dnssec_sign.c File Reference

Go to the source code of this file.

Functions

ldns_rrldns_create_empty_rrsig (ldns_rr_list *rrset, ldns_key *current_key)
 Create an empty RRSIG RR (i.e.
ldns_rdfldns_sign_public_buffer (ldns_buffer *sign_buf, ldns_key *current_key)
 Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with the given key.
ldns_rr_listldns_sign_public (ldns_rr_list *rrset, ldns_key_list *keys)
 use this function to sign with a public/private key alg return the created signatures
ldns_rdfldns_sign_public_dsa (ldns_buffer *to_sign, DSA *key)
 Sign data with DSA.
ldns_rdfldns_sign_public_evp (ldns_buffer *to_sign, EVP_PKEY *key, const EVP_MD *digest_type)
 Sign data with EVP (general method for different algorithms).
ldns_rdfldns_sign_public_rsasha1 (ldns_buffer *to_sign, RSA *key)
 Sign a buffer with the RSA key (hash with SHA1).
ldns_rdfldns_sign_public_rsamd5 (ldns_buffer *to_sign, RSA *key)
 Sign a buffer with the RSA key (hash with MD5).
ldns_status ldns_dnssec_zone_mark_and_get_glue (ldns_dnssec_zone *zone, ldns_rr_list *glue_list)
 Marks the names in the zone that are occluded.
ldns_status ldns_dnssec_zone_mark_glue (ldns_dnssec_zone *zone)
 Marks the names in the zone that are occluded.
ldns_rbnode_tldns_dnssec_name_node_next_nonglue (ldns_rbnode_t *node)
 Finds the first dnssec_name node in the rbtree that is not occluded.
ldns_status ldns_dnssec_zone_create_nsecs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs)
 Adds NSEC records to the given dnssec_zone.
int ldns_dname_compare_v (const void *a, const void *b)
ldns_status ldns_dnssec_zone_create_nsec3s_mkmap (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, ldns_rbtree_t **map)
ldns_status ldns_dnssec_zone_create_nsec3s (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
 Adds NSEC3 records to the zone.
ldns_dnssec_rrsldns_dnssec_remove_signatures (ldns_dnssec_rrs *signatures, ATTR_UNUSED(ldns_key_list *key_list), int(*func)(ldns_rr *, void *), void *arg)
ldns_status ldns_dnssec_zone_create_rrsigs (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
 Adds signatures to the zone.
ldns_status ldns_dnssec_zone_create_rrsigs_flg (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
 Adds signatures to the zone.
ldns_status ldns_dnssec_zone_sign (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg)
 signs the given zone with the given keys
ldns_status ldns_dnssec_zone_sign_flg (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, int flags)
 signs the given zone with the given keys
ldns_status ldns_dnssec_zone_sign_nsec3 (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
 signs the given zone with the given new zone, with NSEC3
ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags, ldns_rbtree_t **map)
 signs the given zone with the given new zone, with NSEC3
ldns_status ldns_dnssec_zone_sign_nsec3_flg (ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int(*func)(ldns_rr *, void *), void *arg, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt, int signflags)
 signs the given zone with the given new zone, with NSEC3
ldns_zoneldns_zone_sign (const ldns_zone *zone, ldns_key_list *key_list)
 Signs the zone, and returns a newly allocated signed zone.
ldns_zoneldns_zone_sign_nsec3 (ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt)
 Signs the zone with NSEC3, and returns a newly allocated signed zone.

Function Documentation

ldns_rr* ldns_create_empty_rrsig ( ldns_rr_list rrset,
ldns_key key 
)
ldns_rdf* ldns_sign_public_buffer ( ldns_buffer sign_buf,
ldns_key key 
)

Sign the buffer which contains the wiredata of an rrset, and the corresponding empty rrsig rr with the given key.

Parameters:
[in] sign_buf the buffer with data to sign
[in] key the key to sign with
Returns:
an rdata field with the signature data

Definition at line 120 of file dnssec_sign.c.

References ldns_key_algorithm(), ldns_key_evp_key(), LDNS_SIGN_DSA, LDNS_SIGN_DSA_NSEC3, LDNS_SIGN_ECC_GOST, LDNS_SIGN_ECDSAP256SHA256, LDNS_SIGN_ECDSAP384SHA384, ldns_sign_public_evp(), LDNS_SIGN_RSAMD5, LDNS_SIGN_RSASHA1, LDNS_SIGN_RSASHA1_NSEC3, LDNS_SIGN_RSASHA256, and LDNS_SIGN_RSASHA512.

ldns_rr_list* ldns_sign_public ( ldns_rr_list rrset,
ldns_key_list keys 
)
ldns_rdf* ldns_sign_public_dsa ( ldns_buffer to_sign,
DSA *  key 
)

Sign data with DSA.

