t_dst.c revision fcd7c22fdff859e47d290981bb08cd3fc07369a1
/*
* Copyright (C) 2004, 2005, 2007-2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: t_dst.c,v 1.60 2011/03/17 23:47:29 tbox Exp $ */
#include <config.h>
#include <dirent.h> /* XXX */
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdlib.h>
#include <unistd.h> /* XXX */
#include <dns/fixedname.h>
#ifndef PATH_MAX
#define PATH_MAX 256
#endif
/*
* Adapted from the original dst_test.c program.
* XXXDCL should use isc_dir_*.
*/
static void
size_t l;
return;
}
continue;
continue;
if (l < sizeof(fullname)) {
errno);
} else
t_info("unable to remove '%s/%s': path too long\n",
}
return;
}
static void
const char *data = "This is some data";
unsigned char sig[512];
if (ret != exp_result) {
t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
++*nfails;
return;
}
if (exp_result != ISC_R_SUCCESS)
return;
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
++*nfails;
return;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_sign(%d) returned (%s)\n",
++*nfails;
return;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) returned (%s)\n",
++*nfails;
return;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
++*nfails;
return;
}
if (ret != exp_result) {
t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
++*nfails;
return;
}
}
static void
{
char *p;
int alg = DST_ALG_DH;
if (p == NULL) {
++*nprobs;
goto cleanup;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
++*nfails;
goto cleanup;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
++*nfails;
goto cleanup;
}
if (ret != ISC_R_SUCCESS) {
t_info("isc_file_mktemplate failed %s\n",
++*nprobs;
goto cleanup;
}
if (ret != ISC_R_SUCCESS) {
t_info("isc_dir_createunique failed %s\n",
++*nprobs;
goto cleanup;
}
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
++*nfails;
goto cleanup;
}
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
++*nfails;
goto cleanup;
}
if (ret != 0) {
t_info("dst_computesecret() returned: %s\n",
++*nfails;
goto cleanup;
}
if (ret != 0) {
t_info("dst_computesecret() returned: %s\n",
++*nfails;
goto cleanup;
}
{
t_info("computed secrets don't match\n");
++*nfails;
goto cleanup;
}
dst_key_free(&key1);
dst_key_free(&key2);
}
static void
{
char *p;
if (p == NULL) {
++*nprobs;
goto failure;
}
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
++*nfails;
goto failure;
}
t_info("key ID incorrect\n");
++*nfails;
goto failure;
}
t_info("key algorithm incorrect\n");
++*nfails;
goto failure;
}
if (dst_key_getttl(key) != 0) {
t_info("initial key TTL incorrect\n");
++*nfails;
goto failure;
}
if (ret != ISC_R_SUCCESS) {
t_info("isc_file_mktemplate failed %s\n",
++*nprobs;
goto failure;
}
if (ret != ISC_R_SUCCESS) {
++*nprobs;
goto failure;
}
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
++*nfails;
goto failure;
}
/*
* Skip the rest of this test if we weren't expecting
* the read to be successful.
*/
if (exp_result != ISC_R_SUCCESS)
goto cleanup;
if (ret != 0) {
t_info("dst_key_tofile(%d) returned: %s\n",
++*nfails;
goto failure;
}
/* Reread key to confirm TTL was changed */
dst_key_free(&key);
if (ret != ISC_R_SUCCESS) {
t_info("dst_key_fromfile(%d) returned: %s\n",
++*nfails;
goto failure;
}
t_info("modified key TTL incorrect\n");
++*nfails;
goto failure;
}
dst_key_free(&key);
}
static void
if (ret != ISC_R_SUCCESS) {
++*nfails;
goto cleanup;
}
if (alg != DST_ALG_DH)
dst_key_free(&key);
}
#define DBUFSIZ 25
static const char *a1 =
"the dst module provides the capability to "
"generate, store and retrieve public and private keys, "
"sign and verify data using the RSA, DSA and MD5 algorithms, "
"and compute Diffie-Hellman shared secrets.";
static void
t1(void) {
int nfails;
int nprobs;
int result;
isc_buffer_t b;
nfails = 0;
nprobs = 0;
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_mem_create failed %s\n",
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_lib_init failed %s\n",
return;
}
if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
t_info("library built without crypto support\n");
return;
}
t_info("testing use of stored keys [1]\n");
isc_buffer_add(&b, 5);
if (isc_result != ISC_R_SUCCESS) {
t_info("dns_name_fromtext failed %s\n",
return;
}
t_info("testing use of stored keys [2]\n");
t_info("testing use of stored keys [3]\n");
t_info("testing use of stored keys [4]\n");
isc_buffer_add(&b, 3);
if (isc_result != ISC_R_SUCCESS) {
t_info("dns_name_fromtext failed %s\n",
return;
}
t_info("testing use of generated keys\n");
/*
* This one uses a constant.
