BIND 10 #781: Define cryptographic API
BIND 10 Development
do-not-reply at isc.org
Thu Apr 14 14:23:29 UTC 2011
#781: Define cryptographic API
-------------------------------------+-------------------------------------
Reporter: stephen | Owner: jinmei
Type: task | Status: assigned
Priority: blocker | Milestone:
Component: | Sprint-20110419
Unclassified | Resolution:
Keywords: | Sensitive: 0
Estimated Number of Hours: 6.0 | Add Hours to Ticket: 0
Billable?: 1 | Total Hours: 0
Internal?: 0 |
-------------------------------------+-------------------------------------
Changes (by jelte):
* owner: jelte => jinmei
* status: accepted => assigned
Comment:
I've added an HMAC class, which can be used with the classic 'create,
update-update-update, finalize' method. I did leave in the 'old'
functions, which are now convenience functions to do the above in one
line, should the caller have a fixed set of data.
I changed inputs to be of void*+length for the data-to-be-signed, and for
the signature-to-verify.
I did leave the sign() output argument to be of class OutputBuffer, which
is the most convenient for callers that don't want to care about the size
of the output; if it turns out we want a version that can take a bare
pointer and expected length, we should be able to easily add them.
I also left in the TSIGKey use for now; It kind of depends on which way we
want the dependency to be (crypto dependent on dns, dns dependent on
crypto, both together in one lib, or fully independent, but then we need a
'common' way to refer to algorithms, like agreed-upon strings, which seems
potentially brittle)
Please have another look
--
Ticket URL: <http://bind10.isc.org/ticket/781#comment:14>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list