add roa-ee-munge test

addresses [bgpsecurity#28]

mk/rpki.mk

@@ -43,6 +43,50 @@ check_DATA += ${CERTS} ${KEYS} ${ROAS}
 EXTRA_DIST += ${CERTS:.cer=.options} ${ROAS:=.options}
 CLEANFILES += ${CERTS} ${KEYS} ${ROAS}
 
+######################################################################
+## roa-ee-munge test
+######################################################################
+# see ticket #28
+TESTS += \
+	tests/subsystem/roa-ee-munge/roa-ee-munge.tap
+check_SCRIPTS += \
+	tests/subsystem/roa-ee-munge/roa-ee-munge.tap
+tests/subsystem/roa-ee-munge/roa-ee-munge.tap: \
+	tests/subsystem/roa-ee-munge/roa-ee-munge.tap.in
+MK_SUBST_FILES_EXEC += \
+	tests/subsystem/roa-ee-munge/roa-ee-munge.tap
+CERTS += \
+	tests/subsystem/roa-ee-munge/ta-good.cer \
+	tests/subsystem/roa-ee-munge/ta-bad.cer \
+	tests/subsystem/roa-ee-munge/ee-good.cer \
+	tests/subsystem/roa-ee-munge/ee-bad.cer
+ROAS += \
+	tests/subsystem/roa-ee-munge/ee-good.roa \
+	tests/subsystem/roa-ee-munge/ee-bad.roa
+tests/subsystem/roa-ee-munge/ta-good.cer: \
+	tests/subsystem/roa-ee-munge/ta-good.options \
+	tests/subsystem/roa-ee-munge/ta-good.key
+tests/subsystem/roa-ee-munge/ta-bad.cer: \
+	tests/subsystem/roa-ee-munge/ta-bad.options \
+	tests/subsystem/roa-ee-munge/ta-bad.key
+tests/subsystem/roa-ee-munge/ee-good.cer: \
+	tests/subsystem/roa-ee-munge/ee-good.options \
+	tests/subsystem/roa-ee-munge/ee-good.key
+tests/subsystem/roa-ee-munge/ee-good.roa: \
+	tests/subsystem/roa-ee-munge/ee-good.cer \
+	tests/subsystem/roa-ee-munge/ee-good.key \
+	tests/subsystem/roa-ee-munge/ee-good.roa.options
+tests/subsystem/roa-ee-munge/ee-bad.cer: \
+	tests/subsystem/roa-ee-munge/ee-bad.options \
+	tests/subsystem/roa-ee-munge/ee-bad.key
+tests/subsystem/roa-ee-munge/ee-bad.roa: \
+	tests/subsystem/roa-ee-munge/ee-bad.cer \
+	tests/subsystem/roa-ee-munge/ee-bad.key \
+	tests/subsystem/roa-ee-munge/ee-bad.roa.options
+clean-local: clean-roa-ee-munge
+clean-roa-ee-munge:
+	rm -rf tests/subsystem/roa-ee-munge/roa-ee-munge.tap.cache
+
 ######################################################################
 ## chaser
 ######################################################################

tests/subsystem/roa-ee-munge/.gitignore

@@ -0,0 +1,5 @@
+/*.cache/
+/*.cer
+/*.key
+/*.roa
+/roa-ee-munge.tap

tests/subsystem/roa-ee-munge/ee-bad.options

@@ -0,0 +1,12 @@
+type=EE
+issuer=ta-bad
+subject=ee-good
+aia=rsync://invalid/
+sia=s:rsync://invalid/
+ipv4=0.0.0.0/24
+ipv6=::/48
+as=1-31
+selfsigned=false
+parentcertfile=tests/subsystem/roa-ee-munge/ta-bad.cer
+parentkeyfile=tests/subsystem/roa-ee-munge/ta-bad.key
+subjkeyfile=tests/subsystem/roa-ee-munge/ee-good.key

