]> git.saurik.com Git - apple/mdnsresponder.git/blob - Clients/dnssdutil/DNSServerDNSSEC.h
projects / apple / mdnsresponder.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mDNSResponder-1310.80.1.tar.gz
[apple/mdnsresponder.git] / Clients / dnssdutil / DNSServerDNSSEC.h
1 /*
2 Copyright (c) 2020 Apple Inc. All rights reserved.
3 */
4
5 #ifndef __DNSServerDNSSEC_h
6 #define __DNSServerDNSSEC_h
7
8 #include <CoreUtils/CoreUtils.h>
9
10 CU_ASSUME_NONNULL_BEGIN
11
12 __BEGIN_DECLS
13
14 //---------------------------------------------------------------------------------------------------------------------------
15 /*! @brief Zone Label Argument Limits
16 */
17
18 #define kZoneLabelIndexArgMin 1
19 #define kZoneLabelIndexArgMax 3
20
21 //---------------------------------------------------------------------------------------------------------------------------
22 /*! @brief Reference to a DNSKeyInfo object.
23 */
24 typedef const union DNSKeyInfo * DNSKeyInfoRef;
25
26 //---------------------------------------------------------------------------------------------------------------------------
27 /*! @brief Gets a constant DNSKeyInfo object, which represents a DNSSEC DNS key.
28
29 @param inAlgorithm The desired DNSKeyInfo object's DNSSEC algorithm number.
30 @param inIndex The desired DNSKeyInfo object's index number.
31 @param inGetZSK If true, gets a zone-signing key. Otherwise a key-signing key.
32
33 @result If a reference to the DNSKeyInfo object if it exists, otherwise, NULL.
34 */
35 DNSKeyInfoRef _Nullable GetDNSKeyInfoEx( uint32_t inAlgorithm, uint32_t inIndex, Boolean inGetZSK );
36 #define GetDNSKeyInfoKSK( ALGORITHM, INDEX ) GetDNSKeyInfoEx( ALGORITHM, INDEX, false )
37 #define GetDNSKeyInfoZSK( ALGORITHM, INDEX ) GetDNSKeyInfoEx( ALGORITHM, INDEX, true )
38
39 //---------------------------------------------------------------------------------------------------------------------------
40 /*! @brief Gets a DNSKeyInfo object's DNSSEC algorithm number.
41
42 @param inKeyInfo The DNSKeyInfo object.
43
44 @result The DNSSEC algorithm number.
45
46 @discussion See <https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1>.
47 */
48 uint8_t DNSKeyInfoGetAlgorithm( DNSKeyInfoRef inKeyInfo );
49
50 //---------------------------------------------------------------------------------------------------------------------------
51 /*! @brief Gets a pointer to a DNSKeyInfo object's DNSKEY record data.
52
53 @param inKeyInfo The DNSKeyInfo object.
54
55 @result The DNSKEY record data in wire format. See <https://tools.ietf.org/html/rfc4034#section-2.1>.
56
57 @discussion Use DNSKeyInfoGetRDataLen() to get the record data's length.
58 */
59 const uint8_t * DNSKeyInfoGetRDataPtr( DNSKeyInfoRef inKeyInfo );
60
61 //---------------------------------------------------------------------------------------------------------------------------
62 /*! @brief Gets the length of a DNSKeyInfo object's DNSKEY record data.
63
64 @param inKeyInfo The DNSKeyInfo object.
65
66 @result The length of the record data.
67 */
68 uint16_t DNSKeyInfoGetRDataLen( DNSKeyInfoRef inKeyInfo );
69
70 //---------------------------------------------------------------------------------------------------------------------------
71 /*! @brief Gets a pointer to a DNSKeyInfo object's public key.
72
73 @param inKeyInfo The DNSKeyInfo object.
74
75 @result A pointer to the public key.
76
77 @discussion Use DNSKeyInfoGetPubKeyLen() to get the public key's length.
78 */
79 const uint8_t * _Nullable DNSKeyInfoGetPubKeyPtr( DNSKeyInfoRef inKeyInfo );
80
81 //---------------------------------------------------------------------------------------------------------------------------
82 /*! @brief Gets the length of a DNSKeyInfo object's public key.
83
84 @param inKeyInfo The DNSKeyInfo object.
85
86 @result The length of the public key.
87 */
88 size_t DNSKeyInfoGetPubKeyLen( DNSKeyInfoRef inKeyInfo );
89
90 //---------------------------------------------------------------------------------------------------------------------------
91 /*! @brief Gets the DNSSEC key tag of DNSKeyInfo objects' DNSKEY record data.
92
93 @param inKeyInfo The DNSKeyInfo object.
94
95 @result The DNSSEC key tag.
96 */
97 uint16_t DNSKeyInfoGetKeyTag( DNSKeyInfoRef inKeyInfo );
98
99 //---------------------------------------------------------------------------------------------------------------------------
100 /*! @defined kDNSServerSignatureLengthMax
101
102 @discussion The maximum length of a DNSSEC signature for DNSSEC algorithms currently implemented by the test DNS server.
103 */
104 #define kDNSServerSignatureLengthMax 256
105
106 //---------------------------------------------------------------------------------------------------------------------------
107 /*! @brief Signs a message using a DNSKeyInfo object's secret key.
108
109 @param inKeyInfo The DNSKeyInfo object.
110 @param inMsgPtr Pointer to the message to sign.
111 @param inMsgLen Length, in bytes, of the message to sign.
112 @param outSignature Buffer to which to write the signature.
113 @param outSignatureLen Pointer of variable to get set to the signature's length.
114
115 @result Returns true if the message was able to be signed, otherwise, returns false.
116 */
117 Boolean
118 DNSKeyInfoSign(
119 DNSKeyInfoRef inKeyInfo,
120 const uint8_t * inMsgPtr,
121 size_t inMsgLen,
122 uint8_t outSignature[ STATIC_PARAM kDNSServerSignatureLengthMax ],
123 size_t * outSignatureLen );
124
125 //---------------------------------------------------------------------------------------------------------------------------
126 /*! @brief Verifies a signature using a DNSKeyInfo object's public key.
127
128 @param inKeyInfo The DNSKeyInfo object.
129 @param inMsgPtr Pointer to the message that was signed.
130 @param inMsgLen Length, in bytes, of the message that was signed.
131 @param inSignaturePtr Pointer to the supposed signature.
132 @param inSignatureLen Length, in bytes, of the supposed signature.
133
134 @result Returns true if the signature was verified, otherwise, returns false.
135 */
136 Boolean
137 DNSKeyInfoVerify(
138 DNSKeyInfoRef inKeyInfo,
139 const uint8_t * inMsgPtr,
140 size_t inMsgLen,
141 const uint8_t * inSignaturePtr,
142 size_t inSignatureLen );
143
144 //---------------------------------------------------------------------------------------------------------------------------
145 /*! @brief Gets a short description of a DNSKeyInfo object's DNSSEC algorithm.
146
147 @param inKeyInfo The DNSKeyInfo object.
148
149 @result The description as a UTF-8 C string.
150 */
151 const char * DNSKeyInfoGetAlgorithmDescription( DNSKeyInfoRef inKeyInfo );
152
153 __END_DECLS
154
155 CU_ASSUME_NONNULL_END
156
157 #endif // __DNSServerDNSSEC_h
mirror of mDNSResponder