1 /*
2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3  *
4  * SPDX-License-Identifier: MPL-2.0
5  *
6  * This Source Code Form is subject to the terms of the Mozilla Public
7  * License, v. 2.0. If a copy of the MPL was not distributed with this
8  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9  *
10  * See the COPYRIGHT file distributed with this work for additional
11  * information regarding copyright ownership.
12  */
13 
14 #ifndef DNS_NSEC_H
15 #define DNS_NSEC_H 1
16 
17 /*! \file dns/nsec.h */
18 
19 #include <stdbool.h>
20 
21 #include <isc/lang.h>
22 
23 #include <dns/name.h>
24 #include <dns/types.h>
25 
26 #define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512)
27 
28 ISC_LANG_BEGINDECLS
29 
30 isc_result_t
31 dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
32 		    const dns_name_t *target, unsigned char *buffer,
33 		    dns_rdata_t *rdata);
34 /*%<
35  * Build the rdata of a NSEC record.
36  *
37  * Requires:
38  *\li	buffer	Points to a temporary buffer of at least
39  * 		DNS_NSEC_BUFFERSIZE bytes.
40  *\li	rdata	Points to an initialized dns_rdata_t.
41  *
42  * Ensures:
43  *  \li    *rdata	Contains a valid NSEC rdata.  The 'data' member refers
44  *		to 'buffer'.
45  */
46 
47 isc_result_t
48 dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node,
49 	       const dns_name_t *target, dns_ttl_t ttl);
50 /*%<
51  * Build a NSEC record and add it to a database.
52  */
53 
54 bool
55 dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type);
56 /*%<
57  * Determine if a type is marked as present in an NSEC record.
58  *
59  * Requires:
60  *\li	'nsec' points to a valid rdataset of type NSEC
61  */
62 
63 isc_result_t
64 dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, bool *answer);
65 /*
66  * Report whether the DNSKEY RRset has a NSEC only algorithm.  Unknown
67  * algorithms are assumed to support NSEC3.  If DNSKEY is not found,
68  * *answer is set to false, and ISC_R_NOTFOUND is returned.
69  *
70  * Requires:
71  * 	'answer' to be non NULL.
72  */
73 
74 unsigned int
75 dns_nsec_compressbitmap(unsigned char *map, const unsigned char *raw,
76 			unsigned int max_type);
77 /*%<
78  * Convert a raw bitmap into a compressed windowed bit map.  'map' and 'raw'
79  * may overlap.
80  *
81  * Returns the length of the compressed windowed bit map.
82  */
83 
84 void
85 dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit);
86 /*%<
87  * Set type bit in raw 'array' to 'bit'.
88  */
89 
90 bool
91 dns_nsec_isset(const unsigned char *array, unsigned int type);
92 /*%<
93  * Test if the corresponding 'type' bit is set in 'array'.
94  */
95 
96 isc_result_t
97 dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
98 		       const dns_name_t *nsecname, dns_rdataset_t *nsecset,
99 		       bool *exists, bool *data, dns_name_t *wild,
100 		       dns_nseclog_t log, void *arg);
101 /*%
102  * Return ISC_R_SUCCESS if we can determine that the name doesn't exist
103  * or we can determine whether there is data or not at the name.
104  * If the name does not exist return the wildcard name.
105  *
106  * Return DNS_R_DNAME when the NSEC indicates that name is covered by
107  * a DNAME.  'wild' is not set in this case.
108  *
109  * Return ISC_R_IGNORE when the NSEC is not the appropriate one.
110  */
111 
112 ISC_LANG_ENDDECLS
113 
114 #endif /* DNS_NSEC_H */
115