tests/subsystem/roa-ee-munge/ee-bad.roa.options

@@ -0,0 +1,3 @@
+roaipv4=0.0.0.0/25
+roaipv6=::/64
+asid=1

tests/subsystem/roa-ee-munge/ee-good.options

@@ -0,0 +1,12 @@
+type=EE
+issuer=ta-good
+subject=ee-good
+aia=rsync://invalid/
+sia=s:rsync://invalid/
+ipv4=0.0.0.0/24
+ipv6=::/48
+as=1-31
+selfsigned=false
+parentcertfile=tests/subsystem/roa-ee-munge/ta-good.cer
+parentkeyfile=tests/subsystem/roa-ee-munge/ta-good.key
+subjkeyfile=tests/subsystem/roa-ee-munge/ee-good.key

tests/subsystem/roa-ee-munge/ee-good.roa.options

@@ -0,0 +1,3 @@
+roaipv4=0.0.0.0/25
+roaipv6=::/64
+asid=1

tests/subsystem/roa-ee-munge/roa-ee-munge.tap.in

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# This script tests RPSTIR's reaction to the following situation:
+#
+#   1. empty the database
+#   2. take a valid ROA, replace its EE with an "evil twin"
+#      (specifically, take the EE cert and re-sign it using a
+#      different CA that doesn't hold the resources mentioned in the
+#      EE cert)
+#   3. add the modified ROA
+#   4. add the original ROA
+#   5. add the CA certs
+#
+# In this scenario the modified ROA and its embedded cert should not
+# be accepted, even though the non-EE part of the modified ROA is
+# identical to the non-EE part of the original ROA.  Only the original
+# ROA, its embedded cert, and the CAs should be reported as accepted.
+#
+# The object hierarchy in this scenario looks like this:
+#
+#     Good TA (valid)         Bad TA (valid)
+#     IPv4: 0.0.0.0/8         IPv4: 1.0.0.0/8
+#     IPv6: ::/16             IPv6: 1::/16
+#     AS:   1-127             AS:   128-255
+#         |                       |
+#         |                       |
+#     Good ROA (valid)        Bad ROA (OK sig & resources; invalid from bad EE)
+#     IPv4: 0.0.0.0/25        IPv4: 0.0.0.0/25
+#     IPv6: ::/64             IPv6: ::/64
+#     AS:   1                 AS:   1
+#     via Good EE (valid):    via Bad EE (invalid, this is the "evil twin"):
+#     IPv4: 0.0.0.0/24        IPv4: 0.0.0.0/24 (outside of issuer resources)
+#     IPv6: ::/48             IPv6: ::/48 (outside of issuer resources)
+#     AS:   1-31              AS:   1-31 (outside of issuer resources)
+
+@SETUP_ENVIRONMENT@
+
+t4s_setup
+
+u=${TESTS_TOP_SRCDIR}/tests/util.sh
+. "${u}" || t4s_bailout "unable to load ${u}"
+
+cd "${TESTS_BUILDDIR}" || t4s_bailout "unable to cd to ${TESTS_BUILDDIR}"
+
+t4s_testcase --xfail "see ticket #28" "roa-ee-munge" '
+    reset_add_check \
+        "$1" \
+        "ee-bad.roa ee-good.roa ta-good.cer ta-bad.cer" \
+        "ee-good.roa ee-good.roa.cer ta-good.cer ta-bad.cer"
+' "${0##*/}".cache
+
+t4s_done

tests/subsystem/roa-ee-munge/ta-bad.options

@@ -0,0 +1,9 @@
+type=CA
+issuer=ta-bad
+subject=ta-bad
+sia=r:rsync://invalid/,m:rsync://invalid/invalid.mft
+ipv4=1.0.0.0/8
+ipv6=1::/16
+as=128-255
+selfsigned=true
+subjkeyfile=tests/subsystem/roa-ee-munge/ta-bad.key

tests/subsystem/roa-ee-munge/ta-good.options

@@ -0,0 +1,9 @@
+type=CA
+issuer=ta-good
+subject=ta-good
+sia=r:rsync://invalid/,m:rsync://invalid/invalid.mft
+ipv4=0.0.0.0/8
+ipv6=::/16
+as=1-127
+selfsigned=true
+subjkeyfile=tests/subsystem/roa-ee-munge/ta-good.key