Commit aa753763 authored by Jan Včelák's avatar Jan Včelák 🚀

consolidate all DNSSEC related functions into libknot/dnssec

libknot/dnssec now contains interface for:
- key loading
- low level DNSSEC signing
- NSEC3 hash computation
- SIG(0)
- generating NSEC/NSEC3 records for zones
- generating RRSIG for zones
parent c06f4071
......@@ -142,6 +142,18 @@ src/libknot/consts.c
src/libknot/consts.h
src/libknot/dname.c
src/libknot/dname.h
src/libknot/dnssec/key.c
src/libknot/dnssec/key.h
src/libknot/dnssec/nsec3.c
src/libknot/dnssec/nsec3.h
src/libknot/dnssec/sig0.c
src/libknot/dnssec/sig0.h
src/libknot/dnssec/sign.c
src/libknot/dnssec/sign.h
src/libknot/dnssec/zone-nsec.c
src/libknot/dnssec/zone-nsec.h
src/libknot/dnssec/zone-sign.c
src/libknot/dnssec/zone-sign.h
src/libknot/edns.c
src/libknot/edns.h
src/libknot/libknot.h
......@@ -149,8 +161,6 @@ src/libknot/nameserver/chaos.c
src/libknot/nameserver/chaos.h
src/libknot/nameserver/name-server.c
src/libknot/nameserver/name-server.h
src/libknot/nsec3.c
src/libknot/nsec3.h
src/libknot/packet/packet.c
src/libknot/packet/packet.h
src/libknot/packet/query.c
......@@ -161,12 +171,6 @@ src/libknot/rrset-dump.c
src/libknot/rrset-dump.h
src/libknot/rrset.c
src/libknot/rrset.h
src/libknot/sign/dnssec.c
src/libknot/sign/dnssec.h
src/libknot/sign/key.c
src/libknot/sign/key.h
src/libknot/sign/sig0.c
src/libknot/sign/sig0.h
src/libknot/tsig-op.c
src/libknot/tsig-op.h
src/libknot/tsig.c
......@@ -187,14 +191,10 @@ src/libknot/util/utils.h
src/libknot/util/wire.h
src/libknot/zone/node.c
src/libknot/zone/node.h
src/libknot/zone/sign.c
src/libknot/zone/sign.h
src/libknot/zone/zone-contents.c
src/libknot/zone/zone-contents.h
src/libknot/zone/zone-diff.c
src/libknot/zone/zone-diff.h
src/libknot/zone/zone-nsec.c
src/libknot/zone/zone-nsec.h
src/libknot/zone/zone-tree.c
src/libknot/zone/zone-tree.h
src/libknot/zone/zone.c
......
......@@ -137,10 +137,6 @@ libknot_la_SOURCES = \
libknot/zone/node.c \
libknot/zone/zone-diff.h \
libknot/zone/zone-diff.c \
libknot/zone/zone-nsec.h \
libknot/zone/zone-nsec.c \
libknot/zone/sign.h \
libknot/zone/sign.c \
libknot/nameserver/name-server.h \
libknot/nameserver/name-server.c \
libknot/nameserver/chaos.h \
......@@ -152,7 +148,6 @@ libknot_la_SOURCES = \
libknot/updates/ddns.h \
libknot/updates/ddns.c \
libknot/dname.c \
libknot/nsec3.c \
libknot/consts.h \
libknot/edns.h \
libknot/edns.c \
......@@ -160,7 +155,6 @@ libknot_la_SOURCES = \
libknot/dname.h \
libknot/rrset.h \
libknot/rrset.c \
libknot/nsec3.h \
libknot/rrset-dump.h \
libknot/rrset-dump.c \
libknot/tsig.h \
......@@ -169,12 +163,18 @@ libknot_la_SOURCES = \
libknot/tsig-op.c \
libknot/binary.h \
libknot/binary.c \
libknot/sign/key.h \
libknot/sign/key.c \
libknot/sign/dnssec.h \
libknot/sign/dnssec.c \
libknot/sign/sig0.h \
libknot/sign/sig0.c
libknot/dnssec/key.c \
libknot/dnssec/key.h \
libknot/dnssec/nsec3.c \
libknot/dnssec/nsec3.h \
libknot/dnssec/sig0.c \
libknot/dnssec/sig0.h \
libknot/dnssec/sign.c \
libknot/dnssec/sign.h \
libknot/dnssec/zone-nsec.c \
libknot/dnssec/zone-nsec.h \
libknot/dnssec/zone-sign.c \
libknot/dnssec/zone-sign.h
libknots_la_SOURCES = \
common/slab/slab.c \
......
......@@ -36,7 +36,7 @@
#include "libknot/dname.h"
#include "libknot/tsig.h"
#include "libknot/sign/key.h"
#include "libknot/dnssec/key.h"
#include "common/lists.h"
#include "common/log.h"
#include "common/acl.h"
......
......@@ -30,8 +30,8 @@
#include "libknot/packet/response.h"
#include "libknot/nameserver/name-server.h"
#include "libknot/tsig-op.h"
#include "libknot/zone/zone-nsec.h"
#include "libknot/zone/sign.h"
#include "libknot/dnssec/zone-sign.h"
#include "libknot/dnssec/zone-nsec.h"
#define KNOT_CTL_REALM "knot."
#define KNOT_CTL_REALM_EXT ("." KNOT_CTL_REALM)
......
......@@ -30,7 +30,7 @@
#include "knot/conf/conf.h"
#include "libknot/packet/packet.h"
#include "libknot/rrset.h"
#include "libknot/sign/key.h"
#include "libknot/dnssec/key.h"
#include "knot/server/server.h"
/*! \brief Default remote control tool port. */
......
......@@ -25,7 +25,7 @@
#include "knot/knot.h"
#include "knot/other/debug.h"
#include "libknot/libknot.h"
#include "libknot/sign/key.h"
#include "libknot/dnssec/key.h"
#include "common/base32hex.h"
#include "common/crc.h"
#include "common/descriptor.h"
......
......@@ -31,7 +31,7 @@
#include "libknot/common.h"
#include "knot/zone/semantic-check.h"
#include "libknot/zone/zone-contents.h"
#include "libknot/zone/zone-nsec.h"
#include "libknot/dnssec/zone-nsec.h"
#include "knot/other/debug.h"
#include "knot/zone/zone-load.h"
#include "zscanner/file_loader.h"
......
......@@ -30,8 +30,8 @@
#include "common.h"
#include "common/getline.h"
#include "dname.h"
#include "sign/key.h"
#include "sign/sig0.h"
#include "key.h"
#include "sig0.h"
#include "tsig.h"
#include "zscanner/scanner.h"
......
......@@ -18,14 +18,14 @@
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief Interface for loding of keys.
* \brief Interface for loading of DNSSEC keys.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_SIGN_KEY_H_
#define _KNOT_SIGN_KEY_H_
#ifndef _KNOT_DNSSEC_KEY_H_
#define _KNOT_DNSSEC_KEY_H_
#include <stdint.h>
#include <time.h>
......@@ -173,6 +173,6 @@ int knot_tsig_key_from_params(const knot_key_params_t *params,
*/
int knot_tsig_key_free(knot_tsig_key_t *key);
#endif // _KNOT_SIGN_KEY_H_
#endif // _KNOT_DNSSEC_KEY_H_
/*! @} */
......@@ -4,7 +4,7 @@
* \author Lubos Slovak <lubos.slovak@nic.cz>
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief Functions for calcularing NSEC3 hashes.
* \brief Functions for computation of NSEC3 hashes.
*
* \addtogroup libknot
* @{
......@@ -25,8 +25,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _KNOT_NSEC3_H_
#define _KNOT_NSEC3_H_
#ifndef _KNOT_DNSSEC_NSEC3_H_
#define _KNOT_DNSSEC_NSEC3_H_
#include <stdint.h>
#include <string.h>
......@@ -91,6 +91,6 @@ void knot_nsec3_params_free(knot_nsec3_params_t *params);
int knot_nsec3_hash(const knot_nsec3_params_t *params, const uint8_t *data,
size_t size, uint8_t **digest, size_t *digest_size);
#endif // _KNOT_NSEC3_H_
#endif // _KNOT_DNSSEC_NSEC3_H_
/*! @} */
......@@ -15,11 +15,11 @@
*/
#include <config.h>
#include "sign/dnssec.h"
#include "sign/sig0.h"
#include "common/errcode.h"
#include <assert.h>
#include <time.h>
#include "common/errcode.h"
#include "sig0.h"
#include "sign.h"
#include "util/wire.h"
/*!
