diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 18:37:14 +0000 |
commit | ea648e70a989cca190cd7403fe892fd2dcc290b4 (patch) | |
tree | e2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/system/tkey | |
parent | Initial commit. (diff) | |
download | bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip |
Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/tkey/Makefile.in | 54 | ||||
-rw-r--r-- | bin/tests/system/tkey/clean.sh | 17 | ||||
-rw-r--r-- | bin/tests/system/tkey/keycreate.c | 337 | ||||
-rw-r--r-- | bin/tests/system/tkey/keydelete.c | 271 | ||||
-rw-r--r-- | bin/tests/system/tkey/ns1/example.db | 25 | ||||
-rw-r--r-- | bin/tests/system/tkey/ns1/named.conf.in | 50 | ||||
-rw-r--r-- | bin/tests/system/tkey/ns1/setup.sh | 18 | ||||
-rw-r--r-- | bin/tests/system/tkey/prereq.sh | 15 | ||||
-rw-r--r-- | bin/tests/system/tkey/setup.sh | 19 | ||||
-rw-r--r-- | bin/tests/system/tkey/tests.sh | 147 |
10 files changed, 953 insertions, 0 deletions
diff --git a/bin/tests/system/tkey/Makefile.in b/bin/tests/system/tkey/Makefile.in new file mode 100644 index 0000000..252b6c0 --- /dev/null +++ b/bin/tests/system/tkey/Makefile.in @@ -0,0 +1,54 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# $Id: Makefile.in,v 1.14 2009/12/05 23:31:40 each Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +VERSION=@BIND9_VERSION@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@ + +CDEFINES = @CRYPTO@ +CWARNINGS = + +DNSLIBS = ../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ +ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@ + +DNSDEPLIBS = ../../../../lib/dns/libdns.@A@ +ISCDEPLIBS = ../../../../lib/isc/libisc.@A@ + +DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} + +LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ + +TARGETS = keycreate@EXEEXT@ keydelete@EXEEXT@ + +CREATEOBJS = keycreate.@O@ +DELETEOBJS = keydelete.@O@ + +SRCS = keycreate.c keydelete.c + +@BIND9_MAKE_RULES@ + +all: keycreate@EXEEXT@ keydelete@EXEEXT@ + +keycreate@EXEEXT@: ${CREATEOBJS} ${DEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${CREATEOBJS} ${LIBS} + +keydelete@EXEEXT@: ${DELETEOBJS} ${DEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${DELETEOBJS} ${LIBS} + +clean distclean:: + rm -f ${TARGETS} + diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh new file mode 100644 index 0000000..a8ea8cf --- /dev/null +++ b/bin/tests/system/tkey/clean.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +rm -f dig.out.* rndc.out.* ns1/named.conf +rm -f K* ns1/K* +rm -f */named.memstats +rm -f */named.run +rm -f ns1/_default.tsigkeys +rm -f ns*/named.lock diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c new file mode 100644 index 0000000..5a00f86 --- /dev/null +++ b/bin/tests/system/tkey/keycreate.c @@ -0,0 +1,337 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +#include <config.h> + +#include <stdlib.h> +#include <string.h> + +#include <isc/app.h> +#include <isc/base64.h> +#include <isc/entropy.h> +#include <isc/hash.h> +#include <isc/log.h> +#include <isc/mem.h> +#include <isc/print.h> +#include <isc/sockaddr.h> +#include <isc/socket.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <pk11/site.h> + +#include <dns/dispatch.h> +#include <dns/fixedname.h> +#include <dns/keyvalues.h> +#include <dns/message.h> +#include <dns/name.h> +#include <dns/request.h> +#include <dns/result.h> +#include <dns/tkey.h> +#include <dns/tsig.h> +#include <dns/view.h> + +#include <dst/result.h> + +#define CHECK(str, x) { \ + if ((x) != ISC_R_SUCCESS) { \ + fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \ + exit(-1); \ + } \ +} + +#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) + +#define PORT 5300 +#define TIMEOUT 30 + +static dst_key_t *ourkey; +static isc_mem_t *mctx; +static dns_tsigkey_t *tsigkey, *initialkey; +static dns_tsig_keyring_t *ring; +static unsigned char noncedata[16]; +static isc_buffer_t nonce; +static dns_requestmgr_t *requestmgr; +static const char *ownername_str = "."; + +#ifndef PK11_MD5_DISABLE +static void +recvquery(isc_task_t *task, isc_event_t *event) { + dns_requestevent_t *reqev = (dns_requestevent_t *)event; + isc_result_t result; + dns_message_t *query, *response; + char keyname[256]; + isc_buffer_t keynamebuf; + int type; + + UNUSED(task); + + REQUIRE(reqev != NULL); + + if (reqev->result != ISC_R_SUCCESS) { + fprintf(stderr, "I:request event result: %s\n", + isc_result_totext(reqev->result)); + exit(-1); + } + + query = reqev->ev_arg; + + response = NULL; + result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); + CHECK("dns_message_create", result); + + result = dns_request_getresponse(reqev->request, response, + DNS_MESSAGEPARSE_PRESERVEORDER); + CHECK("dns_request_getresponse", result); + + if (response->rcode != dns_rcode_noerror) { + result = ISC_RESULTCLASS_DNSRCODE + response->rcode; + fprintf(stderr, "I:response rcode: %s\n", + isc_result_totext(result)); + exit(-1); + } + + result = dns_tkey_processdhresponse(query, response, ourkey, &nonce, + &tsigkey, ring); + CHECK("dns_tkey_processdhresponse", result); + + /* + * Yes, this is a hack. + */ + isc_buffer_init(&keynamebuf, keyname, sizeof(keyname)); + result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf); + CHECK("dst_key_buildfilename", result); + printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf), + (char *)isc_buffer_base(&keynamebuf)); + type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY; + result = dst_key_tofile(tsigkey->key, type, ""); + CHECK("dst_key_tofile", result); + + dns_message_destroy(&query); + dns_message_destroy(&response); + dns_request_destroy(&reqev->request); + isc_event_free(&event); + isc_app_shutdown(); + return; +} +#endif + +static void +sendquery(isc_task_t *task, isc_event_t *event) { +#ifndef PK11_MD5_DISABLE + struct in_addr inaddr; + isc_sockaddr_t address; + isc_region_t r; + isc_result_t result; + dns_fixedname_t keyname; + dns_fixedname_t ownername; + isc_buffer_t namestr, keybuf; + unsigned char keydata[9]; + dns_message_t *query; + dns_request_t *request; + static char keystr[] = "0123456789ab"; + + isc_event_free(&event); + + result = ISC_R_FAILURE; + if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) + CHECK("inet_pton", result); + isc_sockaddr_fromin(&address, &inaddr, PORT); + + dns_fixedname_init(&keyname); + isc_buffer_constinit(&namestr, "tkeytest.", 9); + isc_buffer_add(&namestr, 9); + result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, + NULL, 0, NULL); + CHECK("dns_name_fromtext", result); + + dns_fixedname_init(&ownername); + isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str)); + isc_buffer_add(&namestr, strlen(ownername_str)); + result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, + NULL, 0, NULL); + CHECK("dns_name_fromtext", result); + + isc_buffer_init(&keybuf, keydata, 9); + result = isc_base64_decodestring(keystr, &keybuf); + CHECK("isc_base64_decodestring", result); + + isc_buffer_usedregion(&keybuf, &r); + + initialkey = NULL; + result = dns_tsigkey_create(dns_fixedname_name(&keyname), + DNS_TSIG_HMACMD5_NAME, + isc_buffer_base(&keybuf), + isc_buffer_usedlength(&keybuf), + false, NULL, 0, 0, mctx, ring, + &initialkey); + CHECK("dns_tsigkey_create", result); + + query = NULL; + result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); + CHECK("dns_message_create", result); + + result = dns_tkey_builddhquery(query, ourkey, + dns_fixedname_name(&ownername), + DNS_TSIG_HMACMD5_NAME, &nonce, 3600); + CHECK("dns_tkey_builddhquery", result); + + request = NULL; + result = dns_request_create(requestmgr, query, &address, + DNS_REQUESTOPT_TCP, initialkey, + TIMEOUT, task, recvquery, query, + &request); + CHECK("dns_request_create", result); +#else + UNUSED(task); + + isc_event_free(&event); + CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); +#endif +} + +int +main(int argc, char *argv[]) { + char *ourkeyname; + isc_taskmgr_t *taskmgr; + isc_timermgr_t *timermgr; + isc_socketmgr_t *socketmgr; + isc_socket_t *sock; + unsigned int attrs, attrmask; + isc_sockaddr_t bind_any; + dns_dispatchmgr_t *dispatchmgr; + dns_dispatch_t *dispatchv4; + dns_view_t *view; + isc_entropy_t *ectx; + dns_tkeyctx_t *tctx; + isc_log_t *log; + isc_logconfig_t *logconfig; + isc_task_t *task; + isc_result_t result; + int type; + + RUNCHECK(isc_app_start()); + + if (argc < 2) { + fprintf(stderr, "I:no DH key provided\n"); + exit(-1); + } + ourkeyname = argv[1]; + + if (argc >= 3) + ownername_str = argv[2]; + + dns_result_register(); + + mctx = NULL; + isc_mem_debugging = ISC_MEM_DEBUGRECORD; + RUNCHECK(isc_mem_create(0, 0, &mctx)); + + ectx = NULL; + RUNCHECK(isc_entropy_create(mctx, &ectx)); + RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data")); + RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); + + log = NULL; + logconfig = NULL; + RUNCHECK(isc_log_create(mctx, &log, &logconfig)); + + RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY)); + + taskmgr = NULL; + RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr)); + task = NULL; + RUNCHECK(isc_task_create(taskmgr, 0, &task)); + timermgr = NULL; + RUNCHECK(isc_timermgr_create(mctx, &timermgr)); + socketmgr = NULL; + RUNCHECK(isc_socketmgr_create(mctx, &socketmgr)); + dispatchmgr = NULL; + RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)); + isc_sockaddr_any(&bind_any); + attrs = DNS_DISPATCHATTR_UDP | + DNS_DISPATCHATTR_MAKEQUERY | + DNS_DISPATCHATTR_IPV4; + attrmask = DNS_DISPATCHATTR_UDP | + DNS_DISPATCHATTR_TCP | + DNS_DISPATCHATTR_IPV4 | + DNS_DISPATCHATTR_IPV6; + dispatchv4 = NULL; + RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, + &bind_any, 4096, 4, 2, 3, 5, + attrs, attrmask, &dispatchv4)); + requestmgr = NULL; + RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr, + dispatchmgr, dispatchv4, NULL, + &requestmgr)); + + ring = NULL; + RUNCHECK(dns_tsigkeyring_create(mctx, &ring)); + tctx = NULL; + RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx)); + + view = NULL; + RUNCHECK(dns_view_create(mctx, 0, "_test", &view)); + dns_view_setkeyring(view, ring); + dns_tsigkeyring_detach(&ring); + + sock = NULL; + RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp, + &sock)); + + RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL)); + + ourkey = NULL; + type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; + result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey); + CHECK("dst_key_fromnamedfile", result); + + isc_buffer_init(&nonce, noncedata, sizeof(noncedata)); + result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata), + NULL, ISC_ENTROPY_BLOCKING); + CHECK("isc_entropy_getdata", result); + isc_buffer_add(&nonce, sizeof(noncedata)); + + (void)isc_app_run(); + + dns_requestmgr_shutdown(requestmgr); + dns_requestmgr_detach(&requestmgr); + dns_dispatch_detach(&dispatchv4); + dns_dispatchmgr_destroy(&dispatchmgr); + isc_task_shutdown(task); + isc_task_detach(&task); + isc_taskmgr_destroy(&taskmgr); + isc_socket_detach(&sock); + isc_socketmgr_destroy(&socketmgr); + isc_timermgr_destroy(&timermgr); + + dst_key_free(&ourkey); + dns_tsigkey_detach(&initialkey); + dns_tsigkey_detach(&tsigkey); + + dns_tkeyctx_destroy(&tctx); + + dns_view_detach(&view); + + isc_log_destroy(&log); + + dst_lib_destroy(); + isc_hash_destroy(); + isc_entropy_detach(&ectx); + + isc_mem_destroy(&mctx); + + isc_app_finish(); + + return (0); +} diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c new file mode 100644 index 0000000..bde66a4 --- /dev/null +++ b/bin/tests/system/tkey/keydelete.c @@ -0,0 +1,271 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +#include <config.h> + +#include <stdlib.h> +#include <string.h> + +#include <isc/app.h> +#include <isc/base64.h> +#include <isc/entropy.h> +#include <isc/hash.h> +#include <isc/log.h> +#include <isc/mem.h> +#include <isc/print.h> +#include <isc/sockaddr.h> +#include <isc/socket.h> +#include <isc/task.h> +#include <isc/timer.h> +#include <isc/util.h> + +#include <pk11/site.h> + +#include <dns/dispatch.h> +#include <dns/fixedname.h> +#include <dns/keyvalues.h> +#include <dns/message.h> +#include <dns/name.h> +#include <dns/request.h> +#include <dns/result.h> +#include <dns/tkey.h> +#include <dns/tsig.h> +#include <dns/view.h> + +#include <dst/result.h> + +#define CHECK(str, x) { \ + if ((x) != ISC_R_SUCCESS) { \ + fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \ + exit(-1); \ + } \ +} + +#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) + +#define PORT 5300 +#define TIMEOUT 30 + +static isc_mem_t *mctx; +static dns_tsigkey_t *tsigkey; +static dns_tsig_keyring_t *ring; +static dns_requestmgr_t *requestmgr; + +static void +recvquery(isc_task_t *task, isc_event_t *event) { + dns_requestevent_t *reqev = (dns_requestevent_t *)event; + isc_result_t result; + dns_message_t *query, *response; + + UNUSED(task); + + REQUIRE(reqev != NULL); + + if (reqev->result != ISC_R_SUCCESS) { + fprintf(stderr, "I:request event result: %s\n", + isc_result_totext(reqev->result)); + exit(-1); + } + + query = reqev->ev_arg; + + response = NULL; + result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); + CHECK("dns_message_create", result); + + result = dns_request_getresponse(reqev->request, response, + DNS_MESSAGEPARSE_PRESERVEORDER); + CHECK("dns_request_getresponse", result); + + if (response->rcode != dns_rcode_noerror) { + result = ISC_RESULTCLASS_DNSRCODE + response->rcode; + fprintf(stderr, "I:response rcode: %s\n", + isc_result_totext(result)); + exit(-1); + } + + result = dns_tkey_processdeleteresponse(query, response, ring); + CHECK("dns_tkey_processdhresponse", result); + + dns_message_destroy(&query); + dns_message_destroy(&response); + dns_request_destroy(&reqev->request); + isc_event_free(&event); + isc_app_shutdown(); + return; +} + +static void +sendquery(isc_task_t *task, isc_event_t *event) { + struct in_addr inaddr; + isc_sockaddr_t address; + isc_result_t result; + dns_message_t *query; + dns_request_t *request; + + isc_event_free(&event); + + result = ISC_R_FAILURE; + if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) + CHECK("inet_pton", result); + isc_sockaddr_fromin(&address, &inaddr, PORT); + + query = NULL; + result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); + CHECK("dns_message_create", result); + + result = dns_tkey_builddeletequery(query, tsigkey); + CHECK("dns_tkey_builddeletequery", result); + + request = NULL; + result = dns_request_create(requestmgr, query, &address, + DNS_REQUESTOPT_TCP, tsigkey, TIMEOUT, + task, recvquery, query, &request); + CHECK("dns_request_create", result); +} + +int +main(int argc, char **argv) { + char *keyname; + isc_taskmgr_t *taskmgr; + isc_timermgr_t *timermgr; + isc_socketmgr_t *socketmgr; + isc_socket_t *sock; + unsigned int attrs, attrmask; + isc_sockaddr_t bind_any; + dns_dispatchmgr_t *dispatchmgr; + dns_dispatch_t *dispatchv4; + dns_view_t *view; + isc_entropy_t *ectx; + dns_tkeyctx_t *tctx; + dst_key_t *dstkey; + isc_log_t *log; + isc_logconfig_t *logconfig; + isc_task_t *task; + isc_result_t result; + int type; + + RUNCHECK(isc_app_start()); + + if (argc < 2) { + fprintf(stderr, "I:no key to delete\n"); + exit(-1); + } + keyname = argv[1]; + + dns_result_register(); + + mctx = NULL; + RUNCHECK(isc_mem_create(0, 0, &mctx)); + + ectx = NULL; + RUNCHECK(isc_entropy_create(mctx, &ectx)); + RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data")); + RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); + + log = NULL; + logconfig = NULL; + RUNCHECK(isc_log_create(mctx, &log, &logconfig)); + + RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY)); + + taskmgr = NULL; + RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr)); + task = NULL; + RUNCHECK(isc_task_create(taskmgr, 0, &task)); + timermgr = NULL; + RUNCHECK(isc_timermgr_create(mctx, &timermgr)); + socketmgr = NULL; + RUNCHECK(isc_socketmgr_create(mctx, &socketmgr)); + dispatchmgr = NULL; + RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)); + isc_sockaddr_any(&bind_any); + attrs = DNS_DISPATCHATTR_UDP | + DNS_DISPATCHATTR_MAKEQUERY | + DNS_DISPATCHATTR_IPV4; + attrmask = DNS_DISPATCHATTR_UDP | + DNS_DISPATCHATTR_TCP | + DNS_DISPATCHATTR_IPV4 | + DNS_DISPATCHATTR_IPV6; + dispatchv4 = NULL; + RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, + &bind_any, 4096, 4, 2, 3, 5, + attrs, attrmask, &dispatchv4)); + requestmgr = NULL; + RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr, + dispatchmgr, dispatchv4, NULL, + &requestmgr)); + + ring = NULL; + RUNCHECK(dns_tsigkeyring_create(mctx, &ring)); + tctx = NULL; + RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx)); + + view = NULL; + RUNCHECK(dns_view_create(mctx, 0, "_test", &view)); + dns_view_setkeyring(view, ring); + + sock = NULL; + RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp, + &sock)); + + RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL)); + + dstkey = NULL; + type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; + result = dst_key_fromnamedfile(keyname, NULL, type, mctx, &dstkey); + CHECK("dst_key_fromnamedfile", result); +#ifndef PK11_MD5_DISABLE + result = dns_tsigkey_createfromkey(dst_key_name(dstkey), + DNS_TSIG_HMACMD5_NAME, + dstkey, true, NULL, 0, 0, + mctx, ring, &tsigkey); + dst_key_free(&dstkey); + CHECK("dns_tsigkey_createfromkey", result); +#else + dst_key_free(&dstkey); + CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED); +#endif + + (void)isc_app_run(); + + dns_requestmgr_shutdown(requestmgr); + dns_requestmgr_detach(&requestmgr); + dns_dispatch_detach(&dispatchv4); + dns_dispatchmgr_destroy(&dispatchmgr); + isc_task_shutdown(task); + isc_task_detach(&task); + isc_taskmgr_destroy(&taskmgr); + isc_socket_detach(&sock); + isc_socketmgr_destroy(&socketmgr); + isc_timermgr_destroy(&timermgr); + + dns_tsigkeyring_detach(&ring); + + dns_tsigkey_detach(&tsigkey); + + dns_tkeyctx_destroy(&tctx); + + dns_view_detach(&view); + + isc_log_destroy(&log); + + dst_lib_destroy(); + isc_hash_destroy(); + isc_entropy_detach(&ectx); + + isc_mem_destroy(&mctx); + + isc_app_finish(); + + return (0); +} diff --git a/bin/tests/system/tkey/ns1/example.db b/bin/tests/system/tkey/ns1/example.db new file mode 100644 index 0000000..7771d28 --- /dev/null +++ b/bin/tests/system/tkey/ns1/example.db @@ -0,0 +1,25 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 1D + +@ IN SOA ns hostmaster ( + 1 + 3600 + 1800 + 1814400 + 3 + ) + NS ns +ns A 10.53.0.1 +mx MX 10 mail +a A 10.53.0.1 + A 10.53.0.2 +txt TXT "this is text" + diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in new file mode 100644 index 0000000..9300397 --- /dev/null +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -0,0 +1,50 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* $Id: named.conf.in,v 1.10 2011/11/03 23:46:26 tbox Exp $ */ + +controls { /* empty */ }; + +options { + query-source address 10.53.0.1; + notify-source 10.53.0.1; + transfer-source 10.53.0.1; + port 5300; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + notify no; + tkey-domain "server"; + tkey-dhkey "server" KEYID; + allow-query-cache { any; }; + random-device "RANDFILE"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; +}; + +key "tkeytest." { + algorithm hmac-md5; + secret "0123456789ab"; +}; + +zone example { + type master; + file "example.db"; + allow-query { key tkeytest.; none; }; +}; diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh new file mode 100644 index 0000000..c1e2ff3 --- /dev/null +++ b/bin/tests/system/tkey/ns1/setup.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +keyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE server` +keyid=`echo $keyname | $PERL -p -e 's/^.*\+0*//;'` +rm -f named.conf +sed -e "s;KEYID;$keyid;" -e "s;RANDFILE;$RANDFILE;" < named.conf.in > named.conf diff --git a/bin/tests/system/tkey/prereq.sh b/bin/tests/system/tkey/prereq.sh new file mode 100644 index 0000000..a0d4e9c --- /dev/null +++ b/bin/tests/system/tkey/prereq.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +exec $SHELL ../testcrypto.sh diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh new file mode 100644 index 0000000..299ae5d --- /dev/null +++ b/bin/tests/system/tkey/setup.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +$SHELL clean.sh + +test -r $RANDFILE || $GENRANDOM 400 $RANDFILE + +cd ns1 && $SHELL setup.sh diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh new file mode 100644 index 0000000..9f90dd7 --- /dev/null +++ b/bin/tests/system/tkey/tests.sh @@ -0,0 +1,147 @@ +#!/bin/sh +# +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +# $Id: tests.sh,v 1.11 2011/11/03 23:46:26 tbox Exp $ + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIGOPTS="@10.53.0.1 -p 5300" + +status=0 + +echo "I:generating new DH key" +ret=0 +dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE client` || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" + status=`expr $status + $ret` + echo "I:exit status: $status" + exit $status +fi +status=`expr $status + $ret` + +for owner in . foo.example. +do + echo "I:creating new key using owner name \"$owner\"" + ret=0 + keyname=`$KEYCREATE $dhkeyname $owner` || ret=1 + if [ $ret != 0 ]; then + echo "I:failed" + status=`expr $status + $ret` + echo "I:exit status: $status" + exit $status + fi + status=`expr $status + $ret` + + echo "I:checking the new key" + ret=0 + $DIG $DIGOPTS . ns -k $keyname > dig.out.1 || ret=1 + grep "status: NOERROR" dig.out.1 > /dev/null || ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1 + grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1 + if [ $ret != 0 ]; then + echo "I:failed" + fi + status=`expr $status + $ret` + + echo "I:deleting new key" + ret=0 + $KEYDELETE $keyname || ret=1 + if [ $ret != 0 ]; then + echo "I:failed" + fi + status=`expr $status + $ret` + + echo "I:checking that new key has been deleted" + ret=0 + $DIG $DIGOPTS . ns -k $keyname > dig.out.2 || ret=1 + grep "status: NOERROR" dig.out.2 > /dev/null && ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1 + grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1 + if [ $ret != 0 ]; then + echo "I:failed" + fi + status=`expr $status + $ret` +done + +echo "I:creating new key using owner name bar.example." +ret=0 +keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" + status=`expr $status + $ret` + echo "I:exit status: $status" + exit $status +fi +status=`expr $status + $ret` + +echo "I:checking the key with 'rndc tsig-list'" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1 +grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:using key in a request" +ret=0 +$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1 +grep "status: NOERROR" dig.out.3 > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:deleting the key with 'rndc tsig-delete'" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2 +grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1 +$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1 +grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:recreating the bar.example. key" +ret=0 +keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" + status=`expr $status + $ret` + echo "I:exit status: $status" + exit $status +fi +status=`expr $status + $ret` + +echo "I:checking the new key with 'rndc tsig-list'" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3 +grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:using the new key in a request" +ret=0 +$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1 +grep "status: NOERROR" dig.out.5 > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo "I:failed" +fi +status=`expr $status + $ret` + +echo "I:exit status: $status" +[ $status -eq 0 ] || exit 1 |