diff options
author | gregor herrmann <gregoa@debian.org> | 2020-10-04 18:02:28 +0200 |
---|---|---|
committer | gregor herrmann <gregoa@debian.org> | 2020-10-04 18:02:28 +0200 |
commit | 791ae6bad4495bf05140ff67520d2f23b6002b1e (patch) | |
tree | d46851ad17ac482a73632bc1388ab3a8b87be3f1 | |
parent | 3d37880259a1826fe94ae8fc19c59f627a9eabfd (diff) |
New upstream version 1.18
-rw-r--r-- | Changes | 9 | ||||
-rw-r--r-- | META.json | 14 | ||||
-rw-r--r-- | META.yml | 10 | ||||
-rw-r--r-- | Makefile.PL | 40 | ||||
-rw-r--r-- | README | 12 | ||||
-rw-r--r-- | demo/getkeyset | 3 | ||||
-rw-r--r-- | demo/key2ds | 12 | ||||
-rw-r--r-- | demo/make-signed-keyset | 10 | ||||
-rw-r--r-- | lib/Net/DNS/SEC.pm | 27 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/DSA.pm | 28 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/Digest.pm | 30 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/ECCGOST.pm | 18 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/ECDSA.pm | 28 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/EdDSA.pm | 20 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/Keyset.pm | 66 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/Private.pm | 38 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/RSA.pm | 28 | ||||
-rw-r--r-- | lib/Net/DNS/SEC/libcrypto.pod | 10 | ||||
-rw-r--r-- | t/00-install.t | 12 | ||||
-rw-r--r-- | t/00-load.t | 50 | ||||
-rw-r--r-- | t/00-pod.t | 12 | ||||
-rw-r--r-- | t/10-keyset.t | 197 | ||||
-rw-r--r-- | t/20-digest.t | 15 | ||||
-rw-r--r-- | t/21-RSA-MD5.t | 29 | ||||
-rw-r--r-- | t/22-RSA-SHA1.t | 50 | ||||
-rw-r--r-- | t/23-RSA-SHA256.t | 29 | ||||
-rw-r--r-- | t/24-RSA-SHA512.t | 29 | ||||
-rw-r--r-- | t/31-DSA-SHA1.t | 48 | ||||
-rw-r--r-- | t/51-ECDSA-P256.t | 50 | ||||
-rw-r--r-- | t/52-ECDSA-P384.t | 31 | ||||
-rw-r--r-- | t/61-Ed25519.t | 49 | ||||
-rw-r--r-- | t/62-Ed448.t | 30 |
32 files changed, 508 insertions, 526 deletions
@@ -1,6 +1,13 @@ Revision history for Perl extension Net::DNS::SEC. +**** 1.18 Oct 2, 2020 + + Eliminate bareword filehandle usage. + Eliminate indirect object syntax. + Eliminate grep/map <expression>. + + **** 1.17 Jun 26, 2020 Recognise BIND private key accessed via symbolic link. @@ -643,4 +650,4 @@ Net::DNS. The history of those is documented below. --------------------------------------------------------------------------- -$Id: Changes 1792 2020-06-26 14:43:25Z willem $ +$Id: Changes 1810 2020-10-02 12:44:37Z willem $ @@ -28,7 +28,7 @@ }, "configure" : { "requires" : { - "ExtUtils::MakeMaker" : "0" + "ExtUtils::MakeMaker" : "6.66" } }, "runtime" : { @@ -37,17 +37,21 @@ "Carp" : "1.1", "DynaLoader" : "1.04", "Exporter" : "5.56", - "File::Find" : "1.05", "File::Spec" : "0.86", - "IO::File" : "1.08", "MIME::Base64" : "2.13", "Net::DNS" : "1.08", - "Test::More" : "0.47", "perl" : "5.006" } + }, + "test" : { + "requires" : { + "File::Find" : "1.05", + "File::Spec" : "0.86", + "Test::More" : "0.47" + } } }, "release_status" : "stable", - "version" : "1.17", + "version" : "1.18", "x_serialization_backend" : "JSON::PP version 4.04" } @@ -5,8 +5,11 @@ author: - 'Olaf Kolkman' build_requires: ExtUtils::MakeMaker: '0' + File::Find: '1.05' + File::Spec: '0.86' + Test::More: '0.47' configure_requires: - ExtUtils::MakeMaker: '0' + ExtUtils::MakeMaker: '6.66' dynamic_config: 1 generated_by: 'ExtUtils::MakeMaker version 7.34, CPAN::Meta::Converter version 2.150010' license: mit @@ -23,12 +26,9 @@ requires: Carp: '1.1' DynaLoader: '1.04' Exporter: '5.56' - File::Find: '1.05' File::Spec: '0.86' - IO::File: '1.08' MIME::Base64: '2.13' Net::DNS: '1.08' - Test::More: '0.47' perl: '5.006' -version: '1.17' +version: '1.18' x_serialization_backend: 'CPAN::Meta::YAML version 0.018' diff --git a/Makefile.PL b/Makefile.PL index 26720bf..2c94b57 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -1,12 +1,12 @@ # -# $Id: Makefile.PL 1787 2020-06-18 07:39:28Z willem $ -*-perl-*- +# $Id: Makefile.PL 1809 2020-10-02 12:42:17Z willem $ -*-perl-*- # use strict; use warnings; use Config; use ExtUtils::MakeMaker; -use constant MM => eval $ExtUtils::MakeMaker::VERSION; +my $MM = $ExtUtils::MakeMaker::VERSION; # See perldoc ExtUtils::MakeMaker for details of how to influence @@ -18,22 +18,26 @@ my %metadata = ( NAME => 'Net::DNS::SEC', VERSION_FROM => 'lib/Net/DNS/SEC.pm', ABSTRACT_FROM => 'lib/Net/DNS/SEC.pm', - AUTHOR => MM < 6.58 ? "$author[0] et al" : [@author], + AUTHOR => $MM < 6.58 ? "$author[0] et al" : [@author], LICENSE => 'mit', MIN_PERL_VERSION => 5.006, - ); + CONFIGURE_REQUIRES => { + 'ExtUtils::MakeMaker' => 6.66, + }, + TEST_REQUIRES => { + 'File::Find' => 1.05, + 'File::Spec' => 0.86, + 'Test::More' => 0.47, + } ); my %prerequisite = ( 'Carp' => 1.10, 'DynaLoader' => 1.04, 'Exporter' => 5.56, - 'File::Find' => 1.05, 'File::Spec' => 0.86, - 'IO::File' => 1.08, 'MIME::Base64' => 2.13, 'Net::DNS' => 1.08, - 'Test::More' => 0.47, ); @@ -63,7 +67,6 @@ if ( my $dir = $ENV{OPENSSL_PREFIX} ) { $inc = $ENV{OPENSSL_INCLUDE} if $ENV{OPENSSL_INCLUDE}; $lib = $ENV{OPENSSL_LIB} if $ENV{OPENSSL_LIB}; - WriteMakefile( %metadata, PREREQ_PM => {%prerequisite}, @@ -79,7 +82,7 @@ package MY; ## customise generated Makefile sub test { return shift->SUPER::test() if $^O =~ /cygwin|MSWin/i; - join '', shift->SUPER::test(), <<'END'; + return join '', shift->SUPER::test(), <<'END'; # suppress parallel test execution FULLPERLRUN = HARNESS_OPTIONS=c $(FULLPERL) END @@ -105,21 +108,20 @@ sub install { s|([/])[/]+|$1|g; # remove gratuitous //s } - eval 'require Net::DNS::SEC; $Net::DNS::SEC::VERSION =~ s/(\.\d)$/${1}0/'; - my @version = grep $_, ( 'version', $Net::DNS::SEC::VERSION ); + my @version = ( 'version', eval { require Net::DNS::SEC; $Net::DNS::SEC::VERSION; } ); my $nameregex = '\W+Net\W+DNS\W+SEC.pm$'; - my @installed = grep $_ && m/$nameregex/io, values %INC; + my @installed = grep { $_ && m/$nameregex/io } values %INC; my %occluded; foreach (@installed) { - my $path = $1 if m/^(.+)$nameregex/i; + my $path = m/^(.+)$nameregex/io ? $1 : ''; my %seen; foreach (@INC) { $seen{$_}++; # find $path in @INC last if $_ eq $path; } - foreach ( grep !$seen{$_}, @INC ) { + foreach ( grep { !$seen{$_} } @INC ) { $occluded{$_}++; # suppress install } } @@ -133,11 +135,11 @@ sub install { ## from the existing @version in your perl library at ## @installed ## -## The installation will be rendered ineffective because the -## old version will be found on the library search path before +## The installation would be rendered ineffective because the +## installed version occurs in the library search path before ## $install_site ## -## Makefile has been generated to support build and test only. +## The generated Makefile supports build and test only. ## AMEN my $echo = ' $(NOECHO) $(ECHO) "##"'; @@ -155,8 +157,8 @@ END sub postamble { - my $nul = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; - return <<"PlanB" unless `gcov -v 2>$nul`; + my $devnull = $^O eq 'MSWin32' ? 'nul' : '/dev/null'; + return <<"PlanB" unless `gcov -v 2>$devnull`; test_cover : cover -delete HARNESS_PERL_SWITCHES=-MDevel::Cover \$(MAKE) test @@ -30,8 +30,6 @@ interface for doing fun things with them. See also the 'pod' documentation in: Net::DNS::RR::DNSKEY Net::DNS::RR::DS - Net::DNS::RR::NSEC - Net::DNS::RR::NSEC3 Net::DNS::RR::RRSIG Net::DNS::SEC::Private and for the use of SIG0 see: @@ -107,12 +105,12 @@ Alternatively, install the package using CPAN: perl -MCPAN -e shell; cpan> install Net::DNS::SEC -To build the libcrypto.so library, run the following: +To build the libcrypto library, run the following: - tar xvzf openssl-1.1.*.tar.gz - cd openssl-1.1.* + tar xvzf openssl-3.*.tar.gz + cd openssl-3.* ./config shared - make # require only libcrypto.so.1.1 and include/openssl/*.h + make # require only libcrypto.so* and include/openssl/*.h 5. MAINTENANCE @@ -183,4 +181,4 @@ DEALINGS IN THE SOFTWARE. ------------------------------------------------------------------------------ -$Id: README 1677 2018-05-22 11:59:10Z willem $ +$Id: README 1807 2020-09-28 11:38:28Z willem $ diff --git a/demo/getkeyset b/demo/getkeyset index 6d41c27..0c40cd7 100644 --- a/demo/getkeyset +++ b/demo/getkeyset @@ -1,7 +1,8 @@ #!/usr/bin/perl -#$Id: getkeyset 1705 2018-08-23 10:24:02Z willem $ +#$Id: getkeyset 1807 2020-09-28 11:38:28Z willem $ use strict; +use warnings; use Net::DNS::SEC; use Net::DNS::SEC::Keyset; diff --git a/demo/key2ds b/demo/key2ds index 4a10fd5..b2b6ba7 100644 --- a/demo/key2ds +++ b/demo/key2ds @@ -1,5 +1,5 @@ #!/usr/bin/perl -#$Id: key2ds 1295 2015-01-08 13:14:03Z willem $ +#$Id: key2ds 1807 2020-09-28 11:38:28Z willem $ # A little util to convert DNSKEY records to DS records # from stdin to stdout @@ -8,17 +8,17 @@ use strict; +use warnings; use Net::DNS::SEC; use Net::DNS::ZoneFile; -my $handle = \*STDIN; -my $source = new Net::DNS::ZoneFile($handle); +my $source = Net::DNS::ZoneFile->new('-'); # STDIN while ( my $keyrr = $source->read ) { next unless $keyrr->isa('Net::DNS::RR::DNSKEY'); foreach my $digtype (qw(SHA256 SHA1)) { - my $ds = create Net::DNS::RR::DS( $keyrr, digtype => $digtype ); - $ds->print; + my $ds = Net::DNS::RR::DS->create( $keyrr, digtype => $digtype ); + $ds->print; # STDOUT } } @@ -44,5 +44,3 @@ it under the same terms as Perl itself. =cut - -0; diff --git a/demo/make-signed-keyset b/demo/make-signed-keyset index 0bc5389..402d963 100644 --- a/demo/make-signed-keyset +++ b/demo/make-signed-keyset @@ -1,10 +1,12 @@ #!