diff options
| author | gregor herrmann <gregoa@debian.org> | 2020-05-15 22:35:40 +0200 |
|---|---|---|
| committer | gregor herrmann <gregoa@debian.org> | 2020-05-15 22:35:40 +0200 |
| commit | 11b1e4ca92c681a8e6a5bd1a8d2662d4c3c11df6 (patch) | |
| tree | 198d3d1aa3d8482334c6c9c57c00086fb98eaed4 | |
| parent | 31eb80358707820d36ece0b680cdba4c5889a903 (diff) | |
New upstream version 1.16
| -rw-r--r-- | Changes | 13 | ||||
| -rw-r--r-- | META.json | 6 | ||||
| -rw-r--r-- | META.yml | 4 | ||||
| -rw-r--r-- | Makefile.PL | 4 | ||||
| -rw-r--r-- | SEC.xs | 86 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC.pm | 6 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/Digest.pm | 72 | ||||
| -rw-r--r-- | lib/Net/DNS/SEC/Keyset.pm | 14 | ||||
| -rw-r--r-- | t/10-keyset.t | 3 | ||||
| -rw-r--r-- | t/20-digest.t | 10 | ||||
| -rw-r--r-- | t/21-RSA-MD5.t | 6 | ||||
| -rw-r--r-- | t/22-RSA-SHA1.t | 12 | ||||
| -rw-r--r-- | t/23-RSA-SHA256.t | 6 | ||||
| -rw-r--r-- | t/24-RSA-SHA512.t | 6 | ||||
| -rw-r--r-- | t/31-DSA-SHA1.t | 12 | ||||
| -rw-r--r-- | t/51-ECDSA-P256.t | 12 | ||||
| -rw-r--r-- | t/52-ECDSA-P384.t | 6 | ||||
| -rw-r--r-- | t/61-Ed25519.t | 12 | ||||
| -rw-r--r-- | t/62-Ed448.t | 6 |
19 files changed, 135 insertions, 161 deletions
@@ -1,6 +1,15 @@ Revision history for Perl extension Net::DNS::SEC. +**** 1.16 May 11, 2020 + + Improve testing of verify() functions. + + Rework code in Digest.pm + + SEC.xs code reduction. + + **** 1.15 February 3, 2020 Provide access to OpenSSL message digest implementations. @@ -12,8 +21,6 @@ Revision history for Perl extension Net::DNS::SEC. Support more efficient algorithm mapping in Net::DNS. - SEC.xs code reduction. - **** 1.13 May 6, 2019 @@ -631,4 +638,4 @@ Net::DNS. The history of those is documented below. --------------------------------------------------------------------------- -$Id: Changes 1766 2020-02-03 14:17:59Z willem $ +$Id: Changes 1780 2020-05-11 09:19:56Z willem $ @@ -34,7 +34,9 @@ "runtime" : { "recommends" : {}, "requires" : { + "Carp" : "1.1", "DynaLoader" : "1.04", + "Exporter" : "5.56", "File::Find" : "1.05", "File::Spec" : "0.86", "IO::File" : "1.08", @@ -46,6 +48,6 @@ } }, "release_status" : "stable", - "version" : "1.15", - "x_serialization_backend" : "JSON::PP version 2.97001" + "version" : "1.16", + "x_serialization_backend" : "JSON::PP version 4.04" } @@ -20,7 +20,9 @@ no_index: - inc recommends: {} requires: + Carp: '1.1' DynaLoader: '1.04' + Exporter: '5.56' File::Find: '1.05' File::Spec: '0.86' IO::File: '1.08' @@ -28,5 +30,5 @@ requires: Net::DNS: '1.08' Test::More: '0.47' perl: '5.006' -version: '1.15' +version: '1.16' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/Makefile.PL b/Makefile.PL index 4d67518..429f0fb 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -1,5 +1,5 @@ # -# $Id: Makefile.PL 1763 2020-02-02 21:48:03Z willem $ -*-perl-*- +# $Id: Makefile.PL 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -25,7 +25,9 @@ my %metadata = ( my %prerequisite = ( + 'Carp' => 1.10, 'DynaLoader' => 1.04, + 'Exporter' => 5.56, 'File::Find' => 1.05, 'File::Spec' => 0.86, 'IO::File' => 1.08, @@ -1,5 +1,5 @@ -#define XS_Id "$Id: SEC.xs 1763 2020-02-02 21:48:03Z willem $" +#define XS_Id "$Id: SEC.xs 1777 2020-05-07 08:24:01Z willem $" =head1 NAME @@ -47,6 +47,7 @@ extern "C" { #include "perl.h" #include "XSUB.h" +#define OPENSSL_SUPPRESS_DEPRECATED #include <openssl/opensslv.h> #include <openssl/evp.h> #include <openssl/bn.h> @@ -75,34 +76,23 @@ extern "C" { #endif -#ifndef OPENSSL_VERSION_NUMBER /* 0xMNN00PPSL retain backward compatibility */ -#ifdef OPENSSL_VERSION_PRE_RELEASE +#ifndef OPENSSL_VERSION_NUMBER /* 0xMNN00PP0L retain backward compatibility */ #define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) | 0x0L ) -#else -#define OPENSSL_VERSION_NUMBER \ - ( (OPENSSL_VERSION_MAJOR<<28) | (OPENSSL_VERSION_MINOR<<20) | (OPENSSL_VERSION_PATCH<<4) | 0xfL ) -#endif #endif #ifdef LIBRESSL_VERSION_NUMBER #undef OPENSSL_VERSION_NUMBER -#if (LIBRESSL_VERSION_NUMBER < 0x20700000) -#define OPENSSL_VERSION_NUMBER 0x10002000L -#else #define OPENSSL_VERSION_NUMBER 0x10100000L #endif -#define NO_ECCGOST -#endif #if (OPENSSL_VERSION_NUMBER < 0x10101000) +#define NO_ECCGOST #define NO_EdDSA #define NO_SHA3 -#define EC_POINT_set_affine_coordinates EC_POINT_set_affine_coordinates_GFp - int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sig, size_t *sig_len, const unsigned char *data, size_t data_len) @@ -122,7 +112,6 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, #if (OPENSSL_VERSION_NUMBER < 0x10100000) -#define NO_ECCGOST #define EVP_MD_CTX_new() EVP_MD_CTX_create() #define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy((ctx)) @@ -176,10 +165,9 @@ BIGNUM *bn_new_hex(const char *hex) #endif -int checkret(const int ret, int line) +void checkret(const int ret, int line) { - if ( ret == 1 ) return ret; - croak("libcrypto error (%s line %d)", __FILE__, line); + if ( ret != 1 ) croak("libcrypto error (%s line %d)", __FILE__, line); } #define checkerr(arg) checkret( (arg), __LINE__ ) @@ -313,36 +301,30 @@ EVP_sha3_512() #ifndef NO_DSA -int +void EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) CODE: - RETVAL = checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_DSA, (char*)key ) ); - OUTPUT: - RETVAL + checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_DSA, (char*)key ) ); DSA* DSA_new() -int +void DSA_set0_pqg(DSA *d, SV *p_SV, SV *q_SV, SV *g_SV) INIT: BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); BIGNUM *g = BN_bin2bn( (unsigned char*) SvPVX(g_SV), SvCUR(g_SV), NULL ); CODE: - RETVAL = checkerr( DSA_set0_pqg( d, p, q, g ) ); - OUTPUT: - RETVAL + checkerr( DSA_set0_pqg( d, p, q, g ) ); -int +void DSA_set0_key(DSA *dsa, SV *y_SV, SV *x_SV) INIT: BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); CODE: - RETVAL = checkerr( DSA_set0_key( dsa, y, x ) ); - OUTPUT: - RETVAL + checkerr( DSA_set0_key( dsa, y, x ) ); #endif @@ -351,36 +333,30 @@ DSA_set0_key(DSA *dsa, SV *y_SV, SV *x_SV) #ifndef NO_RSA -int +void EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) CODE: - RETVAL = checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_RSA, (char*)key ) ); - OUTPUT: - RETVAL + checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_RSA, (char*)key ) ); RSA* RSA_new() -int +void RSA_set0_factors(RSA *r, SV *p_SV, SV *q_SV) INIT: BIGNUM *p = BN_bin2bn( (unsigned char*) SvPVX(p_SV), SvCUR(p_SV), NULL ); BIGNUM *q = BN_bin2bn( (unsigned char*) SvPVX(q_SV), SvCUR(q_SV), NULL ); CODE: - RETVAL = checkerr( RSA_set0_factors( r, p, q ) ); - OUTPUT: - RETVAL + checkerr( RSA_set0_factors( r, p, q ) ); -int +void RSA_set0_key(RSA *r, SV *n_SV, SV *e_SV, SV *d_SV) INIT: BIGNUM *d = BN_bin2bn( (unsigned char*) SvPVX(d_SV), SvCUR(d_SV), NULL ); BIGNUM *e = BN_bin2bn( (unsigned char*) SvPVX(e_SV), SvCUR(e_SV), NULL ); BIGNUM *n = BN_bin2bn( (unsigned char*) SvPVX(n_SV), SvCUR(n_SV), NULL ); CODE: - RETVAL = checkerr( RSA_set0_key( r, n, e, d ) ); - OUTPUT: - RETVAL + checkerr( RSA_set0_key( r, n, e, d ) ); #endif @@ -389,40 +365,36 @@ RSA_set0_key(RSA *r, SV *n_SV, SV *e_SV, SV *d_SV) #ifndef NO_ECDSA -int +void EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) CODE: - RETVAL = checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_EC, (char*)key ) ); - OUTPUT: - RETVAL + checkerr( EVP_PKEY_assign( pkey, EVP_PKEY_EC, (char*)key ) ); # Creates new EC_KEY object using prescribed curve EC_KEY* EC_KEY_new_by_curve_name(int nid) -int +void EC_KEY_set_private_key(EC_KEY *key, SV *prv_SV) INIT: BIGNUM *prv = BN_bin2bn( (unsigned char*) SvPVX(prv_SV), SvCUR(prv_SV), NULL ); + int status; CODE: - RETVAL = EC_KEY_set_private_key( key, prv ); + status = EC_KEY_set_private_key( key, prv ); BN_clear_free(prv); - checkerr(RETVAL); - OUTPUT: - RETVAL + checkerr(status); -int +void EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, SV *x_SV, SV *y_SV) INIT: BIGNUM *x = BN_bin2bn( (unsigned char*) SvPVX(x_SV), SvCUR(x_SV), NULL ); BIGNUM *y = BN_bin2bn( (unsigned char*) SvPVX(y_SV), SvCUR(y_SV), NULL ); + int status; CODE: - RETVAL = EC_KEY_set_public_key_affine_coordinates( key, x, y ); + status = EC_KEY_set_public_key_affine_coordinates( key, x, y ); BN_free(x); BN_free(y); - checkerr(RETVAL); - OUTPUT: - RETVAL + checkerr(status); #endif @@ -509,7 +481,6 @@ ECCGOST_verify(SV *H, SV *r_SV, SV *s_SV, EC_KEY *eckey) /* algebraic transformation of ECC-GOST into equivalent ECDSA problem */ checkerr( BN_mod_sub(m, q, s, q, ctx) ); checkerr( BN_mod_sub(s, q, e, q, ctx) ); - BN_CTX_free(ctx); BN_free(e); BN_free(q); @@ -518,6 +489,7 @@ ECCGOST_verify(SV *H, SV *r_SV, SV *s_SV, EC_KEY *eckey) BN_bn2binpad(m, bin, len); BN_free(m); RETVAL = ECDSA_do_verify( bin, len, ecsig, eckey ); + BN_CTX_free(ctx); EC_KEY_free(eckey); ECDSA_SIG_free(ecsig); OUTPUT: diff --git a/lib/Net/DNS/SEC.pm b/lib/Net/DNS/SEC.pm index 420cc9c..81e5201 100644 --- a/lib/Net/DNS/SEC.pm +++ b/lib/Net/DNS/SEC.pm @@ -1,11 +1,11 @@ package Net::DNS::SEC; # -# $Id: SEC.pm 1766 2020-02-03 14:17:59Z willem $ +# $Id: SEC.pm 1780 2020-05-11 09:19:56Z willem $ # our $VERSION; -$VERSION = '1.15'; -our $SVNVERSION = (qw$LastChangedRevision: 1766 $)[1]; +$VERSION = '1.16'; +our $SVNVERSION = (qw$LastChangedRevision: 1780 $)[1]; our $XS_VERSION = $VERSION; $VERSION = eval $VERSION; diff --git a/lib/Net/DNS/SEC/Digest.pm b/lib/Net/DNS/SEC/Digest.pm index 34db7fa..82203ac 100644 --- a/lib/Net/DNS/SEC/Digest.pm +++ b/lib/Net/DNS/SEC/Digest.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::Digest; # -# $Id: Digest.pm 1763 2020-02-02 21:48:03Z willem $ +# $Id: Digest.pm 1777 2020-05-07 08:24:01Z willem $ # -our $VERSION = (qw$LastChangedRevision: 1763 $)[1]; +our $VERSION = (qw$LastChangedRevision: 1777 $)[1]; =head1 NAME @@ -38,28 +38,27 @@ use constant libcrypto_available => Net::DNS::SEC::libcrypto->can('EVP_MD_CTX_ne BEGIN { die 'Net::DNS::SEC not available' unless libcrypto_available } -my %sha = ( - 1 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, - 224 => sub { Net::DNS::SEC::libcrypto::EVP_sha224() }, - 256 => sub { Net::DNS::SEC::libcrypto::EVP_sha256() }, - 384 => sub { Net::DNS::SEC::libcrypto::EVP_sha384() }, - 512 => sub { Net::DNS::SEC::libcrypto::EVP_sha512() }, - ); +my %digest = ( + MD5 => sub { Net::DNS::SEC::libcrypto::EVP_md5() }, -my %sha3 = ( - 224 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_224() }, - 256 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_256() }, - 384 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_384() }, - 512 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_512() }, - ); + SHA_1 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, + SHA_224 => sub { Net::DNS::SEC::libcrypto::EVP_sha224() }, + SHA_256 => sub { Net::DNS::SEC::libcrypto::EVP_sha256() }, + SHA_384 => sub { Net::DNS::SEC::libcrypto::EVP_sha384() }, + SHA_512 => sub { Net::DNS::SEC::libcrypto::EVP_sha512() }, + SHA3_224 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_224() }, + SHA3_256 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_256() }, + SHA3_384 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_384() }, + SHA3_512 => sub { Net::DNS::SEC::libcrypto::EVP_sha3_512() }, + ); -package Net::DNS::SEC::Digest::SHA; sub new { - my ( $class, $alg ) = @_; - my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); - my $evpmd = $sha{$alg}; + my $class = shift; + my ($index) = reverse split '::', join '_', $class, @_; + my $evpmd = $digest{$index}; + my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdobj, &$evpmd ); bless( \$mdobj, $class ); } @@ -69,7 +68,6 @@ sub add { Net::DNS::SEC::libcrypto::EVP_DigestUpdate( $$object, shift ); } - sub digest { my $object = shift; Net::DNS::SEC::libcrypto::EVP_DigestFinal($$object); @@ -81,28 +79,14 @@ DESTROY { } -package Net::DNS::SEC::Digest::SHA3; -our @ISA = qw(Net::DNS::SEC::Digest::SHA); - -sub new { - my ( $class, $alg ) = @_; - my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); - my $evpmd = $sha3{$alg}; - Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdobj, &$evpmd ); - bless( \$mdobj, $class ); -} - - package Net::DNS::SEC::Digest::MD5; -our @ISA = qw(Net::DNS::SEC::Digest::SHA); +our @ISA = qw(Net::DNS::SEC::Digest); -sub new { - my ( $class, $alg ) = @_; - my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); - my $evpmd = sub { Net::DNS::SEC::libcrypto::EVP_md5() }; - Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdobj, &$evpmd ); - bless( \$mdobj, $class ); -} +package Net::DNS::SEC::Digest::SHA; +our @ISA = qw(Net::DNS::SEC::Digest); + +package Net::DNS::SEC::Digest::SHA3; +our @ISA = qw(Net::DNS::SEC::Digest); 1; @@ -116,7 +100,7 @@ __END__ =head2 new require Net::DNS::SEC::Digest; - $object = new Net::DNS::SEC::Digest::SHA( $algorithm ); + $object = new Net::DNS::SEC::Digest::SHA(256); Creates and initialises a new digest object instance for the specified algorithm. @@ -124,17 +108,17 @@ algorithm. =head2 add - $object->add($text); + $object->add($data); $object->add($more); -Append specified text to digest stream. +Append specified data to the digest stream. =head2 digest $digest = $object->digest; -Returns the digest encoded as a binary string. +Returns an octet string containing the calculated digest. =head1 ACKNOWLEDGMENT diff --git a/lib/Net/DNS/SEC/Keyset.pm b/lib/Net/DNS/SEC/Keyset.pm index fc9ac1c..e646a5f 100644 --- a/lib/Net/DNS/SEC/Keyset.pm +++ b/lib/Net/DNS/SEC/Keyset.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::Keyset; # -# $Id: Keyset.pm 1705 2018-08-23 10:24:02Z willem $ +# $Id: Keyset.pm 1777 2020-05-07 08:24:01Z willem $ # -our $VERSION = (qw$LastChangedRevision: 1705 $)[1]; +our $VERSION = (qw$LastChangedRevision: 1777 $)[1]; =head1 NAME @@ -34,7 +34,7 @@ use strict; use integer; use warnings; use Carp; -use File::Spec::Functions; +use File::Spec; use Net::DNS::ZoneFile; @@ -73,7 +73,7 @@ Sets keyset_err and returns undef on failure. sub _new_from_file { my ( $class, $name, @path ) = @_; - my $file = catfile( @path, $name ); + my $file = File::Spec->catfile( @path, $name ); my @rr = new Net::DNS::ZoneFile($file)->read; @@ -102,7 +102,7 @@ sub _new_from_keys { my @sigrr; foreach my $key ( grep $_->type eq 'DNSKEY', @$keylist ) { my $keyname = $key->privatekeyname; - my $keyfile = catfile( @keypath, $keyname ); + my $keyfile = File::Spec->catfile( @keypath, $keyname ); my @rrsig = Net::DNS::RR::RRSIG->create( $keylist, $keyfile ); push @sigrr, grep defined, @rrsig; } @@ -344,13 +344,13 @@ prepended to the domain name to form the keyset filename. sub writekeyset { my $self = shift; my ( $arg1, @path ) = @_; - @path = shift() if $arg1 && file_name_is_absolute($arg1); + @path = shift() if $arg1 && File::Spec->file_name_is_absolute($arg1); my $prefix = shift || 'keyset-'; my @keysetrr = ( $self->keys, $self->sigs ); my $domainname = $keysetrr[0]->name; my $keysetname = "$prefix$domainname."; - my $filename = catfile( @path, $keysetname ); + my $filename = File::Spec->catfile( @path, $keysetname ); $filename =~ s/[.]+/\./; ## avoid antisocial consequences of $path with .. open( KEYSET, ">$filename" ) or croak qq(open: "$filename" $!); select( ( select(KEYSET), $self->print )[0] ); diff --git a/t/10-keyset.t b/t/10-keyset.t index 451f655..c343b06 100644 --- a/t/10-keyset.t +++ b/t/10-keyset.t @@ -1,4 +1,4 @@ -# $Id: 10-keyset.t 1758 2019-10-14 13:17:11Z willem $ -*-perl-*- +# $Id: 10-keyset.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -6,6 +6,7 @@ use Test::More; my %prerequisite = ( 'Net::DNS::SEC' => 1.01, + 'Digest::SHA' => 5.23, 'MIME::Base64' => 2.13, ); diff --git a/t/20-digest.t b/t/20-digest.t index 699ccce..5f1f42e 100644 --- a/t/20-digest.t +++ b/t/20-digest.t @@ -1,4 +1,4 @@ -# $Id: 20-digest.t 1766 2020-02-03 14:17:59Z willem $ -*-perl-*- +# $Id: 20-digest.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -16,7 +16,7 @@ foreach my $package ( sort keys %prerequisite ) { plan skip_all => 'unable to access OpenSSL libcrypto library' unless eval { Net::DNS::SEC::libcrypto->can('EVP_MD_CTX_new') }; -plan tests => 12; +plan tests => 22; my $text = 'The quick brown fox jumps over the lazy dog'; @@ -41,8 +41,12 @@ use_ok('Net::DNS::SEC::Digest'); sub test { my ( $mnemonic, $class, @parameter ) = @_; my $object = $class->new(@parameter); + my ( $head, $tail ) = unpack 'a20 a*', $text; $object->add($text); is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "message digest $mnemonic" ); + $object->add($head); + $object->add($tail); + is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "concatenated digest $mnemonic" ); } @@ -59,7 +63,7 @@ test( 'SHA384', 'Net::DNS::SEC::Digest::SHA', 384 ); test( 'SHA512', 'Net::DNS::SEC::Digest::SHA', 512 ); SKIP: { - skip( 'SHA3 digest algorithm not supported', 4 ) + skip( 'SHA3 digest algorithm not supported', 8 ) unless eval { Net::DNS::SEC::libcrypto->can('EVP_sha3_256') }; test( 'SHA3_224', 'Net::DNS::SEC::Digest::SHA3', 224 ); test( 'SHA3_256', 'Net::DNS::SEC::Digest::SHA3', 256 ); diff --git a/t/21-RSA-MD5.t b/t/21-RSA-MD5.t index aa73b11..26ce8ac 100644 --- a/t/21-RSA-MD5.t +++ b/t/21-RSA-MD5.t @@ -1,4 +1,4 @@ -# $Id: 21-RSA-MD5.t 1758 2019-10-14 13:17:11Z willem $ -*-perl-*- +# $Id: 21-RSA-MD5.