- xfr-tsig, unit test for tsig_verify_query.

diff --git a/testcode/unittsig.c b/testcode/unittsig.c
index 7fb090758aa918258f1e93bd440552cc91ee07d6..172c8fc9640dc71baf8ebd8d5232d4f07429f561 100644 (file)
--- a/testcode/unittsig.c
+++ b/testcode/unittsig.c
@@ -81,6 +81,13 @@ static int vtest = 0;
  *     result of the call is compared with the expected result, and
  *     the test fails if not equal. The result is in the packet buffer.
  * tsig-verify-query <key> <time> <rcode> <tsigerror> <tsigothertime>
+ *     It tsig verifies the packet, looks up key in the key table.
+ *     The verification is at timestamp, in secs. The result is checked,
+ *     the key with keyname of result, the rcode function result, and
+ *     if tsig data is returned, the tsigerror and tsigothertime are
+ *     checked if present. If not equal the test fails.
+ *     If no tsig data is returned, keyname '.', and 0 and 0 are the
+ *     tsigerr and tsigothertime values that are checked.
  *
  */
 
@@ -464,6 +471,43 @@ handle_tsig_sign_query(char* line, struct tsig_key_table* key_table,
        tsig_delete(tsig);
 }
 
+/** Convert RCODE string to number. */
+static int
+str2wire_rcode(const char* str)
+{
+       sldns_lookup_table *lt = sldns_lookup_by_name(sldns_rcodes, str);
+       if(lt) {
+               return (int)lt->id;
+       } else if(strncmp(str, "RCODE", 5) == 0) {
+               return atoi(str+5);
+       }
+       /* Try as-is, a number. */
+       return atoi(str);
+}
+
+/** Convert TSIG error code string to number. */
+static int
+str2wire_tsigerror(const char* str)
+{
+       sldns_lookup_table *lt = sldns_lookup_by_name(sldns_tsig_errors, str);
+       if(lt) {
+               return (int)lt->id;
+       }
+       /* Try as-is, a number. */
+       return atoi(str);
+}
+
+/** Print TSIG error code to string */
+static void
+wire2str_tsigerror_buf(int tsigerr, char* buf, size_t len)
+{
+       sldns_lookup_table *lt;
+       lt = sldns_lookup_by_id(sldns_tsig_errors, tsigerr);
+       if(lt && lt->name)
+               snprintf(buf, len, "%s", lt->name);
+       else    snprintf(buf, len, "%d", tsigerr);
+}
+
 /** Handle the tsig-verify-query */
 static void
 handle_tsig_verify_query(char* line, struct tsig_key_table* key_table,
@@ -472,9 +516,10 @@ handle_tsig_verify_query(char* line, struct tsig_key_table* key_table,
        char* arg = get_arg_on_line(line, "tsig-verify-query");
        char* keyname, *s, *timestr, *expected_rcode_str,
                *expected_tsigerr_str, *expected_other_str;
-       int expected_rcode, expected_tsigerr, expected_other, ret;
-       uint64_t timepoint;
+       int expected_rcode, expected_tsigerr, ret;
+       uint64_t timepoint, expected_other;
        struct tsig_data* tsig;
+       char keyname_dname[256];
 
        keyname = arg;
        s = arg;
@@ -514,19 +559,31 @@ handle_tsig_verify_query(char* line, struct tsig_key_table* key_table,
        timepoint = (uint64_t)atoll(timestr);
        if(timepoint == 0 && strcmp(timestr, "0") != 0)
                fatal_exit("expected time argument for %s", timestr);
-       expected_rcode = atoi(expected_rcode_str);
-       if(expected_rcode == 0 && strcmp(expected_rcode_str, "0") != 0)
-               fatal_exit("expected int argument for %s", expected_rcode_str);
-       expected_tsigerr = atoi(expected_tsigerr_str);
-       if(expected_tsigerr == 0 && strcmp(expected_tsigerr_str, "0") != 0)
-               fatal_exit("expected int argument for %s", expected_tsigerr_str);
-       expected_other = atoi(expected_other_str);
+       expected_rcode = str2wire_rcode(expected_rcode_str);
+       if(expected_rcode == 0 && strcmp(expected_rcode_str, "0") != 0 &&
+               strcmp(expected_rcode_str, "NOERROR") != 0 &&
+               strcmp(expected_rcode_str, "RCODE0") != 0)
+               fatal_exit("expected rcode argument for %s", expected_rcode_str);
+       expected_tsigerr = str2wire_tsigerror(expected_tsigerr_str);
+       if(expected_tsigerr == 0 && strcmp(expected_tsigerr_str, "0") != 0 &&
+               strcmp(expected_rcode_str, "NOERROR") != 0)
+               fatal_exit("expected tsigerrorcode argument for %s",
+                       expected_tsigerr_str);
+       expected_other = (uint64_t)atoll(expected_other_str);
        if(expected_other == 0 && strcmp(expected_other_str, "0") != 0)
                fatal_exit("expected int argument for %s", expected_other_str);
+       if(strlen(keyname) > 0 && keyname[strlen(keyname)-1] == '.')
+               snprintf(keyname_dname, sizeof(keyname_dname), "%s", keyname);
+       else    snprintf(keyname_dname, sizeof(keyname_dname), "%s.", keyname);
 
