t_dst.c revision e5966f9b9a13fc83afaf9b74ac1f7eea6a647817
99d8f5a70440ee8b63ab1745d713b96dde890546Tinderbox User/*
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * Copyright (C) 1999 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * Permission to use, copy, modify, and distribute this software for any
4c1132f34493327abc632196f5876a89aa573687Bob Halley * purpose with or without fee is hereby granted, provided that the above
4c1132f34493327abc632196f5876a89aa573687Bob Halley * copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * SOFTWARE.
7829fad4093f2c1985b1efb7cea00287ff015d2bckb */
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence
f41f183f628a148860a6d1f0070208cddd45b0c6Bob Halley#include <config.h>
f41f183f628a148860a6d1f0070208cddd45b0c6Bob Halley
f41f183f628a148860a6d1f0070208cddd45b0c6Bob Halley#include <ctype.h>
f41f183f628a148860a6d1f0070208cddd45b0c6Bob Halley#include <sys/types.h>
9a2127f8335bad323451d7825119cd9f72e32464Mark Andrews#include <dirent.h>
9a2127f8335bad323451d7825119cd9f72e32464Mark Andrews#include <errno.h>
9a2127f8335bad323451d7825119cd9f72e32464Mark Andrews#include <fcntl.h>
9a2127f8335bad323451d7825119cd9f72e32464Mark Andrews#include <limits.h>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley#include <stdio.h>
7829fad4093f2c1985b1efb7cea00287ff015d2bckb#include <stdlib.h>
7829fad4093f2c1985b1efb7cea00287ff015d2bckb#include <string.h>
7829fad4093f2c1985b1efb7cea00287ff015d2bckb#include <sys/stat.h>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley#include <unistd.h> /* XXX */
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews#include <isc/assertions.h>
51917258dbb23cfe6069ae1cf2b7fc5aefc1e0c2Bob Halley#include <isc/error.h>
c6b3c1984caa362359862e063e7b70dfb306db7eMark Andrews#include <isc/boolean.h>
155a0ce6e3c9cef51b63789c34d83d9143ce01fdMark Andrews#include <isc/region.h>
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews#include <isc/mem.h>
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews
6d5dcd0dc9bdbd679282b1ffc47987d24c3a1346Bob Halley#include <dst/dst.h>
12178c86525332bb0ab66155feb61fbf32eca6acEvan Hunt#include <dst/result.h>
155a0ce6e3c9cef51b63789c34d83d9143ce01fdMark Andrews
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley#include <tests/t_api.h>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley
b6d52ee5bea1b9d9074698e693b49ce96edff47bMark Andrewsstatic void t1(void);
b6d52ee5bea1b9d9074698e693b49ce96edff47bMark Andrews
b6d52ee5bea1b9d9074698e693b49ce96edff47bMark Andrewsstatic void t2(void);
b6d52ee5bea1b9d9074698e693b49ce96edff47bMark Andrews
c45abd11bb68005d8a5c56c14b16f4184c3e057dMichael Graff/*
c45abd11bb68005d8a5c56c14b16f4184c3e057dMichael Graff * adapted from the original dst_test.c program
a685d9c3b608eb768d237f20e8e8b1c5d3902146David Lawrence */
feb08cecf318bba330437cfcb725f48d999804d8James Brister
76117ff568dc788ed24937cfea916a18db285960Mark Andrewsstatic void
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrewscleandir(char *path) {
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews DIR *dirp;
76117ff568dc788ed24937cfea916a18db285960Mark Andrews struct dirent *pe;
76117ff568dc788ed24937cfea916a18db285960Mark Andrews char fullname[PATH_MAX + 1];
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews
76117ff568dc788ed24937cfea916a18db285960Mark Andrews dirp = opendir(path);
65c4736d9c0ebc6d9b1d991593b55566909da9cdBrian Wellington if (dirp == NULL) {
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence t_info("opendir(%s) failed %d\n", path, opendir);
d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉 return;
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt }
911ed0d3bee586b3bec42cb6c376d5cc6c0e1e24Brian Wellington
e334405421979688f2d838805ac67ee47bd62976Mark Andrews while ((pe = readdir(dirp)) != NULL) {
e334405421979688f2d838805ac67ee47bd62976Mark Andrews if (! strcmp(pe->d_name, "."))
e334405421979688f2d838805ac67ee47bd62976Mark Andrews continue;
911ed0d3bee586b3bec42cb6c376d5cc6c0e1e24Brian Wellington if (! strcmp(pe->d_name, ".."))
