From bd010d21aa94914ec756109f7e9ec99bd3154968 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 29 Mar 2016 16:01:04 +0200 Subject: [PATCH] Add tests for curved algorithm support --- .../13.example.com | 16 +++++ .../13.example.com.signed | 55 ++++++++++++++++ .../14.example.com | 16 +++++ .../14.example.com.signed | 63 +++++++++++++++++++ .../K13.example.com.+013+18450.key | 5 ++ .../K13.example.com.+013+18450.private | 6 ++ .../K14.example.com.+014+01045.key | 5 ++ .../K14.example.com.+014+01045.private | 6 ++ t/test.pl | 7 +++ 9 files changed, 179 insertions(+) create mode 100644 t/issues/51-support-curved-algorithms/13.example.com create mode 100644 t/issues/51-support-curved-algorithms/13.example.com.signed create mode 100644 t/issues/51-support-curved-algorithms/14.example.com create mode 100644 t/issues/51-support-curved-algorithms/14.example.com.signed create mode 100644 t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key create mode 100644 t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private create mode 100644 t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key create mode 100644 t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private diff --git a/t/issues/51-support-curved-algorithms/13.example.com b/t/issues/51-support-curved-algorithms/13.example.com new file mode 100644 index 0000000..6323e63 --- /dev/null +++ b/t/issues/51-support-curved-algorithms/13.example.com @@ -0,0 +1,16 @@ +$TTL 86400 ; (1 day) +$ORIGIN 13.example.com. +$INCLUDE K13.example.com.+013+18450.key; +@ IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial YYYYMMDDnn + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + + 172800 IN NS ns1.example.org. + 172800 IN NS ns2.example.org. + + IN A 203.0.113.10 +www IN CNAME 13.example.com. diff --git a/t/issues/51-support-curved-algorithms/13.example.com.signed b/t/issues/51-support-curved-algorithms/13.example.com.signed new file mode 100644 index 0000000..2873394 --- /dev/null +++ b/t/issues/51-support-curved-algorithms/13.example.com.signed @@ -0,0 +1,55 @@ +; File written on Tue Mar 29 15:52:18 2016 +; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 +13.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + 86400 RRSIG SOA 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + 7LfQswmP8B9hr6Bg8nr9o8yd/fe6n86HDhs9 + pAByPITSjdqML6Rwb4NOHWvFDZJXVA4mz5Pe + TG4JVHiGYU7HCw== ) + 172800 NS ns1.example.org. + 172800 NS ns2.example.org. + 172800 RRSIG NS 13 3 172800 ( + 20160428125218 20160329125218 18450 13.example.com. + eses1PGFULOHDZbqPt+CMQHdYCIVNdxVMYba + YtW3iA9nN4mfvS6jls69J60bqSA4p3w4tD3k + v9dnDcFdS+tEUQ== ) + 86400 A 203.0.113.10 + 86400 RRSIG A 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + 2QqqZ4i7yq1sCrK82aLm85pTSUgpWR0XsBzi + MVFyjcoW75f0ysZKZafO5lFJECKEP8ncJfEP + NEMXVuyAUJihSA== ) + 3600 NSEC www.13.example.com. A NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 13 3 3600 ( + 20160428125218 20160329125218 18450 13.example.com. + IV+0txuv6DNk7kRBUmkk4jorMjXoyi/klFC/ + 1g5ZK8/cZuFcKREuIW7bmpvhB4Mhj8yWpLJ9 + CVNy339z+Rt/6g== ) + 86400 DNSKEY 257 3 13 ( + SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT + 1KkW0yqIXixXN/szwzm49r6YzlIFHRDXry8a + 7aaIKWopkx8WBA== + ) ; KSK; alg = ECDSAP256SHA256; key id = 18450 + 86400 RRSIG DNSKEY 13 3 