1 /* 2 * testcode/unitverify.c - unit test for signature verification routines. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 * 35 */ 36 /** 37 * \file 38 * Calls verification unit tests. Exits with code 1 on a failure. 39 */ 40 41 #include "config.h" 42 #include "util/log.h" 43 #include "testcode/unitmain.h" 44 #include "validator/val_sigcrypt.h" 45 #include "validator/val_secalgo.h" 46 #include "validator/val_nsec.h" 47 #include "validator/val_nsec3.h" 48 #include "validator/validator.h" 49 #include "testcode/testpkts.h" 50 #include "util/data/msgreply.h" 51 #include "util/data/msgparse.h" 52 #include "util/data/dname.h" 53 #include "util/regional.h" 54 #include "util/alloc.h" 55 #include "util/rbtree.h" 56 #include "util/net_help.h" 57 #include "util/module.h" 58 #include "util/config_file.h" 59 #include "sldns/sbuffer.h" 60 #include "sldns/keyraw.h" 61 #include "sldns/str2wire.h" 62 #include "sldns/wire2str.h" 63 64 /** verbose signature test */ 65 static int vsig = 0; 66 67 /** entry to packet buffer with wireformat */ 68 static void 69 entry_to_buf(struct entry* e, sldns_buffer* pkt) 70 { 71 unit_assert(e->reply_list); 72 if(e->reply_list->reply_from_hex) { 73 sldns_buffer_copy(pkt, e->reply_list->reply_from_hex); 74 } else { 75 sldns_buffer_clear(pkt); 76 sldns_buffer_write(pkt, e->reply_list->reply_pkt, 77 e->reply_list->reply_len); 78 sldns_buffer_flip(pkt); 79 } 80 } 81 82 /** entry to reply info conversion */ 83 static void 84 entry_to_repinfo(struct entry* e, struct alloc_cache* alloc, 85 struct regional* region, sldns_buffer* pkt, struct query_info* qi, 86 struct reply_info** rep) 87 { 88 int ret; 89 struct edns_data edns; 90 entry_to_buf(e, pkt); 91 /* lock alloc lock to please lock checking software. 92 * alloc_special_obtain assumes it is talking to a ub-alloc, 93 * and does not need to perform locking. Here the alloc is 94 * the only one, so we lock it here */ 95 lock_quick_lock(&alloc->lock); 96 ret = reply_info_parse(pkt, alloc, qi, rep, region, &edns); 97 lock_quick_unlock(&alloc->lock); 98 if(ret != 0) { 99 char rcode[16]; 100 sldns_wire2str_rcode_buf(ret, rcode, sizeof(rcode)); 101 printf("parse code %d: %s\n", ret, rcode); 102 unit_assert(ret != 0); 103 } 104 } 105 106 /** extract DNSKEY rrset from answer and convert it */ 107 static struct ub_packed_rrset_key* 108 extract_keys(struct entry* e, struct alloc_cache* alloc, 109 struct regional* region, sldns_buffer* pkt) 110 { 111 struct ub_packed_rrset_key* dnskey = NULL; 112 struct query_info qinfo; 113 struct reply_info* rep = NULL; 114 size_t i; 115 116 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 117 for(i=0; i<rep->an_numrrsets; i++) { 118 if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_DNSKEY) { 119 dnskey = rep->rrsets[i]; 120 rep->rrsets[i] = NULL; 121 break; 122 } 123 } 124 unit_assert(dnskey); 125 126 reply_info_parsedelete(rep, alloc); 127 query_info_clear(&qinfo); 128 return dnskey; 129 } 130 131 /** return true if answer should be bogus */ 132 static int 133 should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo) 134 { 135 struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> 136 entry.data; 137 if(d->rrsig_count == 0) 138 return 1; 139 /* name 'bogus' as first label signals bogus */ 140 if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0) 141 return 1; 142 if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0) 143 return 1; 144 return 0; 145 } 146 147 /** return number of rrs in an rrset */ 148 static size_t 149 rrset_get_count(struct ub_packed_rrset_key* rrset) 150 { 151 struct packed_rrset_data* d = (struct packed_rrset_data*) 152 