1 /* 2 * testcode/unitverify.c - unit test for signature verification routines. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 * 35 */ 36 /** 37 * \file 38 * Calls verification unit tests. Exits with code 1 on a failure. 39 */ 40 41 #include "config.h" 42 #include "util/log.h" 43 #include "testcode/unitmain.h" 44 #include "validator/val_sigcrypt.h" 45 #include "validator/val_secalgo.h" 46 #include "validator/val_nsec.h" 47 #include "validator/val_nsec3.h" 48 #include "validator/validator.h" 49 #include "testcode/testpkts.h" 50 #include "util/data/msgreply.h" 51 #include "util/data/msgparse.h" 52 #include "util/data/dname.h" 53 #include "util/regional.h" 54 #include "util/alloc.h" 55 #include "util/rbtree.h" 56 #include "util/net_help.h" 57 #include "util/module.h" 58 #include "util/config_file.h" 59 #include "sldns/sbuffer.h" 60 #include "sldns/keyraw.h" 61 #include "sldns/str2wire.h" 62 #include "sldns/wire2str.h" 63 64 /** verbose signature test */ 65 static int vsig = 0; 66 67 /** entry to packet buffer with wireformat */ 68 static void 69 entry_to_buf(struct entry* e, sldns_buffer* pkt) 70 { 71 unit_assert(e->reply_list); 72 if(e->reply_list->reply_from_hex) { 73 sldns_buffer_copy(pkt, e->reply_list->reply_from_hex); 74 } else { 75 sldns_buffer_clear(pkt); 76 sldns_buffer_write(pkt, e->reply_list->reply_pkt, 77 e->reply_list->reply_len); 78 sldns_buffer_flip(pkt); 79 } 80 } 81 82 /** entry to reply info conversion */ 83 static void 84 entry_to_repinfo(struct entry* e, struct alloc_cache* alloc, 85 struct regional* region, sldns_buffer* pkt, struct query_info* qi, 86 struct reply_info** rep) 87 { 88 int ret; 89 struct edns_data edns; 90 entry_to_buf(e, pkt); 91 /* lock alloc lock to please lock checking software. 92 * alloc_special_obtain assumes it is talking to a ub-alloc, 93 * and does not need to perform locking. Here the alloc is 94 * the only one, so we lock it here */ 95 lock_quick_lock(&alloc->lock); 96 ret = reply_info_parse(pkt, alloc, qi, rep, region, &edns); 97 lock_quick_unlock(&alloc->lock); 98 if(ret != 0) { 99 char rcode[16]; 100 sldns_wire2str_rcode_buf(ret, rcode, sizeof(rcode)); 101 printf("parse code %d: %s\n", ret, rcode); 102 unit_assert(ret != 0); 103 } 104 } 105 106 /** extract DNSKEY rrset from answer and convert it */ 107 static struct ub_packed_rrset_key* 108 extract_keys(struct entry* e, struct alloc_cache* alloc, 109 struct regional* region, sldns_buffer* pkt) 110 { 111 struct ub_packed_rrset_key* dnskey = NULL; 112 struct query_info qinfo; 113 struct reply_info* rep = NULL; 114 size_t i; 115 116 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 117 for(i=0; i<rep->an_numrrsets; i++) { 118 if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_DNSKEY) { 119 dnskey = rep->rrsets[i]; 120 rep->rrsets[i] = NULL; 121 break; 122 } 123 } 124 unit_assert(dnskey); 125 126 reply_info_parsedelete(rep, alloc); 127 query_info_clear(&qinfo); 128 return dnskey; 129 } 130 131 /** return true if answer should be bogus */ 132 static int 133 should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo) 134 { 135 struct packed_rrset_data* d = (struct packed_rrset_data*)rrset-> 136 entry.data; 137 if(d->rrsig_count == 0) 138 return 1; 139 /* name 'bogus' as first label signals bogus */ 140 if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0) 141 return 1; 142 if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0) 143 return 1; 144 return 0; 145 } 146 147 /** return number of rrs in an rrset */ 148 static size_t 149 rrset_get_count(struct ub_packed_rrset_key* rrset) 150 { 151 struct packed_rrset_data* d = (struct packed_rrset_data*) 152 