build_auth() {
run "autoreconf -vi"
- # Build without --enable-botan, no botan 2.x in Travis CI
run "./configure \
${sanitizerflags} \
--with-dynmodules='bind gmysql geoip gpgsql gsqlite3 ldap lua mydns opendbx pipe random remote tinydns godbc lua2' \
run "tar xf pdns-recursor-*.tar.bz2"
run "rm -f pdns-recursor-*.tar.bz2"
run "cd pdns-recursor-*"
- # Build without --enable-botan, no botan 2.x in Travis CI
run "./configure \
${sanitizerflags} \
--prefix=$PDNS_RECURSOR_DIR \
}
# global build requirements
-# Add botan 2.x when available in Travis CI
run "sudo apt-get -qq --no-install-recommends install \
libboost-all-dev \
libluajit-5.1-dev \
[have_mmap=no]
)
-PDNS_ENABLE_BOTAN
PDNS_CHECK_LIBSODIUM
PDNS_CHECK_LIBDECAF
PDNS_CHECK_LIBCRYPTO([
[AC_MSG_NOTICE([ed448: yes])],
[AC_MSG_NOTICE([ed448: no])]
)
-AS_IF([test "x$BOTAN_LIBS" != "x"],
- [AC_MSG_NOTICE([gost: yes])],
- [AC_MSG_NOTICE([gost: no])]
-)
AS_IF([test "x$needsqlite3" != "x"],
[AC_MSG_NOTICE([SQLite3: yes])],
[AC_MSG_NOTICE([SQLite3: no])]
Starting with 4.0.0, PowerDNS will link in hash and cryptographic primitives from the open source `OpenSSL <https://openssl.org/>`_ library.
Optionally, PowerDNS can link in a copy of the open source `Botan <https://botan.randombit.net/>`_ cryptographic library.
+Starting with 4.2.0, linking in Botan is no longer possible.
Optionally, PowerDNS can link in a copy of the open source `Sodium <https://libsodium.org/>`_ library.
.. warning::
Due to an interaction between `SoftHSM and Botan <https://github.com/PowerDNS/pdns/issues/2496>`__,
the PowerDNS Authoritative Server **will most likely** crash on exit when built with ``--enable-botan1.10 --enable-experimental-pkcs11``.
- This is the case with the packages provided from the PowerDNS repositories.
+ In 4.2.0, Botan support has been removed and this is no longer an issue.
To test this feature, a software HSM can be used. It is **not
recommended** to use this in production.
+++ /dev/null
-AC_DEFUN([PDNS_ENABLE_BOTAN],[
- AC_MSG_CHECKING([whether we will be linking in Botan 2.x])
- AC_ARG_ENABLE([botan],
- [AS_HELP_STRING([--enable-botan],[use Botan @<:@default=no@:>@])],
- [enable_botan=$enableval],
- [enable_botan=no]
- )
- AC_MSG_RESULT([$enable_botan])
- AM_CONDITIONAL(BOTAN, [test "x$enable_botan" != "xno"])
-
- AS_IF([test "x$enable_botan" != "xno"], [
- PKG_CHECK_MODULES([BOTAN], [botan-2],
- [AC_DEFINE([HAVE_BOTAN],[1],[Define to 1 if you have botan])],
- [AC_MSG_ERROR([Could not find botan])]
- )]
- )
-])
AM_LFLAGS = -i
AM_YFLAGS = -d --verbose --debug
-if BOTAN
-AM_CPPFLAGS += $(BOTAN_CFLAGS)
-endif
-
if PKCS11
AM_CPPFLAGS += $(P11KIT1_CFLAGS)
endif
pdns_server_LDADD += $(LIBCURL)
endif
-if BOTAN
-pdns_server_SOURCES += botansigners.cc
-pdns_server_LDADD += $(BOTAN_LIBS)
-endif
-
if LIBSODIUM
pdns_server_SOURCES += sodiumsigners.cc
pdns_server_LDADD += $(LIBSODIUM_LIBS)
$(BOOST_PROGRAM_OPTIONS_LIBS) \
$(LIBCRYPTO_LIBS)
-if BOTAN
-pdnsutil_SOURCES += botansigners.cc
-pdnsutil_LDADD += $(BOTAN_LIBS)
-endif
-
if LIBSODIUM
pdnsutil_SOURCES += sodiumsigners.cc
pdnsutil_LDADD += $(LIBSODIUM_LIBS)
toysdig_LDADD += $(GSS_LIBS)
endif
-if BOTAN
-toysdig_SOURCES += botansigners.cc
-toysdig_LDADD += $(BOTAN_LIBS)
-endif
-
if PKCS11
toysdig_SOURCES += pkcs11signers.cc pkcs11signers.hh
toysdig_LDADD += $(P11KIT1_LIBS)
testrunner_LDADD += $(LIBSODIUM_LIBS)
endif
-if BOTAN
-testrunner_SOURCES += botansigners.cc
-testrunner_LDADD += $(BOTAN_LIBS)
-endif
-
if LIBDECAF
testrunner_SOURCES += decafsigners.cc
testrunner_LDADD += $(LIBDECAF_LIBS)
+++ /dev/null
-/*
- * This file is part of PowerDNS or dnsdist.
