BIND 10 #781: Define cryptographic API
BIND 10 Development
do-not-reply at isc.org
Tue Apr 12 07:28:07 UTC 2011
#781: Define cryptographic API
-------------------------------------+-------------------------------------
Reporter: stephen | Owner: UnAssigned
Type: task | Status: reviewing
Priority: blocker | Milestone:
Component: | Sprint-20110419
Unclassified | Resolution:
Keywords: | Sensitive: 0
Estimated Number of Hours: 6.0 | Add Hours to Ticket: 0
Billable?: 1 | Total Hours: 0
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by jelte):
* owner: jelte => UnAssigned
* status: assigned => reviewing
Comment:
For TSIG support, we only need HMAC sign and verify calls. So what I did
for this ticket was create a libcrypto.so, which right now only has the
functions signHMAC() and verifyHMAC() with botan as a backend and no
dynamic loading (which we'll need for pkcs#11) or fancy initialization. So
it's merely two functions, and not a 'full' api yet (following the
methodology of not adding code we don't use yet).
I've added a lot of tests for the three algorithms we support right now
(hmac-md5, hmac-sha1 and hmac-sha256), taken from two rfcs.
The TSIGKey in libdns++ can now be constructed from a string
(<name>:<secret>[:algorithm]), and has a toText() which returns
name:secret:algorithm.
--
Ticket URL: <http://bind10.isc.org/ticket/781#comment:6>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list