Data Structures | Functions
val_anchor.h File Reference

This file contains storage for the trust anchors for the validator. More...

#include "util/rbtree.h"
#include "util/locks.h"

Data Structures

struct  val_anchors
 Trust anchor store. More...
 
struct  ta_key
 Trust anchor key. More...
 
struct  trust_anchor
 A trust anchor in the trust anchor store. More...
 

Functions

struct val_anchorsanchors_create (void)
 Create trust anchor storage. More...
 
void anchors_delete (struct val_anchors *anchors)
 Delete trust anchor storage. More...
 
int anchors_apply_cfg (struct val_anchors *anchors, struct config_file *cfg)
 Process trust anchor config. More...
 
void anchors_init_parents_locked (struct val_anchors *anchors)
 Recalculate parent pointers. More...
 
struct trust_anchoranchors_lookup (struct val_anchors *anchors, uint8_t *qname, size_t qname_len, uint16_t qclass)
 Given a qname/qclass combination, find the trust anchor closest above it. More...
 
struct trust_anchoranchor_find (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass)
 Find a trust anchor. More...
 
struct trust_anchoranchor_store_str (struct val_anchors *anchors, struct sldns_buffer *buffer, const char *str)
 Store one string as trust anchor RR. More...
 
size_t anchors_get_mem (struct val_anchors *anchors)
 Get memory in use by the trust anchor storage. More...
 
int anchor_cmp (const void *k1, const void *k2)
 compare two trust anchors
 
int anchors_add_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm)
 Add insecure point trust anchor. More...
 
void anchors_delete_insecure (struct val_anchors *anchors, uint16_t c, uint8_t *nm)
 Delete insecure point trust anchor. More...
 
size_t anchor_list_keytags (struct trust_anchor *ta, uint16_t *list, size_t num)
 Get a list of keytags for the trust anchor. More...
 

Detailed Description

This file contains storage for the trust anchors for the validator.

Function Documentation

◆ anchors_create()

struct val_anchors* anchors_create ( void  )

Create trust anchor storage.

Returns
new storage or NULL on error.

References anchor_cmp(), anchors_delete(), val_anchors::autr, autr_global_create(), val_anchors::lock, rbtree_create(), and val_anchors::tree.

Referenced by anchors_test(), and val_apply_cfg().

◆ anchors_delete()

void anchors_delete ( struct val_anchors anchors)

Delete trust anchor storage.

Parameters
anchorsto delete.

References anchors_delfunc(), val_anchors::autr, autr_global_delete(), val_anchors::lock, traverse_postorder(), and val_anchors::tree.

Referenced by anchors_create(), anchors_test(), and val_deinit().

◆ anchors_apply_cfg()

int anchors_apply_cfg ( struct val_anchors anchors,
struct config_file cfg 
)

◆ anchors_init_parents_locked()

void anchors_init_parents_locked ( struct val_anchors anchors)

Recalculate parent pointers.

The caller must hold the lock on the anchors structure (say after removing an item from the rbtree). Caller must not hold any locks on trust anchors. After the call is complete the parent pointers are updated and an item just removed is no longer referenced in parent pointers.

Parameters
anchorsthe structure to update.

References trust_anchor::dclass, dname_lab_cmp(), trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::node, trust_anchor::parent, RBTREE_FOR, and val_anchors::tree.

Referenced by anchors_add_insecure(), anchors_delete_insecure(), and init_parents().

◆ anchors_lookup()

struct trust_anchor* anchors_lookup ( struct val_anchors anchors,
uint8_t *  qname,
size_t  qname_len,
uint16_t  qclass 
)

Given a qname/qclass combination, find the trust anchor closest above it.

Or return NULL if none exists.

Parameters
anchorsstruct anchor storage
qnamequery name, uncompressed wireformat.
qname_lenlength of qname.
qclassclass to query for.
Returns
the trust anchor or NULL if none is found. The anchor is locked.

