From bc59dcd76e804bf707d7d856d75155d2d3d19ccc Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 17 Oct 2014 15:57:49 -0700
Subject: [PATCH] [v9_10] add diffie-hellman key unit test

3978.	[test]		Added a unit test for Diffie-Hellman key
			computation, completing change #3974. [RT #37477]

(cherry picked from commit 188690149b54145e1936898e565eb9eec139bbfe)
---
 CHANGES                          |  5 +-
 lib/dns/tests/Kdh.+002+18602.key |  1 +
 lib/dns/tests/Makefile.in        |  7 +++
 lib/dns/tests/dh_test.c          | 97 ++++++++++++++++++++++++++++++++
 4 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 lib/dns/tests/Kdh.+002+18602.key
 create mode 100644 lib/dns/tests/dh_test.c

diff --git a/CHANGES b/CHANGES
index d496671fbe..2814ed4871 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,12 @@
+3978.	[test]		Added a unit test for Diffie-Hellman key
+			computation, completing change #3974. [RT #37477]
+
 3976.	[bug]		When refreshing managed-key trust anchors, clear
 			any cached trust so that they will always be
 			revalidated with the current set of secure
 			roots. [RT #37506]
 
-3974.	[bug]		handle DH_compute_key() failure correctly in
+3974.	[bug]		Handle DH_compute_key() failure correctly in
 			openssldh_link.c. [RT #37477]
 
 3972.	[bug]		Fix host's usage statement. [RT #37397]
diff --git a/lib/dns/tests/Kdh.+002+18602.key b/lib/dns/tests/Kdh.+002+18602.key
new file mode 100644
index 0000000000..09b4cf56aa
--- /dev/null
+++ b/lib/dns/tests/Kdh.+002+18602.key
@@ -0,0 +1 @@
+dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg==
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
index 006af0f875..aa6b2a3fef 100644
--- a/lib/dns/tests/Makefile.in
+++ b/lib/dns/tests/Makefile.in
@@ -41,6 +41,7 @@ OBJS =		dnstest.@O@
 SRCS =		db_test.c \
 		dbdiff_test.c \
 		dbiterator_test.c \
+		dh_test.c \
 		dispatch_test.c \
 		dnstest.c \
 		geoip_test.c \
@@ -65,6 +66,7 @@ TARGETS =	db_test@EXEEXT@ \
 		dbdiff_test@EXEEXT@ \
 		dbiterator_test@EXEEXT@ \
 		dbversion_test@EXEEXT@ \
+		dh_test@EXEEXT@ \
 		dispatch_test@EXEEXT@ \
 		geoip_test@EXEEXT@ \
 		gost_test@EXEEXT@ \
@@ -199,6 +201,11 @@ gost_test@EXEEXT@: gost_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
 			gost_test.@O@ dnstest.@O@ ${DNSLIBS} \
 			${ISCLIBS} ${LIBS}
 
+dh_test@EXEEXT@: dh_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+			dh_test.@O@ dnstest.@O@ ${DNSLIBS} \
+			${ISCLIBS} ${LIBS}
+
 unit::
 	sh ${top_srcdir}/unit/unittest.sh
 
diff --git a/lib/dns/tests/dh_test.c b/lib/dns/tests/dh_test.c
new file mode 100644
index 0000000000..25a17b602e
--- /dev/null
+++ b/lib/dns/tests/dh_test.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* ! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <unistd.h>
+
+#include <isc/util.h>
+#include <isc/string.h>
+
+#include <dns/name.h>
+#include <dst/result.h>
+
+#include "../dst_internal.h"
+
+#include "dnstest.h"
+
+#ifdef OPENSSL
+
+ATF_TC(isc_dh_computesecret);
+ATF_TC_HEAD(isc_dh_computesecret, tc) {
+	atf_tc_set_md_var(tc, "descr", "OpenSSL DH_compute_key() failure");
+}
+ATF_TC_BODY(isc_dh_computesecret, tc) {
+	dst_key_t *key = NULL;
+	isc_buffer_t buf;
+	unsigned char array[1024];
+	isc_result_t ret;
+	dns_fixedname_t fname;
+	dns_name_t *name;
+
+	UNUSED(tc);
+
+	ret = dns_test_begin(NULL, ISC_FALSE);
+	ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+
+	dns_fixedname_init(&fname);
+	name = dns_fixedname_name(&fname);
+	isc_buffer_constinit(&buf, "dh.", 3);
+	isc_buffer_add(&buf, 3);
+	ret = dns_name_fromtext(name, &buf, NULL, 0, NULL);
+	ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+
+	ret = dst_key_fromfile(name, 18602, DST_ALG_DH,
+			       DST_TYPE_PUBLIC | DST_TYPE_KEY,
+			       "./", mctx, &key);
+	ATF_REQUIRE_EQ(ret, ISC_R_SUCCESS);
+
+	isc_buffer_init(&buf, array, sizeof(array));
+	ret = dst_key_computesecret(key, key, &buf);
+	ATF_REQUIRE_EQ(ret, DST_R_NOTPRIVATEKEY);
+	ret = key->func->computesecret(key, key, &buf);
+	ATF_REQUIRE_EQ(ret, DST_R_COMPUTESECRETFAILURE);
+
+	dst_key_free(&key);
+	dns_test_end();
+}
+#else
+ATF_TC(untested);
+ATF_TC_HEAD(untested, tc) {
+	atf_tc_set_md_var(tc, "descr", "skipping OpenSSL DH test");
+}
+ATF_TC_BODY(untested, tc) {
+	UNUSED(tc);
+	atf_tc_skip("OpenSSL DH not compiled in");
+}
+#endif
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+#ifdef OPENSSL
+	ATF_TP_ADD_TC(tp, isc_dh_computesecret);
+#else
+	ATF_TP_ADD_TC(tp, untested);
+#endif
+	return (atf_no_error());
+}