Struct domain::tsig::Key

pub struct Key { /* private fields */ }

Available on crate feature tsig only.

A key for creating and validating TSIG signatures.

For the algorithms included in this implementation, keys are octet strings of any size that are converted into the algorithm’s native key length through a well defined method. The type provides means both for creating new random keys via the [create´] function and for loading them from the octets via [new`].

Keys are identified in TSIG through a name that is encoded as a domain name. While the TSIG specification allows a key to be used with any algorithm, we tie them together, so each Key value also knows which algorithm it can be used for.

Finally, TSIG allows for the use of truncated signatures. There is hard rules of the minimum signature length which can be limited further by local policy. This policy is kept as part of the key. The min_mac_len field defines the minimum length a received signature has to have in order to be accepted. Conversely, signing_len is the length of a signature created with this key.

Implementations

impl Key

Creating Keys

pub fn new(
    algorithm: Algorithm,
    key: &[u8],
    name: Dname<OctetsVec>,
    min_mac_len: Option<usize>,
    signing_len: Option<usize>
) -> Result<Self, NewKeyError>

Creates a new key from its components.

This function can be used to import a key from some kind of serialized form. The algorithm, key bits, and name are necessary. By default the key will not allow any truncation.

If min_mac_len is not None, the key will accept received signatures trucated to the given length. This length must not be less than 10, it must not be less than half the algorithm’s native signature length as returned by Algorithm::native_len, and it must not be larger than the full native length. The function will return an error if that happens.

If signing_len is not None, the signatures produces with this key will be truncated to the given length. The limits for min_mac_len apply here as well.

pub fn generate(
    algorithm: Algorithm,
    rng: &dyn SecureRandom,
    name: Dname<OctetsVec>,
    min_mac_len: Option<usize>,
    signing_len: Option<usize>
) -> Result<(Self, Bytes), GenerateKeyError>

Generates a new signing key.

This is similar to new but generates the bits for the key from the given rng. It returns both the key and bits for serialization and exporting.

impl Key

Access to Properties

pub fn algorithm(&self) -> Algorithm

Returns the algorithm of this key.

pub fn name(&self) -> &Dname<OctetsVec>

Returns a reference to the name of this key.

pub fn native_len(&self) -> usize

Returns the native length of the signature from this key.

pub fn min_mac_len(&self) -> usize

Returns the minimum acceptable length of a received signature.

pub fn signing_len(&self) -> usize

Returns the length of a signature generated by this key.

Trait Implementations

impl AsRef<Key> for Key

fn as_ref(&self) -> &Self

Converts this type into a shared reference of the (usually inferred) input type.

impl Debug for Key

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.