tsec.h File Reference

The TSEC (Transaction Security) module is an abstraction layer for managing DNS transaction mechanisms such as TSIG or SIG(0). A TSEC structure is a mechanism-independent object containing key information specific to the mechanism, and is expected to be used as an argument to other modules that use transaction security in a mechanism-independent manner. More...

#include <dns/types.h>
#include <dst/dst.h>

Go to the source code of this file.

Defines
#define	DNS_TSEC_H   1
Enumerations
enum	dns_tsectype_t { dns_tsectype_none, dns_tsectype_tsig, dns_tsectype_sig0 }
	Transaction security types. More...
Functions
isc_result_t	dns_tsec_create (isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key, dns_tsec_t **tsecp)
	Create a TSEC structure and stores a type-dependent key structure in it. For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a TSIG key structure from '*key' and keeps it in the structure. For other types, this function simply retains '*key' in the structure. In either case, the ownership of '*key' is transferred to the TSEC module; the caller must not modify or destroy it after the call to dns_tsec_create().
void	dns_tsec_destroy (dns_tsec_t **tsecp)
	Destroy the TSEC structure. The stored key is also detached or destroyed.
dns_tsectype_t	dns_tsec_gettype (dns_tsec_t *tsec)
	Return the TSEC type of '*tsec'.
void	dns_tsec_getkey (dns_tsec_t *tsec, void *keyp)
	Return the TSEC key of '*tsec' in '*keyp'.

---

Detailed Description

The TSEC (Transaction Security) module is an abstraction layer for managing DNS transaction mechanisms such as TSIG or SIG(0). A TSEC structure is a mechanism-independent object containing key information specific to the mechanism, and is expected to be used as an argument to other modules that use transaction security in a mechanism-independent manner.

MP:

• A TSEC structure is expected to be thread-specific. No inter-thread synchronization is ensured in multiple access to a single TSEC structure.

Resources:

• TBS

Security:

• This module does not handle any low-level data directly, and so no security issue specific to this module is anticipated.

Definition in file tsec.h.

---

Define Documentation

#define DNS_TSEC_H   1

Definition at line 20 of file tsec.h.

---

Enumeration Type Documentation

enum dns_tsectype_t

Transaction security types.

Enumerator:

dns_tsectype_none
dns_tsectype_tsig
dns_tsectype_sig0

Definition at line 61 of file tsec.h.

---

Function Documentation

isc_result_t dns_tsec_create	(	isc_mem_t *	mctx,
		dns_tsectype_t	type,
		dst_key_t *	key,
		dns_tsec_t **	tsecp
	)

Create a TSEC structure and stores a type-dependent key structure in it. For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a TSIG key structure from '*key' and keeps it in the structure. For other types, this function simply retains '*key' in the structure. In either case, the ownership of '*key' is transferred to the TSEC module; the caller must not modify or destroy it after the call to dns_tsec_create().

Requires:

• 'mctx' is a valid memory context.

• 'type' is a valid value of dns_tsectype_t (see above).

• 'key' is a valid key.

• tsecp != NULL && *tsecp == NULL.

Returns:

• ISC_R_SUCCESS On success.

• Anything else Failure.

Definition at line 47 of file tsec.c.

References DNS_R_BADALG, DNS_TSEC_MAGIC, dns_tsectype_sig0, dns_tsectype_tsig, dns_tsig_hmacmd5_name, dns_tsig_hmacsha1_name, dns_tsig_hmacsha224_name, dns_tsig_hmacsha256_name, dns_tsig_hmacsha384_name, dns_tsig_hmacsha512_name, dns_tsigkey_createfromkey(), DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, dst_key_alg(), dst_key_name(), INSIST, ISC_FALSE, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, dns_tsec::key, dns_tsec::magic, dns_tsec::mctx, REQUIRE, dns_tsec::tsigkey, tsigkey, dns_tsec::type, and dns_tsec::ukey.

void dns_tsec_destroy

(

dns_tsec_t **

tsecp

)

Destroy the TSEC structure. The stored key is also detached or destroyed.

Requires

• '*tsecp' is a valid TSEC structure.

Ensures

• *tsecp == NULL.

Definition at line 114 of file tsec.c.

References DNS_TSEC_VALID, dns_tsectype_sig0, dns_tsectype_tsig, dns_tsigkey_detach(), dst_key_free(), INSIST, isc_mem_put, dns_tsec::key, dns_tsec::magic, dns_tsec::mctx, REQUIRE, dns_tsec::tsigkey, dns_tsec::type, and dns_tsec::ukey.

dns_tsectype_t dns_tsec_gettype

(

dns_tsec_t *

tsec

)

Return the TSEC type of '*tsec'.

Requires

• 'tsec' is a valid TSEC structure.

Definition at line 139 of file tsec.c.

References DNS_TSEC_VALID, REQUIRE, and dns_tsec::type.

Referenced by dns_client_startrequest(), and dns_client_startupdate().

void dns_tsec_getkey	(	dns_tsec_t *	tsec,
		void *	keyp
	)

Return the TSEC key of '*tsec' in '*keyp'.

Requires

• keyp != NULL

Ensures

• *tsecp points to a valid key structure depending on the TSEC type.

Definition at line 146 of file tsec.c.

References DNS_TSEC_VALID, dns_tsectype_sig0, dns_tsectype_tsig, dns_tsigkey_attach(), INSIST, dns_tsec::key, REQUIRE, dns_tsec::tsigkey, dns_tsec::type, and dns_tsec::ukey.

Referenced by dns_client_startrequest(), and dns_client_startupdate().

---