xref: /netbsd/external/bsd/libbind/dist/doc/tsig.cat3 (revision 6550d01e) 
1TSIG                                 LOCAL                                TSIG
2
3NNAAMMEE
4     nnss__ssiiggnn, nnss__ssiiggnn__ttccpp, nnss__ssiiggnn__ttccpp__iinniitt, nnss__vveerriiffyy, nnss__vveerriiffyy__ttccpp,
5     nnss__vveerriiffyy__ttccpp__iinniitt, nnss__ffiinndd__ttssiigg - TSIG system
6
7SSYYNNOOPPSSIISS
8     _i_n_t
9     nnss__ssiiggnn(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r, _v_o_i_d _*_k,
10             _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g,
11             _i_n_t _*_s_i_g_l_e_n, _t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d);
12
13     _i_n_t
14     nnss__ssiiggnn__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _i_n_t _m_s_g_s_i_z_e, _i_n_t _e_r_r_o_r,
15             _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e, _i_n_t _d_o_n_e);
16
17     _i_n_t
18     nnss__ssiiggnn__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n,
19             _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e);
20
21     _i_n_t
22     nnss__vveerriiffyy(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g,
23             _i_n_t _q_u_e_r_y_s_i_g_l_e_n, _u___c_h_a_r _*_s_i_g, _i_n_t _*_s_i_g_l_e_n, _t_i_m_e___t _i_n___t_i_m_e_s_i_g_n_e_d,
24             _i_n_t _n_o_s_t_r_i_p);
25
26     _i_n_t
27     nnss__vveerriiffyy__ttccpp(_u___c_h_a_r _*_m_s_g, _i_n_t _*_m_s_g_l_e_n, _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e,
28             _i_n_t _r_e_q_u_i_r_e_d);
29
30     _i_n_t
31     nnss__vveerriiffyy__ttccpp__iinniitt(_v_o_i_d _*_k, _c_o_n_s_t _u___c_h_a_r _*_q_u_e_r_y_s_i_g, _i_n_t _q_u_e_r_y_s_i_g_l_e_n,
32             _n_s___t_c_p___t_s_i_g___s_t_a_t_e _*_s_t_a_t_e);
33
34     _u___c_h_a_r _*
35     nnss__ffiinndd__ttssiigg(_u___c_h_a_r _*_m_s_g, _u___c_h_a_r _*_e_o_m);
36
37DDEESSCCRRIIPPTTIIOONN
38     The TSIG routines are used to implement transaction/request security of
39     DNS messages.
40
41     nnss__ssiiggnn() and nnss__vveerriiffyy() are the basic routines.  nnss__ssiiggnn__ttccpp() and
42     nnss__vveerriiffyy__ttccpp() are used to sign/verify TCP messages that may be split
43     into multiple packets, such as zone transfers, and nnss__ssiiggnn__ttccpp__iinniitt(),
44     nnss__vveerriiffyy__ttccpp__iinniitt() initialize the state structure necessary for TCP
45     operations.  nnss__ffiinndd__ttssiigg() locates the TSIG record in a message, if one
46     is present.
47
48     nnss__ssiiggnn()
49           msg            the incoming DNS message, which will be modified
50           msglen         the length of the DNS message, on input and output
51           msgsize        the size of the buffer containing the DNS message on
52                          input
53           error          the value to be placed in the TSIG error field
54           key            the (DST_KEY *) to sign the data
55           querysig       for a response, the signature contained in the query
56           querysiglen    the length of the query signature
57           sig            a buffer to be filled with the generated signature
58           siglen         the length of the signature buffer on input, the
59                          signature length on output
60
61     nnss__ssiiggnn__ttccpp()
62           msg            the incoming DNS message, which will be modified
63           msglen         the length of the DNS message, on input and output
64           msgsize        the size of the buffer containing the DNS message on
65                          input
66           error          the value to be placed in the TSIG error field
67           state          the state of the operation
68           done           non-zero value signifies that this is the last
69                          packet
70
71     nnss__ssiiggnn__ttccpp__iinniitt()
72           k              the (DST_KEY *) to sign the data
73           querysig       for a response, the signature contained in the query
74           querysiglen    the length of the query signature
75           state          the state of the operation, which this initializes
76
77     nnss__vveerriiffyy()
78           msg            the incoming DNS message, which will be modified
79           msglen         the length of the DNS message, on input and output
80           key            the (DST_KEY *) to sign the data
81           querysig       for a response, the signature contained in the query
82           querysiglen    the length of the query signature
83           sig            a buffer to be filled with the signature contained
84           siglen         the length of the signature buffer on input, the
85                          signature length on output
86           nostrip        non-zero value means that the TSIG is left intact
87
88     nnss__vveerriiffyy__ttccpp()
89           msg            the incoming DNS message, which will be modified
90           msglen         the length of the DNS message, on input and output
91           state          the state of the operation
92           required       non-zero value signifies that a TSIG record must be
93                          present at this step
94
95     nnss__vveerriiffyy__ttccpp__iinniitt()
96           k              the (DST_KEY *) to verify the data
97           querysig       for a response, the signature contained in the query
98           querysiglen    the length of the query signature
99           state          the state of the operation, which this initializes
100
101     nnss__ffiinndd__ttssiigg()
102           msg            the incoming DNS message
103           msglen         the length of the DNS message
104
105RREETTUURRNN VVAALLUUEESS
106     nnss__ffiinndd__ttssiigg() returns a pointer to the TSIG record if one is found, and
107     NULL otherwise.
108
109     All other routines return 0 on success, modifying arguments when neces‐
110     sary.
111
112     nnss__ssiiggnn() and nnss__ssiiggnn__ttccpp() return the following errors:
113           (-1)                    bad input data
114           (-ns_r_badkey)          The key was invalid, or the signing failed
115           NS_TSIG_ERROR_NO_SPACE  the message buffer is too small.
116
117     nnss__vveerriiffyy() and nnss__vveerriiffyy__ttccpp() return the following errors:
118           (-1)                    bad input data
119           NS_TSIG_ERROR_FORMERR   The message is malformed
120           NS_TSIG_ERROR_NO_TSIG   The message does not contain a TSIG record
121           NS_TSIG_ERROR_ID_MISMATCH
122                                   The TSIG original ID field does not match
123                                   the message ID
124           (-ns_r_badkey)          Verification failed due to an invalid key
125           (-ns_r_badsig)          Verification failed due to an invalid sig‐
126                                   nature
127           (-ns_r_badtime)         Verification failed due to an invalid
128                                   timestamp
129           ns_r_badkey             Verification succeeded but the message had
130                                   an error of BADKEY
131           ns_r_badsig             Verification succeeded but the message had
132                                   an error of BADSIG
133           ns_r_badtime            Verification succeeded but the message had
134                                   an error of BADTIME
135
136SSEEEE AALLSSOO
137     resolver(3).
138
139AAUUTTHHOORRSS
140     Brian Wellington, TISLabs at Network Associates
141
1424th Berkeley Distribution       January 1, 1996      4th Berkeley Distribution
143