summaryrefslogtreecommitdiff
path: root/regress
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2019-06-18 12:09:08 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2019-06-18 12:09:08 +0000
commit68df5fccbe2517349396e34c2891a02d0989fe54 (patch)
treee46ed314e169be861730b17284c81e67126c34d4 /regress
parentcb4ebdfcb4de1915eca21ae23fdda3a3338efe0a (diff)
Use the test-files from rpki-client and some files from the rpki cache to
implement a basic regress test. Needs more work but should be a start.
Diffstat (limited to 'regress')
-rw-r--r--regress/usr.sbin/rpki-client/Makefile41
-rw-r--r--regress/usr.sbin/rpki-client/cer/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cerbin0 -> 1259 bytes
-rw-r--r--regress/usr.sbin/rpki-client/cer/aaI5ikDRYL7nJH9kwrv4b80iIAI.cerbin0 -> 1288 bytes
-rw-r--r--regress/usr.sbin/rpki-client/mft/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mftbin0 -> 1980 bytes
-rw-r--r--regress/usr.sbin/rpki-client/mft/RjQZ5pSL7riIcFGhdm4iFtIalko.mftbin0 -> 2212 bytes
-rw-r--r--regress/usr.sbin/rpki-client/mft/ripe-ncc-ta.mftbin0 -> 1796 bytes
-rw-r--r--regress/usr.sbin/rpki-client/roa/4DAr1VXnjh69GoQkxjmIQdkRVtQ.roabin0 -> 1730 bytes
-rw-r--r--regress/usr.sbin/rpki-client/roa/Hf1ZR31W9DN5QSF6xJEO5qgH4ac.roabin0 -> 1769 bytes
-rw-r--r--regress/usr.sbin/rpki-client/roa/Zs_svFDVb-_DZnjgkN8DLKk_IRI.roabin0 -> 1729 bytes
-rw-r--r--regress/usr.sbin/rpki-client/roa/xZEe_HUX98kANKreh2ZIpdaDnAI.roabin0 -> 1729 bytes
-rw-r--r--regress/usr.sbin/rpki-client/ta/AfriNIC.cerbin0 -> 1160 bytes
-rw-r--r--regress/usr.sbin/rpki-client/ta/apnic-rpki-root-iana-origin.cerbin0 -> 1211 bytes
-rw-r--r--regress/usr.sbin/rpki-client/ta/ripe-ncc-ta.cerbin0 -> 1038 bytes
-rw-r--r--regress/usr.sbin/rpki-client/tal/apnic.tal9
-rw-r--r--regress/usr.sbin/rpki-client/tal/ripe.tal9
-rw-r--r--regress/usr.sbin/rpki-client/test-cert.c136
-rw-r--r--regress/usr.sbin/rpki-client/test-ip.c128
-rw-r--r--regress/usr.sbin/rpki-client/test-mft.c92
-rw-r--r--regress/usr.sbin/rpki-client/test-roa.c94
-rw-r--r--regress/usr.sbin/rpki-client/test-tal.c84
20 files changed, 593 insertions, 0 deletions
diff --git a/regress/usr.sbin/rpki-client/Makefile b/regress/usr.sbin/rpki-client/Makefile
new file mode 100644
index 00000000000..7c67f2207e7
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/Makefile
@@ -0,0 +1,41 @@
+# $OpenBSD: Makefile,v 1.1 2019/06/18 12:09:07 claudio Exp $
+
+.PATH: ${.CURDIR}/../../../usr.sbin/rpki-client
+
+PROGS += test-ip
+PROGS += test-cert
+PROGS += test-mft
+PROGS += test-roa
+PROGS += test-tal
+
+. for p in ${PROGS}
+REGRESS_TARGETS += run-regress-$p
+.endfor
+
+CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../../../usr.sbin/rpki-client \
+ -I/usr/local/include/eopenssl
+LDADD+= /usr/local/lib/eopenssl/libssl.a \
+ /usr/local/lib/eopenssl/libcrypto.a
+
+SRCS_test-ip= test-ip.c ip.c io.c
+run-regress-test-ip: test-ip
+ ./test-ip
+
+SRCS_test-cert= test-cert.c cert.c x509.c ip.c as.c rsync.c io.c log.c
+run-regress-test-cert: test-cert
+ ./test-cert -v ${.CURDIR}/cer/*
+ ./test-cert -vt ${.CURDIR}/ta/*
+
+SRCS_test-mft= test-mft.c mft.c cms.c x509.c io.c log.c
+run-regress-test-mft: test-mft
+ ./test-mft -v ${.CURDIR}/mft/*
+
+SRCS_test-roa= test-roa.c roa.c cms.c x509.c ip.c as.c io.c log.c
+run-regress-test-roa: test-roa
+ ./test-roa -v ${.CURDIR}/roa/*
+
+SRCS_test-tal= test-tal.c tal.c rsync.c io.c log.c
+run-regress-test-tal: test-tal
+ ./test-tal -v ${.CURDIR}/tal/*.tal
+
+.include <bsd.regress.mk>
