tsig_ctx.h 2.53 KB
Newer Older
1
/*  Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#pragma once

#include <stdint.h>

#include "libknot/packet/pkt.h"
22
#include "libknot/tsig.h"
23

24 25
#define TSIG_MAX_DIGEST_SIZE 64

Jan Včelák's avatar
Jan Včelák committed
26 27 28
/*!
  \brief TSIG context.
 */
29
typedef struct tsig_ctx {
30
	const knot_tsig_key_t *key;
31 32
	uint64_t prev_signed_time;

33
	uint8_t digest[TSIG_MAX_DIGEST_SIZE];
34 35
	size_t digest_size;

36
	/* Unsigned packets handling. */
37
	unsigned unsigned_count;
38 39 40
	uint8_t *buffer;
	size_t buffer_used;
	size_t buffer_size;
41 42
} tsig_ctx_t;

Jan Včelák's avatar
Jan Včelák committed
43 44 45 46 47 48 49
/*!
 * \brief Initialize TSIG context.
 *
 * \param ctx  TSIG context to be initialized.
 * \param key  Key to be used for signing. If NULL, all performed operations
 *             will do nothing and always successful.
 */
50
void tsig_init(tsig_ctx_t *ctx, const knot_tsig_key_t *key);
51

52 53 54 55 56 57 58
/*!
 * \brief Cleanup TSIG context.
 *
 * \param ctx TSIG context to be cleaned up.
 */
void tsig_cleanup(tsig_ctx_t *ctx);

59 60 61 62 63
/*!
 * \brief Reset TSIG context for new message exchange.
 */
void tsig_reset(tsig_ctx_t *ctx);

Jan Včelák's avatar
Jan Včelák committed
64 65 66 67 68 69 70 71
/*!
 * \brief Sign outgoing packet.
 *
 * \param ctx     TSIG signing context.
 * \param packet  Packet to be signed.
 *
 * \return Error code, KNOT_EOK if successful.
 */
72
int tsig_sign_packet(tsig_ctx_t *ctx, knot_pkt_t *packet);
73

Jan Včelák's avatar
Jan Včelák committed
74 75 76 77 78 79 80 81 82 83 84 85 86 87
/*!
 * \brief Verify incoming packet.
 *
 * If the packet is not signed, the function will succeed, but an internal
 * counter of unsigned packets is increased. When a packet is signed, the
 * same counter is reset to zero.
 *
 * \see tsig_unsigned_count
 *
 * \param ctx     TSIG signing context.
 * \param packet  Packet to be verified.
 *
 * \return Error code, KNOT_EOK if successful.
 */
88
int tsig_verify_packet(tsig_ctx_t *ctx, knot_pkt_t *packet);
89

90 91
/*!
 * \brief Get number of unsigned packets since the last signed one.
Jan Včelák's avatar
Jan Včelák committed
92 93 94 95
 *
 * \param ctx  TSIG signing context.
 *
 * \return Number of unsigned packets since the last signed one.
96 97
 */
unsigned tsig_unsigned_count(tsig_ctx_t *ctx);