/usr/include/dnssec/sign.h is in libknot-dev 2.4.0-3+deb9u1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 | /* Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file
*
* DNSSEC signing API.
*
* \defgroup sign Sign
*
* DNSSEC signing API.
*
* The module provides the low level DNSSEC signing and verification.
*
* Example of signature validation:
*
* ~~~~~ {.c}
*
* dnssec_key_t *dnskey = // ... ;
* dnssec_binary_t *rrsig_header = // ... ;
* dnssec_binary_t *covered_rdata = // ... ;
* dnssec_binary_t *signature = // ... ;
*
* int result;
* dnssec_sign_ctx_t *ctx = NULL;
*
* result = dnssec_sign_new(&ctx, dnskey);
* if (result != DNSSEC_EOK) {
* return result;
* }
*
* dnssec_sign_add(ctx, rrsig_header);
* dnssec_sign_add(ctx, covered_rdata);
*
* result = dnssec_sign_verify(ctx, signature);
* if (result == DNSSEC_EOK) {
* // valid signature
* } else if (result == DNSSEC_INVALID_SIGNATURE) {
* // invalid signature
* } else {
* // error
* }
*
* dnssec_sign_free(ctx);
*
* ~~~~~
*
*
* @{
*/
#pragma once
#include <stdint.h>
#include <stdlib.h>
#include <dnssec/binary.h>
#include <dnssec/key.h>
struct dnssec_sign_ctx;
/*!
* DNSSEC signing context.
*/
typedef struct dnssec_sign_ctx dnssec_sign_ctx_t;
/*!
* Create new DNSSEC signing context.
*
* \note \ref dnssec_sign_init is called as a part of this function.
*
* \param ctx_ptr Pointer to context to be allocated.
* \param key DNSSEC key to be used.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_sign_new(dnssec_sign_ctx_t **ctx_ptr, const dnssec_key_t *key);
/*!
* Free DNSSEC signing context.
*
* \param ctx Signing context to be freed.
*/
void dnssec_sign_free(dnssec_sign_ctx_t *ctx);
/*!
* Reinitialize DNSSEC signing context to start a new operation.
*
* \param ctx Signing context.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_sign_init(dnssec_sign_ctx_t *ctx);
/*!
* Add data to be covered by DNSSEC signature.
*
* \param ctx Signing context.
* \param data Data to be signed.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_sign_add(dnssec_sign_ctx_t *ctx, const dnssec_binary_t *data);
/*!
* Write down the DNSSEC signature.
*
* \param ctx Signing context.
* \param signature Signature to be allocated and written.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_sign_write(dnssec_sign_ctx_t *ctx, dnssec_binary_t *signature);
/*!
* Verify DNSSEC signature.
*
* \param ctx Signing context.
* \param signature Signature to be verified.
*
* \return Error code.
* \retval DNSSEC_EOK Validation successful, valid signature.
* \retval DNSSEC_INVALID_SIGNATURE Validation successful, invalid signature.
*/
int dnssec_sign_verify(dnssec_sign_ctx_t *ctx, const dnssec_binary_t *signature);
/** @} */
|