mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
sign test tool.
git-svn-id: file:///svn/unbound/trunk@561 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
824ceffedb
commit
dd9da95c70
10
Makefile.in
10
Makefile.in
@ -71,8 +71,10 @@ LOCKVERIFY_SRC=testcode/lock_verify.c $(COMMON_SRC)
|
||||
LOCKVERIFY_OBJ=$(addprefix $(BUILD),$(LOCKVERIFY_SRC:.c=.o)) $(COMPAT_OBJ)
|
||||
PKTVIEW_SRC=testcode/pktview.c testcode/readhex.c $(COMMON_SRC)
|
||||
PKTVIEW_OBJ=$(addprefix $(BUILD),$(PKTVIEW_SRC:.c=.o)) $(COMPAT_OBJ)
|
||||
SIGNIT_SRC=testcode/signit.c $(COMMON_SRC)
|
||||
SIGNIT_OBJ=$(addprefix $(BUILD),$(SIGNIT_SRC:.c=.o)) $(COMPAT_OBJ)
|
||||
ALL_SRC=$(COMMON_SRC) $(UNITTEST_SRC) $(DAEMON_SRC) \
|
||||
$(TESTBOUND_SRC) $(LOCKVERIFY_SRC)
|
||||
$(TESTBOUND_SRC) $(LOCKVERIFY_SRC) $(PKTVIEW_SRC) $(SIGNIT_SRC)
|
||||
ALL_OBJ=$(addprefix $(BUILD),$(ALL_SRC:.c=.o) \
|
||||
$(addprefix compat/,$(LIBOBJS))) $(COMPAT_OBJ)
|
||||
|
||||
@ -87,7 +89,7 @@ $(BUILD)%.o: $(srcdir)/%.c
|
||||
|
||||
.PHONY: clean realclean doc lint all install uninstall
|
||||
|
||||
all: $(COMMON_OBJ) unbound unittest testbound lock-verify pktview
|
||||
all: $(COMMON_OBJ) unbound unittest testbound lock-verify pktview signit
|
||||
|
||||
unbound: $(DAEMON_OBJ)
|
||||
$(INFO) Link $@
|
||||
@ -109,6 +111,10 @@ pktview: $(PKTVIEW_OBJ)
|
||||
$(INFO) Link $@
|
||||
$Q$(LINK) -o $@ $^ $(LIBS)
|
||||
|
||||
signit: $(SIGNIT_OBJ)
|
||||
$(INFO) Link $@
|
||||
$Q$(LINK) -o $@ $^ $(LIBS)
|
||||
|
||||
#testcode/ldns-testpkts.c: $(ldnsdir)/examples/ldns-testpkts.c \
|
||||
# $(ldnsdir)/examples/ldns-testpkts.h
|
||||
# cp $(ldnsdir)/examples/ldns-testpkts.c testcode/ldns-testpkts.c
|
||||
|
@ -1,3 +1,7 @@
|
||||
29 August 2007: Wouter
|
||||
- test tool to sign rrsets for testing validator with.
|
||||
- added RSA and DSA test keys, public and private pairs, 512 bits.
|
||||
|
||||
28 August 2007: Wouter
|
||||
- removed double use for udp buffers, that could fail,
|
||||
instead performs a malloc to do the backup.
|
||||
|
194
testcode/signit.c
Normal file
194
testcode/signit.c
Normal file
@ -0,0 +1,194 @@
|
||||
/*
|
||||
* testcode/signit.c - debug tool to sign rrsets with given keys.
|
||||
*
|
||||
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
||||
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
|
||||
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||||
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||||
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||||
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||||
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
* POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This program signs rrsets with the given keys. It can be used to
|
||||
* construct input to test the validator with.
