Commit a4ebe83c authored by Evan Hunt's avatar Evan Hunt

migrate t_dst signature test to lib/dns/tests/dst_test

parent f58ac8ad
......@@ -5,7 +5,6 @@ nxtify
sdig
*_test
gsstest
t_dst
conf.sh
dlopen
keycreate
......
......@@ -32,7 +32,7 @@ ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
LIBS = @LIBS@
SUBDIR = dst system @PKCS11_TOOLS@ optional
SUBDIR = system @PKCS11_TOOLS@ optional
TESTDIRS = system
......
randomfile
Kdh.+002+18602.key
Kdh.+002+18602.private
Kdh.+002+48957.key
Kdh.+002+48957.private
Ktest.+001+00002.key
Ktest.+001+54622.key
Ktest.+001+54622.private
Ktest.+003+23616.key
Ktest.+003+23616.private
Ktest.+003+49667.key
dst_2_data
t2_data_1
t2_data_2
t2_dsasig
t2_rsasig
dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg==
Private-key-format: v1.2
Algorithm: 2 (DH)
Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
Generator(g): Ag==
Private_value(x): bpdsGQ1jbV3f2CGN/0Pk5KM1MlkFmMryPO1J1zoGn585fRmc9Ygw6l/HKmi2ViiDNorvd9/eV9uyYO6lYZC82R3D7rST1mAqCwbg/8gNE5dXBRbRIIq3qIl6GUYYs8mK
Public_value(y): gcj/CO05qA2Br0YgtKhLTYhV6WAuKU8T9N+G29KGyIMBepsh/FByPYmS46c0uzm21vZZldaXn+OxKMjEczAwXZdjiDC3+XAcF/++BgevtojGcpei/WOT2vKZMscYog62
dh. IN KEY 0 2 2 AAEBAAAAYOuaKjyMXYame2F6/ZFdEmXv0a2edB+69PEZgrExA6SJlivn 4KqAsfBHr/+0BCb+7nfWeMDSh2BXnSzWkXF1wMaCHMuz9EleG1gKFKeV Q9gKli88Cb8/jbovWChrGBNp2w==
Private-key-format: v1.2
Algorithm: 2 (DH)
Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//////////
Generator(g): Ag==
Private_value(x): WJG0moh+QoZV+DYhqW7Z6O6TYpYGtSlN0Ym6JV6VRnzeH69OqMUFivqZorj3a3ofR/4zogNVyy5KLLj2NFTaLGP4Hcvt7uETJik6HrjLMhGf40QPXYgVK57Im0rv88Ca
Public_value(y): 65oqPIxdhqZ7YXr9kV0SZe/RrZ50H7r08RmCsTEDpImWK+fgqoCx8Eev/7QEJv7ud9Z4wNKHYFedLNaRcXXAxoIcy7P0SV4bWAoUp5VD2AqWLzwJvz+Nui9YKGsYE2nb
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${TEST_INCLUDES} ${DNS_INCLUDES} \
${ISC_INCLUDES} @DST_OPENSSL_INC@
CDEFINES = @CRYPTO@
CWARNINGS =
DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
DNSDEPLIBS = ../../../lib/dns/libdns.@A@
ISCDEPLIBS = ../../../lib/isc/libisc.@A@
DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
TLIB = ../../../lib/tests/libt_api.@A@
TARGETS = t_dst@EXEEXT@
SRCS = t_dst.c
@BIND9_MAKE_RULES@
t_dst@EXEEXT@: t_dst.@O@ ${DEPLIBS} ${TLIB}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
t_dst.@O@ ${TLIB} ${LIBS}
test: t_dst@EXEEXT@ randomfile
../../tools/genrandom@EXEEXT@ 100 randomfile
-@ ./t_dst@EXEEXT@ -q 1800 -a
randomfile:
../../tools/genrandom@EXEEXT@ 100 randomfile
clean distclean::
rm -f ${TARGETS} randomfile
distclean::
rm -f Kdh.+002+18602.key
rm -f Kdh.+002+18602.private
rm -f Kdh.+002+48957.key
rm -f Kdh.+002+48957.private
rm -f Ktest.+001+00002.key
rm -f Ktest.+001+54622.key
rm -f Ktest.+001+54622.private
rm -f Ktest.+003+23616.key
rm -f Ktest.+003+23616.private
rm -f Ktest.+003+49667.key
rm -f dst_2_data
rm -f t2_data_1
rm -f t2_data_2
rm -f t2_dsasig
rm -f t2_rsasig
#
# data for signature verification test
#
# format:
# datafile, sigpath, keyname, keyid, alg, exp_result
#
t2_data_1 t2_dsasig test. 23616 DST_ALG_DSA ISC_R_SUCCESS
t2_data_1 t2_rsasig test. 54622 DST_ALG_RSAMD5 ISC_R_SUCCESS
# wrong sig
t2_data_1 t2_dsasig test. 54622 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong key
#t2_data_1 t2_dsasig test. 54622 DST_ALG_DSA !ISC_R_SUCCESS
# wrong alg
#t2_data_1 t2_dsasig test. 23616 DST_ALG_RSAMD5 !ISC_R_SUCCESS
# wrong data
t2_data_2 t2_dsasig test. 23616 DST_ALG_DSA !ISC_R_SUCCESS
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/* $Id: t_dst.c,v 1.60 2011/03/17 23:47:29 tbox Exp $ */
#include <config.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdlib.h>
#ifndef WIN32
#include <unistd.h> /* XXX */
#else
#include <direct.h>
#endif
#include <isc/buffer.h>
#include <isc/dir.h>
#include <isc/entropy.h>
#include <isc/file.h>
#include <isc/mem.h>
#include <isc/print.h>
#include <isc/region.h>
#include <isc/stdio.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dst/dst.h>
#include <dst/result.h>
#include <tests/t_api.h>
#ifndef PATH_MAX
#define PATH_MAX 256
#endif
/*
* Adapted from the original dst_test.c program.
*/
static void
cleandir(char *path) {
isc_dir_t dir;
char fullname[PATH_MAX + 1];
size_t l;
isc_result_t ret;
isc_dir_init(&dir);
ret = isc_dir_open(&dir, path);
if (ret != ISC_R_SUCCESS) {
t_info("isc_dir_open(%s) failed %s\n",
path, isc_result_totext(ret));
return;
}
while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
if (!strcmp(dir.entry.name, "."))
continue;
if (!strcmp(dir.entry.name, ".."))
continue;
(void)strlcpy(fullname, path, sizeof(fullname));
(void)strlcat(fullname, "/", sizeof(fullname));
l = strlcat(fullname, dir.entry.name, sizeof(fullname));
if (l < sizeof(fullname)) {
if (remove(fullname))
t_info("remove(%s) failed %d\n", fullname,
errno);
} else
t_info("unable to remove '%s/%s': path too long\n",
path, dir.entry.name);
}
isc_dir_close(&dir);
if (rmdir(path))
t_info("rmdir(%s) failed %d\n", path, errno);
return;
}
static void
use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
isc_result_t ret;
const char *data = "This is some data";
unsigned char sig[512];
isc_buffer_t databuf, sigbuf;
isc_region_t datareg, sigreg;
dst_context_t *ctx = NULL;
isc_buffer_init(&sigbuf, sig, sizeof(sig));
isc_buffer_constinit(&databuf, data, strlen(data));
isc_buffer_add(&databuf, strlen(data));
isc_buffer_usedregion(&databuf, &datareg);
ret = dst_context_create3(key, mctx,
DNS_LOGCATEGORY_GENERAL, ISC_TRUE, &ctx);
if (ret != exp_result) {
t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
dst_result_totext(exp_result));
++*nfails;
return;
}
if (exp_result != ISC_R_SUCCESS)
return;
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
dst_context_destroy(&ctx);
return;
}
ret = dst_context_sign(ctx, &sigbuf);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_sign(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
dst_context_destroy(&ctx);
return;
}
dst_context_destroy(&ctx);
isc_buffer_remainingregion(&sigbuf, &sigreg);
ret = dst_context_create3(key, mctx,
DNS_LOGCATEGORY_GENERAL, ISC_FALSE, &ctx);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
return;
}
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
dst_context_destroy(&ctx);
return;
}
ret = dst_context_verify(ctx, &sigreg);
if (ret != exp_result) {
t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
dst_result_totext(exp_result));
++*nfails;
dst_context_destroy(&ctx);
return;
}
dst_context_destroy(&ctx);
}
static void
dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
isc_result_t exp_result, int *nfails, int *nprobs)
{
dst_key_t *key1 = NULL, *key2 = NULL;
isc_result_t ret;
char current[PATH_MAX + 1];
char tmp[PATH_MAX + 1];
char *p;
int alg = DST_ALG_DH;
int type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
unsigned char array1[1024], array2[1024];
isc_buffer_t b1, b2;
isc_region_t r1, r2;
UNUSED(exp_result);
p = getcwd(current, PATH_MAX);;
if (p == NULL) {
t_info("getcwd failed %d\n", errno);
++*nprobs;
goto cleanup;
}
ret = dst_key_fromfile(name1, id1, alg, type, current, mctx, &key1);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto cleanup;
}
ret = dst_key_fromfile(name2, id2, alg, type, current, mctx, &key2);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto cleanup;
}
#ifndef WIN32
ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
#else
ret = isc_file_mktemplate(getenv("TEMP"), tmp, sizeof(tmp));
#endif
if (ret != ISC_R_SUCCESS) {
t_info("isc_file_mktemplate failed %s\n",
isc_result_totext(ret));
++*nprobs;
goto cleanup;
}
ret = isc_dir_createunique(tmp);
if (ret != ISC_R_SUCCESS) {
t_info("isc_dir_createunique failed %s\n",
isc_result_totext(ret));
++*nprobs;
goto cleanup;
}
ret = dst_key_tofile(key1, type, tmp);
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto cleanup;
}
ret = dst_key_tofile(key2, type, tmp);
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto cleanup;
}
cleandir(tmp);
isc_buffer_init(&b1, array1, sizeof(array1));
ret = dst_key_computesecret(key1, key2, &b1);
if (ret != 0) {
t_info("dst_computesecret() returned: %s\n",
dst_result_totext(ret));
++*nfails;
goto cleanup;
}
isc_buffer_init(&b2, array2, sizeof(array2));
ret = dst_key_computesecret(key2, key1, &b2);
if (ret != 0) {
t_info("dst_computesecret() returned: %s\n",
dst_result_totext(ret));
++*nfails;
goto cleanup;
}
isc_buffer_usedregion(&b1, &r1);
isc_buffer_usedregion(&b2, &r2);
