dh

package

v1.2.2 Latest Latest Go to latest Published: Feb 13, 2023 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bodgit/tsig

Documentation ¶

Overview ¶

Package dh implements RFC 2930 Diffie-Hellman key exchange functions.

Example client:

import (
        "fmt"
        "time"

        "github.com/bodgit/tsig/dh"
        "github.com/miekg/dns"
)

func main() {
        dnsClient := new(dns.Client)
        dnsClient.Net = "tcp"
        dnsClient.TsigSecret = map[string]string{"tsig.example.com.": "k9uK5qsPfbBxvVuldwzYww=="}

        dhClient, err := dh.NewClient(dnsClient)
        if err != nil {
                panic(err)
        }
        defer dhClient.Close()

        host := "ns.example.com:53"

        // Negotiate a key with the chosen server
        keyname, mac, _, err := dhClient.NegotiateKey(host, "tsig.example.com.", dns.HmacMD5, "k9uK5qsPfbBxvVuldwzYww==")
        if err != nil {
                panic(err)
        }

        dnsClient.TsigSecret[keyname] = mac

        // Use the DNS client as normal

        msg := new(dns.Msg)
        msg.SetUpdate(dns.Fqdn("example.com"))

        insert, err := dns.NewRR("test.example.com. 300 A 192.0.2.1")
        if err != nil {
                panic(err)
        }
        msg.Insert([]dns.RR{insert})

        msg.SetTsig(keyname, dns.HmacMD5, 300, time.Now().Unix())

        rr, _, err := dnsClient.Exchange(msg, host)
        if err != nil {
                panic(err)
        }

        if rr.Rcode != dns.RcodeSuccess {
                fmt.Printf("DNS error: %s (%d)\n", dns.RcodeToString[rr.Rcode], rr.Rcode)
        }

        // Revoke the key
        err = dhClient.DeleteKey(keyname)
        if err != nil {
                panic(err)
        }
}

Index ¶

type Client
- func NewClient(dnsClient *dns.Client) (*Client, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶ added in v1.1.0

type Client struct {
	// contains filtered or unexported fields
}

Client maps the TKEY name to the target host that negotiated it as well as any other internal state.

func NewClient ¶ added in v1.1.0

func NewClient(dnsClient *dns.Client) (*Client, error)

NewClient performs any library initialization necessary. It returns a context handle for any further functions along with any error that occurred.

func (*Client) Close ¶ added in v1.1.0

func (c *Client) Close() error

Close revokes any active keys and unloads any underlying libraries as necessary. It returns any error that occurred.

func (*Client) DeleteKey ¶ added in v1.1.0

func (c *Client) DeleteKey(keyname string) error

DeleteKey revokes the active key associated with the given TKEY name. It returns any error that occurred.

func (*Client) NegotiateKey ¶ added in v1.1.0

func (c *Client) NegotiateKey(host, name, algorithm, mac string) (string, string, time.Time, error)

NegotiateKey exchanges RFC 2930 TKEY records with the indicated DNS server to establish a TSIG key for further using an existing TSIG key name, algorithm and MAC. It returns the negotiated TKEY name, MAC, expiry time, and any error that occurred.

Source Files ¶

View all Source files

dh.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL