search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / external / bsd / bind / dist / bin / tests / dst / t_dst.c
blobace48c6549f6e5f550345aa01057a2090b858fa0
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 1999-2001 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /* Id: t_dst.c,v 1.58 2009/09/01 00:22:25 jinmei Exp */
21
22 #include <config.h>
23
24 #include <sys/types.h> /* Required for dirent.h */
25 #include <sys/stat.h>
26
27 #include <dirent.h> /* XXX */
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <limits.h>
31 #include <stdlib.h>
32
33 #include <unistd.h> /* XXX */
34
35 #include <isc/buffer.h>
36 #include <isc/dir.h>
37 #include <isc/entropy.h>
38 #include <isc/file.h>
39 #include <isc/mem.h>
40 #include <isc/region.h>
41 #include <isc/string.h>
42 #include <isc/util.h>
43
44 #include <dns/fixedname.h>
45 #include <dns/name.h>
46
47 #include <dst/dst.h>
48 #include <dst/result.h>
49
50 #include <tests/t_api.h>
51
52 #ifndef PATH_MAX
53 #define PATH_MAX 256
54 #endif
55
56 /*
57 * Adapted from the original dst_test.c program.
58 * XXXDCL should use isc_dir_*.
59 */
60
61 static void
62 cleandir(char *path) {
63 DIR *dirp;
64 struct dirent *pe;
65 char fullname[PATH_MAX + 1];
66
67 dirp = opendir(path);
68 if (dirp == NULL) {
69 t_info("opendir(%s) failed %d\n", path, errno);
70 return;
71 }
72
73 while ((pe = readdir(dirp)) != NULL) {
74 if (! strcmp(pe->d_name, "."))
75 continue;
76 if (! strcmp(pe->d_name, ".."))
77 continue;
78 strcpy(fullname, path);
79 strcat(fullname, "/");
80 strcat(fullname, pe->d_name);
81 if (remove(fullname))
82 t_info("remove(%s) failed %d\n", fullname, errno);
83
84 }
85 (void)closedir(dirp);
86 if (rmdir(path))
87 t_info("rmdir(%s) failed %d\n", path, errno);
88
89 return;
90 }
91
92 static void
93 use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
94
95 isc_result_t ret;
96 const char *data = "This is some data";
97 unsigned char sig[512];
98 isc_buffer_t databuf, sigbuf;
99 isc_region_t datareg, sigreg;
100 dst_context_t *ctx = NULL;
101
102 isc_buffer_init(&sigbuf, sig, sizeof(sig));
103 isc_buffer_init(&databuf, data, strlen(data));
104 isc_buffer_add(&databuf, strlen(data));
105 isc_buffer_usedregion(&databuf, &datareg);
106
107 ret = dst_context_create(key, mctx, &ctx);
108 if (ret != exp_result) {
109 t_info("dst_context_create(%d) returned (%s) expected (%s)\n",
110 dst_key_alg(key), dst_result_totext(ret),
111 dst_result_totext(exp_result));
112 ++*nfails;
113 return;
114 }
115 if (exp_result != ISC_R_SUCCESS)
116 return;
117 ret = dst_context_adddata(ctx, &datareg);
118 if (ret != ISC_R_SUCCESS) {
119 t_info("dst_context_adddata(%d) returned (%s)\n",
120 dst_key_alg(key), dst_result_totext(ret));
121 ++*nfails;
122 dst_context_destroy(&ctx);
123 return;
124 }
125 ret = dst_context_sign(ctx, &sigbuf);
126 if (ret != ISC_R_SUCCESS) {
127 t_info("dst_context_sign(%d) returned (%s)\n",
128 dst_key_alg(key), dst_result_totext(ret));
129 ++*nfails;
130 dst_context_destroy(&ctx);
131 return;
132 }
133 dst_context_destroy(&ctx);
134
135 isc_buffer_remainingregion(&sigbuf, &sigreg);
136 ret = dst_context_create(key, mctx, &ctx);
137 if (ret != ISC_R_SUCCESS) {
138 t_info("dst_context_create(%d) returned (%s)\n",
139 dst_key_alg(key), dst_result_totext(ret));
140 ++*nfails;
141 return;
142 }
143 ret = dst_context_adddata(ctx, &datareg);
144 if (ret != ISC_R_SUCCESS) {
145 t_info("dst_context_adddata(%d) returned (%s)\n",
146 dst_key_alg(key), dst_result_totext(ret));
147 ++*nfails;
148 dst_context_destroy(&ctx);
149 return;
150 }
151 ret = dst_context_verify(ctx, &sigreg);
152 if (ret != exp_result) {
153 t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
154 dst_key_alg(key), dst_result_totext(ret),
155 dst_result_totext(exp_result));
156 ++*nfails;
157 dst_context_destroy(&ctx);
158 return;
159 }
160 dst_context_destroy(&ctx);
161 }
162
163 static void
164 dh(dns_name_t *name1, int id1, dns_name_t *name2, int id2, isc_mem_t *mctx,
165 isc_result_t exp_result, int *nfails, int *nprobs)
166 {
167 dst_key_t *key1 = NULL, *key2 = NULL;
168 isc_result_t ret;
169 char current[PATH_MAX + 1];
170 char tmp[PATH_MAX + 1];
171 char *p;
172 int alg = DST_ALG_DH;
173 int type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
174 unsigned char array1[1024], array2[1024];
175 isc_buffer_t b1, b2;
176 isc_region_t r1, r2;
177
178 UNUSED(exp_result);
179
180 p = getcwd(current, PATH_MAX);;
181 if (p == NULL) {
182 t_info("getcwd failed %d\n", errno);
183 ++*nprobs;
184 return;
185 }
186
187 ret = dst_key_fromfile(name1, id1, alg, type, current, mctx, &key1);
188 if (ret != ISC_R_SUCCESS) {
189 t_info("dst_key_fromfile(%d) returned: %s\n",
190 alg, dst_result_totext(ret));
191 ++*nfails;
192 return;
193 }
194
195 ret = dst_key_fromfile(name2, id2, alg, type, current, mctx, &key2);
196 if (ret != ISC_R_SUCCESS) {
197 t_info("dst_key_fromfile(%d) returned: %s\n",
198 alg, dst_result_totext(ret));
199 ++*nfails;
200 return;
201 }
202
203 ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
204 if (ret != ISC_R_SUCCESS) {
205 t_info("isc_file_mktemplate failed %s\n",
206 isc_result_totext(ret));
207 ++*nprobs;
208 return;
209 }
210
211 ret = isc_dir_createunique(tmp);
212 if (ret != ISC_R_SUCCESS) {
213 t_info("isc_dir_createunique failed %s\n",
214 isc_result_totext(ret));
215 ++*nprobs;
216 return;
217 }
218
219 ret = dst_key_tofile(key1, type, tmp);
220 if (ret != 0) {
221 t_info("dst_key_tofile(%d) returned: %s\n",
222 alg, dst_result_totext(ret));
223 ++*nfails;
224 return;
225 }
226
227 ret = dst_key_tofile(key2, type, tmp);
228 if (ret != 0) {
229 t_info("dst_key_tofile(%d) returned: %s\n",
230 alg, dst_result_totext(ret));
231 ++*nfails;
232 return;
233 }
234
235 cleandir(tmp);
236
237 isc_buffer_init(&b1, array1, sizeof(array1));
238 ret = dst_key_computesecret(key1, key2, &b1);
239 if (ret != 0) {
240 t_info("dst_computesecret() returned: %s\n",
241 dst_result_totext(ret));
242 ++*nfails;
243 return;
244 }
245
246 isc_buffer_init(&b2, array2, sizeof(array2));
247 ret = dst_key_computesecret(key2, key1, &b2);
248 if (ret != 0) {
249 t_info("dst_computesecret() returned: %s\n",
250 dst_result_totext(ret));
251 ++*nfails;
252 return;
253 }
254
255 isc_buffer_usedregion(&b1, &r1);
256 isc_buffer_usedregion(&b2, &r2);
257 if (r1.length != r2.length || memcmp(r1.base, r2.base, r1.length) != 0)
258 {
259 t_info("computed secrets don't match\n");
260 ++*nfails;
261 return;
262 }
263
264 dst_key_free(&key1);
265 dst_key_free(&key2);
266 }
267
268 static void
269 io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
270 isc_result_t exp_result, int *nfails, int *nprobs)
271 {
272 dst_key_t *key = NULL;
273 isc_result_t ret;
274 char current[PATH_MAX + 1];
275 char tmp[PATH_MAX + 1];
276 char *p;
277
278 p = getcwd(current, PATH_MAX);;
279 if (p == NULL) {
280 t_info("getcwd failed %d\n", errno);
281 ++*nprobs;
282 return;
283 }
284
285 ret = dst_key_fromfile(name, id, alg, type, current, mctx, &key);
286 if (ret != ISC_R_SUCCESS) {
287 t_info("dst_key_fromfile(%d) returned: %s\n",
288 alg, dst_result_totext(ret));
289 ++*nfails;
290 return;
291 }
292
293 ret = isc_file_mktemplate("/tmp/", tmp, sizeof(tmp));
294 if (ret != ISC_R_SUCCESS) {
295 t_info("isc_file_mktemplate failed %s\n",
296 isc_result_totext(ret));
297 ++*nprobs;
298 return;
299 }
300
301 ret = isc_dir_createunique(tmp);
302 if (ret != ISC_R_SUCCESS) {
303 t_info("mkdir failed %d\n", errno);
304 ++*nprobs;
305 return;
306 }
307
308 ret = dst_key_tofile(key, type, tmp);
309 if (ret != 0) {
310 t_info("dst_key_tofile(%d) returned: %s\n",
311 alg, dst_result_totext(ret));
312 ++*nfails;
313 return;
314 }
315
316 if (dst_key_alg(key) != DST_ALG_DH)
317 use(key, mctx, exp_result, nfails);
318
319 cleandir(tmp);
320
321 dst_key_free(&key);
322 }
323
324 static void
325 generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
326 isc_result_t ret;
327 dst_key_t *key = NULL;
328
329 ret = dst_key_generate(dns_rootname, alg, size, 0, 0, 0,
330 dns_rdataclass_in, mctx, &key);
331 if (ret != ISC_R_SUCCESS) {
332 t_info("dst_key_generate(%d) returned: %s\n", alg,
333 dst_result_totext(ret));
334 ++*nfails;
335 return;
336 }
337
338 if (alg != DST_ALG_DH)
339 use(key, mctx, ISC_R_SUCCESS, nfails);
340 dst_key_free(&key);
341 }
342
343 #define DBUFSIZ 25
344
345 static const char *a1 =
346 "the dst module provides the capability to "
347 "generate, store and retrieve public and private keys, "
348 "sign and verify data using the RSA, DSA and MD5 algorithms, "
349 "and compute Diffie-Hellman shared secrets.";
350 static void
351 t1(void) {
352 isc_mem_t *mctx;
353 isc_entropy_t *ectx;
354 int nfails;
355 int nprobs;
356 int result;
357 isc_result_t isc_result;
358 dns_fixedname_t fname;
359 dns_name_t *name;
360 isc_buffer_t b;
361
362 t_assert("dst", 1, T_REQUIRED, "%s", a1);
363
364 nfails = 0;
365 nprobs = 0;
366 mctx = NULL;
367 isc_result = isc_mem_create(0, 0, &mctx);
368 if (isc_result != ISC_R_SUCCESS) {
369 t_info("isc_mem_create failed %s\n",
370 isc_result_totext(isc_result));
371 t_result(T_UNRESOLVED);
372 return;
373 }
374 ectx = NULL;
375 isc_result = isc_entropy_create(mctx, &ectx);
376 if (isc_result != ISC_R_SUCCESS) {
377 t_info("isc_entropy_create failed %s\n",
378 isc_result_totext(isc_result));
379 t_result(T_UNRESOLVED);
380 return;
381 }
382 isc_result = isc_entropy_createfilesource(ectx, "randomfile");
383 if (isc_result != ISC_R_SUCCESS) {
384 t_info("isc_entropy_create failed %s\n",
385 isc_result_totext(isc_result));
386 t_result(T_UNRESOLVED);
387 return;
388 }
389 isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
390 if (isc_result != ISC_R_SUCCESS) {
391 t_info("dst_lib_init failed %s\n",
392 isc_result_totext(isc_result));
393 t_result(T_UNRESOLVED);
394 return;
395 }
396
397 if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
398 dst_lib_destroy();
399 t_info("library built without crypto support\n");
400 t_result(T_UNTESTED);
401 return;
402 }
403
404 t_info("testing use of stored keys [1]\n");
405
406 dns_fixedname_init(&fname);
407 name = dns_fixedname_name(&fname);
408 isc_buffer_init(&b, "test.", 5);
409 isc_buffer_add(&b, 5);
410 isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
411 if (isc_result != ISC_R_SUCCESS) {
412 t_info("dns_name_fromtext failed %s\n",
413 isc_result_totext(isc_result));
414 t_result(T_UNRESOLVED);
415 return;
416 }
417 io(name, 23616, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
418 mctx, ISC_R_SUCCESS, &nfails, &nprobs);
419 t_info("testing use of stored keys [2]\n");
420 io(name, 54622, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
421 mctx, ISC_R_SUCCESS, &nfails, &nprobs);
422
423 t_info("testing use of stored keys [3]\n");
424 io(name, 49667, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
425 mctx, DST_R_NULLKEY, &nfails, &nprobs);
426 t_info("testing use of stored keys [4]\n");
427 io(name, 2, DST_ALG_RSAMD5, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
428 mctx, DST_R_NULLKEY, &nfails, &nprobs);
429
430 isc_buffer_init(&b, "dh.", 3);
431 isc_buffer_add(&b, 3);
432 isc_result = dns_name_fromtext(name, &b, NULL, 0, NULL);
433 if (isc_result != ISC_R_SUCCESS) {
434 t_info("dns_name_fromtext failed %s\n",
435 isc_result_totext(isc_result));
436 t_result(T_UNRESOLVED);
437 return;
438 }
439
440 dh(name, 18602, name, 48957, mctx, ISC_R_SUCCESS, &nfails, &nprobs);
441
442 t_info("testing use of generated keys\n");
443 generate(DST_ALG_RSAMD5, mctx, 512, &nfails);
444 generate(DST_ALG_DSA, mctx, 512, &nfails);
445 generate(DST_ALG_DH, mctx, 512, &nfails);
446 /*
447 * This one uses a constant.
448 */
449 generate(DST_ALG_DH, mctx, 768, &nfails);
450 generate(DST_ALG_HMACMD5, mctx, 512, &nfails);
451
452 dst_lib_destroy();
453
454 isc_entropy_detach(&ectx);
455
456 isc_mem_destroy(&mctx);
457
458 result = T_UNRESOLVED;
459 if ((nfails == 0) && (nprobs == 0))
460 result = T_PASS;
461 else if (nfails)
462 result = T_FAIL;
463 t_result(result);
464
465 }
466
467 #define T_SIGMAX 512
468
469 #undef NEWSIG /* Define NEWSIG to generate the original signature file. */
470
471 #ifdef NEWSIG
472
473 /*
474 * Write a sig in buf to file at path.
475 */
476 static int
477 sig_tofile(char *path, isc_buffer_t *buf) {
478 int rval;
479 int fd;
480 int len;
481 int nprobs;
482 int cnt;
483 unsigned char c;
484 unsigned char val;
485
486 cnt = 0;
487 nprobs = 0;
488 len = buf->used - buf->current;
489
490 t_info("buf: current %d used %d len %d\n",
491 buf->current, buf->used, len);
492
493 fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRWXU|S_IRWXO|S_IRWXG);
494 if (fd < 0) {
495 t_info("open %s failed %d\n", path, errno);
496 return(1);
497 }
498
499 while (len) {
500 c = (unsigned char) isc_buffer_getuint8(buf);
501 val = ((c >> 4 ) & 0x0f);
502 if ((0 <= val) && (val <= 9))
503 val = '0' + val;
504 else
505 val = 'A' + val - 10;
506 rval = write(fd, &val, 1);
507 if (rval != 1) {
508 ++nprobs;
509 t_info("write failed %d %d\n", rval, errno);
510 break;
511 }
512 val = (c & 0x0f);
513 if ((0 <= val) && (val <= 9))
514 val = '0' + val;
515 else
516 val = 'A' + val - 10;
517 rval = write(fd, &val, 1);
518 if (rval != 1) {
519 ++nprobs;
520 t_info("write failed %d %d\n", rval, errno);
521 break;
522 }
523 --len;
524 ++cnt;
525 if ((cnt % 16) == 0) {
526 val = '\n';
527 rval = write(fd, &val, 1);
528 if (rval != 1) {
529 ++nprobs;
530 t_info("write failed %d %d\n", rval, errno);
531 break;
532 }
533 }
534 }
535 val = '\n';
536 rval = write(fd, &val, 1);
537 if (rval != 1) {
538 ++nprobs;
539 t_info("write failed %d %d\n", rval, errno);
540 }
541 (void) close(fd);
542 return(nprobs);
543 }
544
545 #endif /* NEWSIG */
546
547 /*
548 * Read sig in file at path to buf.
549 */
550 static int
551 sig_fromfile(char *path, isc_buffer_t *iscbuf) {
552 int rval;
553 int len;
554 int fd;
555 unsigned char val;
556 struct stat sb;
557 char *p;
558 char *buf;
559
560 rval = stat(path, &sb);
561 if (rval != 0) {
562 t_info("stat %s failed, errno == %d\n", path, errno);
563 return(1);
564 }
565
566 buf = (char *) malloc((sb.st_size + 1) * sizeof(unsigned char));
567 if (buf == NULL) {
568 t_info("malloc failed, errno == %d\n", errno);
569 return(1);
570 }
571
572 fd = open(path, O_RDONLY);
573 if (fd < 0) {
574 t_info("open failed, errno == %d\n", errno);
575 (void) free(buf);
576 return(1);
577 }
578
579 len = sb.st_size;
580 p = buf;
581 while (len) {
582 rval = read(fd, p, len);
583 if (rval > 0) {
584 len -= rval;
585 p += rval;
586 }
587 else {
588 t_info("read failed %d, errno == %d\n", rval, errno);
589 (void) free(buf);
590 (void) close(fd);
591 return(1);
592 }
593 }
594 close(fd);
595
596 p = buf;
597 len = sb.st_size;
598 while(len) {
599 if (*p == '\n') {
600 ++p;
601 --len;
602 continue;
603 }
604 if (('0' <= *p) && (*p <= '9'))
605 val = *p - '0';
606 else
607 val = *p - 'A' + 10;
608 ++p;
609 val <<= 4;
610 --len;
611 if (('0' <= *p) && (*p <= '9'))
612 val |= (*p - '0');
613 else
614 val |= (*p - 'A' + 10);
615 ++p;
616 --len;
617 isc_buffer_putuint8(iscbuf, val);
618 }
619 (void) free(buf);
620 return(0);
621 }
622
623 static void
624 t2_sigchk(char *datapath, char *sigpath, char *keyname,
625 int id, int alg, int type,
626 isc_mem_t *mctx, char *expected_result,
627 int *nfails, int *nprobs)
628 {
629 int rval;
630 int len;
631 int fd;
632 int exp_res;
633 dst_key_t *key = NULL;
634 unsigned char sig[T_SIGMAX];
635 unsigned char *p;
636 unsigned char *data;
637 struct stat sb;
638 isc_result_t isc_result;
639 isc_buffer_t databuf;
640 isc_buffer_t sigbuf;
641 isc_region_t datareg;
642 isc_region_t sigreg;
643 dns_fixedname_t fname;
644 dns_name_t *name;
645 isc_buffer_t b;
646 dst_context_t *ctx = NULL;
647
648 /*
649 * Read data from file in a form usable by dst_verify.
650 */
651 rval = stat(datapath, &sb);
652 if (rval != 0) {
653 t_info("t2_sigchk: stat (%s) failed %d\n", datapath, errno);
654 ++*nprobs;
655 return;
656 }
657
658 data = (unsigned char *) malloc(sb.st_size * sizeof(char));
659 if (data == NULL) {
660 t_info("t2_sigchk: malloc failed %d\n", errno);
661 ++*nprobs;
662 return;
663 }
664
665 fd = open(datapath, O_RDONLY);
666 if (fd < 0) {
667 t_info("t2_sigchk: open failed %d\n", errno);
668 (void) free(data);
669 ++*nprobs;
670 return;
671 }
672
673 p = data;
674 len = sb.st_size;
675 do {
676 rval = read(fd, p, len);
677 if (rval > 0) {
678 len -= rval;
679 p += rval;
680 }
681 } while (len);
682 (void) close(fd);
683
684 /*
685 * Read key from file in a form usable by dst_verify.