/usr/bin/perl -#$Id: make-signed-keyset 1661 2018-04-04 09:51:45Z willem $ +#$Id: make-signed-keyset 1807 2020-09-28 11:38:28Z willem $ # # takes a bind public key file and creates a self-signed keyset # +use strict; +use warnings; use Getopt::Std; use Net::DNS::SEC; use Net::DNS::SEC::Keyset; @@ -64,7 +66,7 @@ sub version { } sub make_keyset { - my $source = new Net::DNS::ZoneFile(shift); + my $source = Net::DNS::ZoneFile->new(shift); my $file = $source->name; my $directory = dirname($file); print("Processing file: $file\n"); @@ -96,10 +98,12 @@ sub make_keyset { if ($printds) { print("Extracting DS RR\n") if $verbose; my @ds = $keyset->extract_ds(); - foreach $ds (@ds) { + foreach my $ds (@ds) { $ds->print(); } } + + return; } diff --git a/lib/Net/DNS/SEC.pm b/lib/Net/DNS/SEC.pm index 1119228..6e59ea0 100644 --- a/lib/Net/DNS/SEC.pm +++ b/lib/Net/DNS/SEC.pm @@ -1,13 +1,11 @@ package Net::DNS::SEC; -# -# $Id: SEC.pm 1792 2020-06-26 14:43:25Z willem $ -# +use strict; +use warnings; + our $VERSION; -$VERSION = '1.17'; -our $SVNVERSION = (qw$LastChangedRevision: 1792 $)[1]; -our $XS_VERSION = $VERSION; -$VERSION = eval $VERSION; +$VERSION = '1.18'; +our $SVNVERSION = (qw$Id: SEC.pm 1810 2020-10-02 12:44:37Z willem $)[2]; =head1 NAME @@ -35,16 +33,13 @@ Net::DNS::SEC in the use declaration. =cut -use strict; use base qw(Exporter DynaLoader); use Net::DNS 1.01 qw(:DEFAULT); our @EXPORT = ( @Net::DNS::EXPORT, qw(algorithm digtype key_difference) ); - use integer; -use warnings; use Carp; @@ -62,7 +57,7 @@ the corresponding mnemonic. =cut -sub algorithm { &Net::DNS::RR::DS::algorithm; } +sub algorithm { return &Net::DNS::RR::DS::algorithm; } =head2 digtype @@ -77,7 +72,7 @@ corresponding mnemonic. =cut -sub digtype { &Net::DNS::RR::DS::digtype; } +sub digtype { return &Net::DNS::RR::DS::digtype; } =head2 key_difference @@ -95,11 +90,11 @@ sub key_difference { eval { local $SIG{__DIE__}; - my ($x) = grep !$_->isa('Net::DNS::RR::DNSKEY'), @$a, @$b; + my ($x) = grep { !$_->isa('Net::DNS::RR::DNSKEY') } @$a, @$b; die sprintf 'unexpected %s object in key list', ref($x) if $x; my %index = map { ( $_->privatekeyname => 1 ) } @$b; - @$r = grep !$index{$_->privatekeyname}, @$a; + @$r = grep { !$index{$_->privatekeyname} } @$a; 1; } || do { croak($@) if wantarray; @@ -111,11 +106,11 @@ sub key_difference { ######################################## -eval { Net::DNS::SEC->bootstrap($XS_VERSION) } || warn; +eval { Net::DNS::SEC->bootstrap($VERSION) } || croak; foreach (qw(DS CDS RRSIG)) { - new Net::DNS::RR( type => $_ ); # pre-load to access class methods + Net::DNS::RR->new( type => $_ ); # pre-load to access class methods } diff --git a/lib/Net/DNS/SEC/DSA.pm b/lib/Net/DNS/SEC/DSA.pm index 9b91070..781f6ce 100644 --- a/lib/Net/DNS/SEC/DSA.pm +++ b/lib/Net/DNS/SEC/DSA.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::DSA; -# -# $Id: DSA.pm 1763 2020-02-02 21:48:03Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1763 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: DSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -41,9 +41,7 @@ public key resource record. =cut -use strict; use integer; -use warnings; use MIME::Base64; use constant DSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_DSA'); @@ -52,11 +50,11 @@ BEGIN { die 'DSA disabled or application has no "use Net::DNS::SEC"' unless DSA_ my %parameters = ( - 3 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, - 6 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, + 3 => Net::DNS::SEC::libcrypto::EVP_sha1(), + 6 => Net::DNS::SEC::libcrypto::EVP_sha1(), ); -sub _index { keys %parameters } +sub _index { return keys %parameters } sub sign { @@ -65,7 +63,7 @@ sub sign { my $index = $private->algorithm; my $evpmd = $parameters{$index} || die 'private key not DSA'; - my ( $p, $q, $g, $x, $y ) = map decode_base64( $private->$_ ), + my ( $p, $q, $g, $x, $y ) = map { decode_base64( $private->$_ ) } qw(prime subprime base private_value public_value); my $t = ( length($g) - 64 ) / 8; @@ -76,8 +74,8 @@ sub sign { my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); Net::DNS::SEC::libcrypto::EVP_PKEY_assign_DSA( $evpkey, $dsa ); - my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, &$evpmd ); - _ASN1decode( $asn1, $t ); + my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); + return _ASN1decode( $asn1, $t ); } @@ -101,7 +99,7 @@ sub verify { Net::DNS::SEC::libcrypto::EVP_PKEY_assign_DSA( $evpkey, $dsa ); my $asn1 = _ASN1encode($sigbin); - Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, &$evpmd ); + return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, $evpmd ); } @@ -117,7 +115,7 @@ sub _ASN1encode { $_ = pack 'C2 a*', 2, length, $_; $length += length; } - pack 'C2 a* a*', 0x30, $length, @part; + return pack 'C2 a* a*', 0x30, $length, @part; } sub _ASN1decode { @@ -125,7 +123,7 @@ sub _ASN1decode { my $n = unpack 'x3 C', $asn1; my $m = unpack "x5 x$n C", $asn1; my @part = unpack "x4 a$n x2 a$m", $asn1; - pack 'C a* a*', $t, map substr( pack( 'x20 a*', $_ ), -20 ), @part; + return pack 'C a* a*', $t, map { substr( pack( 'x20 a*', $_ ), -20 ) } @part; } diff --git a/lib/Net/DNS/SEC/Digest.pm b/lib/Net/DNS/SEC/Digest.pm index 82203ac..3f3225f 100644 --- a/lib/Net/DNS/SEC/Digest.pm +++ b/lib/Net/DNS/SEC/Digest.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::Digest; -# -# $Id: Digest.pm 1777 2020-05-07 08:24:01Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1777 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: Digest.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -15,7 +15,7 @@ Net::DNS::SEC::Digest - Message Digest Algorithms require Net::DNS::SEC::Digest; - $object = new Net::DNS::SEC::Digest::SHA(256); + $object = Net::DNS::SEC::Digest::SHA->new(256); $object->add($text); $object->add($more); $digest = $object->digest; @@ -29,9 +29,6 @@ implementations within the OpenSSL libcrypto library. =cut -use strict; -use integer; -use warnings; use constant libcrypto_available => Net::DNS::SEC::libcrypto->can('EVP_MD_CTX_new'); @@ -55,30 +52,31 @@ my %digest = ( sub new { - my $class = shift; - my ($index) = reverse split '::', join '_', $class, @_; + my ( $class, @param ) = @_; + my ($index) = reverse split '::', join '_', $class, @param; my $evpmd = $digest{$index}; my $mdobj = Net::DNS::SEC::libcrypto::EVP_MD_CTX_new(); Net::DNS::SEC::libcrypto::EVP_DigestInit( $mdobj, &$evpmd ); - bless( \$mdobj, $class ); + return bless( \$mdobj, $class ); } sub add { my $object = shift; - Net::DNS::SEC::libcrypto::EVP_DigestUpdate( $$object, shift ); + return Net::DNS::SEC::libcrypto::EVP_DigestUpdate( $$object, shift ); } sub digest { my $object = shift; - Net::DNS::SEC::libcrypto::EVP_DigestFinal($$object); + return Net::DNS::SEC::libcrypto::EVP_DigestFinal($$object); } DESTROY { my $object = shift; - Net::DNS::SEC::libcrypto::EVP_MD_CTX_free($$object); + return Net::DNS::SEC::libcrypto::EVP_MD_CTX_free($$object); } +## no critic ProhibitMultiplePackages package Net::DNS::SEC::Digest::MD5; our @ISA = qw(Net::DNS::SEC::Digest); @@ -100,10 +98,10 @@ __END__ =head2 new require Net::DNS::SEC::Digest; - $object = new Net::DNS::SEC::Digest::SHA(256); + $object = Net::DNS::SEC::Digest::SHA->new(256); Creates and initialises a new digest object instance for the specified -algorithm. +algorithm class. =head2 add diff --git a/lib/Net/DNS/SEC/ECCGOST.pm b/lib/Net/DNS/SEC/ECCGOST.pm index 07db5ef..04a71b4 100644 --- a/lib/Net/DNS/SEC/ECCGOST.pm +++ b/lib/Net/DNS/SEC/ECCGOST.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::ECCGOST; -# -# $Id: ECCGOST.pm 1758 2019-10-14 13:17:11Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1758 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: ECCGOST.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -37,18 +37,14 @@ public key resource record. =cut -use strict; -use integer; -use warnings; - -use constant Digest_GOST => defined( eval 'require Digest::GOST::CryptoPro' ); +use constant Digest_GOST => defined( eval { require Digest::GOST } ); use constant ECCGOST_configured => Digest_GOST && Net::DNS::SEC::libcrypto->can('ECCGOST_verify'); BEGIN { die 'ECCGOST disabled or application has no "use Net::DNS::SEC"' unless ECCGOST_configured } my %parameters = ( 12 => [840, 'Digest::GOST::CryptoPro'] ); -sub _index { keys %parameters } +sub _index { return keys %parameters } sub sign { @@ -73,7 +69,7 @@ sub verify { Net::DNS::SEC::libcrypto::EC_KEY_set_public_key_affine_coordinates( $eckey, $x, $y ); my ( $s, $r ) = unpack 'a32 a32', $sigbin; # RFC5933, RFC4490 - Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); + return Net::DNS::SEC::libcrypto::ECCGOST_verify( $H, $r, $s, $eckey ); } diff --git a/lib/Net/DNS/SEC/ECDSA.pm b/lib/Net/DNS/SEC/ECDSA.pm index 11f51d5..93d1506 100644 --- a/lib/Net/DNS/SEC/ECDSA.pm +++ b/lib/Net/DNS/SEC/ECDSA.