1 /* $NetBSD: nsec.h,v 1.7 2014/12/10 04:37:58 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2004-2008, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (C) 1999-2001, 2003 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* Id: nsec.h,v 1.14 2011/06/10 23:47:32 tbox Exp */ 21 22 #ifndef DNS_NSEC_H 23 #define DNS_NSEC_H 1 24 25 /*! \file dns/nsec.h */ 26 27 #include <isc/lang.h> 28 29 #include <dns/types.h> 30 #include <dns/name.h> 31 32 #define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512) 33 34 ISC_LANG_BEGINDECLS 35 36 isc_result_t 37 dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, 38 dns_dbnode_t *node, dns_name_t *target, 39 unsigned char *buffer, dns_rdata_t *rdata); 40 /*%< 41 * Build the rdata of a NSEC record. 42 * 43 * Requires: 44 *\li buffer Points to a temporary buffer of at least 45 * DNS_NSEC_BUFFERSIZE bytes. 46 *\li rdata Points to an initialized dns_rdata_t. 47 * 48 * Ensures: 49 * \li *rdata Contains a valid NSEC rdata. The 'data' member refers 50 * to 'buffer'. 51 */ 52 53 isc_result_t 54 dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, 55 dns_name_t *target, dns_ttl_t ttl); 56 /*%< 57 * Build a NSEC record and add it to a database. 58 */ 59 60 isc_boolean_t 61 dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); 62 /*%< 63 * Determine if a type is marked as present in an NSEC record. 64 * 65 * Requires: 66 *\li 'nsec' points to a valid rdataset of type NSEC 67 */ 68 69 isc_result_t 70 dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, 71 isc_boolean_t *answer); 72 /* 73 * Report whether the DNSKEY RRset has a NSEC only algorithm. Unknown 74 * algorithms are assumed to support NSEC3. If DNSKEY is not found, 75 * *answer is set to ISC_FALSE, and ISC_R_NOTFOUND is returned. 76 * 77 * Requires: 78 * 'answer' to be non NULL. 79 */ 80 81 unsigned int 82 dns_nsec_compressbitmap(unsigned char *map, const unsigned char *raw, 83 unsigned int max_type); 84 /*%< 85 * Convert a raw bitmap into a compressed windowed bit map. 'map' and 'raw' 86 * may overlap. 87 * 88 * Returns the length of the compressed windowed bit map. 89 */ 90 91 void 92 dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit); 93 /*%< 94 * Set type bit in raw 'array' to 'bit'. 95 */ 96 97 isc_boolean_t 98 dns_nsec_isset(const unsigned char *array, unsigned int type); 99 /*%< 100 * Test if the corresponding 'type' bit is set in 'array'. 101 */ 102 103 isc_result_t 104 dns_nsec_noexistnodata(dns_rdatatype_t type, dns_name_t *name, 105 dns_name_t *nsecname, dns_rdataset_t *nsecset, 106 isc_boolean_t *exists, isc_boolean_t *data, 107 dns_name_t *wild, dns_nseclog_t log, void *arg); 108 /*% 109 * Return ISC_R_SUCCESS if we can determine that the name doesn't exist 110 * or we can determine whether there is data or not at the name. 111 * If the name does not exist return the wildcard name. 112 * 113 * Return ISC_R_IGNORE when the NSEC is not the appropriate one. 114 */ 115 116 ISC_LANG_ENDDECLS 117 118 #endif /* DNS_NSEC_H */ 119