rrset->entry.data; 153 if(!d) return 0; 154 return d->count; 155 } 156 157 /** setup sig alg list from dnskey */ 158 static void 159 setup_sigalg(struct ub_packed_rrset_key* dnskey, uint8_t* sigalg) 160 { 161 uint8_t a[ALGO_NEEDS_MAX]; 162 size_t i, n = 0; 163 memset(a, 0, sizeof(a)); 164 for(i=0; i<rrset_get_count(dnskey); i++) { 165 uint8_t algo = (uint8_t)dnskey_get_algo(dnskey, i); 166 if(a[algo] == 0) { 167 a[algo] = 1; 168 sigalg[n++] = algo; 169 } 170 } 171 sigalg[n] = 0; 172 } 173 174 /** verify and test one rrset against the key rrset */ 175 static void 176 verifytest_rrset(struct module_env* env, struct val_env* ve, 177 struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey, 178 struct query_info* qinfo) 179 { 180 enum sec_status sec; 181 char* reason = NULL; 182 uint8_t sigalg[ALGO_NEEDS_MAX+1]; 183 int verified = 0; 184 if(vsig) { 185 log_nametypeclass(VERB_QUERY, "verify of rrset", 186 rrset->rk.dname, ntohs(rrset->rk.type), 187 ntohs(rrset->rk.rrset_class)); 188 } 189 setup_sigalg(dnskey, sigalg); /* check all algorithms in the dnskey */ 190 /* ok to give null as qstate here, won't be used for answer section. */ 191 sec = dnskeyset_verify_rrset(env, ve, rrset, dnskey, sigalg, &reason, NULL, 192 LDNS_SECTION_ANSWER, NULL, &verified); 193 if(vsig) { 194 printf("verify outcome is: %s %s\n", sec_status_to_string(sec), 195 reason?reason:""); 196 } 197 if(should_be_bogus(rrset, qinfo)) { 198 unit_assert(sec == sec_status_bogus); 199 } else { 200 unit_assert(sec == sec_status_secure); 201 } 202 } 203 204 /** verify and test an entry - every rr in the message */ 205 static void 206 verifytest_entry(struct entry* e, struct alloc_cache* alloc, 207 struct regional* region, sldns_buffer* pkt, 208 struct ub_packed_rrset_key* dnskey, struct module_env* env, 209 struct val_env* ve) 210 { 211 struct query_info qinfo; 212 struct reply_info* rep = NULL; 213 size_t i; 214 215 regional_free_all(region); 216 if(vsig) { 217 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 218 e->reply_list->reply_len); 219 printf("verifying pkt:\n%s\n", s?s:"outofmemory"); 220 free(s); 221 } 222 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 223 224 for(i=0; i<rep->rrset_count; i++) { 225 verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo); 226 } 227 228 reply_info_parsedelete(rep, alloc); 229 query_info_clear(&qinfo); 230 } 231 232 /** find RRset in reply by type */ 233 static struct ub_packed_rrset_key* 234 find_rrset_type(struct reply_info* rep, uint16_t type) 235 { 236 size_t i; 237 for(i=0; i<rep->rrset_count; i++) { 238 if(ntohs(rep->rrsets[i]->rk.type) == type) 239 return rep->rrsets[i]; 240 } 241 return NULL; 242 } 243 244 /** DS sig test an entry - get DNSKEY and DS in entry and verify */ 245 static void 246 dstest_entry(struct entry* e, struct alloc_cache* alloc, 247 struct regional* region, sldns_buffer* pkt, struct module_env* env) 248 { 249 struct query_info qinfo; 250 struct reply_info* rep = NULL; 251 struct ub_packed_rrset_key* ds, *dnskey; 252 int ret; 253 254 regional_free_all(region); 255 if(vsig) { 256 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 257 e->reply_list->reply_len); 258 printf("verifying DS-DNSKEY match:\n%s\n", s?s:"outofmemory"); 259 free(s); 260 } 261 entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep); 262 ds = find_rrset_type(rep, LDNS_RR_TYPE_DS); 263 dnskey = find_rrset_type(rep, LDNS_RR_TYPE_DNSKEY); 264 /* check test is OK */ 265 unit_assert(ds && dnskey); 266 267 ret = ds_digest_match_dnskey(env, dnskey, 0, ds, 0); 268 if(strncmp((char*)qinfo.qname, "\003yes", 4) == 0) { 269 if(vsig) { 270 printf("result(yes)= %s\n", ret?"yes":"no"); 