d4/d9c/tsig_8h_source.html

// Copyright (C) 2011-2024 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


// IMPORTANT: the server side of this code MUST NOT be used until

// it was fixed, cf RFC 8945. Note that Kea uses only the client side.


#ifndef TSIG_H

#define TSIG_H


#include <boost/noncopyable.hpp>

#include <boost/shared_ptr.hpp>


#include <exceptions/exceptions.h>


#include <dns/tsigerror.h>

#include <dns/tsigkey.h>

#include <dns/tsigrecord.h>


namespace isc {

namespace dns {


class TSIGContextError : public isc::Exception {

public:

    TSIGContextError(const char* file, size_t line, const char* what) :

        isc::Exception(file, line, what) {}

};


class TSIGContext : boost::noncopyable {

public:

    enum State {

        INIT,

        SENT_REQUEST,

        RECEIVED_REQUEST,

        SENT_RESPONSE,

        VERIFIED_RESPONSE

    };


    explicit TSIGContext(const TSIGKey& key);


    TSIGContext(const Name& key_name, const Name& algorithm_name,

                const TSIGKeyRing& keyring);


    virtual ~TSIGContext();


    virtual ConstTSIGRecordPtr

    sign(const uint16_t qid, const void* const data, const size_t data_len);


    virtual TSIGError

    verify(const TSIGRecord* const record, const void* const data, const size_t data_len);


    virtual bool lastHadSignature() const;


    virtual size_t getTSIGLength() const;


    virtual State getState() const;


    virtual TSIGError getError() const;


    static const uint16_t DEFAULT_FUDGE = 300;


protected:

    void update(const void* const data, size_t len);


private:

    struct TSIGContextImpl;

    boost::shared_ptr<TSIGContextImpl> impl_;

};


typedef boost::shared_ptr<TSIGContext> TSIGContextPtr;

typedef boost::shared_ptr<TSIGKey> TSIGKeyPtr;


}

}


#endif  // TSIG_H

isc::Exception
This is a base class for exceptions thrown from the DNS library module.
Definition: exceptions/exceptions.h:23

isc::Exception::what
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
Definition: exceptions/exceptions.cc:32

isc::dns::Exception
Definition: dns/exceptions.h:25

isc::dns::Name
The Name class encapsulates DNS names.
Definition: name.h:219

isc::dns::TSIGContextError
An exception that is thrown for logic errors identified in TSIG sign/verify operations.
Definition: tsig.h:31

isc::dns::TSIGContextError::TSIGContextError
TSIGContextError(const char *file, size_t line, const char *what)
Definition: tsig.h:33

isc::dns::TSIGContext
TSIG session context.
Definition: tsig.h:171

isc::dns::TSIGContext::State
State
Internal state of context.
Definition: tsig.h:181

isc::dns::TSIGContext::RECEIVED_REQUEST
@ RECEIVED_REQUEST
Server received a signed request.
Definition: tsig.h:184

isc::dns::TSIGContext::SENT_REQUEST
@ SENT_REQUEST
Client sent a signed request, waiting response.
Definition: tsig.h:183

isc::dns::TSIGContext::SENT_RESPONSE
@ SENT_RESPONSE
Server sent a signed response.
Definition: tsig.h:185

isc::dns::TSIGContext::VERIFIED_RESPONSE
@ VERIFIED_RESPONSE
Client successfully verified a response.
Definition: tsig.h:186

isc::dns::TSIGContext::INIT
@ INIT
Initial state.
Definition: tsig.h:182

isc::dns::TSIGContext::sign
virtual ConstTSIGRecordPtr sign(const uint16_t qid, const void *const data, const size_t data_len)
Sign a DNS message.
Definition: tsig.cc:336

isc::dns::TSIGContext::DEFAULT_FUDGE
static const uint16_t DEFAULT_FUDGE
The recommended fudge value (in seconds) by RFC2845.
Definition: tsig.h:414

isc::dns::TSIGContext::getError
virtual TSIGError getError() const
Return the TSIG error as a result of the latest verification.
Definition: tsig.cc:331

isc::dns::TSIGContext::getTSIGLength
virtual size_t getTSIGLength() const
Return the expected length of TSIG RR after sign()
Definition: tsig.cc:287

isc::dns::TSIGContext::~TSIGContext
virtual ~TSIGContext()
The destructor.
Definition: tsig.cc:283

isc::dns::TSIGContext::update
void update(const void *const data, size_t len)
Update internal HMAC state by more data.
Definition: tsig.cc:566

isc::dns::TSIGContext::verify
virtual TSIGError verify(const TSIGRecord *const record, const void *const data, const size_t data_len)
Verify a DNS message.
Definition: tsig.cc:419

isc::dns::TSIGContext::getState
virtual State getState() const
Return the current state of the context.
Definition: tsig.cc:326

isc::dns::TSIGContext::lastHadSignature
virtual bool lastHadSignature() const
Check whether the last verified message was signed.
Definition: tsig.cc:558

isc::dns::TSIGError
TSIG errors.
Definition: tsigerror.h:22

isc::dns::TSIGKeyRing
A simple repository of a set of TSIGKey objects.
Definition: tsigkey.h:245

isc::dns::TSIGKey
Definition: tsigkey.h:56

isc::dns::TSIGRecord
TSIG resource record.
Definition: tsigrecord.h:51

exceptions.h

isc::dns::TSIGContextPtr
boost::shared_ptr< TSIGContext > TSIGContextPtr
Definition: tsig.h:435

isc::dns::ConstTSIGRecordPtr
boost::shared_ptr< const TSIGRecord > ConstTSIGRecordPtr
A pointer-like type pointing to an immutable TSIGRecord object.
Definition: tsigrecord.h:283

isc::dns::TSIGKeyPtr
boost::shared_ptr< TSIGKey > TSIGKeyPtr
Definition: tsig.h:436

isc
Defines the logger used by the top-level component of kea-lfc.
Definition: agent_parser.cc:148

isc::dns::TSIGContext::TSIGContextImpl
Definition: tsig.cc:51

tsigerror.h

tsigkey.h

tsigrecord.h