summaryrefslogtreecommitdiff
path: root/dns/tsig.py
Commit message (Collapse)AuthorAgeFilesLines
* Fix repr() of GSS-TSIG key [Issue #657]Bob Halley2021-04-171-3/+6
|
* Add repr() for dns.tsig.Key.Brian Wellington2020-10-291-0/+5
|
* Adds support for reading TSIG text format.Brian Wellington2020-08-101-5/+2
| | | | | | | | | | | | | | | | Implements from_text for the TSIG record type, and clean up some other things. Fixes the text format to emit fields in the right order; fudge and time_signed were reversed. This also matches BIND's output format now. Add get_uint48() to the tokenizer, so that from_text() can use it. Add get_uint48() to the wire parser, and use it in from_wire, for consistency. Change dns.tsig.sign() to use rdata.replace() rather than constructing a new TSIG record manually; this couldn't be done before, because replace() uses text format for validation.
* Add support for new TSIG algorithms.Brian Wellington2020-08-101-26/+43
| | | | | | This adds support for the hmac-sha256-128, hmac-sha384-192, and hmac-sha512-256 truncated algorithms. This also reorders some of the declarations in the TSIG code.
* Support callable() TSIG keyrings for use-cases like GSSTSig.Nick Hall2020-08-081-0/+32
|
* Add a lightweight wrapper around the HMAC types and refactor the "is gss-api ↵Nick Hall2020-08-081-44/+48
| | | | or not" wrapper functions to just call the class methods
* Add gss-tsig support to dnspythonNick Hall2020-08-081-6/+60
|
* Merge pull request #531 from bwelling/tsig2Bob Halley2020-07-071-25/+43
|\ | | | | Split TSIG sign and validate.
| * Split TSIG sign and validate.Brian Wellington2020-07-071-25/+43
| |
* | TSIG code now uses dns.rcode.Rcode enum values for the TSIG error field.Bob Halley2020-07-071-9/+5
|/
* Better deal with backwards compatibility.Brian Wellington2020-07-011-0/+2
| | | | | | | | If dns.tsigkeyring.from_text() creates dns.tsig.Key objects with the default algorithm, that causes problems for code that specifies a different algorithm. There's no good way to handle this, so change dns.tsigkeyring.from_text() to not create dns.tsig.Key objects unless it knows the algorithm.
* Explicitly use the key's algorithm.Brian Wellington2020-07-011-2/+2
|
* Add dns.tsig.Key class.Brian Wellington2020-07-011-9/+38
| | | | | | | | | | | | | | | | | | | | This creates a new class to represent a TSIG key, containing name, secret, and algorithm. The keyring format is changed to be {name : key}, and the methods in dns.tsigkeyring are updated to deal with old and new formats. The Message class is updated to use dns.tsig.Key, although (to avoid breaking existing code), it stores them in the keyring field. Message.use_tsig() can accept either explicit keys, or keyrings; it will extract and/or create a key. dns.message.from_wire() can accept either a key or a keyring in the keyring parameter. If passed a key, it will now raise if the TSIG record in the message was signed with a different key. If passed a keyring containing keys (as opposed to bare secrets), it will check that the TSIG record's algorithm matches that of the key.
* Fix documentation.Brian Wellington2020-06-301-1/+1
|
* Remove the concept from "first" from TSIG.Brian Wellington2020-06-301-3/+4
| | | | | | | | | The sign() and validate() routines took a "first" parameter, which indicated that this message was the first in a multi-message sequence. This isn't needed, as it's identical to "not (ctx and multi)". Remove the parameter from both, as well as the now-unneeded field in the message object and message.from_wire() parameter.
* Store a TSIG rrset on the message object.Brian Wellington2020-06-301-46/+24
|
* Change dns.tsig.validate() to take a TSIG record.Brian Wellington2020-06-301-31/+14
|
* Remove hmac_md5(), as it was added for backwards compatibility when weBob Halley2020-06-191-7/+0
| | | | switched to using sign() back in 2010.