271 } 272 unit_assert(ret); 273 } else if (strncmp((char*)qinfo.qname, "\002no", 3) == 0) { 274 if(vsig) { 275 printf("result(no)= %s\n", ret?"yes":"no"); 276 } 277 unit_assert(!ret); 278 verbose(VERB_QUERY, "DS fail: OK; matched unit test"); 279 } else { 280 fatal_exit("Bad qname in DS unit test, yes or no"); 281 } 282 283 reply_info_parsedelete(rep, alloc); 284 query_info_clear(&qinfo); 285 } 286 287 /** verify from a file */ 288 static void 289 verifytest_file(const char* fname, const char* at_date) 290 { 291 /* 292 * The file contains a list of ldns-testpkts entries. 293 * The first entry must be a query for DNSKEY. 294 * The answer rrset is the keyset that will be used for verification 295 */ 296 struct ub_packed_rrset_key* dnskey; 297 struct regional* region = regional_create(); 298 struct alloc_cache alloc; 299 sldns_buffer* buf = sldns_buffer_new(65535); 300 struct entry* e; 301 struct entry* list = read_datafile(fname, 1); 302 struct module_env env; 303 struct val_env ve; 304 time_t now = time(NULL); 305 unit_show_func("signature verify", fname); 306 307 if(!list) 308 fatal_exit("could not read %s: %s", fname, strerror(errno)); 309 alloc_init(&alloc, NULL, 1); 310 memset(&env, 0, sizeof(env)); 311 memset(&ve, 0, sizeof(ve)); 312 env.scratch = region; 313 env.scratch_buffer = buf; 314 env.now = &now; 315 ve.date_override = cfg_convert_timeval(at_date); 316 unit_assert(region && buf); 317 dnskey = extract_keys(list, &alloc, region, buf); 318 if(vsig) log_nametypeclass(VERB_QUERY, "test dnskey", 319 dnskey->rk.dname, ntohs(dnskey->rk.type), 320 ntohs(dnskey->rk.rrset_class)); 321 /* ready to go! */ 322 for(e = list->next; e; e = e->next) { 323 verifytest_entry(e, &alloc, region, buf, dnskey, &env, &ve); 324 } 325 326 ub_packed_rrset_parsedelete(dnskey, &alloc); 327 delete_entry(list); 328 regional_destroy(region); 329 alloc_clear(&alloc); 330 sldns_buffer_free(buf); 331 } 332 333 /** verify DS matches DNSKEY from a file */ 334 static void 335 dstest_file(const char* fname) 336 { 337 /* 338 * The file contains a list of ldns-testpkts entries. 339 * The first entry must be a query for DNSKEY. 340 * The answer rrset is the keyset that will be used for verification 341 */ 342 struct regional* region = regional_create(); 343 struct alloc_cache alloc; 344 sldns_buffer* buf = sldns_buffer_new(65535); 345 struct entry* e; 346 struct entry* list = read_datafile(fname, 1); 347 struct module_env env; 348 unit_show_func("DS verify", fname); 349 350 if(!list) 351 fatal_exit("could not read %s: %s", fname, strerror(errno)); 352 alloc_init(&alloc, NULL, 1); 353 memset(&env, 0, sizeof(env)); 354 env.scratch = region; 355 env.scratch_buffer = buf; 356 unit_assert(region && buf); 357 358 /* ready to go! */ 359 for(e = list; e; e = e->next) { 360 dstest_entry(e, &alloc, region, buf, &env); 361 } 362 363 delete_entry(list); 364 regional_destroy(region); 365 alloc_clear(&alloc); 366 sldns_buffer_free(buf); 367 } 368 369 /** helper for unittest of NSEC routines */ 370 static int 371 unitest_nsec_has_type_rdata(char* bitmap, size_t len, uint16_t type) 372 { 373 return nsecbitmap_has_type_rdata((uint8_t*)bitmap, len, type); 374 } 375 376 /** Test NSEC type bitmap routine */ 377 static void 378 nsectest(void) 379 { 380 /* bitmap starts at type bitmap rdata field */ 381 /* from rfc 4034 example */ 382 char* bitmap = "\000\006\100\001\000\000\000\003" 383 "\004\033\000\000\000\000\000\000" 384 "\000\000\000\000\000\000\000\000" 385 "\000\000\000\000\000\000\000\000" 386 "\000\000\000\000\040"; 387 size_t len = 37; 388 389 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 0)); 390 