static void ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, ldns_dnssec_name* name, ldns_rr* nsec3rr) { ldns_rbnode_t* new_node; assert(name != NULL); if (! zone->_nsec3params) { if (! nsec3rr) { return; } ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr); } else if (! nsec3rr) { nsec3rr = zone->_nsec3params; } name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name); /* Also store in zone->hashed_names */ if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) { new_node->key = name->hashed_name; new_node->data = name; if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) { LDNS_FREE(new_node); } } }
static ldns_rbnode_t * ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) { ldns_rbnode_t *current_node = ldns_rbtree_first(zone->names); ldns_dnssec_name *current_name; ldns_rdf *hashed_name; hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); while (current_node != LDNS_RBTREE_NULL) { current_name = (ldns_dnssec_name *) current_node->data; if (!current_name->hashed_name) { current_name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(rr, current_name->name); } if (ldns_dname_compare(hashed_name, current_name->hashed_name) == 0) { ldns_rdf_deep_free(hashed_name); return current_node; } current_node = ldns_rbtree_next(current_node); } ldns_rdf_deep_free(hashed_name); return NULL; }
void check_cover(ldns_rr_list *list, ldns_rdf *qname) { ldns_status status; size_t i; if(check_done(qname)) return; for(i=0; i<ldns_rr_list_rr_count(list); ++i) { ldns_rr* nsec3 = ldns_rr_list_rr(list, i); if(ldns_rr_get_type(nsec3) != LDNS_RR_TYPE_NSEC3) { /* skip non nsec3 */ continue; } ldns_rdf* hashed = ldns_nsec3_hash_name_frm_nsec3( nsec3, qname); status = ldns_dname_cat(hashed, ldns_dname_left_chop( ldns_rr_owner(nsec3))); if(status != LDNS_STATUS_OK) abort_ldns_error("ldns_dname_cat", status); if(ldns_dname_compare(hashed, ldns_rr_owner(nsec3)) == 0) { ldns_rdf_print(stdout, ldns_rr_owner(nsec3)); printf(" proves "); ldns_rdf_print(stdout, qname); printf(" exists.\n"); } else if(ldns_nsec_covers_name(nsec3, hashed)) { ldns_rdf_print(stdout, ldns_rr_owner(nsec3)); printf(" proves "); ldns_rdf_print(stdout, qname); printf(" does not exist.\n"); } ldns_rdf_free(hashed); } }
ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, ldns_rr *rr) { ldns_status result = LDNS_STATUS_OK; ldns_rdf *name_name; bool hashed_name = false; ldns_rr_type rr_type; ldns_rr_type typecovered = 0; /* special handling for NSEC3 and NSECX covering RRSIGS */ if (!name || !rr) { return LDNS_STATUS_ERR; } rr_type = ldns_rr_get_type(rr); if (rr_type == LDNS_RR_TYPE_RRSIG) { typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); } #ifdef HAVE_SSL if (rr_type == LDNS_RR_TYPE_NSEC3 || typecovered == LDNS_RR_TYPE_NSEC3) { name_name = ldns_nsec3_hash_name_frm_nsec3(rr, ldns_dnssec_name_name(name)); hashed_name = true; } else { name_name = ldns_dnssec_name_name(name); } #else name_name = ldns_dnssec_name_name(name); #endif /* HAVE_SSL */ if (rr_type == LDNS_RR_TYPE_NSEC || rr_type == LDNS_RR_TYPE_NSEC3) { /* XX check if is already set (and error?) */ name->nsec = rr; } else if (typecovered == LDNS_RR_TYPE_NSEC || typecovered == LDNS_RR_TYPE_NSEC3) { if (name->nsec_signatures) { result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr); } else { name->nsec_signatures = ldns_dnssec_rrs_new(); name->nsec_signatures->rr = rr; } } else { /* it's a 'normal' RR, add it to the right rrset */ if (name->rrsets) { result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); } else { name->rrsets = ldns_dnssec_rrsets_new(); result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); } } if (hashed_name) { ldns_rdf_deep_free(name_name); } return result; }