|
||||
*/
|
||||
#include "config.h"
|
||||
#include "util/log.h"
|
||||
#include "util/config_file.h"
|
||||
#include "util/net_help.h"
|
||||
|
||||
/**
|
||||
* Key settings
|
||||
*/
|
||||
struct keysets {
|
||||
/** signature inception */
|
||||
uint32_t incep;
|
||||
/** signature expiration */
|
||||
uint32_t expi;
|
||||
/** owner name */
|
||||
char* owner;
|
||||
/** keytag */
|
||||
uint16_t keytag;
|
||||
/** DNSKEY flags */
|
||||
uint16_t flags;
|
||||
};
|
||||
|
||||
/** print usage and exit */
|
||||
static void
|
||||
usage()
|
||||
{
|
||||
printf("usage: signit expi ince keytag owner keyfile\n");
|
||||
printf("present rrset data on stdin.\n");
|
||||
printf("signed data is printed to stdout.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/** read expi ince keytag owner from cmdline */
|
||||
static void
|
||||
parse_cmdline(char *argv[], struct keysets* s)
|
||||
{
|
||||
s->expi = cfg_convert_timeval(argv[1]);
|
||||
s->incep = cfg_convert_timeval(argv[2]);
|
||||
s->keytag = atoi(argv[3]);
|
||||
s->owner = argv[4];
|
||||
s->flags = DNSKEY_BIT_ZSK; /* to enforce signing */
|
||||
}
|
||||
|
||||
/** read all key files, exit on error */
|
||||
static ldns_key_list*
|
||||
read_keys(int num, char* names[], struct keysets* set)
|
||||
{
|
||||
int i;
|
||||
ldns_key_list* keys = ldns_key_list_new();
|
||||
ldns_key* k;
|
||||
ldns_rdf* rdf;
|
||||
ldns_status s;
|
||||
int b;
|
||||
FILE* in;
|
||||
|
||||
if(!keys) fatal_exit("alloc failure");
|
||||
for(i=0; i<num; i++) {
|
||||
printf("read keyfile %s\n", names[i]);
|
||||
in = fopen(names[i], "r");
|
||||
if(!in) fatal_exit("could not open %s: %s", names[i],
|
||||
strerror(errno));
|
||||
s = ldns_key_new_frm_fp(&k, in);
|
||||
fclose(in);
|
||||
if(s != LDNS_STATUS_OK)
|
||||
fatal_exit("bad keyfile %s: %s", names[i],
|
||||
ldns_get_errorstr_by_id(s));
|
||||
ldns_key_set_expiration(k, set->expi);
|
||||
ldns_key_set_inception(k, set->incep);
|
||||
s = ldns_str2rdf_dname(&rdf, set->owner);
|
||||
if(s != LDNS_STATUS_OK)
|
||||
fatal_exit("bad owner name %s: %s", set->owner,
|
||||
ldns_get_errorstr_by_id(s));
|
||||
ldns_key_set_pubkey_owner(k, rdf);
|
||||
ldns_key_set_flags(k, set->flags);
|
||||
ldns_key_set_keytag(k, set->keytag);
|
||||
b = ldns_key_list_push_key(keys, k);
|
||||
log_assert(b);
|
||||
}
|
||||
return keys;
|
||||
}
|
||||
|
||||
/** read list of rrs from the file */
|
||||
static ldns_rr_list*
|
||||
read_rrs(FILE* in)
|
||||
{
|
||||
uint32_t my_ttl = 3600;
|
||||
ldns_rdf *my_origin = NULL;
|
||||
ldns_rdf *my_prev = NULL;
|
||||
ldns_status s;
|
||||
int line_nr = 1;
|
||||
int b;
|
||||
|
||||
ldns_rr_list* list;
|
||||
ldns_rr *rr;
|
||||
|
||||
list = ldns_rr_list_new();
|
||||
if(!list) fatal_exit("alloc error");
|
||||
|
||||
while(!feof(in)) {
|
||||
s = ldns_rr_new_frm_fp_l(&rr, in, &my_ttl, &my_origin,
|
||||
&my_prev, &line_nr);
|
||||
if(s == LDNS_STATUS_SYNTAX_TTL ||
|
||||
s == LDNS_STATUS_SYNTAX_ORIGIN ||
|
||||
s == LDNS_STATUS_SYNTAX_EMPTY)
|
||||
continue;
|
||||
else if(s != LDNS_STATUS_OK)
|
||||
fatal_exit("parse error in line %d: %s", line_nr,
|
||||
ldns_get_errorstr_by_id(s));
|
||||
b = ldns_rr_list_push_rr(list, rr);
|
||||
log_assert(b);
|
||||
}
|
||||
printf("read %d lines\n", line_nr);
|
||||
|
||||
return list;
|
||||
}
|
||||
|
||||
/** sign the rrs with the keys */
|
||||
static void
|
||||
signit(ldns_rr_list* rrs, ldns_key_list* keys)
|
||||
{
|
||||
ldns_rr_list* rrset;