- * Copyright -- PowerDNS.COM B.V. and its contributors
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- *
- * In addition, for the avoidance of any doubt, permission is granted to
- * link this program with OpenSSL and to (re)distribute the binaries
- * produced as the result of such linking.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#include <botan/auto_rng.h>
-#include <botan/gost_3410.h>
-#include <botan/gost_3411.h>
-#include <botan/pubkey.h>
-#include <botan/version.h>
-#include "dnssecinfra.hh"
-
-using namespace Botan;
-
-/* Государственный гимн Российской Федерации
- (Gosudarstvenny Gimn Rossiyskoy Federatsii)
- "The National Anthem of the Russian Federation"
-
- ~ Rossiya - svyashchennaya nasha derzhava, ~
- ~ Rossiya - lyubimaya nasha strana. ~
- ~ Moguchaya volya, velikaya slava - ~
- ~ Tvoyo dostoyanye na vse vremena! ~
- */
-
-class GOSTDNSCryptoKeyEngine : public DNSCryptoKeyEngine
-{
-public:
- explicit GOSTDNSCryptoKeyEngine(unsigned int algorithm) : DNSCryptoKeyEngine(algorithm) {}
- ~GOSTDNSCryptoKeyEngine(){}
- void create(unsigned int bits) override;
- string getName() const override { return "Botan 2 GOST"; }
- storvector_t convertToISCVector() const override;
- std::string getPubKeyHash() const override;
- std::string sign(const std::string& msg) const override;
- std::string hash(const std::string& msg) const override;
- bool verify(const std::string& msg, const std::string& signature) const override;
- std::string getPublicKeyString() const override;
- int getBits() const override;
- void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& content) override;
- void fromPublicKeyString(const std::string& content) override;
- void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
- {}
-
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
- {
- return std::make_shared<GOSTDNSCryptoKeyEngine>(algorithm);
- }
-
-private:
- static EC_Group getParams()
- {
- return EC_Group("gost_256A");
- }
-
- shared_ptr<GOST_3410_PrivateKey> d_key;
- shared_ptr<GOST_3410_PublicKey> d_pubkey;
-};
-
-/*
- ~ Slav'sya, Otechestvo nashe svobodnoye, ~
- ~ Bratskikh narodov soyuz vekovoy, ~
- ~ Predkami dannaya mudrost' narodnaya! ~
- ~ Slav'sya, strana! My gordimsya toboy! ~
-*/
-
-
-void GOSTDNSCryptoKeyEngine::create(unsigned int bits)
-{
- AutoSeeded_RNG rng;
- d_key = std::make_shared<GOST_3410_PrivateKey>(rng, getParams());
-}
-
-int GOSTDNSCryptoKeyEngine::getBits() const
-{
- return 256;
-}
-
-/*
- ~ Ot yuzhnykh morey do polyarnogo kraya ~
- ~ Raskinulis' nashi lesa i polya. ~
- ~ Odna ty na svete! Odna ty takaya - ~
- ~ Khranimaya Bogom rodnaya zemlya! ~
-*/
-
-DNSCryptoKeyEngine::storvector_t GOSTDNSCryptoKeyEngine::convertToISCVector() const
-{
- static const unsigned char asn1Prefix[]=
- {0x30, 0x45, 0x02, 0x01, 0x00, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02,
- 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07,
- 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x01, 0x04, 0x22, 0x04, 0x20}; // this is DER, fixed for a 32 byte key
-
- storvector_t storvect;
- storvect.push_back(make_pair("Algorithm", "12 (ECC-GOST)"));