......
......@@ -24,10 +24,10 @@
* @{
*/
#ifndef _KNOT_SIGN_SIG0_H_
#define _KNOT_SIGN_SIG0_H_
#ifndef _KNOT_DNSSEC_SIG0_H_
#define _KNOT_DNSSEC_SIG0_H_
#include "sign/dnssec.h"
#include "libknot/dnssec/sign.h"
/*!
* \brief Sign a packet using SIG(0) mechanism.
......@@ -42,6 +42,6 @@
int knot_sig0_sign(uint8_t *wire, size_t *wire_size, size_t wire_max_size,
knot_dnssec_key_t *key);
#endif // _KNOT_SIGN_SIG0_H_
#endif // _KNOT_DNSSEC_SIG0_H_
/*! @} */
......@@ -18,8 +18,8 @@
#include "common.h"
#include "common/descriptor.h"
#include "common/errcode.h"
#include "sign/dnssec.h"
#include "sign/key.h"
#include "key.h"
#include "sign.h"
#include <assert.h>
#include <openssl/dsa.h>
#include <openssl/opensslconf.h>
......
......@@ -24,11 +24,11 @@
* @{
*/
#ifndef _KNOT_SIGN_DNSSEC_H_
#define _KNOT_SIGN_DNSSEC_H_
#ifndef _KNOT_DNSSEC_SIGN_H_
#define _KNOT_DNSSEC_SIGN_H_
#include "sign/key.h"
#include "common/descriptor.h"
#include "libknot/dnssec/key.h"
/*!
* \brief Algorithm private key data and algorithm implementation (internal).
......@@ -137,6 +137,6 @@ int knot_dnssec_sign_write(knot_dnssec_sign_context_t *context,
*/
int knot_dnssec_sign_new(knot_dnssec_sign_context_t *context);
#endif // _KNOT_SIGN_DNSSEC_H_
#endif // _KNOT_DNSSEC_SIGN_H_
/*! @} */
......@@ -25,7 +25,7 @@
#include "common/descriptor.h"
#include "nsec3.h"
#include "util/utils.h"
#include "zone-contents.h"
#include "zone/zone-contents.h"
#include "zone-nsec.h"
/* - RR types bitmap -- RFC 4034 ------------------------------------------- */
......
......@@ -13,10 +13,21 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _KNOT_ZONE_NSEC_H_
#define _KNOT_ZONE_NSEC_H_
/*!
* \file zone-sign.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief Interface for generating of NSEC/NSEC3 records in zone.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_ZONE_NSEC_H_
#define _KNOT_DNSSEC_ZONE_NSEC_H_
#include "zone.h"
#include "zone/zone-contents.h"
/*!
* \brief Create NSEC or NSEC3 chain in the zone.
......@@ -40,4 +51,6 @@ int knot_zone_create_nsec_chain(knot_zone_contents_t *zone);
*/
int knot_zone_connect_nsec_nodes(knot_zone_contents_t *zone);
#endif // _KNOT_ZONE_NSEC_H_
#endif // _KNOT_DNSSEC_ZONE_NSEC_H_
/*! @} */
......@@ -14,6 +14,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <assert.h>
#include <dirent.h>
#include <stdbool.h>
......@@ -21,17 +22,16 @@
#include <stdio.h> // TMP
#include <sys/types.h>
#include <time.h>
#include "common/descriptor.h"
#include "common/errcode.h"
#include "common/hattrie/hat-trie.h"
#include "sign.h"
#include "key.h"
#include "libknot/dname.h"
#include "libknot/rrset.h"
#include "libknot/sign/dnssec.h"
#include "libknot/sign/key.h"
#include "node.h"
#include "zone/node.h"
#include "sign.h"
#include "zone-contents.h"
#include "zone/zone-contents.h"
#define MAX_RR_WIREFORMAT_SIZE (64 * 1024 * sizeof(uint8_t))
#define MAX_ZONE_KEYS 8
......
