1 /* 2 * tsig.h -- defines for TSIG [RFC2845] 3 * 4 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 */ 8 9 #ifndef LDNS_TSIG_H 10 #define LDNS_TSIG_H 11 12 #ifdef __cplusplus 13 extern "C" { 14 #endif 15 16 /** 17 * \file 18 * 19 * Defines functions for TSIG usage 20 */ 21 22 23 /** 24 * Contains credentials for TSIG 25 */ 26 typedef struct ldns_tsig_credentials_struct 27 { 28 const char *algorithm; 29 const char *keyname; 30 const char *keydata; 31 /* XXX More eventually. */ 32 } ldns_tsig_credentials; 33 34 const char *ldns_tsig_algorithm(const ldns_tsig_credentials *); 35 const char *ldns_tsig_keyname(const ldns_tsig_credentials *); 36 const char *ldns_tsig_keydata(const ldns_tsig_credentials *); 37 char *ldns_tsig_keyname_clone(const ldns_tsig_credentials *); 38 char *ldns_tsig_keydata_clone(const ldns_tsig_credentials *); 39 40 /** 41 * verifies the tsig rr for the given packet and key. 42 * The wire must be given too because tsig does not sign normalized packets. 43 * \param[in] pkt the packet to verify 44 * \param[in] wire needed to verify the mac 45 * \param[in] wire_size size of wire 46 * \param[in] key_name the name of the shared key 47 * \param[in] key_data the key in base 64 format 48 * \param[in] mac original mac 49 * \return true if tsig is correct, false if not, or if tsig is not set 50 */ 51 bool ldns_pkt_tsig_verify(ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac); 52 53 /** 54 * verifies the tsig rr for the given packet and key. 55 * The wire must be given too because tsig does not sign normalized packets. 56 * \param[in] pkt the packet to verify 57 * \param[in] wire needed to verify the mac 58 * \param[in] wire_size size of wire 59 * \param[in] key_name the name of the shared key 60 * \param[in] key_data the key in base 64 format 61 * \param[in] mac original mac 62 * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest 63 components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac. 64 * \return true if tsig is correct, false if not, or if tsig is not set 65 */ 66 bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac, 67 int tsig_timers_only); 68 69 /** 70 * creates a tsig rr for the given packet and key. 71 * \param[in] pkt the packet to sign 72 * \param[in] key_name the name of the shared key 73 * \param[in] key_data the key in base 64 format 74 * \param[in] fudge seconds of error permitted in time signed 75 * \param[in] algorithm_name the name of the algorithm used 76 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) 77 * \return status (OK if success) 78 */ 79 ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, 80 const char *algorithm_name, const ldns_rdf *query_mac); 81 82 /** 83 * creates a tsig rr for the given packet and key. 84 * \param[in] pkt the packet to sign 85 * \param[in] key_name the name of the shared key 86 * \param[in] key_data the key in base 64 format 87 * \param[in] fudge seconds of error permitted in time signed 88 * \param[in] algorithm_name the name of the algorithm used 89 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) 90 * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest 91 components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac. 92 * \return status (OK if success) 93 */ 94 ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, 95 const char *algorithm_name, const ldns_rdf *query_mac, int tsig_timers_only); 96 97 #ifdef __cplusplus 98 } 99 #endif 100 101 #endif /* LDNS_TSIG_H */ 102