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt continue;
28479307225582ad0b2e11441d85fcf5169551d0Mark Andrews strcpy(fullname, path);
28b863e609ff2d97b78663b46894494cfa2ea411Mark Andrews strcat(fullname, "/");
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews strcat(fullname, pe->d_name);
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews if (remove(fullname)) {
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews t_info("remove(%s) failed %d\n", fullname, errno);
3916872f379457fe344afb02398a009701c5016aEvan Hunt }
ce1f5b8d0ae5936fd187c1f414ff12a7e3b0aa37Andreas Gustafsson }
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews (void) closedir(dirp);
5c6762838c9e423753723ec2a963164e3d66ac32Mark Andrews if (rmdir(path)) {
5c6762838c9e423753723ec2a963164e3d66ac32Mark Andrews t_info("rmdir(%s) failed %d\n", path, errno);
5c6762838c9e423753723ec2a963164e3d66ac32Mark Andrews }
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley return;
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence}
37dee1ff94960a61243f611c0f87f8c316815c53Mark Andrews
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews
76117ff568dc788ed24937cfea916a18db285960Mark Andrewsstatic void
76117ff568dc788ed24937cfea916a18db285960Mark Andrewsuse(dst_key_t *key, dst_result_t exp_result, int *nfails) {
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews dst_result_t ret;
76117ff568dc788ed24937cfea916a18db285960Mark Andrews char *data = "This is some data";
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews unsigned char sig[512];
d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉 isc_buffer_t databuf, sigbuf;
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt isc_region_t datareg, sigreg;
911ed0d3bee586b3bec42cb6c376d5cc6c0e1e24Brian Wellington
e334405421979688f2d838805ac67ee47bd62976Mark Andrews isc_buffer_init(&sigbuf, sig, sizeof(sig), ISC_BUFFERTYPE_BINARY);
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt isc_buffer_init(&databuf, data, strlen(data), ISC_BUFFERTYPE_TEXT);
911ed0d3bee586b3bec42cb6c376d5cc6c0e1e24Brian Wellington isc_buffer_add(&databuf, strlen(data));
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews isc_buffer_used(&databuf, &datareg);
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews
3cd88f71b01833d5c2474638854dfa5c4244a22aBrian Wellington ret = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews if (ret != exp_result) {
87708bde16713bc02ff2598f4a82f98c699a2f2dMark Andrews t_info("dst_sign(%d) returned (%s) expected (%s)\n",
ce1f5b8d0ae5936fd187c1f414ff12a7e3b0aa37Andreas Gustafsson dst_key_alg(key), dst_result_totext(ret),
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrews dst_result_totext(exp_result));
18d110413cf6416eb339c169b99159d09f690da1Brian Wellington ++*nfails;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return;
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews }
4fd3e3482c7e4ce01e2cf28f13e0152c8e50d746Mark Andrews
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt
4fd3e3482c7e4ce01e2cf28f13e0152c8e50d746Mark Andrews isc_buffer_remaining(&sigbuf, &sigreg);
4fd3e3482c7e4ce01e2cf28f13e0152c8e50d746Mark Andrews ret = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt if (ret != exp_result) {
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley t_info("dst_verify(%d) returned (%s) expected (%s)\n",
d2b5fe92a4755ce67f2dd6050955782b4fd6b3f3Mark Andrews dst_key_alg(key), dst_result_totext(ret),
d2b5fe92a4755ce67f2dd6050955782b4fd6b3f3Mark Andrews dst_result_totext(exp_result));
d2b5fe92a4755ce67f2dd6050955782b4fd6b3f3Mark Andrews ++*nfails;
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley }
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley}
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrewsstatic void
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halleyio(char *name, int id, int alg, int type, isc_mem_t *mctx, dst_result_t exp_result,
7829fad4093f2c1985b1efb7cea00287ff015d2bckb int *nfails, int *nprobs) {
7829fad4093f2c1985b1efb7cea00287ff015d2bckb dst_key_t *key;
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley dst_result_t ret;
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley int rval;
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley char current[PATH_MAX + 1];
139154bd9894495042f4e748f554e9c8b98b7598Bob Halley char tmp[PATH_MAX + 1];
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley char *p;
193738b819e3c699f9edd18864a6810fcfcec855Andreas Gustafsson
fd35453765c6494d077edca44f4d998af5fd4cfaDavid Lawrence p = getcwd(current, PATH_MAX);;
fd35453765c6494d077edca44f4d998af5fd4cfaDavid Lawrence if (p == NULL) {
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley t_info("getcwd failed %d\n", errno);
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley ++*nprobs;
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews return;
9f7d51ee3290e2a064d71016a6bd555b47134a7cMark Andrews }
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley
881702c9c0079cd48a45054fd90d043f3a8b7e11Mark Andrews ret = dst_key_fromfile(name, id, alg, type, mctx, &key);
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley if (ret != DST_R_SUCCESS) {
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley t_info("dst_key_fromfile(%d) returned: %s\n", alg, dst_result_totext(ret));
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley ++*nfails;
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley return;
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley }
922e6a3c2ac4ef900dd9dc99f0cc137f18372583Andreas Gustafsson
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley p = tmpnam(tmp);
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley if (p == NULL) {
74cb99072c4b0ebd2ccafcfa284288fa760f7a1aMark Andrews t_info("tmpnam failed %d\n", errno);
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley ++*nprobs;
4880900113e4d0f17884f3fbdbf4c302e3f9ea91Bob Halley return;
fd35453765c6494d077edca44f4d998af5fd4cfaDavid Lawrence }
c8a42d6d81ff2fd9ad7fac94d4b85323554493c0Bob Halley
4fd3e3482c7e4ce01e2cf28f13e0152c8e50d746Mark Andrews rval = mkdir(tmp, S_IRWXU | S_IRWXG );
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (rval != 0) {
6ef838d427c1ea858d2f09194a369134babf8b98Mark Andrews t_info("mkdir failed %d\n", errno);
6ef838d427c1ea858d2f09194a369134babf8b98Mark Andrews ++*nprobs;
6ef838d427c1ea858d2f09194a369134babf8b98Mark Andrews return;
6ef838d427c1ea858d2f09194a369134babf8b98Mark Andrews }
6d831cd0baf7dd2c133f7f9cbf295f3d80cf63a7David Lawrence
6d831cd0baf7dd2c133f7f9cbf295f3d80cf63a7David Lawrence if (chdir(tmp)) {
dac2799ea19735503a4d27f517d821aea210e594Andreas Gustafsson t_info("chdir failed %d\n", errno);
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley (void) rmdir(tmp);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews ++*nprobs;
6d7585b3e948dd31bf78321d83ac0e024f44a71bMark Andrews return;
6d5dcd0dc9bdbd679282b1ffc47987d24c3a1346Bob Halley }
6d7585b3e948dd31bf78321d83ac0e024f44a71bMark Andrews
6d7585b3e948dd31bf78321d83ac0e024f44a71bMark Andrews ret = dst_key_tofile(key, type);
6d5dcd0dc9bdbd679282b1ffc47987d24c3a1346Bob Halley if (ret != 0) {
6d7585b3e948dd31bf78321d83ac0e024f44a71bMark Andrews t_info("dst_key_tofile(%d) returned: %s\n", alg, dst_result_totext(ret));
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley (void) chdir(current);