-
- auto buffer = BigInt::encode(d_key->private_value());
- string gostasn1(reinterpret_cast<const char*>(asn1Prefix), sizeof(asn1Prefix));
- gostasn1.append(buffer.begin(), buffer.end());
- storvect.push_back(make_pair("GostAsn1", gostasn1));
- return storvect;
-}
-
-/*
- ~ Slav'sya, Otechestvo nashe svobodnoye, ~
- ~ Bratskikh narodov soyuz vekovoy, ~
- ~ Predkami dannaya mudrost' narodnaya! ~
- ~ Slav'sya, strana! My gordimsya toboy! ~
-*/
-
-void GOSTDNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap )
-{
- drc.d_algorithm = pdns_stou(stormap["algorithm"]);
- string privateKey=stormap["gostasn1"];
- //cerr<<"PrivateKey.size() = "<<privateKey.size()<<endl;
- //cerr<<makeHexDump(string(privateKey.c_str(), 39))<<endl;
- string rawKey(privateKey.c_str()+39, privateKey.length()-39);
-
- for(size_t i = 0; i < rawKey.size() / 2; ++i)
- {
- std::swap(rawKey[i], rawKey[rawKey.size()-1-i]);
- }
-
- BigInt bigint((byte*)rawKey.c_str(), rawKey.size());
-
- AutoSeeded_RNG rng;
- d_key=std::make_shared<GOST_3410_PrivateKey>(rng, getParams(), bigint);
-
- //cerr<<"Is the just imported key on the curve? " << d_key->public_point().on_the_curve()<<endl;
- //cerr<<"Is the just imported key zero? " << d_key->public_point().is_zero()<<endl;
-
- const BigInt&x = d_key->private_value();
- auto buffer = BigInt::encode(x);
- // cerr<<"And out again! "<<makeHexDump(string((const char*)buffer.begin(), (const char*)buffer.end()))<<endl;
-}
-namespace {
-
-BigInt decode_le(const byte msg[], size_t msg_len)
- {
- Botan::secure_vector<byte> msg_le(msg, msg + msg_len);
-
- for(size_t i = 0; i != msg_le.size() / 2; ++i)
- std::swap(msg_le[i], msg_le[msg_le.size()-1-i]);
-
- return BigInt(&msg_le[0], msg_le.size());
- }
-
-}
-void GOSTDNSCryptoKeyEngine::fromPublicKeyString(const std::string& input)
-{
- BigInt x, y;
-
- x=decode_le((const byte*)input.c_str(), input.length()/2);
- y=decode_le((const byte*)input.c_str() + input.length()/2, input.length()/2);
-
- auto params = getParams();
-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,5,0)
- PointGFp point(params.get_curve(), x,y);
-#else
- PointGFp point(params.point(x,y));
-#endif
- d_pubkey = std::make_shared<GOST_3410_PublicKey>(params, point);
- d_key.reset();
-}
-
-std::string GOSTDNSCryptoKeyEngine::getPubKeyHash() const
-{
- const BigInt&x = d_key->private_value();
- auto buffer = BigInt::encode(x);
- return string(buffer.begin(), buffer.end());
-}
-
-std::string GOSTDNSCryptoKeyEngine::getPublicKeyString() const
-{
- std::shared_ptr<GOST_3410_PublicKey> pk = d_pubkey ? d_pubkey : d_key;
- const BigInt&x =pk->public_point().get_affine_x();
- const BigInt&y =pk->public_point().get_affine_y();
-
- size_t part_size = std::max(x.bytes(), y.bytes());
-
- std::vector<byte> bits(2*part_size);
-
- x.binary_encode(&bits[part_size - x.bytes()]);
- y.binary_encode(&bits[2*part_size - y.bytes()]);
-
- // Keys are stored in little endian format (WTF)
- for(size_t i = 0; i != part_size / 2; ++i)
- {
- std::swap(bits[i], bits[part_size-1-i]);
- std::swap(bits[part_size+i], bits[2*part_size-1-i]);
- }
-
- return string(bits.begin(), bits.end());