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_A)); 391 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2)); 392 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 3)); 393 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 4)); 394 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 5)); 395 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 6)); 396 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 7)); 397 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 8)); 398 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 9)); 399 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 10)); 400 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 11)); 401 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 12)); 402 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 13)); 403 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 14)); 404 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_MX)); 405 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_RRSIG)); 406 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, LDNS_RR_TYPE_NSEC)); 407 unit_assert(unitest_nsec_has_type_rdata(bitmap, len, 1234)); 408 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1233)); 409 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1235)); 410 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1236)); 411 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1237)); 412 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1238)); 413 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1239)); 414 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 1240)); 415 unit_assert(!unitest_nsec_has_type_rdata(bitmap, len, 2230)); 416 } 417 418 /** Test hash algo - NSEC3 hash it and compare result */ 419 static void 420 nsec3_hash_test_entry(struct entry* e, rbtree_type* ct, 421 struct alloc_cache* alloc, struct regional* region, 422 sldns_buffer* buf) 423 { 424 struct query_info qinfo; 425 struct reply_info* rep = NULL; 426 struct ub_packed_rrset_key* answer, *nsec3; 427 struct nsec3_cached_hash* hash = NULL; 428 int ret; 429 uint8_t* qname; 430 431 if(vsig) { 432 char* s = sldns_wire2str_pkt(e->reply_list->reply_pkt, 433 e->reply_list->reply_len); 434 printf("verifying NSEC3 hash:\n%s\n", s?s:"outofmemory"); 435 free(s); 436 } 437 entry_to_repinfo(e, alloc, region, buf, &qinfo, &rep); 438 nsec3 = find_rrset_type(rep, LDNS_RR_TYPE_NSEC3); 439 answer = find_rrset_type(rep, LDNS_RR_TYPE_AAAA); 440 qname = regional_alloc_init(region, qinfo.qname, qinfo.qname_len); 441 /* check test is OK */ 442 unit_assert(nsec3 && answer && qname); 443 444 ret = nsec3_hash_name(ct, region, buf, nsec3, 0, qname, 445 qinfo.qname_len, &hash); 446 if(ret < 1) { 447 printf("Bad nsec3_hash_name retcode %d\n", ret); 448 unit_assert(ret == 1 || ret == 2); 449 } 450 unit_assert(hash->dname && hash->hash && hash->hash_len && 451 hash->b32 && hash->b32_len); 452 unit_assert(hash->b32_len == (size_t)answer->rk.dname[0]); 453 /* does not do lowercasing. */ 454 unit_assert(memcmp(hash->b32, answer->rk.dname+1, hash->b32_len) 455 == 0); 456 457 reply_info_parsedelete(rep, alloc); 458 query_info_clear(&qinfo); 459 } 460 461 462 /** Read file to test NSEC3 hash algo */ 463 static void 464 nsec3_hash_test(const char* fname) 465 { 466 /* 467 * The list contains a list of ldns-testpkts entries. 468 * Every entry is a test. 469 * The qname is hashed. 470 * The answer section AAAA RR name is the required result. 471 * The auth section NSEC3 is used to get hash parameters. 472 * The hash cache is maintained per file. 473 * 474 * The test does not perform canonicalization during the compare. 