*/
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac);
+bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac,
+ int tsig_timers_only);
+
/**
* creates a tsig rr for the given packet and key.
* \param[in] pkt the packet to sign
* \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers)
* \return status (OK if success)
*/
-ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac);
+ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+ const char *algorithm_name, ldns_rdf *query_mac);
+
+ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge,
+ const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only);
#ifdef __cplusplus
}
-/*
+/*
* tsig.c
*
* contains the functions needed for TSIG [RFC2845]
ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
- ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf)
+ ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
char *wireformat;
int wiresize;
(void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf);
}
ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
- (void)ldns_rdf2buffer_wire(data_buffer, key_name_rdf);
- ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
- ldns_buffer_write_u32(data_buffer, 0);
- (void)ldns_rdf2buffer_wire(data_buffer, algorithm_rdf);
+ if (!tsig_timers_only) {
+ (void)ldns_rdf2buffer_wire(data_buffer, key_name_rdf);
+ ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
+ ldns_buffer_write_u32(data_buffer, 0);
+ (void)ldns_rdf2buffer_wire(data_buffer, algorithm_rdf);
+ }
(void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf);
(void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf);
- (void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
- (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
+ if (!tsig_timers_only) {
+ (void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
+ (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
+ }
wireformat = (char *) data_buffer->_data;
wiresize = (int) ldns_buffer_position(data_buffer);
#ifdef HAVE_SSL
bool
-ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen,
- const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf)
+ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name,
+ const char *key_data, ldns_rdf *orig_mac_rdf)
+{
+ return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0);
+}
+
+bool
+ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name,
+ const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_rdf *fudge_rdf;
ldns_rdf *algorithm_rdf;
status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
- time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf);
+ time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
LDNS_FREE(prepared_wire);
/* TODO: memory :p */
ldns_status
ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data,
- uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
+ uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
+{
+ return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0);
+}
+
+ldns_status
+ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data,
+ uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
{
ldns_rr *tsig_rr;
ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
- time_signed_rdf, error_rdf, other_data_rdf, query_mac);
+ time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);
if (!mac_rdf) {
goto clean;
projects / thirdparty / ldns.git / commitdiff
