Kea 2.6.0
tsig.h
Go to the documentation of this file.
1// Copyright (C) 2011-2024 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7// IMPORTANT: the server side of this code MUST NOT be used until
8// it was fixed, cf RFC 8945. Note that Kea uses only the client side.
9
10#ifndef TSIG_H
11#define TSIG_H
12
13#include <boost/noncopyable.hpp>
14#include <boost/shared_ptr.hpp>
15
17
18#include <dns/tsigerror.h>
19#include <dns/tsigkey.h>
20#include <dns/tsigrecord.h>
21
22namespace isc {
23namespace dns {
24
32public:
33 TSIGContextError(const char* file, size_t line, const char* what) :
34 isc::Exception(file, line, what) {}
35};
36
171class TSIGContext : boost::noncopyable {
172public:
181 enum State {
187 };
188
191
192
197 explicit TSIGContext(const TSIGKey& key);
198
200 TSIGContext(const Name& key_name, const Name& algorithm_name,
201 const TSIGKeyRing& keyring);
202
204 virtual ~TSIGContext();
206
263 virtual ConstTSIGRecordPtr
264 sign(const uint16_t qid, const void* const data, const size_t data_len);
265
353 virtual TSIGError
354 verify(const TSIGRecord* const record, const void* const data, const size_t data_len);
355
367 virtual bool lastHadSignature() const;
368
388 virtual size_t getTSIGLength() const;
389
397 virtual State getState() const;
398
405 virtual TSIGError getError() const;
406
409
410
414 static const uint16_t DEFAULT_FUDGE = 300;
416
417protected:
428 void update(const void* const data, size_t len);
429
430private:
431 struct TSIGContextImpl;
432 boost::shared_ptr<TSIGContextImpl> impl_;
433};
434
435typedef boost::shared_ptr<TSIGContext> TSIGContextPtr;
436typedef boost::shared_ptr<TSIGKey> TSIGKeyPtr;
437
438}
439}
440
441#endif // TSIG_H
This is a base class for exceptions thrown from the DNS library module.
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
The Name class encapsulates DNS names.
Definition: name.h:219
An exception that is thrown for logic errors identified in TSIG sign/verify operations.
Definition: tsig.h:31
TSIGContextError(const char *file, size_t line, const char *what)
Definition: tsig.h:33
TSIG session context.
Definition: tsig.h:171
State
Internal state of context.
Definition: tsig.h:181
@ RECEIVED_REQUEST
Server received a signed request.
Definition: tsig.h:184
@ SENT_REQUEST
Client sent a signed request, waiting response.
Definition: tsig.h:183
@ SENT_RESPONSE
Server sent a signed response.
Definition: tsig.h:185
@ VERIFIED_RESPONSE
Client successfully verified a response.
Definition: tsig.h:186
@ INIT
Initial state.
Definition: tsig.h:182
virtual ConstTSIGRecordPtr sign(const uint16_t qid, const void *const data, const size_t data_len)
Sign a DNS message.
Definition: tsig.cc:336
static const uint16_t DEFAULT_FUDGE
The recommended fudge value (in seconds) by RFC2845.
Definition: tsig.h:414
virtual TSIGError getError() const
Return the TSIG error as a result of the latest verification.
Definition: tsig.cc:331
virtual size_t getTSIGLength() const
Return the expected length of TSIG RR after sign()
Definition: tsig.cc:287
virtual ~TSIGContext()
The destructor.
Definition: tsig.cc:283
void update(const void *const data, size_t len)
Update internal HMAC state by more data.
Definition: tsig.cc:566
virtual TSIGError verify(const TSIGRecord *const record, const void *const data, const size_t data_len)
Verify a DNS message.
Definition: tsig.cc:419
virtual State getState() const
Return the current state of the context.
Definition: tsig.cc:326
virtual bool lastHadSignature() const
Check whether the last verified message was signed.
Definition: tsig.cc:558
TSIG errors.
Definition: tsigerror.h:22
A simple repository of a set of TSIGKey objects.
Definition: tsigkey.h:245
TSIG key.
Definition: tsigkey.h:56
TSIG resource record.
Definition: tsigrecord.h:51
boost::shared_ptr< TSIGContext > TSIGContextPtr
Definition: tsig.h:435
boost::shared_ptr< const TSIGRecord > ConstTSIGRecordPtr
A pointer-like type pointing to an immutable TSIGRecord object.
Definition: tsigrecord.h:283
boost::shared_ptr< TSIGKey > TSIGKeyPtr
Definition: tsig.h:436
Defines the logger used by the top-level component of kea-lfc.