dane.h
Go to the documentation of this file.
00001 /*
00002  * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
00003  *                           Transport Layer Security (TLS) Protocol: TLSA
00004  *
00005  * Copyright (c) 2012, NLnet Labs. All rights reserved.
00006  *
00007  * See LICENSE for the license.
00008  *
00009  */
00010 
00023 #ifndef LDNS_DANE_H
00024 #define LDNS_DANE_H
00025 #if LDNS_BUILD_CONFIG_USE_DANE
00026 
00027 #include <ldns/common.h>
00028 #include <ldns/rdata.h>
00029 #include <ldns/rr.h>
00030 #if LDNS_BUILD_CONFIG_HAVE_SSL
00031 #include <openssl/ssl.h>
00032 #include <openssl/err.h>
00033 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00034 
00035 #ifdef __cplusplus
00036 extern "C" {
00037 #endif
00038 
00042 enum ldns_enum_tlsa_certificate_usage
00043 {
00045         LDNS_TLSA_USAGE_CA_CONSTRAINT                   = 0,
00047         LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT  = 1,
00049         LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION          = 2,
00051         LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE       = 3
00052 };
00053 typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
00054 
00058 enum ldns_enum_tlsa_selector
00059 {
00064         LDNS_TLSA_SELECTOR_FULL_CERTIFICATE     = 0,
00065 
00070         LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
00071 };
00072 typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
00073 
00077 enum ldns_enum_tlsa_matching_type
00078 {
00080         LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED    = 0,
00082         LDNS_TLSA_MATCHING_TYPE_SHA256          = 1,
00084         LDNS_TLSA_MATCHING_TYPE_SHA512          = 2
00085 };
00086 typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
00087 
00091 enum ldns_enum_dane_transport
00092 {
00094         LDNS_DANE_TRANSPORT_TCP  = 0,
00096         LDNS_DANE_TRANSPORT_UDP  = 1,
00098         LDNS_DANE_TRANSPORT_SCTP = 2
00099 };
00100 typedef enum ldns_enum_dane_transport ldns_dane_transport;
00101 
00102 
00113 ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
00114                 const ldns_rdf* name, uint16_t port,
00115                 ldns_dane_transport transport);
00116 
00117 
00118 #if LDNS_BUILD_CONFIG_HAVE_SSL
00119 
00130 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
00131                 ldns_tlsa_selector      selector,
00132                 ldns_tlsa_matching_type matching_type);
00133 
00134 
00163 ldns_status ldns_dane_select_certificate(X509** selected_cert,
00164                 X509* cert, STACK_OF(X509)* extra_certs,
00165                 X509_STORE* pkix_validation_store,
00166                 ldns_tlsa_certificate_usage cert_usage, int index);
00167 
00181 ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
00182                 ldns_tlsa_certificate_usage certificate_usage,
00183                 ldns_tlsa_selector          selector,
00184                 ldns_tlsa_matching_type     matching_type,
00185                 X509* cert);
00186 
00210 ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
00211                 X509* cert, STACK_OF(X509)* extra_certs,
00212                 X509_STORE* pkix_validation_store);
00213 
00235 ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
00236                 X509* cert, STACK_OF(X509)* extra_certs,
00237                 X509_STORE* pkix_validation_store);
00238 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00239 
00240 #ifdef __cplusplus
00241 }
00242 #endif
00243 
00244 #endif /* LDNS_BUILD_CONFIG_USE_DANE */
00245 #endif /* LDNS_DANE_H */
00246