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::ECDSA; -# -# $Id: ECDSA.pm 1758 2019-10-14 13:17:11Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1758 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: ECDSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -41,9 +41,7 @@ public key resource record. =cut -use strict; use integer; -use warnings; use MIME::Base64; use constant ECDSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_EC_KEY'); @@ -52,11 +50,11 @@ BEGIN { die 'ECDSA disabled or application has no "use Net::DNS::SEC"' unless EC my %parameters = ( - 13 => [415, 32, sub { Net::DNS::SEC::libcrypto::EVP_sha256() }], - 14 => [715, 48, sub { Net::DNS::SEC::libcrypto::EVP_sha384() }], + 13 => [415, 32, Net::DNS::SEC::libcrypto::EVP_sha256()], + 14 => [715, 48, Net::DNS::SEC::libcrypto::EVP_sha384()], ); -sub _index { keys %parameters } +sub _index { return keys %parameters } sub sign { @@ -74,8 +72,8 @@ sub sign { my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); Net::DNS::SEC::libcrypto::EVP_PKEY_assign_EC_KEY( $evpkey, $eckey ); - my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, &$evpmd ); - _ASN1decode( $asn1, $keylen ); + my $asn1 = Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); + return _ASN1decode( $asn1, $keylen ); } @@ -84,7 +82,7 @@ sub verify { my $algorithm = $keyrr->algorithm; my ( $nid, $keylen, $evpmd ) = @{$parameters{$algorithm} || []}; - die 'private key not ECDSA' unless $nid; + die 'public key not ECDSA' unless $nid; return unless $sigbin; @@ -96,7 +94,7 @@ sub verify { Net::DNS::SEC::libcrypto::EVP_PKEY_assign_EC_KEY( $evpkey, $eckey ); my $asn1 = _ASN1encode( $sigbin, $keylen ); - Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, &$evpmd ); + return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $asn1, $evpkey, $evpmd ); } @@ -113,7 +111,7 @@ sub _ASN1encode { $_ = pack 'C2 a*', 2, length, $_; $length += length; } - pack 'C2 a* a*', 0x30, $length, @part; + return pack 'C2 a* a*', 0x30, $length, @part; } sub _ASN1decode { @@ -121,7 +119,7 @@ sub _ASN1decode { my $n = unpack 'x3 C', $asn1; my $m = unpack "x5 x$n C", $asn1; my @part = unpack "x4 a$n x2 a$m", $asn1; - pack 'a* a*', map substr( pack( "x$size a*", $_ ), -$size ), @part; + return pack 'a* a*', map { substr( pack( "x$size a*", $_ ), -$size ) } @part; } diff --git a/lib/Net/DNS/SEC/EdDSA.pm b/lib/Net/DNS/SEC/EdDSA.pm index c5b9188..667f3a9 100644 --- a/lib/Net/DNS/SEC/EdDSA.pm +++ b/lib/Net/DNS/SEC/EdDSA.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::EdDSA; -# -# $Id: EdDSA.pm 1758 2019-10-14 13:17:11Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1758 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: EdDSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -41,9 +41,7 @@ public key resource record. =cut -use strict; use integer; -use warnings; use MIME::Base64; use constant EdDSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_new_raw_public_key'); @@ -56,7 +54,7 @@ my %parameters = ( 16 => [1088, 57, 114], ); -sub _index { keys %parameters } +sub _index { return keys %parameters } sub sign { @@ -64,12 +62,12 @@ sub sign { my $algorithm = $private->algorithm; my ( $nid, $keylen ) = @{$parameters{$algorithm} || []}; - die 'private key not EdDSA' unless $keylen; + die 'private key not EdDSA' unless $nid; my $rawkey = pack "a$keylen", decode_base64( $private->PrivateKey ); my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_raw_private_key( $nid, $rawkey ); - Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey ); + return Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey ); } @@ -78,7 +76,7 @@ sub verify { my $algorithm = $keyrr->algorithm; my ( $nid, $keylen, $siglen ) = @{$parameters{$algorithm} || []}; - die 'public key not EdDSA' unless $keylen; + die 'public key not EdDSA' unless $nid; return unless $signature; @@ -86,7 +84,7 @@ sub verify { my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new_raw_public_key( $nid, $rawkey ); my $sigbin = pack "a$siglen", $signature; - Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey ); + return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey ); } diff --git a/lib/Net/DNS/SEC/Keyset.pm b/lib/Net/DNS/SEC/Keyset.pm index e646a5f..058e0a1 100644 --- a/lib/Net/DNS/SEC/Keyset.pm +++ b/lib/Net/DNS/SEC/Keyset.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::Keyset; -# -# $Id: Keyset.pm 1777 2020-05-07 08:24:01Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1777 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: Keyset.pm 1809 2020-10-02 12:42:17Z willem $)[2]; =head1 NAME @@ -30,11 +30,9 @@ Attributes and methods are subject to change. =cut -use strict; -use integer; -use warnings; use Carp; use File::Spec; +use IO::File; use Net::DNS::ZoneFile; @@ -75,7 +73,7 @@ sub _new_from_file { my $file = File::Spec->catfile( @path, $name ); - my @rr = new Net::DNS::ZoneFile($file)->read; + my @rr = Net::DNS::ZoneFile->new($file)->read; return $class->_new_from_keys_sigs( \@rr, \@rr ); } @@ -84,6 +82,7 @@ sub _new_from_file { =head2 new (by signing keys) $keyset = Net::DNS::SEC::Keyset->new( [@keyrr], $privatekeypath ); + die Net::DNS::SEC::Keyset->keyset_err unless $keyset; Creates a keyset object from the keys provided through the reference to an array of Net::DNS::RR::DNSKEY objects. @@ -100,11 +99,11 @@ sub _new_from_keys { my ( $class, $keylist, @keypath ) = @_; my @sigrr; - foreach my $key ( grep $_->type eq 'DNSKEY', @$keylist ) { + foreach my $key ( grep { $_->type eq 'DNSKEY' } @$keylist ) { my $keyname = $key->privatekeyname; my $keyfile = File::Spec->catfile( @keypath, $keyname ); my @rrsig = Net::DNS::RR::RRSIG->create( $keylist, $keyfile ); - push @sigrr, grep defined, @rrsig; + push @sigrr, grep {defined} @rrsig; } return $class->_new_from_keys_sigs( $keylist, \@sigrr ); @@ -114,6 +113,7 @@ sub _new_from_keys { =head2 new (from key and sig RRsets) $keyset = Net::DNS::Keyset->new( [@keyrr], [@sigrr] ); + die Net::DNS::SEC::Keyset->keyset_err unless $keyset; Creates a keyset object from the keys provided through the references to arrays of Net::DNS::RR::DNSKEY and Net::DNS::RR::RRSIG objects. @@ -125,8 +125,8 @@ Sets keyset_err and returns undef on failure. sub _new_from_keys_sigs { my ( $class, $key_ref, $sig_ref ) = @_; - my @keyrr = grep $_->type eq 'DNSKEY', @$key_ref; - my @sigrr = grep $_->type eq 'RRSIG', @$sig_ref; + my @keyrr = grep { $_->type eq 'DNSKEY' } @$key_ref; + my @sigrr = grep { $_->type eq 'RRSIG' } @$sig_ref; my $keyset = bless {keys => \@keyrr, sigs => \@sigrr}, $class; @@ -136,15 +136,16 @@ sub _new_from_keys_sigs { =head2 new (from Packet) - $res = Net::DNS::Resolver->new; - $res->dnssec(1); + $resolver = Net::DNS::Resolver->new; + $resolver->dnssec(1); - $packet = $res->query ( "example.com", "DNSKEY", "IN" ); + $reply = $res->send ( "example.com", "DNSKEY" ); - $keyset = Net::DNS::SEC::Keyset->new( $packet ) + $keyset = Net::DNS::SEC::Keyset->new( $reply ); + die Net::DNS::SEC::Keyset->keyset_err unless $keyset; Creates a keyset object from a Net::DNS::Packet that contains the answer -to a query for the apex key records. +to a query for key records at the zone apex. This is the method you should use for automatically fetching keys. @@ -170,6 +171,7 @@ Returns an array of Net::DNS::RR::DNSKEY objects. sub keys { my $self = shift; my @keys = @{$self->{keys}}; + return @keys; } @@ -184,13 +186,14 @@ Returns an array of Net::DNS::RR::RRSIG objects. sub sigs { my $self = shift; my @sigs = @{$self->{sigs}}; + return @sigs; } =head2 extract_ds @ds = $keyset->extract_ds; - die $keyset->keyset_err unless @ds; + die Net::DNS::SEC::Keyset->keyset_err unless @ds; Extracts DS records from the keyset. Note that the keyset will be verified during extraction. All keys will need to have a valid self-signature. @@ -202,7 +205,7 @@ The method sets keyset_err if verification fails. sub extract_ds { my $self = shift; my @ds; - @ds = map Net::DNS::RR::DS->create($_), $self->keys if $self->verify; + @ds = map { Net::DNS::RR::DS->create($_) } $self->keys if $self->verify; return @ds; } @@ -210,7 +213,7 @@ sub extract_ds { =head2 verify @keytags = $keyset->verify(); - die $keyset->keyset_err unless @keytags; + die Net::DNS::SEC::Keyset->keyset_err unless @keytags; $keyset->verify( $keytag ) || die $keyset->keyset_err; @@ -259,12 +262,12 @@ sub verify { push @keyset_err, "Multiple names in keyset: @names" if scalar(@names) > 1; if ($keyid) { - @sigs = grep $_->keytag == $keyid, @sigs; + @sigs = grep { $_->keytag == $keyid } @sigs; push @keyset_err, "No signature made with $keyid found" unless @sigs; - } elsif ( my @sepkeys = grep $_->sep, @keys ) { + } elsif ( my @sepkeys = grep { $_->sep } @keys ) { my %sepkey = map { ( $_->keytag => $_ ) } @sepkeys; push @keyset_err, 'No signature found for key with SEP flag' - unless grep $sepkey{$_->keytag}, @sigs; + unless grep { $sepkey{$_->keytag} } @sigs; } foreach my $sig (@sigs) { @@ -278,7 +281,7 @@ sub verify { $keyset_err = join "\n", @keyset_err; my @tags_verified; - @tags_verified = map $_->keytag, @sigs unless $keyset_err; + @tags_verified = map { $_->keytag } @sigs unless $keyset_err; return @tags_verified; } @@ -287,8 +290,6 @@ sub verify { $keyset_err = Net::DNS::SEC::Keyset->keyset_err; - $keyset_err = $keyset->keyset_err; - Returns the keyset error string. =cut @@ -308,7 +309,7 @@ Returns a string representation of the keyset. sub string { my $self = shift; - return join "\n", map $_->string, ( $self->keys, $self->sigs ); + return join "\n", map { $_->string } ( $self->keys, $self->sigs ); } @@ -323,6 +324,7 @@ Prints the keyset. sub print { my $self = shift; foreach ( $self->keys, $self->sigs ) { $_->print } + return; } @@ -342,8 +344,8 @@ prepended to the domain name to form the keyset filename. =cut sub writekeyset { - my $self = shift; - my ( $arg1, @path ) = @_; + my ( $self, $arg1, @path ) = @_; + shift; @path = shift() if $arg1 && File::Spec->file_name_is_absolute($arg1); my $prefix = shift || 'keyset-'; @@ -352,9 +354,9 @@ sub writekeyset { my $keysetname = "$prefix$domainname."; my $filename = File::Spec->catfile( @path, $keysetname ); $filename =~ s/[.]