1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
/*
* tsig.h -- defines for TSIG [RFC2845]
*
* Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*/
#ifndef LDNS_TSIG_H
#define LDNS_TSIG_H
#ifdef __cplusplus
extern "C" {
#endif
/**
* \file
*
* Defines functions for TSIG usage
*/
/**
* Contains credentials for TSIG
*/
typedef struct ldns_tsig_credentials_struct
{
char *algorithm;
char *keyname;
char *keydata;
/* XXX More eventually. */
} ldns_tsig_credentials;
char *ldns_tsig_algorithm(ldns_tsig_credentials *);
char *ldns_tsig_keyname(ldns_tsig_credentials *);
char *ldns_tsig_keydata(ldns_tsig_credentials *);
char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
/**
* verifies the tsig rr for the given packet and key.
* The wire must be given too because tsig does not sign normalized packets.
* \param[in] pkt the packet to verify
* \param[in] wire needed to verify the mac
* \param[in] wire_size size of wire
* \param[in] key_name the name of the shared key
* \param[in] key_data the key in base 64 format
* \param[in] mac original mac
* \return true if tsig is correct, false if not, or if tsig is not set
*/
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
/**
* verifies the tsig rr for the given packet and key.
* The wire must be given too because tsig does not sign normalized packets.
* \param[in] pkt the packet to verify
* \param[in] wire needed to verify the mac
* \param[in] wire_size size of wire
* \param[in] key_name the name of the shared key
* \param[in] key_data the key in base 64 format
* \param[in] mac original mac
* \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
* \return true if tsig is correct, false if not, or if tsig is not set
*/
bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
int tsig_timers_only);
/**
* creates a tsig rr for the given packet and key.
* \param[in] pkt the packet to sign
* \param[in] key_name the name of the shared key
* \param[in] key_data the key in base 64 format
* \param[in] fudge seconds of error permitted in time signed
* \param[in] algorithm_name the name of the algorithm used
* \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
* \return status (OK if success)
*/
ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
const char *algorithm_name, ldns_rdf *query_mac);
/**
* creates a tsig rr for the given packet and key.
* \param[in] pkt the packet to sign
* \param[in] key_name the name of the shared key
* \param[in] key_data the key in base 64 format
* \param[in] fudge seconds of error permitted in time signed
* \param[in] algorithm_name the name of the algorithm used
* \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
* \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
* \return status (OK if success)
*/
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
#ifdef __cplusplus
}
#endif
#endif /* LDNS_TSIG_H */
|
Swift