="l00728"></a>00728 <span class="keywordflow">if</span> (bitmap[i] > 0) { <a name="l00729"></a>00729 cur_window_max = i%32; <a name="l00730"></a>00730 } <a name="l00731"></a>00731 } <a name="l00732"></a>00732 <span class="keywordflow">if</span> (cur_window_max > 0 || cur_data[0] != 0) { <a name="l00733"></a>00733 <span class="comment">/* this window has stuff, add it */</span> <a name="l00734"></a>00734 data = <a class="code" href="util_8h.html#aef91214266c90875fa06e4a47e734538">LDNS_XREALLOC</a>(data, <a name="l00735"></a>00735 uint8_t, <a name="l00736"></a>00736 cur_data_size + cur_window_max + 3); <a name="l00737"></a>00737 <span class="keywordflow">if</span>(!data) { <a name="l00738"></a>00738 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(bitmap); <a name="l00739"></a>00739 <span class="keywordflow">return</span> NULL; <a name="l00740"></a>00740 } <a name="l00741"></a>00741 data[cur_data_size] = cur_window; <a name="l00742"></a>00742 data[cur_data_size + 1] = cur_window_max + 1; <a name="l00743"></a>00743 memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1); <a name="l00744"></a>00744 cur_data_size += cur_window_max + 3; <a name="l00745"></a>00745 } <a name="l00746"></a>00746 <a name="l00747"></a>00747 bitmap_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a8060ea4dff4d7af7148ef6ee2d5a0f1c" title="nsec type codes">LDNS_RDF_TYPE_NSEC</a>, <a name="l00748"></a>00748 cur_data_size, <a name="l00749"></a>00749 data); <a name="l00750"></a>00750 <a name="l00751"></a>00751 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(bitmap); <a name="l00752"></a>00752 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(data); <a name="l00753"></a>00753 <a name="l00754"></a>00754 <span class="keywordflow">return</span> bitmap_rdf; <a name="l00755"></a>00755 } <a name="l00756"></a>00756 <a name="l00757"></a>00757 <span class="keywordtype">int</span> <a name="l00758"></a><a class="code" href="dnssec_8h.html#aba8ade9eed84d1a95eab95622587a0b4">00758</a> <a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>(<a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *rrsets, <a name="l00759"></a>00759 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> type) <a name="l00760"></a>00760 { <a name="l00761"></a>00761 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrset = rrsets; <a name="l00762"></a>00762 <span class="keywordflow">while</span> (cur_rrset) { <a name="l00763"></a>00763 <span class="keywordflow">if</span> (cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == type) { <a name="l00764"></a>00764 <span class="keywordflow">return</span> 1; <a name="l00765"></a>00765 } <a name="l00766"></a>00766 cur_rrset = cur_rrset-><a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>; <a name="l00767"></a>00767 } <a name="l00768"></a>00768 <span class="keywordflow">return</span> 0; <a name="l00769"></a>00769 } <a name="l00770"></a>00770 <a name="l00771"></a>00771 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00772"></a><a class="code" href="dnssec_8h.html#ae6fa0e94ef20702415ce458afc041f32">00772</a> <a class="code" href="dnssec_8c.html#ae6fa0e94ef20702415ce458afc041f32" title="Creates NSEC.">ldns_dnssec_create_nsec</a>(<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *from, <a name="l00773"></a>00773 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *to, <a name="l00774"></a>00774 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> nsec_type) <a name="l00775"></a>00775 { <a name="l00776"></a>00776 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr; <a name="l00777"></a>00777 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> types[65536]; <a name="l00778"></a>00778 <span class="keywordtype">size_t</span> type_count = 0; <a name="l00779"></a>00779 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrsets; <a name="l00780"></a>00780 <span class="keywordtype">int</span> on_delegation_point; <a name="l00781"></a>00781 <a name="l00782"></a>00782 <span class="keywordflow">if</span> (!from || !to || (nsec_type != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>)) { <a name="l00783"></a>00783 <span class="keywordflow">return</span> NULL; <a name="l00784"></a>00784 } <a name="l00785"></a>00785 <a name="l00786"></a>00786 nsec_rr = <a class="code" href="rr_8c.html#af0921b9dc51c173c6e7007c2fcedfce3" title="creates a new rr structure.">ldns_rr_new</a>(); <a name="l00787"></a>00787 <a class="code" href="rr_8c.html#a613e90c7efbdbb3da546fe1f244023c0" title="sets the type in the rr.">ldns_rr_set_type</a>(nsec_rr, nsec_type); <a name="l00788"></a>00788 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec_rr, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="dnssec__zone_8c.html#a90c2052eebf29fb8932960a18a4d29e3" title="Returns the domain name of the given dnssec_name structure.">ldns_dnssec_name_name</a>(from))); <a name="l00789"></a>00789 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec_rr, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="dnssec__zone_8c.html#a90c2052eebf29fb8932960a18a4d29e3" title="Returns the domain name of the given dnssec_name structure.">ldns_dnssec_name_name</a>(to))); <a name="l00790"></a>00790 <a name="l00791"></a>00791 on_delegation_point = <a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00792"></a>00792 from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>) <a name="l00793"></a>00793 && !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00794"></a>00794 from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>); <a name="l00795"></a>00795 <a name="l00796"></a>00796 cur_rrsets = from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>; <a name="l00797"></a>00797 <span class="keywordflow">while</span> (cur_rrsets) { <a name="l00798"></a>00798 <span class="comment">/* Do not include non-authoritative rrsets on the delegation point</span> <a name="l00799"></a>00799 <span class="comment"> * in the type bitmap */</span> <a name="l00800"></a>00800 <span class="keywordflow">if</span> ((on_delegation_point && ( <a name="l00801"></a>00801 cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a> <a name="l00802"></a>00802 || cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6014f51afd4f88ae81c2d0e8afef8894" title="draft-ietf-dnsext-delegation">LDNS_RR_TYPE_DS</a>)) <a name="l00803"></a>00803 || (!on_delegation_point && <a name="l00804"></a>00804 cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a> <a name="l00805"></a>00805 && cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>)) { <a name="l00806"></a>00806 <a name="l00807"></a>00807 types[type_count] = cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a>; <a name="l00808"></a>00808 type_count++; <a name="l00809"></a>00809 } <a name="l00810"></a>00810 cur_rrsets = cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>; <a name="l00811"></a>00811 <a name="l00812"></a>00812 } <a name="l00813"></a>00813 types[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>; <a name="l00814"></a>00814 type_count++; <a name="l00815"></a>00815 types[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>; <a name="l00816"></a>00816 type_count++; <a name="l00817"></a>00817 <a name="l00818"></a>00818 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec_rr, <a class="code" href="dnssec_8c.html#aa303ec9b0723ed4b954f1a2ff99a226a" title="Create the type bitmap for an NSEC(3) record.">ldns_dnssec_create_nsec_bitmap</a>(types, <a name="l00819"></a>00819 type_count, <a name="l00820"></a>00820 nsec_type)); <a name="l00821"></a>00821 <a name="l00822"></a>00822 <span class="keywordflow">return</span> nsec_rr; <a name="l00823"></a>00823 } <a name="l00824"></a>00824 <a name="l00825"></a>00825 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00826"></a><a class="code" href="dnssec_8h.html#a91a04e82a9a91edf77c5eb736921bbbb">00826</a> <a class="code" href="dnssec_8c.html#a91a04e82a9a91edf77c5eb736921bbbb" title="Creates NSEC3.">ldns_dnssec_create_nsec3</a>(<a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *from, <a name="l00827"></a>00827 <a class="code" href="structldns__struct__dnssec__name.html">ldns_dnssec_name</a> *to, <a name="l00828"></a>00828 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *zone_name, <a name="l00829"></a>00829 uint8_t algorithm, <a name="l00830"></a>00830 uint8_t flags, <a name="l00831"></a>00831 uint16_t iterations, <a name="l00832"></a>00832 uint8_t salt_length, <a name="l00833"></a>00833 uint8_t *salt) <a name="l00834"></a>00834 { <a name="l00835"></a>00835 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec_rr; <a name="l00836"></a>00836 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> types[65536]; <a name="l00837"></a>00837 <span class="keywordtype">size_t</span> type_count = 0; <a name="l00838"></a>00838 <a class="code" href="structldns__struct__dnssec__rrsets.html">ldns_dnssec_rrsets</a> *cur_rrsets; <a name="l00839"></a>00839 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status; <a name="l00840"></a>00840 <span class="keywordtype">int</span> on_delegation_point; <a name="l00841"></a>00841 <a name="l00842"></a>00842 flags = flags; <a name="l00843"></a>00843 <a name="l00844"></a>00844 <span class="keywordflow">if</span> (!from) { <a name="l00845"></a>00845 <span class="keywordflow">return</span> NULL; <a name="l00846"></a>00846 } <a name="l00847"></a>00847 <a name="l00848"></a>00848 nsec_rr = <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>); <a name="l00849"></a>00849 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec_rr, <a name="l00850"></a>00850 <a class="code" href="dnssec_8c.html#aa516dac9f07ce8b5734b9dfd19376cae" title="Calculates the hashed name using the given parameters.">ldns_nsec3_hash_name</a>(<a class="code" href="dnssec__zone_8c.html#a90c2052eebf29fb8932960a18a4d29e3" title="Returns the domain name of the given dnssec_name structure.">ldns_dnssec_name_name</a>(from), <a name="l00851"></a>00851 algorithm, <a name="l00852"></a>00852 iterations, <a name="l00853"></a>00853 salt_length, <a name="l00854"></a>00854 salt)); <a name="l00855"></a>00855 status = <a class="code" href="dname_8c.html#a8cca5c83c1eb85f9697c20978da31592" title="concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)">ldns_dname_cat</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec_rr), zone_name); <a name="l00856"></a>00856 <span class="keywordflow">if</span>(status != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l00857"></a>00857 <a class="code" href="rr_8c.html#a277ccb85853d3c527ff3bc963cdde505" title="frees an RR structure">ldns_rr_free</a>(nsec_rr); <a name="l00858"></a>00858 <span class="keywordflow">return</span> NULL; <a name="l00859"></a>00859 } <a name="l00860"></a>00860 <a class="code" href="dnssec_8c.html#a32e7e1f34ec0a19c6d20997bd4191b61" title="Sets all the NSEC3 options.">ldns_nsec3_add_param_rdfs</a>(nsec_rr, <a name="l00861"></a>00861 algorithm, <a name="l00862"></a>00862 flags, <a name="l00863"></a>00863 iterations, <a name="l00864"></a>00864 salt_length, <a name="l00865"></a>00865 salt); <a name="l00866"></a>00866 <a name="l00867"></a>00867 on_delegation_point = <a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00868"></a>00868 from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>) <a name="l00869"></a>00869 && !<a class="code" href="dnssec_8c.html#aba8ade9eed84d1a95eab95622587a0b4" title="returns whether a rrset of the given type is found in the rrsets.">ldns_dnssec_rrsets_contains_type</a>( <a name="l00870"></a>00870 from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>); <a name="l00871"></a>00871 cur_rrsets = from-><a class="code" href="structldns__struct__dnssec__name.html#aeddc2dd678aaee33029f19511f278a54" title="The rrsets for this name.">rrsets</a>; <a name="l00872"></a>00872 <span class="keywordflow">while</span> (cur_rrsets) { <a name="l00873"></a>00873 <span class="comment">/* Do not include non-authoritative rrsets on the delegation point</span> <a name="l00874"></a>00874 <span class="comment"> * in the type bitmap. Potentionally not skipping insecure</span> <a name="l00875"></a>00875 <span class="comment"> * delegation should have been done earlier, in function</span> <a name="l00876"></a>00876 <span class="comment"> * ldns_dnssec_zone_create_nsec3s, or even earlier in:</span> <a name="l00877"></a>00877 <span class="comment"> * ldns_dnssec_zone_sign_nsec3_flg .