+4 August 2009: Wouter
+ - Added test that the examples from draft rsasha256-14 verify.
+ - iana portlist updated.
+
3 August 2009: Wouter
- nicer warning when algorithm not supported, tells you to upgrade.
- iana portlist updated.
#if defined(HAVE_EVP_SHA256) && defined(USE_SHA2)
verifytest_file("testdata/test_signatures.9", "20070829144150");
verifytest_file("testdata/test_signatures.11", "20070829144150");
+ verifytest_file("testdata/test_signatures.14", "20090101000000");
#endif
#if defined(HAVE_EVP_SHA512) && defined(USE_SHA2)
- /* Skip test. Algorithm number uncertainty
verifytest_file("testdata/test_signatures.10", "20070829144150");
- */
#endif
verifytest_file("testdata/test_signatures.12", "20090107100022");
verifytest_file("testdata/test_signatures.13", "20080414005004");
; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
; later entries are verified with it.
-; Test RSASHA512 signatures.
+; Test RSASHA512 signatures from draft-ietf-dnsext-dnssec-rsasha256-14
-; RSA key from ldns tool
ENTRY_BEGIN
SECTION QUESTION
-sub.example.com. IN DNSKEY
+example.net. IN DNSKEY
SECTION ANSWER
-example.com. 3600 IN DNSKEY 256 3 9 AwEAAazmeO3BNv+xPYuFbQp8JN4XX+iKNuvJgD2QG5jRXI0IP5by+JGSob20OEmbPLqKcXWMRPICTyPBDaBh0tXA66DVlHV8rCtAT5Yqdrz2qw05SNYCGWJulscR6GM0e4gkO1FrBINr385IiMH3sJegBzm2HUbyb2I+xuFIfl7SgMuZ5fahHnhjDwsdgw+19OQlbYDRmNhMvtJemomIiGzPwrxEtKBlcUevcFPX7cPU7lpbcZwVP16xhLbtSNwMHvoCoRpJrAtdDGiSyAzTQef+jWuaUlFCPle6Qkghi51zmpBrPunqRCoYg7LIyJ9zS/KzPKX2zN2ASu9KJD3tDW9OSZM= ;{id = 48886 (zsk), size = 2048b}
-
+example.net. 3600 IN DNSKEY (256 3 10 AwEAAdHoNTOW+et86KuJOWRD p1pndvwb6Y83nSVXXyLA3DLroROUkN6X0O6pnWnjJQujX/AyhqFD xj13tOnD9u/1kTg7cV6rklMrZDtJCQ5PCl/D7QNPsgVsMu1J2Q8g pMpztNFLpPBz1bWXjDtaR7ZQBlZ3PFY12ZTSncorffcGmhOL);{id = 3740 (zsk), size = 1024b}
ENTRY_END
; entry to test
ENTRY_BEGIN
SECTION QUESTION
-www.example.com. IN A
+www.example.net. IN A
SECTION ANSWER
-www.example.com. 3600 IN A 192.0.2.66
-www.example.com. 3600 IN RRSIG A 9 3 3600 20070926134150 20070829134150 48886 example.com. Ys6CGNAxJ+0lG/EoDJqZOoZTlX8Aa1k124VjnSE2A9NTecZUX44TiKtJQtUu7cnUcURuNsqX5rulr/70Vx+ANeUot/ewtY6fX6qaGZVgIaNyyDw0Gu7oiAsjOE0bt5RS4VGvDpLSdxDlPV0Kbbc4fYSTsqiSe2idMokfD2bgPcFrIx2TcX/sF8Jyhn2MGiQsWryMWyvhRTZ1+dwQcPhkeslGFLF/SQpGx5BbW/BYQG026xb6ckL/F/Pu4Jf5sQTimTZXHi9iASeRNO34DM9bS0yDgc+nm3bEg8/pEGCdFuCt6dVv7JTFgnR9fPTbEbBHIi4ORw1oef11G2sRV/Ubvw== ;{id = 48886}
-
+www.example.net. 3600 IN A 192.0.2.91
+www.example.net. 3600 IN RRSIG (A 10 3 3600 20300101000000 20000101000000 3740 example.net. tsb4wnjRUDnB1BUi+t 6TMTXThjVnG+eCkWqjvvjhzQL1d0YRoOe0CbxrVDYd0xDtsuJRa eUw1ep94PzEWzr0iGYgZBWm/zpq+9fOuagYJRfDqfReKBzMweOL DiNa8iP5g9vMhpuv6OPlvpXwm9Sa9ZXIbNl1MBGk0fthPgxdDLw =);{id = 3740}
ENTRY_END
--- /dev/null
+; Signature test file
+
+; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification.
+; later entries are verified with it.
+
+; Test RSASHA256 signatures from draft-ietf-dnsext-dnssec-rsasha256-14
+
+ENTRY_BEGIN
+SECTION QUESTION
+example.net. IN DNSKEY
+SECTION ANSWER
+example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b}
+ENTRY_END
+
+; entry to test
+ENTRY_BEGIN
+SECTION QUESTION
+www.example.net. IN A
+SECTION ANSWER
+www.example.net. 3600 IN A 192.0.2.91
+www.example.net. 3600 IN RRSIG (A 8 3 3600 20300101000000 20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9 l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEa cFYK/lPtPiVYP4bwg== ;{id = 9033}
+ENTRY_END
+
5102,
5111,
5112,
+5113,
5116,
5133,
5137,
projects / thirdparty / unbound.git / commitdiff
