projects / thirdparty / systemd.git / blame
| Commit | Line | Data |
|---|---|---|
| 2b442ac8 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
| 2 | ||
| 3 | #pragma once | |
| 4 | ||
| 5 | /*** | |
| 6 | This file is part of systemd. | |
| 7 | ||
| 8 | Copyright 2015 Lennart Poettering | |
| 9 | ||
| 10 | systemd is free software; you can redistribute it and/or modify it | |
| 11 | under the terms of the GNU Lesser General Public License as published by | |
| 12 | the Free Software Foundation; either version 2.1 of the License, or | |
| 13 | (at your option) any later version. | |
| 14 | ||
| 15 | systemd is distributed in the hope that it will be useful, but | |
| 16 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| 18 | Lesser General Public License for more details. | |
| 19 | ||
| 20 | You should have received a copy of the GNU Lesser General Public License | |
| 21 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
| 22 | ***/ | |
| 23 | ||
| 24710c48 | 24 | typedef enum DnssecMode DnssecMode; |
| 547973de | 25 | typedef enum DnssecResult DnssecResult; |
| 24710c48 | 26 | |
| 2b442ac8 LP |
27 | #include "dns-domain.h" |
| 28 | #include "resolved-dns-answer.h" | |
| 29 | #include "resolved-dns-rr.h" | |
| 30 | ||
| 24710c48 LP |
31 | enum DnssecMode { |
| 32 | /* No DNSSEC validation is done */ | |
| 33 | DNSSEC_NO, | |
| 34 | ||
| 35 | /* Trust the AD bit sent by the server. UNSAFE! */ | |
| 36 | DNSSEC_TRUST, | |
| 37 | ||
| 38 | /* Validate locally, if the server knows DO, but if not, don't. Don't trust the AD bit */ | |
| 39 | DNSSEC_YES, | |
| 40 | ||
| 41 | _DNSSEC_MODE_MAX, | |
| 42 | _DNSSEC_MODE_INVALID = -1 | |
| 43 | }; | |
| 44 | ||
| 547973de LP |
45 | enum DnssecResult { |
| 46 | DNSSEC_VALIDATED, | |
| 2b442ac8 | 47 | DNSSEC_INVALID, |
| 547973de | 48 | DNSSEC_UNSIGNED, |
| 2b442ac8 LP |
49 | DNSSEC_NO_SIGNATURE, |
| 50 | DNSSEC_MISSING_KEY, | |
| 2a326321 | 51 | DNSSEC_SIGNATURE_EXPIRED, |
| 547973de LP |
52 | DNSSEC_FAILED_AUXILIARY, |
| 53 | _DNSSEC_RESULT_MAX, | |
| 54 | _DNSSEC_RESULT_INVALID = -1 | |
| 2b442ac8 LP |
55 | }; |
| 56 | ||
| 2b442ac8 LP |
57 | #define DNSSEC_CANONICAL_HOSTNAME_MAX (DNS_HOSTNAME_MAX + 2) |
| 58 | ||
| 59 | int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey); | |
| 60 | int dnssec_key_match_rrsig(DnsResourceKey *key, DnsResourceRecord *rrsig); | |
| 61 | ||
| 547973de LP |
62 | int dnssec_verify_rrset(DnsAnswer *answer, DnsResourceKey *key, DnsResourceRecord *rrsig, DnsResourceRecord *dnskey, usec_t realtime, DnssecResult *result); |
| 63 | int dnssec_verify_rrset_search(DnsAnswer *answer, DnsResourceKey *key, DnsAnswer *validated_dnskeys, usec_t realtime, DnssecResult *result); | |
| 2b442ac8 LP |
64 | |
| 65 | int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds); | |
| 547973de | 66 | int dnssec_verify_dnskey_search(DnsResourceRecord *dnskey, DnsAnswer *validated_ds); |
| 2b442ac8 LP |
67 | |
| 68 | uint16_t dnssec_keytag(DnsResourceRecord *dnskey); | |
| 69 | ||
| 70 | int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max); | |
| 24710c48 LP |
71 | |
| 72 | const char* dnssec_mode_to_string(DnssecMode m) _const_; | |
| 73 | DnssecMode dnssec_mode_from_string(const char *s) _pure_; | |
| 547973de LP |
74 | |
| 75 | const char* dnssec_result_to_string(DnssecResult m) _const_; | |
| 76 | DnssecResult dnssec_result_from_string(const char *s) _pure_; |