TSIG LOCAL TSIG NNAAMMEE nnss__ssiiggnn, nnss__ssiiggnn__ttccpp, nnss__ssiiggnn__ttccpp__iinniitt, nnss__vveerriiffyy, nnss__vveerriiffyy__ttccpp, nnss__vveerriiffyy__ttccpp__iinniitt, nnss__ffiinndd__ttssiigg -- TSIG system SSYYNNOOPPSSIISS _i_n_t nnss__ssiiggnn(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r, _v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g, _i_n_t _*_s_i_g_l_e_n, _t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d); _i_n_t nnss__ssiiggnn__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e, _i_n_t _d_o_n_e); _i_n_t nnss__ssiiggnn__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e); _i_n_t nnss__vveerriiffyy(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g, _i_n_t _*_s_i_g_l_e_n, _t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d, _i_n_t _n_o_s_t_r_i_p); _i_n_t nnss__vveerriiffyy__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e, _i_n_t _r_e_q_u_i_r_e_d); _i_n_t nnss__vveerriiffyy__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e); _u___c_h_a_r _* nnss__ffiinndd__ttssiigg(_u___c_h_a_r _*_m_s_g, _u___c_h_a_r _*_e_o_m); DDEESSCCRRIIPPTTIIOONN The TSIG routines are used to implement transaction/request security of DNS messages. nnss__ssiiggnn() and nnss__vveerriiffyy() are the basic routines. nnss__ssiiggnn__ttccpp() and nnss__vveerriiffyy__ttccpp() are used to sign/verify TCP messages that may be split into multiple packets, such as zone transfers, and nnss__ssiiggnn__ttccpp__iinniitt(), nnss__vveerriiffyy__ttccpp__iinniitt() initialize the state structure necessary for TCP operations. nnss__ffiinndd__ttssiigg() locates the TSIG record in a message, if one is present. nnss__ssiiggnn() msg the incoming DNS message, which will be modified msglen the length of the DNS message, on input and output msgsize the size of the buffer containing the DNS message on input error the value to be placed in the TSIG error field key the (DST_KEY *) to sign the data querysig for a response, the signature contained in the query querysiglen the length of the query signature sig a buffer to be filled with the generated signature siglen the length of the signature buffer on input, the signature length on output nnss__ssiiggnn__ttccpp() msg the incoming DNS message, which will be modified msglen the length of the DNS message, on input and output msgsize the size of the buffer containing the DNS message on input error the value to be placed in the TSIG error field state the state of the operation done non-zero value signifies that this is the last packet nnss__ssiiggnn__ttccpp__iinniitt() k the (DST_KEY *) to sign the data querysig for a response, the signature contained in the query querysiglen the length of the query signature state the state of the operation, which this initializes nnss__vveerriiffyy() msg the incoming DNS message, which will be modified msglen the length of the DNS message, on input and output key the (DST_KEY *) to sign the data querysig for a response, the signature contained in the query querysiglen the length of the query signature sig a buffer to be filled with the signature contained siglen the length of the signature buffer on input, the signature length on output nostrip non-zero value means that the TSIG is left intact nnss__vveerriiffyy__ttccpp() msg the incoming DNS message, which will be modified msglen the length of the DNS message, on input and output state the state of the operation required non-zero value signifies that a TSIG record must be present at this step nnss__vveerriiffyy__ttccpp__iinniitt() k the (DST_KEY *) to verify the data querysig for a response, the signature contained in the query querysiglen the length of the query signature state the state of the operation, which this initializes nnss__ffiinndd__ttssiigg() msg the incoming DNS message msglen the length of the DNS message RREETTUURRNN VVAALLUUEESS nnss__ffiinndd__ttssiigg() returns a pointer to the TSIG record if one is found, and NULL otherwise. All other routines return 0 on success, modifying arguments when neces- sary. nnss__ssiiggnn() and nnss__ssiiggnn__ttccpp() return the following errors: (-1) bad input data (-ns_r_badkey) The key was invalid, or the signing failed NS_TSIG_ERROR_NO_SPACE the message buffer is too small. nnss__vveerriiffyy() and nnss__vveerriiffyy__ttccpp() return the following errors: (-1) bad input data NS_TSIG_ERROR_FORMERR The message is malformed NS_TSIG_ERROR_NO_TSIG The message does not contain a TSIG record NS_TSIG_ERROR_ID_MISMATCH The TSIG original ID field does not match the message ID (-ns_r_badkey) Verification failed due to an invalid key (-ns_r_badsig) Verification failed due to an invalid sig- nature (-ns_r_badtime) Verification failed due to an invalid time- stamp ns_r_badkey Verification succeeded but the message had an error of BADKEY ns_r_badsig Verification succeeded but the message had an error of BADSIG ns_r_badtime Verification succeeded but the message had an error of BADTIME SSEEEE AALLSSOO resolver(3). AAUUTTHHOORRSS Brian Wellington, TISLabs at Network Associates 4th Berkeley Distribution January 1, 1996 4th Berkeley Distribution