/contrib/bind9/lib/dns/include/dns/tsec.h

https://bitbucket.org/freebsd/freebsd-head/ · C Header · 137 lines · 21 code · 15 blank · 101 comment · 0 complexity · 22652f2842788ccec77cbb614d1431db MD5 · raw file

  1. /*
  2. * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
  3. *
  4. * Permission to use, copy, modify, and/or distribute this software for any
  5. * purpose with or without fee is hereby granted, provided that the above
  6. * copyright notice and this permission notice appear in all copies.
  7. *
  8. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  9. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  10. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  11. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  12. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  13. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  14. * PERFORMANCE OF THIS SOFTWARE.
  15. */
  16. /* $Id: tsec.h,v 1.6 2010/12/09 00:54:34 marka Exp $ */
  17. #ifndef DNS_TSEC_H
  18. #define DNS_TSEC_H 1
  19. /*****
  20. ***** Module Info
  21. *****/
  22. /*! \file
  23. *
  24. * \brief
  25. * The TSEC (Transaction Security) module is an abstraction layer for managing
  26. * DNS transaction mechanisms such as TSIG or SIG(0). A TSEC structure is a
  27. * mechanism-independent object containing key information specific to the
  28. * mechanism, and is expected to be used as an argument to other modules
  29. * that use transaction security in a mechanism-independent manner.
  30. *
  31. * MP:
  32. *\li A TSEC structure is expected to be thread-specific. No inter-thread
  33. * synchronization is ensured in multiple access to a single TSEC
  34. * structure.
  35. *
  36. * Resources:
  37. *\li TBS
  38. *
  39. * Security:
  40. *\li This module does not handle any low-level data directly, and so no
  41. * security issue specific to this module is anticipated.
  42. */
  43. #include <dns/types.h>
  44. #include <dst/dst.h>
  45. ISC_LANG_BEGINDECLS
  46. /***
  47. *** Types
  48. ***/
  49. /*%
  50. * Transaction security types.
  51. */
  52. typedef enum {
  53. dns_tsectype_none,
  54. dns_tsectype_tsig,
  55. dns_tsectype_sig0
  56. } dns_tsectype_t;
  57. isc_result_t
  58. dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
  59. dns_tsec_t **tsecp);
  60. /*%<
  61. * Create a TSEC structure and stores a type-dependent key structure in it.
  62. * For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a
  63. * TSIG key structure from '*key' and keeps it in the structure. For other
  64. * types, this function simply retains '*key' in the structure. In either
  65. * case, the ownership of '*key' is transferred to the TSEC module; the caller
  66. * must not modify or destroy it after the call to dns_tsec_create().
  67. *
  68. * Requires:
  69. *
  70. *\li 'mctx' is a valid memory context.
  71. *
  72. *\li 'type' is a valid value of dns_tsectype_t (see above).
  73. *
  74. *\li 'key' is a valid key.
  75. *
  76. *\li tsecp != NULL && *tsecp == NULL.
  77. *
  78. * Returns:
  79. *
  80. *\li #ISC_R_SUCCESS On success.
  81. *
  82. *\li Anything else Failure.
  83. */
  84. void
  85. dns_tsec_destroy(dns_tsec_t **tsecp);
  86. /*%<
  87. * Destroy the TSEC structure. The stored key is also detached or destroyed.
  88. *
  89. * Requires
  90. *
  91. *\li '*tsecp' is a valid TSEC structure.
  92. *
  93. * Ensures
  94. *
  95. *\li *tsecp == NULL.
  96. *
  97. */
  98. dns_tsectype_t
  99. dns_tsec_gettype(dns_tsec_t *tsec);
  100. /*%<
  101. * Return the TSEC type of '*tsec'.
  102. *
  103. * Requires
  104. *
  105. *\li 'tsec' is a valid TSEC structure.
  106. *
  107. */
  108. void
  109. dns_tsec_getkey(dns_tsec_t *tsec, void *keyp);
  110. /*%<
  111. * Return the TSEC key of '*tsec' in '*keyp'.
  112. *
  113. * Requires
  114. *
  115. *\li keyp != NULL
  116. *
  117. * Ensures
  118. *
  119. *\li *tsecp points to a valid key structure depending on the TSEC type.
  120. */
  121. ISC_LANG_ENDDECLS
  122. #endif /* DNS_TSEC_H */