Kea  1.5.0
tsig.h
Go to the documentation of this file.
1 // Copyright (C) 2011-2015,2017 Internet Systems Consortium, Inc. ("ISC")
2 //
3 // This Source Code Form is subject to the terms of the Mozilla Public
4 // License, v. 2.0. If a copy of the MPL was not distributed with this
5 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 
7 // IMPORTANT: the server side of this code MUST NOT be used until
8 // it was fixed, cf draft-dupont-dnsop-rfc2845bis-00.txt
9 // Note that Kea uses only the client side.
10 
11 #ifndef TSIG_H
12 #define TSIG_H 1
13 
14 #include <boost/noncopyable.hpp>
15 #include <boost/shared_ptr.hpp>
16 
17 #include <exceptions/exceptions.h>
18 
19 #include <dns/tsigerror.h>
20 #include <dns/tsigkey.h>
21 #include <dns/tsigrecord.h>
22 
23 namespace isc {
24 namespace dns {
25 
32 class TSIGContextError : public isc::Exception {
33 public:
34  TSIGContextError(const char* file, size_t line, const char* what) :
35  isc::Exception(file, line, what) {}
36 };
37 
172 class TSIGContext : boost::noncopyable {
173 public:
182  enum State {
183  INIT,
184  SENT_REQUEST,
185  RECEIVED_REQUEST,
186  SENT_RESPONSE,
187  VERIFIED_RESPONSE
188  };
189 
192 
193  explicit TSIGContext(const TSIGKey& key);
199 
201  TSIGContext(const Name& key_name, const Name& algorithm_name,
202  const TSIGKeyRing& keyring);
203 
205  ~TSIGContext();
207 
264  ConstTSIGRecordPtr sign(const uint16_t qid, const void* const data,
265  const size_t data_len);
266 
354  TSIGError verify(const TSIGRecord* const record, const void* const data,
355  const size_t data_len);
356 
368  bool lastHadSignature() const;
369 
389  size_t getTSIGLength() const;
390 
398  State getState() const;
399 
406  TSIGError getError() const;
407 
410 
411  static const uint16_t DEFAULT_FUDGE = 300;
417 
418 protected:
429  void update(const void* const data, size_t len);
430 
431 private:
432  struct TSIGContextImpl;
433  TSIGContextImpl* impl_;
434 };
435 
436 typedef boost::shared_ptr<TSIGContext> TSIGContextPtr;
437 typedef boost::shared_ptr<TSIGKey> TSIGKeyPtr;
438 
439 }
440 }
441 
442 #endif // TSIG_H
443 
444 // Local Variables:
445 // mode: c++
446 // End:
isc::dns::TSIGContext::update
void update(const void *const data, size_t len)
Update internal HMAC state by more data.
Definition: tsig.cc:576
tsigerror.h
isc::dns::TSIGKeyPtr
boost::shared_ptr< TSIGKey > TSIGKeyPtr
Definition: tsig.h:437
isc::dns::TSIGContext::lastHadSignature
bool lastHadSignature() const
Check whether the last verified message was signed.
Definition: tsig.cc:568
isc::dns::TSIGContext::INIT
@ INIT
Initial state.
Definition: tsig.h:183
isc::dns::TSIGContext::~TSIGContext
~TSIGContext()
The destructor.
Definition: tsig.cc:290
isc::dns::TSIGContext::TSIGContext
TSIGContext(const TSIGKey &key)
Constructor from a TSIG key.
Definition: tsig.cc:269
isc::dns::TSIGKey
TSIG key.
Definition: tsigkey.h:56
isc::dns::TSIGContext::VERIFIED_RESPONSE
@ VERIFIED_RESPONSE
Client successfully verified a response.
Definition: tsig.h:187
isc::Exception
This is a base class for exceptions thrown from the DNS library module.
Definition: exceptions/exceptions.h:23
isc::dns::TSIGError
TSIG errors.
Definition: tsigerror.h:22
isc::dns::TSIGContext::getError
TSIGError getError() const
Return the TSIG error as a result of the latest verification.
Definition: tsig.cc:339
isc
Defines the logger used by the top-level component of kea-dhcp-ddns.
Definition: agent_parser.cc:144
isc::dns::TSIGRecord
TSIG resource record.
Definition: tsigrecord.h:54
isc::Exception::what
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
Definition: exceptions/exceptions.cc:32
isc::dns::TSIGContext::getTSIGLength
size_t getTSIGLength() const
Return the expected length of TSIG RR after sign()
Definition: tsig.cc:295
isc::dns::TSIGContext::SENT_RESPONSE
@ SENT_RESPONSE
Server sent a signed response.
Definition: tsig.h:186
isc::dns::TSIGContext::sign
ConstTSIGRecordPtr sign(const uint16_t qid, const void *const data, const size_t data_len)
Sign a DNS message.
Definition: tsig.cc:344
isc::dns::Name
The Name class encapsulates DNS names.
Definition: name.h:223
isc::dns::TSIGContext::DEFAULT_FUDGE
static const uint16_t DEFAULT_FUDGE
The recommended fudge value (in seconds) by RFC2845.
Definition: tsig.h:415
isc::dns::Exception
Definition: dns/exceptions.h:25
tsigkey.h
isc::dns::ConstTSIGRecordPtr
boost::shared_ptr< const TSIGRecord > ConstTSIGRecordPtr
A pointer-like type pointing to an immutable TSIGRecord object.
Definition: tsigrecord.h:280
isc::dns::TSIGContext::SENT_REQUEST
@ SENT_REQUEST
Client sent a signed request, waiting response.
Definition: tsig.h:184
tsigrecord.h
exceptions.h
isc::dns::TSIGContextPtr
boost::shared_ptr< TSIGContext > TSIGContextPtr
Definition: tsig.h:436
isc::dns::TSIGContext::verify
TSIGError verify(const TSIGRecord *const record, const void *const data, const size_t data_len)
Verify a DNS message.
Definition: tsig.cc:428
isc::dns::TSIGContextError
An exception that is thrown for logic errors identified in TSIG sign/verify operations.
Definition: tsig.h:32
isc::dns::TSIGContext::State
State
Internal state of context.
Definition: tsig.h:182
isc::dns::TSIGContextError::TSIGContextError
TSIGContextError(const char *file, size_t line, const char *what)
Definition: tsig.h:34
isc::dns::TSIGContext::getState
State getState() const
Return the current state of the context.
Definition: tsig.cc:334
isc::dns::TSIGContext
TSIG session context.
Definition: tsig.h:172
isc::dns::TSIGContext::RECEIVED_REQUEST
@ RECEIVED_REQUEST
Server received a signed request.
Definition: tsig.h:185
isc::dns::TSIGKeyRing
A simple repository of a set of TSIGKey objects.
Definition: tsigkey.h:245