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + OsKqN6fhvL4b0XK5TOEpZXrSoC/GcRMlCqIe + csfZem7xMmcBjUe333/fJdw0x1QKmA17BoX/ + Px88zz24dRW0Vg== ) +www.13.example.com. 86400 IN CNAME 13.example.com. + 86400 RRSIG CNAME 13 4 86400 ( + 20160428125218 20160329125218 18450 13.example.com. + CFfxilFg72g3rQerviVCO6jmf8kVodqusejq + WETSBiCAfMhcB2+uLsitmaH8LsAiNLNMY7nc + 533WnQjsJ4vsmQ== ) + 3600 NSEC 13.example.com. CNAME RRSIG NSEC + 3600 RRSIG NSEC 13 4 3600 ( + 20160428125218 20160329125218 18450 13.example.com. + IWqCg2pcOd9kX4waHb8Ij3kWeJxfXGKUBbpf + Fuc3bhOJ/rvQ2kPYO305TeZP5Rfcd7+efDEb + i8be+VqhOgf7Pg== ) diff --git a/t/issues/51-support-curved-algorithms/14.example.com b/t/issues/51-support-curved-algorithms/14.example.com new file mode 100644 index 0000000..8b006df --- /dev/null +++ b/t/issues/51-support-curved-algorithms/14.example.com @@ -0,0 +1,16 @@ +$TTL 86400 ; (1 day) +$ORIGIN 14.example.com. +$INCLUDE K14.example.com.+014+01045.key; +@ IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial YYYYMMDDnn + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + + 172800 IN NS ns1.example.org. + 172800 IN NS ns2.example.org. + + IN A 203.0.113.10 +www IN CNAME 14.example.com. diff --git a/t/issues/51-support-curved-algorithms/14.example.com.signed b/t/issues/51-support-curved-algorithms/14.example.com.signed new file mode 100644 index 0000000..618c6d9 --- /dev/null +++ b/t/issues/51-support-curved-algorithms/14.example.com.signed @@ -0,0 +1,63 @@ +; File written on Tue Mar 29 15:52:22 2016 +; dnssec_signzone version 9.9.8-P4-RedHat-9.9.8_P4-2.el7.0 +14.example.com. 86400 IN SOA ns1.example.com. hostmaster.example.com. ( + 2014012401 ; serial + 14400 ; refresh (4 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 3600 ; minimum (1 hour) + ) + 86400 RRSIG SOA 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + 5FEzZuz1HrgRNTakg4D24h1RrO1Kx9IDzXN6 + S/00bsfO5AQ8hxVd2X7XzrYGdqs+gpecBpkl + WLG1MrEgzYvRVgPTVY0bL0U7GxmvqAp871WH + yuJKB8NFTkgQDA7cA2Do ) + 172800 NS ns1.example.org. + 172800 NS ns2.example.org. + 172800 RRSIG NS 14 3 172800 ( + 20160428125222 20160329125222 1045 14.example.com. + 9Yol4eoRhw52o7LJqCnTlDlQlFbaHFyTOGf4 + 3MAPNe5hx2NFCujCg9RxE66l+BE6otDMC+tb + hJKVPfb5U8+rpjDna3H1RSjV7MkS4crlzS0k + 0rximlQ9x7OIy2wkZ0bw ) + 86400 A 203.0.113.10 + 86400 RRSIG A 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + DG685u5rAML7/ga7TnixPiLwBEHFzcGpQeRc + WZkPX2W/gJ8VyejkZbWDinYEZIVUeQaRTNW4 + RcXBSq7o5wDgTJUSih+fnoLh9Fuzlfch6voG + qGKMeWl4i+2eYF7QImB8 ) + 3600 NSEC www.14.example.com. A NS SOA RRSIG NSEC DNSKEY + 3600 RRSIG NSEC 14 3 3600 ( + 20160428125222 20160329125222 1045 14.example.com. + tPxJtlAhflaMsTI0zx0vt+R73cmU9zL9ly20 + xrhZlRWhScxZ4y8fAIs57rfbl4XCe1Rln6y/ + TZ3V0BcpXH2fl3vXxOJqcnsK/RHHxl57va7E + v704MwP3Je9qhirfLd6O ) + 86400 DNSKEY 257 3 14 ( + FWoMjTSsjInt9389me7cymDHNbntmNWejqPI + zSsifAs2CdBtfCoN98LvEU1eADIG4kkpKvVv + QTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+b + N7uEPJzIZhen3X6bIwYg + ) ; KSK; alg = ECDSAP384SHA384; key id = 1045 + 86400 RRSIG DNSKEY 14 3 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + FD2AI0MGo8w5JRfVihohNNsgj1pVrCUxaehv + R7DH2eS7STiJFEBFr8e8UO1CiDGXuOGhgoPY + CyEay93XJfdHaWBA4iCPctZUkdyA5ZXrYrpT + iCkK6GK0MtbyH7W3H4Uu ) +www.14.example.com. 86400 IN CNAME 14.example.com. + 86400 RRSIG CNAME 14 4 86400 ( + 20160428125222 20160329125222 1045 14.example.com. + Y8knRqg1Hpta6KZ57zc+eY6XDgIgRLVYWZ0m + 7YESOgRTU0oEU8j8NQ+S1RPAZM8migNkHjB4 + NKdm9DCMnlD237546++VmZFUZgzGnKW3lQAQ + GpTe7MtqMUY40B+TxSIg ) + 3600 NSEC 14.example.com. CNAME RRSIG NSEC + 3600 RRSIG NSEC 14 4 3600 ( + 20160428125222 20160329125222 1045 14.example.com. + TnQB0LmuU2Z4WtQDOBslDrIWFguyh4rv17gZ + nV8GvUJnn1Wk8/djZv47chNeNK6Rxt+lUaDm + E9S6f7eSJiGTAP6N0Mgfg7BmFbmD+4ZOUez2 + t5FEl5KRUrPoiHQvOB8w ) diff --git a/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key b/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key new file mode 100644 index 0000000..5b1888c --- /dev/null +++ b/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.key @@ -0,0 +1,5 @@ +; This is a key-signing key, keyid 18450, for 13.example.com. +; Created: 20160302102736 (Wed Mar 2 11:27:36 2016) +; Publish: 20160302102736 (Wed Mar 2 11:27:36 2016) +; Activate: 20160302102736 (Wed Mar 2 11:27:36 2016) +13.example.com. IN DNSKEY 257 3 13 SFycyLoVKBBL0re1qD6sezd/bOM9jwtT/mTT1KkW0yqIXixXN/szwzm4 9r6YzlIFHRDXry8a7aaIKWopkx8WBA== diff --git a/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private b/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private new file mode 100644 index 0000000..4c9bece --- /dev/null +++ b/t/issues/51-support-curved-algorithms/K13.example.com.+013+18450.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 13 (ECDSAP256SHA256) +PrivateKey: X3Mr05PnOJKClnUa14y2CdCCHUjkUNFl6wh1knpRKg== +Created: 20160302102736 +Publish: 20160302102736 +Activate: 20160302102736 diff --git a/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key b/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key new file mode 100644 index 0000000..fcca3c5 --- /dev/null +++ b/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.key @@ -0,0 +1,5 @@ +; This is a key-signing key, keyid 1045, for 14.example.com. +; Created: 20160302103027 (Wed Mar 2 11:30:27 2016) +; Publish: 20160302103027 (Wed Mar 2 11:30:27 2016) +; Activate: 20160302103027 (Wed Mar 2 11:30:27 2016) +14.example.com. IN DNSKEY 257 3 14 FWoMjTSsjInt9389me7cymDHNbntmNWejqPIzSsifAs2CdBtfCoN98Lv EU1eADIG4kkpKvVvQTYnoiUP/jsFQa6Uz+PmfgKO+PpyNl1fNy+bN7uE PJzIZhen3X6bIwYg diff --git a/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private b/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private new file mode 100644 index 0000000..c64255a --- /dev/null +++ b/t/issues/51-support-curved-algorithms/K14.example.com.+014+01045.private @@ -0,0 +1,6 @@ +Private-key-format: v1.3 +Algorithm: 14 (ECDSAP384SHA384) +PrivateKey: U2ji19bf3QQ3wqgNm1/PJUcD4Bp17Gb53UIcSCPe9yNd665GOvlRSCQaKbr+IXCY +Created: 20160302103027 +Publish: 20160302103027 +Activate: 20160302103027 diff --git a/t/test.pl b/t/test.pl index f54781d..371a273 100644 --- a/t/test.pl +++ b/t/test.pl @@ -356,6 +356,13 @@ @e = split /\n/, stderr; like(shift @e, qr/signature is too old/, "multitime: signature is too old"); +# issue 51: support curved algorithms +run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/13.example.com.signed'); +is(rc, 0, 'issue 51: support ECDSAP256SHA256'); + +run('./validns', @threads, '-t1459259658', 't/issues/51-support-curved-algorithms/14.example.com.signed'); +is(rc, 0, 'issue 51: support ECDSAP384SHA384'); + } done_testing;