tsig.h File Reference

Defines functions for TSIG usage. More...

Go to the source code of this file.

Data Structures

struct  ldns_tsig_credentials_struct
 Contains credentials for TSIG. More...
 

Typedefs

typedef struct ldns_tsig_credentials_struct ldns_tsig_credentials
 Contains credentials for TSIG. More...
 

Functions

const char * ldns_tsig_algorithm (const ldns_tsig_credentials *)
 
const char * ldns_tsig_keyname (const ldns_tsig_credentials *)
 
const char * ldns_tsig_keydata (const ldns_tsig_credentials *)
 
char * ldns_tsig_keyname_clone (const ldns_tsig_credentials *)
 
char * ldns_tsig_keydata_clone (const ldns_tsig_credentials *)
 
bool ldns_pkt_tsig_verify (ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac)
 verifies the tsig rr for the given packet and key. More...
 
bool ldns_pkt_tsig_verify_next (ldns_pkt *pkt, const uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, const ldns_rdf *mac, int tsig_timers_only)
 verifies the tsig rr for the given packet and key. More...
 
ldns_status ldns_pkt_tsig_sign (ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, const ldns_rdf *query_mac)
 creates a tsig rr for the given packet and key. More...
 
ldns_status ldns_pkt_tsig_sign_next (ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, const ldns_rdf *query_mac, int tsig_timers_only)
 creates a tsig rr for the given packet and key. More...
 

Detailed Description

Defines functions for TSIG usage.

Definition in file tsig.h.

Typedef Documentation

◆ ldns_tsig_credentials

Contains credentials for TSIG.

Function Documentation

◆ ldns_tsig_algorithm()

const char* ldns_tsig_algorithm ( const ldns_tsig_credentials tc)

Definition at line 22 of file tsig.c.

References ldns_tsig_credentials_struct::algorithm.

◆ ldns_tsig_keyname()

const char* ldns_tsig_keyname ( const ldns_tsig_credentials tc)

Definition at line 28 of file tsig.c.

References ldns_tsig_credentials_struct::keyname.

◆ ldns_tsig_keydata()

const char* ldns_tsig_keydata ( const ldns_tsig_credentials tc)

Definition at line 34 of file tsig.c.

References ldns_tsig_credentials_struct::keydata.

◆ ldns_tsig_keyname_clone()

char* ldns_tsig_keyname_clone ( const ldns_tsig_credentials tc)

Definition at line 40 of file tsig.c.

References ldns_tsig_credentials_struct::keyname.

◆ ldns_tsig_keydata_clone()

char* ldns_tsig_keydata_clone ( const ldns_tsig_credentials tc)

Definition at line 46 of file tsig.c.

References ldns_tsig_credentials_struct::keydata.

◆ ldns_pkt_tsig_verify()

bool ldns_pkt_tsig_verify ( ldns_pkt pkt,
const uint8_t *  wire,
size_t  wire_size,
const char *  key_name,
const char *  key_data,
const ldns_rdf mac 
)

verifies the tsig rr for the given packet and key.

The wire must be given too because tsig does not sign normalized packets.

Parameters
[in]pktthe packet to verify
[in]wireneeded to verify the mac
[in]wire_sizesize of wire
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]macoriginal mac
Returns
true if tsig is correct, false if not, or if tsig is not set

Definition at line 288 of file tsig.c.

References ldns_pkt_tsig_verify_next().

◆ ldns_pkt_tsig_verify_next()

bool ldns_pkt_tsig_verify_next ( ldns_pkt pkt,
const uint8_t *  wire,
size_t  wire_size,
const char *  key_name,
const char *  key_data,
const ldns_rdf mac,
int  tsig_timers_only 
)

verifies the tsig rr for the given packet and key.

The wire must be given too because tsig does not sign normalized packets.

Parameters
[in]pktthe packet to verify
[in]wireneeded to verify the mac
[in]wire_sizesize of wire
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]macoriginal mac
[in]tsig_timers_onlymust be zero for the first packet and positive for subsequent packets. If zero, all digest components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
Returns
true if tsig is correct, false if not, or if tsig is not set

Definition at line 295 of file tsig.c.

References ldns_pkt_id(), ldns_pkt_set_id(), ldns_pkt_set_tsig(), ldns_pkt_tsig(), ldns_rdf2native_int16(), ldns_rdf_deep_free(), ldns_rdf_new_frm_str(), LDNS_RDF_TYPE_DNAME, ldns_rr_rd_count(), and ldns_rr_rdf().

◆ ldns_pkt_tsig_sign()

ldns_status ldns_pkt_tsig_sign ( ldns_pkt pkt,
const char *  key_name,
const char *  key_data,
uint16_t  fudge,
const char *  algorithm_name,
const ldns_rdf query_mac 
)

creates a tsig rr for the given packet and key.

Parameters
[in]pktthe packet to sign
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]fudgeseconds of error permitted in time signed
[in]algorithm_namethe name of the algorithm used
[in]query_macis added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
Returns
status (OK if success)

Definition at line 376 of file tsig.c.

References ldns_pkt_tsig_sign_next().

◆ ldns_pkt_tsig_sign_next()

ldns_status ldns_pkt_tsig_sign_next ( ldns_pkt pkt,
const char *  key_name,
const char *  key_data,
uint16_t  fudge,
const char *  algorithm_name,
const ldns_rdf query_mac,
int  tsig_timers_only 
)

creates a tsig rr for the given packet and key.

Parameters
[in]pktthe packet to sign
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]fudgeseconds of error permitted in time signed
[in]algorithm_namethe name of the algorithm used
[in]query_macis added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
[in]tsig_timers_onlymust be zero for the first packet and positive for subsequent packets. If zero, all digest components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
Returns
status (OK if success)

Definition at line 383 of file tsig.c.

References ldns_rdf_new_frm_str(), LDNS_RDF_TYPE_DNAME, LDNS_STATUS_MEM_ERR, LDNS_STATUS_OK, and LDNS_XMALLOC.