Sign a buffer with the DSA key (hash with SHA1).

Parameters:
[in] to_sign The ldns_buffer containing raw data that is to be signed
[in] key The DSA key structure to sign with
Returns:
ldns_rdf for the RRSIG ldns_rr

Definition at line 309 of file dnssec_sign.c.

References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), LDNS_FREE, LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), LDNS_RDF_TYPE_B64, and LDNS_XMALLOC.

ldns_rdf* ldns_sign_public_evp ( ldns_buffer to_sign,
EVP_PKEY *  key,
const EVP_MD *  digest_type 
)

Sign data with EVP (general method for different algorithms).

Parameters:
[in] to_sign The ldns_buffer containing raw data that is to be signed
[in] key The EVP_PKEY key structure to sign with
[in] digest_type The digest algorithm to use in the creation of the signature
Returns:
ldns_rdf for the RRSIG ldns_rr

Definition at line 397 of file dnssec_sign.c.

References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), ldns_convert_dsa_rrsig_asn12rdf(), ldns_convert_ecdsa_rrsig_asn12rdf(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_rdf* ldns_sign_public_rsasha1 ( ldns_buffer to_sign,
RSA *  key 
)

Sign a buffer with the RSA key (hash with SHA1).

Parameters:
[in] to_sign buffer with the data
[in] key the key to use
Returns:
a ldns_rdf with the signed data

Definition at line 465 of file dnssec_sign.c.

References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_rdf* ldns_sign_public_rsamd5 ( ldns_buffer to_sign,
RSA *  key 
)

Sign a buffer with the RSA key (hash with MD5).

Parameters:
[in] to_sign buffer with the data
[in] key the key to use
Returns:
a ldns_rdf with the signed data

Definition at line 501 of file dnssec_sign.c.

References ldns_buffer_begin(), ldns_buffer_free(), ldns_buffer_new(), ldns_buffer_position(), LDNS_MAX_PACKETLEN, ldns_rdf_new_frm_data(), and LDNS_RDF_TYPE_B64.

ldns_status ldns_dnssec_zone_mark_and_get_glue ( ldns_dnssec_zone zone,
ldns_rr_list glue_list 
)

Marks the names in the zone that are occluded.

Those names will be skipped when walking the tree with the ldns_dnssec_name_node_next_nonglue() function. But watch out! Names that are partially occluded (like glue with the same name as the delegation) will not be marked and should specifically be taken into account seperately.

When glue_list is given (not NULL), in the process of marking the names, all glue resource records will be pushed to that list, even glue at delegation names.

Parameters:
[in] zone the zone in which to mark the names
[in] glue_list the list to which to push the glue rrs
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 579 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_struct_dnssec_name::is_glue, ldns_dname_is_subdomain(), ldns_dnssec_name_name(), ldns_dnssec_rrsets_contains_type(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, LDNS_RR_TYPE_DNAME, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_SOA, LDNS_STATUS_NULL, LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, and ldns_struct_dnssec_name::rrsets.

ldns_status ldns_dnssec_zone_mark_glue ( ldns_dnssec_zone zone  ) 

Marks the names in the zone that are occluded.

Those names will be skipped when walking the tree with the ldns_dnssec_name_node_next_nonglue() function. But watch out! Names that are partially occluded (like glue with the same name as the delegation) will not be marked and should specifically be taken into account seperately.

Parameters:
[in] zone the zone in which to mark the names
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 668 of file dnssec_sign.c.

References ldns_dnssec_zone_mark_and_get_glue().

ldns_rbnode_t* ldns_dnssec_name_node_next_nonglue ( ldns_rbnode_t node  ) 

Finds the first dnssec_name node in the rbtree that is not occluded.

It *does* return names that are partially occluded.

Parameters:
[in] node the first node to check
Returns:
the first node that has not been marked as glue, or NULL if not found (TODO: make that LDNS_RBTREE_NULL?)

Definition at line 674 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_struct_dnssec_name::is_glue, ldns_rbtree_next(), and LDNS_RBTREE_NULL.

ldns_status ldns_dnssec_zone_create_nsecs ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs 
)

Adds NSEC records to the given dnssec_zone.

Parameters:
[in] zone the zone to add the records to
[in] new_rrs ldns_rr's created by this function are added to this rr list, so the caller can free them later
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 700 of file dnssec_sign.c.

References ldns_rbnode_t::data, LDNS_DEFAULT_TTL, ldns_dnssec_create_nsec(), ldns_dnssec_name_add_rr(), ldns_dnssec_name_find_rrset(), ldns_dnssec_name_node_next_nonglue(), ldns_rbtree_first(), ldns_rbtree_next(), ldns_rdf2native_int32(), ldns_rr_free(), ldns_rr_list_push_rr(), ldns_rr_rdf(), ldns_rr_set_ttl(), LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_SOA, LDNS_STATUS_ERR, LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, ldns_struct_dnssec_rrs::rr, ldns_struct_dnssec_rrsets::rrs, and ldns_struct_dnssec_zone::soa.

int ldns_dname_compare_v ( const void *  a,
const void *  b 
)

Definition at line 826 of file dnssec_zone.c.

