The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
NLNETLABS / Net-DNS-SEC-1.02 / t / 41-ECC-GOST.t 
# $Id: 41-ECC-GOST.t 1395 2015-09-14 21:16:13Z willem $	-*-perl-*-
#

use strict;
use Test::More;

my @prerequisite = qw(
		Crypt::OpenSSL::Bignum
		Crypt::OpenSSL::EC
		Digest::GOST
		Digest::GOST::CryptoPro
		Crypt::OpenSSL::ECDSA
		Net::DNS
		Net::DNS::RR::DNSKEY
		Net::DNS::SEC::Private
		);

foreach my $package (@prerequisite) {
	next if eval "require $package";
	plan skip_all => "$package not installed";
	exit;
}

plan tests => 11;

use_ok('Net::DNS');
use_ok('Net::DNS::SEC::Private');
use_ok('Net::DNS::SEC::ECCGOST');


my $key = new Net::DNS::RR <<'END';
ecc-gost.example.	IN	DNSKEY	256 3 12 (
	6VwgNT1BXxXNVpTQXcJQ82PcsCYmI60oN88Plbl028ruvl6DqJby/uBGULHT5FXmZiXBJozE6kP0
	+BirN9YPBQ== ; Key ID = 46387
	)
END

ok( $key, 'set up ECC-GOST public key' );


my $keyfile = $key->privatekeyname;

END { unlink($keyfile) }

open( KEY, ">$keyfile" ) or die "$keyfile $!";
print KEY <<'END';
Private-key-format: v1.3
Algorithm: 12 (ECC-GOST)
PrivateKey: nBnGCP/hYTdJX0znDstyFTVYSA6b0nFeHy0FJUj7LhU=
Created: 20150102211707
Publish: 20150102211707
Activate: 20150102211707
END
close(KEY);

my $private = new Net::DNS::SEC::Private($keyfile);
ok( $private, 'set up ECC-GOST private key' );


my $wrongkey = new Net::DNS::RR <<'END';
ECDSAP256SHA256.example.	IN	DNSKEY	256 3 13 (
	7Y4BZY1g9uzBwt3OZexWk7iWfkiOt0PZ5o7EMip0KBNxlBD+Z58uWutYZIMolsW8v/3rfgac45lO
	IikBZK4KZg== ; Key ID = 44222
	)
END

ok( $wrongkey, 'set up non-ECC-GOST public key' );


my $wrongfile = $wrongkey->privatekeyname;

END { unlink($wrongfile) }

open( KEY, ">$wrongfile" ) or die "$wrongfile $!";
print KEY <<'END';
Private-key-format: v1.3
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: m/dWhFblAGQnabJoKbs0vXoQidjNzlTcbPAqntUXWi0=
Created: 20141209020038
Publish: 20141209020038
Activate: 20141209020038
END
close(KEY);

my $wrongprivate = new Net::DNS::SEC::Private($wrongfile);
ok( $wrongprivate, 'set up non-ECC-GOST private key' );


my $sigdata = 'arbitrary data';

my $signature = Net::DNS::SEC::ECCGOST->sign( $sigdata, $private );
ok( $signature, 'signature created using private key' );

my $validated = Net::DNS::SEC::ECCGOST->verify( $sigdata, $key, $signature );
ok( $validated, 'signature validated using public key' );


ok( !eval { Net::DNS::SEC::ECCGOST->sign( $sigdata, $wrongprivate ) },
	'signature not generated using wrong private key' );

ok( !eval { Net::DNS::SEC::ECCGOST->verify( $sigdata, $wrongkey, $signature ) },
	'signature not validated using wrong public key' );


exit;

__END__