diff options
| author | Marek Vavruša <marek.vavrusa@nic.cz> | 2015-12-09 23:52:09 +0100 |
|---|---|---|
| committer | Marek Vavruša <marek.vavrusa@nic.cz> | 2015-12-10 00:43:02 +0100 |
| commit | e0fe89e57a86872cc5be89d43449745b964d5ba9 (patch) | |
| tree | 568df8a7a44c2ccbe39f66a7f7619b47b21e4576 /lib/dnssec.h | |
| parent | contrib: compile to convenience static library (diff) | |
| download | knot-resolver-e0fe89e57a86872cc5be89d43449745b964d5ba9.tar.xz knot-resolver-e0fe89e57a86872cc5be89d43449745b964d5ba9.zip | |
build: library able to compile to both static/dynamic versioned libs
* PIE,RELRO+NOW and other security features enabled
* support for both static/dynamic builds with BUILDMODE
* dynamic library is ABI-versioned, starting at 1
* pkg-config file is installed
Diffstat (limited to 'lib/dnssec.h')
| -rw-r--r-- | lib/dnssec.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/dnssec.h b/lib/dnssec.h index 7679f730..82ea7bcc 100644 --- a/lib/dnssec.h +++ b/lib/dnssec.h @@ -16,23 +16,27 @@ #pragma once +#include "lib/defines.h" #include <libknot/internal/consts.h> #include <libknot/packet/pkt.h> /** * Initialise cryptographic back-end. */ +KR_EXPORT void kr_crypto_init(void); /** * De-initialise cryptographic back-end. */ +KR_EXPORT void kr_crypto_cleanup(void); /** * Re-initialise cryptographic back-end. * @note Must be called after fork() in the child. */ +KR_EXPORT void kr_crypto_reinit(void); /** Opaque DNSSEC key pointer. */ @@ -89,12 +93,15 @@ int kr_dnskeys_trusted(const knot_pkt_t *pkt, knot_section_t section_id, const k bool has_nsec3); /** Return true if the DNSKEY can be used as a ZSK. */ +KR_EXPORT KR_PURE bool kr_dnssec_key_zsk(const uint8_t *dnskey_rdata); /** Return true if the DNSKEY indicates being KSK (=> has SEP). */ +KR_EXPORT KR_PURE bool kr_dnssec_key_ksk(const uint8_t *dnskey_rdata); /** Return true if the DNSKEY is revoked. */ +KR_EXPORT KR_PURE bool kr_dnssec_key_revoked(const uint8_t *dnskey_rdata); /** Return DNSKEY tag. @@ -103,6 +110,7 @@ bool kr_dnssec_key_revoked(const uint8_t *dnskey_rdata); * @param rdlen RDATA length. * @return Key tag (positive number), or an error code */ +KR_EXPORT KR_PURE int kr_dnssec_key_tag(uint16_t rrtype, const uint8_t *rdata, size_t rdlen); /** Return 0 if the two keys are identical. @@ -113,6 +121,7 @@ int kr_dnssec_key_tag(uint16_t rrtype, const uint8_t *rdata, size_t rdlen); * @param key_b_rdlen Second key RDATA length * @return 0 if they match or an error code */ +KR_EXPORT KR_PURE int kr_dnssec_key_match(const uint8_t *key_a_rdata, size_t key_a_rdlen, const uint8_t *key_b_rdata, size_t key_b_rdlen); |