diff --git a/src/tsig.rs b/src/tsig.rs index f76c2e0e..d0470a58 100644 --- a/src/tsig.rs +++ b/src/tsig.rs @@ -51,7 +51,7 @@ fn set_tsig_rd(query_msg: &DnsMessage, name: String, original_id: u16, result: M return tsig_rd; } - +//This function responds to RFC 8945, section 5.1 #[doc = r"This function creates the signature of a DnsMessage with a key in bytes and the algName that will be used to encrypt the key."] pub fn sign_tsig(query_msg: &mut DnsMessage, key: &[u8], alg_name: TsigAlgorithm, fudge: u16, time_signed: u64) -> Vec { let mut tsig_rd: TSigRdata = TSigRdata::new(); @@ -97,6 +97,7 @@ pub fn sign_tsig(query_msg: &mut DnsMessage, key: &[u8], alg_name: TsigAlgorithm return signature; } +// RFC 5.2.1 //Revisa si el nombre de la llave es correcto fn check_key(key_in_rr:String, key_name:String)-> bool { key_in_rr.eq(&key_name) @@ -114,7 +115,7 @@ fn check_alg_name(alg_name:&String, alg_list: Vec<(String,bool)>) -> bool{ } return answer } - +//RFC 8945 5.2.2: MAC check and error handling //Verifica que los mac sean iguales fn check_mac(new_mac: Vec, mac: Vec) -> bool{ if mac.len()!=new_mac.len(){ @@ -228,6 +229,7 @@ pub fn process_tsig(msg: &DnsMessage,key:&[u8], key_name: String, time: u64, av return (false, TsigErrorCode::BADSIG) } //let mytime = SystemTime::now().duration_since(UNIX_EPOCH).expect("no debería fallar el tiempo"); + //RFC 8945 5.2.3 let cond3 = check_time_values(time, fudge, time_signed); if !cond3 { println!("RCODE 9: NOAUTH\n TSIG ERROR 18: BADTIME");