test for HINFO.

git-svn-id: file:///svn/unbound/trunk@1408 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 91d79db8c8d55491271ca4ebd2ea2f7d7289d59a..af1813e952ca91cfac32dd117fd8603763822eb1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 6 January 2009: Wouter
        - fixup packet-of-death when compiled with --enable-debug.
          A malformed packet could cause an internal assertion failure.
+       - added test for HINFO canonicalisation behaviour.
 
 5 January 2009: Wouter
        - fixup getaddrinfo failure handling for remote control port.

diff --git a/testcode/unitverify.c b/testcode/unitverify.c
index a468cd11394f53ca1936a6507a8006e829e86a25..1c257fea80ac2ac38d87a69be4e5bab5163d2d40 100644 (file)
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@@ -134,7 +134,7 @@ extract_keys(struct entry* e, struct alloc_cache* alloc,
 
 /** return true if answer should be bogus */
 static int
-should_be_bogus(struct ub_packed_rrset_key* rrset)
+should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo)
 {
        struct packed_rrset_data* d = (struct packed_rrset_data*)rrset->
                entry.data;
@@ -143,13 +143,16 @@ should_be_bogus(struct ub_packed_rrset_key* rrset)
        /* name 'bogus' as first label signals bogus */
        if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0)
                return 1;
+       if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0)
+               return 1;
        return 0;
 }
 
 /** verify and test one rrset against the key rrset */
 static void
 verifytest_rrset(struct module_env* env, struct val_env* ve, 
-       struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey)
+       struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
+       struct query_info* qinfo)
 {
        enum sec_status sec;
        if(vsig) {
@@ -161,7 +164,7 @@ verifytest_rrset(struct module_env* env, struct val_env* ve,
        if(vsig) {
                printf("verify outcome is: %s\n", sec_status_to_string(sec));
        }
-       if(should_be_bogus(rrset)) {
+       if(should_be_bogus(rrset, qinfo)) {
                unit_assert(sec == sec_status_bogus);
        } else {
                unit_assert(sec == sec_status_secure);
@@ -188,7 +191,7 @@ verifytest_entry(struct entry* e, struct alloc_cache* alloc,
        entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep);
 
        for(i=0; i<rep->rrset_count; i++) {
-               verifytest_rrset(env, ve, rep->rrsets[i], dnskey);
+               verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo);
        }
 
        reply_info_parsedelete(rep, alloc);
@@ -478,6 +481,7 @@ verify_test()
 #ifdef HAVE_EVP_SHA512
        verifytest_file("testdata/test_signatures.10", "20070829144150");
 #endif
+       verifytest_file("testdata/test_signatures.12", "20090107100022");
        dstest_file("testdata/test_ds_sig.1");
        nsectest();
        nsec3_hash_test("testdata/test_nsec3_hash.1");

diff --git a/testdata/test_signatures.12 b/testdata/test_signatures.12
new file mode 100644 (file)
index 0000000..0f168e6
--- /dev/null
+++ b/testdata/test_signatures.12
@@ -0,0 +1,55 @@
+; Signature test file
+
+; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. 
+; later entries are verified with it.
+
+; Test HINFO canonicalisation
+
+; RSA key from ldns tool
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN DNSKEY
+SECTION ANSWER
+jelte.nlnetlabs.nl.    3600    IN      DNSKEY  256 3 5 AwEAAawmHBgxeOiaYE4JpNU+CBqEj7xGB1o6ThEsUmtjsbmTnsJ89uWv 2PudzhQKCR1hJtuxVxG0Aw4mwHlAy+SoWHp8NXW1JYVA5qbvYhUUUM3l +ZFImaMhShhlviJJDLla5nmB5pyNYbC4wxqkCs51mzJY1abbCmZepmQL IlprTjUL
+ENTRY_END
+
+; check that signatures work
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN      NS
+SECTION ANSWER
+jelte.nlnetlabs.nl.    3600    IN      NS      ns1.jelte.nlnetlabs.nl.
+jelte.nlnetlabs.nl.    3600    IN      NS      ns2.jelte.nlnetlabs.nl.
+jelte.nlnetlabs.nl.    3600    IN      RRSIG   NS 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. E3G8ZsCvUw56EKxYA4JzjYaB3ojLpdmQdUHOPSxlWK43haSuxpFERGRc P7AhiMjcYcoJcR+LWQr0uOFVnW8VcFFdy8u7Gs9MNAIWs5+jOaI3WDRC reee7K/NEBiubQCdm7UPA894VNM5oiLCa1waMoMD+LfEeijuN4N09HqY 6eo=
+ENTRY_END
+
+; currently this fails due to the design of canonicalisation in unbound.
+; HINFO record signed with ldns, HINFO in uppercase, signature uppercase
+ENTRY_BEGIN
+SECTION QUESTION
+bogus.jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.    3600    IN      HINFO   "Jelte" "Machine van"
+jelte.nlnetlabs.nl.    3600    IN      RRSIG   HINFO 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. eRig3NjIIgBTmQiN7AREmplgiY6OOtVwCNZgF5UAoYFAE1K1tl5WLqe9 FmTcVtaNUzFdgYv+TD93NNYdV0uxJkr+rS2sSykGf9OIlxevFm+rW2ya 4/Y+5GIN77eN9q9/6ULQRdsX3p8w1fhloiDXk+tgCaw+cJJElMEE1Avw 2dY=
+ENTRY_END
+
+
+; HINFO record signed with ldns, HINFO in lowercase, signature lowercase
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.    3600    IN      HINFO   "jelte" "machine van"
+jelte.nlnetlabs.nl.    3600    IN      RRSIG   HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
+ENTRY_END
+
+; HINFO record signed with ldns, HINFO in uppercase, signature lowercase
+; (signer canonicalised)
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.    3600    IN      HINFO   "Jelte" "Machine van"
+jelte.nlnetlabs.nl.    3600    IN      RRSIG   HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
+ENTRY_END
+