initial stab at signer testing; has one 8080 test vector for now
authorPeter van Dijk <peter.van.dijk@powerdns.com>
Sat, 17 Jun 2017 17:01:52 +0000 (19:01 +0200)
committermind04 <mind04@monshouwer.org>
Thu, 22 Jun 2017 09:18:46 +0000 (11:18 +0200)
pdns/Makefile.am
pdns/test-signers.cc [new file with mode: 0644]

index 6a86241a27b94e49fbda648ce2e68745d16a3b6c..ce66160fb32ee6005af7857feb03f04f197b7a0e 100644 (file)
@@ -1116,6 +1116,7 @@ testrunner_SOURCES = \
        base64.cc \
        bindlexer.l \
        bindparser.yy \
+       dbdnsseckeeper.cc \
        dns.cc \
        dns_random.cc \
        dnsbackend.cc \
@@ -1126,6 +1127,7 @@ testrunner_SOURCES = \
        dnsparser.hh dnsparser.cc \
        dnsrecords.cc \
        dnssecinfra.cc \
+       dnssecsigner.cc \
        dnswriter.cc \
        ednsoptions.cc ednsoptions.hh \
        ednssubnet.cc \
@@ -1160,6 +1162,7 @@ testrunner_SOURCES = \
        test-nmtree.cc \
        test-packetcache_cc.cc \
        test-rcpgenerator_cc.cc \
+       test-signers.cc \
        test-sha_hh.cc \
        test-statbag_cc.cc \
        test-zoneparser_tng_cc.cc \
@@ -1184,6 +1187,11 @@ testrunner_SOURCES += pkcs11signers.cc pkcs11signers.hh
 testrunner_LDADD += $(P11KIT1_LIBS)
 endif
 
+if LIBSODIUM
+testrunner_SOURCES += sodiumsigners.cc
+testrunner_LDADD += $(LIBSODIUM_LIBS)
+endif
+
 pdns_control_SOURCES = \
        arguments.cc \
        dynloader.cc \
diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
new file mode 100644 (file)
index 0000000..993c035
--- /dev/null
@@ -0,0 +1,62 @@
+#define BOOST_TEST_DYN_LINK
+#define BOOST_TEST_NO_MAIN
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+#include <boost/test/unit_test.hpp>
+#include <boost/assign/list_of.hpp>
+
+#include <boost/tuple/tuple.hpp>
+#include <boost/scoped_ptr.hpp>
+
+#include "base64.hh"
+#include "dnsseckeeper.hh"
+#include "dnssecinfra.hh"
+#include "misc.hh"
+
+BOOST_AUTO_TEST_SUITE(test_signers)
+
+#ifdef HAVE_LIBSODIUM
+BOOST_AUTO_TEST_CASE(test_ed25519_signer) {
+    vector<std::shared_ptr<DNSRecordContent> > rrs;
+    DNSName qname("example.com.");
+    DNSKEYRecordContent drc;
+
+    // TODO: make this a collection of inputs and resulting sigs for various algos
+    shared_ptr<DNSCryptoKeyEngine> engine = DNSCryptoKeyEngine::makeFromISCString(drc,
+"Private-key-format: v1.2\n"
+"Algorithm: 15 (ED25519)\n"
+"PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI=");
+
+    DNSSECPrivateKey dpk;
+    dpk.setKey(engine);
+
+    reportBasicTypes();
+
+    rrs.push_back(DNSRecordContent::makeunique(QType::MX, 1, "10 mail.example.com."));
+
+    RRSIGRecordContent rrc;
+    rrc.d_originalttl = 3600;
+    rrc.d_sigexpire = 1440021600;
+    rrc.d_siginception = 1438207200;
+    rrc.d_signer = qname;
+    rrc.d_type = QType::MX;
+    rrc.d_labels = 2;
+    // TODO: derive the next two from the key
+    rrc.d_tag = 3613;
+    rrc.d_algorithm = 15;
+
+    string msg = getMessageForRRSET(qname, rrc, rrs, false);
+
+    // vector extracted from https://gitlab.labs.nic.cz/labs/ietf/blob/master/dnskey.py (rev 476d6ded) by printing signature_data
+    BOOST_CHECK_EQUAL(makeHexDump(msg), "00 0f 0f 02 00 00 0e 10 55 d4 fc 60 55 b9 4c e0 0e 1d 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 00 0f 00 01 00 00 0e 10 00 14 00 0a 04 6d 61 69 6c 07 65 78 61 6d 70 6c 65 03 63 6f 6d 00 ");
+
+    string signature = engine->sign(msg);
+    string b64 = Base64Encode(signature);
+
+    // vector verified from dnskey.py as above, and confirmed with https://www.rfc-editor.org/errata_search.php?rfc=8080&eid=4935
+    BOOST_CHECK_EQUAL(b64, "oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jPGrHpjQeRAvTdszaPD+QLs3fx8A4M3e23mRZ9VrbpMngwcrqNAg==");
+}
+#endif
+
+BOOST_AUTO_TEST_SUITE_END()