Functions
tsig.c File Reference

Go to the source code of this file.

Functions

char * ldns_tsig_algorithm (ldns_tsig_credentials *tc)
char * ldns_tsig_keyname (ldns_tsig_credentials *tc)
char * ldns_tsig_keydata (ldns_tsig_credentials *tc)
char * ldns_tsig_keyname_clone (ldns_tsig_credentials *tc)
char * ldns_tsig_keydata_clone (ldns_tsig_credentials *tc)
uint8_t * ldns_tsig_prepare_pkt_wire (uint8_t *wire, size_t wire_len, size_t *result_len)
bool ldns_pkt_tsig_verify (ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf)
 verifies the tsig rr for the given packet and key.
bool ldns_pkt_tsig_verify_next (ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
 verifies the tsig rr for the given packet and key.
ldns_status ldns_pkt_tsig_sign (ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
 creates a tsig rr for the given packet and key.
ldns_status ldns_pkt_tsig_sign_next (ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
 creates a tsig rr for the given packet and key.

Function Documentation

char* ldns_tsig_algorithm ( ldns_tsig_credentials tc)

Definition at line 22 of file tsig.c.

References ldns_tsig_credentials_struct::algorithm.

char* ldns_tsig_keyname ( ldns_tsig_credentials tc)

Definition at line 28 of file tsig.c.

References ldns_tsig_credentials_struct::keyname.

char* ldns_tsig_keydata ( ldns_tsig_credentials tc)

Definition at line 34 of file tsig.c.

References ldns_tsig_credentials_struct::keydata.

char* ldns_tsig_keyname_clone ( ldns_tsig_credentials tc)

Definition at line 40 of file tsig.c.

References ldns_tsig_credentials_struct::keyname.

char* ldns_tsig_keydata_clone ( ldns_tsig_credentials tc)

Definition at line 46 of file tsig.c.

References ldns_tsig_credentials_struct::keydata.

uint8_t* ldns_tsig_prepare_pkt_wire ( uint8_t *  wire,
size_t  wire_len,
size_t *  result_len 
)
bool ldns_pkt_tsig_verify ( ldns_pkt pkt,
uint8_t *  wire,
size_t  wire_size,
const char *  key_name,
const char *  key_data,
ldns_rdf mac 
)

verifies the tsig rr for the given packet and key.

The wire must be given too because tsig does not sign normalized packets.

Parameters:
[in]pktthe packet to verify
[in]wireneeded to verify the mac
[in]wire_sizesize of wire
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]macoriginal mac
Returns:
true if tsig is correct, false if not, or if tsig is not set

Definition at line 278 of file tsig.c.

References ldns_pkt_tsig_verify_next().

bool ldns_pkt_tsig_verify_next ( ldns_pkt pkt,
uint8_t *  wire,
size_t  wire_size,
const char *  key_name,
const char *  key_data,
ldns_rdf mac,
int  tsig_timers_only 
)

verifies the tsig rr for the given packet and key.

The wire must be given too because tsig does not sign normalized packets.

Parameters:
[in]pktthe packet to verify
[in]wireneeded to verify the mac
[in]wire_sizesize of wire
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]macoriginal mac
[in]tsig_timers_onlymust be zero for the first packet and positive for subsequent packets. If zero, all digest components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac.
Returns:
true if tsig is correct, false if not, or if tsig is not set

Definition at line 285 of file tsig.c.

References ldns_rdf_new_frm_str(), LDNS_RDF_TYPE_DNAME, ldns_pkt_tsig(), ldns_rr_rd_count(), ldns_rdf_deep_free(), ldns_rr_rdf(), ldns_pkt_set_tsig(), ldns_pkt_id(), ldns_rdf2native_int16(), ldns_pkt_set_id(), ldns_tsig_prepare_pkt_wire(), LDNS_FREE, LDNS_STATUS_OK, and ldns_rdf_compare().

ldns_status ldns_pkt_tsig_sign ( ldns_pkt pkt,
const char *  key_name,
const char *  key_data,
uint16_t  fudge,
const char *  algorithm_name,
ldns_rdf query_mac 
)

creates a tsig rr for the given packet and key.

Parameters:
[in]pktthe packet to sign
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]fudgeseconds of error permitted in time signed
[in]algorithm_namethe name of the algorithm used
[in]query_macis added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
Returns:
status (OK if success)

Definition at line 354 of file tsig.c.

References ldns_pkt_tsig_sign_next().

ldns_status ldns_pkt_tsig_sign_next ( ldns_pkt pkt,
const char *  key_name,
const char *  key_data,
uint16_t  fudge,
const char *  algorithm_name,
ldns_rdf query_mac,
int  tsig_timers_only 
)

creates a tsig rr for the given packet and key.

Parameters:
[in]pktthe packet to sign
[in]key_namethe name of the shared key
[in]key_datathe key in base 64 format
[in]fudgeseconds of error permitted in time signed
[in]algorithm_namethe name of the algorithm used
[in]query_macis added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
[in]tsig_timers_onlymust be zero for the first packet and positive for subsequent packets. If zero, all digest components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac.
Returns:
status (OK if success)

Definition at line 361 of file tsig.c.

References ldns_rdf_new_frm_str(), LDNS_RDF_TYPE_DNAME, LDNS_STATUS_OK, LDNS_STATUS_MEM_ERR, LDNS_XMALLOC, LDNS_STATUS_INTERNAL_ERR, ldns_rdf_new(), LDNS_RDF_TYPE_TSIGTIME, LDNS_FREE, ldns_native2rdf_int16(), LDNS_RDF_TYPE_INT16, ldns_pkt_id(), ldns_native2rdf_int16_data(), ldns_pkt2wire(), LDNS_STATUS_ERR, ldns_rr_new(), ldns_rr_set_owner(), ldns_rr_set_class(), LDNS_RR_CLASS_ANY, ldns_rr_set_type(), LDNS_RR_TYPE_TSIG, ldns_rr_set_ttl(), ldns_rr_push_rdf(), ldns_pkt_set_tsig(), and ldns_rdf_free().