1 /*------------------------------------------------------------------------------
2  *
3  * Copyright (c) 2011-2021, EURid vzw. All rights reserved.
4  * The YADIFA TM software product is provided under the BSD 3-clause license:
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  *        * Redistributions of source code must retain the above copyright
11  *          notice, this list of conditions and the following disclaimer.
12  *        * Redistributions in binary form must reproduce the above copyright
13  *          notice, this list of conditions and the following disclaimer in the
14  *          documentation and/or other materials provided with the distribution.
15  *        * Neither the name of EURid nor the names of its contributors may be
16  *          used to endorse or promote products derived from this software
17  *          without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
23  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  *
31  *------------------------------------------------------------------------------
32  *
33  */
34 
35 /** @defgroup dnsdbzone Zone related functions
36  *  @ingroup dnsdb
37  *  @brief Functions used to manipulate a zone
38  *
39  *  Functions used to manipulate a zone
40  *
41  * @{
42  */
43 
44 #pragma once
45 
46 #include <dnsdb/zdb_types.h>
47 #include <dnsdb/nsec.h>
48 #include <dnsdb/nsec3.h>
49 #include <dnsdb/dynupdate-diff.h>
50 
51 // struct dnssec_chain
52 
53 #include <dnscore/dnskey.h>
54 
55 #ifdef	__cplusplus
56 extern "C"
57 {
58 #endif
59 
60 #define ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX 16
61 
62 struct zdb_zone_maintenance_ctx
63 {
64     dnssec_chain nsec_chain_updater;    // @note 20170119 edf -- Given recent changes, and depending on the post-processing, I may be able to handle NSEC & NSEC3 chains with a single (modified) object.
65     dnssec_chain nsec3_chains_updater;
66     nsec3_zone* nsec3_chain[ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX];
67     u8 nsec3_chain_status[ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX];
68     zdb_zone *zone;
69     zdb_rr_label *label;
70 
71     dnssec_key_sll *keys;
72     intptr ksk_mask;
73     intptr zsk_mask;
74 
75     int ksk_count;
76     int zsk_count;
77 
78     ptr_vector ksks;
79     ptr_vector zsks;
80 
81     time_t now;
82     u8 nsec_chain_status;
83     u8 nsec3_chain_count;
84     u8 fqdn[MAX_DOMAIN_LENGTH];
85     dnsname_stack fqdn_stack;
86 };
87 
88 typedef struct zdb_zone_maintenance_ctx zdb_zone_maintenance_ctx;
89 
90 ya_result zdb_zone_maintenance(zdb_zone* zone);
91 
92 ya_result zdb_zone_sign(zdb_zone* zone);
93 
94 /**
95  * Called by zdb_zone_maintenance
96  *
97  * Marks record sets that needs to be updated.
98  * Removes expired signatures.
99  *
100  * @param mctx
101  * @return
102  */
103 
104 ya_result zdb_zone_maintenance_rrsig(zdb_zone_maintenance_ctx* mctx, zone_diff_fqdn *diff_fqdn, ptr_vector *rrset_to_sign);
105 
106 /**
107  * Called by zdb_zone_maintenance
108  *
109  * Updates the signatures of a zone incrementally.
110  * Each call goes a bit further.
111  *
112  * @param zone
113  * @param signature_count_loose_limit
114  * @param present_signatures_are_verified
115  * @return the number of actions counted
116  */
117 
118 int zdb_zone_maintenance_nsec(zdb_zone_maintenance_ctx* mctx, const zone_diff_fqdn *diff_fqdn, ptr_vector *rrset_to_sign);
119 
120 /**
121  * Called by zdb_zone_maintenance
122  *
123  * Updates the signatures of a zone incrementally.
124  * Each call goes a bit further.
125  *
126  * @param zone
127  * @param signature_count_loose_limit
128  * @param present_signatures_are_verified
129  * @return the number of actions counted
130  */
131 
132 int zdb_zone_maintenance_nsec3(zdb_zone_maintenance_ctx* mctx, const zone_diff_fqdn *diff_fqdn);
133 
134 void zdb_zone_maintenance_nsec3_add_rrsig_type(zone_diff *diff, zdb_zone *zone, ptr_vector *rrset_to_sign_vector, ptr_vector *ksks, ptr_vector *zsks, ptr_vector *remove, ptr_vector* add, zone_diff_fqdn *covered_diff_fqdn);
135 
136 void zdb_zone_maintenance_nsec3_remove_rrsig_type(zone_diff *diff, zdb_zone *zone, ptr_vector *rrset_to_sign_vector, ptr_vector *ksks, ptr_vector *zsks, ptr_vector *remove, ptr_vector* add, zone_diff_fqdn *covered_diff_fqdn);
137 
138 
139 #ifdef	__cplusplus
140 }
141 #endif
142 
143 /** @} */
144