getdns/src/anchor.h

/**
 *
 * /brief functions for DNSSEC trust anchor management
 *
 */

/*
 * Copyright (c) 2017, NLnet Labs
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * * Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 * * Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 * * Neither the names of the copyright holders nor the
 *   names of its contributors may be used to endorse or promote products
 *   derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifndef ANCHOR_H_
#define ANCHOR_H_

#include "getdns/getdns.h"
#include "getdns/getdns_extra.h"
#include <time.h>
#include "rr-iter.h"

void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);

void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop);

#define MAX_KSKS        16
#define RRSIG_RDATA_LEN 16
typedef struct _getdns_ksks {
	size_t   n;
	uint16_t ids[MAX_KSKS];
	size_t   n_rrsigs;
	uint8_t  rrsigs[MAX_KSKS][RRSIG_RDATA_LEN];
} _getdns_ksks;

void _getdns_context_update_root_ksk(
    getdns_context *context, _getdns_rrset *dnskey_set);

#endif
/* anchor.h */
smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00			`/**`
			`*`
			`* /brief functions for DNSSEC trust anchor management`
			`*`
			`*/`

			`/*`
			`* Copyright (c) 2017, NLnet Labs`
			`* All rights reserved.`
			`*`
			`* Redistribution and use in source and binary forms, with or without`
			`* modification, are permitted provided that the following conditions are met:`
			`* * Redistributions of source code must retain the above copyright`
			`* notice, this list of conditions and the following disclaimer.`
			`* * Redistributions in binary form must reproduce the above copyright`
			`* notice, this list of conditions and the following disclaimer in the`
			`* documentation and/or other materials provided with the distribution.`
			`* * Neither the names of the copyright holders nor the`
			`* names of its contributors may be used to endorse or promote products`
			`* derived from this software without specific prior written permission.`
			`*`
			`* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND`
			`* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
			`* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY`
			`* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES`
			`* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND`
			`* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS`
			`* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`*/`

			`#ifndef ANCHOR_H_`
			`#define ANCHOR_H_`

			`#include "getdns/getdns.h"`
Fetch and equip context with trust-anchors 2017-06-30 03:18:07 -05:00			`#include "getdns/getdns_extra.h"`
Equip context with xml read trust anchors 2017-06-22 05:27:20 -05:00			`#include <time.h>`
Track updating TA's with root DNSKEY rrset 2017-09-20 03:30:13 -05:00			`#include "rr-iter.h"`
smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
Lazy TA and time checking 2017-09-14 04:47:02 -05:00			`void _getdns_context_equip_with_anchor(getdns_context context, uint64_t now_ms);`
smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00
Fetch and equip context with trust-anchors 2017-06-30 03:18:07 -05:00			`void _getdns_start_fetching_ta(getdns_context context, getdns_eventloop loop);`

Track updating TA's with root DNSKEY rrset 2017-09-20 03:30:13 -05:00			`#define MAX_KSKS 16`
			`#define RRSIG_RDATA_LEN 16`
			`typedef struct _getdns_ksks {`
			`size_t n;`
			`uint16_t ids[MAX_KSKS];`
			`size_t n_rrsigs;`
			`uint8_t rrsigs[MAX_KSKS][RRSIG_RDATA_LEN];`
			`} _getdns_ksks;`

			`void _getdns_context_update_root_ksk(`
			`getdns_context context, _getdns_rrset dnskey_set);`

smime verification of root-anchors.xml in ~/.getdns 2017-03-27 09:21:29 -05:00			`#endif`
			`/* anchor.h */`