*/
else if (nfails)
}
#define T_SIGMAX 512
#ifdef NEWSIG
/*
* Write a sig in buf to file at path.
*/
static int
int rval;
int fd;
int len;
int nprobs;
int cnt;
unsigned char c;
unsigned char val;
cnt = 0;
nprobs = 0;
t_info("buf: current %d used %d len %d\n",
if (fd < 0) {
return(1);
}
while (len) {
c = (unsigned char) isc_buffer_getuint8(buf);
else
if (rval != 1) {
++nprobs;
break;
}
val = (c & 0x0f);
else
if (rval != 1) {
++nprobs;
break;
}
--len;
++cnt;
if ((cnt % 16) == 0) {
val = '\n';
if (rval != 1) {
++nprobs;
break;
}
}
}
val = '\n';
if (rval != 1) {
++nprobs;
}
return(nprobs);
}
#endif /* NEWSIG */
/*
* Read sig in file at path to buf.
*/
static int
int rval;
int len;
int fd;
unsigned char val;
char *p;
char *buf;
if (fd < 0) {
return(1);
}
if (rval != 0) {
return(1);
}
return(1);
}
p = buf;
while (len) {
if (rval > 0) {
p += rval;
}
else {
return(1);
}
}
p = buf;
while(len) {
if (*p == '\n') {
++p;
--len;
continue;
}
if (('0' <= *p) && (*p <= '9'))
val = *p - '0';
else
++p;
val <<= 4;
--len;
if (('0' <= *p) && (*p <= '9'))
val |= (*p - '0');
else
++p;
--len;
}
return(0);
}
static void
{
int rval;
int len;
int fd;
int exp_res;
unsigned char *p;
unsigned char *data;
isc_buffer_t b;
/*
* Read data from file in a form usable by dst_verify.
*/
if (fd < 0) {
++*nprobs;
return;
}
if (rval != 0) {
++*nprobs;
return;
}
++*nprobs;
return;
}
p = data;
do {
if (rval > 0) {
p += rval;
}
} while (len);
/*
* Read key from file in a form usable by dst_verify.
*/
if (isc_result != ISC_R_SUCCESS) {
t_info("dns_name_fromtext failed %s\n",
++*nprobs;
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_key_fromfile failed %s\n",
++*nprobs;
return;
}
#ifdef NEWSIG
/*
* If we're generating a signature for the first time,
* sign the data and save the signature to a file
*/
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) failed %s\n",
dst_key_free(&key);
++*nprobs;
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) failed %s\n",
dst_key_free(&key);
++*nprobs;
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_sign(%d) failed %s\n",
dst_key_free(&key);
++*nprobs;
return;
}
if (rval != 0) {
t_info("sig_tofile failed\n");
++*nprobs;
dst_key_free(&key);
return;
}
#endif /* NEWSIG */
/*
* Read precomputed signature from file in a form usable by dst_verify.
*/
if (rval != 0) {
t_info("sig_fromfile failed\n");
dst_key_free(&key);
++*nprobs;
return;
}
/*
* Verify that the key signed the data.
*/
exp_res = 0;
exp_res = 1;
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_create returned %s\n",
dst_key_free(&key);
++*nfails;
return;
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_adddata returned %s\n",
dst_key_free(&key);
++*nfails;
return;
}
t_info("dst_context_verify returned %s, expected %s\n",
++*nfails;
}
dst_key_free(&key);
return;
}
/*
* The astute observer will note that t1() signs then verifies data
* during the test but that t2() verifies data that has been
* signed at some earlier time, possibly with an entire different
* version or implementation of the DSA and RSA algorithms
*/
static const char *a2 =
"the dst module provides the capability to "
"verify data signed with the RSA and DSA algorithms";
/*
* av == datafile, sigpath, keyname, keyid, alg, exp_result.
*/
static int
char *datapath;
char *sigpath;
char *keyname;
char *key;
int keyid;
char *alg;
int algid;
char *exp_result;
int nfails;
int nprobs;
int result;
exp_result = *av++;
nfails = 0;
nprobs = 0;
algid = DST_ALG_DSA;
else {
return(T_UNRESOLVED);
}
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_mem_create failed %s\n",
return(T_UNRESOLVED);
}
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
return(T_UNRESOLVED);
}
if (isc_result != ISC_R_SUCCESS) {
t_info("isc_entropy_create failed %s\n",
return(T_UNRESOLVED);
}
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_lib_init failed %s\n",
return(T_UNRESOLVED);
}
if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
t_info("library built without crypto support\n");
return (T_UNTESTED);
}
t_info("testing %s, %s, %s, %s, %s, %s\n",
if (nfails)
return(result);
}
static void
t2(void) {
int result;
}
testspec_t T_testlist[] = {
{ t1, "basic dst module verification" },
{ t2, "signature ineffability" },
};