migrate t_dst signature test to lib/dns/tests/dst_test

lib/dns/tests/Atffile

@@ -10,6 +10,7 @@ tp: dbversion_test
 tp: dh_test
 tp: dispatch_test
 tp: dnstap_test
+tp: dst_test
 tp: dstrandom_test
 tp: geoip_test
 tp: gost_test

lib/dns/tests/Makefile.in

@@ -38,6 +38,7 @@ SRCS =		acl_test.c \
 		dh_test.c \
 		dispatch_test.c \
 		dnstap_test.c \
+		dst_test.c \
 		dnstest.c \
 		dstrandom_test.c \
 		geoip_test.c \
@@ -70,6 +71,7 @@ TARGETS =	acl_test@EXEEXT@ \
 		dh_test@EXEEXT@ \
 		dispatch_test@EXEEXT@ \
 		dnstap_test@EXEEXT@ \
+		dst_test@EXEEXT@ \
 		dstrandom_test@EXEEXT@ \
 		geoip_test@EXEEXT@ \
 		gost_test@EXEEXT@ \
@@ -134,6 +136,11 @@ dnstap_test@EXEEXT@: dnstap_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
 			dnstap_test.@O@ dnstest.@O@ ${DNSLIBS} \
 				${ISCLIBS} ${LIBS}
 
+dst_test@EXEEXT@: dst_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+			dst_test.@O@ dnstest.@O@ ${DNSLIBS} \
+			${ISCLIBS} ${LIBS}
+
 geoip_test@EXEEXT@: geoip_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 			geoip_test.@O@ dnstest.@O@ ${DNSLIBS} \