if (r1.length != r2.length || memcmp(r1.base, r2.base, r1.length) != 0)
{
t_info("computed secrets don't match\n");
++*nfails;
goto cleanup;
}
cleanup:
if (key1 != NULL)
dst_key_free(&key1);
if (key2 != NULL)
dst_key_free(&key2);
}
static void
io(dns_name_t *name, isc_uint16_t id, isc_uint16_t alg, int type,
isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs)
{
dst_key_t *key = NULL;
isc_result_t ret;
char current[PATH_MAX + 1];
char tmp[PATH_MAX + 1];
char *p;
p = getcwd(current, PATH_MAX);;
if (p == NULL) {
t_info("getcwd failed %d\n", errno);
++*nprobs;
goto failure;
}
ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
if (dst_key_id(key) != id) {
t_info("key ID incorrect\n");
++*nfails;
goto failure;
}
if (dst_key_alg(key) != alg) {
t_info("key algorithm incorrect\n");
++*nfails;
goto failure;
}
if (dst_key_getttl(key) != 0) {
t_info("initial key TTL incorrect\n");
++*nfails;
goto failure;
}
#ifndef WIN32
ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
#else
ret = isc_file_mktemplate(getenv("TEMP"), tmp, sizeof(tmp));
#endif
if (ret != ISC_R_SUCCESS) {
t_info("isc_file_mktemplate failed %s\n",
isc_result_totext(ret));
++*nprobs;
goto failure;
}
ret = isc_dir_createunique(tmp);
if (ret != ISC_R_SUCCESS) {
t_info("mkdir failed %d\n", errno);
++*nprobs;
goto failure;
}
ret = dst_key_tofile(key, type, tmp);
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
if (dst_key_alg(key) != DST_ALG_DH)
use(key, mctx, exp_result, nfails);
/*
* Skip the rest of this test if we weren't expecting
* the read to be successful.
*/
if (exp_result != ISC_R_SUCCESS)
goto cleanup;
dst_key_setttl(key, 3600);
ret = dst_key_tofile(key, type, tmp);
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
/* Reread key to confirm TTL was changed */
dst_key_free(&key);
ret = dst_key_fromfile(name, id, alg, type, tmp, mctx, &key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
alg, dst_result_totext(ret));
++*nfails;
goto failure;
}
if (dst_key_getttl(key) != 3600) {
t_info("modified key TTL incorrect\n");
++*nfails;
goto failure;
}
cleanup:
cleandir(tmp);
failure:
if (key != NULL)
dst_key_free(&key);
}
static void
generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
isc_result_t ret;
dst_key_t *key = NULL;
ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0,
dns_rdataclass_in, mctx, &key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_generate(%d) returned: %s\n", alg,
dst_result_totext(ret));
++*nfails;
goto cleanup;
}
if (alg != DST_ALG_DH)
use(key, mctx, ISC_R_SUCCESS, nfails);
cleanup:
if (key != NULL)
dst_key_free(&key);
}
#define DBUFSIZ 25
static const char *a1 =
"the dst module provides the capability to "
"generate, store and retrieve public and private keys, "
"sign and verify data using the RSA, DSA and MD5 algorithms, "
"and compute Diffie-Hellman shared secrets.";
static void
t1(void) {
isc_mem_t *mctx;
isc_entropy_t *ectx;
int nfails;
int nprobs;
int result;
isc_result_t isc_result;
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
t_assert("dst", 1, T_REQUIRED, "%s", a1);
nfails = 0;
nprobs = 0;
mctx = NULL;
isc_result = isc_mem_create(0, 0, &mctx);
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_mem_create failed %s\n",
isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
ectx = NULL;
isc_result = isc_entropy_create(mctx, &ectx);
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
isc_result = isc_entropy_createfilesource(ectx, "randomfile");
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_lib_init failed %s\n",
isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
dst_lib_destroy();
t_info("library built without crypto support\n");
t_result(T_SKIPPED);
return;
}
t_info("testing use of stored keys [1]\n");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
isc_buffer_constinit(&b, "test.", 5);
isc_buffer_add(&b, 5);
isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
if (isc_result != ISC_R_SUCCESS) {
t_info("dns_name_fromtext failed %s\n",
isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [2]\n");
io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, ISC_R_SUCCESS, &nfails, &nprobs);
t_info("testing use of stored keys [3]\n");
io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of stored keys [4]\n");
io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
isc_buffer_constinit(&b, "dh.", 3);