Dibbler - a portable DHCPv6  1.0.2RC1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Macros Pages
dnssec-sign.cpp File Reference
#include "poslib.h"
#include "dnssec-sign.h"
#include "nettle/hmac.h"
#include "nettle/base64.h"
#include "nettle/md5.h"
+ Include dependency graph for dnssec-sign.cpp:

Functions

std::string base64_decode (const char *line)
std::string base64_encode (const char *buff, int bufflen)
std::string calc_mac (DnsRR &tsig_rr, message_buff msg, std::string sign_key, message_buff *extra)
void tsig_from_string (DnsRR *&tsig_rr, std::string &sign_key, const char *keystring)
 get sign parameters from key string
void tsig_from_string (DnsMessage *message, const char *keystring)
 set message sign parameters from key string
DnsRRtsig_record (domainname keyname, unsigned short fudge, domainname sign_algorithm)
 create sparse TSIG record
void verify_signature (DnsRR *check_tsig, DnsRR *message_tsig, std::string key, message_buff message)
 verifies TSIG of received response

Function Documentation

std::string base64_decode ( const char *  str)

Base64-decode strings

std::string base64_encode ( const char *  buff,
int  bufflen 
)
std::string calc_mac ( DnsRR tsig_rr,
message_buff  message,
std::string  sign_key,
message_buff extra = NULL 
)

Calculate message MAC

< Secure Key Transaction Authentication (RFC 2845)

< Any class

void tsig_from_string ( DnsRR *&  tsig_rr,
std::string &  sign_key,
const char *  keystring 
)

get sign parameters from key string

Sets the TSIG signing parameters from a key string; see the other tsig_from_string for syntax.

void tsig_from_string ( DnsMessage message,
const char *  keystring 
)

set message sign parameters from key string

Sets the TSIG signing parameters for a DNS message from a key string, which is a string with the format keyname:key[:fudge]. The key is in BASE64 encoded form; if no fudge is given, the default fudge value of tsig_record will be used.

Parameters
messageThe message to set TSIG parameters of
keystringThe key string
DnsRR* tsig_record ( domainname  keyname,
unsigned short  fudge = 600,
domainname  sign_algorithm = "HMAC-MD5.SIG-ALG.REG.INT" 
)

create sparse TSIG record

Creates a TSIG RR with suitable values for use as DnsMessage::tsig_rr in checking and signing of DNS messages.

Parameters
keynameName of the key
fudgePermitted time difference between signing and checking
sign_algorithmAlgorithm used to sign the message (currently, only the default is supported)
Returns
The TSIG record

< Secure Key Transaction Authentication (RFC 2845)

< Any class

void verify_signature ( DnsRR check_tsig,
DnsRR message_tsig,
std::string  key,
message_buff  message 
)

verifies TSIG of received response

Verify TSIG signature.

Make sure that message_buff is trimmed down to not include TSIG record, as it must be passed in message_tsig.

Parameters
check_tsigTSIG RR from the original message
message_tsigTSIR RR from the response message that we are validating
keythe key used for signing
messagereceived message (without TSIG record)

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Bad key

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Not authoritative when required

< Secure Key Transaction Authentication (RFC 2845)

< Bad signature

< Bad key

< Bad sign time

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Secure Key Transaction Authentication (RFC 2845)

< Bad signature

< Bad signature