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley ++*nfails;
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley return;
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews }
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley use(key, exp_result, nfails);
4fd3e3482c7e4ce01e2cf28f13e0152c8e50d746Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (chdir(current)) {
6d5dcd0dc9bdbd679282b1ffc47987d24c3a1346Bob Halley t_info("chdir failed %d\n", errno);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews ++*nprobs;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return;
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews }
118394ef2ec7cef253c55359a3d70d202ddc2fa0Mark Andrews
bb556a9bf3a15c7160fa4f1b71773ce12b1bedf6Bob Halley cleandir(tmp);
64e41159a919b0711321fe688ca5da4f4d1b7d80Bob Halley
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley dst_key_free(key);
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley}
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halley
fe37278859bce157001cca14cdfa3a761b0d5012Mark Andrewsstatic void
1471a520e59ac12b413afa8d8b3158a87af97aa6Bob Halleygenerate(int alg, isc_mem_t *mctx, int *nfails) {
494576ce20cfd98d74955698cf8f7b37dce2f740Mark Andrews dst_result_t ret;
798c83548f89091e3994ca5a9c8c7e9caaf89d10Mark Andrews dst_key_t *key;
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews ret = dst_key_generate("test.", alg, 512, 0, 0, 0, mctx, &key);
if (ret != DST_R_SUCCESS) {
t_info("dst_key_generate(%d) returned: %s\n", alg, dst_result_totext(ret));
++*nfails;
return;
}
use(key, DST_R_SUCCESS, nfails);
dst_key_free(key);
}
#define DBUFSIZ 25
static void
get_random(int *nfails) {
unsigned char data1[DBUFSIZ];
unsigned char data2[DBUFSIZ];
isc_buffer_t databuf1;
isc_buffer_t databuf2;
dst_result_t ret;
unsigned int i;
isc_buffer_init(&databuf1, data1, sizeof(data1), ISC_BUFFERTYPE_BINARY);
ret = dst_random(sizeof(data1), &databuf1);
if (ret != DST_R_SUCCESS) {
t_info("random() returned: %s\n", dst_result_totext(ret));
++*nfails;
return;
}
isc_buffer_init(&databuf2, data2, sizeof(data2), ISC_BUFFERTYPE_BINARY);
ret = dst_random(sizeof(data2), &databuf2);
if (ret != DST_R_SUCCESS) {
t_info("random() returned: %s\n", dst_result_totext(ret));
++*nfails;
return;
}
/* weak test, but better than nought */
if (memcmp(data1, data2, DBUFSIZ) == 0) {
t_info("data not random\n");
++*nfails;
}
if (T_debug) {
for (i = 0; i < sizeof(data1); i++)
t_info("data1[%d]: %02x ", i, data1[i]);
for (i = 0; i < sizeof(data2); i++)
t_info("data2[%d]: %02x ", i, data2[i]);
}
}
static char *a1 =
"the dst module provides the capability to "
"generate, store and retrieve public and private keys, "
"sign and verify data using the RSA, DSA and MD5 algorithms, "
"and generate random number sequences.";
static void
t1() {
isc_mem_t *mctx;
int nfails;
int nprobs;
int result;
isc_result_t isc_result;
t_assert("dst", 1, T_REQUIRED, a1);
nfails = 0;
nprobs = 0;
mctx = NULL;
isc_result = isc_mem_create(0, 0, &mctx);
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_mem_create failed %d\n", isc_result_totext(isc_result));
t_result(T_UNRESOLVED);
return;
}
t_info("testing use of stored keys\n");
io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_SUCCESS, &nfails, &nprobs);
io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_SUCCESS, &nfails, &nprobs);
io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, DST_R_NULLKEY, &nfails, &nprobs);
t_info("testing use of generated keys\n");
generate(DST_ALG_RSA, mctx, &nfails);
generate(DST_ALG_DSA, mctx, &nfails);
generate(DST_ALG_HMACMD5, mctx, &nfails);
t_info("testing random number sequence generation\n");