rrset->entry.data; 153 if(!d) return 0; 154 return d->count; 155 } 156 157 /** setup sig alg list from dnskey */ 158 static void 159 setup_sigalg(struct ub_packed_rrset_key* dnskey, uint8_t* sigalg) 160 { 161 uint8_t a[ALGO_NEEDS_MAX]; 162 size_t i, n = 0; 163 memset(a, 0, sizeof(a)); 164 for(i=0; i<rrset_get_count(dnskey); i++) { 165 uint8_t algo = (uint8_t)dnskey_get_algo(dnskey, i); 166 if(a[algo] == 0) { 167 a[algo] = 1; 168 sigalg[n++] = algo; 169 } 170 } 171 sigalg[n] = 0; 172 } 173 174 /** verify and test one rrset against the key rrset */ 175 static void 176 verifytest_rrset(struct module_env* env, struct val_env* ve, 177 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 178 struct query_info* qinfo) 179 { 180 enum sec_status sec; 181 char reasonbuf[256]; 182 char* reason = NULL; 183 uint8_t sigalg[ALGO_NEEDS_MAX+1]; 184 int verified = 0; 185 if(vsig) { 186 log_nametypeclass(VERB_QUERY, "verify of rrset", 187 rrset->rk.dname, ntohs(rrset->rk.type), 188 ntohs(rrset->rk.rrset_class)); 189 } 190 setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ 191 /* ok to give null as qstate here, won't be used for answer section. */ 192 sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, 193 NULL, LDNS_SECTION_ANSWER, NULL, &verified, reasonbuf, 194 sizeof(reasonbuf)); 195 if(vsig) { 196 printf("verify outcome is: %s %s\n", sec_status_to_string(sec), 197 reason?reason:""); 198 } 199 if(should_be_bogus(rrset, qinfo)) { 200 unit_assert(sec == sec_status_bogus); 201 } else { 202 unit_assert(sec == sec_status_secure); 203 } 204 } 205 206 /** verify and test an entry - every rr in the message */ 207 static void 208 verifytest_entry(struct entry* e, struct alloc_cache* alloc, 209 struct regional* region, sldns_buffer* pkt, 210 struct ub_packed_rrset_key* dnskey, struct module_env* env, 211 struct val_env* ve) 212 { 213 struct query_info qinfo; 214 struct reply_info* rep = NULL; 215 size_t i; 216 217 regional_free_all(region); 218 if(vsig) { 219 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 220 e->reply_list->reply_len); 221 printf("verifying pkt:\n%s\n", s?s:"outofmemory"); 222 free(s); 223 } 224 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 225 226 for(i=0; i<rep->rrset_count; i++) { 227 verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo); 228 } 229 230 reply_info_parsedelete(rep, alloc); 231 query_info_clear(&qinfo); 232 } 233 234 /** find RRset in reply by type */ 235 static struct ub_packed_rrset_key* 236 find_rrset_type(struct reply_info* rep, uint16_t type) 237 { 238 size_t i; 239 for(i=0; i<rep->rrset_count; i++) { 240 if(ntohs(rep->rrsets[i]->rk.type) == type) 241 return rep->rrsets[i]; 242 } 243 return NULL; 244 } 245 246 /** DS sig test an entry - get DNSKEY and DS in entry and verify */ 247 static void 248 dstest_entry(struct entry* e, struct alloc_cache* alloc, 249 struct regional* region, sldns_buffer* pkt, struct module_env* env) 250 { 251 struct query_info qinfo; 252 struct reply_info* rep = NULL; 253 struct ub_packed_rrset_key* ds, *dnskey; 254 int ret; 255 256 regional_free_all(region); 257 if(vsig) { 258 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 259 e->reply_list->reply_len); 260 printf("verifying DS-DNSKEY match:\n%s\n", s?s:"outofmemory"); 261 free(s); 262 } 263 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 264 ds = find_rrset_type(rep, LDNS_RR_TYPE_DS); 265 dnskey = find_rrset_type(rep, LDNS_RR_TYPE_DNSKEY); 266 /* check test is OK */ 267 unit_assert(ds && dnskey); 268 269 ret = ds_digest_match_dnskey(env, dnskey, 0, ds, 0); 270 if(strncmp((char*)qinfo.qname, "\003yes", 4) == 0) { 271 if(vsig) { 