diff --git a/regress/usr.sbin/rpki-client/cer/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer b/regress/usr.sbin/rpki-client/cer/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
new file mode 100644
index 00000000000..64d53307989
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/cer/2a7dd1d787d793e4c8af56e197d4eed92af6ba13.cer
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/cer/aaI5ikDRYL7nJH9kwrv4b80iIAI.cer b/regress/usr.sbin/rpki-client/cer/aaI5ikDRYL7nJH9kwrv4b80iIAI.cer
new file mode 100644
index 00000000000..61c9160cdf4
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/cer/aaI5ikDRYL7nJH9kwrv4b80iIAI.cer
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/mft/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft b/regress/usr.sbin/rpki-client/mft/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
new file mode 100644
index 00000000000..f90b31a617d
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/mft/Kn3R14fXk-TIr1bhl9Tu2Sr2uhM.mft
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/mft/RjQZ5pSL7riIcFGhdm4iFtIalko.mft b/regress/usr.sbin/rpki-client/mft/RjQZ5pSL7riIcFGhdm4iFtIalko.mft
new file mode 100644
index 00000000000..6ebfa8ad8d4
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/mft/RjQZ5pSL7riIcFGhdm4iFtIalko.mft
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/mft/ripe-ncc-ta.mft b/regress/usr.sbin/rpki-client/mft/ripe-ncc-ta.mft
new file mode 100644
index 00000000000..ed854d348cb
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/mft/ripe-ncc-ta.mft
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/roa/4DAr1VXnjh69GoQkxjmIQdkRVtQ.roa b/regress/usr.sbin/rpki-client/roa/4DAr1VXnjh69GoQkxjmIQdkRVtQ.roa
new file mode 100644
index 00000000000..f6126eb6572
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/roa/4DAr1VXnjh69GoQkxjmIQdkRVtQ.roa
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/roa/Hf1ZR31W9DN5QSF6xJEO5qgH4ac.roa b/regress/usr.sbin/rpki-client/roa/Hf1ZR31W9DN5QSF6xJEO5qgH4ac.roa
new file mode 100644
index 00000000000..8abe8f19a95
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/roa/Hf1ZR31W9DN5QSF6xJEO5qgH4ac.roa
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/roa/Zs_svFDVb-_DZnjgkN8DLKk_IRI.roa b/regress/usr.sbin/rpki-client/roa/Zs_svFDVb-_DZnjgkN8DLKk_IRI.roa
new file mode 100644
index 00000000000..e8773eb398b
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/roa/Zs_svFDVb-_DZnjgkN8DLKk_IRI.roa
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/roa/xZEe_HUX98kANKreh2ZIpdaDnAI.roa b/regress/usr.sbin/rpki-client/roa/xZEe_HUX98kANKreh2ZIpdaDnAI.roa
new file mode 100644
index 00000000000..aa29c798201
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/roa/xZEe_HUX98kANKreh2ZIpdaDnAI.roa
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/ta/AfriNIC.cer b/regress/usr.sbin/rpki-client/ta/AfriNIC.cer
new file mode 100644
index 00000000000..87db75d1c63
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/ta/AfriNIC.cer
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/ta/apnic-rpki-root-iana-origin.cer b/regress/usr.sbin/rpki-client/ta/apnic-rpki-root-iana-origin.cer
new file mode 100644
index 00000000000..56939f85858
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/ta/apnic-rpki-root-iana-origin.cer
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/ta/ripe-ncc-ta.cer b/regress/usr.sbin/rpki-client/ta/ripe-ncc-ta.cer
new file mode 100644
index 00000000000..6a0994aa712
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/ta/ripe-ncc-ta.cer
Binary files differ
