pub struct Key { /* private fields */ }
tsig
only.Expand description
A key for creating and validating TSIG signatures.
For the algorithms included in this implementation, keys are octet strings
of any size that are converted into the algorithm’s native key length
through a well defined method. The type provides means both for creating
new random keys via the [create´] function and for loading them from the octets via [
new`].
Keys are identified in TSIG through a name that is encoded as a domain
name. While the TSIG specification allows a key to be used with any
algorithm, we tie them together, so each Key
value also knows which
algorithm it can be used for.
Finally, TSIG allows for the use of truncated signatures. There is hard
rules of the minimum signature length which can be limited further by
local policy. This policy is kept as part of the key. The min_mac_len
field defines the minimum length a received signature has to have in order
to be accepted. Conversely, signing_len
is the length of a signature
created with this key.
Implementations
sourceimpl Key
impl Key
sourcepub fn new(
algorithm: Algorithm,
key: &[u8],
name: Dname<OctetsVec>,
min_mac_len: Option<usize>,
signing_len: Option<usize>
) -> Result<Self, NewKeyError>
pub fn new(
algorithm: Algorithm,
key: &[u8],
name: Dname<OctetsVec>,
min_mac_len: Option<usize>,
signing_len: Option<usize>
) -> Result<Self, NewKeyError>
Creates a new key from its components.
This function can be used to import a key from some kind of serialized form. The algorithm, key bits, and name are necessary. By default the key will not allow any truncation.
If min_mac_len
is not None
, the key will accept received
signatures trucated to the given length. This length must not be less
than 10, it must not be less than half the algorithm’s native
signature length as returned by Algorithm::native_len
, and it must
not be larger than the full native length. The function will return an
error if that happens.
If signing_len
is not None
, the signatures produces with this key
will be truncated to the given length. The limits for min_mac_len
apply here as well.
sourcepub fn generate(
algorithm: Algorithm,
rng: &dyn SecureRandom,
name: Dname<OctetsVec>,
min_mac_len: Option<usize>,
signing_len: Option<usize>
) -> Result<(Self, Bytes), GenerateKeyError>
pub fn generate(
algorithm: Algorithm,
rng: &dyn SecureRandom,
name: Dname<OctetsVec>,
min_mac_len: Option<usize>,
signing_len: Option<usize>
) -> Result<(Self, Bytes), GenerateKeyError>
Generates a new signing key.
This is similar to new
but generates the bits for the key from the
given rng
. It returns both the key and bits for serialization and
exporting.
sourceimpl Key
impl Key
sourcepub fn native_len(&self) -> usize
pub fn native_len(&self) -> usize
Returns the native length of the signature from this key.
sourcepub fn min_mac_len(&self) -> usize
pub fn min_mac_len(&self) -> usize
Returns the minimum acceptable length of a received signature.
sourcepub fn signing_len(&self) -> usize
pub fn signing_len(&self) -> usize
Returns the length of a signature generated by this key.