686 */
687 dns_fixedname_init(&fname);
688 name = dns_fixedname_name(&fname);
689 isc_buffer_init(&b, keyname, strlen(keyname));
690 isc_buffer_add(&b, strlen(keyname));
691 isc_result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
692 if (isc_result != ISC_R_SUCCESS) {
693 t_info("dns_name_fromtext failed %s\n",
694 isc_result_totext(isc_result));
695 (void) free(data);
696 ++*nprobs;
697 return;
698 }
699 isc_result = dst_key_fromfile(name, id, alg, type, NULL, mctx, &key);
700 if (isc_result != ISC_R_SUCCESS) {
701 t_info("dst_key_fromfile failed %s\n",
702 isc_result_totext(isc_result));
703 (void) free(data);
704 ++*nprobs;
705 return;
706 }
707
708 isc_buffer_init(&databuf, data, sb.st_size);
709 isc_buffer_add(&databuf, sb.st_size);
710 isc_buffer_usedregion(&databuf, &datareg);
711
712 #ifdef NEWSIG
713
714 /*
715 * If we're generating a signature for the first time,
716 * sign the data and save the signature to a file
717 */
718
719 memset(sig, 0, sizeof(sig));
720 isc_buffer_init(&sigbuf, sig, sizeof(sig));
721
722 isc_result = dst_context_create(key, mctx, &ctx);
723 if (isc_result != ISC_R_SUCCESS) {
724 t_info("dst_context_create(%d) failed %s\n",
725 dst_result_totext(isc_result));
726 (void) free(data);
727 dst_key_free(&key);
728 ++*nprobs;
729 return;
730 }
731 isc_result = dst_context_adddata(ctx, &datareg);
732 if (isc_result != ISC_R_SUCCESS) {
733 t_info("dst_context_adddata(%d) failed %s\n",
734 dst_result_totext(isc_result));
735 (void) free(data);
736 dst_key_free(&key);
737 dst_context_destroy(&ctx);
738 ++*nprobs;
739 return;
740 }
741 isc_result = dst_context_sign(ctx, &sigbuf);
742 if (isc_result != ISC_R_SUCCESS) {
743 t_info("dst_sign(%d) failed %s\n",
744 dst_result_totext(isc_result));
745 (void) free(data);
746 dst_key_free(&key);
747 dst_context_destroy(&ctx);
748 ++*nprobs;
749 return;
750 }
751 dst_context_destroy(&ctx);
752
753 rval = sig_tofile(sigpath, &sigbuf);
754 if (rval != 0) {
755 t_info("sig_tofile failed\n");
756 ++*nprobs;
757 (void) free(data);
758 dst_key_free(&key);
759 return;
760 }
761
762 #endif /* NEWSIG */
763
764 memset(sig, 0, sizeof(sig));
765 isc_buffer_init(&sigbuf, sig, sizeof(sig));
766
767 /*
768 * Read precomputed signature from file in a form usable by dst_verify.
769 */
770 rval = sig_fromfile(sigpath, &sigbuf);
771 if (rval != 0) {
772 t_info("sig_fromfile failed\n");
773 (void) free(data);
774 dst_key_free(&key);
775 ++*nprobs;
776 return;
777 }
778
779 /*
780 * Verify that the key signed the data.
781 */
782 isc_buffer_remainingregion(&sigbuf, &sigreg);
783
784 exp_res = 0;
785 if (strstr(expected_result, "!"))
786 exp_res = 1;
787
788 isc_result = dst_context_create(key, mctx, &ctx);
789 if (isc_result != ISC_R_SUCCESS) {
790 t_info("dst_context_create returned %s\n",
791 isc_result_totext(isc_result));
792 ++*nfails;
793 }
794 isc_result = dst_context_adddata(ctx, &datareg);
795 if (isc_result != ISC_R_SUCCESS) {
796 t_info("dst_context_adddata returned %s\n",
797 isc_result_totext(isc_result));
798 dst_context_destroy(&ctx);
799 ++*nfails;
800 }
801 isc_result = dst_context_verify(ctx, &sigreg);
802 if ( ((exp_res == 0) && (isc_result != ISC_R_SUCCESS)) ||
803 ((exp_res != 0) && (isc_result == ISC_R_SUCCESS))) {
804
805 t_info("dst_context_verify returned %s, expected %s\n",
806 isc_result_totext(isc_result),
807 expected_result);
808 dst_context_destroy(&ctx);
809 ++*nfails;
810 }
811
812 (void) free(data);
813 dst_context_destroy(&ctx);
814 dst_key_free(&key);
815 return;
816 }
817
818 /*
819 * The astute observer will note that t1() signs then verifies data
820 * during the test but that t2() verifies data that has been
821 * signed at some earlier time, possibly with an entire different
822 * version or implementation of the DSA and RSA algorithms
823 */
824 static const char *a2 =
825 "the dst module provides the capability to "
826 "verify data signed with the RSA and DSA algorithms";
827
828 /*
829 * av == datafile, sigpath, keyname, keyid, alg, exp_result.
