bd911976d51f102751848568ccf56592fd5f6d77Tinderbox User * Copyright (C) 1999-2001, 2004, 2005, 2007-2009, 2011-2014, 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
207cee019eb5cbbe7c905f7c52f7b5d11f8c0305Automatic Updater/* $Id: t_dst.c,v 1.60 2011/03/17 23:47:29 tbox Exp $ */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Adapted from the original dst_test.c program.
bbf31e6b623af575138669bdd7031232867b9166Mark Andrews (void)strlcpy(fullname, path, sizeof(fullname));
bbf31e6b623af575138669bdd7031232867b9166Mark Andrews (void)strlcat(fullname, "/", sizeof(fullname));
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews l = strlcat(fullname, dir.entry.name, sizeof(fullname));
bbf31e6b623af575138669bdd7031232867b9166Mark Andrews if (l < sizeof(fullname)) {
bbf31e6b623af575138669bdd7031232867b9166Mark Andrews t_info("unable to remove '%s/%s': path too long\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellingtonuse(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
6f7abb89ec22aef5eda40ed60fcf605a42b78d4dMark Andrews isc_buffer_constinit(&databuf, data, strlen(data));
b869f35f43100c71c6d06bd23934b4a2c5ed4cb7Brian Wellington t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_adddata(%d) returned (%s)\n",
b869f35f43100c71c6d06bd23934b4a2c5ed4cb7Brian Wellington t_info("dst_context_sign(%d) returned (%s)\n",
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_buffer_remainingregion(&sigbuf, &sigreg);
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_create(%d) returned (%s)\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_adddata(%d) returned (%s)\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
a9bc95f22ef2dd4a12e79be99412c9f18b814a5dBrian Wellingtondh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
4124057bf54f0fc75b06b35487130bbd9249ee7fBrian Wellington isc_result_t exp_result, int *nfails, int *nprobs)
23fdb6a5a3d3d0e427682b68eea9553d2d326ad4Mark Andrews int type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
b3ef06344abad0105be99b622e615dcbd87911e1Brian Wellington ret = dst_key_fromfile(name1, id1, alg, type, current, mctx, &key1);
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_key_fromfile(%d) returned: %s\n",
b3ef06344abad0105be99b622e615dcbd87911e1Brian Wellington ret = dst_key_fromfile(name2, id2, alg, type, current, mctx, &key2);
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_key_fromfile(%d) returned: %s\n",
ab123a8e1b6573e622189a1d39d0af33150a56f8David Lawrence ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ret = isc_file_mktemplate(getenv("TEMP"), tmp, sizeof(tmp));
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_key_tofile(%d) returned: %s\n",
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_key_tofile(%d) returned: %s\n",
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_buffer_init(&b1, array1, sizeof(array1));
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington ret = dst_key_computesecret(key1, key2, &b1);
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_computesecret() returned: %s\n",
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_buffer_init(&b2, array2, sizeof(array2));
81ab85fd39c3f6c781ecac725d830364a311479dBrian Wellington ret = dst_key_computesecret(key2, key1, &b2);
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington t_info("dst_computesecret() returned: %s\n",
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington if (r1.length != r2.length || memcmp(r1.base, r2.base, r1.length) != 0)
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Huntio(dns_name_t *name, isc_uint16_t id, isc_uint16_t alg, int type,
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt isc_mem_t *mctx, isc_result_t exp_result, int *nfails, int *nprobs)
b3ef06344abad0105be99b622e615dcbd87911e1Brian Wellington ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence t_info("dst_key_fromfile(%d) returned: %s\n",
19ce0d25d31e716a737674c4e04a88c33b222fe4David Lawrence ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews ret = isc_file_mktemplate(getenv("TEMP"), tmp, sizeof(tmp));
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt * Skip the rest of this test if we weren't expecting
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt * the read to be successful.
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt if (ret != 0) {
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt /* Reread key to confirm TTL was changed */
61bcc232038f0a2cb77ed6269675fdc288f5ec98Evan Hunt ret = dst_key_fromfile(name, id, alg, type, tmp, mctx, &key);
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellingtongenerate(int alg, isc_mem_t *mctx, int size, int *nfails) {
5c29047792191d6141f69b2684314d0b762fedebBrian Wellington ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence t_info("dst_key_generate(%d) returned: %s\n", alg,
615eff12e0e3565c52758292e10080a25d872941William King "the dst module provides the capability to "
615eff12e0e3565c52758292e10080a25d872941William King "generate, store and retrieve public and private keys, "
615eff12e0e3565c52758292e10080a25d872941William King "sign and verify data using the RSA, DSA and MD5 algorithms, "
b869f35f43100c71c6d06bd23934b4a2c5ed4cb7Brian Wellington "and compute Diffie-Hellman shared secrets.";
79d91e915023ffa5fac1bb2f91f19210bb18407cBrian Wellington isc_result = isc_entropy_create(mctx, &ectx);
400a1b6604ede895cc8d67a7aa66796a5dbc75e4Mark Andrews isc_result = isc_entropy_createfilesource(ectx, "randomfile");
b869f35f43100c71c6d06bd23934b4a2c5ed4cb7Brian Wellington isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
17f04ff2e7533bc20aa7028c953615968f9a8bb0Brian Wellington if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
17f04ff2e7533bc20aa7028c953615968f9a8bb0Brian Wellington t_info("library built without crypto support\n");
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
d3735e0e2588a8d07215e0b76d029c1ac3d40a17Brian Wellington io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
daad43e5a4e83bd3c055632799ab67e269467db0Brian Wellington dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
d3735e0e2588a8d07215e0b76d029c1ac3d40a17Brian Wellington generate(DST_ALG_RSAMD5, mctx, 512, &nfails);
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence * This one uses a constant.
7c37bc1a67a80209e05f6b1c01fa7fde7d0dd200Brian Wellington generate(DST_ALG_HMACMD5, mctx, 512, &nfails);
ed019cabc1cc75d4412010c331876e4ae5080a4dDavid Lawrence#undef NEWSIG /* Define NEWSIG to generate the original signature file. */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Write a sig in buf to file at path.
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King unsigned char c;
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRWXU|S_IRWXO|S_IRWXG);
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King#endif /* NEWSIG */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Read sig in file at path to buf.
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William Kingsig_fromfile(char *path, isc_buffer_t *iscbuf) {
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_result = isc_file_getsizefd(fileno(fp), &size);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews buf = (char *) malloc((size + 1) * sizeof(char));
db3f8d175d42f6ad20bab3a7a567f5115461efc4Mark Andrews while (len != 0U) {
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_result = isc_stdio_read(p, 1, len, fp, &rval);
db3f8d175d42f6ad20bab3a7a567f5115461efc4Mark Andrews while (len > 0U) {
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William Kingt2_sigchk(char *datapath, char *sigpath, char *keyname,
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King unsigned char *p;
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Read data from file in a form usable by dst_verify.
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_result = isc_stdio_open(datapath, "rb", &fp);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_result = isc_file_getsizefd(fileno(fp), &size);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews data = (unsigned char *) malloc(size * sizeof(unsigned char));
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King t_info("t2_sigchk: malloc failed %d\n", errno);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_result = isc_stdio_read(p, 1, len, fp, &rval);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Read key from file in a form usable by dst_verify.
6f7abb89ec22aef5eda40ed60fcf605a42b78d4dMark Andrews isc_buffer_constinit(&b, keyname, strlen(keyname));
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 isc_result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
b3ef06344abad0105be99b622e615dcbd87911e1Brian Wellington isc_result = dst_key_fromfile(name, id, alg, type, NULL, mctx, &key);
c3c8823fed039b3a2b8e5ca8bc2f3301d1dd840eMark Andrews isc_buffer_init(&databuf, data, (unsigned int)size);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * If we're generating a signature for the first time,
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King * sign the data and save the signature to a file
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_create(%d) failed %s\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington isc_result = dst_context_adddata(ctx, &datareg);
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_adddata(%d) failed %s\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington isc_result = dst_context_sign(ctx, &sigbuf);
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King#endif /* NEWSIG */
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * Read precomputed signature from file in a form usable by dst_verify.
53f70575bd76aab18905efa48e4023144a97a191Mark Andrews if (rval != 0U) {
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * Verify that the key signed the data.
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence isc_buffer_remainingregion(&sigbuf, &sigreg);
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington isc_result = dst_context_adddata(ctx, &datareg);
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_adddata returned %s\n",
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington isc_result = dst_context_verify(ctx, &sigreg);
fa6c5e38f4b904aa85f3375f1ca830d4bf8f5877Andreas Gustafsson if ( ((exp_res == 0) && (isc_result != ISC_R_SUCCESS)) ||
fa6c5e38f4b904aa85f3375f1ca830d4bf8f5877Andreas Gustafsson ((exp_res != 0) && (isc_result == ISC_R_SUCCESS))) {
4fe8755480c108a1232b7189fd5434ab35a6b623Brian Wellington t_info("dst_context_verify returned %s, expected %s\n",
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * The astute observer will note that t1() signs then verifies data
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King * during the test but that t2() verifies data that has been
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King * signed at some earlier time, possibly with an entire different
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King * version or implementation of the DSA and RSA algorithms
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews isc_result = isc_entropy_create(t2_mctx, &t2_ectx);
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews isc_result = isc_entropy_createfilesource(t2_ectx, "randomfile");
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews isc_result = dst_lib_init(t2_mctx, t2_ectx, ISC_ENTROPY_BLOCKING);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * av == datafile, sigpath, keyname, keyid, alg, exp_result.
d3735e0e2588a8d07215e0b76d029c1ac3d40a17Brian Wellington else if (! strcasecmp(alg, "DST_ALG_RSAMD5"))
17f04ff2e7533bc20aa7028c953615968f9a8bb0Brian Wellington if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
17f04ff2e7533bc20aa7028c953615968f9a8bb0Brian Wellington t_info("library built without crypto support\n");
e5966f9b9a13fc83afaf9b74ac1f7eea6a647817William King datapath, sigpath, keyname, key, alg, exp_result);
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews "the dst module provides the capability to "
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews "verify data signed with the RSA and DSA algorithms";