add ecdsa tests

CHANGELOG.md

@@ -8,7 +8,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 
 - DNSKEY is now self-signed
-- now using env_logger instead of raw logger
 
 ## 0.12.0
 

client/src/rr/dnssec/key_format.rs

@@ -150,8 +150,11 @@ impl KeyFormat {
         #[allow(unused)]
         let key_pair: KeyPair = match algorithm {
             #[cfg(feature = "openssl")]
-            Algorithm::RSASHA1 |
-            Algorithm::RSASHA1NSEC3SHA1 |
+            e @ Algorithm::RSASHA1 |
+            e @ Algorithm::RSASHA1NSEC3SHA1 => {
+                return Err(format!("unsupported Algorithm (insecure): {:?}", e).into())
+            }
+            #[cfg(feature = "openssl")]
             Algorithm::RSASHA256 |
             Algorithm::RSASHA512 |
             Algorithm::ECDSAP256SHA256 |
@@ -162,7 +165,7 @@ impl KeyFormat {
             e @ _ => {
                 return Err(
                     format!(
-                        "unsupported Algorithm, enable openssl or ring feature: {:?}",
+                        "unsupported Algorithm (try enabling openssl or ring feature?): {:?}",
                         e
                     ).into(),
                 )

server/tests/named_test_configs/all_supported_dnssec.toml

@@ -84,6 +84,18 @@ password = "123456"
 algorithm = "RSASHA512"
 is_zone_signing_key = true
 
+[[zones.keys]]
+key_path = "./tests/named_test_configs/dnssec/ecdsa_p256.pem"
+# password = "123456"
+algorithm = "ECDSAP256SHA256"
+is_zone_signing_key = true
+
+[[zones.keys]]
+key_path = "./tests/named_test_configs/dnssec/ecdsa_p384.pem"
+# password = "123456"
+algorithm = "ECDSAP384SHA384"
+is_zone_signing_key = true
+
 [[zones.keys]]
 # Requires --features=ring
 key_path = "./tests/named_test_configs/dnssec/ed25519.pk8"

server/tests/named_test_configs/dnssec/ecdsa_p256.pem

@@ -0,0 +1,8 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQACg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEIERwmnsBaJiclhyu+KIT8XkoEi6Nf7Z08xho59IpPMiFoAcGBSuBBAAK
+oUQDQgAEESuVfrxf0EJJD2hWy6NSuF7Kb+KNAFqeEPwjkihO3dlRZLZHfSs4rTtR
+wRQtwUD2cjuAHahIQd/BcfRfpd5d1w==
+-----END EC PRIVATE KEY-----

server/tests/named_test_configs/dnssec/ecdsa_p384.pem

@@ -0,0 +1,9 @@
+-----BEGIN EC PARAMETERS-----
+BgUrgQQAIg==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDD5Ry4M68aDX2OVGrFEKfR4K2QMS2CUXfmyKgP7fBi4+XCnRSLPpEi4
+u5N/JEGt3yKgBwYFK4EEACKhZANiAAQSYfmwqXTgYBBYQKUU2vhM2zYV0fmlQGLr
+d4/c/CwRsU3tbjuXM+k7ltAaZfo9fIF3Eiu3gDdktPUNmeJ0A8GPzrGIq6HrYX6R
+JEPHK/SWNYKPlTeShaQNMm2d1kNdqY0=
+-----END EC PRIVATE KEY-----

server/tests/named_test_configs/dnssec/gen-keys.sh

@@ -6,9 +6,13 @@ OPENSSL=/usr/local/opt/openssl/bin/openssl
 KT=kt
 
 RSA_2048=rsa_2048.pem
-
 [ -f ${RSA_2048:?} ] || ${OPENSSL:?} genrsa -des3 -out ${RSA_2048:?} 2048
 
-ED25519=ed25519.pk8
+ECDSA_P256=ecdsa_p256.pem
+[ -f ${ECDSA_P256:?} ] || ${OPENSSL:?} ecparam -out ${ECDSA_P256} -name secp256k1 -genkey
 
+ECDSA_P384=ecdsa_p384.pem
+[ -f ${ECDSA_P384:?} ] || ${OPENSSL:?} ecparam -out ${ECDSA_P384} -name secp384r1 -genkey
+
+ED25519=ed25519.pk8
 [ -f ${ED25519:?} ] || ${KT:?} generate ed25519 --out=${ED25519:?}

server/tests/named_test_configs/openssl_dnssec.toml

@@ -78,6 +78,8 @@ is_zone_signing_key = true
 ## create the key if it is not found
 # create_if_absent = false
 
+
+
 [[zones.keys]]
 key_path = "./tests/named_test_configs/dnssec/rsa_2048.pem"
 password = "123456"

server/tests/z_named_test_rsa_dnssec.rs

@@ -104,6 +104,24 @@ fn test_rsa_sha512() {
     );
 }
 
+#[test]
+fn test_ecdsa_p256() {
+    generic_test(
+        "tests/named_test_configs/dnssec/ecdsa_p256.pem",
+        KeyFormat::Pem,
+        Algorithm::ECDSAP256SHA256,
+    );
+}
+
+#[test]
+fn test_ecdsa_p384() {
+    generic_test(
+        "tests/named_test_configs/dnssec/ecdsa_p384.pem",
+        KeyFormat::Pem,
+        Algorithm::ECDSAP384SHA384,
+    );
+}
+
 #[test]
 #[cfg(feature = "ring")]
 fn test_ed25519() {