1 /* $NetBSD: t_dst.c,v 1.10 2014/12/10 04:37:53 christos Exp $ */
4 * Copyright (C) 2004, 2005, 2007-2009, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 1999-2001 Internet Software Consortium.
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
20 /* Id: t_dst.c,v 1.60 2011/03/17 23:47:29 tbox Exp */
30 #include <unistd.h> /* XXX */
35 #include <isc/buffer.h>
37 #include <isc/entropy.h>
40 #include <isc/region.h>
41 #include <isc/stdio.h>
42 #include <isc/string.h>
45 #include <dns/fixedname.h>
49 #include <dst/result.h>
51 #include <tests/t_api.h>
58 * Adapted from the original dst_test.c program.
62 cleandir(char *path
) {
64 char fullname
[PATH_MAX
+ 1];
69 ret
= isc_dir_open(&dir
, path
);
70 if (ret
!= ISC_R_SUCCESS
) {
71 t_info("isc_dir_open(%s) failed %s\n",
72 path
, isc_result_totext(ret
));
76 while (isc_dir_read(&dir
) == ISC_R_SUCCESS
) {
77 if (!strcmp(dir
.entry
.name
, "."))
79 if (!strcmp(dir
.entry
.name
, ".."))
81 (void)strlcpy(fullname
, path
, sizeof(fullname
));
82 (void)strlcat(fullname
, "/", sizeof(fullname
));
83 l
= strlcat(fullname
, dir
.entry
.name
, sizeof(fullname
));
84 if (l
< sizeof(fullname
)) {
86 t_info("remove(%s) failed %d\n", fullname
,
89 t_info("unable to remove '%s/%s': path too long\n",
90 path
, dir
.entry
.name
);
95 t_info("rmdir(%s) failed %d\n", path
, errno
);
101 use(dst_key_t
*key
, isc_mem_t
*mctx
, isc_result_t exp_result
, int *nfails
) {
104 const char *data
= "This is some data";
105 unsigned char sig
[512];
106 isc_buffer_t databuf
, sigbuf
;
107 isc_region_t datareg
, sigreg
;
108 dst_context_t
*ctx
= NULL
;
110 isc_buffer_init(&sigbuf
, sig
, sizeof(sig
));
111 isc_buffer_constinit(&databuf
, data
, strlen(data
));
112 isc_buffer_add(&databuf
, strlen(data
));
113 isc_buffer_usedregion(&databuf
, &datareg
);
115 ret
= dst_context_create3(key
, mctx
,
116 DNS_LOGCATEGORY_GENERAL
, ISC_TRUE
, &ctx
);
117 if (ret
!= exp_result
) {
118 t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
119 dst_key_alg(key
), dst_result_totext(ret
),
120 dst_result_totext(exp_result
));
124 if (exp_result
!= ISC_R_SUCCESS
)
126 ret
= dst_context_adddata(ctx
, &datareg
);
127 if (ret
!= ISC_R_SUCCESS
) {
128 t_info("dst_context_adddata(%d) returned (%s)\n",
129 dst_key_alg(key
), dst_result_totext(ret
));
131 dst_context_destroy(&ctx
);
134 ret
= dst_context_sign(ctx
, &sigbuf
);
135 if (ret
!= ISC_R_SUCCESS
) {
136 t_info("dst_context_sign(%d) returned (%s)\n",
137 dst_key_alg(key
), dst_result_totext(ret
));
139 dst_context_destroy(&ctx
);
142 dst_context_destroy(&ctx
);
144 isc_buffer_remainingregion(&sigbuf
, &sigreg
);
145 ret
= dst_context_create3(key
, mctx
,
146 DNS_LOGCATEGORY_GENERAL
, ISC_FALSE
, &ctx
);
147 if (ret
!= ISC_R_SUCCESS
) {
148 t_info("dst_context_create(%d) returned (%s)\n",
149 dst_key_alg(key
), dst_result_totext(ret
));
153 ret
= dst_context_adddata(ctx
, &datareg
);
154 if (ret
!= ISC_R_SUCCESS
) {
155 t_info("dst_context_adddata(%d) returned (%s)\n",
156 dst_key_alg(key
), dst_result_totext(ret
));
158 dst_context_destroy(&ctx
);
161 ret
= dst_context_verify(ctx
, &sigreg
);
162 if (ret
!= exp_result
) {
163 t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
164 dst_key_alg(key
), dst_result_totext(ret
),
165 dst_result_totext(exp_result
));
167 dst_context_destroy(&ctx
);
170 dst_context_destroy(&ctx
);
174 dh(dns_name_t
*name1
, int id1
, dns_name_t
*name2
, int id2