References ldns_dname_compare().

ldns_status ldns_dnssec_zone_create_nsec3s_mkmap ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt,
ldns_rbtree_t **  map 
)
ldns_status ldns_dnssec_zone_create_nsec3s ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt 
)

Adds NSEC3 records to the zone.

Definition at line 877 of file dnssec_sign.c.

References ldns_dnssec_zone_create_nsec3s_mkmap().

ldns_dnssec_rrs* ldns_dnssec_remove_signatures ( ldns_dnssec_rrs signatures,
ATTR_UNUSED(ldns_key_list *key_list)  ,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)
ldns_status ldns_dnssec_zone_create_rrsigs ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)

Adds signatures to the zone.

Parameters:
[in] zone the zone to add RRSIG Resource Records to
[in] new_rrs the RRSIG RRs that are created are also added to this list, so the caller can free them later
[in] key_list list of keys to sign with.
[in] func Callback function to decide what keys to use and what to do with old signatures
[in] arg Optional argument for the callback function
Returns:
LDNS_STATUS_OK on success, error otherwise

Definition at line 979 of file dnssec_sign.c.

References ldns_dnssec_zone_create_rrsigs_flg().

ldns_status ldns_dnssec_zone_create_rrsigs_flg ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
int  flags 
)

Adds signatures to the zone.

Parameters:
[in] zone the zone to add RRSIG Resource Records to
[in] new_rrs the RRSIG RRs that are created are also added to this list, so the caller can free them later
[in] key_list list of keys to sign with.
[in] func Callback function to decide what keys to use and what to do with old signatures
[in] arg Optional argument for the callback function
[in] flags option flags for signing process. 0 makes DNSKEY RRset signed with the minimal key set, that is only SEP keys are used for signing. If there are no SEP keys available, non-SEP keys will be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all keys. 0 is the default.
Returns:
LDNS_STATUS_OK on success, error otherwise

Definition at line 1027 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_struct_dnssec_name::is_glue, ldns_dnssec_remove_signatures(), ldns_dnssec_rrs_add_rr(), ldns_dnssec_rrs_new(), ldns_dnssec_rrsets_contains_type(), ldns_key2rr(), ldns_key_list_key(), ldns_key_list_key_count(), ldns_key_list_set_use(), ldns_rbtree_first(), ldns_rbtree_next(), LDNS_RBTREE_NULL, ldns_rr_list_deep_free(), ldns_rr_list_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_rr_list_type(), LDNS_RR_TYPE_DNSKEY, LDNS_RR_TYPE_DS, LDNS_RR_TYPE_NS, LDNS_RR_TYPE_NSEC, LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_SOA, LDNS_SIGN_DNSKEY_WITH_ZSK, ldns_sign_public(), LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, ldns_struct_dnssec_rrsets::next, ldns_struct_dnssec_rrs::next, ldns_struct_dnssec_name::nsec, ldns_struct_dnssec_name::nsec_signatures, ldns_struct_dnssec_rrs::rr, ldns_struct_dnssec_rrsets::rrs, ldns_struct_dnssec_name::rrsets, ldns_struct_dnssec_rrsets::signatures, and ldns_struct_dnssec_rrsets::type.

ldns_status ldns_dnssec_zone_sign ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg 
)

signs the given zone with the given keys

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW: remove the signature and replace is with a new one from the same key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not add a new one with the corresponding key LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not replace
[in] arg optional argument for the callback function
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 1170 of file dnssec_sign.c.

References ldns_dnssec_zone_sign_flg().

ldns_status ldns_dnssec_zone_sign_flg ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
int  flags 
)

signs the given zone with the given keys

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: LDNS_SIGNATURE_LEAVE_ADD_NEW: leave the signature and add a new one for the corresponding key LDNS_SIGNATURE_REMOVE_ADD_NEW: remove the signature and replace is with a new one from the same key LDNS_SIGNATURE_LEAVE_NO_ADD: leave the signature and do not add a new one with the corresponding key LDNS_SIGNATURE_REMOVE_NO_ADD: remove the signature and do not replace
[in] arg optional argument for the callback function
[in] flags option flags for signing process. 0 makes DNSKEY RRset signed with the minimal key set, that is only SEP keys are used for signing. If there are no SEP keys available, non-SEP keys will be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all keys. 0 is the default.
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 1180 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_zone_create_nsecs(), ldns_dnssec_zone_create_rrsigs_flg(), ldns_dnssec_zone_mark_glue(), LDNS_STATUS_ERR, LDNS_STATUS_OK, ldns_struct_dnssec_zone::names, and ldns_rbtree_t::root.

ldns_status ldns_dnssec_zone_sign_nsec3 ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt 
)

signs the given zone with the given new zone, with NSEC3

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures
[in] arg optional argument for the callback function
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 1218 of file dnssec_sign.c.