|
||||
ldns_rr_list* sigs;
|
||||
|
||||
while(ldns_rr_list_rr_count(rrs) > 0) {
|
||||
rrset = ldns_rr_list_pop_rrset(rrs);
|
||||
if(!rrset) fatal_exit("copy alloc failure");
|
||||
sigs = ldns_sign_public(rrset, keys);
|
||||
if(!sigs) fatal_exit("failed to sign");
|
||||
ldns_rr_list_print(stdout, rrset);
|
||||
ldns_rr_list_print(stdout, sigs);
|
||||
printf("\n");
|
||||
ldns_rr_list_free(rrset);
|
||||
ldns_rr_list_free(sigs);
|
||||
}
|
||||
}
|
||||
|
||||
/** main program */
|
||||
int main(int argc, char* argv[])
|
||||
{
|
||||
ldns_rr_list* rrs;
|
||||
ldns_key_list* keys;
|
||||
struct keysets settings;
|
||||
if(argc < 6) {
|
||||
usage();
|
||||
}
|
||||
parse_cmdline(argv, &settings);
|
||||
keys = read_keys(1, argv+5, &settings);
|
||||
rrs = read_rrs(stdin);
|
||||
signit(rrs, keys);
|
||||
|
||||
ldns_rr_list_deep_free(rrs);
|
||||
ldns_key_list_free(keys);
|
||||
return 0;
|
||||
}
|
1
testdata/Kexample.com.+003+02854.ds
vendored
Normal file
1
testdata/Kexample.com.+003+02854.ds
vendored
Normal file
@ -0,0 +1 @@
|
||||
example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b
|
1
testdata/Kexample.com.+003+02854.key
vendored
Normal file
1
testdata/Kexample.com.+003+02854.key
vendored
Normal file
@ -0,0 +1 @@
|
||||
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJIIs70j+sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKSxhOzfLVE1gqA0PweZR8dtY3aNQSRn3sPpwJr6Mi/PqQKAMMrZ9ckJpf1+bQMOOvxgzz2U1GS18b3yZKcgTMEaJzd/GZYzi/BN2DzQ0MsrSwYXfsNLFOBbs8PJMW4LYIxeeOe6rUgkWOF7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
|
7
testdata/Kexample.com.+003+02854.private
vendored
Normal file
7
testdata/Kexample.com.+003+02854.private
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
Private-key-format: v1.2
|
||||
Algorithm: 3 (DSA)
|
||||
Prime(p): +sDS/UT2QRp61SE7S3EEXopNXoFE73JLRmvpi/UrOO/Vz4Se6wXv/CYCKjGw06U4WRgRYXcpEhJROyNapmdIKQ==
|
||||
Subprime(q): tctSxapStjclgRHdPhMEkgizvSM=
|
||||
Base(g): LGE7N8tUTWCoDQ/B5lHx21jdo1BJGfew+nAmvoyL8+pAoAwytn1yQml/X5tAw46/GDPPZTUZLXxvfJkpyBMwRg==
|
||||
Private_value(x): XMs4XYi1oNckzTPvGMkgG5IiuzY=
|
||||
Public_value(y): ic3fxmWM4vwTdg80NDLK0sGF37DSxTgW7PDyTFuC2CMXnjnuq1IJFjhewgvQ4f3XbkNUK7CYZmQBBX3egcmFfg==
|
1
testdata/Kexample.com.+005+30899.ds
vendored
Normal file
1
testdata/Kexample.com.+005+30899.ds
vendored
Normal file
@ -0,0 +1 @@
|
||||
example.com. 3600 IN DS 30899 5 1 d4bf9d2e10f6d76840d42ef5913022abcd0bf512
|
1
testdata/Kexample.com.+005+30899.key
vendored
Normal file
1
testdata/Kexample.com.+005+30899.key
vendored
Normal file
@ -0,0 +1 @@
|
||||
example.com. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
|
10
testdata/Kexample.com.+005+30899.private
vendored
Normal file
10
testdata/Kexample.com.+005+30899.private
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
Private-key-format: v1.2
|
||||
Algorithm: 5 (RSASHA1)
|
||||
Modulus: 0ONXIUfQxB7f2iMyBQKmp2w5UX5SaEbOcs9YxbKESE+3Vn9K/j3g7nsHcZLMzR+sJ1OEC/KXyhUYeTyGFQSytw==
|
||||
PublicExponent: Aw==
|
||||
PrivateExponent: i0I6Fi/ggr8/5sIhWKxvGkgmNlQ28C80TIo7LncC2t6ar2Q5rpyiDxEHvFLfphRh108ZOqf2tQdHx7tXTx5Gqw==
|
||||
Prime1: 9WS85Q92ilTAuGiVi+KesKzrFqF98l2Gpu4003hfmbc=
|
||||
Prime2: 2eqsD2jcY4Mgw26A8XFiaLdxx5J4s10Dhd9ur6X3rwE=
|
||||
Exponent1: o5h97gpPBuMrJZsOXUG/IHNHZGupTD5ZxJ7N4lA/u88=
|
||||
Exponent2: kUcdX5s9l6zAgkmrS6DsRc+hL7b7Ij4CWT+fH8P6dKs=
|
||||
Coefficient: PVZrElFmz9tWa4kwu9jArjcocycYu0eBycgguQ03J7w=
|
Loading…
Reference in New Issue
Block a user