+/\./; ## avoid antisocial consequences of $path with .. - open( KEYSET, ">$filename" ) or croak qq(open: "$filename" $!); - select( ( select(KEYSET), $self->print )[0] ); - close(KEYSET); + my $handle = IO::File->new( $filename, '>' ) or die qq("$filename": $!); + select( ( select($handle), $self->print )[0] ); + close($handle); return $filename; } diff --git a/lib/Net/DNS/SEC/Private.pm b/lib/Net/DNS/SEC/Private.pm index 9d46af7..0fe9997 100644 --- a/lib/Net/DNS/SEC/Private.pm +++ b/lib/Net/DNS/SEC/Private.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::Private; -# -# $Id: Private.pm 1786 2020-06-15 15:05:47Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1786 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: Private.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -15,9 +15,9 @@ Net::DNS::SEC::Private - DNSSEC Private key object use Net::DNS::SEC::Private; - $private = new Net::DNS::SEC::Private( $keypath ); + $private = Net::DNS::SEC::Private->new( $keypath ); - $private = new Net::DNS::SEC::Private( + $private = Net::DNS::SEC::Private->new( 'algorithm' => '13', 'keytag' => '26512', 'privatekey' => 'h/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=', @@ -35,21 +35,19 @@ with any other system. =cut -use strict; use integer; -use warnings; use File::Spec; use IO::File; use constant SYMLINK => defined(&CORE::readlink); # Except Win32, VMS, RISC OS -sub new { scalar(@_) > 2 ? &_new_params : &_new_keyfile } +sub new { return scalar(@_) > 2 ? &_new_params : &_new_keyfile } sub _new_keyfile { my ( $class, $file ) = @_; - my ($keypath) = SYMLINK ? grep( $_, readlink($file), $file ) : $file; + my ($keypath) = SYMLINK ? grep( {$_} readlink($file), $file ) : $file; my ( $vol, $dir, $name ) = File::Spec->splitpath($keypath); # Format something like: 'Kbla.foo.+001+12345.private' as created by BIND dnssec-keygen. @@ -57,7 +55,7 @@ sub _new_keyfile { unless $name =~ /^K([^+]+)\+(\d+)\+(\d+)\.private$/; my @identifier = ( signame => $1, algorithm => 0 + $2, keytag => 0 + $3 ); - my $handle = new IO::File( $file, '<' ) or die qq(open: "$file" $!); + my $handle = IO::File->new( $file, '<' ) or die qq("$file": $!); my @content; local $_; @@ -75,15 +73,15 @@ sub _new_keyfile { sub _new_params { - my $class = shift; - my $param = {}; - while (@_) { - my $name = shift @_; + my ( $class, %parameter ) = @_; + my $hashref = {}; + + while ( my ( $name, $value ) = each %parameter ) { $name =~ tr/A-Za-z0-9\000-\377/a-za-z0-9/d; - $param->{$name} = shift @_; + $hashref->{$name} = $value; } - my $self = bless sub { $param->{shift()} }, $class; + my $self = bless sub { $hashref->{shift()} }, $class; die 'no algorithm specified' unless $self->algorithm; die 'no signame specified' unless $self->signame; return $self; @@ -94,12 +92,12 @@ our $AUTOLOAD; sub AUTOLOAD { ## Default method my ($self) = @_; - no strict q/refs/; my ($attribute) = $AUTOLOAD =~ m/::([^:]*)$/; $attribute =~ tr/A-Za-z0-9\000-\377/a-za-z0-9/d; # Build a method in the class + no strict 'refs'; ## no critic ProhibitNoStrict *{$AUTOLOAD} = sub { &{shift()}($attribute) }; # and jump to it @@ -116,7 +114,7 @@ __END__ =head2 new (from private keyfile) $keypath = '/home/foo/Kexample.com.+013+26512.private'; - $private = new Net::DNS::SEC::Private( $keypath ); + $private = Net::DNS::SEC::Private->new( $keypath ); The argument is the full path to a private key file generated by the BIND dnssec-keygen tool. Note that the filename contains information @@ -125,7 +123,7 @@ about the algorithm and keytag. =head2 new (from private key parameters) - $private = new Net::DNS::SEC::Private( + $private = Net::DNS::SEC::Private->new( 'algorithm' => '13', 'keytag' => '26512', 'privatekey' => 'h/mc+iq9VDUbNAjQgi8S8JzlEX29IALchwJmNM3QYKk=', diff --git a/lib/Net/DNS/SEC/RSA.pm b/lib/Net/DNS/SEC/RSA.pm index 3f99d37..0d52548 100644 --- a/lib/Net/DNS/SEC/RSA.pm +++ b/lib/Net/DNS/SEC/RSA.pm @@ -1,9 +1,9 @@ package Net::DNS::SEC::RSA; -# -# $Id: RSA.pm 1763 2020-02-02 21:48:03Z willem $ -# -our $VERSION = (qw$LastChangedRevision: 1763 $)[1]; +use strict; +use warnings; + +our $VERSION = (qw$Id: RSA.pm 1807 2020-09-28 11:38:28Z willem $)[2]; =head1 NAME @@ -41,9 +41,7 @@ public key resource record. =cut -use strict; use integer; -use warnings; use MIME::Base64; use constant RSA_configured => Net::DNS::SEC::libcrypto->can('EVP_PKEY_assign_RSA'); @@ -52,14 +50,14 @@ BEGIN { die 'RSA disabled or application has no "use Net::DNS::SEC"' unless RSA_ my %parameters = ( - 1 => sub { Net::DNS::SEC::libcrypto::EVP_md5() }, - 5 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, - 7 => sub { Net::DNS::SEC::libcrypto::EVP_sha1() }, - 8 => sub { Net::DNS::SEC::libcrypto::EVP_sha256() }, - 10 => sub { Net::DNS::SEC::libcrypto::EVP_sha512() }, + 1 => Net::DNS::SEC::libcrypto::EVP_md5(), + 5 => Net::DNS::SEC::libcrypto::EVP_sha1(), + 7 => Net::DNS::SEC::libcrypto::EVP_sha1(), + 8 => Net::DNS::SEC::libcrypto::EVP_sha256(), + 10 => Net::DNS::SEC::libcrypto::EVP_sha512(), ); -sub _index { keys %parameters } +sub _index { return keys %parameters } sub sign { @@ -68,7 +66,7 @@ sub sign { my $index = $private->algorithm; my $evpmd = $parameters{$index} || die 'private key not RSA'; - my ( $n, $e, $d, $p, $q ) = map decode_base64( $private->$_ ), + my ( $n, $e, $d, $p, $q ) = map { decode_base64( $private->$_ ) } qw(Modulus PublicExponent PrivateExponent Prime1 Prime2); my $rsa = Net::DNS::SEC::libcrypto::RSA_new(); @@ -78,7 +76,7 @@ sub sign { my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); Net::DNS::SEC::libcrypto::EVP_PKEY_assign_RSA( $evpkey, $rsa ); - Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, &$evpmd ); + return Net::DNS::SEC::libcrypto::EVP_sign( $sigdata, $evpkey, $evpmd ); } @@ -101,7 +99,7 @@ sub verify { my $evpkey = Net::DNS::SEC::libcrypto::EVP_PKEY_new(); Net::DNS::SEC::libcrypto::EVP_PKEY_assign_RSA( $evpkey, $rsa ); - Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey, &$evpmd ); + return Net::DNS::SEC::libcrypto::EVP_verify( $sigdata, $sigbin, $evpkey, $evpmd ); } diff --git a/lib/Net/DNS/SEC/libcrypto.pod b/lib/Net/DNS/SEC/libcrypto.pod index 3543414..1d2710a 100644 --- a/lib/Net/DNS/SEC/libcrypto.pod +++ b/lib/Net/DNS/SEC/libcrypto.pod @@ -1,7 +1,5 @@ -package Net::DNS::SEC::libcrypto; - # -# $Id: libcrypto.pod 1616 2018-01-22 08:54:52Z willem $ +# $Id: libcrypto.pod 1807 2020-09-28 11:38:28Z willem $ # =head1 NAME @@ -14,12 +12,6 @@ Net::DNS::SEC::libcrypto - Perl interface to OpenSSL libcrypto Perl XS extension providing access to the OpenSSL libcrypto library upon which the Net::DNS::SEC cryptographic components are built. -=cut - - -1; -__END__ - =head1 ACKNOWLEDGMENT diff --git a/t/00-install.t b/t/00-install.t index bf7df55..fd92e14 100644 --- a/t/00-install.t +++ b/t/00-install.t @@ -1,19 +1,23 @@ -# $Id: 00-install.t 1786 2020-06-15 15:05:47Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 00-install.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- +# use strict; +use warnings; use Test::More; use File::Spec; use File::Find; +use IO::File; use ExtUtils::MakeMaker; my %manifest; -open( MANIFEST, 'MANIFEST' ) or BAIL_OUT("MANIFEST: $!"); -while (<MANIFEST>) { +my $handle = IO::File->new( 'MANIFEST', '<' ) or BAIL_OUT("MANIFEST: $!"); +while (<$handle>) { my ($filename) = split; $manifest{$filename}++; } -close MANIFEST; +close $handle; plan skip_all => 'No versions from git checkouts' if -e '.git'; diff --git a/t/00-load.t b/t/00-load.t index 79dae4e..26291de 100644 --- a/t/00-load.t +++ b/t/00-load.t @@ -1,33 +1,35 @@ -# $Id: 00-load.t 1763 2020-02-02 21:48:03Z willem $ +#!