|
Packit |
e6c8bb |
# $Id: 61-SIG0-RSAMD5.t 1611 2018-01-02 09:41:24Z willem $ -*-perl-*-
|
|
Packit |
e6c8bb |
#
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
use strict;
|
|
Packit |
e6c8bb |
use Test::More;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my @prerequisite = qw(
|
|
Packit |
e6c8bb |
MIME::Base64
|
|
Packit |
e6c8bb |
Time::Local
|
|
Packit |
e6c8bb |
Net::DNS::RR::SIG
|
|
Packit |
e6c8bb |
Net::DNS::SEC
|
|
Packit |
e6c8bb |
Net::DNS::SEC::RSA
|
|
Packit |
e6c8bb |
Crypt::OpenSSL::Bignum
|
|
Packit |
e6c8bb |
Crypt::OpenSSL::RSA
|
|
Packit |
e6c8bb |
);
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
foreach my $package (@prerequisite) {
|
|
Packit |
e6c8bb |
next if eval "require $package";
|
|
Packit |
e6c8bb |
plan skip_all => "$package not installed";
|
|
Packit |
e6c8bb |
exit;
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
plan tests => 29;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
use_ok('Net::DNS::SEC');
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $key = new Net::DNS::RR <<'END';
|
|
Packit |
e6c8bb |
RSAMD5.example. IN KEY 512 3 1 (
|
|
Packit |
e6c8bb |
AwEAAcUHtdNvhdBKMkUle+MJ+ntJ148yfsITtZC0g93EguURfU113BQVk6tzgXP/aXs4OptkCgrL
|
|
Packit |
e6c8bb |
sTapAZr5+vQ8jNbLp/uUTqEUzBRMBqi0W78B3aEb7vEsC0FB6VLoCcjylDcKzzWHm4rj1ACN2Zbu
|
|
Packit |
e6c8bb |
6eT88lDYHTPiGQskw5LGCze7 ; Key ID = 2871
|
|
Packit |
e6c8bb |
)
|
|
Packit |
e6c8bb |
END
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
ok( $key, 'set up RSA public key' );
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $keyfile = $key->privatekeyname;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
END { unlink($keyfile) if defined $keyfile; }
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
open( KEY, ">$keyfile" ) or die "$keyfile $!";
|
|
Packit |
e6c8bb |
print KEY <<'END';
|
|
Packit |
e6c8bb |
Private-key-format: v1.2
|
|
Packit |
e6c8bb |
Algorithm: 1 (RSA)
|
|
Packit |
e6c8bb |
Modulus: xQe102+F0EoyRSV74wn6e0nXjzJ+whO1kLSD3cSC5RF9TXXcFBWTq3OBc/9pezg6m2QKCsuxNqkBmvn69DyM1sun+5ROoRTMFEwGqLRbvwHdoRvu8SwLQUHpUugJyPKUNwrPNYebiuPUAI3Zlu7p5PzyUNgdM+IZCyTDksYLN7s=
|
|
Packit |
e6c8bb |
PublicExponent: AQAB
|
|
Packit |
e6c8bb |
PrivateExponent: yOATgH0y8Ci1F8ofhFmoBgpCurvAgB2X/vALgQ3YZbJvDYob1l4pL6OTV7AO2pF5LvPPSTJielfUSyyRrnANJSST/Dr19DgpSpnY2GWE7xmJ6/QqnIaJ2+10pFzVRXShijJZjt9dY7JXmNIoQ+JseE08aquKHFEGVfsvkThk8Q==
|
|
Packit |
e6c8bb |
Prime1: 9lyWnGhbZZwVQo/qNHjVeWEDyc0hsc/ynT4Qp/AjVhROY+eJnBEvhtmqj3sq2gDQm2ZfT8uubSH5ZkNrnJjL2Q==
|
|
Packit |
e6c8bb |
Prime2: zL0L5kwZXqUyRiPqZgbhFEib210WZne+AI88iyi39tU/Iplx1Q6DhHmOuPhUgCCj2nqQhWs9BAkQwemLylfHsw==
|
|
Packit |
e6c8bb |
Exponent1: rcETgHChtYJmBDIYTrXCaf8get2wnAY76ObzPF7DrVxZBWExzt7YFFXEU7ncuTDF8DQ9mLvg45uImLWIWkPx0Q==
|
|
Packit |
e6c8bb |
Exponent2: qtb8vPi3GrDCGKETkHshCank09EDRhGY7CKZpI0fpMogWqCrydrIh5xfKZ2d9SRHVaF8QrhPO7TM1OIqkXdZ3Q==
|
|
Packit |
e6c8bb |
Coefficient: IUxSSCxp+TotMTbloOt/aTtxlaz0b5tSS7dBoLa7//tmHZvHQjftEw8KbXC89QhHd537YZX4VcK/uYbU6SesRA==
|
|
Packit |
e6c8bb |
END
|
|
Packit |
e6c8bb |
