|
|
@@ -353,8 +353,25 @@ public:
|
|
|
TSIGError verify(const TSIGRecord* const record, const void* const data,
|
|
|
const size_t data_len);
|
|
|
|
|
|
- /// TBD: mostly for internal use. context dependent.
|
|
|
- /// won't provide python binding.
|
|
|
+ /// Return the expected length of TSIG RR after \c sign()
|
|
|
+ ///
|
|
|
+ /// This method returns the length of the TSIG RR based that would be
|
|
|
+ /// produced as a result of \c sign() with the state of the context
|
|
|
+ /// at the time of the call. The expected length can be decided
|
|
|
+ /// from the key and the algorithm (which determines the MAC size if
|
|
|
+ /// included) and the recorded TSIG error. Specifically, if a key
|
|
|
+ /// related error has been identified, the MAC will be excluded; if
|
|
|
+ /// a time error has occurred, the TSIG will include "other data".
|
|
|
+ ///
|
|
|
+ /// This method is provided mainly for the convenient of the Message class,
|
|
|
+ /// which needs to know the expected TSIG length in rendering a signed
|
|
|
+ /// DNS message so that it can handle truncated messages with TSIG
|
|
|
+ /// correctly. Normal applications wouldn't need this method. The Python
|
|
|
+ /// binding for this method won't be provided for the same reason.
|
|
|
+ ///
|
|
|
+ /// \exception None
|
|
|
+ ///
|
|
|
+ /// \return The expected TISG RR length in bytes
|
|
|
size_t getTSIGLength() const;
|
|
|
|
|
|
/// Return the current state of the context
|
JINMEI Tatuya