</span> <a name="l00878"></a>00878 <span class="comment"> */</span> <a name="l00879"></a>00879 <span class="keywordflow">if</span> ((on_delegation_point && ( <a name="l00880"></a>00880 cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a> <a name="l00881"></a>00881 || cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6014f51afd4f88ae81c2d0e8afef8894" title="draft-ietf-dnsext-delegation">LDNS_RR_TYPE_DS</a>)) <a name="l00882"></a>00882 || (!on_delegation_point && <a name="l00883"></a>00883 cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a> != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>)) { <a name="l00884"></a>00884 <a name="l00885"></a>00885 types[type_count] = cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a57ebbbbee7c46f6df872cc16461b909a">type</a>; <a name="l00886"></a>00886 type_count++; <a name="l00887"></a>00887 } <a name="l00888"></a>00888 cur_rrsets = cur_rrsets-><a class="code" href="structldns__struct__dnssec__rrsets.html#a980e963be13c1f575bf86ce65936d95b">next</a>; <a name="l00889"></a>00889 } <a name="l00890"></a>00890 <span class="comment">/* always add rrsig type if this is not an unsigned</span> <a name="l00891"></a>00891 <span class="comment"> * delegation</span> <a name="l00892"></a>00892 <span class="comment"> */</span> <a name="l00893"></a>00893 <span class="keywordflow">if</span> (type_count > 0 && <a name="l00894"></a>00894 !(type_count == 1 && types[0] == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>)) { <a name="l00895"></a>00895 types[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>; <a name="l00896"></a>00896 type_count++; <a name="l00897"></a>00897 } <a name="l00898"></a>00898 <a name="l00899"></a>00899 <span class="comment">/* leave next rdata empty if they weren't precomputed yet */</span> <a name="l00900"></a>00900 <span class="keywordflow">if</span> (to && to-><a class="code" href="structldns__struct__dnssec__name.html#a6e15265404177f58facf5eb7b8a2fd95" title="pointer to store the hashed name (only used when in an NSEC3 zone">hashed_name</a>) { <a name="l00901"></a>00901 (void) <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(nsec_rr, <a name="l00902"></a>00902 <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(to-><a class="code" href="structldns__struct__dnssec__name.html#a6e15265404177f58facf5eb7b8a2fd95" title="pointer to store the hashed name (only used when in an NSEC3 zone">hashed_name</a>), <a name="l00903"></a>00903 4); <a name="l00904"></a>00904 } <span class="keywordflow">else</span> { <a name="l00905"></a>00905 (void) <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(nsec_rr, NULL, 4); <a name="l00906"></a>00906 } <a name="l00907"></a>00907 <a name="l00908"></a>00908 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec_rr, <a name="l00909"></a>00909 <a class="code" href="dnssec_8c.html#aa303ec9b0723ed4b954f1a2ff99a226a" title="Create the type bitmap for an NSEC(3) record.">ldns_dnssec_create_nsec_bitmap</a>(types, <a name="l00910"></a>00910 type_count, <a name="l00911"></a>00911 <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>)); <a name="l00912"></a>00912 <a name="l00913"></a>00913 <span class="keywordflow">return</span> nsec_rr; <a name="l00914"></a>00914 } <a name="l00915"></a>00915 <a name="l00916"></a>00916 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l00917"></a><a class="code" href="dnssec_8h.html#a9085186405931df151e3eac5d33292fb">00917</a> <a class="code" href="dnssec_8c.html#a9085186405931df151e3eac5d33292fb" title="Create a NSEC record.">ldns_create_nsec</a>(<a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *cur_owner, <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *next_owner, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrs) <a name="l00918"></a>00918 { <a name="l00919"></a>00919 <span class="comment">/* we do not do any check here - garbage in, garbage out */</span> <a name="l00920"></a>00920 <a name="l00921"></a>00921 <span class="comment">/* the the start and end names - get the type from the</span> <a name="l00922"></a>00922 <span class="comment"> * before rrlist */</span> <a name="l00923"></a>00923 <a name="l00924"></a>00924 <span class="comment">/* inefficient, just give it a name, a next name, and a list of rrs */</span> <a name="l00925"></a>00925 <span class="comment">/* we make 1 big uberbitmap first, then windows */</span> <a name="l00926"></a>00926 <span class="comment">/* todo: make something more efficient :) */</span> <a name="l00927"></a>00927 uint16_t i; <a name="l00928"></a>00928 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *i_rr; <a name="l00929"></a>00929 uint16_t i_type; <a name="l00930"></a>00930 <a name="l00931"></a>00931 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec = NULL; <a name="l00932"></a>00932 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> i_type_list[65536]; <a name="l00933"></a>00933 <span class="keywordtype">size_t</span> type_count = 0; <a name="l00934"></a>00934 <a name="l00935"></a>00935 nsec = <a class="code" href="rr_8c.html#af0921b9dc51c173c6e7007c2fcedfce3" title="creates a new rr structure.">ldns_rr_new</a>(); <a name="l00936"></a>00936 <a class="code" href="rr_8c.html#a613e90c7efbdbb3da546fe1f244023c0" title="sets the type in the rr.">ldns_rr_set_type</a>(nsec, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>); <a name="l00937"></a>00937 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(cur_owner)); <a name="l00938"></a>00938 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec, <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(next_owner)); <a name="l00939"></a>00939 <a name="l00940"></a>00940 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrs); i++) { <a name="l00941"></a>00941 i_rr = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrs, i); <a name="l00942"></a>00942 <span class="keywordflow">if</span> (<a class="code" href="rdata_8c.html#ae5813414a2392d94d20ec1f9f3705ad5" title="compares two rdf's on their wire formats.">ldns_rdf_compare</a>(cur_owner, <a name="l00943"></a>00943 <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(i_rr)) == 0) { <a name="l00944"></a>00944 i_type = <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(i_rr); <a name="l00945"></a>00945 <span class="keywordflow">if</span> (i_type != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a> && i_type != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>) { <a name="l00946"></a>00946 <span class="keywordflow">if</span> (type_count == 0 || i_type_list[type_count-1] != i_type) { <a name="l00947"></a>00947 i_type_list[type_count] = i_type; <a name="l00948"></a>00948 type_count++; <a name="l00949"></a>00949 } <a name="l00950"></a>00950 } <a name="l00951"></a>00951 } <a name="l00952"></a>00952 } <a name="l00953"></a>00953 <a name="l00954"></a>00954 i_type_list[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>; <a name="l00955"></a>00955 type_count++; <a name="l00956"></a>00956 i_type_list[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>; <a name="l00957"></a>00957 type_count++; <a name="l00958"></a>00958 <a name="l00959"></a>00959 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec, <a name="l00960"></a>00960 <a class="code" href="dnssec_8c.html#aa303ec9b0723ed4b954f1a2ff99a226a" title="Create the type bitmap for an NSEC(3) record.">ldns_dnssec_create_nsec_bitmap</a>(i_type_list, <a name="l00961"></a>00961 type_count, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>)); <a name="l00962"></a>00962 <a name="l00963"></a>00963 <span class="keywordflow">return</span> nsec; <a name="l00964"></a>00964 } <a name="l00965"></a>00965 <a name="l00966"></a>00966 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l00967"></a><a class="code" href="dnssec_8h.html#aa516dac9f07ce8b5734b9dfd19376cae">00967</a> <a class="code" href="dnssec_8c.html#aa516dac9f07ce8b5734b9dfd19376cae" title="Calculates the hashed name using the given parameters.">ldns_nsec3_hash_name</a>(<a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *name, <a name="l00968"></a>00968 uint8_t algorithm, <a name="l00969"></a>00969 uint16_t iterations, <a name="l00970"></a>00970 uint8_t salt_length, <a name="l00971"></a>00971 uint8_t *salt) <a name="l00972"></a>00972 { <a name="l00973"></a>00973 <span class="keywordtype">size_t</span> hashed_owner_str_len; <a name="l00974"></a>00974 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *cann; <a name="l00975"></a>00975 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *hashed_owner; <a name="l00976"></a>00976 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *hashed_owner_str; <a name="l00977"></a>00977 <span class="keywordtype">char</span> *hashed_owner_b32; <a name="l00978"></a>00978 <span class="keywordtype">size_t</span> hashed_owner_b32_len; <a name="l00979"></a>00979 uint32_t cur_it; <a name="l00980"></a>00980 <span class="comment">/* define to contain the largest possible hash, which is</span> <a name="l00981"></a>00981 <span class="comment"> * sha1 at the moment */</span> <a name="l00982"></a>00982 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> hash[<a class="code" href="sha1_8h.html#a5426eb9c967f56cb3d53d0b6fe14d2ac">LDNS_SHA1_DIGEST_LENGTH</a>]; <a name="l00983"></a>00983 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status; <a name="l00984"></a>00984 <a name="l00985"></a>00985 <span class="comment">/* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */</span> <a name="l00986"></a>00986 <span class="keywordflow">if</span> (algorithm != <a class="code" href="keys_8h.html#ace93e9ea11837e8a73e24d1851ef3820adf4af90b5cdcad12c5aeae3cc9b123e7">LDNS_SHA1</a>) { <a name="l00987"></a>00987 <span class="keywordflow">return</span> NULL; <a name="l00988"></a>00988 } <a name="l00989"></a>00989 <a name="l00990"></a>00990 <span class="comment">/* prepare the owner name according to the draft section bla */</span> <a name="l00991"></a>00991 cann = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(name); <a name="l00992"></a>00992 <span class="keywordflow">if</span>(!cann) { <a name="l00993"></a>00993 fprintf(stderr, <span class="stringliteral">"Memory error\n"</span>); <a name="l00994"></a>00994 <span class="keywordflow">return</span> NULL; <a name="l00995"></a>00995 } <a name="l00996"></a>00996 <a class="code" href="dname_8c.html#a86a798d6401b11e85d4592b1609ffd8f" title="Put a dname into canonical fmt - ie.">ldns_dname2canonical</a>(cann); <a name="l00997"></a>00997 <a name="l00998"></a>00998 hashed_owner_str_len = salt_length + <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(cann); <a name="l00999"></a>00999 hashed_owner_str = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>, hashed_owner_str_len); <a name="l01000"></a>01000 <span class="keywordflow">if</span>(!hashed_owner_str) { <a name="l01001"></a>01001 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(cann); <a name="l01002"></a>01002 <span class="keywordflow">return</span> NULL; <a name="l01003"></a>01003 } <a name="l01004"></a>01004 memcpy(hashed_owner_str, <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(cann), <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(cann)); <a name="l01005"></a>01005 memcpy(hashed_owner_str + <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(cann), salt, salt_length); <a name="l01006"></a>01006 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(cann); <a name="l01007"></a>01007 <a name="l01008"></a>01008 <span class="keywordflow">for</span> (cur_it = iterations + 1; cur_it > 0; cur_it--) { <a name="l01009"></a>01009 (void) <a class="code" href="sha1_8c.html#a14a9873e7068caf02c57d67fd88fb6d3" title="Convenience function to digest a fixed block of data at once.">ldns_sha1</a>((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) hashed_owner_str, <a name="l01010"></a>01010 (<span class="keywordtype">unsigned</span> int) hashed_owner_str_len, hash); <a name="l01011"></a>01011 <a name="l01012"></a>01012 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(hashed_owner_str); <a name="l01013"></a>01013 hashed_owner_str_len = salt_length + <a class="code" href="sha1_8h.html#a5426eb9c967f56cb3d53d0b6fe14d2ac">LDNS_SHA1_DIGEST_LENGTH</a>; <a name="l01014"></a>01014 hashed_owner_str = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>, hashed_owner_str_len); <a name="l01015"></a>01015 <span class="keywordflow">if</span> (!hashed_owner_str) { <a name="l01016"></a>01016 <span class="keywordflow">return</span> NULL; <a name="l01017"></a>01017 } <a name="l01018"></a>01018 memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); <a name="l01019"></a>01019 memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); <a name="l01020"></a>01020 hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length; <a name="l01021"></a>01021 } <a name="l01022"></a>01022 <a name="l01023"></a>01023 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(hashed_owner_str); <a name="l01024"></a>01024 hashed_owner_str = hash; <a name="l01025"></a>01025 hashed_owner_str_len = <a class="code" href="sha1_8h.html#a5426eb9c967f56cb3d53d0b6fe14d2ac">LDNS_SHA1_DIGEST_LENGTH</a>; <a name="l01026"></a>01026 <a name="l01027"></a>01027 hashed_owner_b32 = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(<span class="keywordtype">char</span>, <a name="l01028"></a>01028 ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1); <a name="l01029"></a>01029 <span class="keywordflow">if</span>(!hashed_owner_b32) { <a name="l01030"></a>01030 <span class="keywordflow">return</span> NULL; <a name="l01031"></a>01031 } <a name="l01032"></a>01032 hashed_owner_b32_len = (size_t) <a class="code" href="util_8h.html#a1131c0b74b8b1d94d673aa222d0ef54b">ldns_b32_ntop_extended_hex</a>( <a name="l01033"></a>01033 (uint8_t *) hashed_owner_str, <a name="l01034"></a>01034 hashed_owner_str_len, <a name="l01035"></a>01035 hashed_owner_b32, <a name="l01036"></a>01036 ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1); <a name="l01037"></a>01037 <span class="keywordflow">if</span> (hashed_owner_b32_len < 1) { <a name="l01038"></a>01038 fprintf(stderr, <span class="stringliteral">"Error in base32 extended hex encoding "</span>); <a name="l01039"></a>01039 fprintf(stderr, <span class="stringliteral">"of hashed owner name (name: "</span>); <a name="l01040"></a>01040 <a class="code" href="host2str_8c.html#a82be4b345ab5088e8399df920e921e51" title="Prints the data in the rdata field to the given file stream (in presentation format)">ldns_rdf_print</a>(stderr, name); <a name="l01041"></a>01041 fprintf(stderr, <span class="stringliteral">", return code: %u)\n"</span>, <a name="l01042"></a>01042 (<span class="keywordtype">unsigned</span> <span class="keywordtype">int</span>) hashed_owner_b32_len); <a name="l01043"></a>01043 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(hashed_owner_b32); <a name="l01044"></a>01044 <span class="keywordflow">return</span> NULL; <a name="l01045"></a>01045 } <a name="l01046"></a>01046 hashed_owner_b32[hashed_owner_b32_len] = <span class="charliteral">'\0'</span>; <a name="l01047"></a>01047 <a name="l01048"></a>01048 status = <a class="code" href="str2host_8c.html#a8bf01656c7b60c305b47b1e1346749d3" title="convert a dname string into wireformat">ldns_str2rdf_dname</a>(&hashed_owner, hashed_owner_b32); <a name="l01049"></a>01049 <span class="keywordflow">if</span> (status != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01050"></a>01050 fprintf(stderr, <span class="stringliteral">"Error creating rdf from %s\n"</span>, hashed_owner_b32); <a name="l01051"></a>01051 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(hashed_owner_b32); <a name="l01052"></a>01052 <span class="keywordflow">return</span> NULL; <a name="l01053"></a>01053 } <a name="l01054"></a>01054 <a name="l01055"></a>01055 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(hashed_owner_b32); <a name="l01056"></a>01056 <span class="keywordflow">return</span> hashed_owner; <a name="l01057"></a>01057 } <a name="l01058"></a>01058 <a name="l01059"></a>01059 <span class="keywordtype">void</span> <a name="l01060"></a><a class="code" href="dnssec_8h.html#a32e7e1f34ec0a19c6d20997bd4191b61">01060</a> <a class="code" href="dnssec_8c.html#a32e7e1f34ec0a19c6d20997bd4191b61" title="Sets all the NSEC3 options.">ldns_nsec3_add_param_rdfs</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *rr, <a name="l01061"></a>01061 uint8_t algorithm, <a name="l01062"></a>01062 uint8_t flags, <a name="l01063"></a>01063 uint16_t iterations, <a name="l01064"></a>01064 uint8_t salt_length, <a name="l01065"></a>01065 uint8_t *salt) <a name="l01066"></a>01066 { <a name="l01067"></a>01067 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *salt_rdf = NULL; <a name="l01068"></a>01068 uint8_t *salt_data = NULL; <a name="l01069"></a>01069 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *old; <a name="l01070"></a>01070 <a name="l01071"></a>01071 old = <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(rr, <a name="l01072"></a>01072 <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ac18c3e598d6a7a85b8eb1d1a047ac557" title="8 bits">LDNS_RDF_TYPE_INT8</a>, <a name="l01073"></a>01073 1, (<span class="keywordtype">void</span>*)&algorithm), <a name="l01074"></a>01074 0); <a name="l01075"></a>01075 <span class="keywordflow">if</span> (old) <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(old); <a name="l01076"></a>01076 <a name="l01077"></a>01077 old = <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(rr, <a name="l01078"></a>01078 <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9ac18c3e598d6a7a85b8eb1d1a047ac557" title="8 bits">LDNS_RDF_TYPE_INT8</a>, <a name="l01079"></a>01079 1, (<span class="keywordtype">void</span>*)&flags), <a name="l01080"></a>01080 1); <a name="l01081"></a>01081 <span class="keywordflow">if</span> (old) <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(old); <a name="l01082"></a>01082 <a name="l01083"></a>01083 old = <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(rr, <a name="l01084"></a>01084 <a class="code" href="rdata_8c.html#a73fc4d5c6e12d7ac79b0778f51b60e13" title="returns the rdf containing the native uint16_t representation.">ldns_native2rdf_int16</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9adef66c8791f83ba190e5f5775791e4c6" title="16 bits">LDNS_RDF_TYPE_INT16</a>, <a name="l01085"></a>01085 iterations), <a name="l01086"></a>01086 2); <a name="l01087"></a>01087 <span class="keywordflow">if</span> (old) <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(old); <a name="l01088"></a>01088 <a name="l01089"></a>01089 salt_data = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, salt_length + 1); <a name="l01090"></a>01090 <span class="keywordflow">if</span>(!salt_data) { <a name="l01091"></a>01091 <span class="comment">/* no way to return error */</span> <a name="l01092"></a>01092 <span class="keywordflow">return</span>; <a name="l01093"></a>01093 } <a name="l01094"></a>01094 salt_data[0] = salt_length; <a name="l01095"></a>01095 memcpy(salt_data + 1, salt, salt_length); <a name="l01096"></a>01096 salt_rdf = <a class="code" href="rdata_8c.html#afeaa67dccf9c97ac9209776936279319" title="allocates a new rdf structure and fills it.">ldns_rdf_new_frm_data</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a87d3781e435a1fd0a7cefce6d3cfe273" title="nsec3 hash salt">LDNS_RDF_TYPE_NSEC3_SALT</a>, <a name="l01097"></a>01097 salt_length + 1, <a name="l01098"></a>01098 salt_data); <a name="l01099"></a>01099 <span class="keywordflow">if</span>(!salt_rdf) { <a name="l01100"></a>01100 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(salt_data); <a name="l01101"></a>01101 <span class="comment">/* no way to return error */</span> <a name="l01102"></a>01102 <span class="keywordflow">return</span>; <a name="l01103"></a>01103 } <a name="l01104"></a>01104 <a name="l01105"></a>01105 old = <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(rr, salt_rdf, 3); <a name="l01106"></a>01106 <span class="keywordflow">if</span> (old) <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(old); <a name="l01107"></a>01107 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(salt_data); <a name="l01108"></a>01108 } <a name="l01109"></a>01109 <a name="l01110"></a>01110 <span class="keyword">static</span> <span class="keywordtype">int</span> <a name="l01111"></a>01111 rr_list_delegation_only(<a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *origin, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rr_list) <a name="l01112"></a>01112 { <a name="l01113"></a>01113 <span class="keywordtype">size_t</span> i; <a name="l01114"></a>01114 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *cur_rr; <a name="l01115"></a>01115 <span class="keywordflow">if</span> (!origin || !rr_list) <span class="keywordflow">return</span> 0; <a name="l01116"></a>01116 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rr_list); i++) { <a name="l01117"></a>01117 cur_rr = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rr_list, i); <a name="l01118"></a>01118 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(cur_rr), origin) == 0) { <a name="l01119"></a>01119 <span class="keywordflow">return</span> 0; <a name="l01120"></a>01120 } <a name="l01121"></a>01121 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(cur_rr) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daaa3b41f5c015a14a145a7f21ae29a8795" title="an authoritative name server">LDNS_RR_TYPE_NS</a>) { <a name="l01122"></a>01122 <span class="keywordflow">return</span> 0; <a name="l01123"></a>01123 } <a name="l01124"></a>01124 } <a name="l01125"></a>01125 <span class="keywordflow">return</span> 1; <a name="l01126"></a>01126 } <a name="l01127"></a>01127 <a name="l01128"></a>01128 <span class="comment">/* this will NOT return the NSEC3 completed, you will have to run the</span> <a name="l01129"></a>01129 <span class="comment"> finalize function on the rrlist later! */</span> <a name="l01130"></a>01130 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> * <a name="l01131"></a><a class="code" href="dnssec_8h.html#a4f2743c769d775eb5b6448286621da0c">01131</a> <a class="code" href="dnssec_8c.html#a4f2743c769d775eb5b6448286621da0c">ldns_create_nsec3</a>(<a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *cur_owner, <a name="l01132"></a>01132 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *cur_zone, <a name="l01133"></a>01133 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrs, <a name="l01134"></a>01134 uint8_t algorithm, <a name="l01135"></a>01135 uint8_t flags, <a name="l01136"></a>01136 uint16_t iterations, <a name="l01137"></a>01137 uint8_t salt_length, <a name="l01138"></a>01138 uint8_t *salt, <a name="l01139"></a>01139 <span class="keywordtype">bool</span> emptynonterminal) <a name="l01140"></a>01140 { <a name="l01141"></a>01141 <span class="keywordtype">size_t</span> i; <a name="l01142"></a>01142 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *i_rr; <a name="l01143"></a>01143 uint16_t i_type; <a name="l01144"></a>01144 <a name="l01145"></a>01145 <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec = NULL; <a name="l01146"></a>01146 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *hashed_owner = NULL; <a name="l01147"></a>01147 <a name="l01148"></a>01148 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status; <a name="l01149"></a>01149 <a name="l01150"></a>01150 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> i_type_list[1024]; <a name="l01151"></a>01151 <span class="keywordtype">size_t</span> type_count = 0; <a name="l01152"></a>01152 <a name="l01153"></a>01153 hashed_owner = <a class="code" href="dnssec_8c.html#aa516dac9f07ce8b5734b9dfd19376cae" title="Calculates the hashed name using the given parameters.">ldns_nsec3_hash_name</a>(cur_owner, <a name="l01154"></a>01154 algorithm, <a name="l01155"></a>01155 iterations, <a name="l01156"></a>01156 salt_length, <a name="l01157"></a>01157 salt); <a name="l01158"></a>01158 status = <a class="code" href="dname_8c.html#a8cca5c83c1eb85f9697c20978da31592" title="concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)">ldns_dname_cat</a>(hashed_owner, cur_zone); <a name="l01159"></a>01159 <span class="keywordflow">if</span>(status != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) <a name="l01160"></a>01160 <span class="keywordflow">return</span> NULL; <a name="l01161"></a>01161 <a name="l01162"></a>01162 nsec = <a class="code" href="rr_8c.html#a49a0499723e18408806c7023b5090517" title="creates a new rr structure, based on the given type.">ldns_rr_new_frm_type</a>(<a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>); <a name="l01163"></a>01163 <span class="keywordflow">if</span>(!nsec) <a name="l01164"></a>01164 <span class="keywordflow">return</span> NULL; <a name="l01165"></a>01165 <a class="code" href="rr_8c.html#a613e90c7efbdbb3da546fe1f244023c0" title="sets the type in the rr.">ldns_rr_set_type</a>(nsec, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>); <a name="l01166"></a>01166 <a class="code" href="rr_8c.html#a2c7374383b168ce0d33b56f43a91c940" title="sets the owner in the rr structure.">ldns_rr_set_owner</a>(nsec, hashed_owner); <a name="l01167"></a>01167 <a name="l01168"></a>01168 <a class="code" href="dnssec_8c.html#a32e7e1f34ec0a19c6d20997bd4191b61" title="Sets all the NSEC3 options.">ldns_nsec3_add_param_rdfs</a>(nsec, <a name="l01169"></a>01169 algorithm, <a name="l01170"></a>01170 flags, <a name="l01171"></a>01171 iterations, <a name="l01172"></a>01172 salt_length, <a name="l01173"></a>01173 salt); <a name="l01174"></a>01174 (void) <a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(nsec, NULL, 4); <a name="l01175"></a>01175 <a name="l01176"></a>01176 <a name="l01177"></a>01177 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(rrs); i++) { <a name="l01178"></a>01178 i_rr = <a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(rrs, i); <a name="l01179"></a>01179 <span class="keywordflow">if</span> (<a class="code" href="rdata_8c.html#ae5813414a2392d94d20ec1f9f3705ad5" title="compares two rdf's on their wire formats.">ldns_rdf_compare</a>(cur_owner, <a name="l01180"></a>01180 <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(i_rr)) == 0) { <a name="l01181"></a>01181 i_type = <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(i_rr); <a name="l01182"></a>01182 <span class="keywordflow">if</span> (type_count == 0 || i_type_list[type_count-1] != i_type) { <a name="l01183"></a>01183 i_type_list[type_count] = i_type; <a name="l01184"></a>01184 type_count++; <a name="l01185"></a>01185 } <a name="l01186"></a>01186 } <a name="l01187"></a>01187 } <a name="l01188"></a>01188 <a name="l01189"></a>01189 <span class="comment">/* add RRSIG anyway, but only if this is not an ENT or</span> <a name="l01190"></a>01190 <span class="comment"> * an unsigned delegation */</span> <a name="l01191"></a>01191 <span class="keywordflow">if</span> (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) { <a name="l01192"></a>01192 i_type_list[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>; <a name="l01193"></a>01193 type_count++; <a name="l01194"></a>01194 } <a name="l01195"></a>01195 <a name="l01196"></a>01196 <span class="comment">/* and SOA if owner == zone */</span> <a name="l01197"></a>01197 <span class="keywordflow">if</span> (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(cur_zone, cur_owner) == 0) { <a name="l01198"></a>01198 i_type_list[type_count] = <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa367b06e16e9a68d994130aedec1c3bdb" title="marks the start of a zone of authority">LDNS_RR_TYPE_SOA</a>; <a name="l01199"></a>01199 type_count++; <a name="l01200"></a>01200 } <a name="l01201"></a>01201 <a name="l01202"></a>01202 <a class="code" href="rr_8c.html#ab5903437318cd6ad1e4b701587c9842c" title="sets rd_field member, it will be placed in the next available spot.">ldns_rr_push_rdf</a>(nsec, <a name="l01203"></a>01203 <a class="code" href="dnssec_8c.html#aa303ec9b0723ed4b954f1a2ff99a226a" title="Create the type bitmap for an NSEC(3) record.">ldns_dnssec_create_nsec_bitmap</a>(i_type_list, <a name="l01204"></a>01204 type_count, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>)); <a name="l01205"></a>01205 <a name="l01206"></a>01206 <span class="keywordflow">return</span> nsec; <a name="l01207"></a>01207 } <a name="l01208"></a>01208 <a name="l01209"></a>01209 uint8_t <a name="l01210"></a><a class="code" href="dnssec_8h.html#ac3466657ba6e849ddcf44547729b7654">01210</a> <a class="code" href="dnssec_8c.html#ac3466657ba6e849ddcf44547729b7654" title="Returns the hash algorithm used in the given NSEC3 RR.">ldns_nsec3_algorithm</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01211"></a>01211 { <a name="l01212"></a>01212 <span class="keywordflow">if</span> (nsec3_rr && <a name="l01213"></a>01213 (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a> || <a name="l01214"></a>01214 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>) <a name="l01215"></a>01215 && (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 0) != NULL) <a name="l01216"></a>01216 && <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 0)) > 0) { <a name="l01217"></a>01217 <span class="keywordflow">return</span> <a class="code" href="rdata_8c.html#a9743cad6a2edaec63bbc419633b207d0" title="returns the native uint8_t representation from the rdf.">ldns_rdf2native_int8</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 0)); <a name="l01218"></a>01218 } <a name="l01219"></a>01219 <span class="keywordflow">return</span> 0; <a name="l01220"></a>01220 } <a name="l01221"></a>01221 <a name="l01222"></a>01222 uint8_t <a name="l01223"></a><a class="code" href="dnssec_8h.html#a8095ff0b971736da0fac9f09ed4a70e2">01223</a> <a class="code" href="dnssec_8c.html#a8095ff0b971736da0fac9f09ed4a70e2" title="Returns flags field.">ldns_nsec3_flags</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01224"></a>01224 { <a name="l01225"></a>01225 <span class="keywordflow">if</span> (nsec3_rr && <a name="l01226"></a>01226 (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a> || <a name="l01227"></a>01227 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>) <a name="l01228"></a>01228 && (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 1) != NULL) <a name="l01229"></a>01229 && <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 1)) > 0) { <a name="l01230"></a>01230 <span class="keywordflow">return</span> <a class="code" href="rdata_8c.html#a9743cad6a2edaec63bbc419633b207d0" title="returns the native uint8_t representation from the rdf.">ldns_rdf2native_int8</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 1)); <a name="l01231"></a>01231 } <a name="l01232"></a>01232 <span class="keywordflow">return</span> 0; <a name="l01233"></a>01233 } <a name="l01234"></a>01234 <a name="l01235"></a>01235 <span class="keywordtype">bool</span> <a name="l01236"></a><a class="code" href="dnssec_8h.html#aa0afddc06606bb7b2cf5a01498a75f74">01236</a> <a class="code" href="dnssec_8c.html#aa0afddc06606bb7b2cf5a01498a75f74" title="Returns true if the opt-out flag has been set in the given NSEC3 RR.">ldns_nsec3_optout</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01237"></a>01237 { <a name="l01238"></a>01238 <span class="keywordflow">return</span> (<a class="code" href="dnssec_8c.html#a8095ff0b971736da0fac9f09ed4a70e2" title="Returns flags field.">ldns_nsec3_flags</a>(nsec3_rr) & <a class="code" href="rdata_8h.html#aee5a8cca68de1b7296e27195bf9fdda8">LDNS_NSEC3_VARS_OPTOUT_MASK</a>); <a name="l01239"></a>01239 } <a name="l01240"></a>01240 <a name="l01241"></a>01241 uint16_t <a name="l01242"></a><a class="code" href="dnssec_8h.html#a30ee21fd35125587a36cfddab232af60">01242</a> <a class="code" href="dnssec_8c.html#a30ee21fd35125587a36cfddab232af60" title="Returns the number of hash iterations used in the given NSEC3 RR.">ldns_nsec3_iterations</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01243"></a>01243 { <a name="l01244"></a>01244 <span class="keywordflow">if</span> (nsec3_rr && <a name="l01245"></a>01245 (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a> || <a name="l01246"></a>01246 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>) <a name="l01247"></a>01247 && (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 2) != NULL) <a name="l01248"></a>01248 && <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 2)) > 0) { <a name="l01249"></a>01249 <span class="keywordflow">return</span> <a class="code" href="rdata_8c.html#a5906b621eda1380a2993255fa649c21d" title="returns the native uint16_t representation from the rdf.">ldns_rdf2native_int16</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 2)); <a name="l01250"></a>01250 } <a name="l01251"></a>01251 <span class="keywordflow">return</span> 0; <a name="l01252"></a>01252 <a name="l01253"></a>01253 } <a name="l01254"></a>01254 <a name="l01255"></a>01255 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01256"></a><a class="code" href="dnssec_8h.html#ad51179f10589890c3d774cc20f253bc2">01256</a> <a class="code" href="dnssec_8c.html#ad51179f10589890c3d774cc20f253bc2" title="Returns the salt used in the given NSEC3 RR.">ldns_nsec3_salt</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01257"></a>01257 { <a name="l01258"></a>01258 <span class="keywordflow">if</span> (nsec3_rr && <a name="l01259"></a>01259 (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a> || <a name="l01260"></a>01260 <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa6ae1d49278325b00ed6f8f5c21ed2c77">LDNS_RR_TYPE_NSEC3PARAM</a>) <a name="l01261"></a>01261 ) { <a name="l01262"></a>01262 <span class="keywordflow">return</span> <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 3); <a name="l01263"></a>01263 } <a name="l01264"></a>01264 <span class="keywordflow">return</span> NULL; <a name="l01265"></a>01265 } <a name="l01266"></a>01266 <a name="l01267"></a>01267 uint8_t <a name="l01268"></a><a class="code" href="dnssec_8h.html#a7fa2f6a7ad9c4c69a3705e2fa3065556">01268</a> <a class="code" href="dnssec_8c.html#a7fa2f6a7ad9c4c69a3705e2fa3065556" title="Returns the length of the salt used in the given NSEC3 RR.">ldns_nsec3_salt_length</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01269"></a>01269 { <a name="l01270"></a>01270 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *salt_rdf = <a class="code" href="dnssec_8c.html#ad51179f10589890c3d774cc20f253bc2" title="Returns the salt used in the given NSEC3 RR.">ldns_nsec3_salt</a>(nsec3_rr); <a name="l01271"></a>01271 <span class="keywordflow">if</span> (salt_rdf && <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(salt_rdf) > 0) { <a name="l01272"></a>01272 <span class="keywordflow">return</span> (uint8_t) <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(salt_rdf)[0]; <a name="l01273"></a>01273 } <a name="l01274"></a>01274 <span class="keywordflow">return</span> 0; <a name="l01275"></a>01275 } <a name="l01276"></a>01276 <a name="l01277"></a>01277 <span class="comment">/* allocs data, free with LDNS_FREE() */</span> <a name="l01278"></a>01278 uint8_t * <a name="l01279"></a><a class="code" href="dnssec_8h.html#a96ef18b4efc39b04aba2df85a272b958">01279</a> <a class="code" href="dnssec_8c.html#a96ef18b4efc39b04aba2df85a272b958" title="Returns the salt bytes used in the given NSEC3 RR.">ldns_nsec3_salt_data</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01280"></a>01280 { <a name="l01281"></a>01281 uint8_t salt_length; <a name="l01282"></a>01282 uint8_t *salt; <a name="l01283"></a>01283 <a name="l01284"></a>01284 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *salt_rdf = <a class="code" href="dnssec_8c.html#ad51179f10589890c3d774cc20f253bc2" title="Returns the salt used in the given NSEC3 RR.">ldns_nsec3_salt</a>(nsec3_rr); <a name="l01285"></a>01285 <span class="keywordflow">if</span> (salt_rdf && <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(salt_rdf) > 0) { <a name="l01286"></a>01286 salt_length = <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(salt_rdf)[0]; <a name="l01287"></a>01287 salt = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(uint8_t, salt_length); <a name="l01288"></a>01288 <span class="keywordflow">if</span>(!salt) <span class="keywordflow">return</span> NULL; <a name="l01289"></a>01289 memcpy(salt, &<a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(salt_rdf)[1], salt_length); <a name="l01290"></a>01290 <span class="keywordflow">return</span> salt; <a name="l01291"></a>01291 } <a name="l01292"></a>01292 <span class="keywordflow">return</span> NULL; <a name="l01293"></a>01293 } <a name="l01294"></a>01294 <a name="l01295"></a>01295 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01296"></a><a class="code" href="dnssec_8h.html#ad1eecc66294a1195664dd1ba195a57b0">01296</a> <a class="code" href="dnssec_8c.html#ad1eecc66294a1195664dd1ba195a57b0" title="Returns the first label of the next ownername in the NSEC3 chain (ie.">ldns_nsec3_next_owner</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01297"></a>01297 { <a name="l01298"></a>01298 <span class="keywordflow">if</span> (!nsec3_rr || <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l01299"></a>01299 <span class="keywordflow">return</span> NULL; <a name="l01300"></a>01300 } <span class="keywordflow">else</span> { <a name="l01301"></a>01301 <span class="keywordflow">return</span> <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 4); <a name="l01302"></a>01302 } <a name="l01303"></a>01303 } <a name="l01304"></a>01304 <a name="l01305"></a>01305 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01306"></a><a class="code" href="dnssec_8h.html#ac60cd95b31e771323d711d404c917167">01306</a> <a class="code" href="dnssec_8c.html#ac60cd95b31e771323d711d404c917167" title="Returns the bitmap specifying the covered types of the given NSEC3 RR.">ldns_nsec3_bitmap</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec3_rr) <a name="l01307"></a>01307 { <a name="l01308"></a>01308 <span class="keywordflow">if</span> (!nsec3_rr || <a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec3_rr) != <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l01309"></a>01309 <span class="keywordflow">return</span> NULL; <a name="l01310"></a>01310 } <span class="keywordflow">else</span> { <a name="l01311"></a>01311 <span class="keywordflow">return</span> <a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec3_rr, 5); <a name="l01312"></a>01312 } <a name="l01313"></a>01313 } <a name="l01314"></a>01314 <a name="l01315"></a>01315 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01316"></a><a class="code" href="dnssec_8h.html#acac169a05f307efe9226b872904f644e">01316</a> <a class="code" href="dnssec_8c.html#acac169a05f307efe9226b872904f644e" title="Calculates the hashed name using the parameters of the given NSEC3 RR.">ldns_nsec3_hash_name_frm_nsec3</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec, <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *name) <a name="l01317"></a>01317 { <a name="l01318"></a>01318 uint8_t algorithm; <a name="l01319"></a>01319 uint16_t iterations; <a name="l01320"></a>01320 uint8_t salt_length; <a name="l01321"></a>01321 uint8_t *salt = 0; <a name="l01322"></a>01322 <a name="l01323"></a>01323 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *hashed_owner; <a name="l01324"></a>01324 <a name="l01325"></a>01325 algorithm = <a class="code" href="dnssec_8c.html#ac3466657ba6e849ddcf44547729b7654" title="Returns the hash algorithm used in the given NSEC3 RR.">ldns_nsec3_algorithm</a>(nsec); <a name="l01326"></a>01326 salt_length = <a class="code" href="dnssec_8c.html#a7fa2f6a7ad9c4c69a3705e2fa3065556" title="Returns the length of the salt used in the given NSEC3 RR.">ldns_nsec3_salt_length</a>(nsec); <a name="l01327"></a>01327 salt = <a class="code" href="dnssec_8c.html#a96ef18b4efc39b04aba2df85a272b958" title="Returns the salt bytes used in the given NSEC3 RR.">ldns_nsec3_salt_data</a>(nsec); <a name="l01328"></a>01328 iterations = <a class="code" href="dnssec_8c.html#a30ee21fd35125587a36cfddab232af60" title="Returns the number of hash iterations used in the given NSEC3 RR.">ldns_nsec3_iterations</a>(nsec); <a name="l01329"></a>01329 <a name="l01330"></a>01330 hashed_owner = <a class="code" href="dnssec_8c.html#aa516dac9f07ce8b5734b9dfd19376cae" title="Calculates the hashed name using the given parameters.">ldns_nsec3_hash_name</a>(name, <a name="l01331"></a>01331 algorithm, <a name="l01332"></a>01332 iterations, <a name="l01333"></a>01333 salt_length, <a name="l01334"></a>01334 salt); <a name="l01335"></a>01335 <a name="l01336"></a>01336 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(salt); <a name="l01337"></a>01337 <span class="keywordflow">return</span> hashed_owner; <a name="l01338"></a>01338 } <a name="l01339"></a>01339 <a name="l01340"></a>01340 <span class="keywordtype">bool</span> <a name="l01341"></a><a class="code" href="dnssec_8h.html#ab60bf88f5cc38b9d8a8e052ce5c33fde">01341</a> <a class="code" href="dnssec_8c.html#ab60bf88f5cc38b9d8a8e052ce5c33fde" title="Checks coverage of NSEC RR type bitmap.">ldns_nsec_bitmap_covers_type</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *nsec_bitmap, <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> type) <a name="l01342"></a>01342 { <a name="l01343"></a>01343 uint8_t window_block_nr; <a name="l01344"></a>01344 uint8_t bitmap_length; <a name="l01345"></a>01345 uint16_t cur_type; <a name="l01346"></a>01346 uint16_t pos = 0; <a name="l01347"></a>01347 uint16_t bit_pos; <a name="l01348"></a>01348 uint8_t *data; <a name="l01349"></a>01349 <a name="l01350"></a>01350 <span class="keywordflow">if</span> (nsec_bitmap == NULL) { <a name="l01351"></a>01351 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l01352"></a>01352 } <a name="l01353"></a>01353 data = <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(nsec_bitmap); <a name="l01354"></a>01354 <span class="keywordflow">while</span>(pos < <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(nsec_bitmap)) { <a name="l01355"></a>01355 window_block_nr = data[pos]; <a name="l01356"></a>01356 bitmap_length = data[pos + 1]; <a name="l01357"></a>01357 pos += 2; <a name="l01358"></a>01358 <a name="l01359"></a>01359 <span class="keywordflow">for</span> (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { <a name="l01360"></a>01360 <span class="keywordflow">if</span> (<a class="code" href="util_8c.html#ac0cfcc1f93a2aaf7fb61804cf844faef" title="Returns the value of the specified bit The bits are counted from left to right, so bit #0 is the left...">ldns_get_bit</a>(&data[pos], bit_pos)) { <a name="l01361"></a>01361 cur_type = 256 * (uint16_t) window_block_nr + bit_pos; <a name="l01362"></a>01362 <span class="keywordflow">if</span> (cur_type == type) { <a name="l01363"></a>01363 <span class="keywordflow">return</span> <span class="keyword">true</span>; <a name="l01364"></a>01364 } <a name="l01365"></a>01365 } <a name="l01366"></a>01366 } <a name="l01367"></a>01367 <a name="l01368"></a>01368 pos += (uint16_t) bitmap_length; <a name="l01369"></a>01369 } <a name="l01370"></a>01370 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l01371"></a>01371 } <a name="l01372"></a>01372 <a name="l01373"></a>01373 <span class="keywordtype">bool</span> <a name="l01374"></a><a class="code" href="dnssec_8h.html#ae580eb88c6a29558c572e097890099dc">01374</a> <a class="code" href="dnssec_8c.html#ae580eb88c6a29558c572e097890099dc" title="Checks coverage of NSEC(3) RR name span Remember that nsec and name must both be in canonical form (i...">ldns_nsec_covers_name</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *nsec, <span class="keyword">const</span> <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *name) <a name="l01375"></a>01375 { <a name="l01376"></a>01376 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *nsec_owner = <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(nsec); <a name="l01377"></a>01377 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *hash_next; <a name="l01378"></a>01378 <span class="keywordtype">char</span> *next_hash_str; <a name="l01379"></a>01379 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *nsec_next = NULL; <a name="l01380"></a>01380 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status; <a name="l01381"></a>01381 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *chopped_dname; <a name="l01382"></a>01382 <span class="keywordtype">bool</span> result; <a name="l01383"></a>01383 <a name="l01384"></a>01384 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa5413827ac0392a4d65d53b1b7d04f989">LDNS_RR_TYPE_NSEC</a>) { <a name="l01385"></a>01385 <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec, 0) != NULL) { <a name="l01386"></a>01386 nsec_next = <a class="code" href="rdata_8c.html#af9a39f2f8b749efa6a20ba91cb696961" title="clones a rdf structure.">ldns_rdf_clone</a>(<a class="code" href="rr_8c.html#aed836e7b90f7c11993d92a4569d7e29b" title="returns the rdata field member counter.">ldns_rr_rdf</a>(nsec, 0)); <a name="l01387"></a>01387 } <span class="keywordflow">else</span> { <a name="l01388"></a>01388 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l01389"></a>01389 } <a name="l01390"></a>01390 } <span class="keywordflow">else</span> <span class="keywordflow">if</span> (<a class="code" href="rr_8c.html#a849c616b8e8d87b8c047a8b41be21228" title="returns the type of the rr.">ldns_rr_get_type</a>(nsec) == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa79a5eacdaa6defd52d97a6b205f102f9">LDNS_RR_TYPE_NSEC3</a>) { <a name="l01391"></a>01391 hash_next = <a class="code" href="dnssec_8c.html#ad1eecc66294a1195664dd1ba195a57b0" title="Returns the first label of the next ownername in the NSEC3 chain (ie.">ldns_nsec3_next_owner</a>(nsec); <a name="l01392"></a>01392 next_hash_str = <a class="code" href="host2str_8c.html#ae404881f2bc2bd31588e32e250f2c46b" title="Converts the data in the rdata field to presentation format and returns that as a char *...">ldns_rdf2str</a>(hash_next); <a name="l01393"></a>01393 nsec_next = <a class="code" href="dname_8c.html#af4963d4ae086b1d77a58c6f757a00462" title="creates a new dname rdf from a string.">ldns_dname_new_frm_str</a>(next_hash_str); <a name="l01394"></a>01394 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(next_hash_str); <a name="l01395"></a>01395 chopped_dname = <a class="code" href="dname_8c.html#aa2b0413896e1c06fd2cc685d4026d8ac" title="chop one label off the left side of a dname.">ldns_dname_left_chop</a>(nsec_owner); <a name="l01396"></a>01396 status = <a class="code" href="dname_8c.html#a8cca5c83c1eb85f9697c20978da31592" title="concatenates rd2 after rd1 (rd2 is copied, rd1 is modified)">ldns_dname_cat</a>(nsec_next, chopped_dname); <a name="l01397"></a>01397 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(chopped_dname); <a name="l01398"></a>01398 <span class="keywordflow">if</span> (status != <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>) { <a name="l01399"></a>01399 printf(<span class="stringliteral">"error catting: %s\n"</span>, <a class="code" href="error_8c.html#a4005bb78082a40de485f947470fa5017" title="look up a descriptive text by each error.">ldns_get_errorstr_by_id</a>(status)); <a name="l01400"></a>01400 } <a name="l01401"></a>01401 } <span class="keywordflow">else</span> { <a name="l01402"></a>01402 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(nsec_next); <a name="l01403"></a>01403 <span class="keywordflow">return</span> <span class="keyword">false</span>; <a name="l01404"></a>01404 } <a name="l01405"></a>01405 <a name="l01406"></a>01406 <span class="comment">/* in the case of the last nsec */</span> <a name="l01407"></a>01407 <span class="keywordflow">if</span>(<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(nsec_owner, nsec_next) > 0) { <a name="l01408"></a>01408 result = (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(nsec_owner, name) <= 0 || <a name="l01409"></a>01409 <a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(name, nsec_next) < 0); <a name="l01410"></a>01410 } <span class="keywordflow">else</span> { <a name="l01411"></a>01411 result = (<a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(nsec_owner, name) <= 0 && <a name="l01412"></a>01412 <a class="code" href="dname_8c.html#a6faaee00444aad0fde1c672216e5a8b7" title="Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6...">ldns_dname_compare</a>(name, nsec_next) < 0); <a name="l01413"></a>01413 } <a name="l01414"></a>01414 <a name="l01415"></a>01415 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(nsec_next); <a name="l01416"></a>01416 <span class="keywordflow">return</span> result; <a name="l01417"></a>01417 } <a name="l01418"></a>01418 <a name="l01419"></a>01419 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l01420"></a>01420 <span class="preprocessor"></span><span class="comment">/* sig may be null - if so look in the packet */</span> <a name="l01421"></a>01421 <a name="l01422"></a>01422 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01423"></a><a class="code" href="dnssec_8h.html#af145cf7773677c0fffe56f5df5106c76">01423</a> <a class="code" href="dnssec_8c.html#af145cf7773677c0fffe56f5df5106c76" title="verify a packet">ldns_pkt_verify_time</a>(<a class="code" href="structldns__struct__pkt.html" title="DNS packet.">ldns_pkt</a> *p, <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> t, <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *o, <a name="l01424"></a>01424 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *k, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *s, <a name="l01425"></a>01425 time_t check_time, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *good_keys) <a name="l01426"></a>01426 { <a name="l01427"></a>01427 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *rrset; <a name="l01428"></a>01428 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs; <a name="l01429"></a>01429 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *sigs_covered; <a name="l01430"></a>01430 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *rdf_t; <a name="l01431"></a>01431 <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> t_netorder; <a name="l01432"></a>01432 <a name="l01433"></a>01433 <span class="keywordflow">if</span> (!k) { <a name="l01434"></a>01434 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01435"></a>01435 <span class="comment">/* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */</span> <a name="l01436"></a>01436 } <a name="l01437"></a>01437 <a name="l01438"></a>01438 <span class="keywordflow">if</span> (t == <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>) { <a name="l01439"></a>01439 <span class="comment">/* we don't have RRSIG(RRSIG) (yet? ;-) ) */</span> <a name="l01440"></a>01440 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01441"></a>01441 } <a name="l01442"></a>01442 <a name="l01443"></a>01443 <span class="keywordflow">if</span> (s) { <a name="l01444"></a>01444 <span class="comment">/* if s is not NULL, the sigs are given to use */</span> <a name="l01445"></a>01445 sigs = s; <a name="l01446"></a>01446 } <span class="keywordflow">else</span> { <a name="l01447"></a>01447 <span class="comment">/* otherwise get them from the packet */</span> <a name="l01448"></a>01448 sigs = <a class="code" href="packet_8c.html#a817ba0b6b178f84d9a83b09e4fdf6772" title="return all the rr with a specific type and type from a packet.">ldns_pkt_rr_list_by_name_and_type</a>(p, o, <a class="code" href="rr_8h.html#a640100112b0009efe3d61bbf799b33daa0dae8d9f8f4684e63ac7665a2a489b4d" title="draft-ietf-dnsext-dnssec-25">LDNS_RR_TYPE_RRSIG</a>, <a name="l01449"></a>01449 <a class="code" href="packet_8h.html#adad42096a5200b78a988227bd8c59b71ae9ba705eaab3d3f49701f2405568c104" title="used to get all non-question rrs from a packet">LDNS_SECTION_ANY_NOQUESTION</a>); <a name="l01450"></a>01450 <span class="keywordflow">if</span> (!sigs) { <a name="l01451"></a>01451 <span class="comment">/* no sigs */</span> <a name="l01452"></a>01452 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01453"></a>01453 <span class="comment">/* return LDNS_STATUS_CRYPTO_NO_RRSIG; */</span> <a name="l01454"></a>01454 } <a name="l01455"></a>01455 } <a name="l01456"></a>01456 <a name="l01457"></a>01457 <span class="comment">/* rrsig are subtyped, so now we need to find the correct</span> <a name="l01458"></a>01458 <span class="comment"> * sigs for the type t</span> <a name="l01459"></a>01459 <span class="comment"> */</span> <a name="l01460"></a>01460 t_netorder = htons(t); <span class="comment">/* rdf are in network order! */</span> <a name="l01461"></a>01461 <span class="comment">/* a type identifier is a 16-bit number, so the size is 2 bytes */</span> <a name="l01462"></a>01462 rdf_t = <a class="code" href="rdata_8c.html#a5074dfaf129822d72061d81b290bd332" title="allocates a new rdf structure and fills it.">ldns_rdf_new</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9af943c7b93856ac0cfcda816c7c952c9f" title="a RR type">LDNS_RDF_TYPE_TYPE</a>, <a name="l01463"></a>01463 2, <a name="l01464"></a>01464 &t_netorder); <a name="l01465"></a>01465 sigs_covered = <a class="code" href="rr_8c.html#a5bb990fd3ac15e23d799bc4b7bfa7934" title="Return the rr_list which matches the rdf at position field.">ldns_rr_list_subtype_by_rdf</a>(sigs, rdf_t, 0); <a name="l01466"></a>01466 <a name="l01467"></a>01467 rrset = <a class="code" href="packet_8c.html#a817ba0b6b178f84d9a83b09e4fdf6772" title="return all the rr with a specific type and type from a packet.">ldns_pkt_rr_list_by_name_and_type</a>(p, <a name="l01468"></a>01468 o, <a name="l01469"></a>01469 t, <a name="l01470"></a>01470 <a class="code" href="packet_8h.html#adad42096a5200b78a988227bd8c59b71ae9ba705eaab3d3f49701f2405568c104" title="used to get all non-question rrs from a packet">LDNS_SECTION_ANY_NOQUESTION</a>); <a name="l01471"></a>01471 <a name="l01472"></a>01472 <span class="keywordflow">if</span> (!rrset) { <a name="l01473"></a>01473 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01474"></a>01474 } <a name="l01475"></a>01475 <a name="l01476"></a>01476 <span class="keywordflow">if</span> (!sigs_covered) { <a name="l01477"></a>01477 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01478"></a>01478 } <a name="l01479"></a>01479 <a name="l01480"></a>01480 <span class="keywordflow">return</span> <a class="code" href="dnssec__verify_8c.html#a004bbeb2e0328a683c3920fdb64a70fe" title="Verifies a list of signatures for one rrset.">ldns_verify_time</a>(rrset, sigs, k, check_time, good_keys); <a name="l01481"></a>01481 } <a name="l01482"></a>01482 <a name="l01483"></a>01483 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01484"></a><a class="code" href="dnssec_8h.html#a0ee15f04de7f380ca19326fc7851c444">01484</a> <a class="code" href="dnssec_8c.html#a0ee15f04de7f380ca19326fc7851c444" title="verify a packet">ldns_pkt_verify</a>(<a class="code" href="structldns__struct__pkt.html" title="DNS packet.">ldns_pkt</a> *p, <a class="code" href="rr_8h.html#a5b71c1de711a178f6fbda5d684cdfed5">ldns_rr_type</a> t, <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *o, <a name="l01485"></a>01485 <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *k, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *s, <a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *good_keys) <a name="l01486"></a>01486 { <a name="l01487"></a>01487 <span class="keywordflow">return</span> <a class="code" href="dnssec_8c.html#af145cf7773677c0fffe56f5df5106c76" title="verify a packet">ldns_pkt_verify_time</a>(p, t, o, k, s, ldns_time(NULL), good_keys); <a name="l01488"></a>01488 } <a name="l01489"></a>01489 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> <a name="l01490"></a>01490 <a name="l01491"></a>01491 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01492"></a><a class="code" href="dnssec_8h.html#ad00a2e53f01e8ae1c08402fc80dff757">01492</a> <a class="code" href="dnssec_8c.html#ad00a2e53f01e8ae1c08402fc80dff757" title="chains nsec3 list">ldns_dnssec_chain_nsec3_list</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *nsec3_rrs) <a name="l01493"></a>01493 { <a name="l01494"></a>01494 <span class="keywordtype">size_t</span> i; <a name="l01495"></a>01495 <span class="keywordtype">char</span> *next_nsec_owner_str; <a name="l01496"></a>01496 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *next_nsec_owner_label; <a name="l01497"></a>01497 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *next_nsec_rdf; <a name="l01498"></a>01498 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> status = <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afac58492ee3fc8d23f33c79824ed08c465">LDNS_STATUS_OK</a>; <a name="l01499"></a>01499 <a name="l01500"></a>01500 <span class="keywordflow">for</span> (i = 0; i < <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(nsec3_rrs); i++) { <a name="l01501"></a>01501 <span class="keywordflow">if</span> (i == <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(nsec3_rrs) - 1) { <a name="l01502"></a>01502 next_nsec_owner_label = <a name="l01503"></a>01503 <a class="code" href="dname_8c.html#aee5c4a1b633f7c41d8788610bb2369a8" title="look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...">ldns_dname_label</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3_rrs, <a name="l01504"></a>01504 0)), 0); <a name="l01505"></a>01505 next_nsec_owner_str = <a class="code" href="host2str_8c.html#ae404881f2bc2bd31588e32e250f2c46b" title="Converts the data in the rdata field to presentation format and returns that as a char *...">ldns_rdf2str</a>(next_nsec_owner_label); <a name="l01506"></a>01506 <span class="keywordflow">if</span> (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] <a name="l01507"></a>01507 == <span class="charliteral">'.'</span>) { <a name="l01508"></a>01508 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] <a name="l01509"></a>01509 = <span class="charliteral">'\0'</span>; <a name="l01510"></a>01510 } <a name="l01511"></a>01511 status = <a class="code" href="str2host_8c.html#a4e3c97a73971ed136a3d32f1a081115a" title="convert the string with the b32 ext hex data into wireformat">ldns_str2rdf_b32_ext</a>(&next_nsec_rdf, <a name="l01512"></a>01512 next_nsec_owner_str); <a name="l01513"></a>01513 <span class="keywordflow">if</span> (!