1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * SPDX-License-Identifier: MPL-2.0 5 * 6 * This Source Code Form is subject to the terms of the Mozilla Public 7 * License, v. 2.0. If a copy of the MPL was not distributed with this 8 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 9 * 10 * See the COPYRIGHT file distributed with this work for additional 11 * information regarding copyright ownership. 12 */ 13 14 #ifndef DNS_NSEC_H 15 #define DNS_NSEC_H 1 16 17 /*! \file dns/nsec.h */ 18 19 #include <stdbool.h> 20 21 #include <isc/lang.h> 22 23 #include <dns/name.h> 24 #include <dns/types.h> 25 26 #define DNS_NSEC_BUFFERSIZE (DNS_NAME_MAXWIRE + 8192 + 512) 27 28 ISC_LANG_BEGINDECLS 29 30 isc_result_t 31 dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, 32 const dns_name_t *target, unsigned char *buffer, 33 dns_rdata_t *rdata); 34 /*%< 35 * Build the rdata of a NSEC record. 36 * 37 * Requires: 38 *\li buffer Points to a temporary buffer of at least 39 * DNS_NSEC_BUFFERSIZE bytes. 40 *\li rdata Points to an initialized dns_rdata_t. 41 * 42 * Ensures: 43 * \li *rdata Contains a valid NSEC rdata. The 'data' member refers 44 * to 'buffer'. 45 */ 46 47 isc_result_t 48 dns_nsec_build(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node, 49 const dns_name_t *target, dns_ttl_t ttl); 50 /*%< 51 * Build a NSEC record and add it to a database. 52 */ 53 54 bool 55 dns_nsec_typepresent(dns_rdata_t *nsec, dns_rdatatype_t type); 56 /*%< 57 * Determine if a type is marked as present in an NSEC record. 58 * 59 * Requires: 60 *\li 'nsec' points to a valid rdataset of type NSEC 61 */ 62 63 isc_result_t 64 dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version, bool *answer); 65 /* 66 * Report whether the DNSKEY RRset has a NSEC only algorithm. Unknown 67 * algorithms are assumed to support NSEC3. If DNSKEY is not found, 68 * *answer is set to false, and ISC_R_NOTFOUND is returned. 69 * 70 * Requires: 71 * 'answer' to be non NULL. 72 */ 73 74 unsigned int 75 dns_nsec_compressbitmap(unsigned char *map, const unsigned char *raw, 76 unsigned int max_type); 77 /*%< 78 * Convert a raw bitmap into a compressed windowed bit map. 'map' and 'raw' 79 * may overlap. 80 * 81 * Returns the length of the compressed windowed bit map. 82 */ 83 84 void 85 dns_nsec_setbit(unsigned char *array, unsigned int type, unsigned int bit); 86 /*%< 87 * Set type bit in raw 'array' to 'bit'. 88 */ 89 90 bool 91 dns_nsec_isset(const unsigned char *array, unsigned int type); 92 /*%< 93 * Test if the corresponding 'type' bit is set in 'array'. 94 */ 95 96 isc_result_t 97 dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name, 98 const dns_name_t *nsecname, dns_rdataset_t *nsecset, 99 bool *exists, bool *data, dns_name_t *wild, 100 dns_nseclog_t log, void *arg); 101 /*% 102 * Return ISC_R_SUCCESS if we can determine that the name doesn't exist 103 * or we can determine whether there is data or not at the name. 104 * If the name does not exist return the wildcard name. 105 * 106 * Return DNS_R_DNAME when the NSEC indicates that name is covered by 107 * a DNAME. 'wild' is not set in this case. 108 * 109 * Return ISC_R_IGNORE when the NSEC is not the appropriate one. 110 */ 111 112 ISC_LANG_ENDDECLS 113 114 #endif /* DNS_NSEC_H */ 115