-}
-
-/*
- ~ Shirokiy prostor dlya mechty i dlya zhizni. ~
- ~ Gryadushchiye nam otkryvayut goda. ~
- ~ Nam silu dayot nasha vernost' Otchizne. ~
- ~ Tak bylo, tak yest' i tak budet vsegda! ~
- */
-
-std::string GOSTDNSCryptoKeyEngine::sign(const std::string& msg) const
-{
- AutoSeeded_RNG rng;
- PK_Signer signer(*d_key, rng, "Raw");
- signer.update(hash(msg));
- auto signature = signer.signature(rng);
- return string(signature.begin(), signature.end());
-}
-
-std::string GOSTDNSCryptoKeyEngine::hash(const std::string& orig) const
-{
- GOST_34_11 hasher;
- auto result = hasher.process(orig);
- return string(result.begin(), result.end());
-}
-
-
-bool GOSTDNSCryptoKeyEngine::verify(const std::string& message, const std::string& signature) const
-{
- std::shared_ptr<GOST_3410_PublicKey> pk = d_pubkey ? d_pubkey : d_key;
- PK_Verifier verifier(*pk, "Raw");
- verifier.update(hash(message));
- return verifier.check_signature(reinterpret_cast<const uint8_t*>(signature.c_str()), signature.size());
-}
-
-/*
- ~ Slav'sya, Otechestvo nashe svobodnoye, ~
- ~ Bratskikh narodov soyuz vekovoy, ~
- ~ Predkami dannaya mudrost' narodnaya! ~
- ~ Slav'sya, strana! My gordimsya toboy! ~
-*/
-
-
-//////////////////////////////
-
-namespace {
-struct LoaderStruct
-{
- LoaderStruct()
- {
- DNSCryptoKeyEngine::report(12, &GOSTDNSCryptoKeyEngine::maker);
- }
-} loaderBotan2;
-}
JSON11_LIBS = $(top_srcdir)/ext/json11/libjson11.la
PROBDS_LIBS = $(top_srcdir)/ext/probds/libprobds.la
-AM_CPPFLAGS = $(LUA_CFLAGS) $(YAHTTP_CFLAGS) $(BOOST_CPPFLAGS) $(BOTAN_CFLAGS) $(LIBSODIUM_CFLAGS) $(NET_SNMP_CFLAGS) $(SANITIZER_FLAGS) -O3 -Wall -pthread -DSYSCONFDIR=\"${sysconfdir}\" $(SYSTEMD_CFLAGS)
+AM_CPPFLAGS = $(LUA_CFLAGS) $(YAHTTP_CFLAGS) $(BOOST_CPPFLAGS) $(LIBSODIUM_CFLAGS) $(NET_SNMP_CFLAGS) $(SANITIZER_FLAGS) -O3 -Wall -pthread -DSYSCONFDIR=\"${sysconfdir}\" $(SYSTEMD_CFLAGS)
AM_CPPFLAGS += \
-I$(top_srcdir)/ext/json11 \
EXTRA_DIST = \
NOTICE \
.version \
- botansigners.cc \
build-aux/gen-version \
contrib/* \
devpollmplexer.cc \
$(BOOST_FILESYSTEM_LDFLAGS)
endif
-if BOTAN
-pdns_recursor_SOURCES += \
- botansigners.cc
-pdns_recursor_LDADD += $(BOTAN_LIBS)
-testrunner_SOURCES += \
- botansigners.cc
-testrunner_LDADD += $(BOTAN_LIBS)
-endif
-
if LIBSODIUM
pdns_recursor_SOURCES += \
sodiumsigners.cc
+++ /dev/null
-../botansigners.cc
\ No newline at end of file
PDNS_ENABLE_VERBOSE_LOGGING
# Crypto libraries
-PDNS_ENABLE_BOTAN
PDNS_CHECK_LIBCRYPTO([
],[
AC_MSG_ERROR([OpenSSL/libcrypto not found])
[AC_MSG_NOTICE([libdecaf ed25519 and ed448: yes])],
[AC_MSG_NOTICE([libdecaf ed25519 and ed448: no])]
)
-AS_IF([test "x$BOTAN_LIBS" != "x"],
- [AC_MSG_NOTICE([Botan gost: yes])],
- [AC_MSG_NOTICE([Botan gost: no])]
-)
AS_IF([test "x$PROTOBUF_LIBS" != "x" -a x"$PROTOC" != "x"],
[AC_MSG_NOTICE([Protobuf: yes])],
[AC_MSG_NOTICE([Protobuf: no])]
+++ /dev/null
-../../../m4/pdns_enable_botan.m4
\ No newline at end of file
}
}
-#ifdef HAVE_BOTAN
-BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_prefer_sha384_over_gost) {
- std::unique_ptr<SyncRes> sr;
- initSR(sr, true);
-
- setDNSSECValidation(sr, DNSSECMode::ValidateAll);
