GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  TSIG (3)

NAME

ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp, ns_verify_tcp_init, ns_find_tsig - TSIG system

CONTENTS

Synopsis
Description
Return Values
See Also
Authors

SYNOPSIS

int
.Fo ns_sign u_char *msg int *msglen int msgsize int error void *k const u_char *querysig int querysiglen u_char *sig int *siglen time_t in_timesigned
.Fc int ns_sign_tcp u_char *msg int *msglen int msgsize int error
"ns_tcp_tsig_state *state" "int done" int ns_sign_tcp_init void *k const u_char *querysig int querysiglen
"ns_tcp_tsig_state *state" int
.Fo ns_verify u_char *msg int *msglen void *k const u_char *querysig int querysiglen u_char *sig int *siglen time_t in_timesigned int nostrip
.Fc int ns_verify_tcp u_char *msg int *msglen ns_tcp_tsig_state *state
"int required" int ns_verify_tcp_init void *k const u_char *querysig int querysiglen
"ns_tcp_tsig_state *state" u_char * ns_find_tsig u_char *msg u_char *eom

DESCRIPTION

The TSIG routines are used to implement transaction/request security of DNS messages.

ns_sign and ns_verify are the basic routines. ns_sign_tcp and ns_verify_tcp are used to sign/verify TCP messages that may be split into multiple packets, such as zone transfers, and ns_sign_tcp_init, ns_verify_tcp_init initialize the state structure necessary for TCP operations. ns_find_tsig locates the TSIG record in a message, if one is present.

ns_sign
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
msgsize the size of the buffer containing the DNS message on input
error the value to be placed in the TSIG error field
key the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
sig a buffer to be filled with the generated signature
siglen the length of the signature buffer on input, the signature length on output

ns_sign_tcp
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
msgsize the size of the buffer containing the DNS message on input
error the value to be placed in the TSIG error field
state the state of the operation
done non-zero value signifies that this is the last packet

ns_sign_tcp_init
k the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
state the state of the operation, which this initializes

ns_verify
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
key the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
sig a buffer to be filled with the signature contained
siglen the length of the signature buffer on input, the signature length on output
nostrip non-zero value means that the TSIG is left intact

ns_verify_tcp
msg the incoming DNS message, which will be modified
msglen the length of the DNS message, on input and output
state the state of the operation
required non-zero value signifies that a TSIG record must be present at this step

ns_verify_tcp_init
k the (DST_KEY *) to verify the data
querysig for a response, the signature contained in the query
querysiglen the length of the query signature
state the state of the operation, which this initializes

ns_find_tsig
msg the incoming DNS message
msglen the length of the DNS message

RETURN VALUES

ns_find_tsig returns a pointer to the TSIG record if one is found, and NULL otherwise.

All other routines return 0 on success, modifying arguments when necessary.

ns_sign and ns_sign_tcp return the following errors:
(-1) bad input data
(-ns_r_badkey) The key was invalid, or the signing failed
NS_TSIG_ERROR_NO_SPACE
  the message buffer is too small.

ns_verify and ns_verify_tcp return the following errors:
(-1) bad input data
NS_TSIG_ERROR_FORMERR The message is malformed
NS_TSIG_ERROR_NO_TSIG The message does not contain a TSIG record
NS_TSIG_ERROR_ID_MISMATCH
  The TSIG original ID field does not match the message ID
(-ns_r_badkey) Verification failed due to an invalid key
(-ns_r_badsig) Verification failed due to an invalid signature
(-ns_r_badtime) Verification failed due to an invalid timestamp
ns_r_badkey Verification succeeded but the message had an error of BADKEY
ns_r_badsig Verification succeeded but the message had an error of BADSIG
ns_r_badtime Verification succeeded but the message had an error of BADTIME

SEE ALSO

resolver(3).

AUTHORS

Brian Wellington, TISLabs at Network Associates
Search for    or go to Top of page |  Section 3 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.