status=0
-checkhash() {
- name=$1
- hash=$2
- echo "I:checking nsec3hash $name"
- out=`$NSEC3HASH $salt $algo $iters $1`
+checkout() {
case $? in
0) : ok ;;
- *) echo "I:failed $cmd"
+ *) echo "I:failed"
status=`expr $status + 1`
- continue ;;
+ return 1 ;;
esac
case $out in
*$hash*) : ok ;;
echo "I:failed"
status=`expr $status + 1` ;;
esac
+}
- echo "I:checking nsec3hash -r $name"
+# test cases taken from RFC 5155 appendix A
+algo=1 flags=0 iters=12 salt="aabbccdd"
+while read name hash
+do
+ echo "I:checking $NSEC3HASH $name"
+ out=`$NSEC3HASH $salt $algo $iters $name`
+ checkout
+
+ echo "I:checking $NSEC3HASH -r $name"
out=`$NSEC3HASH -r $algo $flags $iters $salt $name`
+ checkout
+
+done <<EOF
+*.w.example R53BQ7CC2UVMUBFU5OCMM6PERS9TK9EN
+2t7b4g4vsa5smi47k61mv5bv1a22bojr.example KOHAR7MBB8DC2CE8A9QVL8HON4K53UHI
+a.example 35MTHGPGCU1QG68FAB165KLNSNK3DPVL
+ai.example GJEQE526PLBF1G8MKLP59ENFD789NJGI
+example 0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM
+ns1.example 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR
+ns2.example Q04JKCEVQVMU85R014C7DKBA38O0JI5R
+w.example K8UDEMVP1J2F7EG6JEBPS17VP3N8I58H
+x.w.example B4UM86EGHHDS6NEA196SMVMLO4ORS995
+x.y.w.example 2VPTU5TIMAMQTTGL4LUU9KG21E0AOR3S
+xx.example T644EBQK9BIBCNA874GIVR6JOJ62MLHV
+y.w.example JI6NEOAEPV8B5O6K4EV33ABHA8HT9FGC
+EOF
+
+# test empty salt
+checkempty() {
+ hash=CK0POJMG874LJREF7EFN8430QVIT8BSM checkout &&
+ hash=- checkout
+}
+name=com algo=1 flags=1 iters=0
+echo "I:checking $NSEC3HASH '' $name"
+out=`$NSEC3HASH '' $algo $iters $name`
+checkempty
+echo "I:checking $NSEC3HASH - $name"
+out=`$NSEC3HASH - $algo $iters $name`
+checkempty
+echo "I:checking $NSEC3HASH -- '' $name"
+out=`$NSEC3HASH -- '' $algo $iters $name`
+checkempty
+echo "I:checking $NSEC3HASH -- - $name"
+out=`$NSEC3HASH -- - $algo $iters $name`
+checkempty
+echo "I:checking $NSEC3HASH -r '' $name"
+out=`$NSEC3HASH -r $algo $flags $iters '' $name`
+checkempty
+echo "I:checking $NSEC3HASH -r - $name"
+out=`$NSEC3HASH -r $algo $flags $iters - $name`
+checkempty
+
+checkfail() {
case $? in
- 0) : ok ;;
- *) echo "I:failed $cmd"
+ 0) echo "I:failed to fail"
status=`expr $status + 1`
- continue ;;
- esac
- case $out in
- *$hash*) : ok ;;
- *) echo "I:expect $hash"
- echo "I:output $out"
- echo "I:failed"
- status=`expr $status + 1` ;;
+ return 1 ;;
esac
}
-
-# test cases taken from RFC 5155 appendix A
-algo=1 flags=0 iters=12 salt="aabbccdd"
-for testcase in \
- "*.w.example R53BQ7CC2UVMUBFU5OCMM6PERS9TK9EN" \
- "2t7b4g4vsa5smi47k61mv5bv1a22bojr.example KOHAR7MBB8DC2CE8A9QVL8HON4K53UHI" \
- "a.example 35MTHGPGCU1QG68FAB165KLNSNK3DPVL" \
- "ai.example GJEQE526PLBF1G8MKLP59ENFD789NJGI" \
- "example 0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM" \
- "ns1.example 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR" \
- "ns2.example Q04JKCEVQVMU85R014C7DKBA38O0JI5R" \
- "w.example K8UDEMVP1J2F7EG6JEBPS17VP3N8I58H" \
- "x.w.example B4UM86EGHHDS6NEA196SMVMLO4ORS995" \
- "x.y.w.example 2VPTU5TIMAMQTTGL4LUU9KG21E0AOR3S" \
- "xx.example T644EBQK9BIBCNA874GIVR6JOJ62MLHV" \
- "y.w.example JI6NEOAEPV8B5O6K4EV33ABHA8HT9FGC"; do
- checkhash $testcase
-done
+echo "I:checking $NSEC3HASH missing args"
+out=`$NSEC3HASH 00 1 0 2>&1`
+checkfail
+echo "I:checking $NSEC3HASH extra args"
+out=`$NSEC3HASH 00 1 0 two names 2>&1`
+checkfail
+echo "I:checking $NSEC3HASH bad option"
+out=`$NSEC3HASH -? 2>&1`
+checkfail
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
}
typedef void nsec3printer(unsigned algo, unsigned flags, unsigned iters,
- char *saltstr, char *domain, char *digest);
+ const char *saltstr, const char *domain,
+ const char *digest);
static void
nsec3hash(nsec3printer *nsec3print, char *algostr, char *flagstr,
- char *iterstr, char *saltstr, char *domain)
+ const char *iterstr, const char *saltstr, const char *domain)
{
dns_fixedname_t fixed;
dns_name_t *name;
unsigned int length;
unsigned int iterations;
unsigned int salt_length;
+ const char dash[] = "-";
if (strcmp(saltstr, "-") == 0) {
salt_length = 0;
salt_length = isc_buffer_usedlength(&buffer);
if (salt_length > DNS_NSEC3_SALTSIZE)
fatal("salt too long");
+ if (salt_length == 0)
+ saltstr = dash;
}
hash_alg = atoi(algostr);
if (hash_alg > 255U)
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
- isc_buffer_init(&buffer, domain, strlen(domain));
+ isc_buffer_constinit(&buffer, domain, strlen(domain));
isc_buffer_add(&buffer, strlen(domain));
result = dns_name_fromtext(name, &buffer, dns_rootname, 0, NULL);
check_result(result, "dns_name_fromtext() failed");
static void
nsec3hash_print(unsigned algo, unsigned flags, unsigned iters,
- char *saltstr, char *domain, char *digest)
+ const char *saltstr, const char *domain, const char *digest)
{
UNUSED(flags);
UNUSED(domain);
static void
nsec3hash_rdata_print(unsigned algo, unsigned flags, unsigned iters,
- char *saltstr, char *domain, char *digest)
+ const char *saltstr, const char *domain,
+ const char *digest)
{
fprintf(stdout, "%s NSEC3 %u %u %u %s %s\n",
domain, algo, flags, iters, saltstr, digest);
isc_boolean_t rdata_format = ISC_FALSE;
int ch;
- while ((ch = isc_commandline_parse(argc, argv, "r")) != -1) {
+ while ((ch = isc_commandline_parse(argc, argv, "-r")) != -1) {
switch (ch) {
case 'r':
rdata_format = ISC_TRUE;
break;
+ case '-':
+ isc_commandline_index -= 1;
+ goto skip;
default:
break;
}
}
+ skip:
argc -= isc_commandline_index;
argv += isc_commandline_index;