From 8e222ad86c4aea7adb4c165953852fccb5e939ba Mon Sep 17 00:00:00 2001 From: Bob Halley Date: Sun, 17 Oct 2010 16:14:13 +0100 Subject: [PATCH] add constants for TSIG algorithms --- ChangeLog | 7 ++++++- dns/message.py | 7 +++++-- dns/tsig.py | 27 ++++++++++++++++++--------- dns/update.py | 6 +++++- 4 files changed, 34 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index ad226d37..7ddecae3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -2010-10-17 Bob Halley +2010-10-17 Robert Halley + + * dns/tsig.py: Added symbolic constants for the algorithm strings. + E.g. you can now say dns.tsig.HMAC_MD5 instead of + "HMAC-MD5.SIG-ALG.REG.INT". Thanks to Cillian Sharkey for + suggesting this improvement. * dns/tsig.py (get_algorithm): fix hashlib compatibility; thanks to Kevin Chen for the patch. diff --git a/dns/message.py b/dns/message.py index a97c4cf7..4284f0da 100644 --- a/dns/message.py +++ b/dns/message.py @@ -93,8 +93,11 @@ class Message(object): @type keyring: dict @ivar keyname: The TSIG keyname to use. The default is None. @type keyname: dns.name.Name object - @ivar keyalgorithm: The TSIG key algorithm to use. The default is - dns.tsig.default_algorithm. + @ivar keyalgorithm: The TSIG algorithm to use; defaults to + dns.tsig.default_algorithm. Constants for TSIG algorithms are defined + in dns.tsig, and the currently implemented algorithms are + HMAC_MD5, HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, and + HMAC_SHA512. @type keyalgorithm: string @ivar request_mac: The TSIG MAC of the request message associated with this message; used when validating TSIG signatures. @see: RFC 2845 for diff --git a/dns/tsig.py b/dns/tsig.py index e6f2e91a..7d4c3e03 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -50,7 +50,16 @@ class PeerBadTruncation(PeerError): """Raised if the peer didn't like amount of truncation in the TSIG we sent""" pass -default_algorithm = "HMAC-MD5.SIG-ALG.REG.INT" +# TSIG Algorithms + +HMAC_MD5 = "HMAC-MD5.SIG-ALG.REG.INT" +HMAC_SHA1 = "hmac-sha1" +HMAC_SHA224 = "hmac-sha224" +HMAC_SHA256 = "hmac-sha256" +HMAC_SHA384 = "hmac-sha384" +HMAC_SHA512 = "hmac-sha512" + +default_algorithm = HMAC_MD5 BADSIG = 16 BADKEY = 17 @@ -178,12 +187,12 @@ def get_algorithm(algorithm): hashes = {} try: import hashlib - hashes[dns.name.from_text('hmac-sha224')] = hashlib.sha224 - hashes[dns.name.from_text('hmac-sha256')] = hashlib.sha256 - hashes[dns.name.from_text('hmac-sha384')] = hashlib.sha384 - hashes[dns.name.from_text('hmac-sha512')] = hashlib.sha512 - hashes[dns.name.from_text('hmac-sha1')] = hashlib.sha1 - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = hashlib.md5 + hashes[dns.name.from_text(HMAC_SHA224)] = hashlib.sha224 + hashes[dns.name.from_text(HMAC_SHA256)] = hashlib.sha256 + hashes[dns.name.from_text(HMAC_SHA384)] = hashlib.sha384 + hashes[dns.name.from_text(HMAC_SHA512)] = hashlib.sha512 + hashes[dns.name.from_text(HMAC_SHA1)] = hashlib.sha1 + hashes[dns.name.from_text(HMAC_MD5)] = hashlib.md5 import sys if sys.hexversion < 0x02050000: @@ -203,8 +212,8 @@ def get_algorithm(algorithm): except ImportError: import md5, sha - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = md5 - hashes[dns.name.from_text('hmac-sha1')] = sha + hashes[dns.name.from_text(HMAC_MD5)] = md5 + hashes[dns.name.from_text(HMAC_SHA1)] = sha if isinstance(algorithm, (str, unicode)): algorithm = dns.name.from_text(algorithm) diff --git a/dns/update.py b/dns/update.py index 97aea18f..4c1ed625 100644 --- a/dns/update.py +++ b/dns/update.py @@ -21,6 +21,7 @@ import dns.opcode import dns.rdata import dns.rdataclass import dns.rdataset +import dns.tsig class Update(dns.message.Message): def __init__(self, zone, rdclass=dns.rdataclass.IN, keyring=None, @@ -42,7 +43,10 @@ class Update(dns.message.Message): they know the keyring contains only one key. @type keyname: dns.name.Name or string @param keyalgorithm: The TSIG algorithm to use; defaults to - dns.tsig.default_algorithm + dns.tsig.default_algorithm. Constants for TSIG algorithms are defined + in dns.tsig, and the currently implemented algorithms are + HMAC_MD5, HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, and + HMAC_SHA512. @type keyalgorithm: string """ super(Update, self).__init__() -- 2.47.3