lib/dns/tests/dst_test.c

@@ -0,0 +1,263 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/* ! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <unistd.h>
+
+#include <isc/file.h>
+#include <isc/util.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+#include "../dst_internal.h"
+
+#include "dnstest.h"
+
+ATF_TC(sig);
+ATF_TC_HEAD(sig, tc) {
+	atf_tc_set_md_var(tc, "descr", "signature ineffability");
+}
+
+/*
+ * Read sig in file at path to buf.
+ */
+static isc_result_t
+sig_fromfile(const char *path, isc_buffer_t *buf) {
+	isc_result_t result;
+	size_t rval, len;
+	FILE *fp = NULL;
+	unsigned char val;
+	char *p, *data;
+	off_t size;
+
+	result = isc_stdio_open(path, "rb", &fp);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	result = isc_file_getsizefd(fileno(fp), &size);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	data = isc_mem_get(mctx, (size + 1));
+	ATF_REQUIRE(data != NULL);
+
+	len = (size_t)size;
+	p = data;
+	while (len != 0U) {
+		result = isc_stdio_read(p, 1, len, fp, &rval);
+		ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+		len -= rval;
+		p += rval;
+	}
+	isc_stdio_close(fp);
+
+	p = data;
+	len = size;
+	while (len > 0U) {
+		if ((*p == '\r') || (*p == '\n')) {
+			++p;
+			--len;
+			continue;
+		} else if (len < 2U)
+		       goto err;
+		if (('0' <= *p) && (*p <= '9')) {
+			val = *p - '0';
+		} else if (('A' <= *p) && (*p <= 'F')) {
+			val = *p - 'A' + 10;
+		} else {
+			result = ISC_R_BADHEX;
+			goto err;
+		}
+		++p;
+		val <<= 4;
+		--len;
+		if (('0' <= *p) && (*p <= '9')) {
+			val |= (*p - '0');
+		} else if (('A' <= *p) && (*p <= 'F')) {
+			val |= (*p - 'A' + 10);
+		} else {
+			result = ISC_R_BADHEX;
+			goto err;
+		}
+		++p;
+		--len;
+		isc_buffer_putuint8(buf, val);
+	}
+
+	result = ISC_R_SUCCESS;
+
+ err:
+	isc_mem_put(mctx, data, size + 1);
+	return (result);
+}
+
+static void
+check_sig(const char *datapath, const char *sigpath, const char *keyname,
+	  dns_keytag_t id, dns_secalg_t alg, int type, isc_boolean_t expect)
+{
+	isc_result_t result;
+	size_t rval, len;
+	FILE *fp;
+	dst_key_t *key = NULL;
+	unsigned char sig[512];
+	unsigned char *p;
+	unsigned char *data;
+	off_t size;
+	isc_buffer_t b;
+	isc_buffer_t databuf, sigbuf;
+	isc_region_t datareg, sigreg;
+	dns_fixedname_t fname;
+	dns_name_t *name;
+	dst_context_t *ctx = NULL;
+
+	/*
+	 * Read data from file in a form usable by dst_verify.
+	 */
+	result = isc_stdio_open(datapath, "rb", &fp);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	result = isc_file_getsizefd(fileno(fp), &size);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	data = isc_mem_get(mctx, (size + 1));
+	ATF_REQUIRE(data != NULL);
+
+	p = data;
+	len = (size_t)size;
+	do {
+		result = isc_stdio_read(p, 1, len, fp, &rval);
+		ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+		len -= rval;
+		p += rval;
+	} while (len);
+	isc_stdio_close(fp);
+
+	/*
+	 * Read key from file in a form usable by dst_verify.
+	 */
+	dns_fixedname_init(&fname);
+	name = dns_fixedname_name(&fname);
+	isc_buffer_constinit(&b, keyname, strlen(keyname));
+	isc_buffer_add(&b, strlen(keyname));
+	result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+	result = dst_key_fromfile(name, id, alg, type, "testdata/dst",
+				  mctx, &key);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	isc_buffer_init(&databuf, data, (unsigned int)size);
+	isc_buffer_add(&databuf, (unsigned int)size);
+	isc_buffer_usedregion(&databuf, &datareg);
+
+	memset(sig, 0, sizeof(sig));
+	isc_buffer_init(&sigbuf, sig, sizeof(sig));
+
+	/*
+	 * Read precomputed signature from file in a form usable by dst_verify.
+	 */
+	result = sig_fromfile(sigpath, &sigbuf);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	/*
+	 * Verify that the key signed the data.
+	 */
+	isc_buffer_remainingregion(&sigbuf, &sigreg);
+
+	result = dst_context_create3(key, mctx, DNS_LOGCATEGORY_GENERAL,
+				     ISC_FALSE, &ctx);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+
+	result = dst_context_adddata(ctx, &datareg);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+	result = dst_context_verify(ctx, &sigreg);
+
+	ATF_REQUIRE((expect && (result == ISC_R_SUCCESS)) ||
+		    (!expect && (result != ISC_R_SUCCESS)));
+
+
+	isc_mem_put(mctx, data, size + 1);
+	dst_context_destroy(&ctx);
+	dst_key_free(&key);
+
+	return;
+}
+
+ATF_TC_BODY(sig, tc) {
+	isc_result_t result;
+
+	UNUSED(tc);
+
+	result = dns_test_begin(NULL, ISC_FALSE);
+	ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
+	struct {
+		const char *datapath;
+		const char *sigpath;
+		const char *keyname;
+		dns_keytag_t keyid;
+		dns_secalg_t alg;
+		isc_boolean_t expect;
+	} testcases[] = {
+		{
+			"testdata/dst/test1.data",
+			"testdata/dst/test1.dsasig",
+			"test.", 23616, DST_ALG_DSA, ISC_TRUE
+		},
+		{
+			"testdata/dst/test1.data",
+			"testdata/dst/test1.rsasig",
+			"test.", 54622, DST_ALG_RSAMD5, ISC_TRUE
+		},
+		{
+			/* wrong sig */
+			"testdata/dst/test1.data",
+			"testdata/dst/test1.dsasig",
+			"test.", 54622, DST_ALG_RSAMD5, ISC_FALSE
+		},
+		{
+			/* wrong data */
+			"testdata/dst/test2.data",
+			"testdata/dst/test1.dsasig",
+			"test.", 23616, DST_ALG_DSA, ISC_FALSE
+		},
+	};
+	unsigned int i;
+
+	for (i = 0; i < (sizeof(testcases)/sizeof(testcases[0])); i++) {
+		if (!dst_algorithm_supported(testcases[i].alg)) {
+			continue;
+		}
+
+		check_sig(testcases[i].datapath,
+			  testcases[i].sigpath,
+			  testcases[i].keyname,
+			  testcases[i].keyid,
+			  testcases[i].alg,
+			  DST_TYPE_PRIVATE|DST_TYPE_PUBLIC,
+			  testcases[i].expect);
+	}
+
+	dns_test_end();
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+	ATF_TP_ADD_TC(tp, sig);
+
+	return (atf_no_error());
+}