References trust_anchor::dclass, dname_count_labels(), dname_lab_cmp(), rbnode_type::key, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::parent, rbtree_find_less_equal(), and val_anchors::tree.

Referenced by check_no_anchor(), iter_indicates_dnssec_fwd(), test_anchor_empty(), test_anchor_one(), and test_anchors().

◆ anchor_find()

struct trust_anchor* anchor_find ( struct val_anchors anchors,
uint8_t *  name,
int  namelabs,
size_t  namelen,
uint16_t  dclass 
)

Find a trust anchor.

Exact matching.

Parameters
anchorsanchor storage.
namename of trust anchor (wireformat)
namelabslabels in name
namelenlength of name
dclassclass of trust anchor
Returns
NULL if not found. The anchor is locked.

References trust_anchor::dclass, rbnode_type::key, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.

Referenced by do_list_forwards(), do_list_stubs(), find_add_tp(), iter_indicates_dnssec(), and process_prime_response().

◆ anchor_store_str()

struct trust_anchor* anchor_store_str ( struct val_anchors anchors,
struct sldns_buffer buffer,
const char *  str 
)

Store one string as trust anchor RR.

Parameters
anchorsanchor storage.
bufferparsing buffer, to generate the RR wireformat in.
strstring.
Returns
NULL on error.

References log_err(), sldns_buffer_begin(), sldns_buffer_capacity(), and sldns_str2wire_rr_buf().

Referenced by anchors_apply_cfg(), process_bind_contents(), test_anchor_one(), and test_anchors().

◆ anchors_get_mem()

size_t anchors_get_mem ( struct val_anchors anchors)

Get memory in use by the trust anchor storage.

Parameters
anchorsanchor storage.
Returns
memory in use in bytes.

References trust_anchor::namelen, RBTREE_FOR, and val_anchors::tree.

◆ anchors_add_insecure()

int anchors_add_insecure ( struct val_anchors anchors,
uint16_t  c,
uint8_t *  nm 
)

Add insecure point trust anchor.

For external use (locks and init_parents)

Parameters
anchorsanchor storage.
cclass.
nmname of insecure trust point.
Returns
false on alloc failure.

References anchor_new_ta(), anchors_init_parents_locked(), trust_anchor::dclass, dname_count_size_labels(), rbnode_type::key, val_anchors::lock, log_err(), trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.

Referenced by do_insecure_add().

◆ anchors_delete_insecure()

void anchors_delete_insecure ( struct val_anchors anchors,
uint16_t  c,
uint8_t *  nm 
)

Delete insecure point trust anchor.

Does not remove if no such point. For external use (locks and init_parents)

Parameters
anchorsanchor storage.
cclass.
nmname of insecure trust point.

References anchors_delfunc(), anchors_init_parents_locked(), trust_anchor::autr, trust_anchor::dclass, dname_count_size_labels(), rbnode_type::key, trust_anchor::keylist, val_anchors::lock, trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::numDNSKEY, trust_anchor::numDS, rbtree_delete(), rbtree_search(), and val_anchors::tree.

Referenced by do_insecure_remove().

◆ anchor_list_keytags()

size_t anchor_list_keytags ( struct trust_anchor ta,
uint16_t *  list,
size_t  num 
)

Get a list of keytags for the trust anchor.

Zero tags for insecure points.

Parameters
tatrust anchor (locked by caller).
listarray of uint16_t.
numlength of array.
Returns
number of keytags filled into array. If total number of keytags is bigger than the array, it is truncated at num. On errors, less keytags are filled in. The array is sorted.

References packed_rrset_data::count, lruhash_entry::data, dnskey_calc_keytag(), trust_anchor::dnskey_rrset, ds_get_keytag(), trust_anchor::ds_rrset, ub_packed_rrset_key::entry, keytag_compare(), trust_anchor::numDNSKEY, and trust_anchor::numDS.