[trac3593] added truncated HMAC support to TSIG

doc/examples/ddns/sample1.json

@@ -106,6 +106,12 @@
             "algorithm": "HMAC-SHA1",
             "secret": "hRrp29wzUv3uzSNRLlY68w=="
         }
+        {
+            "name": "d2.sha512.key",
+            "algorithm": "HMAC-SHA512",
+            "digest_bits": 256,
+            "secret": "/4wklkm04jeH4anx2MKGJLcya+ZLHldL5d6mK+4q6UXQP7KJ9mS2QG29hh0SJR4LA0ikxNJTUMvir42gLx6fGQ=="
+        }
     ]
 }
 

doc/examples/ddns/template.json

@@ -92,6 +92,9 @@
 #            Valid values for algorithm are:    HMAC-MD5, HMAC-SHA1,
 #                                               HMAC-SHA224, HMAC-SHA256,
 #                                               HMAC-SHA384, HMAC-SHA512
+#           "digest_bits" : 256,
+#           Minimum truncated length in bits.
+#           Default 0 (means truncation is forbidden).
             "secret" : "<shared secret value>"
         }
 #       ,

doc/guide/ddns.xml

@@ -283,6 +283,17 @@ corresponding values in the DHCP servers' "dhcp-ddns" configuration section.
 	      This value is not case sensitive.
 	    </simpara>
 	  </listitem>
+	  <listitem>
+	    <simpara>
+	      <command>digest_bits</command> -
+	      is used to specify the minimum truncated length in bits.
+	      The default value 0 means truncation is forbidden, not 0
+	      values must be an integral number of octets, be greater
+	      than 80 and the half of the full length. Note in BIND9
+	      this parameter is appended after a dash to the algorithm
+	      name.
+	    </simpara>
+	  </listitem>
 	  <listitem>
 	    <simpara>
 	      <command>secret</command> -