package dns-tsig

You can search for identifiers within the package.

in-package search v0.2.0

dns-tsig
- Dns_tsig

Legend:
Library
Module
Module type
Parameter
Class
Class type

DNS TSIG signatures

val sign : Dns.Tsig_op.sign

sign ~mac ~max_size name tsig ~key packet buffer signs the given buffer with the provided key, its name, the tsig. The mac argument is expected when a reply to a signed DNS packet should be signed. If signing fails, an error may be produced. The result is a buffer and a mac.

val verify : Dns.Tsig_op.verify

verify ~mac now packet name ~key tsig buffer verifies the buffer using the provided tsig, key and name.

type s = [

| `Key_algorithm of Dns.Dnskey.t
| `Tsig_creation
| `Sign

]

The type for signing errors.

val pp_s : s Fmt.t

pp_s ppf s pretty-prints s on ppf.

val encode_and_sign : 
  ?proto:Dns.proto ->
  Dns.Packet.t ->
  Ptime.t ->
  Dns.Dnskey.t ->
  'a Domain_name.t ->
  (Cstruct.t * Cstruct.t, s) result

encode_and_sign ~proto t now dnskey name signs and encodes the DNS packet.

type e = [

| `Decode of Dns.Packet.err
| `Unsigned of Dns.Packet.t
| `Crypto of Dns.Tsig_op.e
| `Invalid_key of [ `raw ] Domain_name.t * [ `raw ] Domain_name.t

]

The type for decode and verify errors.

val pp_e : e Fmt.t

pp_e ppf e prety-prints e on ppf.

val decode_and_verify : 
  Ptime.t ->
  Dns.Dnskey.t ->
  'a Domain_name.t ->
  ?mac:Cstruct.t ->
  Cstruct.t ->
  (Dns.Packet.t * Dns.Tsig.t * Cstruct.t, e) result

decode_and_verify now dnskey name ~mac buffer decodes and verifies the given buffer using the key material, resulting in a DNS packet and the mac, or a failure. The optional mac argument should be provided if an answer to a signed DNS packet is to be decoded.