2 * Copyright (C) 2009, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
17 /* $Id: tsec.h,v 1.6 2010/12/09 00:54:34 marka Exp $ */
29 * The TSEC (Transaction Security) module is an abstraction layer for managing
30 * DNS transaction mechanisms such as TSIG or SIG(0). A TSEC structure is a
31 * mechanism-independent object containing key information specific to the
32 * mechanism, and is expected to be used as an argument to other modules
33 * that use transaction security in a mechanism-independent manner.
36 *\li A TSEC structure is expected to be thread-specific. No inter-thread
37 * synchronization is ensured in multiple access to a single TSEC
44 *\li This module does not handle any low-level data directly, and so no
45 * security issue specific to this module is anticipated.
48 #include <dns/types.h>
59 * Transaction security types.
68 dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
71 * Create a TSEC structure and stores a type-dependent key structure in it.
72 * For a TSIG key (type is dns_tsectype_tsig), dns_tsec_create() creates a
73 * TSIG key structure from '*key' and keeps it in the structure. For other
74 * types, this function simply retains '*key' in the structure. In either
75 * case, the ownership of '*key' is transferred to the TSEC module; the caller
76 * must not modify or destroy it after the call to dns_tsec_create().
80 *\li 'mctx' is a valid memory context.
82 *\li 'type' is a valid value of dns_tsectype_t (see above).
84 *\li 'key' is a valid key.
86 *\li tsecp != NULL && *tsecp == NULL.
90 *\li #ISC_R_SUCCESS On success.
92 *\li Anything else Failure.
96 dns_tsec_destroy(dns_tsec_t **tsecp);
98 * Destroy the TSEC structure. The stored key is also detached or destroyed.
102 *\li '*tsecp' is a valid TSEC structure.
111 dns_tsec_gettype(dns_tsec_t *tsec);
113 * Return the TSEC type of '*tsec'.
117 *\li 'tsec' is a valid TSEC structure.
122 dns_tsec_getkey(dns_tsec_t *tsec, void *keyp);
124 * Return the TSEC key of '*tsec' in '*keyp'.
132 *\li *tsecp points to a valid key structure depending on the TSEC type.
137 #endif /* DNS_TSEC_H */