Struct TSIG 

pub struct TSIG { /* private fields */ }

RFC 8945, Secret Key Transaction Authentication for DNS

  4.2.  TSIG Record Format

  The fields of the TSIG RR are described below.  All multi-octet
  integers in the record are sent in network byte order (see
  Section 2.3.2 of [RFC1035]).

  NAME:  The name of the key used, in domain name syntax.  The name
     should reflect the names of the hosts and uniquely identify the
     key among a set of keys these two hosts may share at any given
     time.  For example, if hosts A.site.example and B.example.net
     share a key, possibilities for the key name include
     <id>.A.site.example, <id>.B.example.net, and
     <id>.A.site.example.B.example.net.  It should be possible for more
     than one key to be in simultaneous use among a set of interacting
     hosts.  This allows for periodic key rotation as per best
     operational practices, as well as algorithm agility as indicated
     by [RFC7696].

     The name may be used as a local index to the key involved, but it
     is recommended that it be globally unique.  Where a key is just
     shared between two hosts, its name actually need only be
     meaningful to them, but it is recommended that the key name be
     mnemonic and incorporate the names of participating agents or
     resources as suggested above.

  TYPE:  This MUST be TSIG (250: Transaction SIGnature).

  CLASS:  This MUST be ANY.

  TTL:  This MUST be 0.

  RDLENGTH:  (variable)

  RDATA:  The RDATA for a TSIG RR consists of a number of fields,
     described below:

                           1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      /                         Algorithm Name                        /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      |          Time Signed          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                               |            Fudge              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          MAC Size             |                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+             MAC               /
      /                                                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Original ID          |            Error              |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |          Other Len            |                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+           Other Data          /
      /                                                               /
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

  The contents of the RDATA fields are:

  Algorithm Name:
     an octet sequence identifying the TSIG algorithm in the domain
     name syntax.  (Allowed names are listed in Table 3.)  The name is
     stored in the DNS name wire format as described in [RFC1034].  As
     per [RFC3597], this name MUST NOT be compressed.

  Time Signed:
     an unsigned 48-bit integer containing the time the message was
     signed as seconds since 00:00 on 1970-01-01 UTC, ignoring leap
     seconds.

  Fudge:
     an unsigned 16-bit integer specifying the allowed time difference
     in seconds permitted in the Time Signed field.

  MAC Size:
     an unsigned 16-bit integer giving the length of the MAC field in
     octets.  Truncation is indicated by a MAC Size less than the size
     of the keyed hash produced by the algorithm specified by the
     Algorithm Name.

  MAC:
     a sequence of octets whose contents are defined by the TSIG
     algorithm used, possibly truncated as specified by the MAC Size.
     The length of this field is given by the MAC Size.  Calculation of
     the MAC is detailed in Section 4.3.

  Original ID:
     an unsigned 16-bit integer holding the message ID of the original
     request message.  For a TSIG RR on a request, it is set equal to
     the DNS message ID.  In a TSIG attached to a response -- or in
     cases such as the forwarding of a dynamic update request -- the
     field contains the ID of the original DNS request.

  Error:
     in responses, an unsigned 16-bit integer containing the extended
     RCODE covering TSIG processing.  In requests, this MUST be zero.

  Other Len:
     an unsigned 16-bit integer specifying the length of the Other Data
     field in octets.

  Other Data:
     additional data relevant to the TSIG record.  In responses, this
     will be empty (i.e., Other Len will be zero) unless the content of
     the Error field is BADTIME, in which case it will be a 48-bit
     unsigned integer containing the server's current time as the
     number of seconds since 00:00 on 1970-01-01 UTC, ignoring leap
     seconds (see Section 5.2.3).  This document assigns no meaning to
     its contents in requests.

