diff options
Diffstat (limited to 'net/base/dnssec_keyset.h')
| -rw-r--r-- | net/base/dnssec_keyset.h | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/net/base/dnssec_keyset.h b/net/base/dnssec_keyset.h new file mode 100644 index 0000000..7a44916 --- /dev/null +++ b/net/base/dnssec_keyset.h @@ -0,0 +1,61 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_BASE_DNSSEC_KEYSET_H_ +#define NET_BASE_DNSSEC_KEYSET_H_ + +#include <string> +#include <vector> + +#include "base/string_piece.h" + +namespace net { + +// DNSSECKeySet function wraps base/crypto/signature_verifier.h to accept +// DNSSEC encodings. (See RFC 4043) +class DNSSECKeySet { + public: + DNSSECKeySet(); + + // AddKey adds a key to the trusted set. + // dnskey: the RRDATA of a DNSKEY. + bool AddKey(const base::StringPiece& dnskey); + + // CheckSignature checks the DNSSEC signature on set of resource records. + // name: the domain that the records are from + // zone: the signing zone + // signature: the RRSIG signature, not include the signing zone. + // rrtype: the type of the resource records + // rrdatas: the RRDATA of the signed resource records, in canonical order. + bool CheckSignature(const base::StringPiece& name, + const base::StringPiece& zone, + const base::StringPiece& signature, + uint16 rrtype, + const std::vector<base::StringPiece>& rrdatas); + + // DNSKEYToKeyID converts the RRDATA of a DNSKEY to its key id. See RFC 4043, + // app B. + static uint16 DNSKEYToKeyID(const base::StringPiece& dnskey); + + // Used for testing: the timestamps on signatures will be ignored to allow + // golden data to remain valid. + void IgnoreTimestamps(); + + private: + bool VerifySignature( + base::StringPiece signature_algorithm, + base::StringPiece signature, + base::StringPiece public_key, + base::StringPiece signed_data); + + std::string ASN1WrapDNSKEY(const base::StringPiece& dnskey); + + bool ignore_timestamps_; + std::vector<uint16> keyids_; + std::vector<std::string> public_keys_; +}; + +} // namespace net + +#endif // NET_BASE_DNSSEC_KEYSET_H_ |