, isc_mem_t
*mctx
,
175 isc_result_t exp_result
, int *nfails
, int *nprobs
)
177 dst_key_t
*key1
= NULL
, *key2
= NULL
;
179 char current
[PATH_MAX
+ 1];
180 char tmp
[PATH_MAX
+ 1];
182 int alg
= DST_ALG_DH
;
183 int type
= DST_TYPE_PUBLIC
|DST_TYPE_PRIVATE
|DST_TYPE_KEY
;
184 unsigned char array1
[1024], array2
[1024];
190 p
= getcwd(current
, PATH_MAX
);;
192 t_info("getcwd failed %d\n", errno
);
197 ret
= dst_key_fromfile(name1
, id1
, alg
, type
, current
, mctx
, &key1
);
198 if (ret
!= ISC_R_SUCCESS
) {
199 t_info("dst_key_fromfile(%d) returned: %s\n",
200 alg
, dst_result_totext(ret
));
205 ret
= dst_key_fromfile(name2
, id2
, alg
, type
, current
, mctx
, &key2
);
206 if (ret
!= ISC_R_SUCCESS
) {
207 t_info("dst_key_fromfile(%d) returned: %s\n",
208 alg
, dst_result_totext(ret
));
214 ret
= isc_file_mktemplate("/tmp/", tmp
, sizeof(tmp
));
216 ret
= isc_file_mktemplate(getenv("TEMP"), tmp
, sizeof(tmp
));
218 if (ret
!= ISC_R_SUCCESS
) {
219 t_info("isc_file_mktemplate failed %s\n",
220 isc_result_totext(ret
));
225 ret
= isc_dir_createunique(tmp
);
226 if (ret
!= ISC_R_SUCCESS
) {
227 t_info("isc_dir_createunique failed %s\n",
228 isc_result_totext(ret
));
233 ret
= dst_key_tofile(key1
, type
, tmp
);
235 t_info("dst_key_tofile(%d) returned: %s\n",
236 alg
, dst_result_totext(ret
));
241 ret
= dst_key_tofile(key2
, type
, tmp
);
243 t_info("dst_key_tofile(%d) returned: %s\n",
244 alg
, dst_result_totext(ret
));
251 isc_buffer_init(&b1
, array1
, sizeof(array1
));
252 ret
= dst_key_computesecret(key1
, key2
, &b1
);
254 t_info("dst_computesecret() returned: %s\n",
255 dst_result_totext(ret
));
260 isc_buffer_init(&b2
, array2
, sizeof(array2
));
261 ret
= dst_key_computesecret(key2
, key1
, &b2
);
263 t_info("dst_computesecret() returned: %s\n",
264 dst_result_totext(ret
));
269 isc_buffer_usedregion(&b1
, &r1
);
270 isc_buffer_usedregion(&b2
, &r2
);
271 if (r1
.length
!= r2
.length
|| memcmp(r1
.base
, r2
.base
, r1
.length
) != 0)
273 t_info("computed secrets don't match\n");
286 io(dns_name_t
*name
, isc_uint16_t id
, isc_uint16_t alg
, int type
,
287 isc_mem_t
*mctx
, isc_result_t exp_result
, int *nfails
, int *nprobs
)
289 dst_key_t
*key
= NULL
;
291 char current
[PATH_MAX
+ 1];
292 char tmp
[PATH_MAX
+ 1];
295 p
= getcwd(current
, PATH_MAX
);;
297 t_info("getcwd failed %d\n", errno
);
302 ret
= dst_key_fromfile(name
, id
, alg
, type
, current
, mctx
, &key
);
303 if (ret
!= ISC_R_SUCCESS
) {
304 t_info("dst_key_fromfile(%d) returned: %s\n",
305 alg
, dst_result_totext(ret
));
310 if (dst_key_id(key
) != id
) {
311 t_info("key ID incorrect\n");
316 if (dst_key_alg(key
) != alg
) {
317 t_info("key algorithm incorrect\n");
322 if (dst_key_getttl(key
) != 0) {
323 t_info("initial key TTL incorrect\n");
329 ret
= isc_file_mktemplate("/tmp/", tmp
, sizeof(tmp
));
331 ret
= isc_file_mktemplate(getenv("TEMP"), tmp
, sizeof(tmp
));
333 if (ret
!= ISC_R_SUCCESS
) {
334 t_info("isc_file_mktemplate failed %s\n",
335 isc_result_totext(ret
));
340 ret
= isc_dir_createunique(tmp
);
341 if (ret
!= ISC_R_SUCCESS
) {
342 t_info("mkdir failed %d\n", errno
);
347 ret
= dst_key_tofile(key
, type
, tmp
);
349 t_info("dst_key_tofile(%d) returned: %s\n",
350 alg
, dst_result_totext(ret
));
355 if (dst_key_alg(key
) != DST_ALG_DH
)
356 use(key
, mctx
, exp_result
, nfails
);
359 * Skip the rest of this test if we weren't expecting
360 * the read to be successful.
362 if (exp_result
!= ISC_R_SUCCESS
)
365 dst_key_setttl(key
, 3600);
366 ret
= dst_key_tofile(key
, type
, tmp
);
368 t_info("dst_key_tofile(%d) returned: %s\n",
369 alg
, dst_result_totext(ret
));
374 /* Reread key to confirm TTL was changed */
376 ret
= dst_key_fromfile(name
, id
, alg
, type
, tmp
, mctx
, &key
);
377 if (ret
!= ISC_R_SUCCESS
) {
378 t_info("dst_key_fromfile(%d) returned: %s\n",
379 alg
, dst_result_totext(ret
));
384 if (dst_key_getttl(key
) != 3600) {
385 t_info("modified key TTL incorrect\n");
398 generate(int alg
, isc_mem_t
*mctx
, int size
, int *nfails
) {
400 dst_key_t
*key
= NULL
;
402 ret
= dst_key_generate(dns_rootname
, alg
, size
, 0, 0, 0,
403 dns_rdataclass_in
, mctx
, &key
);
404 if (ret
!= ISC_R_SUCCESS
) {
405 t_info("dst_key_generate(%d) returned: %s\n", alg
,
406 dst_result_totext(ret
));
411 if (alg
!= DST_ALG_DH
)
412 use(key
, mctx
, ISC_R_SUCCESS
, nfails
);
420 static const char *a1
=
421 "the dst module provides the capability to "
422 "generate, store and retrieve public and private keys, "
423 "sign and verify data using the RSA, DSA and MD5 algorithms, "
424 "and compute Diffie-Hellman shared secrets.";
432 isc_result_t isc_result
;
433 dns_fixedname_t fname
;
437 t_assert("dst", 1, T_REQUIRED
, "%s", a1
);
442 isc_result
= isc_mem_create(0, 0, &mctx
);
443 if (isc_result
!= ISC_R_SUCCESS
) {
444 t_info("isc_mem_create failed %s\n",
445 isc_result_totext(isc_result
));
446 t_result(T_UNRESOLVED
);
450 isc_result
= isc_entropy_create(mctx
, &ectx
);
451 if (isc_result
!= ISC_R_SUCCESS
) {
452 t_info("isc_entropy_create failed %s\n",
453 isc_result_totext(isc_result
));
454 t_result(T_UNRESOLVED
);
457 isc_result
= isc_entropy_createfilesource(ectx
, "randomfile");
458 if (isc_result
!= ISC_R_SUCCESS
) {
459 t_info("isc_entropy_create failed %s\n",
460 isc_result_totext(isc_result
));
461 t_result(T_UNRESOLVED
);
464 isc_result
= dst_lib_init(mctx
, ectx
, ISC_ENTROPY_BLOCKING
);
465 if (isc_result
!= ISC_R_SUCCESS
) {
466 t_info("dst_lib_init failed %s\n",
467 isc_result_totext(isc_result
));
468 t_result(T_UNRESOLVED
);
472 if (!dst_algorithm_supported(DST_ALG_RSAMD5
)) {
474 t_info("library built without crypto support\n");
479 t_info("testing use of stored keys [1]\n");
481 dns_fixedname_init(&fname
);
482 name
= dns_fixedname_name(&fname
);
483 isc_buffer_constinit(&b
, "test.", 5);
484 isc_buffer_add(&b
, 5);
485 isc_result
= dns_name_fromtext(name
, &b
, NULL
, 0, NULL
);
486 if (isc_result
!= ISC_R_SUCCESS
) {
487 t_info("dns_name_fromtext failed %s\n",
488 isc_result_totext(isc_result
));
489 t_result(T_UNRESOLVED
);
492 io(name
, 23616, DST_ALG_DSA
, DST_TYPE_PRIVATE
|DST_TYPE_PUBLIC
,
493 mctx
, ISC_R_SUCCESS
, &nfails
, &nprobs
);
494 t_info("testing use of stored keys [2]\n");
495 io(name
, 54622, DST_ALG_RSAMD5
, DST_TYPE_PRIVATE
|DST_TYPE_PUBLIC
,
496 mctx
, ISC_R_SUCCESS
, &nfails
, &nprobs
);
498 t_info("testing use of stored keys [3]\n");
499 io(name
, 49667, DST_ALG_DSA
, DST_TYPE_PRIVATE
|DST_TYPE_PUBLIC
,
500 mctx
, DST_R_NULLKEY
, &nfails
, &nprobs
);
501 t_info("testing use of stored keys [4]\n");
502 io(name
, 2, DST_ALG_RSAMD5
, DST_TYPE_PRIVATE
|DST_TYPE_PUBLIC
,
503 mctx
, DST_R_NULLKEY
, &nfails
, &nprobs
);
505 isc_buffer_constinit(&b
, "dh.", 3);
506 isc_buffer_add(&b
, 3);
507 isc_result
= dns_name_fromtext(name
, &b
, NULL
, 0, NULL
);
508 if (isc_result
!= ISC_R_SUCCESS
) {
509 t_info("dns_name_fromtext failed %s\n",
510 isc_result_totext(isc_result
));
511 t_result(T_UNRESOLVED
);
515 dh(name
, 18602, name
, 48957, mctx
, ISC_R_SUCCESS
, &nfails
, &nprobs
);
517 t_info("testing use of generated keys\n");
518 generate(DST_ALG_RSAMD5
, mctx
, 512, &nfails
);
519 generate(DST_ALG_DSA
, mctx
, 512, &nfails
);
520 generate(DST_ALG_DH
, mctx
, 512, &nfails
);
522 * This one uses a constant.
524 generate(DST_ALG_DH
, mctx
, 768, &nfails
);
525 generate(DST_ALG_HMACMD5
, mctx
, 512, &nfails
);
529 isc_entropy_detach(&ectx
);
531 isc_mem_destroy(&mctx
);
533 result
= T_UNRESOLVED
;
534 if ((nfails
== 0) && (nprobs
== 0))
544 #undef NEWSIG /* Define NEWSIG to generate the original signature file. */
549 * Write a sig in buf to file at path.
552 sig_tofile(char *path
, isc_buffer_t
*buf
) {
563 len
= buf
->used
- buf
->current
;
565 t_info("buf: current %d used %d len %d\n",
566 buf
->current
, buf
->used
, len
);
568 fd
= open(path
, O_CREAT
|O_TRUNC
|O_WRONLY
, S_IRWXU
|S_IRWXO
|S_IRWXG
);
570 t_info("open %s failed %d\n", path
, errno
);
575 c
= (unsigned char) isc_buffer_getuint8(buf
);
576 val
= ((c
>> 4 ) & 0x0f);
577 if ((0 <= val
) && (val
<= 9))
580 val
= 'A' + val
- 10;
581 rval
= write(fd
, &val
, 1);
584 t_info("write failed %d %d\n", rval
, errno
);
588 if ((0 <= val
) && (val
<= 9))
591 val
= 'A' + val
- 10;
592 rval
= write(fd
, &val
, 1);
595 t_info("write failed %d %d\n", rval
, errno
);
600 if ((cnt
% 16) == 0) {
602 rval
= write(fd
, &val
, 1);
605 t_info("write failed %d %d\n", rval
, errno
);
611 rval
= write(fd
, &val
, 1);
614 t_info("write failed %d %d\n", rval
, errno
);
623 * Read sig in file at path to buf.
626 sig_fromfile(char *path
, isc_buffer_t
*iscbuf
) {
633 isc_result_t isc_result
;
636 isc_result
= isc_stdio_open(path
, "rb", &fp
);
637 if (isc_result
!= ISC_R_SUCCESS
) {
638 t_info("open failed, result: %s\n",
639 isc_result_totext(isc_result
));
643 isc_result
= isc_file_getsizefd(fileno(fp
), &size
);
644 if (isc_result
!= ISC_R_SUCCESS
) {
645 t_info("stat %s failed, result: %s\n",
646 path
, isc_result_totext(isc_result
));
651 buf
= (char *) malloc((size
+ 1) * sizeof(char));
653 t_info("malloc failed, errno == %d\n", errno
);
661 isc_result
= isc_stdio_read(p
, 1, len
, fp
, &rval
);
662 if (isc_result
== ISC_R_SUCCESS
) {
666 t_info("read failed %d, result: %s\n",
667 (int)rval
, isc_result_totext(isc_result
));
669 (void) isc_stdio_close(fp
);
678 if ((*p
== '\r') || (*p
== '\n')) {
684 if (('0' <= *p
) && (*p
<= '9'))
686 else if (('A' <= *p
) && (*p
<= 'F'))
693 if (('0' <= *p
) && (*p
<= '9'))
695 else if (('A' <= *p
) && (*p
<= 'F'))
696 val
|= (*p
- 'A' + 10);
701 isc_buffer_putuint8(iscbuf
, val
);
712 t2_sigchk(char *datapath
, char *sigpath
, char *keyname
,
713 int id
, int alg
, int type
,
714 isc_mem_t
*mctx
, char *expected_result
,
715 int *nfails
, int *nprobs
)
721 dst_key_t
*key
= NULL
;
722 unsigned char sig
[T_SIGMAX
];
726 isc_result_t isc_result
;
727 isc_buffer_t databuf
;
729 isc_region_t datareg
;
731 dns_fixedname_t fname
;
734 dst_context_t
*ctx
= NULL
;
737 * Read data from file in a form usable by dst_verify.
739 isc_result
= isc_stdio_open(datapath
, "rb", &fp
);
740 if (isc_result
!= ISC_R_SUCCESS
) {
741 t_info("t2_sigchk: open failed %s\n",
742 isc_result_totext(isc_result
));
747 isc_result
= isc_file_getsizefd(fileno(fp
), &size
);
748 if (isc_result
!= ISC_R_SUCCESS
) {
749 t_info("t2_sigchk: stat (%s) failed %s\n",
750 datapath
, isc_result_totext(isc_result
));
756 data
= (unsigned char *) malloc(size
* sizeof(unsigned char));
758 t_info("t2_sigchk: malloc failed %d\n", errno
);
767 isc_result
= isc_stdio_read(p
, 1, len
, fp
, &rval
);
768 if (isc_result
== ISC_R_SUCCESS
) {
773 (void) isc_stdio_close(fp
);
776 * Read key from file in a form usable by dst_verify.
778 dns_fixedname_init(&fname
);
779 name
= dns_fixedname_name(&fname
);
780 isc_buffer_constinit(&b
, keyname
, strlen(keyname
));
781 isc_buffer_add(&b
, strlen(keyname
));
782 isc_result
= dns_name_fromtext(name
, &b
, dns_rootname
, 0, NULL
);
783 if (isc_result
!= ISC_R_SUCCESS
) {
784 t_info("dns_name_fromtext failed %s\n",
785 isc_result_totext(isc_result
));
790 isc_result
= dst_key_fromfile(name
, id
, alg
, type
, NULL
, mctx
, &key
);
791 if (isc_result
!= ISC_R_SUCCESS
) {
792 t_info("dst_key_fromfile failed %s\n",
793 isc_result_totext(isc_result
));
799 isc_buffer_init(&databuf
, data
, (unsigned int)size
);
800 isc_buffer_add(&databuf
, (unsigned int)size
);
801 isc_buffer_usedregion(&databuf
, &datareg
);
806 * If we're generating a signature for the first time,
807 * sign the data and save the signature to a file
810 memset(sig
, 0, sizeof(sig
));
811 isc_buffer_init(&sigbuf
, sig
, sizeof(sig
));
813 isc_result
= dst_context_create3(key
, mctx
,
814 DNS_LOGCATEGORY_GENERAL
,
816 if (isc_result
!= ISC_R_SUCCESS
) {
817 t_info("dst_context_create(%d) failed %s\n",
818 dst_result_totext(isc_result
));
824 isc_result
= dst_context_adddata(ctx
, &datareg
);
825 if (isc_result
!= ISC_R_SUCCESS
) {
826 t_info("dst_context_adddata(%d) failed %s\n",
827 dst_result_totext(isc_result
));
830 dst_context_destroy(&ctx
);
834 isc_result
= dst_context_sign(ctx
, &sigbuf
);
835 if (isc_result
!= ISC_R_SUCCESS
) {
836 t_info("dst_sign(%d) failed %s\n",
837 dst_result_totext(isc_result
));
840 dst_context_destroy(&ctx
);
844 dst_context_destroy(&ctx
);
846 rval
= sig_tofile(sigpath
, &sigbuf
);
848 t_info("sig_tofile failed\n");
857 memset(sig
, 0, sizeof(sig
));
858 isc_buffer_init(&sigbuf
, sig
, sizeof(sig
));
861 * Read precomputed signature from file in a form usable by dst_verify.
863 rval
= sig_fromfile(sigpath
, &sigbuf
);
865 t_info("sig_fromfile failed\n");
873 * Verify that the key signed the data.
875 isc_buffer_remainingregion(&sigbuf
, &sigreg
);
878 if (strstr(expected_result
, "!"))
881 isc_result
= dst_context_create3(key
, mctx
,
882 DNS_LOGCATEGORY_GENERAL
,
884 if (isc_result
!= ISC_R_SUCCESS
) {
885 t_info("dst_context_create returned %s\n",
886 isc_result_totext(isc_result
));
892 isc_result
= dst_context_adddata(ctx
, &datareg
);
893 if (isc_result
!= ISC_R_SUCCESS
) {
894 t_info("dst_context_adddata returned %s\n",
895 isc_result_totext(isc_result
));
897 dst_context_destroy(&ctx
);
902 isc_result
= dst_context_verify(ctx
, &sigreg
);
903 if ( ((exp_res
== 0) && (isc_result
!= ISC_R_SUCCESS
)) ||
904 ((exp_res
!= 0) && (isc_result
== ISC_R_SUCCESS
))) {
906 t_info("dst_context_verify returned %s, expected %s\n",
907 isc_result_totext(isc_result
),
913 dst_context_destroy(&ctx
);
919 * The astute observer will note that t1() signs then verifies data
920 * during the test but that t2() verifies data that has been
921 * signed at some earlier time, possibly with an entire different
922 * version or implementation of the DSA and RSA algorithms
924 static const char *a2
=
925 "the dst module provides the capability to "
926 "verify data signed with the RSA and DSA algorithms";
929 * av == datafile, sigpath, keyname, keyid, alg, exp_result.
945 isc_result_t isc_result
;
958 if (! strcasecmp(alg
, "DST_ALG_DSA"))
960 else if (! strcasecmp(alg
, "DST_ALG_RSAMD5"))
961 algid
= DST_ALG_RSAMD5
;
963 t_info("Unknown algorithm %s\n", alg
);
964 return(T_UNRESOLVED
);
968 isc_result
= isc_mem_create(0, 0, &mctx
);
969 if (isc_result
!= ISC_R_SUCCESS
) {
970 t_info("isc_mem_create failed %s\n",
971 isc_result_totext(isc_result
));
972 return(T_UNRESOLVED
);
975 isc_result
= isc_entropy_create(mctx
, &ectx
);
976 if (isc_result
!= ISC_R_SUCCESS
) {
977 t_info("isc_entropy_create failed %s\n",
978 isc_result_totext(isc_result
));
979 return(T_UNRESOLVED
);
981 isc_result
= isc_entropy_createfilesource(ectx
, "randomfile");
982 if (isc_result
!= ISC_R_SUCCESS
) {
983 t_info("isc_entropy_create failed %s\n",
984 isc_result_totext(isc_result
));
985 return(T_UNRESOLVED
);
987 isc_result
= dst_lib_init(mctx
, ectx
, ISC_ENTROPY_BLOCKING
);
988 if (isc_result
!= ISC_R_SUCCESS
) {
989 t_info("dst_lib_init failed %s\n",
990 isc_result_totext(isc_result
));
991 return(T_UNRESOLVED
);
994 if (!dst_algorithm_supported(DST_ALG_RSAMD5
)) {
996 t_info("library built without crypto support\n");
1000 t_info("testing %s, %s, %s, %s, %s, %s\n",
1001 datapath
, sigpath
, keyname
, key
, alg
, exp_result
);
1002 t2_sigchk(datapath
, sigpath
, keyname
, keyid
,
1003 algid
, DST_TYPE_PRIVATE
|DST_TYPE_PUBLIC
,
1009 isc_entropy_detach(&ectx
);
1011 isc_mem_destroy(&mctx
);
1013 result
= T_UNRESOLVED
;
1016 else if ((nfails
== 0) && (nprobs
== 0))
1025 t_assert("dst", 2, T_REQUIRED
, "%s", a2
);
1026 result
= t_eval("dst_2_data", t2_vfy
, 6);
1030 testspec_t T_testlist
[] = {
1031 { (PFV
) t1
, "basic dst module verification" },
1032 { (PFV
) t2
, "signature ineffability" },
1038 main(int argc
, char **argv
) {
1039 t_settests(T_testlist
);
1040 return (t_main(argc
, argv
));