Initial vendor import of ldns-1.6.4 into contrib.
[dragonfly.git] / contrib / ldns / ldns / tsig.h
CommitLineData
825eb42b
JL
1/*
2 * tsig.h -- defines for TSIG [RFC2845]
3 *
4 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
5 *
6 * See LICENSE for the license.
7 */
8
9#ifndef LDNS_TSIG_H
10#define LDNS_TSIG_H
11
12/**
13 * \file
14 *
15 * Defines functions for TSIG usage
16 */
17
18
19/**
20 * Contains credentials for TSIG
21*/
22typedef struct ldns_tsig_credentials_struct
23{
24 char *algorithm;
25 char *keyname;
26 char *keydata;
27 /* XXX More eventually. */
28} ldns_tsig_credentials;
29
30char *ldns_tsig_algorithm(ldns_tsig_credentials *);
31char *ldns_tsig_keyname(ldns_tsig_credentials *);
32char *ldns_tsig_keydata(ldns_tsig_credentials *);
33char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
34char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
35
36/**
37 * verifies the tsig rr for the given packet and key.
38 * The wire must be given too because tsig does not sign normalized packets.
39 *
40 * \return true if tsig is correct, false if not, or if tsig is not set
41 */
42bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
43
44/**
45 * creates a tsig rr for the given packet and key.
46 * \param[in] pkt the packet to sign
47 * \param[in] key_name the name of the shared key
48 * \param[in] key_data the key in base 64 format
49 * \param[in] fudge seconds of error permitted in time signed
50 * \param[in] algorithm_name the name of the algorithm used
51 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
52 * \return status (OK if success)
53 */
54ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac);
55
56#endif /* LDNS_TSIG_H */