diff --git a/regress/usr.sbin/rpki-client/tal/apnic.tal b/regress/usr.sbin/rpki-client/tal/apnic.tal
new file mode 100644
index 00000000000..fc781ee2240
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/tal/apnic.tal
@@ -0,0 +1,9 @@
+rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx9RWSL61YAAYumEiU8z8
+qH2ETVIL01ilxZlzIL9JYSORMN5Cmtf8V2JblIealSqgOTGjvSjEsiV73s67zYQI
+7C/iSOb96uf3/s86NqbxDiFQGN8qG7RNcdgVuUlAidl8WxvLNI8VhqbAB5uSg/Mr
+LeSOvXRja041VptAxIhcGzDMvlAJRwkrYK/Mo8P4E2rSQgwqCgae0ebY1CsJ3Cjf
+i67C1nw7oXqJJovvXJ4apGmEv8az23OLC6Ki54Ul/E6xk227BFttqFV3YMtKx42H
+cCcDVZZy01n7JjzvO8ccaXmHIgR7utnqhBRNNq5Xc5ZhbkrUsNtiJmrZzVlgU6Ou
+0wIDAQAB
diff --git a/regress/usr.sbin/rpki-client/tal/ripe.tal b/regress/usr.sbin/rpki-client/tal/ripe.tal
new file mode 100644
index 00000000000..acdb1731307
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/tal/ripe.tal
@@ -0,0 +1,9 @@
+rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2myBsOzeW1j
+Q6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV2pFBFeQAvoH/WK83Hw
+A26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNcKrmit8BwBC8xImzuCGaV0jkRB0G
+Z0hoH6Ml03umLprRsn6v0xOP0+l6Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eM
+kE6DoclHhF/NlSllXubASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs
+6ZxRD1b6Uk1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2
+VwIDAQAB
diff --git a/regress/usr.sbin/rpki-client/test-cert.c b/regress/usr.sbin/rpki-client/test-cert.c
new file mode 100644
index 00000000000..733f1da4219
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/test-cert.c
@@ -0,0 +1,136 @@
+/* $Id: test-cert.c,v 1.1 2019/06/18 12:09:07 claudio Exp $ */
+/*
+ * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+#include <assert.h>
+#include <err.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "extern.h"
+
+static void
+cert_print(const struct cert *p)
+{
+ size_t i;
+ char buf1[64], buf2[64];
+ int sockt;
+
+ assert(p != NULL);
+
+ printf("Manifest: %s\n", p->mft);
+ if (p->crl != NULL)
+ printf("Revocation list: %s\n", p->crl);
+ printf("Subject key identifier: %s\n", p->ski);
+ if (p->aki != NULL)
+ printf("Authority key identifier: %s\n", p->aki);
+
+ for (i = 0; i < p->asz; i++)
+ switch (p->as[i].type) {
+ case CERT_AS_ID:
+ printf("%5zu: AS: %"
+ PRIu32 "\n", i + 1, p->as[i].id);
+ break;
+ case CERT_AS_INHERIT:
+ printf("%5zu: AS: inherit\n", i + 1);
+ break;
+ case CERT_AS_RANGE:
+ printf("%5zu: AS: %"
+ PRIu32 "--%" PRIu32 "\n", i + 1,
+ p->as[i].range.min, p->as[i].range.max);
+ break;
+ }
+
+ for (i = 0; i < p->ipsz; i++)
+ switch (p->ips[i].type) {
+ case CERT_IP_INHERIT:
+ printf("%5zu: IP: inherit\n", i + 1);
+ break;
+ case CERT_IP_ADDR:
+ ip_addr_print(&p->ips[i].ip,
+ p->ips[i].afi, buf1, sizeof(buf1));
+ printf("%5zu: IP: %s\n", i + 1, buf1);
+ break;
+ case CERT_IP_RANGE:
+ sockt = (p->ips[i].afi == AFI_IPV4) ?
+ AF_INET : AF_INET6;
+ inet_ntop(sockt, p->ips[i].min, buf1, sizeof(buf1));
+ inet_ntop(sockt, p->ips[i].max, buf2, sizeof(buf2));
+ printf("%5zu: IP: %s--%s\n", i + 1, buf1, buf2);
+ break;
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ int c, i, verb = 0, ta = 0;
+ X509 *xp = NULL;
+ struct cert *p;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ while ((c = getopt(argc, argv, "tv")) != -1)
+ switch (c) {
+ case 't':
+ ta = 1;
+ break;
+ case 'v':
+ verb++;
+ break;
+ default:
+ errx(1, "bad argument %c", c);
+ }
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc == 0)
+ errx(1, "argument missing");
+
+ for (i = 0; i < argc; i++) {
+ p = ta ?
+ ta_parse(&xp, argv[i], NULL, 0) :
+ cert_parse(&xp, argv[i], NULL);
+ if (p == NULL)
+ break;
+ if (verb)
+ cert_print(p);
+ cert_free(p);
+ X509_free(xp);
+ }
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ if (i < argc)
+ errx(1, "test failed for %s", argv[i]);
+
+ printf("OK\n");
+ return 0;
+}
diff --git a/regress/usr.sbin/rpki-client/test-ip.c b/regress/usr.sbin/rpki-client/test-ip.c
new file mode 100644
index 00000000000..5a417fcce5d
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/test-ip.c
@@ -0,0 +1,128 @@
+/* $Id: test-ip.c,v 1.1 2019/06/18 12:09:07 claudio Exp $ */
+/*
+ * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/socket.h>
+#include <arpa/inet.h>
+
+#include <assert.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "extern.h"
+
+static void
+test(const char *res, uint16_t afiv, size_t sz, size_t unused, ...)
+{
+ va_list ap;
+ struct ip_addr addr;
+ char buf[64];
+ size_t i;
+ enum afi afi;
+ struct cert_ip ip;
+ int rc;
+
+ afi = (afiv == 1) ? AFI_IPV4 : AFI_IPV6;
+
+ memset(&addr, 0, sizeof(struct ip_addr));
+
+ va_start(ap, unused);
+ for (i = 0; i < sz - 1; i++)
+ addr.addr[i] = (unsigned char)va_arg(ap, int);
+ va_end(ap);
+
+ addr.sz = sz - 1;
+ addr.unused = unused;
+ ip_addr_print(&addr, afi, buf, sizeof(buf));
+ if (res != NULL && strcmp(res, buf))
+ errx(EXIT_FAILURE, "fail: %s != %s\n", res, buf);
+ else if (res != NULL)
+ warnx("pass: %s", buf);
+ else
+ warnx("check: %s", buf);
+
+ ip.afi = afi;
+ ip.type = CERT_IP_ADDR;
+ ip.ip = addr;
+ rc = ip_cert_compose_ranges(&ip);
+
+ inet_ntop((afiv == 1) ? AF_INET : AF_INET6, ip.min, buf, sizeof(buf));
+ warnx("minimum: %s", buf);
+ inet_ntop((afiv == 1) ? AF_INET : AF_INET6, ip.max, buf, sizeof(buf));
+ warnx("maximum: %s", buf);
+ if (!rc)
+ errx(EXIT_FAILURE, "fail: minimum > maximum");
+}
+
+int
+main(int argc, char *argv[])
+{
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ test("10.5.0.4/32",
+ 1, 0x05, 0x00, 0x0a, 0x05, 0x00, 0x04);
+
+ test("10.5.0.0/23",
+ 1, 0x04, 0x01, 0x0a, 0x05, 0x00);
+
+ test("2001:0:200:3:0:0:0:1/128",
+ 2, 0x11, 0x00, 0x20, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01);
+
+ test("2001:0:200::/39",
+ 2, 0x06, 0x01, 0x20, 0x01, 0x00, 0x00, 0x02);
+
+ test(NULL,
+ 1, 0x03, 0x00, 0x0a, 0x05);
+
+ test(NULL,
+ 1, 0x04, 0x01, 0x0a, 0x05, 0x00);
+
+ test(NULL,
+ 2, 0x06, 0x01, 0x20, 0x01, 0x00, 0x00, 0x02);
+
+ test(NULL,
+ 2, 0x06, 0x02, 0x20, 0x01, 0x00, 0x00, 0x00);
+
+ test("0.0.0.0/0",
+ 1, 0x01, 0x00);
+
+ test("10.64.0.0/12",
+ 1, 0x03, 0x04, 0x0a, 0x40);
+
+ test("10.64.0.0/20",
+ 1, 0x04, 0x04, 0x0a, 0x40, 0x00);
+
+ test(NULL,
+ 1, 0x02, 0x04, 0x80);
+ test(NULL,
+ 1, 0x03, 0x06, 0x81, 0x40);
+ test(NULL,
+ 1, 0x02, 0x04, 0x80);
+
+ ERR_free_strings();
+
+ printf("OK\n");
+ return 0;
+}
diff --git a/regress/usr.sbin/rpki-client/test-mft.c b/regress/usr.sbin/rpki-client/test-mft.c
new file mode 100644
index 00000000000..4df01911444
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/test-mft.c
@@ -0,0 +1,92 @@
+/* $Id: test-mft.c,v 1.1 2019/06/18 12:09:07 claudio Exp $ */
+/*
+ * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <assert.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "extern.h"
+
+static void
+mft_print(const struct mft *p)
+{
+ size_t i;
+
+ assert(p != NULL);
+
+ printf("Subject key identifier: %s\n", p->ski);
+ printf("Authority key identifier: %s\n", p->aki);
+ for (i = 0; i < p->filesz; i++)
+ printf("%5zu: %s\n", i + 1, p->files[i].file);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+ int c, i, verb = 0, force = 0;