......@@ -13,11 +13,24 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _KNOT_ZONE_SIGN_H_
#define _KNOT_ZONE_SIGN_H_
/*!
* \file zone-sign.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief Interface for DNSSEC signing of zones.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_ZONE_SIGN_H_
#define _KNOT_DNSSEC_ZONE_SIGN_H_
#include "zone-contents.h"
#include "zone/zone-contents.h"
int knot_zone_sign(knot_zone_contents_t *zone, const char *keydir);
#endif // _KNOT_ZONE_SIGN_H_
#endif // _KNOT_DNSSEC_ZONE_SIGN_H_
/*! @} */
......@@ -30,14 +30,11 @@
#include "consts.h"
#include "dname.h"
#include "edns.h"
#include "nsec3.h"
#include "packet/packet.h"
#include "packet/query.h"
#include "packet/response.h"
#include "rrset.h"
#include "rrset-dump.h"
#include "sign/key.h"
#include "sign/sig0.h"
#include "tsig.h"
#include "tsig-op.h"
#include "util/tolower.h"
......
......@@ -37,7 +37,7 @@
#include "updates/changesets.h"
#include "updates/ddns.h"
#include "tsig-op.h"
#include "zone/zone-nsec.h"
#include "libknot/dnssec/zone-nsec.h"
/*----------------------------------------------------------------------------*/
......
......@@ -29,7 +29,7 @@
#include "util/wire.h"
#include "util/debug.h"
#include "consts.h"
#include "sign/key.h"
#include "libknot/dnssec/key.h"
const int KNOT_TSIG_MAX_DIGEST_SIZE = 64; // size of HMAC-SHA512 digest
const uint16_t KNOT_TSIG_FUDGE_DEFAULT = 300; // default Fudge value
......
......@@ -31,7 +31,7 @@
#include "tsig.h"
#include "rrset.h"
#include "sign/key.h"
#include "libknot/dnssec/key.h"
/*!
* \brief Generate TSIG signature of a message.
......
......@@ -28,7 +28,7 @@
#include "packet/packet.h"
#include "dname.h"
#include "zone/zone.h"
#include "zone/zone-nsec.h"
#include "libknot/dnssec/zone-nsec.h"
#include "packet/query.h"
#include "common.h"
#include "updates/changesets.h"
......
......@@ -29,7 +29,7 @@
#include "zone/node.h"
#include "dname.h"
#include "nsec3.h"
#include "libknot/dnssec/nsec3.h"
#include "zone-tree.h"
......
......@@ -31,7 +31,7 @@
#include "zone/node.h"
#include "dname.h"
#include "nsec3.h"
#include "libknot/dnssec/nsec3.h"
#include "common/ref.h"
#include "zone-tree.h"
......
......@@ -28,6 +28,7 @@
#include "utils/common/msg.h" // WARN
#include "utils/common/params.h" // params_t
#include "utils/common/netio.h" // send_msg
#include "libknot/dnssec/sig0.h"
static knot_lookup_table_t rtypes[] = {
{ KNOT_RRTYPE_A, "has IPv4 address" },
......
......@@ -30,6 +30,8 @@
#include "utils/common/netio.h" // net_t
#include "utils/common/params.h" // style_t
#include "libknot/libknot.h"
#include "libknot/dnssec/key.h"
#include "libknot/dnssec/sign.h"
/*! \brief Holds data required between signing and signature verification. */
typedef struct {
......
......@@ -22,7 +22,7 @@
#include "common/errcode.h"
#include "common/hex.h"
#include "common/strtonum.h"
#include "libknot/nsec3.h"
#include "libknot/dnssec/nsec3.h"
#define PROGRAM_NAME "knsec3hash"
......
......@@ -34,7 +34,7 @@
#include "zscanner/scanner.h" // scanner_t
#include "utils/common/netio.h" // server_t
#include "utils/common/params.h" // protocol_t
#include "libknot/sign/key.h" // knot_key_params_t
#include "libknot/dnssec/key.h" // knot_key_params_t
#define KNSUPDATE_VERSION "knsupdate, version " PACKAGE_VERSION "\n"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment