From f50ae72ec3417cae55dd4e085991c01af9fdc5f1 Mon Sep 17 00:00:00 2001
From: Martin Nagy <mnagy@redhat.com>
Date: Wed, 11 Feb 2009 20:37:59 +0100
Subject: Initial commit

---
 bin/tests/system/tsig/clean.sh       |  24 ++++
 bin/tests/system/tsig/ns1/example.db | 151 ++++++++++++++++++++++++
 bin/tests/system/tsig/ns1/named.conf |  96 +++++++++++++++
 bin/tests/system/tsig/tests.sh       | 218 +++++++++++++++++++++++++++++++++++
 4 files changed, 489 insertions(+)
 create mode 100644 bin/tests/system/tsig/clean.sh
 create mode 100644 bin/tests/system/tsig/ns1/example.db
 create mode 100644 bin/tests/system/tsig/ns1/named.conf
 create mode 100644 bin/tests/system/tsig/tests.sh

(limited to 'bin/tests/system/tsig')

diff --git a/bin/tests/system/tsig/clean.sh b/bin/tests/system/tsig/clean.sh
new file mode 100644
index 0000000..47e7172
--- /dev/null
+++ b/bin/tests/system/tsig/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# Copyright (C) 2005-2007  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
+
+#
+# Clean up after tsig tests.
+#
+
+rm -f dig.out.*
+rm -f */named.memstats
diff --git a/bin/tests/system/tsig/ns1/example.db b/bin/tests/system/tsig/ns1/example.db
new file mode 100644
index 0000000..1dd6522
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/example.db
@@ -0,0 +1,151 @@
+; Copyright (C) 2005-2007  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: example.db,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+$ORIGIN .
+$TTL 300	; 5 minutes
+example.nil		IN SOA	ns1.example.nil. hostmaster.example.nil. (
+				1	   ; serial
+				2000       ; refresh (2000 seconds)
+				2000       ; retry (2000 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+example.nil.		NS	ns1.example.nil.
+ns1.example.nil.	A	10.53.0.1
+example.nil.		NS	ns2.example.nil.
+ns2.example.nil.	A	10.53.0.2
+
+$ORIGIN example.nil.
+*			MX	10 mail
+a			TXT	"foo foo foo"
+			PTR	foo.net.
+$TTL 3600	; 1 hour
+a01			A	0.0.0.0
+a02			A	255.255.255.255
+a601			AAAA	ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+afsdb01			AFSDB	0 hostname
+afsdb02			AFSDB	65535 .
+$TTL 300	; 5 minutes
+b			CNAME	foo.net.
+c			A	73.80.65.49
+$TTL 3600	; 1 hour
+cert01			CERT	65534 65535 PRIVATEOID (
+				MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+				WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+				d80jEeC8aTrO+KKmCaY= )
+cname01			CNAME	cname-target.
+cname02			CNAME	cname-target
+cname03			CNAME	.
+$TTL 300	; 5 minutes
+d			A	73.80.65.49
+$TTL 3600	; 1 hour
+dname01			DNAME	dname-target.
+dname02			DNAME	dname-target
+dname03			DNAME	.
+$TTL 300	; 5 minutes
+e			MX	10 mail
+			TXT	"one"
+			TXT	"three"
+			TXT	"two"
+			A	73.80.65.49
+			A	73.80.65.50
+			A	73.80.65.52
+			A	73.80.65.51
+f			A	73.80.65.52
+$TTL 3600	; 1 hour
+gpos01			GPOS	"-22.6882" "116.8652" "250.0"
+gpos02			GPOS	"" "" ""
+hinfo01			HINFO	"Generic PC clone" "NetBSD-1.4"
+hinfo02			HINFO	"PC" "NetBSD"
+isdn01			ISDN	"isdn-address"
+isdn02			ISDN	"isdn-address" "subaddress"
+isdn03			ISDN	"isdn-address"
+isdn04			ISDN	"isdn-address" "subaddress"
+key01			KEY	512 255 1 (
+				AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR
+				yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3
+				GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o
+				jqf0BaqHT+8= )
+kx01			KX	10 kdc
+kx02			KX	10 .
+loc01			LOC	60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+loc02			LOC	60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m
+mb01			MG	madname
+mb02			MG	.
+mg01			MG	mgmname
+mg02			MG	.
+minfo01			MINFO	rmailbx emailbx
+minfo02			MINFO	. .
+mr01			MR	mrname
+mr02			MR	.
+mx01			MX	10 mail
+mx02			MX	10 .
+naptr01			NAPTR	0 0 "" "" "" .
+naptr02			NAPTR	65535 65535 "blurgh" "blorf" "blegh" foo.
+nsap-ptr01		NSAP-PTR foo.
+			NSAP-PTR .
+nsap01			NSAP	0x47000580005a0000000001e133ffffff00016100
+nsap02			NSAP	0x47000580005a0000000001e133ffffff00016100
+nxt01			NXT	a.secure ( NS SOA MX SIG KEY LOC NXT )
+nxt02			NXT	. ( NSAP-PTR NXT )
+nxt03			NXT	. ( A )
+nxt04			NXT	. ( 127 )
+ptr01			PTR	example.nil.
+px01			PX	65535 foo. bar.
+px02			PX	65535 . .
+rp01			RP	mbox-dname txt-dname
+rp02			RP	. .
+rt01			RT	0 intermediate-host
+rt02			RT	65535 .
+$TTL 300	; 5 minutes
+s			NS	ns.s
+$ORIGIN s.example.nil.
+ns			A	73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600	; 1 hour
+sig01			SIG	NXT 1 3 3600 20000102030405 (
+				19961211100908 2143 foo
+				MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi
+				WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl
+				d80jEeC8aTrO+KKmCaY= )
+srv01			SRV	0 0 0 .
+srv02			SRV	65535 65535 65535 old-slow-box.example.com.
+$TTL 301	; 5 minutes 1 second
+t			A	73.80.65.49
+$TTL 3600	; 1 hour
+txt01			TXT	"foo"
+txt02			TXT	"foo" "bar"
+txt03			TXT	"foo"
+txt04			TXT	"foo" "bar"
+txt05			TXT	"foo bar"
+txt06			TXT	"foo bar"
+txt07			TXT	"foo bar"
+txt08			TXT	"foo\010bar"
+txt09			TXT	"foo\010bar"
+txt10			TXT	"foo bar"
+txt11			TXT	"\"foo\""
+txt12			TXT	"\"foo\""
+$TTL 300	; 5 minutes
+u			TXT	"txt-not-in-nxt"
+$ORIGIN u.example.nil.
+a			A	73.80.65.49
+b			A	73.80.65.49
+$ORIGIN example.nil.
+$TTL 3600	; 1 hour
+wks01			WKS	10.0.0.1 6 ( 0 1 2 21 23 )
+wks02			WKS	10.0.0.1 17 ( 0 1 2 53 )
+wks03			WKS	10.0.0.2 6 ( 65535 )
+x2501			X25	"123456789"
diff --git a/bin/tests/system/tsig/ns1/named.conf b/bin/tests/system/tsig/ns1/named.conf
new file mode 100644
index 0000000..b48de83
--- /dev/null
+++ b/bin/tests/system/tsig/ns1/named.conf
@@ -0,0 +1,96 @@
+/*
+ * Copyright (C) 2005-2007  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.5 2007/06/19 23:47:06 tbox Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+};
+
+key "md5" {
+	secret "97rnFx24Tfna4mHPfgnerA==";
+	algorithm hmac-md5;
+};
+
+key "sha1" {
+	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+	algorithm hmac-sha1;
+};
+
+key "sha224" {
+	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
+	algorithm hmac-sha224;
+};
+
+key "sha256" {
+	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
+	algorithm hmac-sha256;
+};
+
+key "sha384" {
+	secret "OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h";
+	algorithm hmac-sha384;
+};
+
+key "sha512" {
+	secret "jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg==";
+	algorithm hmac-sha512;
+};
+
+key "md5-trunc" {
+	secret "97rnFx24Tfna4mHPfgnerA==";
+	algorithm hmac-md5-80;
+};
+
+key "sha1-trunc" {
+	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+	algorithm hmac-sha1-80;
+};
+
+key "sha224-trunc" {
+	secret "hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA==";
+	algorithm hmac-sha224-112;
+};
+
+key "sha256-trunc" {
+	secret "R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=";
+	algorithm hmac-sha256-128;
+};
+
+key "sha384-trunc" {
+	secret "OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h";
+	algorithm hmac-sha384-192;
+};
+
+key "sha512-trunc" {
+	secret "jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg==";
+	algorithm hmac-sha512-256;
+};
+
+zone "example.nil" {
+	type master;
+	file "example.db";
+};
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
new file mode 100644
index 0000000..d2391c1
--- /dev/null
+++ b/bin/tests/system/tsig/tests.sh
@@ -0,0 +1,218 @@
+#!/bin/sh
+#
+# Copyright (C) 2005-2007  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.5 2007/06/19 23:47:06 tbox Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+#
+# Shared secrets.
+#
+md5="97rnFx24Tfna4mHPfgnerA=="
+sha1="FrSt77yPTFx6hTs4i2tKLB9LmE0="
+sha224="hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="
+sha256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="
+sha384="OaDdoAk2LAcLtYeUnsT7A9XHjsb6ZEma7OCvUpMraQIJX6HetGrlKmF7yglO1G2h"
+sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4fe6Uasc0ckctEmg=="
+
+status=0
+
+echo "I:fetching using hmac-md5 (old form)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.old || ret=1
+grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-md5 (new form)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-md5:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.new || ret=1
+grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha1:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1 || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha224:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224 || ret=1
+grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha256:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256 || ret=1
+grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha384:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384 || ret=1
+grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha512:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512 || ret=1
+grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+#
+#
+#	Truncated TSIG
+#
+#
+echo "I:fetching using hmac-md5 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5.trunc || ret=1
+grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha1-80:sha1-trunc:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1.trunc || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha224-112:sha224-trunc:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224.trunc || ret=1
+grep -i "sha224-trunc.*TSIG.*NOERROR" dig.out.sha224.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha256-128:sha256-trunc:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256.trunc || ret=1
+grep -i "sha256-trunc.*TSIG.*NOERROR" dig.out.sha256.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha384-192:sha384-trunc:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384.trunc || ret=1
+grep -i "sha384-trunc.*TSIG.*NOERROR" dig.out.sha384.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512-256 (trunc)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha512-256:sha512-trunc:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512.trunc || ret=1
+grep -i "sha512-trunc.*TSIG.*NOERROR" dig.out.sha512.trunc > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+
+#
+#
+#	Check for bad truncation.
+#
+#
+echo "I:fetching using hmac-md5-80 (BADTRUNC)" 
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-md5-80:md5:$md5" @10.53.0.1 soa -p 5300 > dig.out.md5-80 || ret=1
+grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha1-80 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha1-80:sha1:$sha1" @10.53.0.1 soa -p 5300 > dig.out.sha1-80 || ret=1
+grep -i "sha1.*TSIG.*BADTRUNC" dig.out.sha1-80 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha224-112 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha224-112:sha224:$sha224" @10.53.0.1 soa -p 5300 > dig.out.sha224-112 || ret=1
+grep -i "sha224.*TSIG.*BADTRUNC" dig.out.sha224-112 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha256-128 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha256-128:sha256:$sha256" @10.53.0.1 soa -p 5300 > dig.out.sha256-128 || ret=1
+grep -i "sha256.*TSIG.*BADTRUNC" dig.out.sha256-128 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha384-192 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha384-192:sha384:$sha384" @10.53.0.1 soa -p 5300 > dig.out.sha384-192 || ret=1
+grep -i "sha384.*TSIG.*BADTRUNC" dig.out.sha384-192 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+echo "I:fetching using hmac-sha512-256 (BADTRUNC)"
+ret=0
+$DIG +tcp +nosea +nostat +noquest +nocomm +nocmd example.nil.\
+	-y "hmac-sha512-256:sha512:$sha512" @10.53.0.1 soa -p 5300 > dig.out.sha512-256 || ret=1
+grep -i "sha512.*TSIG.*BADTRUNC" dig.out.sha512-256 > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+	echo "I: failed"; status=1
+fi
+
+exit $status
+
+
-- 
cgit