830 */
831 static int
832 t2_vfy(char **av) {
833 char *datapath;
834 char *sigpath;
835 char *keyname;
836 char *key;
837 int keyid;
838 char *alg;
839 int algid;
840 char *exp_result;
841 int nfails;
842 int nprobs;
843 isc_mem_t *mctx;
844 isc_entropy_t *ectx;
845 isc_result_t isc_result;
846 int result;
847
848 datapath = *av++;
849 sigpath = *av++;
850 keyname = *av++;
851 key = *av++;
852 keyid = atoi(key);
853 alg = *av++;
854 exp_result = *av++;
855 nfails = 0;
856 nprobs = 0;
857
858 if (! strcasecmp(alg, "DST_ALG_DSA"))
859 algid = DST_ALG_DSA;
860 else if (! strcasecmp(alg, "DST_ALG_RSAMD5"))
861 algid = DST_ALG_RSAMD5;
862 else {
863 t_info("Unknown algorithm %s\n", alg);
864 return(T_UNRESOLVED);
865 }
866
867 mctx = NULL;
868 isc_result = isc_mem_create(0, 0, &mctx);
869 if (isc_result != ISC_R_SUCCESS) {
870 t_info("isc_mem_create failed %s\n",
871 isc_result_totext(isc_result));
872 return(T_UNRESOLVED);
873 }
874 ectx = NULL;
875 isc_result = isc_entropy_create(mctx, &ectx);
876 if (isc_result != ISC_R_SUCCESS) {
877 t_info("isc_entropy_create failed %s\n",
878 isc_result_totext(isc_result));
879 return(T_UNRESOLVED);
880 }
881 isc_result = isc_entropy_createfilesource(ectx, "randomfile");
882 if (isc_result != ISC_R_SUCCESS) {
883 t_info("isc_entropy_create failed %s\n",
884 isc_result_totext(isc_result));
885 return(T_UNRESOLVED);
886 }
887 isc_result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING);
888 if (isc_result != ISC_R_SUCCESS) {
889 t_info("dst_lib_init failed %s\n",
890 isc_result_totext(isc_result));
891 return(T_UNRESOLVED);
892 }
893
894 if (!dst_algorithm_supported(DST_ALG_RSAMD5)) {
895 dst_lib_destroy();
896 t_info("library built without crypto support\n");
897 return (T_UNTESTED);
898 }
899
900 t_info("testing %s, %s, %s, %s, %s, %s\n",
901 datapath, sigpath, keyname, key, alg, exp_result);
902 t2_sigchk(datapath, sigpath, keyname, keyid,
903 algid, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
904 mctx, exp_result,
905 &nfails, &nprobs);
906
907 dst_lib_destroy();
908
909 isc_entropy_detach(&ectx);
910
911 isc_mem_destroy(&mctx);
912
913 result = T_UNRESOLVED;
914 if (nfails)
915 result = T_FAIL;
916 else if ((nfails == 0) && (nprobs == 0))
917 result = T_PASS;
918
919 return(result);
920 }
921
922 static void
923 t2(void) {
924 int result;
925 t_assert("dst", 2, T_REQUIRED, "%s", a2);
926 result = t_eval("dst_2_data", t2_vfy, 6);
927 t_result(result);
928 }
929
930 testspec_t T_testlist[] = {
931 { t1, "basic dst module verification" },
932 { t2, "signature ineffability" },
933 { NULL, NULL }
934 };
935
NetBSD on the FriendlyARM MINI2440