-
- primeHints();
- const DNSName target("com.");
- testkeysset_t keys, keys2;
-
- auto luaconfsCopy = g_luaconfs.getCopy();
- luaconfsCopy.dsAnchors.clear();
- generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors);
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA384, keys);
- g_luaconfs.setState(luaconfsCopy);
-
- // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::GOST, keys2);
- // But add the existing root key otherwise no RRSIG can be created
- auto rootkey = keys.find(g_rootdnsname);
- keys2.insert(*rootkey);
-
- sr->setAsyncCallback([target, keys, keys2](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res, bool* chained) {
- DNSName auth = domain;
- auth.chopOff();
- if (type == QType::DS || type == QType::DNSKEY) {
- if (domain == target) {
- if (genericDSAndDNSKEYHandler(res, domain, auth, type, keys2) != 1) {
- return 0;
- }
- }
- return genericDSAndDNSKEYHandler(res, domain, auth, type, keys);
- }
- return 0;
- });
-
- dsmap_t ds;
- auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
- BOOST_REQUIRE_EQUAL(ds.size(), 1);
- for (const auto& i : ds) {
- BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::SHA384);
- }
-}
-
-BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_prefer_sha256_over_gost) {
- std::unique_ptr<SyncRes> sr;
- initSR(sr, true);
-
- setDNSSECValidation(sr, DNSSECMode::ValidateAll);
-
- primeHints();
- const DNSName target("com.");
- testkeysset_t keys, keys2;
-
- auto luaconfsCopy = g_luaconfs.getCopy();
- luaconfsCopy.dsAnchors.clear();
- generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors);
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys);
- g_luaconfs.setState(luaconfsCopy);
-
- // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::GOST, keys2);
- // But add the existing root key otherwise no RRSIG can be created
- auto rootkey = keys.find(g_rootdnsname);
- keys2.insert(*rootkey);
-
- sr->setAsyncCallback([target, keys, keys2](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res, bool* chained) {
- DNSName auth = domain;
- auth.chopOff();
- if (type == QType::DS || type == QType::DNSKEY) {
- if (domain == target) {
- if (genericDSAndDNSKEYHandler(res, domain, auth, type, keys2) != 1) {
- return 0;
- }
- }
- return genericDSAndDNSKEYHandler(res, domain, auth, type, keys);
- }
- return 0;
- });
-
- dsmap_t ds;
- auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
- BOOST_REQUIRE_EQUAL(ds.size(), 1);
- for (const auto& i : ds) {
- BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::SHA256);
- }
-}
-
-BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_prefer_gost_over_sha1) {
- std::unique_ptr<SyncRes> sr;
- initSR(sr, true);
-
- setDNSSECValidation(sr, DNSSECMode::ValidateAll);
-
- primeHints();
- const DNSName target("com.");
- testkeysset_t keys, keys2;
-
- auto luaconfsCopy = g_luaconfs.getCopy();
- luaconfsCopy.dsAnchors.clear();
- generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA256, keys, luaconfsCopy.dsAnchors);
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::SHA1, keys);
- g_luaconfs.setState(luaconfsCopy);
-
- // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo
- generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::GOST, keys2);
- // But add the existing root key otherwise no RRSIG can be created
- auto rootkey = keys.find(g_rootdnsname);
- keys2.insert(*rootkey);
-
- sr->setAsyncCallback([target, keys, keys2](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, std::shared_ptr<RemoteLogger> outgoingLogger, LWResult* res, bool* chained) {
- DNSName auth = domain;
- auth.chopOff();
- if (type == QType::DS || type == QType::DNSKEY) {
- if (domain == target) {
- if (genericDSAndDNSKEYHandler(res, domain, auth, type, keys2) != 1) {
- return 0;
- }
- }
- return genericDSAndDNSKEYHandler(res, domain, auth, type, keys);
- }
- return 0;
- });
-
- dsmap_t ds;
- auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
- BOOST_REQUIRE_EQUAL(ds.size(), 1);
- for (const auto& i : ds) {
- BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::GOST);
- }
-}
-#endif // HAVE_BOTAN110
-
/*
// cerr<<"asyncresolve called to ask "<<ip.toStringWithPort()<<" about "<<domain.toString()<<" / "<<QType(type).getName()<<" over "<<(doTCP ? "TCP" : "UDP")<<" (rd: "<<sendRDQuery<<", EDNS0 level: "<<EDNS0Level<<")"<<endl;
DNSSECKeeper::RSASHA256,
true
},
-#ifdef HAVE_BOTAN
- /* ECC-GOST from rfc5933 */
- { "Algorithm: 12\n"
- "GostAsn1: MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQg/9MiXtXKg9FDXDN/R9CmVhJDyuzRAIgh4tPwCu4NHIs=\n",
- "59732 12 1 794287b8033625ae938c0341fd800fd5ce45a728",
- "59732 12 2 a7c24528480884ef4f5c0aaf85b3a20323a96722ccda26045aa7d304c9942868",
- "59732 12 4 6f43cc67087875a5f2115adbc29604f0b5a43be6f28be0deaf71e08168967f7a1a8218d063a6f9137133a721e60eed4f",
- { 0x1f, 0x3f, 0x2a, 0x2d, 0xc6, 0x72, 0x1d, 0xc8, 0xc4, 0x1f, 0x8b, 0xa1, 0xe8, 0x07, 0x83, 0x25, 0x9a, 0xbd, 0xc3, 0x80, 0xc1, 0x67, 0x80, 0xb7, 0x07, 0xed, 0xcb, 0xb0, 0x45, 0x5e, 0x46, 0x00, 0xcb, 0xa2, 0x7c, 0xf4, 0x7a, 0xa1, 0x81, 0x0c, 0xb2, 0xd1, 0xa1, 0xba, 0xb4, 0x53, 0xed, 0x8c, 0x10, 0x79, 0x12, 0x84, 0x9f, 0x9a, 0x69, 0xf5, 0x6d, 0x00, 0x4f, 0x06, 0x30, 0xba, 0xaa, 0xe6 },
- "256 3 12 aRS/DcPWGQj2wVJydT8EcAVoC0kXn5pDVm2IMvDDPXeD32dsSKcmq8KNVzigjL4OXZTV+t/6w4X1gpNrZiC01g==",
- "gost.",
- "00 01 0c 03 00 00 0e 10 70 db d8 80 38 6d 43 80 e9 54 07 65 78 61 6d 70 6c 65 03 6e 65 74 00 03 77 77 77 07 65 78 61 6d 70 6c 65 03 6e 65 74 00 00 01 00 01 00 00 0e 10 00 04 c0 00 02 01 ",
- /* from rfc5933 */
- "7vzzz6iLOmvtjs5FjVjSHT8XnRKFY15ki6KpkNPkUnS8iIns0Kv4APT+D9ibmHhGri6Sfbyyzi67+wBbbW/jrA==",
- 256,
- 256,
- 256,
- DNSSECKeeper::ECCGOST,
- false
- },
-#endif /* HAVE_BOTAN */
#ifdef HAVE_LIBCRYPTO_ECDSA
/* ECDSA-P256-SHA256 from https://github.com/CZ-NIC/knot/blob/master/src/dnssec/tests/sample_keys.h */
{ "Algorithm: 13\n"
#include "logger.hh"
#include "version.hh"
-#ifdef HAVE_BOTAN
-#include <botan/version.h>
-#endif /* HAVE_BOTAN */
-
static ProductType productType;
string compilerVersion()
void showBuildConfiguration()
{
g_log<<Logger::Warning<<"Features: "<<
-#ifdef HAVE_BOTAN
- "botan" << BOTAN_VERSION_MAJOR << "." << BOTAN_VERSION_MINOR << " " <<
-#endif
#ifdef HAVE_LIBSODIUM
"sodium " <<
#endif
projects / pdns / commitdiff