1 /* 2 * tsig.h -- defines for TSIG [RFC2845] 3 * 4 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 5 * 6 * See LICENSE for the license. 7 */ 8 9 #ifndef LDNS_TSIG_H 10 #define LDNS_TSIG_H 11 12 /** 13 * \file 14 * 15 * Defines functions for TSIG usage 16 */ 17 18 19 /** 20 * Contains credentials for TSIG 21 */ 22 typedef struct ldns_tsig_credentials_struct 23 { 24 char *algorithm; 25 char *keyname; 26 char *keydata; 27 /* XXX More eventually. */ 28 } ldns_tsig_credentials; 29 30 char *ldns_tsig_algorithm(ldns_tsig_credentials *); 31 char *ldns_tsig_keyname(ldns_tsig_credentials *); 32 char *ldns_tsig_keydata(ldns_tsig_credentials *); 33 char *ldns_tsig_keyname_clone(ldns_tsig_credentials *); 34 char *ldns_tsig_keydata_clone(ldns_tsig_credentials *); 35 36 /** 37 * verifies the tsig rr for the given packet and key. 38 * The wire must be given too because tsig does not sign normalized packets. 39 * 40 * \return true if tsig is correct, false if not, or if tsig is not set 41 */ 42 bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac); 43 44 /** 45 * creates a tsig rr for the given packet and key. 46 * \param[in] pkt the packet to sign 47 * \param[in] key_name the name of the shared key 48 * \param[in] key_data the key in base 64 format 49 * \param[in] fudge seconds of error permitted in time signed 50 * \param[in] algorithm_name the name of the algorithm used 51 * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) 52 * \return status (OK if success) 53 */ 54 ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac); 55 56 #endif /* LDNS_TSIG_H */ 57