sign test tool.

git-svn-id: file:///svn/unbound/trunk@561 be551aaa-1e26-0410-a405-d3ace91eadb9

Makefile.in

@@ -71,8 +71,10 @@ LOCKVERIFY_SRC=testcode/lock_verify.c $(COMMON_SRC)
 LOCKVERIFY_OBJ=$(addprefix $(BUILD),$(LOCKVERIFY_SRC:.c=.o)) $(COMPAT_OBJ)
 PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c $(COMMON_SRC)
 PKTVIEW_OBJ=$(addprefix $(BUILD),$(PKTVIEW_SRC:.c=.o)) $(COMPAT_OBJ)
+SIGNIT_SRC=testcode/signit.c $(COMMON_SRC)
+SIGNIT_OBJ=$(addprefix $(BUILD),$(SIGNIT_SRC:.c=.o)) $(COMPAT_OBJ)
 ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
-	$(TESTBOUND_SRC) $(LOCKVERIFY_SRC)
+	$(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) $(SIGNIT_SRC)
 ALL_OBJ=$(addprefix $(BUILD),$(ALL_SRC:.c=.o) \
 	$(addprefix compat/,$(LIBOBJS))) $(COMPAT_OBJ)
 
@@ -87,7 +89,7 @@ $(BUILD)%.o:    $(srcdir)/%.c
 
 .PHONY:	clean realclean doc lint all install uninstall
 
-all:	$(COMMON_OBJ) unbound unittest testbound lock-verify pktview
+all:	$(COMMON_OBJ) unbound unittest testbound lock-verify pktview signit
 
 unbound:	$(DAEMON_OBJ)
 	$(INFO) Link $@
@@ -109,6 +111,10 @@ pktview:	$(PKTVIEW_OBJ)
 	$(INFO) Link $@
 	$Q$(LINK) -o $@ $^ $(LIBS)
 
+signit:	$(SIGNIT_OBJ)
+	$(INFO) Link $@
+	$Q$(LINK) -o $@ $^ $(LIBS)
+
 #testcode/ldns-testpkts.c:	$(ldnsdir)/examples/ldns-testpkts.c \
 #			$(ldnsdir)/examples/ldns-testpkts.h
 #	cp $(ldnsdir)/examples/ldns-testpkts.c testcode/ldns-testpkts.c

doc/Changelog

@@ -1,3 +1,7 @@
+29 August 2007: Wouter
+	- test tool to sign rrsets for testing validator with.
+	- added RSA and DSA test keys, public and private pairs, 512 bits.
+
 28 August 2007: Wouter
 	- removed double use for udp buffers, that could fail,
 	  instead performs a malloc to do the backup.

testcode/signit.c

@@ -0,0 +1,194 @@
+/*
+ * testcode/signit.c - debug tool to sign rrsets with given keys.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This program signs rrsets with the given keys. It can be used to 
+ * construct input to test the validator with.
+ */
+#include "config.h"
+#include "util/log.h"
+#include "util/config_file.h"
+#include "util/net_help.h"
+
+/**
+ * Key settings
+ */
+struct keysets {
+	/** signature inception */
+	uint32_t incep;
+	/** signature expiration */
+	uint32_t expi;
+	/** owner name */
+	char* owner;
+	/** keytag */
+	uint16_t keytag;
+	/** DNSKEY flags */
+	uint16_t flags;
+};
+
+/** print usage and exit */
+static void
+usage()
+{
+	printf("usage:	signit expi ince keytag owner keyfile\n");
+	printf("present rrset data on stdin.\n");
+	printf("signed data is printed to stdout.\n");
+	exit(1);
+}
+
+/** read expi ince keytag owner from cmdline */
+static void
+parse_cmdline(char *argv[], struct keysets* s)
+{
+	s->expi = cfg_convert_timeval(argv[1]);
+	s->incep = cfg_convert_timeval(argv[2]);
+	s->keytag = atoi(argv[3]);
+	s->owner = argv[4];
+	s->flags = DNSKEY_BIT_ZSK; /* to enforce signing */
+}
+
+/** read all key files, exit on error */
+static ldns_key_list*
+read_keys(int num, char* names[], struct keysets* set)
+{
+	int i;
+	ldns_key_list* keys = ldns_key_list_new();
+	ldns_key* k;
+	ldns_rdf* rdf;
+	ldns_status s;
+	int b;
+	FILE* in;
+
+	if(!keys) fatal_exit("alloc failure");
+	for(i=0; i<num; i++) {
+		printf("read keyfile %s\n", names[i]);
+		in = fopen(names[i], "r");
+		if(!in) fatal_exit("could not open %s: %s", names[i],
+				strerror(errno));
+		s = ldns_key_new_frm_fp(&k, in);
+		fclose(in);
+		if(s != LDNS_STATUS_OK)
+			fatal_exit("bad keyfile %s: %s", names[i],
+				ldns_get_errorstr_by_id(s));
+		ldns_key_set_expiration(k, set->expi);
+		ldns_key_set_inception(k, set->incep);
+		s = ldns_str2rdf_dname(&rdf, set->owner);
+		if(s != LDNS_STATUS_OK)
+			fatal_exit("bad owner name %s: %s", set->owner,
+				ldns_get_errorstr_by_id(s));
+		ldns_key_set_pubkey_owner(k, rdf);
+		ldns_key_set_flags(k, set->flags);
+		ldns_key_set_keytag(k, set->keytag);
+		b = ldns_key_list_push_key(keys, k);
+		log_assert(b);
+	}
+	return keys;
+}
+
+/** read list of rrs from the file */
+static ldns_rr_list*
+read_rrs(FILE* in)
+{
+	uint32_t my_ttl = 3600;
+	ldns_rdf *my_origin = NULL;
+	ldns_rdf *my_prev = NULL;
+	ldns_status s;
+	int line_nr = 1;
+	int b;
+
+	ldns_rr_list* list;
+	ldns_rr *rr;
+
+	list = ldns_rr_list_new();
+	if(!list) fatal_exit("alloc error");
+
+	while(!feof(in)) {
+		s = ldns_rr_new_frm_fp_l(&rr, in, &my_ttl, &my_origin,
+			&my_prev, &line_nr);
+		if(s == LDNS_STATUS_SYNTAX_TTL || 
+			s == LDNS_STATUS_SYNTAX_ORIGIN ||
+			s == LDNS_STATUS_SYNTAX_EMPTY)
+			continue;
+		else if(s != LDNS_STATUS_OK)
+			fatal_exit("parse error in line %d: %s", line_nr,
+				ldns_get_errorstr_by_id(s));
+		b = ldns_rr_list_push_rr(list, rr);
+		log_assert(b);
+	}
+	printf("read %d lines\n", line_nr);
+
+	return list;
+}
+
+/** sign the rrs with the keys */
+static void
+signit(ldns_rr_list* rrs, ldns_key_list* keys)
+{
+	ldns_rr_list* rrset;
+	ldns_rr_list* sigs;
+	
+	while(ldns_rr_list_rr_count(rrs) > 0) {
+		rrset = ldns_rr_list_pop_rrset(rrs);
+		if(!rrset) fatal_exit("copy alloc failure");
+		sigs = ldns_sign_public(rrset, keys);
+		if(!sigs) fatal_exit("failed to sign");
+		ldns_rr_list_print(stdout, rrset);
+		ldns_rr_list_print(stdout, sigs);
+		printf("\n");
+		ldns_rr_list_free(rrset);
+		ldns_rr_list_free(sigs);
+	}
+}
+
+/** main program */
+int main(int argc, char* argv[])
+{
+	ldns_rr_list* rrs;
+	ldns_key_list* keys;
+	struct keysets settings;
+	if(argc < 6) {
+		usage();
+	}
+	parse_cmdline(argv, &settings);
+	keys = read_keys(1, argv+5, &settings);
+	rrs = read_rrs(stdin);
+	signit(rrs, keys);
+
+	ldns_rr_list_deep_free(rrs);
+	ldns_key_list_free(keys);
+	return 0;
+}

testdata/Kexample.com.+003+02854.ds

@@ -0,0 +1 @@
+example.com.	3600	IN	DS	2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b

testdata/Kexample.com.+003+02854.key

@@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}

testdata/Kexample.com.+003+02854.private

@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): +sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKQ==
+Subprime(q): tctSxapStjclgRHdPhMEkgizvSM=
+Base(g): LGE7N8tUTWCoDQ/B5lHx21jdo1BJGfew+nAmvoyL8+pAoAwytn1yQml/X5tAw46/GDPPZTUZLXxvfJkpyBMwRg==
+Private_value(x): XMs4XYi1oNckzTPvGMkgG5IiuzY=
+Public_value(y): ic3fxmWM4vwTdg80NDLK0sGF37DSxTgW7PDyTFuC2CMXnjnuq1IJFjhewgvQ4f3XbkNUK7CYZmQBBX3egcmFfg==

testdata/Kexample.com.+005+30899.ds

@@ -0,0 +1 @@
+example.com.	3600	IN	DS	30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512

testdata/Kexample.com.+005+30899.key

@@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}

testdata/Kexample.com.+005+30899.private

@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 0ONXIUfQxB7f2iMyBQKmp2w5UX5SaEbOcs9YxbKESE+3Vn9K/j3g7nsHcZLMzR+sJ1OEC/KXyhUYeTyGFQSytw==
+PublicExponent: Aw==
+PrivateExponent: i0I6Fi/ggr8/5sIhWKxvGkgmNlQ28C80TIo7LncC2t6ar2Q5rpyiDxEHvFLfphRh108ZOqf2tQdHx7tXTx5Gqw==
+Prime1: 9WS85Q92ilTAuGiVi+KesKzrFqF98l2Gpu4003hfmbc=
+Prime2: 2eqsD2jcY4Mgw26A8XFiaLdxx5J4s10Dhd9ur6X3rwE=
+Exponent1: o5h97gpPBuMrJZsOXUG/IHNHZGupTD5ZxJ7N4lA/u88=
+Exponent2: kUcdX5s9l6zAgkmrS6DsRc+hL7b7Ij4CWT+fH8P6dKs=
+Coefficient: PVZrElFmz9tWa4kwu9jArjcocycYu0eBycgguQ03J7w=