Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   6284 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

TSIG(2)			    BSD Programmer's Manual		       TSIG(2)

NAME
     ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp,
     ns_verify_tcp_init, ns_find_tsig - TSIG system

SYNOPSIS
     int
     ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k,
	     const u_char *querysig, int querysiglen, u_char *sig,
	     int *siglen, time_t in_timesigned);

     int
     ns_sign_tcp(u_char *msg, int *msglen, int msgsize, int error,
	     ns_tcp_tsig_state *state, int done);

     int
     ns_sign_tcp_init(void *k, const u_char *querysig, int querysiglen,
	     ns_tcp_tsig_state *state);

     int
     ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig,
	     int querysiglen, u_char *sig, int *siglen, time_t in_timesigned,
	     int nostrip);

     int
     ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
	     int required);

     int
     ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen,
	     ns_tcp_tsig_state *state);

     u_char *
     ns_find_tsig(u_char *msg, u_char *eom);

DESCRIPTION
     The TSIG routines are used to implement transaction/request security of
     DNS messages.

     ns_sign() and ns_verify() are the basic routines.	ns_sign_tcp() and
     ns_verify_tcp() are used to sign/verify TCP messages that may be split
     into multiple packets, such as zone transfers, and ns_sign_tcp_init,()
     ns_verify_tcp_init() initialize the state structure necessary for TCP op-
     erations.	ns_find_tsig() locates the TSIG record in a message, if one is
     present.

     ns_sign()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   msgsize	  the size of the buffer containing the DNS message on
			  input
	   error	  the value to be placed in the TSIG error field
	   key		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   sig		  a buffer to be filled with the generated signature
	   siglen	  the length of the signature buffer on input, the
			  signature length on output

     ns_sign_tcp()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   msgsize	  the size of the buffer containing the DNS message on

			  input
	   error	  the value to be placed in the TSIG error field
	   state	  the state of the operation
	   done		  non-zero value signifies that this is the last pack-
			  et

     ns_sign_tcp_init()
	   k		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   state	  the state of the operation, which this initializes

     ns_verify()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   key		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   sig		  a buffer to be filled with the signature contained
	   siglen	  the length of the signature buffer on input, the
			  signature length on output
	   nostrip	  non-zero value means that the TSIG is left intact

     ns_verify_tcp()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   state	  the state of the operation
	   required	  non-zero value signifies that a TSIG record must be
			  present at this step

     ns_verify_tcp_init()
	   k		  the (DST_KEY *) to verify the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   state	  the state of the operation, which this initializes

     ns_find_tsig()
	   msg		  the incoming DNS message
	   msglen	  the length of the DNS message

RETURN VALUES
     ns_find_tsig() returns a pointer to the TSIG record if one is found, and
     NULL otherwise.

     All other routines return 0 on success, modifying arguments when neces-
     sary.

     ns_sign() and ns_sign_tcp() return the following errors:
	   (-1)			   bad input data
	   (-ns_r_badkey)	   The key was invalid, or the signing failed
	   NS_TSIG_ERROR_NO_SPACE  the message buffer is too small.

     ns_verify() and ns_verify_tcp() return the following errors:
	   (-1)			   bad input data
	   NS_TSIG_ERROR_FORMERR   The message is malformed
	   NS_TSIG_ERROR_NO_TSIG   The message does not contain a TSIG record
	   NS_TSIG_ERROR_ID_MISMATCH
				   The TSIG original ID field does not match
				   the message ID
	   (-ns_r_badkey)	   Verification failed due to an invalid key
	   (-ns_r_badsig)	   Verification failed due to an invalid sig-
				   nature
	   (-ns_r_badtime)	   Verification failed due to an invalid
				   timestamp
	   ns_r_badkey		   Verification succeeded but the message had

				   an error of BADKEY
	   ns_r_badsig		   Verification succeeded but the message had
				   an error of BADSIG
	   ns_r_badtime		   Verification succeeded but the message had
				   an error of BADTIME

SEE ALSO
     resolver(3).

AUTHORS
     Brian Wellington, TISLabs at Network Associates

4th Berkeley Distribution	January 1, 1996				     3

                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 

Vote for polarhome