+ struct mft *p;
+ X509 *xp = NULL;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ while (-1 != (c = getopt(argc, argv, "fv")))
+ switch (c) {
+ case 'f':
+ force = 1;
+ break;
+ case 'v':
+ verb++;
+ break;
+ default:
+ errx(1, "bad argument %c", c);
+ }
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc == 0)
+ errx(1, "argument missing");
+
+ for (i = 0; i < argc; i++) {
+ if ((p = mft_parse(&xp, argv[i], force)) == NULL)
+ break;
+ if (verb)
+ mft_print(p);
+ mft_free(p);
+ X509_free(xp);
+ }
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ if (i < argc)
+ errx(1, "test failed for %s", argv[i]);
+
+ printf("OK\n");
+ return 0;
+}
diff --git a/regress/usr.sbin/rpki-client/test-roa.c b/regress/usr.sbin/rpki-client/test-roa.c
new file mode 100644
index 00000000000..dba1c66d6fd
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/test-roa.c
@@ -0,0 +1,94 @@
+/* $Id: test-roa.c,v 1.1 2019/06/18 12:09:07 claudio Exp $ */
+/*
+ * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <assert.h>
+#include <err.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "extern.h"
+
+static void
+roa_print(const struct roa *p)
+{
+ char buf[128];
+ size_t i;
+
+ assert(p != NULL);
+
+ printf("Subject key identifier: %s\n", p->ski);
+ printf("Authority key identifier: %s\n", p->aki);
+ printf("asID: %" PRIu32 "\n", p->asid);
+ for (i = 0; i < p->ipsz; i++) {
+ ip_addr_print(&p->ips[i].addr,
+ p->ips[i].afi, buf, sizeof(buf));
+ printf("%5zu: %s (max: %zu)\n", i + 1,
+ buf, p->ips[i].maxlength);
+ }
+}
+
+int
+main(int argc, char *argv[])
+{
+ int c, i, verb = 0;
+ X509 *xp = NULL;
+ struct roa *p;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ while ((c = getopt(argc, argv, "v")) != -1)
+ switch (c) {
+ case 'v':
+ verb++;
+ break;
+ default:
+ errx(1, "bad argument %c", c);
+ }
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc == 0)
+ errx(1, "argument missing");
+
+ for (i = 0; i < argc; i++) {
+ if ((p = roa_parse(&xp, argv[i], NULL)) == NULL)
+ break;
+ if (verb)
+ roa_print(p);
+ roa_free(p);
+ X509_free(xp);
+ }
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ if (i < argc)
+ errx(1, "test failed for %s", argv[i]);
+
+ printf("OK\n");
+ return 0;
+}
diff --git a/regress/usr.sbin/rpki-client/test-tal.c b/regress/usr.sbin/rpki-client/test-tal.c
new file mode 100644
index 00000000000..d8e99f089fd
--- /dev/null
+++ b/regress/usr.sbin/rpki-client/test-tal.c
@@ -0,0 +1,84 @@
+/* $Id: test-tal.c,v 1.1 2019/06/18 12:09:07 claudio Exp $ */
+/*
+ * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <assert.h>
+#include <err.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#include "extern.h"
+
+static void
+tal_print(const struct tal *p)
+{
+ size_t i;
+
+ assert(p != NULL);
+
+ for (i = 0; i < p->urisz; i++)
+ printf("%5zu: URI: %s\n", i + 1, p->uri[i]);
+}
+
+int
+main(int argc, char *argv[])
+{
+ int c, i, verb = 0;
+ struct tal *tal;
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+ while (-1 != (c = getopt(argc, argv, "v")))
+ switch (c) {
+ case 'v':
+ verb++;
+ break;
+ default:
+ errx(1, "bad argument %c", c);
+ }
+
+ argv += optind;
+ argc -= optind;
+
+ if (argc == 0)
+ errx(1, "argument missing");
+
+ for (i = 0; i < argc; i++) {
+ if ((tal = tal_parse(argv[i])) == NULL)
+ break;
+ if (verb)
+ tal_print(tal);
+ tal_free(tal);
+ }
+
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ if (i < argc)
+ errx(1, "test failed for %s", argv[i]);
+
+ printf("OK\n");
+ return 0;
+}