ldns/drill: Update vendor branch to 1.6.9
[dragonfly.git] / contrib / ldns / ldns / tsig.h
CommitLineData
825eb42b
JL
1/*
2 * tsig.h -- defines for TSIG [RFC2845]
3 *
4 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
5 *
6 * See LICENSE for the license.
7 */
8
9#ifndef LDNS_TSIG_H
10#define LDNS_TSIG_H
11
ac996e71
JL
12#ifdef __cplusplus
13extern "C" {
14#endif
15
825eb42b
JL
16/**
17 * \file
18 *
19 * Defines functions for TSIG usage
20 */
21
22
23/**
24 * Contains credentials for TSIG
25*/
26typedef struct ldns_tsig_credentials_struct
27{
28 char *algorithm;
29 char *keyname;
30 char *keydata;
31 /* XXX More eventually. */
32} ldns_tsig_credentials;
33
34char *ldns_tsig_algorithm(ldns_tsig_credentials *);
35char *ldns_tsig_keyname(ldns_tsig_credentials *);
36char *ldns_tsig_keydata(ldns_tsig_credentials *);
37char *ldns_tsig_keyname_clone(ldns_tsig_credentials *);
38char *ldns_tsig_keydata_clone(ldns_tsig_credentials *);
39
40/**
41 * verifies the tsig rr for the given packet and key.
42 * The wire must be given too because tsig does not sign normalized packets.
ac996e71
JL
43 * \param[in] pkt the packet to verify
44 * \param[in] wire needed to verify the mac
45 * \param[in] wire_size size of wire
46 * \param[in] key_name the name of the shared key
47 * \param[in] key_data the key in base 64 format
48 * \param[in] mac original mac
825eb42b
JL
49 * \return true if tsig is correct, false if not, or if tsig is not set
50 */
51bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
52
fd185f4d
JL
53/**
54 * verifies the tsig rr for the given packet and key.
55 * The wire must be given too because tsig does not sign normalized packets.
56 * \param[in] pkt the packet to verify
57 * \param[in] wire needed to verify the mac
58 * \param[in] wire_size size of wire
59 * \param[in] key_name the name of the shared key
60 * \param[in] key_data the key in base 64 format
61 * \param[in] mac original mac
62 * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
63 components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
64 * \return true if tsig is correct, false if not, or if tsig is not set
65 */
ac996e71
JL
66bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
67 int tsig_timers_only);
68
825eb42b
JL
69/**
70 * creates a tsig rr for the given packet and key.
71 * \param[in] pkt the packet to sign
72 * \param[in] key_name the name of the shared key
73 * \param[in] key_data the key in base 64 format
74 * \param[in] fudge seconds of error permitted in time signed
75 * \param[in] algorithm_name the name of the algorithm used
76 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
77 * \return status (OK if success)
78 */
ac996e71
JL
79ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
80 const char *algorithm_name, ldns_rdf *query_mac);
81
fd185f4d
JL
82/**
83 * creates a tsig rr for the given packet and key.
84 * \param[in] pkt the packet to sign
85 * \param[in] key_name the name of the shared key
86 * \param[in] key_data the key in base 64 format
87 * \param[in] fudge seconds of error permitted in time signed
88 * \param[in] algorithm_name the name of the algorithm used
89 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
90 * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest
91 components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
92 * \return status (OK if success)
93 */
ac996e71
JL
94ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
95 const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
96
97#ifdef __cplusplus
98}
99#endif
825eb42b
JL
100
101#endif /* LDNS_TSIG_H */