272 printf("result(yes)= %s\n", ret?"yes":"no"); 273 } 274 unit_assert(ret); 275 } else if (strncmp((char*)qinfo.qname, "\002no", 3) == 0) { 276 if(vsig) { 277 printf("result(no)= %s\n", ret?"yes":"no"); 278 } 279 unit_assert(!ret); 280 verbose(VERB_QUERY, "DS fail: OK; matched unit test"); 281 } else { 282 fatal_exit("Bad qname in DS unit test, yes or no"); 283 } 284 285 reply_info_parsedelete(rep, alloc); 286 query_info_clear(&qinfo); 287 } 288 289 /** verify from a file */ 290 static void 291 verifytest_file(const char* fname, const char* at_date) 292 { 293 /* 294 * The file contains a list of ldns-testpkts entries. 295 * The first entry must be a query for DNSKEY. 296 * The answer rrset is the keyset that will be used for verification 297 */ 298 struct ub_packed_rrset_key* dnskey; 299 struct regional* region = regional_create(); 300 struct alloc_cache alloc; 301 sldns_buffer* buf = sldns_buffer_new(65535); 302 struct entry* e; 303 struct entry* list = read_datafile(fname, 1); 304 struct module_env env; 305 struct val_env ve; 306 time_t now = time(NULL); 307 unit_show_func("signature verify", fname); 308 309 if(!list) 310 fatal_exit("could not read %s: %s", fname, strerror(errno)); 311 alloc_init(&alloc, NULL, 1); 312 memset(&env, 0, sizeof(env)); 313 memset(&ve, 0, sizeof(ve)); 314 env.scratch = region; 315 env.scratch_buffer = buf; 316 env.now = &now; 317 ve.date_override = cfg_convert_timeval(at_date); 318 unit_assert(region && buf); 319 dnskey = extract_keys(list, &alloc, region, buf); 320 if(vsig) log_nametypeclass(VERB_QUERY, "test dnskey", 321 dnskey->rk.dname, ntohs(dnskey->rk.type), 322 ntohs(dnskey->rk.rrset_class)); 323 /* ready to go! */ 324 for(e = list->next; e; e = e->next) { 325 verifytest_entry(e, &alloc, region, buf, dnskey, &env, &ve); 326 } 327 328 ub_packed_rrset_parsedelete(dnskey, &alloc); 329 delete_entry(list); 330 regional_destroy(region); 331 alloc_clear(&alloc); 332 sldns_buffer_free(buf); 333 } 334 335 /** verify DS matches DNSKEY from a file */ 336 static void 337 dstest_file(const char* fname) 338 { 339 /* 340 * The file contains a list of ldns-testpkts entries. 341 * The first entry must be a query for DNSKEY. 342 * The answer rrset is the keyset that will be used for verification 343 */ 344 struct regional* region = regional_create(); 345 struct alloc_cache alloc; 346 sldns_buffer* buf = sldns_buffer_new(65535); 347 struct entry* e; 348 struct entry* list = read_datafile(fname, 1); 349 struct module_env env; 350 unit_show_func("DS verify", fname); 351 352 if(!list) 353 fatal_exit("could not read %s: %s", fname, strerror(errno)); 354 alloc_init(&alloc, NULL, 1); 355 memset(&env, 0, sizeof(env)); 356 env.scratch = region; 357 env.scratch_buffer = buf; 358 unit_assert(region && buf); 359 360 /* ready to go! */ 361 for(e = list; e; e = e->next) { 362 dstest_entry(e, &alloc, region, buf, &env); 363 } 364 365 delete_entry(list); 366 regional_destroy(region); 367 alloc_clear(&alloc); 368 sldns_buffer_free(buf); 369 } 370 371 /** helper for unittest of NSEC routines */ 372 static int 373 unitest_nsec_has_type_rdata(char* bitmap, size_t len, uint16_t type) 374 { 375 return nsecbitmap_has_type_rdata((uint8_t*)bitmap, len, type); 376 } 377 378 /** Test NSEC type bitmap routine */ 379 static void 380 nsectest(void) 381 { 382 /* bitmap starts at type bitmap rdata field */ 383 /* from rfc 4034 example */ 384 char* bitmap = "\000\006\100\001\000\000\000\003" 385 "\004\033\000\000\000\000\000\000" 386 "\000\000\000\000\000\000\000\000" 387 "\000\000\000\000\000\000\000\000" 388 "\000\000\000\000\040"; 389 size_t len = 37; 390 391 