external/bsd/bind/dist/lib/dns/rdata/generic/nsec3_50.h

   1 /*      $NetBSD$        */
   2
   3 /*
   4  * Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
   5  *
   6  * Permission to use, copy, modify, and/or distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  11  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  12  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  13  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  14  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  15  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  16  * PERFORMANCE OF THIS SOFTWARE.
  17  */
  18
  19
  20 #ifndef GENERIC_NSEC3_50_H
  21 #define GENERIC_NSEC3_50_H 1
  22
  23 /* Id: nsec3_50.h,v 1.4 2008/09/25 04:02:39 tbox Exp */
  24
  25 /*!
  26  * \brief Per RFC 5155 */
  27
  28 #include <isc/iterated_hash.h>
  29
  30 typedef struct dns_rdata_nsec3 {
  31         dns_rdatacommon_t       common;
  32         isc_mem_t               *mctx;
  33         dns_hash_t              hash;
  34         unsigned char           flags;
  35         dns_iterations_t        iterations;
  36         unsigned char           salt_length;
  37         unsigned char           next_length;
  38         isc_uint16_t            len;
  39         unsigned char           *salt;
  40         unsigned char           *next;
  41         unsigned char           *typebits;
  42 } dns_rdata_nsec3_t;
  43
  44 /*
  45  * The corresponding NSEC3 interval is OPTOUT indicating possible
  46  * insecure delegations.
  47  */
  48 #define DNS_NSEC3FLAG_OPTOUT 0x01U
  49
  50 /*%
  51  * Non-standard, NSEC3PARAM only.
  52  *
  53  * Create a corresponding NSEC3 chain.
  54  * Once the NSEC3 chain is complete this flag will be removed to signal
  55  * that there is a complete chain.
  56  *
  57  * This flag is automatically set when a NSEC3PARAM record is added to
  58  * the zone via UPDATE.
  59  *
  60  * NSEC3PARAM records with this flag set are supposed to be ignored by
  61  * RFC 5155 compliant nameservers.
  62  */
  63 #define DNS_NSEC3FLAG_CREATE 0x80U
  64
  65 /*%
  66  * Non-standard, NSEC3PARAM only.
  67  *
  68  * The corresponding NSEC3 set is to be removed once the NSEC chain
  69  * has been generated.
  70  *
  71  * This flag is automatically set when the last active NSEC3PARAM record
  72  * is removed from the zone via UPDATE.
  73  *
  74  * NSEC3PARAM records with this flag set are supposed to be ignored by
  75  * RFC 5155 compliant nameservers.
  76  */
  77 #define DNS_NSEC3FLAG_REMOVE 0x40U
  78
  79 /*%
  80  * Non-standard, NSEC3PARAM only.
  81  *
  82  * Used to identify NSEC3PARAM records added in this UPDATE request.
  83  */
  84 #define DNS_NSEC3FLAG_UPDATE 0x20U
  85
  86 /*%
  87  * Non-standard, NSEC3PARAM only.
  88  *
  89  * Prevent the creation of a NSEC chain before the last NSEC3 chain
  90  * is removed.  This will normally only be set when the zone is
  91  * transitioning from secure with NSEC3 chains to insecure.
  92  */
  93 #define DNS_NSEC3FLAG_NONSEC 0x10U
  94
  95 #endif /* GENERIC_NSEC3_50_H */