/usr/bin/perl +# $Id: 00-load.t 1809 2020-10-02 12:42:17Z willem $ -*-perl-*- # use strict; +use warnings; use Test::More tests => 4; my @module = qw( - Net::DNS::SEC - Net::DNS::SEC::DSA - Net::DNS::SEC::ECDSA - Net::DNS::SEC::ECCGOST - Net::DNS::SEC::EdDSA - Net::DNS::SEC::RSA - Net::DNS::SEC::Digest - Net::DNS::SEC::Keyset - Net::DNS::SEC::Private - Net::DNS::SEC::libcrypto - File::Find - File::Spec - IO::File - MIME::Base64 - Net::DNS - Test::More - ); + Net::DNS::SEC + Net::DNS::SEC::DSA + Net::DNS::SEC::ECDSA + Net::DNS::SEC::ECCGOST + Net::DNS::SEC::EdDSA + Net::DNS::SEC::RSA + Net::DNS::SEC::Digest + Net::DNS::SEC::Keyset + Net::DNS::SEC::Private + Net::DNS::SEC::libcrypto + File::Find + File::Spec + IO::File + MIME::Base64 + Net::DNS + Test::More + ); my @diag = "\nThese tests were run using:"; foreach my $module ( sort @module ) { - eval "use $module"; - for ( grep $_, eval { $module->VERSION } ) { + eval "require $module"; ## no critic + for ( eval { $module->VERSION || () } ) { s/^(\d+\.\d)$/${1}0/; push @diag, sprintf "%-25s %s", $module, $_; } @@ -42,16 +44,16 @@ use_ok('Net::DNS::SEC'); my @index; -foreach my $class ( map "Net::DNS::SEC::$_", qw(RSA DSA ECCGOST ECDSA EdDSA) ) { - my @algorithms = eval join '', qw(r e q u i r e), " $class; $class->_index"; - push @index, map( ( $_ => $class ), @algorithms ); +foreach my $class ( map {"Net::DNS::SEC::$_"} qw(RSA DSA ECCGOST ECDSA EdDSA) ) { + my @algorithms = eval join '', qw(r e q u i r e), " $class; $class->_index"; ## no critic + push @index, map { $_ => $class } @algorithms; } ok( scalar(@index), 'create consolidated algorithm index' ); eval { # Exercise checkerr() response to failed OpenSSL operation - Net::DNS::SEC::libcrypto::checkerr(0) + Net::DNS::SEC::libcrypto::checkerr(0); }; my ($exception) = split /\n/, "$@\n"; ok( $exception, "XS libcrypto error\t[$exception]" ); @@ -1,16 +1,16 @@ -# $Id: 00-pod.t 1613 2018-01-15 13:47:13Z willem $ +#!/usr/bin/perl +# $Id: 00-pod.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; use Test::More; -my %prerequisite = ( - 'Test::Pod' => 1.45 - ); +my %prerequisite = ( 'Test::Pod' => 1.45 ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } diff --git a/t/10-keyset.t b/t/10-keyset.t index c343b06..9e02ad7 100644 --- a/t/10-keyset.t +++ b/t/10-keyset.t @@ -1,7 +1,10 @@ -# $Id: 10-keyset.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 10-keyset.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -11,8 +14,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -42,7 +45,7 @@ END { # # RSA keypair 1 # -my $keyrr1 = new Net::DNS::RR <<'END'; +my $keyrr1 = Net::DNS::RR->new( <<'END' ); test.tld. IN DNSKEY ( 256 3 5 AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm @@ -52,8 +55,8 @@ END ok( $keyrr1, join ' ', algorithm( $keyrr1->algorithm ), 'public key created' ); my $keyfile1 = $filename{key1} = $keyrr1->privatekeyname; -open( KEY1, ">$keyfile1" ) or die "Could not open $keyfile1"; -print KEY1 << 'END'; +my $handle1 = IO::File->new( $keyfile1, '>' ) or die qq(open: "$keyfile1" $!); +print $handle1 <<'END'; Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: tYGOVBZbUOH9GR51zxUGX3EEDaVyua9EZNOayy5mNF3gNZbvHpO1tVR7AY5IHvVlO3n3ad1OGpsVC0TEI+xdAcjit9fGoGqdrCFmDdd41dUS8ReRj8i6vradooRMiPMdD/HPUc4FZ9YseF3KKvryplqg09YxxOKAWPw8yPIMric= @@ -65,13 +68,13 @@ Exponent1: k2zxcfl5q+utLrGcNch5quxx5crg74Byery41lJFWFO+gcjni29XTahHiQRZ2akAtc7y6 Exponent2: jBR0mpwTlf5V9U+wAHyNmeMstsjyNUYl6lxhSM9VQgqNtYFagmSMqI1UAFPII6eB3nljL5BOjvQtqtAXrFjjGw== Coefficient: YJYWzNpbdj/11mE4kUwaiH9GQbY+uA28tv4aVAwAEcKPaU1QQ2k8Jlm+VXxh9v02QCFJYln3416972oeCx9eyw== END -close(KEY1); +close($handle1); # # RSA keypair 2 # -my $keyrr2 = new Net::DNS::RR <<'END'; +my $keyrr2 = Net::DNS::RR->new( <<'END' ); test.tld. IN DNSKEY ( 256 3 8 AwEAAcXr1phQtnOdThOrgcwRplS/btblbtLGeHQoba55Gr8Scbx7AAw+LjwtFmbPlDhklC8+4BAf QB+6Jv7hOFT45J/RqDV3W5p0qDYcLYJObNbiFxQ64ogMYHx62w4oUeTS5CvpHNzSoiyhhFlf71RL @@ -83,8 +86,8 @@ END ok( $keyrr2, join ' ', algorithm( $keyrr2->algorithm ), 'public key created' ); my $keyfile2 = $filename{key2} = $keyrr2->privatekeyname; -open( KEY2, ">$keyfile2" ) or die "Could not open $keyfile2"; -print KEY2 << 'END'; +my $handle2 = IO::File->new( $keyfile2, '>' ) or die qq(open: "$keyfile2" $!); +print $handle2 <<'END'; Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: xevWmFC2c51OE6uBzBGmVL9u1uVu0sZ4dChtrnkavxJxvHsADD4uPC0WZs+UOGSULz7gEB9AH7om/uE4VPjkn9GoNXdbmnSoNhwtgk5s1uIXFDriiAxgfHrbDihR5NLkK+kc3NKiLKGEWV/vVEsRV4Erv3yH6F094Ra8d3NvDAzFkYhc/9403m7m2Q0TG66qrd7oF6C4Iuy4uAzMd1+mXtbbTPcETENzbwOA9FYcm0lwH6JR3mhB2vD4b2pKriRvu+Tc5lQauCRmySJxPUDmtCw6BzhKtPh3blB3p+2GaLaFnzpj/YM/819HWbBZo3y3Lt1qp1w2kVCYrBD6qkhXlw== @@ -96,18 +99,18 @@ Exponent1: nMBIbKCTR0VtyyG8K3w43hyo7e7cgSA9SgragP9FgWf2XD0JtTpHlcIL82GbwQsJplA87 Exponent2: FyUHR/4VFcpcs1d6pnqOHVaT1fR/u4u93Rwd6IZT75nE/xwMWMfdA9vl6FFKVM5AVJhzZ8qjh7jsljYSsQnRfC31TI3rASsw1Pcqw+vJcgdIrnbATCjHCmUtOUlkvRl3NhXAf81atu0ozzsRs2yiERXOqCaeMN+nQNuyjTnpM8U= Coefficient: iUz9xrXzP2UaBruIps61HAbh6MV+OYDmliSnudXW5Ii1s3ANXMJodzgwqD+VesjC9dDE2nXMTCXKhpk46Qy8i3OYJ4T7vxoyHEYfID1PM0+whAwebRoKHBqQDEYgwTcqDX+qD4MMc1TaG/do/cgNc/1EyE03DP1plH6HhItECIo= END -close(KEY2); +close($handle2); # Create keysets my $datarrset = [$keyrr1, $keyrr2]; -my $sigrr1 = create Net::DNS::RR::RRSIG( $datarrset, $keyfile1, ttl => 3600 ); +my $sigrr1 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); ok( $sigrr1, join ' ', algorithm( $sigrr1->algorithm ), 'signature created' ); -my $sigrr2 = create Net::DNS::RR::RRSIG( $datarrset, $keyfile2, ttl => 3600 ); +my $sigrr2 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile2, ttl => 3600 ); ok( $sigrr2, join ' ', algorithm( $sigrr2->algorithm ), 'signature created' ); @@ -133,8 +136,8 @@ my @ds = $keyset->extract_ds; my $string0 = $ds[0]->string; my $string1 = $ds[1]->string; -my $expect0 = new Net::DNS::RR('test.tld. IN DS 15791 5 1 C355F0F3F30C69BF2F7EA253ED82FBC280C2496B')->string; -my $expect1 = new Net::DNS::RR('test.tld. IN DS 63426 8 1 6173eae9bf79853e2c041b1cda02a3d70c86a20b')->string; +my $expect0 = Net::DNS::RR->new('test.tld. IN DS 15791 5 1 C355F0F3F30C69BF2F7EA253ED82FBC280C2496B')->string; +my $expect1 = Net::DNS::RR->new('test.tld. IN DS 63426 8 1 6173eae9bf79853e2c041b1cda02a3d70c86a20b')->string; my $alg0 = algorithm( $ds[0]->algorithm ); my $dig0 = digtype( $ds[0]->digtype ); @@ -148,19 +151,19 @@ is( $string1, $expect1, "DS ($alg1/$dig1) created from keyset" ); ## # Corrupted keyset -open( KEYSET, ">$filename{set3}" ) or die "Could not open $filename{set3}"; +my $handle3 = IO::File->new( $filename{set3}, '>' ) or die qq(open: "$filename{set3}" $!); -print KEYSET $keyrr1->string, "\n"; -print KEYSET $keyrr2->string, "\n"; +print $handle3 $keyrr1->string, "\n"; +print $handle3 $keyrr2->string, "\n"; my $sigstr = lc $sigrr1->string; # corrupt the base64 signature $sigstr =~ s/in.rrsig/IN RRSIG/; # fix collateral damage $sigstr =~ s/dnskey/DNSKEY/; -print KEYSET $sigstr . "\n"; -print KEYSET $sigrr2->string . "\n"; +print $handle3 $sigstr . "\n"; +print $handle3 $sigrr2->string . "\n"; -close(KEYSET); +close($handle3); my $corrupt = Net::DNS::SEC::Keyset->new( $filename{set3} ); @@ -212,7 +215,7 @@ $HexadecimalPacket =~ s/\n//g; $HexadecimalPacket =~ s/\s//g; my $packetdata = pack( "H*", $HexadecimalPacket ); -my $packet = Net::DNS::Packet->new( \$packetdata ); +my $packet = Net::DNS::Packet->new( \$packetdata ); $keyset = Net::DNS::SEC::Keyset->new($packet); @@ -238,108 +241,72 @@ my @sigrr; # All signatures have expiration date in 2030... this test should work for a while -$rr = Net::DNS::RR->new( - "example.com 100 IN DNSKEY 256 3 5 ( - AQOxFlzX8vShSG3JG2J/fngkgy64RoWr8ovG - e7MuvPJqOMHTLM5V8+TJIahSoyUd990ictNv - hDegUqLtZ8k5oQq44viFCU/H1apdEaJnLnXs - cVo+08ATlEb90MYznK9K0pm2ixbyspzRrrXp - nPi9vo9iU2xqWqw/Efha4vfi6QVs4w== - ) " - ); - -push( @keyrr, $rr ); - - -$rr = Net::DNS::RR->new( - "example.com 100 IN DNSKEY 256 3 5 ( - AQO4jhl6ilWV2mYjwWl7kcxrYyQsnnbV7pxX - m48p+SgAr+R5SKyihkjg86IjZBQHFJKZ8RsZ - dhclH2dikM+53uUEhrqVGhsqF8FsNi4nE9aM - ISiX9Zs61pTYGYboYDvgpD1WwFbD4YVVlfk7 - rCDP/zOE7H/AhkOenK2w7oiO0Jehcw== - ) " - ); - -push( @keyrr, $rr ); - - -$rr = Net::DNS::RR->new( - "example.com 100 IN DNSKEY 256 3 5 ( - AQO5fWabr7bNxDXT8YrIeclI9nvYYdKni3ef - gJfU749O3QVX9MON6WK0ed00odQF4cLeN3vP - SdhasLDI3Z3TzyAPBQS926oodxe78K9zwtPT - 1kzJxvunOdJr6+6a7/+B6rF/cwfWTW50I0+q - FykldldB44a1uS34u3HgZRQXDmAesw== - ) " - ); - -push( @keyrr, $rr ); - +push( @keyrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN DNSKEY 256 3 5 ( + AQOxFlzX8vShSG3JG2J/fngkgy64RoWr8ovGe7MuvPJqOMHTLM5V8+TJIahSoyUd990ictNv + hDegUqLtZ8k5oQq44viFCU/H1apdEaJnLnXscVo+08ATlEb90MYznK9K0pm2ixbyspzRrrXp + nPi9vo9iU2xqWqw/Efha4vfi6QVs4w== ) +END -$rr = Net::DNS::RR->new( - "example.com 100 IN DNSKEY 256 3 5 ( - AQO6uGWsox2oH36zusGA0+w3uxkZMdByanSC - jiaRHtkOA+gIxT8jmFvohxQBpVfYD+xG2pt+ - qUWauWPFPjsIUBoFqHNpqr2/B4CTiZm/rSay - HDghZBIMceMa6t4NpaOep79QmiE6oGq6yWRB - swBkPZx9uZE7BqG+WLKEp136iwWyyQ== - ) " - ); -push( @keyrr, $rr ); +push( @keyrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN DNSKEY 256 3 5 ( + AQO4jhl6ilWV2mYjwWl7kcxrYyQsnnbV7pxXm48p+SgAr+R5SKyihkjg86IjZBQHFJKZ8RsZ + dhclH2dikM+53uUEhrqVGhsqF8FsNi4nE9aMISiX9Zs61pTYGYboYDvgpD1WwFbD4YVVlfk7 + rCDP/zOE7H/AhkOenK2w7oiO0Jehcw== ) +END -$rr = Net::DNS::RR->new( - "example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 11354 example.com. - GTqyJTRbKJ0LuWbAnNni1M4JZ1pn+nXY1Zuz - Z0Kvt6OMTYCAFMFt0Wv9bncYkUuUSMGM7yGG - 9Z7g7tcdb4TKCqQPYo4gr3Qj/xgC4LESoQs0 - yAsJtLUiDfO6e4aWHmanpMGyGixYzHriS1pt - SRzirL1fTgV+kdNs5zBatUHRnQc=) " - ); +push( @keyrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN DNSKEY 256 3 5 ( + AQO5fWabr7bNxDXT8YrIeclI9nvYYdKni3efgJfU749O3QVX9MON6WK0ed00odQF4cLeN3vP + SdhasLDI3Z3TzyAPBQS926oodxe78K9zwtPT1kzJxvunOdJr6+6a7/+B6rF/cwfWTW50I0+q + FykldldB44a1uS34u3HgZRQXDmAesw== ) +END -push( @sigrr, $rr ); +push( @keyrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN DNSKEY 256 3 5 ( + AQO6uGWsox2oH36zusGA0+w3uxkZMdByanSCjiaRHtkOA+gIxT8jmFvohxQBpVfYD+xG2pt+ + qUWauWPFPjsIUBoFqHNpqr2/B4CTiZm/rSayHDghZBIMceMa6t4NpaOep79QmiE6oGq6yWRB + swBkPZx9uZE7BqG+WLKEp136iwWyyQ== ) +END -$rr = Net::DNS::RR->new( - "example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 28109 example.com. - WemQqA+uaeKqCy6sEVBU3LDORG3f+Zmix6qK - 9j1WL83UMWdd6sxNh0QJ0YL54lh9NBx+Viz7 - gajO+IM4MmayxKY4QVjp+6mHeE5zBVHMpTTu - r5T0reNtTsa8sHr15fsI49yn5KOvuq+DKG1C - gI6siM5RdFpDsS3Rmf8fiK1PyTs= )" - ); -push( @sigrr, $rr ); +push( @sigrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( + 20040601105519 11354 example.com. + GTqyJTRbKJ0LuWbAnNni1M4JZ1pn+nXY1ZuzZ0Kvt6OMTYCAFMFt0Wv9bncYkUuUSMGM7yGG + 9Z7g7tcdb4TKCqQPYo4gr3Qj/xgC4LESoQs0yAsJtLUiDfO6e4aWHmanpMGyGixYzHriS1pt + SRzirL1fTgV+kdNs5zBatUHRnQc= ) +END -$rr = Net::DNS::RR->new( - "example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 33695 example.com. - M3yVwTOMw+jAKYY5c6oS4DH7OjOdfMOevpIe - zdKqWXkehoDg9YOwz8ai17AmfgkjZnsoNu0W - NMIcaVubR3n02bkVhJb7dEd8bhbegF8T1xkL - 7rf9EQrPmM5GhHmVC90BGrcEhe//94hdXSVU - CRBi6KPFWSZDldd1go133bk/b/o= )" - ); +push( @sigrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( + 20040601105519 28109 example.com. + WemQqA+uaeKqCy6sEVBU3LDORG3f+Zmix6qK9j1WL83UMWdd6sxNh0QJ0YL54lh9NBx+Viz7 + gajO+IM4MmayxKY4QVjp+6mHeE5zBVHMpTTur5T0reNtTsa8sHr15fsI49yn5KOvuq+DKG1C + gI6siM5RdFpDsS3Rmf8fiK1PyTs= ) +END -push( @sigrr, $rr ); +push( @sigrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( + 20040601105519 33695 example.com. + M3yVwTOMw+jAKYY5c6oS4DH7OjOdfMOevpIezdKqWXkehoDg9YOwz8ai17AmfgkjZnsoNu0W + NMIcaVubR3n02bkVhJb7dEd8bhbegF8T1xkL7rf9EQrPmM5GhHmVC90BGrcEhe//94hdXSVU + CRBi6KPFWSZDldd1go133bk/b/o= ) +END -$rr = Net::DNS::RR->new( - "example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( - 20040601105519 39800 example.com. - Mmhn2Ql6ExmyHvZFWgt+CBRw5No8yM0rdH1b - eU4is5gRbd3I0j5z6PdtpYjAkWiZNdYsRT0o - P7TQIsADfB0FLIFojoREg8kp+OmbpRTsLTgO - QYC95u5WodYGz03O0EbnQ7k4gkje6385G40D - JVl0xVfujHBMbB+keiSphD3mG4I= )" - ); -push( @sigrr, $rr ); +push( @sigrr, Net::DNS::RR->new( <<'END' ) ); +example.com 100 IN RRSIG DNSKEY 5 2 100 20300101000000 ( + 20040601105519 39800 example.com. + Mmhn2Ql6ExmyHvZFWgt+CBRw5No8yM0rdH1beU4is5gRbd3I0j5z6PdtpYjAkWiZNdYsRT0o + P7TQIsADfB0FLIFojoREg8kp+OmbpRTsLTgOQYC95u5WodYGz03O0EbnQ7k4gkje6385G40D + JVl0xVfujHBMbB+keiSphD3mG4I= ) +END my $ks = Net::DNS::SEC::Keyset->new( [@keyrr], [@sigrr] ); @@ -358,9 +325,9 @@ is( scalar(@keydiff), 0, "Keys out equal to keys in" ); $datarrset = [$keyrr1, $keyrr2]; -$sigrr1 = create Net::DNS::RR::RRSIG( $datarrset, $keyfile1, ttl => 3600 ); +$sigrr1 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); -$sigrr2 = create Net::DNS::RR::RRSIG( $datarrset, $keyfile2, ttl => 3600 ); +$sigrr2 = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile2, ttl => 3600 ); ok( $sigrr1, 'RSA signature created' ); @@ -376,15 +343,15 @@ ok( !$keyset->verify(9734), "Verification against keytag 9734 failed" ); is( $keyset->keyset_err, "No signature made with 9734 found", "Expected error message" ); -my $corruptible = create Net::DNS::RR::RRSIG( $datarrset, $keyfile1, ttl => 3600 ); +my $corruptible = Net::DNS::RR::RRSIG->create( $datarrset, $keyfile1, ttl => 3600 ); my $unverifiable = Net::DNS::SEC::Keyset->new( $datarrset, [$corruptible] ); -my $badsig = create Net::DNS::RR::RRSIG( [$sigrr1], $keyfile1, ttl => 3600 ); +my $badsig = Net::DNS::RR::RRSIG->create( [$sigrr1], $keyfile1, ttl => 3600 ); $corruptible->sigbin( $badsig->sigbin ); is( scalar( $unverifiable->extract_ds ), 0, 'No DS from unverifiable keyset' ); -my $bogus = new Net::DNS::RR <<'END'; +my $bogus = Net::DNS::RR->new( <<'END' ); bogus.tld. IN DNSKEY 257 3 5 ( AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm diff --git a/t/20-digest.t b/t/20-digest.t index 5f1f42e..6f2dec0 100644 --- a/t/20-digest.t +++ b/t/20-digest.t @@ -1,14 +1,16 @@ -# $Id: 20-digest.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 20-digest.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; use Test::More; my %prerequisite = ( 'Net::DNS::SEC' => 1.15, ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -27,11 +29,13 @@ my %digest = ( SHA224 => '730e109bd7a8a32b1cb9d9a09aa2325d2430587ddbc0c38bad911525', SHA256 => 'd7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592', SHA384 => 'ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1', - SHA512 => '07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6', + SHA512 => +'07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6', SHA3_224 => 'd15dadceaa4d5d7bb3b48f446421d542e08ad8887305e28d58335795', SHA3_256 => '69070dda01975c8c120c3aada1b282394e7f032fa9cf32f4cb2259a0897dfc04', SHA3_384 => '7063465e08a93bce31cd89d2e3ca8f602498696e253592ed26f07bf7e703cf328581e1471a7ba7ab119b1a9ebdf8be41', - SHA3_512 => '01dedd5de4ef14642445ba5f5b97c15e47b9ad931326e4b0727cd94cefc44fff23f07bf543139939b49128caf436dc1bdee54fcb24023a08d9403f9b4bf0d450', + SHA3_512 => +'01dedd5de4ef14642445ba5f5b97c15e47b9ad931326e4b0727cd94cefc44fff23f07bf543139939b49128caf436dc1bdee54fcb24023a08d9403f9b4bf0d450', ); @@ -47,6 +51,7 @@ sub test { $object->add($head); $object->add($tail); is( unpack( 'H*', $object->digest ), $digest{$mnemonic}, "concatenated digest $mnemonic" ); + return; } diff --git a/t/21-RSA-MD5.t b/t/21-RSA-MD5.t index 26ce8ac..caecb15 100644 --- a/t/21-RSA-MD5.t +++ b/t/21-RSA-MD5.t @@ -1,7 +1,10 @@ -# $Id: 21-RSA-MD5.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 21-RSA-MD5.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::RSA'); +use_ok( my $class = 'Net::DNS::SEC::RSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); RSAMD5.example. IN KEY 512 3 1 ( AwEAAc6K704XNTQYlCPw1R5qBNdPg3SxOdhEWdDFlPdCeeBL1UDSdUG1ijcNkoGCKpFXLaTqeJAH +VkXhOGUSvFxIOOmtxb3ubwFf80Up1iKwACNmfCgDlGm8EzGKVoPGcuXkwcxFsQtBoKqT6lWR3at @@ -49,8 +52,8 @@ ok( $key, 'set up RSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 Algorithm: 1 (RSA) Modulus: zorvThc1NBiUI/DVHmoE10+DdLE52ERZ0MWU90J54EvVQNJ1QbWKNw2SgYIqkVctpOp4kAf5WReE4ZRK8XEg46a3Fve5vAV/zRSnWIrAAI2Z8KAOUabwTMYpWg8Zy5eTBzEWxC0GgqpPqVZHdq3oxP9ue7AghVoP3W7Uv7+1XDs= @@ -62,24 +65,24 @@ Exponent1: FvM17Mk/+CQC6Vkohy/wT9ShAzA3An/U9ntxz2MQ5b/IKYBNzwaf4o9gDejqzyhr38tE0 Exponent2: KEOs3Q3q3K7sLRjzNtbxyPxZvNHRJJgqp07tusUCfXOB7+zqCkQQOtavxvGs1ZmSUp6VeppG4ZSDw/UACVc75Q== Coefficient: QIVRcEFrFbmhJntBjCZOgJ4tKaiJJ3s4J97RMR6xQ1pLVwlOKKozJbjVx2tZyb11/UQliVTHlgrqYGL/oWBMKw== END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up RSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupt' ); diff --git a/t/22-RSA-SHA1.t b/t/22-RSA-SHA1.t index 4a8b4a6..772e527 100644 --- a/t/22-RSA-SHA1.t +++ b/t/22-RSA-SHA1.t @@ -1,7 +1,10 @@ -# $Id: 22-RSA-SHA1.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 22-RSA-SHA1.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::RSA'); +use_ok( my $class = 'Net::DNS::SEC::RSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); RSASHA1.example. IN DNSKEY ( 257 3 5 AwEAAefP0RzK3K39a5wznjeWA1PssI2dxqPb9SL+ppY8wcimOuEBmSJP5n6/bwg923VFlRiYJHe5 if4saxWCYenQ46hWz44sK943K03tfHkxo54ayAk/7dMj1wQ7Dby5FJ1AAMGZZO65BlKSD+2BTcwp @@ -50,8 +53,8 @@ ok( $key, 'set up RSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 ; comment discarded @@ -66,30 +69,30 @@ Exponent1: nGakbdMmIx9EaMuhRhwIJTWGhz+jCdDrnhI4LRTqM019oiDke7VFHvH1va18t9F/Ek/3Z Exponent2: evAuKygVGsxghXtEkQ9rOfOMTGDtdyVxiMO8mdKt9plV69kHLz1n9RRtoVXmx28ynQtK/YvFdlUulzb+fWwWHTGv4scq8V9uITKSWwxJcNMx3upCyugDfuh0aoX6vBV5lMXBtWPmnusbOTBZgArvTLSPI/qwCEiedE1j34/dYVs= Coefficient: JTEzUDflC+G0if7uqsJ2sw/x2aCHMjsCxYSmx2bJOW/nhQTQpzafL0N8E6WmKuEP4qAaqQjWrDyxy0XcAJrfcojJb+a3j2ndxYpev7Rq8f7P6M7qqVL0Nzj9rWFH7pyvWMnH584viuhPcDogy8ymHpNNuAF+w98qjnGD8UECiV4= END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up RSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupted' ); # The following tests are not replicated for other RSA/SHA flavours -my $wrongkey = new Net::DNS::RR <<'END'; +my $wrongkey = Net::DNS::RR->new( <<'END' ); DSA.example. IN DNSKEY 256 3 3 ( CMKzsCaT2Jy1w/sPdpigEE+nbeJ/x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk 7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL @@ -107,8 +110,8 @@ ok( $wrongkey, 'set up non-RSA public key' ); my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; -open( KEY, ">$wrongfile" ) or die "$wrongfile $!"; -print KEY <<'END'; +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; Private-key-format: v1.2 Algorithm: 3 (DSA) Prime(p): x5C6cruWvStVum6/YulcR7MHeujx9c2iBDbo3kW4X8/l+qgk7ZEZ+yV5lphWtJMmMtOHIU+YdAhgLpt84NKhcupWL8wfuBW/97cqIv5Z+51fwn0YEAcZsoCrE0nL5+31VfkK9LTNuVo38hsbWa3eWZFalID5NesF6sJRgXZoAyc= @@ -117,20 +120,17 @@ Base(g): gB+OhEFQqtVAZ52h7Jb0g5HW/mdZE2zEOuGVSP7AUV0W6iHA5V1Wbqwkw1eyS/SmcMH3sq0 Private_value(x): vdClrOqZ1qONKg0CZH5hVnq1i40= Public_value(y): tJ7SCYBS/SpetzOYhgVQKhEZnr6UpWpBDp/ZTsayvrNFt4k34kJUPoEnnbOMtRpZQ8dtqSFlv/Aw7uuhf+2cD/DOgNgEggXvK5FhZuWA9cElMrYGnTvGt7yUoJFvNjgn9VdkXOJmAeByf22Qeet+i/ThQb3OVYR1PpcT/rQeOs8= END -close(KEY); +close($handle); -my $wrongprivate = new Net::DNS::SEC::Private($wrongfile); +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); ok( $wrongprivate, 'set up non-RSA private key' ); -is( eval { Net::DNS::SEC::RSA->sign( $sigdata, $wrongprivate ) }, undef, - 'signature not created using wrong private key' ); +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -is( eval { Net::DNS::SEC::RSA->verify( $sigdata, $wrongkey, $signature ) }, undef, - 'signature not verifiable using wrong public key' ); +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); -is( eval { Net::DNS::SEC::RSA->verify( $sigdata, $key, undef ) }, undef, - 'verify fails if signature undefined' ); +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); # test detection of invalid private key descriptors @@ -155,7 +155,7 @@ ok( $exception4, "unspecified signame: [$exception4]" ); eval { my $longformat = pack 'xn a*', unpack 'C a*', $key->keybin; $key->keybin($longformat); - Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); + $class->verify( $sigdata, $key, $signature ); }; diff --git a/t/23-RSA-SHA256.t b/t/23-RSA-SHA256.t index 8969085..88af34c 100644 --- a/t/23-RSA-SHA256.t +++ b/t/23-RSA-SHA256.t @@ -1,7 +1,10 @@ -# $Id: 23-RSA-SHA256.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 23-RSA-SHA256.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::RSA'); +use_ok( my $class = 'Net::DNS::SEC::RSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); RSASHA256.example. IN DNSKEY 256 3 8 ( AwEAAZRSF/5NLnExp5n4M6ynF2Yok3N2aG9AWu8/vKQrZGFQcbL+WPGYbWUtMpiNXmvzTr2j86kN QU4wBawm589mjzXgVQRfXYDMMFhHMtagzEKOiNy2ojhhFyS7r2O2vUbo4hGbnM54ynSM1al+ygKU @@ -49,8 +52,8 @@ ok( $key, 'set up RSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 Algorithm: 8 (RSASHA256) Modulus: lFIX/k0ucTGnmfgzrKcXZiiTc3Zob0Ba7z+8pCtkYVBxsv5Y8ZhtZS0ymI1ea/NOvaPzqQ1BTjAFrCbnz2aPNeBVBF9dgMwwWEcy1qDMQo6I3LaiOGEXJLuvY7a9RujiEZucznjKdIzVqX7KApQbLVM3Me5gyLCH6CxAKwLmF8k= @@ -62,24 +65,24 @@ Exponent1: lgk3AxTWfjcqA8wVpesv/ezzku0W95Xtto9YhhDg54m5XYOR8e1A7znDsaO2OnAyAIXlD Exponent2: KyNVekFYhgtqkFFvxs2TPIAewDZoExayLTzFaZK2E0PllxVfZnLwFV04wpA//K6zzC3BxCbI2HIygPA2JGHo7Q== Coefficient: R3pSnerhKwfAHrH3iyojUzKzhM+AQ+97CWavx36eyKT3Yr/SIDANeeXGlT9U7RdxbkZzyeWbFNCnT+b89UX1RQ== END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up RSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupt' ); diff --git a/t/24-RSA-SHA512.t b/t/24-RSA-SHA512.t index 72347d0..eb14279 100644 --- a/t/24-RSA-SHA512.t +++ b/t/24-RSA-SHA512.t @@ -1,7 +1,10 @@ -# $Id: 24-RSA-SHA512.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 24-RSA-SHA512.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::RSA'); +use_ok( my $class = 'Net::DNS::SEC::RSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); RSASHA512.example. IN DNSKEY 256 3 10 ( AwEAAdLaxcxvgdQKF3zSOuXQgwWPQ+dKzJ3Ob4w3r+o73i2MnhE0HBHuTzUZGVjGR05VGqZaJx64 LNt0Wlxxoxt3Uwaq55t5MzN3LYYYEcMQ1XPhPG1nNuD0LiqlqL+KmQqlAo3cm4F71gr/GXQiPG3O @@ -49,8 +52,8 @@ ok( $key, 'set up RSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.3 Algorithm: 10 (RSASHA512) Modulus: 0trFzG+B1AoXfNI65dCDBY9D50rMnc5vjDev6jveLYyeETQcEe5PNRkZWMZHTlUaplonHrgs23RaXHGjG3dTBqrnm3kzM3cthhgRwxDVc+E8bWc24PQuKqWov4qZCqUCjdybgXvWCv8ZdCI8bc5YzXW6Wu4MpmnJ9iDU1avK7cU= @@ -65,24 +68,24 @@ Created: 20141208233433 Publish: 20141208233433 Activate: 20141208233433 END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up RSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::RSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::RSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::RSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupt' ); diff --git a/t/31-DSA-SHA1.t b/t/31-DSA-SHA1.t index 0bc7bc9..76a927f 100644 --- a/t/31-DSA-SHA1.t +++ b/t/31-DSA-SHA1.t @@ -1,7 +1,10 @@ -# $Id: 31-DSA-SHA1.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 31-DSA-SHA1.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -34,10 +37,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::DSA'); +use_ok( my $class = 'Net::DNS::SEC::DSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); DSA.example. IN DNSKEY ( 257 3 3 CKrKbLrir4slVXYFrA4Y8Rik/UxzkCo1Rp0Spz907VrJL8u3I/YKTTvoMh/GL2n3/NL/KgzNRWb8 pLB3FIWHjXXhn3r3sbld180DI4tv98CZKr86UDP0UUHVE/DkkEZw5PAy2nyhhKTJRvbR4ZT0OSZY @@ -54,8 +57,8 @@ ok( $key, 'set up DSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 Algorithm: 3 (DSA) Prime(p): kCo1Rp0Spz907VrJL8u3I/YKTTvoMh/GL2n3/NL/KgzNRWb8pLB3FIWHjXXhn3r3sbld180DI4tv98CZKr86UDP0UUHVE/DkkEZw5PAy2nyhhKTJRvbR4ZT0OSZY+GZA2hIzmMYk4gR2mwa3jCmAGqw2i0OtAYzSOe06uoELZLk= @@ -64,13 +67,13 @@ Base(g): fepEbBZOvTnEMc6wys+QRGWaTQaX2VAZPwkTw8QRNsYyZKt1aXoQFAjDhaT0JRLltg+gjbi Private_value(x): drOKJBTwCM0O9U6tpIgymGyBrao= Public_value(y): V/LmUROLLDy8NolL8mELZZArPHEGjihr8oVcUB3o1HpsTmHldFZapm+bawGBzL6wpNspxHg8O9oCgyC4GMN6KCb81XqmE1sBFX3bo3JBk6Lm5R4FgDXq/UqdSWXsDcj3C3fKRUhvHRaoHg7POTY8X/e8ffC507lsvvbMrVijHrQ= END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up DSA private key' ); -my $wrongkey = new Net::DNS::RR <<'END'; +my $wrongkey = Net::DNS::RR->new( <<'END' ); RSAMD5.example. IN KEY ( 512 3 1 AwEAAcUHtdNvhdBKMkUle+MJ+ntJ148yfsITtZC0g93EguURfU113BQVk6tzgXP/aXs4OptkCgrL sTapAZr5+vQ8jNbLp/uUTqEUzBRMBqi0W78B3aEb7vEsC0FB6VLoCcjylDcKzzWHm4rj1ACN2Zbu @@ -82,8 +85,8 @@ ok( $wrongkey, 'set up non-DSA public key' ); my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; -open( KEY, ">$wrongfile" ) or die "$wrongfile $!"; -print KEY <<'END'; +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; Private-key-format: v1.2 Algorithm: 1 (RSA) Modulus: xQe102+F0EoyRSV74wn6e0nXjzJ+whO1kLSD3cSC5RF9TXXcFBWTq3OBc/9pezg6m2QKCsuxNqkBmvn69DyM1sun+5ROoRTMFEwGqLRbvwHdoRvu8SwLQUHpUugJyPKUNwrPNYebiuPUAI3Zlu7p5PzyUNgdM+IZCyTDksYLN7s= @@ -95,35 +98,32 @@ Exponent1: rcETgHChtYJmBDIYTrXCaf8get2wnAY76ObzPF7DrVxZBWExzt7YFFXEU7ncuTDF8DQ9m Exponent2: qtb8vPi3GrDCGKETkHshCank09EDRhGY7CKZpI0fpMogWqCrydrIh5xfKZ2d9SRHVaF8QrhPO7TM1OIqkXdZ3Q== Coefficient: IUxSSCxp+TotMTbloOt/aTtxlaz0b5tSS7dBoLa7//tmHZvHQjftEw8KbXC89QhHd537YZX4VcK/uYbU6SesRA== END -close(KEY); +close($handle); -my $wrongprivate = new Net::DNS::SEC::Private($wrongfile); +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); ok( $wrongprivate, 'set up non-DSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::DSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::DSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::DSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -is( eval { Net::DNS::SEC::DSA->sign( $sigdata, $wrongprivate ) }, undef, - 'signature not created using wrong private key' ); +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -is( eval { Net::DNS::SEC::DSA->verify( $sigdata, $wrongkey, $signature ) }, undef, - 'signature not verifiable using wrong public key' ); +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); -is( eval { Net::DNS::SEC::DSA->verify( $sigdata, $key, undef ) }, undef, - 'verify fails if signature undefined' ); +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/51-ECDSA-P256.t b/t/51-ECDSA-P256.t index dbc2614..05b5604 100644 --- a/t/51-ECDSA-P256.t +++ b/t/51-ECDSA-P256.t @@ -1,17 +1,20 @@ -# $Id: 51-ECDSA-P256.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 51-ECDSA-P256.