get_random(&nfails);
isc_mem_destroy(&mctx);
result = T_UNRESOLVED;
if ((nfails == 0) && (nprobs == 0))
result = T_PASS;
else if (nfails)
result = T_FAIL;
t_result(result);
}
#define T_SIGMAX 512
#undef NEWSIG /* define NEWSIG to generate the original signature file */
#ifdef NEWSIG
/* write a sig in buf to file at path */
static int
sig_tofile(char *path, isc_buffer_t *buf) {
int rval;
int fd;
int len;
int nprobs;
int cnt;
unsigned char c;
unsigned char val;
cnt = 0;
nprobs = 0;
len = buf->used - buf->current;
t_info("buf: current %d used %d len %d\n", buf->current, buf->used, len);
fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRWXU|S_IRWXO|S_IRWXG);
if (fd < 0) {
t_info("open %s failed %d\n", path, errno);
return(1);
}
while (len) {
c = (unsigned char) isc_buffer_getuint8(buf);
val = ((c >> 4 ) & 0x0f);
if ((0 <= val) && (val <= 9))
val = '0' + val;
else
val = 'A' + val - 10;
rval = write(fd, &val, 1);
if (rval != 1) {
++nprobs;
t_info("write failed %d %d\n", rval, errno);
break;
}
val = (c & 0x0f);
if ((0 <= val) && (val <= 9))
val = '0' + val;
else
val = 'A' + val - 10;
rval = write(fd, &val, 1);
if (rval != 1) {
++nprobs;
t_info("write failed %d %d\n", rval, errno);
break;
}
--len;
++cnt;
if ((cnt % 16) == 0) {
val = '\n';
rval = write(fd, &val, 1);
if (rval != 1) {
++nprobs;
t_info("write failed %d %d\n", rval, errno);
break;
}
}
}
val = '\n';
rval = write(fd, &val, 1);
if (rval != 1) {
++nprobs;
t_info("write failed %d %d\n", rval, errno);
}
(void) close(fd);
return(nprobs);
}
#endif /* NEWSIG */
/* read sig in file at path to buf */
static int
sig_fromfile(char *path, isc_buffer_t *iscbuf) {
int rval;
int len;
int fd;
unsigned char val;
struct stat sb;
char *p;
char *buf;
rval = stat(path, &sb);
if (rval != 0) {
t_info("stat %s failed, errno == %d\n", path, errno);
return(1);
}
buf = (char *) malloc(((sb.st_size / 2) + 1) * sizeof(unsigned char));
if (buf == NULL) {
t_info("malloc failed, errno == %d\n", errno);
return(1);
}
fd = open(path, O_RDONLY);
if (fd < 0) {
t_info("open failed, errno == %d\n", errno);
(void) free(buf);
return(1);
}
len = sb.st_size;
p = buf;
while (len) {
rval = read(fd, p, len);
if (rval > 0) {
len -= rval;
p += rval;
}
else {
t_info("read failed %d, errno == %d\n", rval, errno);
(void) free(buf);
(void) close(fd);
return(1);
}
}
close(fd);
p = buf;
len = sb.st_size;
while(len) {
if (*p == '\n') {
++p;
--len;
continue;
}
if (('0' <= *p) && (*p <= '9'))
val = *p - '0';
else
val = *p - 'A' + 10;
++p;
val <<= 4;
--len;
if (('0' <= *p) && (*p <= '9'))
val |= (*p - '0');
else
val |= (*p - 'A' + 10);
++p;
--len;
isc_buffer_putuint8(iscbuf, val);
}
(void) free(buf);
return(0);
}
static void
t2_sigchk(char *datapath, char *sigpath, char *keyname,
int id, int alg, int type,
isc_mem_t *mctx, char *expected_result,
int *nfails, int *nprobs) {
int rval;
int len;
int fd;
int exp_res;
dst_key_t *key;
unsigned char sig[T_SIGMAX];
unsigned char *p;
unsigned char *data;
struct stat sb;
dns_result_t dns_result;
isc_buffer_t databuf;
isc_buffer_t sigbuf;
isc_region_t datareg;
isc_region_t sigreg;
/* read data from file in a form usable by dst_verify */
rval = stat(datapath, &sb);
if (rval != 0) {
t_info("t2_sigchk: stat (%s) failed %d\n", datapath, errno);
++*nprobs;
return;
}
data = (unsigned char *) malloc(sb.st_size * sizeof(char));
if (data == NULL) {
t_info("t2_sigchk: malloc failed %d\n", errno);
++*nprobs;
return;
}
fd = open(datapath, O_RDONLY);
if (fd < 0) {
t_info("t2_sigchk: open failed %d\n", errno);
(void) free(data);
++*nprobs;
return;
}
p = data;
len = sb.st_size;
do {
rval = read(fd, p, len);
if (rval > 0) {
len -= rval;
p += rval;
}
} while (len);
(void) close(fd);