close(KEY);
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $bad1 = new Net::DNS::RR <<'END';
|
|
Packit |
e6c8bb |
RSAMD5.example. IN KEY 512 3 1 (
|
|
Packit |
e6c8bb |
AwEAAdDembFMoX8rZTqTjHT8PbCZHbTJpDgtuL0uXpJqPZ6ZKnGdQsXVn4BSs8VJlH7+NEv+7Spq
|
|
Packit |
e6c8bb |
Ncxjx6o86HhrvFg5DsDMhEi5MIqlt1OcUYa0zUhFSkb+yzOSnPL7doSoaW8pxoX4uDemkfyOY9xN
|
|
Packit |
e6c8bb |
tNCNBJcvmp1Uvdnttf7LUorD ; Key ID = 21130
|
|
Packit |
e6c8bb |
)
|
|
Packit |
e6c8bb |
END
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $bad2 = new Net::DNS::RR <<'END';
|
|
Packit |
e6c8bb |
RSASHA1.example. IN KEY ( 512 3 5
|
|
Packit |
e6c8bb |
AwEAAcosvYOe384kf7szGV4YxwfliKk9VTlO8HEQnlQs4glpMwtwCm8E9zxQRMG1W9CsM7tcHKq8
|
|
Packit |
e6c8bb |
52KcapenPMkYCseeI7sRtD4k5eF6Us7SaYNRYG6qBhXkSRr41aTroqq+I9IMgAGMzUpC2a9rzn+f
|
|
Packit |
e6c8bb |
Hs5pZA2CKzoR1+9Jv4vKu5MF ; Key ID = 16351
|
|
Packit |
e6c8bb |
)
|
|
Packit |
e6c8bb |
END
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
ok( $packet->sigrr->sigbin, 'sign packet using private key' );
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $verified = $packet->verify($key);
|
|
Packit |
e6c8bb |
ok( $verified, 'verify packet using public key' );
|
|
Packit |
e6c8bb |
is( $packet->verifyerr, '', 'observe no packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
my $buffer = $packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $decoded = new Net::DNS::Packet( \$buffer );
|
|
Packit |
e6c8bb |
my $verified = $decoded->verify($key);
|
|
Packit |
e6c8bb |
ok( $verified, 'verify decoded packet using public key' );
|
|
Packit |
e6c8bb |
is( $decoded->verifyerr, '', 'observe no packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $verified = $packet->verify($bad1);
|
|
Packit |
e6c8bb |
ok( !$verified, 'verify fails using wrong key' );
|
|
Packit |
e6c8bb |
ok( $packet->verifyerr, 'observe packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $verified = $packet->verify($bad2);
|
|
Packit |
e6c8bb |
ok( !$verified, 'verify fails using wrong key' );
|
|
Packit |
e6c8bb |
ok( $packet->verifyerr, 'observe packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
$packet->push( answer => rr_add('bogus. A 10.1.2.3') );
|
|
Packit |
e6c8bb |
my $verified = $packet->verify($key);
|
|
Packit |
e6c8bb |
ok( !$verified, 'verify fails for modified packet' );
|
|
Packit |
e6c8bb |
ok( $packet->verifyerr, 'observe packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $verified = $packet->verify( [$bad1, $bad2, $key] );
|
|
Packit |
e6c8bb |
ok( $verified, 'verify packet using array of keys' );
|
|
Packit |
e6c8bb |
is( $packet->verifyerr, '', 'observe no packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
$packet->data;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
$packet->push( answer => rr_add('bogus. A 10.1.2.3') );
|
|
Packit |
e6c8bb |
my $verified = $packet->verify( [$bad1, $bad2, $key] );
|
|
Packit |
e6c8bb |
ok( !$verified, 'verify failure using array of keys' );
|
|
Packit |
e6c8bb |
ok( $packet->verifyerr, 'observe packet->verifyerr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $data = new Net::DNS::Packet('example')->data;
|
|
Packit |
e6c8bb |
my $sig = create Net::DNS::RR::SIG( $data, $keyfile );
|
|
Packit |
e6c8bb |
ok( $sig->sigbin, 'create SIG over data using private key' );
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
my $verified = $sig->verify( $data, $key );
|
|
Packit |
e6c8bb |
ok( $verified, 'verify data using public key' );
|
|
Packit |
e6c8bb |
is( $sig->vrfyerrstr, '', 'observe no sig->vrfyerrstr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $data = new Net::DNS::Packet('example')->data;
|
|
Packit |
e6c8bb |
my $time = time() + 3;
|
|
Packit |
e6c8bb |
my %args = (
|
|
Packit |
e6c8bb |
siginception => $time,
|
|
Packit |
e6c8bb |
sigexpiration => $time,
|
|
Packit |
e6c8bb |
);
|
|
Packit |
e6c8bb |
my $object = create Net::DNS::RR::SIG( $data, $keyfile, %args );
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
ok( !$object->verify( $data, $key ), 'verify fails for postdated SIG' );
|
|
Packit |
e6c8bb |
ok( $object->vrfyerrstr, 'observe sig->vrfyerrstr' );
|
|
Packit |
e6c8bb |
sleep 1 until $time < time();
|
|
Packit |
e6c8bb |
ok( !$object->verify( $data, $key ), 'verify fails for expired SIG' );
|
|
Packit |
e6c8bb |
ok( $object->vrfyerrstr, 'observe sig->vrfyerrstr' );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $object = new Net::DNS::RR( type => 'SIG' );
|
|
Packit |
e6c8bb |
my $keyrec = new Net::DNS::RR( type => 'KEY' );
|
|
Packit |
e6c8bb |
my $nonkey = new Net::DNS::RR( type => 'DS' );
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet();
|
|
Packit |
e6c8bb |
my $array = [];
|
|
Packit |
e6c8bb |
my @testcase = ( ## test verify() with invalid arguments
|
|
Packit |
e6c8bb |
[$array, $keyrec],
|
|
Packit |
e6c8bb |
[$object, $keyrec],
|
|
Packit |
e6c8bb |
[$packet, $keyrec],
|
|
Packit |
e6c8bb |
[$packet, $nonkey],
|
|
Packit |
e6c8bb |
);
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
foreach my $arglist (@testcase) {
|
|
Packit |
e6c8bb |
my @argtype = map ref($_), @$arglist;
|
|
Packit |
e6c8bb |
$object->typecovered('A'); # induce failure
|
|
Packit |
e6c8bb |
eval { $object->verify(@$arglist); };
|
|
Packit |
e6c8bb |
my $exception = $1 if $@ =~ /^(.*)\n*/;
|
|
Packit |
e6c8bb |
ok( defined $exception, "verify(@argtype)\t[$exception]" );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
{
|
|
Packit |
e6c8bb |
my $packet = new Net::DNS::Packet('query.example');
|
|
Packit |
e6c8bb |
$packet->sign_sig0($keyfile);
|
|
Packit |
e6c8bb |
my $signed = $packet->data; # signing occurs in SIG->encode
|
|
Packit |
e6c8bb |
$packet->sigrr->sigbin(''); # signature destroyed
|
|
Packit |
e6c8bb |
my $unsigned = eval { $packet->data }; # unable to regenerate SIG0
|
|
Packit |
e6c8bb |
my $exception = $1 if $@ =~ /^(.*)\n*/;
|
|
Packit |
e6c8bb |
ok( defined $exception, "missing key\t[$exception]" );
|
|
Packit |
e6c8bb |
}
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
exit;
|
|
Packit |
e6c8bb |
|
|
Packit |
e6c8bb |
__END__
|
|
Packit |
e6c8bb |
|