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -75,12 +75,12 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupt' ); exit; diff --git a/t/22-RSA-SHA1.t b/t/22-RSA-SHA1.t index 260c218..4a8b4a6 100644 --- a/t/22-RSA-SHA1.t +++ b/t/22-RSA-SHA1.t @@ -1,4 +1,4 @@ -# $Id: 22-RSA-SHA1.t 1758 2019-10-14 13:17:11Z willem $ -*-perl-*- +# $Id: 22-RSA-SHA1.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -79,12 +79,12 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupted' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); # The following tests are not replicated for other RSA/SHA flavours @@ -123,13 +123,13 @@ my $wrongprivate = new Net::DNS::SEC::Private($wrongfile); ok( $wrongprivate, 'set up non-RSA private key' ); -ok( !eval { Net::DNS::SEC::RSA->sign( $sigdata, $wrongprivate ) }, +is( eval { Net::DNS::SEC::RSA->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -ok( !eval { Net::DNS::SEC::RSA->verify( $sigdata, $wrongkey, $signature ) }, +is( eval { Net::DNS::SEC::RSA->verify( $sigdata, $wrongkey, $signature ) }, undef, 'signature not verifiable using wrong public key' ); -ok( !eval { Net::DNS::SEC::RSA->verify( $sigdata, $key, undef ) }, +is( eval { Net::DNS::SEC::RSA->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); diff --git a/t/23-RSA-SHA256.t b/t/23-RSA-SHA256.t index 3990fa9..8969085 100644 --- a/t/23-RSA-SHA256.t +++ b/t/23-RSA-SHA256.t @@ -1,4 +1,4 @@ -# $Id: 23-RSA-SHA256.t 1758 2019-10-14 13:17:11Z willem $ -*-perl-*- +# $Id: 23-RSA-SHA256.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -75,12 +75,12 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupt' ); exit; diff --git a/t/24-RSA-SHA512.t b/t/24-RSA-SHA512.t index 8b4e75b..72347d0 100644 --- a/t/24-RSA-SHA512.t +++ b/t/24-RSA-SHA512.t @@ -1,4 +1,4 @@ -# $Id: 24-RSA-SHA512.t 1758 2019-10-14 13:17:11Z willem $ -*-perl-*- +# $Id: 24-RSA-SHA512.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -78,12 +78,12 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupt' ); exit; diff --git a/t/31-DSA-SHA1.t b/t/31-DSA-SHA1.t index 22696f6..0bc7bc9 100644 --- a/t/31-DSA-SHA1.t +++ b/t/31-DSA-SHA1.t @@ -1,4 +1,4 @@ -# $Id: 31-DSA-SHA1.t 1677 2018-05-22 11:59:10Z willem $ -*-perl-*- +# $Id: 31-DSA-SHA1.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -108,21 +108,21 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::DSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::DSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupted' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -ok( !eval { Net::DNS::SEC::DSA->sign( $sigdata, $wrongprivate ) }, +is( eval { Net::DNS::SEC::DSA->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -ok( !eval { Net::DNS::SEC::DSA->verify( $sigdata, $wrongkey, $signature ) }, +is( eval { Net::DNS::SEC::DSA->verify( $sigdata, $wrongkey, $signature ) }, undef, 'signature not verifiable using wrong public key' ); -ok( !eval { Net::DNS::SEC::DSA->verify( $sigdata, $key, undef ) }, +is( eval { Net::DNS::SEC::DSA->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/51-ECDSA-P256.t b/t/51-ECDSA-P256.t index 45dc717..dbc2614 100644 --- a/t/51-ECDSA-P256.t +++ b/t/51-ECDSA-P256.t @@ -1,4 +1,4 @@ -# $Id: 51-ECDSA-P256.t 1677 2018-05-22 11:59:10Z willem $ -*-perl-*- +# $Id: 51-ECDSA-P256.