From: Bob Halley Date: Sun, 15 Jan 2017 23:52:30 +0000 (-0800) Subject: dnssec doco X-Git-Tag: v1.16.0~61 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f08f9d3ed78c62d5568f87e1ddfcca37821714b;p=thirdparty%2Fdnspython.git dnssec doco --- diff --git a/dns/dnssec.py b/dns/dnssec.py index d50393c1..6e9d4103 100644 --- a/dns/dnssec.py +++ b/dns/dnssec.py @@ -37,19 +37,34 @@ class UnsupportedAlgorithm(dns.exception.DNSException): class ValidationFailure(dns.exception.DNSException): """The DNSSEC signature is invalid.""" + +#: RSAMD5 RSAMD5 = 1 +#: DH DH = 2 +#: DSA DSA = 3 +#: ECC ECC = 4 +#: RSASHA1 RSASHA1 = 5 +#: DSANSEC3SHA1 DSANSEC3SHA1 = 6 +#: RSASHA1NSEC3SHA1 RSASHA1NSEC3SHA1 = 7 +#: RSASHA256 RSASHA256 = 8 +#: RSASHA512 RSASHA512 = 10 +#: ECDSAP256SHA256 ECDSAP256SHA256 = 13 +#: ECDSAP384SHA384 ECDSAP384SHA384 = 14 +#: INDIRECT INDIRECT = 252 +#: PRIVATEDNS PRIVATEDNS = 253 +#: PRIVATEOID PRIVATEOID = 254 _algorithm_by_text = { diff --git a/doc/dnssec.rst b/doc/dnssec.rst new file mode 100644 index 00000000..c16a6186 --- /dev/null +++ b/doc/dnssec.rst @@ -0,0 +1,39 @@ +.. module:: dns.dnssec +.. _dnssec: + +DNSSEC +====== + +Dnspython can do simple DNSSEC signature validation, but +currently has no facilities for signing. In order to +use DNSSEC functions, you must have ``pycrypto`` installed. +If you want to do elliptic curves, you must also have +``ecdsa`` installed. + +DNSSEC Algorithms +----------------- + +.. autodata:: dns.dnssec.RSAMD5 +.. autodata:: dns.dnssec.DH +.. autodata:: dns.dnssec.DSA +.. autodata:: dns.dnssec.ECC +.. autodata:: dns.dnssec.RSASHA1 +.. autodata:: dns.dnssec.DSANSEC3SHA1 +.. autodata:: dns.dnssec.RSASHA1NSEC3SHA1 +.. autodata:: dns.dnssec.RSASHA256 +.. autodata:: dns.dnssec.RSASHA512 +.. autodata:: dns.dnssec.ECDSAP256SHA256 +.. autodata:: dns.dnssec.ECDSAP384SHA384 +.. autodata:: dns.dnssec.INDIRECT +.. autodata:: dns.dnssec.PRIVATEDNS +.. autodata:: dns.dnssec.PRIVATEOID + +DNSSEC Functions +---------------- + +.. autofunction:: dns.dnssec.algorithm_from_text +.. autofunction:: dns.dnssec.algorithm_to_text +.. autofunction:: dns.dnssec.key_id +.. autofunction:: dns.dnssec.make_ds +.. autofunction:: dns.dnssec.validate +.. autofunction:: dns.dnssec.validate_rrsig diff --git a/doc/exceptions.rst b/doc/exceptions.rst index 879e593a..9f5e22cc 100644 --- a/doc/exceptions.rst +++ b/doc/exceptions.rst @@ -9,6 +9,13 @@ Common Exceptions .. automodule:: dns.exception :members: +dns.dnssec Exceptions +--------------------- + +.. autoexception:: dns.dnssec.UnsupportedAlgorithm +.. autoexception:: dns.dnssec.ValidationFailure + + dns.message Exceptions ---------------------- diff --git a/doc/manual.rst b/doc/manual.rst index c88f8e00..c032f4f9 100644 --- a/doc/manual.rst +++ b/doc/manual.rst @@ -9,5 +9,6 @@ Dnspython Manual name rdata message + dnssec exceptions utilities