475 */ 476 rbtree_type ct; 477 struct regional* region = regional_create(); 478 struct alloc_cache alloc; 479 sldns_buffer* buf = sldns_buffer_new(65535); 480 struct entry* e; 481 struct entry* list = read_datafile(fname, 1); 482 unit_show_func("NSEC3 hash", fname); 483 484 if(!list) 485 fatal_exit("could not read %s: %s", fname, strerror(errno)); 486 rbtree_init(&ct, &nsec3_hash_cmp); 487 alloc_init(&alloc, NULL, 1); 488 unit_assert(region && buf); 489 490 /* ready to go! */ 491 for(e = list; e; e = e->next) { 492 nsec3_hash_test_entry(e, &ct, &alloc, region, buf); 493 } 494 495 delete_entry(list); 496 regional_destroy(region); 497 alloc_clear(&alloc); 498 sldns_buffer_free(buf); 499 } 500 501 #define xstr(s) str(s) 502 #define str(s) #s 503 504 #define SRCDIRSTR xstr(SRCDIR) 505 506 void 507 verify_test(void) 508 { 509 unit_show_feature("signature verify"); 510 #ifdef USE_SHA1 511 verifytest_file(SRCDIRSTR "/testdata/test_signatures.1", "20070818005004"); 512 #endif 513 #if defined(USE_DSA) && defined(USE_SHA1) 514 verifytest_file(SRCDIRSTR "/testdata/test_signatures.2", "20080414005004"); 515 verifytest_file(SRCDIRSTR "/testdata/test_signatures.3", "20080416005004"); 516 verifytest_file(SRCDIRSTR "/testdata/test_signatures.4", "20080416005004"); 517 verifytest_file(SRCDIRSTR "/testdata/test_signatures.5", "20080416005004"); 518 verifytest_file(SRCDIRSTR "/testdata/test_signatures.6", "20080416005004"); 519 verifytest_file(SRCDIRSTR "/testdata/test_signatures.7", "20070829144150"); 520 #endif /* USE_DSA */ 521 #ifdef USE_SHA1 522 verifytest_file(SRCDIRSTR "/testdata/test_signatures.8", "20070829144150"); 523 #endif 524 #if (defined(HAVE_EVP_SHA256) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) 525 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha256", "20070829144150"); 526 # ifdef USE_SHA1 527 verifytest_file(SRCDIRSTR "/testdata/test_sigs.sha1_and_256", "20070829144150"); 528 # endif 529 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha256_draft", "20090101000000"); 530 #endif 531 #if (defined(HAVE_EVP_SHA512) || defined(HAVE_NSS) || defined(HAVE_NETTLE)) && defined(USE_SHA2) 532 verifytest_file(SRCDIRSTR "/testdata/test_sigs.rsasha512_draft", "20070829144150"); 533 verifytest_file(SRCDIRSTR "/testdata/test_signatures.9", "20171215000000"); 534 #endif 535 #ifdef USE_SHA1 536 verifytest_file(SRCDIRSTR "/testdata/test_sigs.hinfo", "20090107100022"); 537 verifytest_file(SRCDIRSTR "/testdata/test_sigs.revoked", "20080414005004"); 538 #endif 539 #ifdef USE_GOST 540 if(sldns_key_EVP_load_gost_id()) 541 verifytest_file(SRCDIRSTR "/testdata/test_sigs.gost", "20090807060504"); 542 else printf("Warning: skipped GOST, openssl does not provide gost.\n"); 543 #endif 544 #ifdef USE_ECDSA 545 /* test for support in case we use libNSS and ECC is removed */ 546 if(dnskey_algo_id_is_supported(LDNS_ECDSAP256SHA256)) { 547 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ecdsa_p256", "20100908100439"); 548 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ecdsa_p384", "20100908100439"); 549 } 550 dstest_file(SRCDIRSTR "/testdata/test_ds.sha384"); 551 #endif 552 #ifdef USE_ED25519 553 if(dnskey_algo_id_is_supported(LDNS_ED25519)) { 554 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ed25519", "20170530140439"); 555 } 556 #endif 557 #ifdef USE_ED448 558 if(dnskey_algo_id_is_supported(LDNS_ED448)) { 559 verifytest_file(SRCDIRSTR "/testdata/test_sigs.ed448", "20180408143630"); 560 } 561 #endif 562 #ifdef USE_SHA1 563 dstest_file(SRCDIRSTR "/testdata/test_ds.sha1"); 564 #endif 565 nsectest(); 566 nsec3_hash_test(SRCDIRSTR "/testdata/test_nsec3_hash.1"); 567 } 568