hickory_proto::rr::dnssec::tsig

Struct TSigner

Source 
pub struct TSigner(/* private fields */);
Available on crate feature dnssec only.
Expand description

Struct to pass to a client for it to authenticate requests using TSIG.

Implementations§

Source§

impl TSigner

Source

pub fn new( key: Vec<u8>, algorithm: TsigAlgorithm, signer_name: Name, fudge: u16, ) -> Result<Self, ProtoError>

Create a new Tsigner from its parts

§Arguments
  • key - cryptographic key used to authenticate exchanges
  • algorithm - algorithm used to authenticate exchanges
  • signer_name - name of the key. Must match the name known to the server
  • fudge - maximum difference between client and server time, in seconds, see fudge for details
Source

pub fn key(&self) -> &[u8]

Return the key used for message authentication

Source

pub fn algorithm(&self) -> &TsigAlgorithm

Return the algorithm used for message authentication

Source

pub fn signer_name(&self) -> &Name

Name of the key used by this signer

Source

pub fn fudge(&self) -> u16

Maximum time difference between client time when issuing a message, and server time when receiving it, in second. If time is out, the server will consider the request invalid. Longer values means more room for replay by an attacker. A few minutes are usually a good value.

Source

pub fn sign(&self, tbs: &[u8]) -> Result<Vec<u8>, ProtoError>

Compute authentication tag for a buffer

Source

pub fn sign_message( &self, message: &Message, pre_tsig: &TSIG, ) -> Result<Vec<u8>, ProtoError>

Compute authentication tag for a message

Source

pub fn verify(&self, tbv: &[u8], tag: &[u8]) -> Result<(), ProtoError>

Verify hmac in constant time to prevent timing attacks

Source

pub fn verify_message_byte( &self, previous_hash: Option<&[u8]>, message: &[u8], first_message: bool, ) -> Result<(Vec<u8>, Range<u64>, u64), ProtoError>

Verify the message is correctly signed This does not perform time verification on its own, instead one should verify current time lie in returned Range

§Arguments
  • previous_hash - Hash of the last message received before this one, or of the query for the first message
  • message - byte buffer containing current message
  • first_message - is this the first response message
§Returns

Return Ok(_) on valid signature. Inner tuple contain the following values, in order:

  • a byte buffer containing the hash of this message. Need to be passed back when authenticating next message
  • a Range of time that is acceptable
  • the time the signature was emitted. It must be greater or equal to the time of previous messages, if any

Trait Implementations§

Source§

impl Clone for TSigner

Source§

fn clone(&self) -> TSigner

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl MessageFinalizer for TSigner

Source§

fn finalize_message( &self, message: &Message, current_time: u32, ) -> Result<(Vec<Record>, Option<MessageVerifier>), ProtoError>

The message taken in should be processed and then return Records which should be appended to the additional section of the message. Read more
Source§

fn should_finalize_message(&self, message: &Message) -> bool

Return whether the message requires further processing before being sent By default, returns true for AXFR and IXFR queries, and Update and Notify messages

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T