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -102,21 +102,21 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::ECDSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::ECDSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupted' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -ok( !eval { Net::DNS::SEC::ECDSA->sign( $sigdata, $wrongprivate ) }, +is( eval { Net::DNS::SEC::ECDSA->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -ok( !eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $wrongkey, $signature ) }, +is( eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $wrongkey, $signature ) }, undef, 'signature not verifiable using wrong public key' ); -ok( !eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $key, undef ) }, +is( eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/52-ECDSA-P384.t b/t/52-ECDSA-P384.t index a1a9c6f..f52f186 100644 --- a/t/52-ECDSA-P384.t +++ b/t/52-ECDSA-P384.t @@ -1,4 +1,4 @@ -# $Id: 52-ECDSA-P384.t 1668 2018-04-23 13:36:44Z willem $ -*-perl-*- +# $Id: 52-ECDSA-P384.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -70,12 +70,12 @@ ok( $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::ECDSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::ECDSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupted' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); exit; diff --git a/t/61-Ed25519.t b/t/61-Ed25519.t index ec5ffd6..b9981f8 100644 --- a/t/61-Ed25519.t +++ b/t/61-Ed25519.t @@ -1,4 +1,4 @@ -# $Id: 61-Ed25519.t 1668 2018-04-23 13:36:44Z willem $ -*-perl-*- +# $Id: 61-Ed25519.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -95,21 +95,21 @@ ok( $signed eq $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::EdDSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::EdDSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupted' ); +is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -ok( !eval { Net::DNS::SEC::EdDSA->sign( $sigdata, $wrongprivate ) }, +is( eval { Net::DNS::SEC::EdDSA->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -ok( !eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $wrongkey, $signature ) }, +is( eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $wrongkey, $signature ) }, undef, 'signature not verifiable using wrong public key' ); -ok( !eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $key, undef ) }, +is( eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/62-Ed448.t b/t/62-Ed448.t index 249e774..0b60995 100644 --- a/t/62-Ed448.t +++ b/t/62-Ed448.t @@ -1,4 +1,4 @@ -# $Id: 62-Ed448.t 1668 2018-04-23 13:36:44Z willem $ -*-perl-*- +# $Id: 62-Ed448.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- # use strict; @@ -74,12 +74,12 @@ ok( $signed eq $signature, 'signature created using private key' ); my $verified = Net::DNS::SEC::EdDSA->verify( $sigdata, $key, $signature ); -ok( $verified, 'signature verified using public key' ); +is( $verified, 1, 'signature verified using public key' ); my $corrupt = 'corrupted data'; my $verifiable = Net::DNS::SEC::EdDSA->verify( $corrupt, $key, $signature ); -ok( !$verifiable, 'signature not verifiable if data corrupt' ); +is( $verifiable, 0, 'signature not verifiable if data corrupt' ); exit; |