lib/dns/tests/testdata/dst/Ktest.+001+00002.key

@@ -0,0 +1 @@
+test. IN DNSKEY 49152 2 1

lib/dns/tests/testdata/dst/Ktest.+001+54622.key

@@ -0,0 +1 @@
+test. IN DNSKEY 257 3 1 AQPQjwSpaVzxIgRCpiUoozUQKGh2oX8NIFKDOvtxK+tn536OZg2cROKTlgGEHXJK9YHfW/6nzQULTVpb63P+SQMmjCCidb8IYyhItixRztVeJQ==

lib/dns/tests/testdata/dst/Ktest.+001+54622.private

@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 0I8EqWlc8SIEQqYlKKM1EChodqF/DSBSgzr7cSvrZ+d+jmYNnETik5YBhB1ySvWB31v+p80FC01aW+tz/kkDJowgonW/CGMoSLYsUc7VXiU=
+PublicExponent: Aw==
+PrivateExponent: iwoDG5uTS2wC1xluGxd4tXBFpGuqCMA3AidSS3Kc7++ptEQJEtiXC9kfCJMvZhGfQLaujft2OgrmkcuDVtPIbQWEENhyJhb4Lk82kFXbfus=
+Prime1: /rSKuzcZY7R5cY2YWD4CiBNyj9WJMq1wWmBnb9+5M08nTl5E9NW5qQ==
+Prime2: 0Z5shXQYd16E2Gs6e5WxtO0Oqlly2KkSqXohwTQWDWTb8Pw0WTZmHQ==
+Exponent1: qc2x0iS7l82mS7O65X6sWrehtTkGIcj1kZWaSpUmIjTE3umDTePRGw==
+Exponent2: i77zA6K6+j8DOvIm/Q52eJ4JxuZMkHC3G6bBK3gOs5iSoKgi5iREEw==
+Coefficient: 3+wYZB0SJad7z2EsjzgbSlg6CawoaOvrROGSbwSiW5DCsMFROudOTw==

lib/dns/tests/testdata/dst/Ktest.+003+23616.key

@@ -0,0 +1 @@
+test. IN DNSKEY 16641 3 3 ANp1//lqDlEfTavcFI+cyudNfgEz73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mbEGl6zwve9wq5z7IoTY5/J4l7XLCKftg/wGvrzXQhggIkRvEh3myhxd+ouILcpfvTIthWlTKiH59tSJpmgmiSMTE7nDYaf10iVRWN6DMSprgejiH05/fpmyZAt44tyAh4m1wXS5u4tam1PXDJYJozn7EfQ8e2weIv1yC+t6PHSx

lib/dns/tests/testdata/dst/Ktest.+003+23616.private

@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
+Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
+Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
+Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
+Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==

lib/dns/tests/testdata/dst/Ktest.+003+49667.key

@@ -0,0 +1 @@
+test. IN DNSKEY 49152 2 3

lib/dns/tests/testdata/dst/test1.dsasig

@@ -0,0 +1,3 @@
+0009B55FDB62034326278C9371F32D92
+3D0E1161A32D491BEC38546FC452D903
+A91D806345B2F7F22E

lib/dns/tests/testdata/dst/test1.rsasig

@@ -0,0 +1,5 @@
+A8A20D2F26F792B3CE76DD0E12A85DFE
+FF66AB866EF0BDB0F515001E234E699B
+F5CD6FB41FB15D4213705ABE9B563896
+2196228648E0F8AA7F2F4EED3C19165C
+1B4C70C9D69B93A1F2BE5B2F948CE023