* Update the default TSIG algorithm to hmac-sha256.Brian Wellington2020-05-111-1/+1
| | | | | In the upcoming update to RFC 2845, HMAC-MD5 will move to "MUST NOT" use, so it shouldn't be the default.
* Remove _compat module.Bob Halley2018-12-091-7/+5
|
* update copyrightBob Halley2018-12-011-0/+2
|
* dns/tsig: use hashlib to avoid cryptodome dependency for TSIGTomas Krizek2018-07-201-8/+8
|
* Update DNSSEC code to use pycryptodome instead of pycrypto. These changesDaniel Robbins2018-07-201-2/+2
| | | | | make dnspython *incompatible* with pycrypto -- pycryptodome must be used. The ecdsa module continues to be used for ECDSA support.
* Pylint: enable superfluous-parens checkMartin Basti2016-06-271-1/+1
|
* Pylint: enable unused-import checkMartin Basti2016-06-271-1/+0
|
* Convert TSIG other data into a binary type if needed.Bob Halley2016-06-011-1/+3
|
* Try again to fix TSIG hashesBob Halley2016-05-121-1/+1
|
* Fix TSIG algorithm to hash mappingBob Halley2016-05-121-2/+10
|
* python3 supportArthur Gautier2016-04-211-35/+28
| | | | Signed-off-by: Arthur Gautier <baloo@gandi.net>
* Remove redundant 'pass' from class definitions.Petr Spacek2015-02-121-7/+0
|
* Amend doc strings for all DNSExceptions to make them suitable for direct ↵Petr Spacek2015-02-121-6/+6
| | | | printing.
* Responses to messages signed with TSIG were broken.Bob Halley2014-04-041-0/+16
|
* Make multi-message TSIGs compute correctly for algorithms other than MD5Bob Halley2013-08-261-1/+1
|
* update copyrightsBob Halley2011-05-121-1/+1
|
* make hash compatibility handling its own module; add basic DNSSEC validationBob Halley2010-11-101-28/+13
|
* Set up the TSIG hashes table only once.Bob Halley2010-10-171-30/+43
| | | | | | | | Make algorithm constants domain names. Detect attempts to use HMAC-SHA384 and HMAC-SHA512 on Python versions less than 2.5.2, and raise a NotImplemented exception. (We want to do this because old versions of Python do not compute them correctly.)
* add constants for TSIG algorithmsBob Halley2010-10-171-9/+18
|
* Fix bugs in pre-hashlib compatibility codeBob Halley2010-10-171-2/+2
|
* create exceptions with arguments as "raise E(args)" instead of "raise E, args"Bob Halley2010-01-141-4/+4
|
* tsig import cleanups; rename tsig signing routing from "hmac_md5" to "sign"Bob Halley2010-01-131-13/+20
|
* update copyrights for 2010Bob Halley2010-01-131-1/+1
|
* add support for more TSIG algorithmsBob Halley2009-11-131-7/+57
|
* Add BADTRUNCBob Halley2009-06-181-0/+7
|
* update copyrightsBob Halley2009-06-181-1/+1
|
* raise an exception if the TSIG error is non-zeroBob Halley2008-02-061-3/+32
|
* update copyrights for 2007Bob Halley2007-01-011-1/+1
|
* update copyrightsBob Halley2005-09-021-1/+1
| | | | | Original author: Bob Halley <halley@dnspython.org> Date: 2005-01-08 08:13:48
* remove cvs $Id$ tagsBob Halley2005-09-021-2/+0
| | | | | Original author: Bob Halley <halley@dnspython.org> Date: 2004-07-31 09:51:40
* initial importBob Halley2005-09-021-0/+125
Original author: Bob Halley <halley@dnspython.org> Date: 2004-03-23 21:57:40
View Lorry Controller Status