Implementations

impl TSIG

pub fn new( algorithm: TsigAlgorithm, time: u64, fudge: u16, mac: Vec<u8>, oid: u16, error: Option<TsigError>, other: Vec<u8>, ) -> TSIG

Constructs a new TSIG

RFC 8945, Secret Key Transaction Authentication for DNS

4.1.  TSIG RR Type

  To provide secret key authentication, we use an RR type whose
  mnemonic is TSIG and whose type code is 250.  TSIG is a meta-RR and
  MUST NOT be cached.  TSIG RRs are used for authentication between DNS
  entities that have established a shared secret key.  TSIG RRs are
  dynamically computed to cover a particular DNS transaction and are
  not DNS RRs in the usual sense.

  As the TSIG RRs are related to one DNS request/response, there is no
  value in storing or retransmitting them; thus, the TSIG RR is
  discarded once it has been used to authenticate a DNS message.

pub fn mac(&self) -> &[u8]

Returns the Mac in this TSIG

pub fn time(&self) -> u64

Returns the time this TSIG was generated at

pub fn fudge(&self) -> u16

Returns the max delta from time for remote to accept the signature

pub fn algorithm(&self) -> &TsigAlgorithm

Returns the algorithm used for the authentication code

pub fn error(&self) -> &Option<TsigError>

Returns the TSIG error RCODE

This is separate from the top-level error RCODE of a response See https://www.rfc-editor.org/rfc/rfc8945.html#section-3

pub fn set_error(&mut self, error: TsigError)

Set the TSIG error RCODE

This is separate from the top-level error RCODE of a response See https://www.rfc-editor.org/rfc/rfc8945.html#section-3

pub fn emit_tsig_for_mac( &self, encoder: &mut BinEncoder<'_>, key_name: &Name, ) -> Result<(), ProtoError>

Emit TSIG RR and RDATA as used for computing MAC

4.3.3.  TSIG Variables

   Also included in the digest is certain information present in the
   TSIG RR.  Adding this data provides further protection against an
   attempt to interfere with the message.

   +============+================+====================================+
   | Source     | Field Name     | Notes                              |
   +============+================+====================================+
   | TSIG RR    | NAME           | Key name, in canonical wire format |
   +------------+----------------+------------------------------------+
   | TSIG RR    | CLASS          | MUST be ANY                        |
   +------------+----------------+------------------------------------+
   | TSIG RR    | TTL            | MUST be 0                          |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Algorithm Name | in canonical wire format           |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Time Signed    | in network byte order              |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Fudge          | in network byte order              |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Error          | in network byte order              |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Other Len      | in network byte order              |
   +------------+----------------+------------------------------------+
   | TSIG RDATA | Other Data     | exactly as transmitted             |
   +------------+----------------+------------------------------------+

pub fn set_mac(self, mac: Vec<u8>) -> TSIG

Add actual MAC value to existing TSIG record data.

Arguments

• mac - mac to be stored in this record.

Trait Implementations

impl BinEncodable for TSIG

fn emit(&self, encoder: &mut BinEncoder<'_>) -> Result<(), ProtoError>

Write the RData from the given Encoder

                      1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 /                         Algorithm Name                        /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                                                               |
 |          Time Signed          +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |                               |            Fudge              |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |          MAC Size             |                               /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+             MAC               /
 /                                                               /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |          Original ID          |            Error              |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 |          Other Len            |                               /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+           Other Data          /
 /                                                               /
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

fn to_bytes(&self) -> Result<Vec<u8>, ProtoError>

Returns the object in binary form

impl Clone for TSIG

fn clone(&self) -> TSIG

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for TSIG

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for TSIG

fn deserialize<__D>( __deserializer: __D, ) -> Result<TSIG, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for TSIG

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl Hash for TSIG

fn hash<__H>(&self, state: &mut __H)

where __H: Hasher,

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for TSIG

fn eq(&self, other: &TSIG) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl RecordData for TSIG

fn try_borrow(data: &RData) -> Option<&TSIG>

Attempts to borrow this RecordData from the RData type, if it is not the correct type the original is returned

fn record_type(&self) -> RecordType

Get the associated RecordType for the RecordData

fn into_rdata(self) -> RData

Converts this RecordData into generic RecordData

fn is_update(&self) -> bool

RDLENGTH = 0

impl Serialize for TSIG

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for TSIG

impl StructuralPartialEq for TSIG