diff options
author | Bob Halley <halley@nominum.com> | 2010-10-17 16:14:13 +0100 |
---|---|---|
committer | Bob Halley <halley@nominum.com> | 2010-10-17 16:14:13 +0100 |
commit | 8e222ad86c4aea7adb4c165953852fccb5e939ba (patch) | |
tree | bec9f15ec9fabbe7ce5cf48593a9af7508e0ad3f | |
parent | d0c486c1c4de8e30d87290c070bfe071563e3311 (diff) | |
download | dnspython-8e222ad86c4aea7adb4c165953852fccb5e939ba.tar.gz |
add constants for TSIG algorithms
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | dns/message.py | 7 | ||||
-rw-r--r-- | dns/tsig.py | 27 | ||||
-rw-r--r-- | dns/update.py | 6 |
4 files changed, 34 insertions, 13 deletions
@@ -1,4 +1,9 @@ -2010-10-17 Bob Halley <halley@dnspython.org> +2010-10-17 Robert Halley <halley@nominum.com> + + * dns/tsig.py: Added symbolic constants for the algorithm strings. + E.g. you can now say dns.tsig.HMAC_MD5 instead of + "HMAC-MD5.SIG-ALG.REG.INT". Thanks to Cillian Sharkey for + suggesting this improvement. * dns/tsig.py (get_algorithm): fix hashlib compatibility; thanks to Kevin Chen for the patch. diff --git a/dns/message.py b/dns/message.py index a97c4cf..4284f0d 100644 --- a/dns/message.py +++ b/dns/message.py @@ -93,8 +93,11 @@ class Message(object): @type keyring: dict @ivar keyname: The TSIG keyname to use. The default is None. @type keyname: dns.name.Name object - @ivar keyalgorithm: The TSIG key algorithm to use. The default is - dns.tsig.default_algorithm. + @ivar keyalgorithm: The TSIG algorithm to use; defaults to + dns.tsig.default_algorithm. Constants for TSIG algorithms are defined + in dns.tsig, and the currently implemented algorithms are + HMAC_MD5, HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, and + HMAC_SHA512. @type keyalgorithm: string @ivar request_mac: The TSIG MAC of the request message associated with this message; used when validating TSIG signatures. @see: RFC 2845 for diff --git a/dns/tsig.py b/dns/tsig.py index e6f2e91..7d4c3e0 100644 --- a/dns/tsig.py +++ b/dns/tsig.py @@ -50,7 +50,16 @@ class PeerBadTruncation(PeerError): """Raised if the peer didn't like amount of truncation in the TSIG we sent""" pass -default_algorithm = "HMAC-MD5.SIG-ALG.REG.INT" +# TSIG Algorithms + +HMAC_MD5 = "HMAC-MD5.SIG-ALG.REG.INT" +HMAC_SHA1 = "hmac-sha1" +HMAC_SHA224 = "hmac-sha224" +HMAC_SHA256 = "hmac-sha256" +HMAC_SHA384 = "hmac-sha384" +HMAC_SHA512 = "hmac-sha512" + +default_algorithm = HMAC_MD5 BADSIG = 16 BADKEY = 17 @@ -178,12 +187,12 @@ def get_algorithm(algorithm): hashes = {} try: import hashlib - hashes[dns.name.from_text('hmac-sha224')] = hashlib.sha224 - hashes[dns.name.from_text('hmac-sha256')] = hashlib.sha256 - hashes[dns.name.from_text('hmac-sha384')] = hashlib.sha384 - hashes[dns.name.from_text('hmac-sha512')] = hashlib.sha512 - hashes[dns.name.from_text('hmac-sha1')] = hashlib.sha1 - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = hashlib.md5 + hashes[dns.name.from_text(HMAC_SHA224)] = hashlib.sha224 + hashes[dns.name.from_text(HMAC_SHA256)] = hashlib.sha256 + hashes[dns.name.from_text(HMAC_SHA384)] = hashlib.sha384 + hashes[dns.name.from_text(HMAC_SHA512)] = hashlib.sha512 + hashes[dns.name.from_text(HMAC_SHA1)] = hashlib.sha1 + hashes[dns.name.from_text(HMAC_MD5)] = hashlib.md5 import sys if sys.hexversion < 0x02050000: @@ -203,8 +212,8 @@ def get_algorithm(algorithm): except ImportError: import md5, sha - hashes[dns.name.from_text('HMAC-MD5.SIG-ALG.REG.INT')] = md5 - hashes[dns.name.from_text('hmac-sha1')] = sha + hashes[dns.name.from_text(HMAC_MD5)] = md5 + hashes[dns.name.from_text(HMAC_SHA1)] = sha if isinstance(algorithm, (str, unicode)): algorithm = dns.name.from_text(algorithm) diff --git a/dns/update.py b/dns/update.py index 97aea18..4c1ed62 100644 --- a/dns/update.py +++ b/dns/update.py @@ -21,6 +21,7 @@ import dns.opcode import dns.rdata import dns.rdataclass import dns.rdataset +import dns.tsig class Update(dns.message.Message): def __init__(self, zone, rdclass=dns.rdataclass.IN, keyring=None, @@ -42,7 +43,10 @@ class Update(dns.message.Message): they know the keyring contains only one key. @type keyname: dns.name.Name or string @param keyalgorithm: The TSIG algorithm to use; defaults to - dns.tsig.default_algorithm + dns.tsig.default_algorithm. Constants for TSIG algorithms are defined + in dns.tsig, and the currently implemented algorithms are + HMAC_MD5, HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, and + HMAC_SHA512. @type keyalgorithm: string """ super(Update, self).__init__() |