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.01, 'MIME::Base64' => 2.13, ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::ECDSA'); +use_ok( my $class = 'Net::DNS::SEC::ECDSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); ECDSAP256SHA256.example. IN DNSKEY ( 257 3 13 IYHbvpnqrhxM4i0SuOyAq9hk19tNXpjja7jCQnfAjZBFBfcLorJPnq4FWMVDg6QT2C4JeW0yCxK4 iEhb4w9KWQ== ) ; Key ID = 27566 @@ -47,8 +50,8 @@ ok( $key, 'set up ECDSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.3 Algorithm: 13 (ECDSAP256SHA256) PrivateKey: w+AjPo650IA8DWeEq5QqZ2LWYpuC/oeEaYaGE1ZvKyA= @@ -56,13 +59,13 @@ Created: 20141209015301 Publish: 20141209015301 Activate: 20141209015301 END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up ECDSA private key' ); -my $wrongkey = new Net::DNS::RR <<'END'; +my $wrongkey = Net::DNS::RR->new( <<'END' ); RSASHA1.example. IN DNSKEY ( 256 3 5 AwEAAZHbngk6sMoFHN8fsYY6bmGR4B9UYJIqDp+mORLEH53Xg0f6RMDtfx+H3/x7bHTUikTr26bV AqsxOs2KxyJ2Xx9RGG0DB9O4gpANljtTq2tLjvaQknhJpSq9vj4CqUtr6Wu152J2aQYITBoQLHDV @@ -74,8 +77,8 @@ ok( $wrongkey, 'set up non-ECDSA public key' ); my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; -open( KEY, ">$wrongfile" ) or die "$wrongfile $!"; -print KEY <<'END'; +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; Private-key-format: v1.2 Algorithm: 5 (RSASHA1) Modulus: kdueCTqwygUc3x+xhjpuYZHgH1RgkioOn6Y5EsQfndeDR/pEwO1/H4ff/HtsdNSKROvbptUCqzE6zYrHInZfH1EYbQMH07iCkA2WO1Ora0uO9pCSeEmlKr2+PgK @@ -89,35 +92,32 @@ Exponent1: muRjmptQ4iZYOEOcwZkLrx4nsIEvgTi9rKf6bgHsfTmWNBf1BKSsgBCMPowti6djBN5iQ Exponent2: KE8Xe4T6Vzx7BYBSWlWgtxpS8aqwIrZiCrptLZFVwGlr3PwiEwd3awtVHkIbgjGpy5qKd/wsZYl/d7CJ0A7tgQ== Coefficient: p9WMT9cDpT7BXcKBXnrMLV8O31ujZ17nwlmlFe3+0n2VCx2T/CSz72xssffn0n2q0DaHHfu9SxR1RLgmDUzVEA== END -close(KEY); +close($handle); -my $wrongprivate = new Net::DNS::SEC::Private($wrongfile); +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); ok( $wrongprivate, 'set up non-ECDSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::ECDSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::ECDSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::ECDSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -is( eval { Net::DNS::SEC::ECDSA->sign( $sigdata, $wrongprivate ) }, undef, - 'signature not created using wrong private key' ); +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -is( eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $wrongkey, $signature ) }, undef, - 'signature not verifiable using wrong public key' ); +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); -is( eval { Net::DNS::SEC::ECDSA->verify( $sigdata, $key, undef ) }, undef, - 'verify fails if signature undefined' ); +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/52-ECDSA-P384.t b/t/52-ECDSA-P384.t index f52f186..3c98be3 100644 --- a/t/52-ECDSA-P384.t +++ b/t/52-ECDSA-P384.t @@ -1,17 +1,20 @@ -# $Id: 52-ECDSA-P384.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 52-ECDSA-P384.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( - 'Net::DNS::SEC' => 1.01, + 'Net::DNS::SEC' => 1.01, 'MIME::Base64' => 2.13, ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,10 +36,10 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::ECDSA'); +use_ok( my $class = 'Net::DNS::SEC::ECDSA' ); -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); ECDSAP384SHA384.example. IN DNSKEY 256 3 14 ( K4t0AhWiJcLZ25BlpvfxCi2KMlkBr14zECH3Y2imMYOzn5zcMpOh0iPbI9Hnfep8L+BBzQrRFNmc 5r3r0l0y+snHIc/npdK/1Ks0ZG/aMB5r/PfJGeB5MLdtcanFir2S ; Key ID = 25812 @@ -48,8 +51,8 @@ ok( $key, 'set up ECDSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.3 Algorithm: 14 (ECDSAP384SHA384) PrivateKey: mvuhyr+QDMqo4bpeREFRM2w8qZsBiLiCouR0sihdinvpRA3zA/dByohgH4CLI7Kr @@ -57,24 +60,24 @@ Created: 20141209021155 Publish: 20141209021155 Activate: 20141209021155 END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up ECDSA private key' ); my $sigdata = 'arbitrary data'; +my $corrupt = 'corrupted data'; -my $signature = Net::DNS::SEC::ECDSA->sign( $sigdata, $private ); +my $signature = $class->sign( $sigdata, $private ); ok( $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::ECDSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::ECDSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupted' ); diff --git a/t/61-Ed25519.t b/t/61-Ed25519.t index b9981f8..a406e39 100644 --- a/t/61-Ed25519.t +++ b/t/61-Ed25519.t @@ -1,7 +1,10 @@ -# $Id: 61-Ed25519.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 61-Ed25519.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,12 +36,12 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::EdDSA'); +use_ok( my $class = 'Net::DNS::SEC::EdDSA' ); # Specimen private and public keys taken from RFC8080 -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); ED25519.example. IN DNSKEY ( 257 3 15 l02Woi0iS8Aa25FQkUd9RMzZHJpBoRQwAQEX1SxZJA4= ) ; Key ID = 3613 END @@ -48,19 +51,19 @@ ok( $key, 'set up EdDSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 Algorithm: 15 (ED25519) PrivateKey: ODIyNjAzODQ2MjgwODAxMjI2NDUxOTAyMDQxNDIyNjI= END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up EdDSA private key' ); -my $wrongkey = new Net::DNS::RR <<'END'; +my $wrongkey = Net::DNS::RR->new( <<'END' ); ECDSAP256SHA256.example. IN DNSKEY 256 3 13 ( 7Y4BZY1g9uzBwt3OZexWk7iWfkiOt0PZ5o7EMip0KBNxlBD+Z58uWutYZIMolsW8v/3rfgac45lO IikBZK4KZg== ; Key ID = 44222 @@ -72,45 +75,43 @@ ok( $wrongkey, 'set up non-EdDSA public key' ); my $wrongfile = $filename{wrongfile} = $wrongkey->privatekeyname; -open( KEY, ">$wrongfile" ) or die "$wrongfile $!"; -print KEY <<'END'; +my $handle = IO::File->new( $wrongfile, '>' ) or die qq(open: "$wrongfile" $!); +print $handle <<'END'; Private-key-format: v1.2 Algorithm: 13 (ECDSAP256SHA256) PrivateKey: m/dWhFblAGQnabJoKbs0vXoQidjNzlTcbPAqntUXWi0= END -close(KEY); +close($handle); -my $wrongprivate = new Net::DNS::SEC::Private($wrongfile); +my $wrongprivate = Net::DNS::SEC::Private->new($wrongfile); ok( $wrongprivate, 'set up non-EdDSA private key' ); my $sigdata = 'arbitrary data'; ## Note: ED25519 signing is deterministic +my $corrupt = 'corrupted data'; + my $signature = pack 'H*', join '', qw( cb7a60fedc08b09995d522410962c6eb0fd0ea34e16fe094c99582fbb14e7a87 c14292cf8c28af0efe6ee30cbf9d643cba3ab56f1e1ae27b6074147ed9c55a0e ); -my $signed = eval { Net::DNS::SEC::EdDSA->sign( $sigdata, $private ); } || ''; +my $signed = eval { $class->sign( $sigdata, $private ); } || ''; ok( $signed eq $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::EdDSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::EdDSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupted' ); -is( eval { Net::DNS::SEC::EdDSA->sign( $sigdata, $wrongprivate ) }, undef, - 'signature not created using wrong private key' ); +is( eval { $class->sign( $sigdata, $wrongprivate ) }, undef, 'signature not created using wrong private key' ); -is( eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $wrongkey, $signature ) }, undef, - 'signature not verifiable using wrong public key' ); +is( eval { $class->verify( $sigdata, $wrongkey, $signature ) }, undef, 'verify fails using wrong public key' ); -is( eval { Net::DNS::SEC::EdDSA->verify( $sigdata, $key, undef ) }, undef, - 'verify fails if signature undefined' ); +is( eval { $class->verify( $sigdata, $key, undef ) }, undef, 'verify fails if signature undefined' ); exit; diff --git a/t/62-Ed448.t b/t/62-Ed448.t index 0b60995..48b27b9 100644 --- a/t/62-Ed448.t +++ b/t/62-Ed448.t @@ -1,7 +1,10 @@ -# $Id: 62-Ed448.t 1777 2020-05-07 08:24:01Z willem $ -*-perl-*- +#!/usr/bin/perl +# $Id: 62-Ed448.t 1808 2020-09-28 22:08:11Z willem $ -*-perl-*- # use strict; +use warnings; +use IO::File; use Test::More; my %prerequisite = ( @@ -10,8 +13,8 @@ my %prerequisite = ( ); foreach my $package ( sort keys %prerequisite ) { - my @revision = grep $_, $prerequisite{$package}; - next if eval "use $package @revision; 1;"; + my @revision = grep {$_} $prerequisite{$package}; + next if eval "use $package @revision; 1;"; ## no critic plan skip_all => "missing prerequisite $package @revision"; exit; } @@ -33,12 +36,12 @@ END { use_ok('Net::DNS::SEC'); use_ok('Net::DNS::SEC::Private'); -use_ok('Net::DNS::SEC::EdDSA'); +use_ok( my $class = 'Net::DNS::SEC::EdDSA' ); # Specimen private and public keys taken from RFC8080 -my $key = new Net::DNS::RR <<'END'; +my $key = Net::DNS::RR->new( <<'END' ); ED448.example.com. IN DNSKEY ( 257 3 16 3kgROaDjrh0H2iuixWBrc8g2EpBBLCdGzHmn+G2MpTPhpj/OiBVHHSfPodx1FYYUcJKm1MDpJtIA ) ; Key ID = 9713 @@ -49,19 +52,21 @@ ok( $key, 'set up EdDSA public key' ); my $keyfile = $filename{keyfile} = $key->privatekeyname; -open( KEY, ">$keyfile" ) or die "$keyfile $!"; -print KEY <<'END'; +my $privatekey = IO::File->new( $keyfile, '>' ) or die qq(open: "$keyfile" $!); +print $privatekey <<'END'; Private-key-format: v1.2 Algorithm: 16 (ED448) PrivateKey: xZ+5Cgm463xugtkY5B0Jx6erFTXp13rYegst0qRtNsOYnaVpMx0Z/c5EiA9x8wWbDDct/U3FhYWA END -close(KEY); +close($privatekey); -my $private = new Net::DNS::SEC::Private($keyfile); +my $private = Net::DNS::SEC::Private->new($keyfile); ok( $private, 'set up EdDSA private key' ); my $sigdata = 'arbitrary data'; ## Note: ED448 signing is deterministic +my $corrupt = 'corrupted data'; + my $signature = pack 'H*', join '', qw( 01f546bfe2fd040170133b3797c1c95a31dbb2f216d95f44ced76998f7dc8e16 8f7082550a83eea4ebeb66e34696249d790db5ba76047ca9002a3dedc10e6d26 @@ -69,16 +74,15 @@ my $signature = pack 'H*', join '', qw( f7651f828fb64c200e2ee5d0686490910c00 ); -my $signed = eval { Net::DNS::SEC::EdDSA->sign( $sigdata, $private ) } || ''; +my $signed = eval { $class->sign( $sigdata, $private ) } || ''; ok( $signed eq $signature, 'signature created using private key' ); -my $verified = Net::DNS::SEC::EdDSA->verify( $sigdata, $key, $signature ); +my $verified = $class->verify( $sigdata, $key, $signature ); is( $verified, 1, 'signature verified using public key' ); -my $corrupt = 'corrupted data'; -my $verifiable = Net::DNS::SEC::EdDSA->verify( $corrupt, $key, $signature ); +my $verifiable = $class->verify( $corrupt, $key, $signature ); is( $verifiable, 0, 'signature not verifiable if data corrupt' ); |