pub struct TSigner(/* private fields */);
dnssec
only.Expand description
Struct to pass to a client for it to authenticate requests using TSIG.
Implementations§
source§impl TSigner
impl TSigner
sourcepub fn new(
key: Vec<u8>,
algorithm: TsigAlgorithm,
signer_name: Name,
fudge: u16,
) -> ProtoResult<Self>
pub fn new( key: Vec<u8>, algorithm: TsigAlgorithm, signer_name: Name, fudge: u16, ) -> ProtoResult<Self>
Create a new Tsigner from its parts
§Arguments
key
- cryptographic key used to authenticate exchangesalgorithm
- algorithm used to authenticate exchangessigner_name
- name of the key. Must match the name known to the serverfudge
- maximum difference between client and server time, in seconds, see fudge for details
sourcepub fn algorithm(&self) -> &TsigAlgorithm
pub fn algorithm(&self) -> &TsigAlgorithm
Return the algorithm used for message authentication
sourcepub fn signer_name(&self) -> &Name
pub fn signer_name(&self) -> &Name
Name of the key used by this signer
sourcepub fn fudge(&self) -> u16
pub fn fudge(&self) -> u16
Maximum time difference between client time when issuing a message, and server time when receiving it, in second. If time is out, the server will consider the request invalid. Longer values means more room for replay by an attacker. A few minutes are usually a good value.
sourcepub fn sign_message(
&self,
message: &Message,
pre_tsig: &TSIG,
) -> ProtoResult<Vec<u8>>
pub fn sign_message( &self, message: &Message, pre_tsig: &TSIG, ) -> ProtoResult<Vec<u8>>
Compute authentication tag for a message
sourcepub fn verify(&self, tbv: &[u8], tag: &[u8]) -> ProtoResult<()>
pub fn verify(&self, tbv: &[u8], tag: &[u8]) -> ProtoResult<()>
Verify hmac in constant time to prevent timing attacks
sourcepub fn verify_message_byte(
&self,
previous_hash: Option<&[u8]>,
message: &[u8],
first_message: bool,
) -> ProtoResult<(Vec<u8>, Range<u64>, u64)>
pub fn verify_message_byte( &self, previous_hash: Option<&[u8]>, message: &[u8], first_message: bool, ) -> ProtoResult<(Vec<u8>, Range<u64>, u64)>
Verify the message is correctly signed This does not perform time verification on its own, instead one should verify current time lie in returned Range
§Arguments
previous_hash
- Hash of the last message received before this one, or of the query for the first messagemessage
- byte buffer containing current messagefirst_message
- is this the first response message
§Returns
Return Ok(_) on valid signature. Inner tuple contain the following values, in order:
- a byte buffer containing the hash of this message. Need to be passed back when authenticating next message
- a Range of time that is acceptable
- the time the signature was emitted. It must be greater or equal to the time of previous messages, if any
Trait Implementations§
source§impl MessageFinalizer for TSigner
impl MessageFinalizer for TSigner
source§fn finalize_message(
&self,
message: &Message,
current_time: u32,
) -> ProtoResult<(Vec<Record>, Option<MessageVerifier>)>
fn finalize_message( &self, message: &Message, current_time: u32, ) -> ProtoResult<(Vec<Record>, Option<MessageVerifier>)>
source§fn should_finalize_message(&self, message: &Message) -> bool
fn should_finalize_message(&self, message: &Message) -> bool
Auto Trait Implementations§
impl Freeze for TSigner
impl RefUnwindSafe for TSigner
impl Send for TSigner
impl Sync for TSigner
impl Unpin for TSigner
impl UnwindSafe for TSigner
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)