<a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3_rrs, i), <a name="l01514"></a>01514 next_nsec_rdf, 4)) { <a name="l01515"></a>01515 <span class="comment">/* todo: error */</span> <a name="l01516"></a>01516 } <a name="l01517"></a>01517 <a name="l01518"></a>01518 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(next_nsec_owner_label); <a name="l01519"></a>01519 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(next_nsec_owner_str); <a name="l01520"></a>01520 } <span class="keywordflow">else</span> { <a name="l01521"></a>01521 next_nsec_owner_label = <a name="l01522"></a>01522 <a class="code" href="dname_8c.html#aee5c4a1b633f7c41d8788610bb2369a8" title="look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label...">ldns_dname_label</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3_rrs, <a name="l01523"></a>01523 i + 1)), <a name="l01524"></a>01524 0); <a name="l01525"></a>01525 next_nsec_owner_str = <a class="code" href="host2str_8c.html#ae404881f2bc2bd31588e32e250f2c46b" title="Converts the data in the rdata field to presentation format and returns that as a char *...">ldns_rdf2str</a>(next_nsec_owner_label); <a name="l01526"></a>01526 <span class="keywordflow">if</span> (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] <a name="l01527"></a>01527 == <span class="charliteral">'.'</span>) { <a name="l01528"></a>01528 next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] <a name="l01529"></a>01529 = <span class="charliteral">'\0'</span>; <a name="l01530"></a>01530 } <a name="l01531"></a>01531 status = <a class="code" href="str2host_8c.html#a4e3c97a73971ed136a3d32f1a081115a" title="convert the string with the b32 ext hex data into wireformat">ldns_str2rdf_b32_ext</a>(&next_nsec_rdf, <a name="l01532"></a>01532 next_nsec_owner_str); <a name="l01533"></a>01533 <a class="code" href="rdata_8c.html#a47cb2779f76f2f6561ff8ede8e41afec" title="frees a rdf structure _and_ frees the data.">ldns_rdf_deep_free</a>(next_nsec_owner_label); <a name="l01534"></a>01534 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(next_nsec_owner_str); <a name="l01535"></a>01535 <span class="keywordflow">if</span> (!<a class="code" href="rr_8c.html#a7562013263235b77e6ba9880aafa5ac1" title="sets a rdf member, it will be set on the position given.">ldns_rr_set_rdf</a>(<a class="code" href="rr_8c.html#a07b1ccea9f2694b8b88904c543e16783" title="returns a specific rr of an rrlist.">ldns_rr_list_rr</a>(nsec3_rrs, i), <a name="l01536"></a>01536 next_nsec_rdf, 4)) { <a name="l01537"></a>01537 <span class="comment">/* todo: error */</span> <a name="l01538"></a>01538 } <a name="l01539"></a>01539 } <a name="l01540"></a>01540 } <a name="l01541"></a>01541 <span class="keywordflow">return</span> status; <a name="l01542"></a>01542 } <a name="l01543"></a>01543 <a name="l01544"></a>01544 <span class="keywordtype">int</span> <a name="l01545"></a><a class="code" href="dnssec_8h.html#ae641000a4b7f8c7229e1d3ece8067f39">01545</a> <a class="code" href="dnssec_8c.html#ae641000a4b7f8c7229e1d3ece8067f39" title="compare for nsec3 sort">qsort_rr_compare_nsec3</a>(<span class="keyword">const</span> <span class="keywordtype">void</span> *a, <span class="keyword">const</span> <span class="keywordtype">void</span> *b) <a name="l01546"></a>01546 { <a name="l01547"></a>01547 <span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *rr1 = * (<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> **) a; <a name="l01548"></a>01548 <span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *rr2 = * (<span class="keyword">const</span> <a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> **) b; <a name="l01549"></a>01549 <span class="keywordflow">if</span> (rr1 == NULL && rr2 == NULL) { <a name="l01550"></a>01550 <span class="keywordflow">return</span> 0; <a name="l01551"></a>01551 } <a name="l01552"></a>01552 <span class="keywordflow">if</span> (rr1 == NULL) { <a name="l01553"></a>01553 <span class="keywordflow">return</span> -1; <a name="l01554"></a>01554 } <a name="l01555"></a>01555 <span class="keywordflow">if</span> (rr2 == NULL) { <a name="l01556"></a>01556 <span class="keywordflow">return</span> 1; <a name="l01557"></a>01557 } <a name="l01558"></a>01558 <span class="keywordflow">return</span> <a class="code" href="rdata_8c.html#ae5813414a2392d94d20ec1f9f3705ad5" title="compares two rdf's on their wire formats.">ldns_rdf_compare</a>(<a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(rr1), <a class="code" href="rr_8c.html#a1d254bd0deb5d18e34d84ebc10496c5d" title="returns the owner name of an rr structure.">ldns_rr_owner</a>(rr2)); <a name="l01559"></a>01559 } <a name="l01560"></a>01560 <a name="l01561"></a>01561 <span class="keywordtype">void</span> <a name="l01562"></a><a class="code" href="dnssec_8h.html#a411a6000cc312ebf353ab0e302b97aec">01562</a> <a class="code" href="dnssec_8c.html#a411a6000cc312ebf353ab0e302b97aec" title="sort nsec3 list">ldns_rr_list_sort_nsec3</a>(<a class="code" href="structldns__struct__rr__list.html" title="List or Set of Resource Records.">ldns_rr_list</a> *unsorted) <a name="l01563"></a>01563 { <a name="l01564"></a>01564 qsort(unsorted-><a class="code" href="structldns__struct__rr__list.html#a2f0c697a0e0541252fefeb2d55ddc4e6">_rrs</a>, <a name="l01565"></a>01565 <a class="code" href="rr_8c.html#a7ac3192fe79ba66e47579bb2b267ce05" title="returns the number of rr's in an rr_list.">ldns_rr_list_rr_count</a>(unsorted), <a name="l01566"></a>01566 <span class="keyword">sizeof</span>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *), <a name="l01567"></a>01567 <a class="code" href="dnssec_8c.html#ae641000a4b7f8c7229e1d3ece8067f39" title="compare for nsec3 sort">qsort_rr_compare_nsec3</a>); <a name="l01568"></a>01568 } <a name="l01569"></a>01569 <a name="l01570"></a>01570 <span class="keywordtype">int</span> <a name="l01571"></a><a class="code" href="dnssec_8h.html#ada58948f5d105d7817ea47608e974d78">01571</a> <a class="code" href="dnssec_8c.html#ada58948f5d105d7817ea47608e974d78" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_add_to_signatures</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *sig, <span class="keywordtype">void</span> *n) <a name="l01572"></a>01572 { <a name="l01573"></a>01573 sig = sig; <a name="l01574"></a>01574 n = n; <a name="l01575"></a>01575 <span class="keywordflow">return</span> <a class="code" href="dnssec_8h.html#a7d75bfb1850f236aceceeb73dd91cc3d" title="return values for the old-signature callback">LDNS_SIGNATURE_LEAVE_ADD_NEW</a>; <a name="l01576"></a>01576 } <a name="l01577"></a>01577 <a name="l01578"></a>01578 <span class="keywordtype">int</span> <a name="l01579"></a><a class="code" href="dnssec_8h.html#a8a5934ffbbfb621c63ba8bb841229808">01579</a> <a class="code" href="dnssec_8c.html#a8a5934ffbbfb621c63ba8bb841229808" title="Default callback function to always leave present signatures, and add no new ones for the keys of the...">ldns_dnssec_default_leave_signatures</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *sig, <span class="keywordtype">void</span> *n) <a name="l01580"></a>01580 { <a name="l01581"></a>01581 sig = sig; <a name="l01582"></a>01582 n = n; <a name="l01583"></a>01583 <span class="keywordflow">return</span> <a class="code" href="dnssec_8h.html#af27db29d1fe3dc7fb7a0f98a766d1a12">LDNS_SIGNATURE_LEAVE_NO_ADD</a>; <a name="l01584"></a>01584 } <a name="l01585"></a>01585 <a name="l01586"></a>01586 <span class="keywordtype">int</span> <a name="l01587"></a><a class="code" href="dnssec_8h.html#ac7efa063ce39cf4791dd30a4b41ab14c">01587</a> <a class="code" href="dnssec_8c.html#ac7efa063ce39cf4791dd30a4b41ab14c" title="Default callback function to always remove present signatures, but add no new ones.">ldns_dnssec_default_delete_signatures</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *sig, <span class="keywordtype">void</span> *n) <a name="l01588"></a>01588 { <a name="l01589"></a>01589 sig = sig; <a name="l01590"></a>01590 n = n; <a name="l01591"></a>01591 <span class="keywordflow">return</span> <a class="code" href="dnssec_8h.html#a9d87cb4cfbb8ee22ffbcc3ddb9d5dce1">LDNS_SIGNATURE_REMOVE_NO_ADD</a>; <a name="l01592"></a>01592 } <a name="l01593"></a>01593 <a name="l01594"></a>01594 <span class="keywordtype">int</span> <a name="l01595"></a><a class="code" href="dnssec_8h.html#aa20001e7098d4be9f24baf56a8761410">01595</a> <a class="code" href="dnssec_8c.html#aa20001e7098d4be9f24baf56a8761410" title="Default callback function to always leave present signatures, and add new ones.">ldns_dnssec_default_replace_signatures</a>(<a class="code" href="structldns__struct__rr.html" title="Resource Record.">ldns_rr</a> *sig, <span class="keywordtype">void</span> *n) <a name="l01596"></a>01596 { <a name="l01597"></a>01597 sig = sig; <a name="l01598"></a>01598 n = n; <a name="l01599"></a>01599 <span class="keywordflow">return</span> <a class="code" href="dnssec_8h.html#ad3c393ca14a32d2a34fb22585caeb73e">LDNS_SIGNATURE_REMOVE_ADD_NEW</a>; <a name="l01600"></a>01600 } <a name="l01601"></a>01601 <a name="l01602"></a>01602 <span class="preprocessor">#ifdef HAVE_SSL</span> <a name="l01603"></a>01603 <span class="preprocessor"></span><a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01604"></a><a class="code" href="dnssec_8h.html#a4634cf53a0db48001bbbbdd17cc19776">01604</a> <a class="code" href="dnssec_8c.html#a4634cf53a0db48001bbbbdd17cc19776" title="Converts the DSA signature from ASN1 representation (RFC2459, as used by OpenSSL) to raw signature da...">ldns_convert_dsa_rrsig_asn12rdf</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sig, <a name="l01605"></a>01605 <span class="keyword">const</span> <span class="keywordtype">long</span> sig_len) <a name="l01606"></a>01606 { <a name="l01607"></a>01607 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sigdata_rdf; <a name="l01608"></a>01608 DSA_SIG *dsasig; <a name="l01609"></a>01609 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *dsasig_data = (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(sig); <a name="l01610"></a>01610 <span class="keywordtype">size_t</span> byte_offset; <a name="l01611"></a>01611 <a name="l01612"></a>01612 dsasig = d2i_DSA_SIG(NULL, <a name="l01613"></a>01613 (<span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> **)&dsasig_data, <a name="l01614"></a>01614 sig_len); <a name="l01615"></a>01615 <span class="keywordflow">if</span> (!dsasig) { <a name="l01616"></a>01616 DSA_SIG_free(dsasig); <a name="l01617"></a>01617 <span class="keywordflow">return</span> NULL; <a name="l01618"></a>01618 } <a name="l01619"></a>01619 <a name="l01620"></a>01620 dsasig_data = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>, 41); <a name="l01621"></a>01621 <span class="keywordflow">if</span>(!dsasig_data) { <a name="l01622"></a>01622 DSA_SIG_free(dsasig); <a name="l01623"></a>01623 <span class="keywordflow">return</span> NULL; <a name="l01624"></a>01624 } <a name="l01625"></a>01625 dsasig_data[0] = 0; <a name="l01626"></a>01626 byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r)); <a name="l01627"></a>01627 <span class="keywordflow">if</span> (byte_offset > 20) { <a name="l01628"></a>01628 DSA_SIG_free(dsasig); <a name="l01629"></a>01629 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(dsasig_data); <a name="l01630"></a>01630 <span class="keywordflow">return</span> NULL; <a name="l01631"></a>01631 } <a name="l01632"></a>01632 memset(&dsasig_data[1], 0, byte_offset); <a name="l01633"></a>01633 BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]); <a name="l01634"></a>01634 byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s)); <a name="l01635"></a>01635 <span class="keywordflow">if</span> (byte_offset > 20) { <a name="l01636"></a>01636 DSA_SIG_free(dsasig); <a name="l01637"></a>01637 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(dsasig_data); <a name="l01638"></a>01638 <span class="keywordflow">return</span> NULL; <a name="l01639"></a>01639 } <a name="l01640"></a>01640 memset(&dsasig_data[21], 0, byte_offset); <a name="l01641"></a>01641 BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]); <a name="l01642"></a>01642 <a name="l01643"></a>01643 sigdata_rdf = <a class="code" href="rdata_8c.html#a5074dfaf129822d72061d81b290bd332" title="allocates a new rdf structure and fills it.">ldns_rdf_new</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, 41, dsasig_data); <a name="l01644"></a>01644 <span class="keywordflow">if</span>(!sigdata_rdf) { <a name="l01645"></a>01645 <a class="code" href="util_8h.html#a5e13054aa9b3843e97514228a0bbe909">LDNS_FREE</a>(dsasig_data); <a name="l01646"></a>01646 } <a name="l01647"></a>01647 DSA_SIG_free(dsasig); <a name="l01648"></a>01648 <a name="l01649"></a>01649 <span class="keywordflow">return</span> sigdata_rdf; <a name="l01650"></a>01650 } <a name="l01651"></a>01651 <a name="l01652"></a>01652 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01653"></a><a class="code" href="dnssec_8h.html#ab108d2e53a4c50960af11f999a8ba546">01653</a> <a class="code" href="dnssec_8c.html#ab108d2e53a4c50960af11f999a8ba546" title="Converts the RRSIG signature RDF (in rfc2536 format) to a buffer with the signature in rfc2459 format...">ldns_convert_dsa_rrsig_rdf2asn1</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *target_buffer, <a name="l01654"></a>01654 <span class="keyword">const</span> <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sig_rdf) <a name="l01655"></a>01655 { <a name="l01656"></a>01656 <span class="comment">/* the EVP api wants the DER encoding of the signature... */</span> <a name="l01657"></a>01657 BIGNUM *<a class="code" href="sha2_8c.html#af299e0982ce71aad5027c4a7315e536f">R</a>, *S; <a name="l01658"></a>01658 DSA_SIG *dsasig; <a name="l01659"></a>01659 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *raw_sig = NULL; <a name="l01660"></a>01660 <span class="keywordtype">int</span> raw_sig_len; <a name="l01661"></a>01661 <a name="l01662"></a>01662 <span class="keywordflow">if</span>(<a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH) <a name="l01663"></a>01663 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa964d481de70cdd4f7d14482e9464bc37">LDNS_STATUS_SYNTAX_RDATA_ERR</a>; <a name="l01664"></a>01664 <span class="comment">/* extract the R and S field from the sig buffer */</span> <a name="l01665"></a>01665 R = BN_new(); <a name="l01666"></a>01666 <span class="keywordflow">if</span>(!R) <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l01667"></a>01667 (void) BN_bin2bn((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(sig_rdf) + 1, <a name="l01668"></a>01668 SHA_DIGEST_LENGTH, <a class="code" href="sha2_8c.html#af299e0982ce71aad5027c4a7315e536f">R</a>); <a name="l01669"></a>01669 S = BN_new(); <a name="l01670"></a>01670 <span class="keywordflow">if</span>(!S) { <a name="l01671"></a>01671 BN_free(R); <a name="l01672"></a>01672 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l01673"></a>01673 } <a name="l01674"></a>01674 (void) BN_bin2bn((<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *) <a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(sig_rdf) + 21, <a name="l01675"></a>01675 SHA_DIGEST_LENGTH, S); <a name="l01676"></a>01676 <a name="l01677"></a>01677 dsasig = DSA_SIG_new(); <a name="l01678"></a>01678 <span class="keywordflow">if</span> (!dsasig) { <a name="l01679"></a>01679 BN_free(R); <a name="l01680"></a>01680 BN_free(S); <a name="l01681"></a>01681 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l01682"></a>01682 } <a name="l01683"></a>01683 <a name="l01684"></a>01684 dsasig->r = <a class="code" href="sha2_8c.html#af299e0982ce71aad5027c4a7315e536f">R</a>; <a name="l01685"></a>01685 dsasig->s = S; <a name="l01686"></a>01686 <a name="l01687"></a>01687 raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig); <a name="l01688"></a>01688 <span class="keywordflow">if</span> (raw_sig_len < 0) { <a name="l01689"></a>01689 DSA_SIG_free(dsasig); <a name="l01690"></a>01690 free(raw_sig); <a name="l01691"></a>01691 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa4b81ce86fac4200eb70195508a52c5c0">LDNS_STATUS_SSL_ERR</a>; <a name="l01692"></a>01692 } <a name="l01693"></a>01693 <span class="keywordflow">if</span> (<a class="code" href="buffer_8c.html#a8ba0bcb3201dae8d3e563ed201decc7c" title="ensures BUFFER can contain at least AMOUNT more bytes.">ldns_buffer_reserve</a>(target_buffer, (<span class="keywordtype">size_t</span>) raw_sig_len)) { <a name="l01694"></a>01694 ldns_buffer_write(target_buffer, raw_sig, (<span class="keywordtype">size_t</span>)raw_sig_len); <a name="l01695"></a>01695 } <a name="l01696"></a>01696 <a name="l01697"></a>01697 DSA_SIG_free(dsasig); <a name="l01698"></a>01698 free(raw_sig); <a name="l01699"></a>01699 <a name="l01700"></a>01700 <span class="keywordflow">return</span> ldns_buffer_status(target_buffer); <a name="l01701"></a>01701 } <a name="l01702"></a>01702 <a name="l01703"></a>01703 <span class="preprocessor">#ifdef USE_ECDSA</span> <a name="l01704"></a>01704 <span class="preprocessor"></span><span class="preprocessor">#ifndef S_SPLINT_S</span> <a name="l01705"></a>01705 <span class="preprocessor"></span><a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> * <a name="l01706"></a>01706 <a class="code" href="dnssec_8h.html#a6abc850382a62cd75779a03c6714513c" title="Converts the ECDSA signature from ASN1 representation (as used by OpenSSL) to raw signature data as u...">ldns_convert_ecdsa_rrsig_asn12rdf</a>(<span class="keyword">const</span> <a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *sig, <span class="keyword">const</span> <span class="keywordtype">long</span> sig_len) <a name="l01707"></a>01707 { <a name="l01708"></a>01708 ECDSA_SIG* ecdsa_sig; <a name="l01709"></a>01709 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *data = (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)ldns_buffer_begin(sig); <a name="l01710"></a>01710 <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a>* rdf; <a name="l01711"></a>01711 ecdsa_sig = d2i_ECDSA_SIG(NULL, (<span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> **)&data, sig_len); <a name="l01712"></a>01712 <span class="keywordflow">if</span>(!ecdsa_sig) <span class="keywordflow">return</span> NULL; <a name="l01713"></a>01713 <a name="l01714"></a>01714 <span class="comment">/* "r | s". */</span> <a name="l01715"></a>01715 data = <a class="code" href="util_8h.html#aaad6949daea3c6cefd01d19300f6e21a">LDNS_XMALLOC</a>(<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>, <a name="l01716"></a>01716 BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)); <a name="l01717"></a>01717 <span class="keywordflow">if</span>(!data) { <a name="l01718"></a>01718 ECDSA_SIG_free(ecdsa_sig); <a name="l01719"></a>01719 <span class="keywordflow">return</span> NULL; <a name="l01720"></a>01720 } <a name="l01721"></a>01721 BN_bn2bin(ecdsa_sig->r, data); <a name="l01722"></a>01722 BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r)); <a name="l01723"></a>01723 rdf = <a class="code" href="rdata_8c.html#a5074dfaf129822d72061d81b290bd332" title="allocates a new rdf structure and fills it.">ldns_rdf_new</a>(<a class="code" href="rdata_8h.html#aaa92376014f0abbf0110ca6efd587bb9a4bbe575feeed4d2e7045962b7262c180" title="b64 string">LDNS_RDF_TYPE_B64</a>, (<span class="keywordtype">size_t</span>)( <a name="l01724"></a>01724 BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data); <a name="l01725"></a>01725 ECDSA_SIG_free(ecdsa_sig); <a name="l01726"></a>01726 <span class="keywordflow">return</span> rdf; <a name="l01727"></a>01727 } <a name="l01728"></a>01728 <a name="l01729"></a>01729 <a class="code" href="error_8h.html#aaa6d98f86f535cf87b83b89e91f488f9">ldns_status</a> <a name="l01730"></a>01730 <a class="code" href="dnssec_8h.html#a43edc2abba90771b264de3665b34e45a" title="Converts the RRSIG signature RDF (from DNS) to a buffer with the signature in ASN1 format as openssl ...">ldns_convert_ecdsa_rrsig_rdf2asn1</a>(<a class="code" href="structldns__struct__buffer.html" title="implementation of buffers to ease operations">ldns_buffer</a> *target_buffer, <a name="l01731"></a>01731 <span class="keyword">const</span> <a class="code" href="structldns__struct__rdf.html" title="Resource record data field.">ldns_rdf</a> *sig_rdf) <a name="l01732"></a>01732 { <a name="l01733"></a>01733 ECDSA_SIG* sig; <a name="l01734"></a>01734 <span class="keywordtype">int</span> raw_sig_len; <a name="l01735"></a>01735 <span class="keywordtype">long</span> bnsize = (long)<a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(sig_rdf) / 2; <a name="l01736"></a>01736 <span class="comment">/* if too short, or not even length, do not bother */</span> <a name="l01737"></a>01737 <span class="keywordflow">if</span>(bnsize < 16 || (<span class="keywordtype">size_t</span>)bnsize*2 != <a class="code" href="rdata_8c.html#acccb19af8b71b0c8d341d17946b46e8b" title="returns the size of the rdf.">ldns_rdf_size</a>(sig_rdf)) <a name="l01738"></a>01738 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa804a996d5f13cda0806bf1d54114d2ca">LDNS_STATUS_ERR</a>; <a name="l01739"></a>01739 <a name="l01740"></a>01740 <span class="comment">/* use the raw data to parse two evenly long BIGNUMs, "r | s". */</span> <a name="l01741"></a>01741 sig = ECDSA_SIG_new(); <a name="l01742"></a>01742 <span class="keywordflow">if</span>(!sig) <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l01743"></a>01743 sig->r = BN_bin2bn((<span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)<a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(sig_rdf), <a name="l01744"></a>01744 bnsize, sig->r); <a name="l01745"></a>01745 sig->s = BN_bin2bn((<span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*)<a class="code" href="rdata_8c.html#adc126e8f5417a3c1049242f93fde3602" title="returns the data of the rdf.">ldns_rdf_data</a>(sig_rdf)+bnsize, <a name="l01746"></a>01746 bnsize, sig->s); <a name="l01747"></a>01747 <span class="keywordflow">if</span>(!sig->r || !sig->s) { <a name="l01748"></a>01748 ECDSA_SIG_free(sig); <a name="l01749"></a>01749 <span class="keywordflow">return</span> <a class="code" href="error_8h.html#a11f34802bb1624af46054952e3b853afa81e80e66a14551db514726fa49290498">LDNS_STATUS_MEM_ERR</a>; <a name="l01750"></a>01750 } <a name="l01751"></a>01751 <a name="l01752"></a>01752 raw_sig_len = i2d_ECDSA_SIG(sig, NULL); <a name="l01753"></a>01753 <span class="keywordflow">if</span> (<a class="code" href="buffer_8c.html#a8ba0bcb3201dae8d3e563ed201decc7c" title="ensures BUFFER can contain at least AMOUNT more bytes.">ldns_buffer_reserve</a>(target_buffer, (<span class="keywordtype">size_t</span>) raw_sig_len)) { <a name="l01754"></a>01754 <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>* pp = (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span>*) <a name="l01755"></a>01755 ldns_buffer_current(target_buffer); <a name="l01756"></a>01756 raw_sig_len = i2d_ECDSA_SIG(sig, &pp); <a name="l01757"></a>01757 ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len); <a name="l01758"></a>01758 } <a name="l01759"></a>01759 ECDSA_SIG_free(sig); <a name="l01760"></a>01760 <a name="l01761"></a>01761 <span class="keywordflow">return</span> ldns_buffer_status(target_buffer); <a name="l01762"></a>01762 } <a name="l01763"></a>01763 <a name="l01764"></a>01764 <span class="preprocessor">#endif </span><span class="comment">/* S_SPLINT_S */</span> <a name="l01765"></a>01765 <span class="preprocessor">#endif </span><span class="comment">/* USE_ECDSA */</span> <a name="l01766"></a>01766 <span class="preprocessor">#endif </span><span class="comment">/* HAVE_SSL */</span> </pre></div></div> </div> <hr class="footer"/><address class="footer"><small>Generated on Wed Jan 11 2012 for ldns by  <a href="http://www.doxygen.org/index.html"> <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.7.4 </small></address> </body> </html>