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 0)); 392 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_A)); 393 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2)); 394 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 3)); 395 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 4)); 396 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 5)); 397 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 6)); 398 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 7)); 399 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 8)); 400 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 9)); 401 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 10)); 402 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 11)); 403 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 12)); 404 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 13)); 405 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 14)); 406 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_MX)); 407 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_RRSIG)); 408 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_NSEC)); 409 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, 1234)); 410 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1233)); 411 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1235)); 412 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1236)); 413 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1237)); 414 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1238)); 415 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1239)); 416 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1240)); 417 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2230)); 418 } 419 420 /** Test hash algo - NSEC3 hash it and compare result */ 421 static void 422 nsec3_hash_test_entry(struct entry* e, rbtree_type* ct, 423 struct alloc_cache* alloc, struct regional* region, 424 sldns_buffer* buf) 425 { 426 struct query_info qinfo; 427 struct reply_info* rep = NULL; 428 struct ub_packed_rrset_key* answer, *nsec3; 429 struct nsec3_cached_hash* hash = NULL; 430 int ret; 431 uint8_t* qname; 432 433 if(vsig) { 434 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 435 e->reply_list->reply_len); 436 printf("verifying NSEC3 hash:\n%s\n", s?s:"outofmemory"); 437 free(s); 438 } 439 entry_to_repinfo(e, alloc, region, buf, &qinfo, &rep); 440 nsec3 = find_rrset_type(rep, LDNS_RR_TYPE_NSEC3); 441 answer = find_rrset_type(rep, LDNS_RR_TYPE_AAAA); 442 qname = regional_alloc_init(region, qinfo.qname, qinfo.qname_len); 443 /* check test is OK */ 444 unit_assert(nsec3 && answer && qname); 445 446 ret = nsec3_hash_name(ct, region, buf, nsec3, 0, qname, 447 qinfo.qname_len, &hash); 448 if(ret < 1) { 449 printf("Bad nsec3_hash_name retcode %d\n", ret); 450 unit_assert(ret == 1 || ret == 2); 451 } 452 unit_assert(hash->dname && hash->hash && hash->hash_len && 453 hash->b32 && hash->b32_len); 454 unit_assert(hash->b32_len == (size_t)answer->rk.dname[0]); 455 /* does not do lowercasing. */ 456 unit_assert(memcmp(hash->b32, answer->rk.dname+1, hash->b32_len) 457 == 0); 458 459 reply_info_parsedelete(rep, alloc); 460 query_info_clear(&qinfo); 461 } 462 463 464 /** Read file to test NSEC3 hash algo */ 465 static void 466 nsec3_hash_test(const char* fname) 467 { 468 /* 469 * The list contains a list of ldns-testpkts entries. 470 * Every entry is a test. 471 * The qname is hashed. 472 * The answer section AAAA RR name is the required result. 473 * The auth section NSEC3 is used to get hash parameters. 474 * The hash cache is maintained per file. 475 * 476 * The test does not perform canonicalization during the compare. 477 */ 478 rbtree_type ct; 479 struct regional* region = regional_create(); 480 struct alloc_cache alloc; 481 sldns_buffer* buf = sldns_buffer_new(65535); 482 struct entry* e; 483 struct entry* list = read_datafile(fname, 1); 484 unit_show_func("NSEC3 hash", fname); 485 486 if(!list) 487 fatal_exit("could not read %s: %s", fname, strerror(errno)); 488 rbtree_init(&ct, &nsec3_hash_cmp); 489 alloc_init(&alloc, NULL, 1); 490 unit_assert(region && buf); 491 492 /* ready to go! */ 493 for(e = list; e; e = e->next) { 494 nsec3_hash_test_entry(e, &ct, &alloc, region, buf); 495 } 496 497 delete_entry(list); 498 regional_destroy(region); 499 alloc_clear(&alloc); 500 sldns_buffer_free(buf); 501 } 502 503 #define xstr(s) str(s) 504 #define str(s) #s 505 506 #define SRCDIRSTR xstr(SRCDIR) 507 508 void 509 verify_test(void) 510 { 511 unit_show_feature("signature verify"); 512 #ifdef USE_SHA1 513 verifytest_file(SRCDIRSTR "/testdata/test_signatures.1", "20070818005004"); 514 #endif 515 #if defined(USE_DSA) && defined(USE_SHA1) 516 verifytest_file(SRCDIRSTR "/testdata/test_signatures.2", "20080414005004"); 517 verifytest_file(SRCDIRSTR "/testdata/test_signatures.3", "20080416005004"); 518 verifytest_file(SRCDIRSTR "/testdata/test_signatures.4", "20080416005004"); 519 verifytest_file(SRCDIRSTR "/testdata/test_signatures.5", "20080416005004"); 520 verifytest_file(SRCDIRSTR "/testdata/test_signatures.6", "20080416005004"); 521 verifytest_file(SRCDIRSTR "/testdata/test_signatures.7", "20070829144150"); 522 #endif /* USE_DSA */ 523 #ifdef USE_SHA1 524 verifytest_file(SRCDIRSTR "/testdata/test_signatures.8", "20070829144150"); 525 #endif 526 #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) 527 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha256", "20070829144150"); 528 # ifdef USE_SHA1 529 verifytest_file(SRCDIRSTR "/testdata/test_sigs.sha1_and_256", "20070829144150"); 530 # endif 531 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha256_draft", "20090101000000"); 532 #endif 533 #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) 534 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha512_draft", "20070829144150"); 535 verifytest_file(SRCDIRSTR "/testdata/test_signatures.9", "20171215000000"); 536 #endif 537 #ifdef USE_SHA1 538 verifytest_file(SRCDIRSTR "/testdata/test_sigs.hinfo", "20090107100022"); 539 verifytest_file(SRCDIRSTR "/testdata/test_sigs.revoked", "20080414005004"); 540 #endif 541 #ifdef USE_GOST 542 if(sldns_key_EVP_load_gost_id()) 543 verifytest_file(SRCDIRSTR "/testdata/test_sigs.gost", "20090807060504"); 544 else printf("Warning: skipped GOST, openssl does not provide gost.\n"); 545 #endif 546 #ifdef USE_ECDSA 547 /* test for support in case we use libNSS and ECC is removed */ 548 if(dnskey_algo_id_is_supported(LDNS_ECDSAP256SHA256)) { 549 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ecdsa_p256", "20100908100439"); 550 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ecdsa_p384", "20100908100439"); 551 } 552 dstest_file(SRCDIRSTR "/testdata/test_ds.sha384"); 553 #endif 554 #ifdef USE_ED25519 555 if(dnskey_algo_id_is_supported(LDNS_ED25519)) { 556 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ed25519", "20170530140439"); 557 } 558 #endif 559 #ifdef USE_ED448 560 if(dnskey_algo_id_is_supported(LDNS_ED448)) { 561 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ed448", "20180408143630"); 562 } 563 #endif 564 #ifdef USE_SHA1 565 dstest_file(SRCDIRSTR "/testdata/test_ds.sha1"); 566 #endif 567 nsectest(); 568 nsec3_hash_test(SRCDIRSTR "/testdata/test_nsec3_hash.1"); 569 } 570