/* read key from file in a form usable by dst_verify */
dns_result = dst_key_fromfile(keyname, id, alg, type, mctx, &key);
if (dns_result != DNS_R_SUCCESS) {
t_info("dst_key_fromfile failed %s\n",
dns_result_totext(dns_result));
(void) free(data);
++*nprobs;
return;
}
isc_buffer_init(&databuf, data, sb.st_size, ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&databuf, sb.st_size);
isc_buffer_used(&databuf, &datareg);
#ifdef NEWSIG
/*
* if we're generating a signature for the first time,
* sign the data and save the signature to a file
*/
memset(sig, 0, sizeof(sig));
isc_buffer_init(&sigbuf, sig, sizeof(sig), ISC_BUFFERTYPE_BINARY);
dns_result = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
if (dns_result != DNS_R_SUCCESS) {
t_info("dst_sign(%d) failed %s\n", dst_result_totext(dns_result));
(void) free(data);
(void) dst_key_free(key);
++*nprobs;
return;
}
rval = sig_tofile(sigpath, &sigbuf);
if (rval != 0) {
t_info("sig_tofile failed\n");
++*nprobs;
(void) free(data);
(void) dst_key_free(key);
return;
}
#endif /* NEWSIG */
memset(sig, 0, sizeof(sig));
isc_buffer_init(&sigbuf, sig, sizeof(sig), ISC_BUFFERTYPE_BINARY);
/* read precomputed signature from file in a form usable by dst_verify */
rval = sig_fromfile(sigpath, &sigbuf);
if (rval != 0) {
t_info("sig_fromfile failed\n");
(void) free(data);
(void) dst_key_free(key);
++*nprobs;
return;
}
/* verify that the key signed the data */
isc_buffer_remaining(&sigbuf, &sigreg);
exp_res = 0;
if (strstr(expected_result, "!"))
exp_res = 1;
dns_result = dst_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
if ( ((exp_res == 0) && (dns_result != DNS_R_SUCCESS)) ||
((exp_res != 0) && (dns_result == DNS_R_SUCCESS))) {
t_info("dst_verify returned %s, expected %s\n",
dns_result_totext(dns_result),
expected_result);
++*nfails;
}
(void) free(data);
(void) dst_key_free(key);
return;
}
/*
* the astute observer will note that t1() signs then verifies data
* during the test but that t2() verifies data that has been
* signed at some earlier time, possibly with an entire different
* version or implementation of the DSA and RSA algorithms
*/
static char *a2 =
"the dst module provides the capability to "
"verify data signed with the RSA and DSA algorithms";
/* av == datafile, sigpath, keyname, keyid, alg, exp_result */
static int
t2_vfy(char **av) {
char *datapath;
char *sigpath;
char *keyname;
char *key;
int keyid;
char *alg;
int algid;
char *exp_result;
int nfails;
int nprobs;
isc_mem_t *mctx;
isc_result_t isc_result;
int result;
datapath = *av++;
sigpath = *av++;
keyname = *av++;
key = *av++;
keyid = atoi(key);
alg = *av++;
exp_result = *av++;
nfails = 0;
nprobs = 0;
if (! strcasecmp(alg, "DST_ALG_DSA"))
algid = DST_ALG_DSA;
else if (! strcasecmp(alg, "DST_ALG_RSA"))
algid = DST_ALG_RSA;
else {
t_info("Unknown algorithm %s\n", alg);
return(T_UNRESOLVED);
}
mctx = NULL;
isc_result = isc_mem_create(0, 0, &mctx);
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_mem_create failed %d\n", isc_result_totext(isc_result));
return(T_UNRESOLVED);
}
t_info("testing %s, %s, %s, %s, %s, %s\n",
datapath, sigpath, keyname, key, alg, exp_result);
t2_sigchk(datapath, sigpath, keyname, keyid,
algid, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
mctx, exp_result,
&nfails, &nprobs);
isc_mem_destroy(&mctx);
result = T_UNRESOLVED;
if (nfails)
result = T_FAIL;
else if ((nfails == 0) && (nprobs == 0))
result = T_PASS;
return(result);
}
static void
t2() {
int result;
t_assert("dst", 3, T_REQUIRED, a2);
result = t_eval("dst_2_data", t2_vfy, 6);
t_result(result);
}
testspec_t T_testlist[] = {
{ t1, "basic dst module verification" },
{ t2, "signature ineffability" },
{ NULL, NULL }
};