val_utils.h

Go to the documentation of this file.

/*
 * validator/val_utils.h - validator utility functions.
 *
 * Copyright (c) 2007, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

 
#ifndef VALIDATOR_VAL_UTILS_H
#define VALIDATOR_VAL_UTILS_H
#include "util/data/packed_rrset.h"
#include "sldns/pkthdr.h"
struct query_info;
struct reply_info;
struct val_env;
struct module_env;
struct module_qstate;
struct ub_packed_rrset_key;
struct key_entry_key;
struct regional;
struct val_anchors;
struct rrset_cache;
struct sock_list;

enum val_classification {
    VAL_CLASS_UNTYPED = 0,
    VAL_CLASS_UNKNOWN,
    VAL_CLASS_POSITIVE,
    VAL_CLASS_CNAME,
    VAL_CLASS_NODATA,
    VAL_CLASS_NAMEERROR,
    VAL_CLASS_CNAMENOANSWER,
    VAL_CLASS_REFERRAL,
    VAL_CLASS_ANY
};

enum val_classification val_classify_response(uint16_t query_flags,
    struct query_info* origqinf, struct query_info* qinf, 
    struct reply_info* rep, size_t skip);

void val_find_signer(enum val_classification subtype, 
    struct query_info* qinf, struct reply_info* rep,
    size_t cname_skip, uint8_t** signer_name, size_t* signer_len);

enum sec_status val_verify_rrset(struct module_env* env, struct val_env* ve,
    struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* keys,
    uint8_t* sigalg, char** reason, sldns_pkt_section section,
    struct module_qstate* qstate);

enum sec_status val_verify_rrset_entry(struct module_env* env, 
    struct val_env* ve, struct ub_packed_rrset_key* rrset, 
    struct key_entry_key* kkey, char** reason, sldns_pkt_section section,
    struct module_qstate* qstate);

enum sec_status val_verify_DNSKEY_with_DS(struct module_env* env, 
    struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, 
    struct ub_packed_rrset_key* ds_rrset, uint8_t* sigalg, char** reason,
    struct module_qstate* qstate);

enum sec_status val_verify_DNSKEY_with_TA(struct module_env* env, 
    struct val_env* ve, struct ub_packed_rrset_key* dnskey_rrset, 
    struct ub_packed_rrset_key* ta_ds,
    struct ub_packed_rrset_key* ta_dnskey, uint8_t* sigalg, char** reason,
    struct module_qstate* qstate);

struct key_entry_key* val_verify_new_DNSKEYs(struct regional* region, 
    struct module_env* env, struct val_env* ve, 
    struct ub_packed_rrset_key* dnskey_rrset, 
    struct ub_packed_rrset_key* ds_rrset, int downprot, char** reason,
    struct module_qstate* qstate);
 

struct key_entry_key* val_verify_new_DNSKEYs_with_ta(struct regional* region, 
    struct module_env* env, struct val_env* ve, 
    struct ub_packed_rrset_key* dnskey_rrset, 
    struct ub_packed_rrset_key* ta_ds_rrset, 
    struct ub_packed_rrset_key* ta_dnskey_rrset,
    int downprot, char** reason, struct module_qstate* qstate);

int val_dsset_isusable(struct ub_packed_rrset_key* ds_rrset);

int val_rrset_wildcard(struct ub_packed_rrset_key* rrset, uint8_t** wc,
    size_t* wc_len);

int val_chase_cname(struct query_info* qchase, struct reply_info* rep,
    size_t* cname_skip);

void val_fill_reply(struct reply_info* chase, struct reply_info* orig, 
    size_t cname_skip, uint8_t* name, size_t len, uint8_t* signer);

void val_reply_remove_auth(struct reply_info* rep, size_t index);

void val_check_nonsecure(struct module_env* env, struct reply_info* rep);

void val_mark_indeterminate(struct reply_info* rep, 
    struct val_anchors* anchors, struct rrset_cache* r, 
    struct module_env* env);

void val_mark_insecure(struct reply_info* rep, uint8_t* kname,
    struct rrset_cache* r, struct module_env* env);

size_t val_next_unchecked(struct reply_info* rep, size_t skip);

void val_find_rrset_signer(struct ub_packed_rrset_key* rrset, uint8_t** sname,
    size_t* slen);

const char* val_classification_to_string(enum val_classification subtype);

void val_blacklist(struct sock_list** blacklist, struct regional* region,
    struct sock_list* origin, int cross);

int val_has_signed_nsecs(struct reply_info* rep, char** reason);

int val_favorite_ds_algo(struct ub_packed_rrset_key* ds_rrset);

struct dns_msg* val_find_DS(struct module_env* env, uint8_t* nm, size_t nmlen,
    uint16_t c, struct regional* region, uint8_t* topname);
 
#endif /* VALIDATOR_VAL_UTILS_H */