From 530b4335ac2ff8bcfb1ff0a42d01f943c9e95df0 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Wed, 29 Aug 2012 15:19:43 +0000 Subject: [PATCH] expand pdnssec test-algorithm(s) to test engine-B signing with keys generated by engine-A git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2705 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- pdns/dnssecinfra.cc | 64 +++++++++++++++++++++++++++++++++------------ pdns/dnssecinfra.hh | 2 +- 2 files changed, 49 insertions(+), 17 deletions(-) diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index a8081fcb2..e8aab4c89 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -101,16 +101,19 @@ void DNSCryptoKeyEngine::testAll() { BOOST_FOREACH(const allmakers_t::value_type& value, getAllMakers()) { - BOOST_FOREACH(maker_t* signer, value.second) { - // multi_map bestSigner, bestVerifier; - - BOOST_FOREACH(maker_t* verifier, value.second) { - try { - pair res=testMakers(value.first, signer, verifier); - } - catch(std::exception& e) - { - cerr< bestSigner, bestVerifier; + + BOOST_FOREACH(maker_t* verifier, value.second) { + try { + pair res=testMakers(value.first, creator, signer, verifier); + } + catch(std::exception& e) + { + cerr< bestSigner, bestVerifier; BOOST_FOREACH(maker_t* verifier, getAllMakers()[algo]) { try { - pair res=testMakers(algo, signer, verifier); + pair res=testMakers(algo, creator, signer, verifier); } catch(std::exception& e) { @@ -132,14 +137,16 @@ void DNSCryptoKeyEngine::testOne(int algo) } } } + } } -pair DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* signer, maker_t* verifier) +pair DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t* signer, maker_t* verifier) { + shared_ptr dckeCreate(creator(algo)); shared_ptr dckeSign(signer(algo)); shared_ptr dckeVerify(verifier(algo)); - - cerr<<"Testing algorithm "<getName()<<"' -> '"<getName()<<"' "; + + cerr<<"Testing algorithm "<getName()<<"' ->'"<getName()<<"' -> '"<getName()<<"' "; unsigned int bits; if(algo <= 10) bits=1024; @@ -148,7 +155,32 @@ pair DNSCryptoKeyEngine::testMakers(unsigned int alg else bits=384; - dckeSign->create(bits); + dckeCreate->create(bits); + + { // FIXME: this block copy/pasted from makeFromISCString + DNSKEYRecordContent dkrc; + int algorithm = 0; + string sline, key, value, raw; + std::istringstream str(dckeCreate->convertToISC()); + map stormap; + + while(std::getline(str, sline)) { + tie(key,value)=splitField(sline, ':'); + trim(value); + if(pdns_iequals(key,"algorithm")) { + algorithm = atoi(value.c_str()); + stormap["algorithm"]=lexical_cast(algorithm); + continue; + } + else if(pdns_iequals(key, "Private-key-format")) + continue; + raw.clear(); + B64Decode(value, raw); + stormap[toLower(key)]=raw; + } + dckeSign->fromISCMap(dkrc, stormap); + } + string message("Hi! How is life?"); string signature; @@ -165,7 +197,7 @@ pair DNSCryptoKeyEngine::testMakers(unsigned int alg cerr<<"Signature & verify ok, signature "<getName()+" with verifier "+dckeVerify->getName()+" failed"); + throw runtime_error("Verification of creator "+dckeCreate->getName()+" with signer "+dckeSign->getName()+" and verifier "+dckeVerify->getName()+" failed"); } return make_pair(udiffSign, udiffVerify); } diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh index b155f678a..0d9042da5 100644 --- a/pdns/dnssecinfra.hh +++ b/pdns/dnssecinfra.hh @@ -45,7 +45,7 @@ class DNSCryptoKeyEngine typedef DNSCryptoKeyEngine* maker_t(unsigned int algorithm); static void report(unsigned int algorithm, maker_t* maker, bool fallback=false); - static std::pair testMakers(unsigned int algorithm, maker_t* signer, maker_t* verifier); + static std::pair testMakers(unsigned int algorithm, maker_t* creator, maker_t* signer, maker_t* verifier); static void testAll(); static void testOne(int algo); private: -- 2.40.0