dh

package

v1.1.2 Latest Latest Go to latest Published: May 24, 2021 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/skunkie/tsig

Documentation ¶

Overview ¶

Package dh implements RFC 2930 Diffie-Hellman key exchange functions.

Example client:

import (
        "fmt"
        "time"

        "github.com/skunkie/tsig/dh"
        "github.com/miekg/dns"
)

func main() {
        dnsClient := new(dns.Client)
        dnsClient.Net = "tcp"
        dnsClient.TsigSecret = map[string]string{"tsig.example.com.": "k9uK5qsPfbBxvVuldwzYww=="}

        dhClient, err := dh.NewClient(dnsClient)
        if err != nil {
                panic(err)
        }
        defer dhClient.Close()

        host := "ns.example.com:53"

        // Negotiate a key with the chosen server
        keyname, mac, _, err := dhClient.NegotiateKey(host, "tsig.example.com.", dns.HmacMD5, "k9uK5qsPfbBxvVuldwzYww==")
        if err != nil {
                panic(err)
        }

        dnsClient.TsigSecret[keyname] = mac

        // Use the DNS client as normal

        msg := new(dns.Msg)
        msg.SetUpdate(dns.Fqdn("example.com"))

        insert, err := dns.NewRR("test.example.com. 300 A 192.0.2.1")
        if err != nil {
                panic(err)
        }
        msg.Insert([]dns.RR{insert})

        msg.SetTsig(keyname, dns.HmacMD5, 300, time.Now().Unix())

        rr, _, err := dnsClient.Exchange(msg, host)
        if err != nil {
                panic(err)
        }

        if rr.Rcode != dns.RcodeSuccess {
                fmt.Printf("DNS error: %s (%d)\n", dns.RcodeToString[rr.Rcode], rr.Rcode)
        }

        // Revoke the key
        err = dhClient.DeleteKey(keyname)
        if err != nil {
                panic(err)
        }
}

Index ¶

type Client
- func NewClient(dnsClient *dns.Client) (*Client, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client maps the TKEY name to the target host that negotiated it as well as any other internal state.

func NewClient ¶

func NewClient(dnsClient *dns.Client) (*Client, error)

NewClient performs any library initialization necessary. It returns a context handle for any further functions along with any error that occurred.

func (*Client) Close ¶

func (c *Client) Close() error

Close revokes any active keys and unloads any underlying libraries as necessary. It returns any error that occurred.

func (*Client) DeleteKey ¶

func (c *Client) DeleteKey(keyname string) error

DeleteKey revokes the active key associated with the given TKEY name. It returns any error that occurred.

func (*Client) NegotiateKey ¶

func (c *Client) NegotiateKey(host, name, algorithm, mac string) (string, string, time.Time, error)

NegotiateKey exchanges RFC 2930 TKEY records with the indicated DNS server to establish a TSIG key for further using an existing TSIG key name, algorithm and MAC. It returns the negotiated TKEY name, MAC, expiry time, and any error that occurred.

Source Files ¶

View all Source files

dh.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL