summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/tkey
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:37:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 18:37:14 +0000
commitea648e70a989cca190cd7403fe892fd2dcc290b4 (patch)
treee2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/system/tkey
parentInitial commit. (diff)
downloadbind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz
bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip
Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--bin/tests/system/tkey/Makefile.in54
-rw-r--r--bin/tests/system/tkey/clean.sh17
-rw-r--r--bin/tests/system/tkey/keycreate.c337
-rw-r--r--bin/tests/system/tkey/keydelete.c271
-rw-r--r--bin/tests/system/tkey/ns1/example.db25
-rw-r--r--bin/tests/system/tkey/ns1/named.conf.in50
-rw-r--r--bin/tests/system/tkey/ns1/setup.sh18
-rw-r--r--bin/tests/system/tkey/prereq.sh15
-rw-r--r--bin/tests/system/tkey/setup.sh19
-rw-r--r--bin/tests/system/tkey/tests.sh147
10 files changed, 953 insertions, 0 deletions
diff --git a/bin/tests/system/tkey/Makefile.in b/bin/tests/system/tkey/Makefile.in
new file mode 100644
index 0000000..252b6c0
--- /dev/null
+++ b/bin/tests/system/tkey/Makefile.in
@@ -0,0 +1,54 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# $Id: Makefile.in,v 1.14 2009/12/05 23:31:40 each Exp $
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
+
+CDEFINES = @CRYPTO@
+CWARNINGS =
+
+DNSLIBS = ../../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+
+DNSDEPLIBS = ../../../../lib/dns/libdns.@A@
+ISCDEPLIBS = ../../../../lib/isc/libisc.@A@
+
+DEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@
+
+TARGETS = keycreate@EXEEXT@ keydelete@EXEEXT@
+
+CREATEOBJS = keycreate.@O@
+DELETEOBJS = keydelete.@O@
+
+SRCS = keycreate.c keydelete.c
+
+@BIND9_MAKE_RULES@
+
+all: keycreate@EXEEXT@ keydelete@EXEEXT@
+
+keycreate@EXEEXT@: ${CREATEOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${CREATEOBJS} ${LIBS}
+
+keydelete@EXEEXT@: ${DELETEOBJS} ${DEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${DELETEOBJS} ${LIBS}
+
+clean distclean::
+ rm -f ${TARGETS}
+
diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh
new file mode 100644
index 0000000..a8ea8cf
--- /dev/null
+++ b/bin/tests/system/tkey/clean.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+rm -f dig.out.* rndc.out.* ns1/named.conf
+rm -f K* ns1/K*
+rm -f */named.memstats
+rm -f */named.run
+rm -f ns1/_default.tsigkeys
+rm -f ns*/named.lock
diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
new file mode 100644
index 0000000..5a00f86
--- /dev/null
+++ b/bin/tests/system/tkey/keycreate.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <pk11/site.h>
+
+#include <dns/dispatch.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+
+#include <dst/result.h>
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \
+ exit(-1); \
+ } \
+}
+
+#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+
+#define PORT 5300
+#define TIMEOUT 30
+
+static dst_key_t *ourkey;
+static isc_mem_t *mctx;
+static dns_tsigkey_t *tsigkey, *initialkey;
+static dns_tsig_keyring_t *ring;
+static unsigned char noncedata[16];
+static isc_buffer_t nonce;
+static dns_requestmgr_t *requestmgr;
+static const char *ownername_str = ".";
+
+#ifndef PK11_MD5_DISABLE
+static void
+recvquery(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result;
+ dns_message_t *query, *response;
+ char keyname[256];
+ isc_buffer_t keynamebuf;
+ int type;
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ exit(-1);
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ result = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ CHECK("dns_request_getresponse", result);
+
+ if (response->rcode != dns_rcode_noerror) {
+ result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
+ fprintf(stderr, "I:response rcode: %s\n",
+ isc_result_totext(result));
+ exit(-1);
+ }
+
+ result = dns_tkey_processdhresponse(query, response, ourkey, &nonce,
+ &tsigkey, ring);
+ CHECK("dns_tkey_processdhresponse", result);
+
+ /*
+ * Yes, this is a hack.
+ */
+ isc_buffer_init(&keynamebuf, keyname, sizeof(keyname));
+ result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf);
+ CHECK("dst_key_buildfilename", result);
+ printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf),
+ (char *)isc_buffer_base(&keynamebuf));
+ type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY;
+ result = dst_key_tofile(tsigkey->key, type, "");
+ CHECK("dst_key_tofile", result);
+
+ dns_message_destroy(&query);
+ dns_message_destroy(&response);
+ dns_request_destroy(&reqev->request);
+ isc_event_free(&event);
+ isc_app_shutdown();
+ return;
+}
+#endif
+
+static void
+sendquery(isc_task_t *task, isc_event_t *event) {
+#ifndef PK11_MD5_DISABLE
+ struct in_addr inaddr;
+ isc_sockaddr_t address;
+ isc_region_t r;
+ isc_result_t result;
+ dns_fixedname_t keyname;
+ dns_fixedname_t ownername;
+ isc_buffer_t namestr, keybuf;
+ unsigned char keydata[9];
+ dns_message_t *query;
+ dns_request_t *request;
+ static char keystr[] = "0123456789ab";
+
+ isc_event_free(&event);
+
+ result = ISC_R_FAILURE;
+ if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
+ CHECK("inet_pton", result);
+ isc_sockaddr_fromin(&address, &inaddr, PORT);
+
+ dns_fixedname_init(&keyname);
+ isc_buffer_constinit(&namestr, "tkeytest.", 9);
+ isc_buffer_add(&namestr, 9);
+ result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr,
+ NULL, 0, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ dns_fixedname_init(&ownername);
+ isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str));
+ isc_buffer_add(&namestr, strlen(ownername_str));
+ result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
+ NULL, 0, NULL);
+ CHECK("dns_name_fromtext", result);
+
+ isc_buffer_init(&keybuf, keydata, 9);
+ result = isc_base64_decodestring(keystr, &keybuf);
+ CHECK("isc_base64_decodestring", result);
+
+ isc_buffer_usedregion(&keybuf, &r);
+
+ initialkey = NULL;
+ result = dns_tsigkey_create(dns_fixedname_name(&keyname),
+ DNS_TSIG_HMACMD5_NAME,
+ isc_buffer_base(&keybuf),
+ isc_buffer_usedlength(&keybuf),
+ false, NULL, 0, 0, mctx, ring,
+ &initialkey);
+ CHECK("dns_tsigkey_create", result);
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+
+ result = dns_tkey_builddhquery(query, ourkey,
+ dns_fixedname_name(&ownername),
+ DNS_TSIG_HMACMD5_NAME, &nonce, 3600);
+ CHECK("dns_tkey_builddhquery", result);
+
+ request = NULL;
+ result = dns_request_create(requestmgr, query, &address,
+ DNS_REQUESTOPT_TCP, initialkey,
+ TIMEOUT, task, recvquery, query,
+ &request);
+ CHECK("dns_request_create", result);
+#else
+ UNUSED(task);
+
+ isc_event_free(&event);
+ CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
+#endif
+}
+
+int
+main(int argc, char *argv[]) {
+ char *ourkeyname;
+ isc_taskmgr_t *taskmgr;
+ isc_timermgr_t *timermgr;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *sock;
+ unsigned int attrs, attrmask;
+ isc_sockaddr_t bind_any;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_dispatch_t *dispatchv4;
+ dns_view_t *view;
+ isc_entropy_t *ectx;
+ dns_tkeyctx_t *tctx;
+ isc_log_t *log;
+ isc_logconfig_t *logconfig;
+ isc_task_t *task;
+ isc_result_t result;
+ int type;
+
+ RUNCHECK(isc_app_start());
+
+ if (argc < 2) {
+ fprintf(stderr, "I:no DH key provided\n");
+ exit(-1);
+ }
+ ourkeyname = argv[1];
+
+ if (argc >= 3)
+ ownername_str = argv[2];
+
+ dns_result_register();
+
+ mctx = NULL;
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+ RUNCHECK(isc_mem_create(0, 0, &mctx));
+
+ ectx = NULL;
+ RUNCHECK(isc_entropy_create(mctx, &ectx));
+ RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data"));
+ RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
+
+ log = NULL;
+ logconfig = NULL;
+ RUNCHECK(isc_log_create(mctx, &log, &logconfig));
+
+ RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY));
+
+ taskmgr = NULL;
+ RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ task = NULL;
+ RUNCHECK(isc_task_create(taskmgr, 0, &task));
+ timermgr = NULL;
+ RUNCHECK(isc_timermgr_create(mctx, &timermgr));
+ socketmgr = NULL;
+ RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
+ dispatchmgr = NULL;
+ RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ isc_sockaddr_any(&bind_any);
+ attrs = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_MAKEQUERY |
+ DNS_DISPATCHATTR_IPV4;
+ attrmask = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_TCP |
+ DNS_DISPATCHATTR_IPV4 |
+ DNS_DISPATCHATTR_IPV6;
+ dispatchv4 = NULL;
+ RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, 4096, 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4));
+ requestmgr = NULL;
+ RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr,
+ dispatchmgr, dispatchv4, NULL,
+ &requestmgr));
+
+ ring = NULL;
+ RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
+ tctx = NULL;
+ RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+
+ view = NULL;
+ RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
+ dns_view_setkeyring(view, ring);
+ dns_tsigkeyring_detach(&ring);
+
+ sock = NULL;
+ RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp,
+ &sock));
+
+ RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL));
+
+ ourkey = NULL;
+ type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
+ result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey);
+ CHECK("dst_key_fromnamedfile", result);
+
+ isc_buffer_init(&nonce, noncedata, sizeof(noncedata));
+ result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata),
+ NULL, ISC_ENTROPY_BLOCKING);
+ CHECK("isc_entropy_getdata", result);
+ isc_buffer_add(&nonce, sizeof(noncedata));
+
+ (void)isc_app_run();
+
+ dns_requestmgr_shutdown(requestmgr);
+ dns_requestmgr_detach(&requestmgr);
+ dns_dispatch_detach(&dispatchv4);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socket_detach(&sock);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ dst_key_free(&ourkey);
+ dns_tsigkey_detach(&initialkey);
+ dns_tsigkey_detach(&tsigkey);
+
+ dns_tkeyctx_destroy(&tctx);
+
+ dns_view_detach(&view);
+
+ isc_log_destroy(&log);
+
+ dst_lib_destroy();
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
new file mode 100644
index 0000000..bde66a4
--- /dev/null
+++ b/bin/tests/system/tkey/keydelete.c
@@ -0,0 +1,271 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+
+#include <config.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <isc/app.h>
+#include <isc/base64.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/sockaddr.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <pk11/site.h>
+
+#include <dns/dispatch.h>
+#include <dns/fixedname.h>
+#include <dns/keyvalues.h>
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/request.h>
+#include <dns/result.h>
+#include <dns/tkey.h>
+#include <dns/tsig.h>
+#include <dns/view.h>
+
+#include <dst/result.h>
+
+#define CHECK(str, x) { \
+ if ((x) != ISC_R_SUCCESS) { \
+ fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \
+ exit(-1); \
+ } \
+}
+
+#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
+
+#define PORT 5300
+#define TIMEOUT 30
+
+static isc_mem_t *mctx;
+static dns_tsigkey_t *tsigkey;
+static dns_tsig_keyring_t *ring;
+static dns_requestmgr_t *requestmgr;
+
+static void
+recvquery(isc_task_t *task, isc_event_t *event) {
+ dns_requestevent_t *reqev = (dns_requestevent_t *)event;
+ isc_result_t result;
+ dns_message_t *query, *response;
+
+ UNUSED(task);
+
+ REQUIRE(reqev != NULL);
+
+ if (reqev->result != ISC_R_SUCCESS) {
+ fprintf(stderr, "I:request event result: %s\n",
+ isc_result_totext(reqev->result));
+ exit(-1);
+ }
+
+ query = reqev->ev_arg;
+
+ response = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
+ CHECK("dns_message_create", result);
+
+ result = dns_request_getresponse(reqev->request, response,
+ DNS_MESSAGEPARSE_PRESERVEORDER);
+ CHECK("dns_request_getresponse", result);
+
+ if (response->rcode != dns_rcode_noerror) {
+ result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
+ fprintf(stderr, "I:response rcode: %s\n",
+ isc_result_totext(result));
+ exit(-1);
+ }
+
+ result = dns_tkey_processdeleteresponse(query, response, ring);
+ CHECK("dns_tkey_processdhresponse", result);
+
+ dns_message_destroy(&query);
+ dns_message_destroy(&response);
+ dns_request_destroy(&reqev->request);
+ isc_event_free(&event);
+ isc_app_shutdown();
+ return;
+}
+
+static void
+sendquery(isc_task_t *task, isc_event_t *event) {
+ struct in_addr inaddr;
+ isc_sockaddr_t address;
+ isc_result_t result;
+ dns_message_t *query;
+ dns_request_t *request;
+
+ isc_event_free(&event);
+
+ result = ISC_R_FAILURE;
+ if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
+ CHECK("inet_pton", result);
+ isc_sockaddr_fromin(&address, &inaddr, PORT);
+
+ query = NULL;
+ result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
+ CHECK("dns_message_create", result);
+
+ result = dns_tkey_builddeletequery(query, tsigkey);
+ CHECK("dns_tkey_builddeletequery", result);
+
+ request = NULL;
+ result = dns_request_create(requestmgr, query, &address,
+ DNS_REQUESTOPT_TCP, tsigkey, TIMEOUT,
+ task, recvquery, query, &request);
+ CHECK("dns_request_create", result);
+}
+
+int
+main(int argc, char **argv) {
+ char *keyname;
+ isc_taskmgr_t *taskmgr;
+ isc_timermgr_t *timermgr;
+ isc_socketmgr_t *socketmgr;
+ isc_socket_t *sock;
+ unsigned int attrs, attrmask;
+ isc_sockaddr_t bind_any;
+ dns_dispatchmgr_t *dispatchmgr;
+ dns_dispatch_t *dispatchv4;
+ dns_view_t *view;
+ isc_entropy_t *ectx;
+ dns_tkeyctx_t *tctx;
+ dst_key_t *dstkey;
+ isc_log_t *log;
+ isc_logconfig_t *logconfig;
+ isc_task_t *task;
+ isc_result_t result;
+ int type;
+
+ RUNCHECK(isc_app_start());
+
+ if (argc < 2) {
+ fprintf(stderr, "I:no key to delete\n");
+ exit(-1);
+ }
+ keyname = argv[1];
+
+ dns_result_register();
+
+ mctx = NULL;
+ RUNCHECK(isc_mem_create(0, 0, &mctx));
+
+ ectx = NULL;
+ RUNCHECK(isc_entropy_create(mctx, &ectx));
+ RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data"));
+ RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE));
+
+ log = NULL;
+ logconfig = NULL;
+ RUNCHECK(isc_log_create(mctx, &log, &logconfig));
+
+ RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY));
+
+ taskmgr = NULL;
+ RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr));
+ task = NULL;
+ RUNCHECK(isc_task_create(taskmgr, 0, &task));
+ timermgr = NULL;
+ RUNCHECK(isc_timermgr_create(mctx, &timermgr));
+ socketmgr = NULL;
+ RUNCHECK(isc_socketmgr_create(mctx, &socketmgr));
+ dispatchmgr = NULL;
+ RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr));
+ isc_sockaddr_any(&bind_any);
+ attrs = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_MAKEQUERY |
+ DNS_DISPATCHATTR_IPV4;
+ attrmask = DNS_DISPATCHATTR_UDP |
+ DNS_DISPATCHATTR_TCP |
+ DNS_DISPATCHATTR_IPV4 |
+ DNS_DISPATCHATTR_IPV6;
+ dispatchv4 = NULL;
+ RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr,
+ &bind_any, 4096, 4, 2, 3, 5,
+ attrs, attrmask, &dispatchv4));
+ requestmgr = NULL;
+ RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr,
+ dispatchmgr, dispatchv4, NULL,
+ &requestmgr));
+
+ ring = NULL;
+ RUNCHECK(dns_tsigkeyring_create(mctx, &ring));
+ tctx = NULL;
+ RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx));
+
+ view = NULL;
+ RUNCHECK(dns_view_create(mctx, 0, "_test", &view));
+ dns_view_setkeyring(view, ring);
+
+ sock = NULL;
+ RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp,
+ &sock));
+
+ RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL));
+
+ dstkey = NULL;
+ type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY;
+ result = dst_key_fromnamedfile(keyname, NULL, type, mctx, &dstkey);
+ CHECK("dst_key_fromnamedfile", result);
+#ifndef PK11_MD5_DISABLE
+ result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
+ DNS_TSIG_HMACMD5_NAME,
+ dstkey, true, NULL, 0, 0,
+ mctx, ring, &tsigkey);
+ dst_key_free(&dstkey);
+ CHECK("dns_tsigkey_createfromkey", result);
+#else
+ dst_key_free(&dstkey);
+ CHECK("MD5 was disabled", ISC_R_NOTIMPLEMENTED);
+#endif
+
+ (void)isc_app_run();
+
+ dns_requestmgr_shutdown(requestmgr);
+ dns_requestmgr_detach(&requestmgr);
+ dns_dispatch_detach(&dispatchv4);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ isc_task_shutdown(task);
+ isc_task_detach(&task);
+ isc_taskmgr_destroy(&taskmgr);
+ isc_socket_detach(&sock);
+ isc_socketmgr_destroy(&socketmgr);
+ isc_timermgr_destroy(&timermgr);
+
+ dns_tsigkeyring_detach(&ring);
+
+ dns_tsigkey_detach(&tsigkey);
+
+ dns_tkeyctx_destroy(&tctx);
+
+ dns_view_detach(&view);
+
+ isc_log_destroy(&log);
+
+ dst_lib_destroy();
+ isc_hash_destroy();
+ isc_entropy_detach(&ectx);
+
+ isc_mem_destroy(&mctx);
+
+ isc_app_finish();
+
+ return (0);
+}
diff --git a/bin/tests/system/tkey/ns1/example.db b/bin/tests/system/tkey/ns1/example.db
new file mode 100644
index 0000000..7771d28
--- /dev/null
+++ b/bin/tests/system/tkey/ns1/example.db
@@ -0,0 +1,25 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 1D
+
+@ IN SOA ns hostmaster (
+ 1
+ 3600
+ 1800
+ 1814400
+ 3
+ )
+ NS ns
+ns A 10.53.0.1
+mx MX 10 mail
+a A 10.53.0.1
+ A 10.53.0.2
+txt TXT "this is text"
+
diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in
new file mode 100644
index 0000000..9300397
--- /dev/null
+++ b/bin/tests/system/tkey/ns1/named.conf.in
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/* $Id: named.conf.in,v 1.10 2011/11/03 23:46:26 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.1;
+ notify-source 10.53.0.1;
+ transfer-source 10.53.0.1;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ recursion no;
+ notify no;
+ tkey-domain "server";
+ tkey-dhkey "server" KEYID;
+ allow-query-cache { any; };
+ random-device "RANDFILE";
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+key "tkeytest." {
+ algorithm hmac-md5;
+ secret "0123456789ab";
+};
+
+zone example {
+ type master;
+ file "example.db";
+ allow-query { key tkeytest.; none; };
+};
diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh
new file mode 100644
index 0000000..c1e2ff3
--- /dev/null
+++ b/bin/tests/system/tkey/ns1/setup.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+keyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE server`
+keyid=`echo $keyname | $PERL -p -e 's/^.*\+0*//;'`
+rm -f named.conf
+sed -e "s;KEYID;$keyid;" -e "s;RANDFILE;$RANDFILE;" < named.conf.in > named.conf
diff --git a/bin/tests/system/tkey/prereq.sh b/bin/tests/system/tkey/prereq.sh
new file mode 100644
index 0000000..a0d4e9c
--- /dev/null
+++ b/bin/tests/system/tkey/prereq.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+exec $SHELL ../testcrypto.sh
diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh
new file mode 100644
index 0000000..299ae5d
--- /dev/null
+++ b/bin/tests/system/tkey/setup.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$SHELL clean.sh
+
+test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
+
+cd ns1 && $SHELL setup.sh
diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh
new file mode 100644
index 0000000..9f90dd7
--- /dev/null
+++ b/bin/tests/system/tkey/tests.sh
@@ -0,0 +1,147 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# $Id: tests.sh,v 1.11 2011/11/03 23:46:26 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+DIGOPTS="@10.53.0.1 -p 5300"
+
+status=0
+
+echo "I:generating new DH key"
+ret=0
+dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE client` || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+ status=`expr $status + $ret`
+ echo "I:exit status: $status"
+ exit $status
+fi
+status=`expr $status + $ret`
+
+for owner in . foo.example.
+do
+ echo "I:creating new key using owner name \"$owner\""
+ ret=0
+ keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ status=`expr $status + $ret`
+ echo "I:exit status: $status"
+ exit $status
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:checking the new key"
+ ret=0
+ $DIG $DIGOPTS . ns -k $keyname > dig.out.1 || ret=1
+ grep "status: NOERROR" dig.out.1 > /dev/null || ret=1
+ grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1
+ grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:deleting new key"
+ ret=0
+ $KEYDELETE $keyname || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+
+ echo "I:checking that new key has been deleted"
+ ret=0
+ $DIG $DIGOPTS . ns -k $keyname > dig.out.2 || ret=1
+ grep "status: NOERROR" dig.out.2 > /dev/null && ret=1
+ grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1
+ grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1
+ if [ $ret != 0 ]; then
+ echo "I:failed"
+ fi
+ status=`expr $status + $ret`
+done
+
+echo "I:creating new key using owner name bar.example."
+ret=0
+keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+ status=`expr $status + $ret`
+ echo "I:exit status: $status"
+ exit $status
+fi
+status=`expr $status + $ret`
+
+echo "I:checking the key with 'rndc tsig-list'"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1
+grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:using key in a request"
+ret=0
+$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1
+grep "status: NOERROR" dig.out.3 > /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:deleting the key with 'rndc tsig-delete'"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2
+grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1
+$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1
+grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:recreating the bar.example. key"
+ret=0
+keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+ status=`expr $status + $ret`
+ echo "I:exit status: $status"
+ exit $status
+fi
+status=`expr $status + $ret`
+
+echo "I:checking the new key with 'rndc tsig-list'"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3
+grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:using the new key in a request"
+ret=0
+$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1
+grep "status: NOERROR" dig.out.5 > /dev/null || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed"
+fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+[ $status -eq 0 ] || exit 1