TSIG LOCAL TSIG

TSIG LOCAL TSIG

NNAAMMEE
nnss__ssiiggnn, nnss__ssiiggnn__ttccpp, nnss__ssiiggnn__ttccpp__iinniitt, nnss__vveerriiffyy, nnss__vveerriiffyy__ttccpp,
nnss__vveerriiffyy__ttccpp__iinniitt, nnss__ffiinndd__ttssiigg -- TSIG system

SSYYNNOOPPSSIISS
_i_n_t
nnss__ssiiggnn(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r, _v_o_i_d _*_k,
_c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g, _i_n_t _*_s_i_g_l_e_n,
_t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d);

_i_n_t
nnss__ssiiggnn__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r,
_n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e, _i_n_t _d_o_n_e);

_i_n_t
nnss__ssiiggnn__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n,
_n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e);

_i_n_t
nnss__vveerriiffyy(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g,
_i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g, _i_n_t _*_s_i_g_l_e_n, _t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d,
_i_n_t _n_o_s_t_r_i_p);

_i_n_t
nnss__vveerriiffyy__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e,
_i_n_t _r_e_q_u_i_r_e_d);

_i_n_t
nnss__vveerriiffyy__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n,
_n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e);

_u___c_h_a_r _*
nnss__ffiinndd__ttssiigg(_u___c_h_a_r _*_m_s_g, _u___c_h_a_r _*_e_o_m);

DDEESSCCRRIIPPTTIIOONN
The TSIG routines are used to implement transaction/request security of
DNS messages.

nnss__ssiiggnn() and nnss__vveerriiffyy() are the basic routines. nnss__ssiiggnn__ttccpp() and
nnss__vveerriiffyy__ttccpp() are used to sign/verify TCP messages that may be split
into multiple packets, such as zone transfers, and nnss__ssiiggnn__ttccpp__iinniitt(),
nnss__vveerriiffyy__ttccpp__iinniitt() initialize the state structure necessary for TCP
operations. nnss__ffiinndd__ttssiigg() locates the TSIG record in a message, if one
is present.

nnss__ssiiggnn()
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
msgsize the size of the buffer containing the DNS message on
input
error the value to be placed in the TSIG error field
key the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
sig a buffer to be filled with the generated signature
siglen the length of the signature buffer on input, the
signature length on output

nnss__ssiiggnn__ttccpp()
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
msgsize the size of the buffer containing the DNS message on
input
error the value to be placed in the TSIG error field
state the state of the operation
done non-zero value signifies that this is the last
packet

nnss__ssiiggnn__ttccpp__iinniitt()
k the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
state the state of the operation, which this initializes

nnss__vveerriiffyy()
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
key the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
sig a buffer to be filled with the signature contained
siglen the length of the signature buffer on input, the
signature length on output
nostrip non-zero value means that the TSIG is left intact

nnss__vveerriiffyy__ttccpp()
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
state the state of the operation
required non-zero value signifies that a TSIG record must be
present at this step

nnss__vveerriiffyy__ttccpp__iinniitt()
k the (DST_KEY *) to verify the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
state the state of the operation, which this initializes

nnss__ffiinndd__ttssiigg()
msg the incoming DNS message
msglen the length of the DNS message

RREETTUURRNN VVAALLUUEESS
nnss__ffiinndd__ttssiigg() returns a pointer to the TSIG record if one is found, and
NULL otherwise.

All other routines return 0 on success, modifying arguments when neces-
sary.

nnss__ssiiggnn() and nnss__ssiiggnn__ttccpp() return the following errors:
(-1) bad input data
(-ns_r_badkey) The key was invalid, or the signing failed
NS_TSIG_ERROR_NO_SPACE the message buffer is too small.

nnss__vveerriiffyy() and nnss__vveerriiffyy__ttccpp() return the following errors:
(-1) bad input data
NS_TSIG_ERROR_FORMERR The message is malformed
NS_TSIG_ERROR_NO_TSIG The message does not contain a TSIG record
NS_TSIG_ERROR_ID_MISMATCH
The TSIG original ID field does not match
the message ID
(-ns_r_badkey) Verification failed due to an invalid key
(-ns_r_badsig) Verification failed due to an invalid sig-
nature
(-ns_r_badtime) Verification failed due to an invalid time-
stamp
ns_r_badkey Verification succeeded but the message had
an error of BADKEY
ns_r_badsig Verification succeeded but the message had
an error of BADSIG
ns_r_badtime Verification succeeded but the message had
an error of BADTIME

SSEEEE AALLSSOO
resolver(3).

AAUUTTHHOORRSS
Brian Wellington, TISLabs at Network Associates

4th Berkeley Distribution January 1, 1996 4th Berkeley Distribution