3
# Copyright (C) 2005-2007 Internet Systems Consortium, Inc. ("ISC")
5
# Permission to use, copy, modify, and/or distribute this software for any
6
# purpose with or without fee is hereby granted, provided that the above
7
# copyright notice and this permission notice appear in all copies.
9
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15
# PERFORMANCE OF THIS SOFTWARE.
17
# $Id: tests.sh,v 1.5 2007/06/19 23:47:06 tbox Exp $
20
. $SYSTEMTESTTOP/conf.sh
25
md5="97rnFx24Tfna4mHPfgnerA=="
26
sha1="FrSt77yPTFx6hTs4i2tKLB9LmE0="
27
sha224="hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="
28
sha256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="
29
sha384="OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h"
30
sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg=="
34
echo "I:fetching using hmac-md5 (old form)"
36
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
37
-y "md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.old || ret=1
38
grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
39
if [ $ret -eq 1 ] ; then
40
echo "I: failed"; status=1
43
echo "I:fetching using hmac-md5 (new form)"
45
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
46
-y "hmac-md5:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.new || ret=1
47
grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
48
if [ $ret -eq 1 ] ; then
49
echo "I: failed"; status=1
52
echo "I:fetching using hmac-sha1"
54
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
55
-y "hmac-sha1:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1 || ret=1
56
grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 > /dev/null || ret=1
57
if [ $ret -eq 1 ] ; then
58
echo "I: failed"; status=1
61
echo "I:fetching using hmac-sha224"
63
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
64
-y "hmac-sha224:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224 || ret=1
65
grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
66
if [ $ret -eq 1 ] ; then
67
echo "I: failed"; status=1
70
echo "I:fetching using hmac-sha256"
72
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
73
-y "hmac-sha256:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256 || ret=1
74
grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
75
if [ $ret -eq 1 ] ; then
76
echo "I: failed"; status=1
79
echo "I:fetching using hmac-sha384"
81
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
82
-y "hmac-sha384:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384 || ret=1
83
grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
84
if [ $ret -eq 1 ] ; then
85
echo "I: failed"; status=1
88
echo "I:fetching using hmac-sha512"
90
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
91
-y "hmac-sha512:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512 || ret=1
92
grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
93
if [ $ret -eq 1 ] ; then
94
echo "I: failed"; status=1
102
echo "I:fetching using hmac-md5 (trunc)"
104
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
105
-y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.trunc || ret=1
106
grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
107
if [ $ret -eq 1 ] ; then
108
echo "I: failed"; status=1
111
echo "I:fetching using hmac-sha1 (trunc)"
113
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
114
-y "hmac-sha1-80:sha1-trunc:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1.trunc || ret=1
115
grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.trunc > /dev/null || ret=1
116
if [ $ret -eq 1 ] ; then
117
echo "I: failed"; status=1
120
echo "I:fetching using hmac-sha224 (trunc)"
122
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
123
-y "hmac-sha224-112:sha224-trunc:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224.trunc || ret=1
124
grep -i "sha224-trunc.*TSIG.*NOERROR" dig.out.sha224.trunc > /dev/null || ret=1
125
if [ $ret -eq 1 ] ; then
126
echo "I: failed"; status=1
129
echo "I:fetching using hmac-sha256 (trunc)"
131
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
132
-y "hmac-sha256-128:sha256-trunc:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256.trunc || ret=1
133
grep -i "sha256-trunc.*TSIG.*NOERROR" dig.out.sha256.trunc > /dev/null || ret=1
134
if [ $ret -eq 1 ] ; then
135
echo "I: failed"; status=1
138
echo "I:fetching using hmac-sha384 (trunc)"
140
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
141
-y "hmac-sha384-192:sha384-trunc:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384.trunc || ret=1
142
grep -i "sha384-trunc.*TSIG.*NOERROR" dig.out.sha384.trunc > /dev/null || ret=1
143
if [ $ret -eq 1 ] ; then
144
echo "I: failed"; status=1
147
echo "I:fetching using hmac-sha512-256 (trunc)"
149
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
150
-y "hmac-sha512-256:sha512-trunc:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512.trunc || ret=1
151
grep -i "sha512-trunc.*TSIG.*NOERROR" dig.out.sha512.trunc > /dev/null || ret=1
152
if [ $ret -eq 1 ] ; then
153
echo "I: failed"; status=1
159
# Check for bad truncation.
162
echo "I:fetching using hmac-md5-80 (BADTRUNC)"
164
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
165
-y "hmac-md5-80:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5-80 || ret=1
166
grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
167
if [ $ret -eq 1 ] ; then
168
echo "I: failed"; status=1
171
echo "I:fetching using hmac-sha1-80 (BADTRUNC)"
173
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
174
-y "hmac-sha1-80:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1-80 || ret=1
175
grep -i "sha1.*TSIG.*BADTRUNC" dig.out.sha1-80 > /dev/null || ret=1
176
if [ $ret -eq 1 ] ; then
177
echo "I: failed"; status=1
180
echo "I:fetching using hmac-sha224-112 (BADTRUNC)"
182
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
183
-y "hmac-sha224-112:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224-112 || ret=1
184
grep -i "sha224.*TSIG.*BADTRUNC" dig.out.sha224-112 > /dev/null || ret=1
185
if [ $ret -eq 1 ] ; then
186
echo "I: failed"; status=1
189
echo "I:fetching using hmac-sha256-128 (BADTRUNC)"
191
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
192
-y "hmac-sha256-128:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256-128 || ret=1
193
grep -i "sha256.*TSIG.*BADTRUNC" dig.out.sha256-128 > /dev/null || ret=1
194
if [ $ret -eq 1 ] ; then
195
echo "I: failed"; status=1
198
echo "I:fetching using hmac-sha384-192 (BADTRUNC)"
200
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
201
-y "hmac-sha384-192:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384-192 || ret=1
202
grep -i "sha384.*TSIG.*BADTRUNC" dig.out.sha384-192 > /dev/null || ret=1
203
if [ $ret -eq 1 ] ; then
204
echo "I: failed"; status=1
207
echo "I:fetching using hmac-sha512-256 (BADTRUNC)"
209
$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
210
-y "hmac-sha512-256:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512-256 || ret=1
211
grep -i "sha512.*TSIG.*BADTRUNC" dig.out.sha512-256 > /dev/null || ret=1
212
if [ $ret -eq 1 ] ; then
213
echo "I: failed"; status=1