/contrib/bind9/lib/dns/include/dns/tsec.h
https://bitbucket.org/freebsd/freebsd-head/ · C Header · 137 lines · 21 code · 15 blank · 101 comment · 0 complexity · 22652f2842788ccec77cbb614d1431db MD5 · raw file
- /*
- * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
- /* $Id: tsec.h,v 1.6 2010/12/09 00:54:34 marka Exp $ */
- #ifndef DNS_TSEC_H
- #define DNS_TSEC_H 1
- /*****
- ***** Module Info
- *****/
- /*! \file
- *
- * \brief
- * The TSEC (Transaction Security) module is an abstraction layer for managing
- * DNS transaction mechanisms such as TSIG or SIG(0). A TSEC structure is a
- * mechanism-independent object containing key information specific to the
- * mechanism, and is expected to be used as an argument to other modules
- * that use transaction security in a mechanism-independent manner.
- *
- * MP:
- *\li A TSEC structure is expected to be thread-specific. No inter-thread
- * synchronization is ensured in multiple access to a single TSEC
- * structure.
- *
- * Resources:
- *\li TBS
- *
- * Security:
- *\li This module does not handle any low-level data directly, and so no
- * security issue specific to this module is anticipated.
- */
- #include <dns/types.h>
- #include <dst/dst.h>
- ISC_LANG_BEGINDECLS
- /***
- *** Types
- ***/
- /*%
- * Transaction security types.
- */
- typedef enum {
- dns_tsectype_none,
- dns_tsectype_tsig,
- dns_tsectype_sig0
- } dns_tsectype_t;
- isc_result_t
- dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
- dns_tsec_t **tsecp);
- /*%<
- * Create a TSEC structure and stores a type-dependent key structure in it.
- * For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a
- * TSIG key structure from '*key' and keeps it in the structure. For other
- * types, this function simply retains '*key' in the structure. In either
- * case, the ownership of '*key' is transferred to the TSEC module; the caller
- * must not modify or destroy it after the call to dns_tsec_create().
- *
- * Requires:
- *
- *\li 'mctx' is a valid memory context.
- *
- *\li 'type' is a valid value of dns_tsectype_t (see above).
- *
- *\li 'key' is a valid key.
- *
- *\li tsecp != NULL && *tsecp == NULL.
- *
- * Returns:
- *
- *\li #ISC_R_SUCCESS On success.
- *
- *\li Anything else Failure.
- */
- void
- dns_tsec_destroy(dns_tsec_t **tsecp);
- /*%<
- * Destroy the TSEC structure. The stored key is also detached or destroyed.
- *
- * Requires
- *
- *\li '*tsecp' is a valid TSEC structure.
- *
- * Ensures
- *
- *\li *tsecp == NULL.
- *
- */
- dns_tsectype_t
- dns_tsec_gettype(dns_tsec_t *tsec);
- /*%<
- * Return the TSEC type of '*tsec'.
- *
- * Requires
- *
- *\li 'tsec' is a valid TSEC structure.
- *
- */
- void
- dns_tsec_getkey(dns_tsec_t *tsec, void *keyp);
- /*%<
- * Return the TSEC key of '*tsec' in '*keyp'.
- *
- * Requires
- *
- *\li keyp != NULL
- *
- * Ensures
- *
- *\li *tsecp points to a valid key structure depending on the TSEC type.
- */
- ISC_LANG_ENDDECLS
- #endif /* DNS_TSEC_H */