diff options
Diffstat (limited to 'contrib/ldns/ldns/tsig.h')
-rw-r--r-- | contrib/ldns/ldns/tsig.h | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/contrib/ldns/ldns/tsig.h b/contrib/ldns/ldns/tsig.h new file mode 100644 index 000000000000..676045fbb6b2 --- /dev/null +++ b/contrib/ldns/ldns/tsig.h @@ -0,0 +1,101 @@ +/* + * tsig.h -- defines for TSIG [RFC2845] + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +#ifndef LDNS_TSIG_H +#define LDNS_TSIG_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \file + * + * Defines functions for TSIG usage + */ + + +/** + * Contains credentials for TSIG +*/ +typedef struct ldns_tsig_credentials_struct +{ + char *algorithm; + char *keyname; + char *keydata; + /* XXX More eventually. */ +} ldns_tsig_credentials; + +char *ldns_tsig_algorithm(ldns_tsig_credentials *); +char *ldns_tsig_keyname(ldns_tsig_credentials *); +char *ldns_tsig_keydata(ldns_tsig_credentials *); +char *ldns_tsig_keyname_clone(ldns_tsig_credentials *); +char *ldns_tsig_keydata_clone(ldns_tsig_credentials *); + +/** + * verifies the tsig rr for the given packet and key. + * The wire must be given too because tsig does not sign normalized packets. + * \param[in] pkt the packet to verify + * \param[in] wire needed to verify the mac + * \param[in] wire_size size of wire + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] mac original mac + * \return true if tsig is correct, false if not, or if tsig is not set + */ +bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac); + +/** + * verifies the tsig rr for the given packet and key. + * The wire must be given too because tsig does not sign normalized packets. + * \param[in] pkt the packet to verify + * \param[in] wire needed to verify the mac + * \param[in] wire_size size of wire + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] mac original mac + * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest + components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac. + * \return true if tsig is correct, false if not, or if tsig is not set + */ +bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac, + int tsig_timers_only); + +/** + * creates a tsig rr for the given packet and key. + * \param[in] pkt the packet to sign + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] fudge seconds of error permitted in time signed + * \param[in] algorithm_name the name of the algorithm used + * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) + * \return status (OK if success) + */ +ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, + const char *algorithm_name, ldns_rdf *query_mac); + +/** + * creates a tsig rr for the given packet and key. + * \param[in] pkt the packet to sign + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] fudge seconds of error permitted in time signed + * \param[in] algorithm_name the name of the algorithm used + * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) + * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest + components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac. + * \return status (OK if success) + */ +ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, + const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_TSIG_H */ |