Skip to content

Commit

Permalink
Doc: Added more information about the considered RFCs on the TSIG code
Browse files Browse the repository at this point in the history
  • Loading branch information
EstudianteGenerico047 committed Jul 5, 2024
1 parent 5f751a5 commit 359d4f9
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/tsig.rs
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ fn set_tsig_rd(query_msg: &DnsMessage, name: String, original_id: u16, result: M

return tsig_rd;
}

//This function responds to RFC 8945, section 5.1
#[doc = r"This function creates the signature of a DnsMessage with a key in bytes and the algName that will be used to encrypt the key."]
pub fn sign_tsig(query_msg: &mut DnsMessage, key: &[u8], alg_name: TsigAlgorithm, fudge: u16, time_signed: u64) -> Vec<u8> {
let mut tsig_rd: TSigRdata = TSigRdata::new();
Expand Down Expand Up @@ -97,6 +97,7 @@ pub fn sign_tsig(query_msg: &mut DnsMessage, key: &[u8], alg_name: TsigAlgorithm
return signature;
}

// RFC 5.2.1
//Revisa si el nombre de la llave es correcto
fn check_key(key_in_rr:String, key_name:String)-> bool {
key_in_rr.eq(&key_name)
Expand All @@ -114,7 +115,7 @@ fn check_alg_name(alg_name:&String, alg_list: Vec<(String,bool)>) -> bool{
}
return answer
}

//RFC 8945 5.2.2: MAC check and error handling
//Verifica que los mac sean iguales
fn check_mac(new_mac: Vec<u8>, mac: Vec<u8>) -> bool{
if mac.len()!=new_mac.len(){
Expand Down Expand Up @@ -228,6 +229,7 @@ pub fn process_tsig(msg: &DnsMessage,key:&[u8], key_name: String, time: u64, av
return (false, TsigErrorCode::BADSIG)
}
//let mytime = SystemTime::now().duration_since(UNIX_EPOCH).expect("no debería fallar el tiempo");
//RFC 8945 5.2.3
let cond3 = check_time_values(time, fudge, time_signed);
if !cond3 {
println!("RCODE 9: NOAUTH\n TSIG ERROR 18: BADTIME");
Expand Down

0 comments on commit 359d4f9

Please sign in to comment.