References ldns_dnssec_zone_sign_nsec3_flg_mkmap().

ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt,
int  signflags,
ldns_rbtree_t **  map 
)

signs the given zone with the given new zone, with NSEC3

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures
[in] arg optional argument for the callback function
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
[in] signflags option flags for signing process. 0 is the default.
[out] map a referenced rbtree pointer variable. The newly created rbtree will contain mappings from hashed owner names to the unhashed name.
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 1235 of file dnssec_sign.c.

References ldns_rbnode_t::data, ldns_dnssec_zone_add_empty_nonterminals(), ldns_dnssec_zone_add_rr(), ldns_dnssec_zone_create_nsec3s_mkmap(), ldns_dnssec_zone_create_rrsigs_flg(), ldns_dnssec_zone_find_rrset(), ldns_dnssec_zone_mark_glue(), ldns_nsec3_add_param_rdfs(), ldns_rdf_clone(), ldns_rdf_data(), ldns_rr_get_type(), ldns_rr_list_push_rr(), ldns_rr_new_frm_type(), ldns_rr_rdf(), ldns_rr_set_owner(), LDNS_RR_TYPE_NSEC3, LDNS_RR_TYPE_NSEC3PARAM, ldns_set_bit(), LDNS_STATUS_OK, ldns_struct_dnssec_name::name, ldns_struct_dnssec_zone::names, ldns_rbtree_t::root, and ldns_struct_dnssec_zone::soa.

ldns_status ldns_dnssec_zone_sign_nsec3_flg ( ldns_dnssec_zone zone,
ldns_rr_list new_rrs,
ldns_key_list key_list,
int(*)(ldns_rr *, void *)  func,
void *  arg,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt,
int  signflags 
)

signs the given zone with the given new zone, with NSEC3

Parameters:
[in] zone the zone to sign
[in] key_list the list of keys to sign the zone with
[in] new_rrs newly created resource records are added to this list, to free them later
[in] func callback function that decides what to do with old signatures
[in] arg optional argument for the callback function
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
[in] signflags option flags for signing process. 0 is the default.
Returns:
LDNS_STATUS_OK on success, an error code otherwise

Definition at line 1320 of file dnssec_sign.c.

References ldns_dnssec_zone_sign_nsec3_flg_mkmap().

ldns_zone* ldns_zone_sign ( const ldns_zone zone,
ldns_key_list key_list 
)

Signs the zone, and returns a newly allocated signed zone.

Parameters:
[in] zone the zone to sign
[in] key_list list of keys to sign with
Returns:
signed zone

Definition at line 1338 of file dnssec_sign.c.

References ldns_dnssec_default_replace_signatures(), ldns_dnssec_zone_add_rr(), ldns_dnssec_zone_free(), ldns_dnssec_zone_new(), ldns_dnssec_zone_sign(), ldns_rr_clone(), ldns_rr_list_deep_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_zone_new(), ldns_zone_push_rr(), ldns_zone_rrs(), ldns_zone_set_soa(), and ldns_zone_soa().

ldns_zone* ldns_zone_sign_nsec3 ( ldns_zone zone,
ldns_key_list key_list,
uint8_t  algorithm,
uint8_t  flags,
uint16_t  iterations,
uint8_t  salt_length,
uint8_t *  salt 
)

Signs the zone with NSEC3, and returns a newly allocated signed zone.

Parameters:
[in] zone the zone to sign
[in] key_list list of keys to sign with
[in] algorithm the NSEC3 hashing algorithm to use
[in] flags NSEC3 flags
[in] iterations the number of NSEC3 hash iterations to use
[in] salt_length the length (in octets) of the NSEC3 salt
[in] salt the NSEC3 salt data
Returns:
signed zone

Definition at line 1379 of file dnssec_sign.c.

References ldns_dnssec_default_replace_signatures(), ldns_dnssec_zone_add_rr(), ldns_dnssec_zone_free(), ldns_dnssec_zone_new(), ldns_dnssec_zone_sign_nsec3(), ldns_rr_clone(), ldns_rr_list_deep_free(), ldns_rr_list_new(), ldns_rr_list_push_rr(), ldns_rr_list_rr(), ldns_rr_list_rr_count(), ldns_zone_new(), ldns_zone_push_rr(), ldns_zone_rrs(), ldns_zone_set_soa(), and ldns_zone_soa().


Generated on 20 Aug 2015 for ldns by  doxygen 1.6.1