-       if(vtest)
-               printf("tsig-verify-query with %s %d %d\n", keyname,
-                       (int)timepoint, expected_rcode);
+       if(vtest) {
+               char bufrc[16], bufte[16];
+               sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
+               wire2str_tsigerror_buf(expected_tsigerr, bufte, sizeof(bufte));
+               printf("tsig-verify-query with %s %d %s %s %llu\n", keyname,
+                       (int)timepoint, bufrc, bufte,
+                       (unsigned long long)expected_other);
+       }
 
        /* Put position before TSIG */
        if(!tsig_find_rr(pkt)) {
@@ -538,23 +595,65 @@ handle_tsig_verify_query(char* line, struct tsig_key_table* key_table,
        ret = tsig_parse_verify_query(key_table, pkt, &tsig, NULL, timepoint);
 
        if(vtest) {
+               char bufrc[16], bufte[16], retrc[16], rette[16];
+               sldns_wire2str_rcode_buf(expected_rcode, bufrc, sizeof(bufrc));
+               wire2str_tsigerror_buf(expected_tsigerr, bufte, sizeof(bufte));
+               sldns_wire2str_rcode_buf(ret, retrc, sizeof(retrc));
+               if(tsig)
+                       wire2str_tsigerror_buf(tsig->error, rette, sizeof(rette));
+               else    snprintf(rette, sizeof(rette), "none");
                if(ret == expected_rcode)
-                       printf("function ok, %s\n", (ret?"success":"fail"));
+                       printf("function ok, rcode %s\n", retrc);
                else
-                       printf("function returned %d, expected result %d\n",
-                               ret, expected_rcode);
+                       printf("function returned %s, expected result %s\n",
+                               retrc, bufrc);
+               if(tsig) {
+                       char keynm[256];
+                       if(tsig->error == expected_tsigerr)
+                               printf("tsig error ok, it is %s\n", bufte);
+                       else    printf("tsig error %s, expected %s\n", rette,
+                                       bufte);
+                       if(tsig->other_len == 6) {
+                               if(tsig->other_time == expected_other)
+                                       printf("othererrortime ok, it is %llu\n",
+                                               (unsigned long long)expected_other);
+                               else    printf("othererrortime %llu, expected %llu\n",
+                                               (unsigned long long)tsig->other_time,
+                                               (unsigned long long)expected_other);
+                       } else {
+                               if(0 == expected_other)
+                                       printf("othererrortime ok, none\n");
+                               else    printf("othererrortime none, expected %llu\n",
+                                               (unsigned long long)expected_other);
+                       }
+                       sldns_wire2str_dname_buf(tsig->key_name,
+                               tsig->key_name_len, keynm, sizeof(keynm));
+                       if(strcmp(keynm, keyname_dname) != 0)
+                               printf("tsig key is %s, expected %s\n",
+                                       keynm, keyname_dname);
+               } else {
+                       if(expected_tsigerr != 0 || expected_other != 0 ||
+                               strcmp(keyname_dname, ".") != 0) {
+                               printf("no tsig data returned, but expected it\n");
+                       }
+               }
        }
        unit_assert(ret == expected_rcode);
        if(tsig) {
+               char keynm[256];
                unit_assert(tsig->error == expected_tsigerr);
                if(tsig->other_len == 6) {
                        unit_assert(tsig->other_time == (uint64_t)expected_other);
                } else {
                        unit_assert(0 == expected_other);
                }
+               sldns_wire2str_dname_buf(tsig->key_name, tsig->key_name_len,
+                       keynm, sizeof(keynm));
+               unit_assert(strcmp(keynm, keyname_dname) == 0);
        } else {
                unit_assert(0 == expected_tsigerr);
                unit_assert(0 == expected_other);
+               unit_assert(strcmp(keyname_dname, ".") == 0);
        }
 
        tsig_delete(tsig);

diff --git a/testdata/tsig_test.1 b/testdata/tsig_test.1
index 0fcde7b3298bac098c243f5afc164503495b6784..e84125964106d00330b4522ffcba25c9436b0cfe 100644 (file)
--- a/testdata/tsig_test.1
+++ b/testdata/tsig_test.1
@@ -49,7 +49,20 @@ c00e00f1bafa240f41ee9cbe507b9802e7070000
 0000
 endpacket
 
-tsig-verify-query test.key 1750419725 0 0 0
+tsig-verify-query test.key 1750419725 NOERROR NOERROR 0
+
+# add some fudge to the time
+packet
+e707002000010000000000020377777707657861
+6d706c65036e6574000001000100002910000000
+000000000474657374036b65790000fa00ff0000
+0000003a08686d61632d6d6435077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+tsig-verify-query test.key 1750419730 NOERROR NOERROR 0
 
 # reply for www.example.net A
 #packet

diff --git a/testdata/tsig_test.2 b/testdata/tsig_test.2
index e5946cfcf54090e38d8e79386a0461f6fd9fc0e9..b4fa1bd1b68f5d8e53b9277ebac0731fd95b8914 100644 (file)
--- a/testdata/tsig_test.2
+++ b/testdata/tsig_test.2
@@ -30,6 +30,8 @@ check-packet
 092d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c0014f493f53a80f43dbd81df4f2feb7064de8247ba0b092d00000000
 endpacket
 
+tsig-verify-query test.key 1750420740 NOERROR NOERROR 0
+
 # reply for www.example.net A
 #packet
 #092d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c001475eace537fd51a9fbf192a10b20bfe824dd20318092d00000000

diff --git a/testdata/tsig_test.3 b/testdata/tsig_test.3
index bb869ae562a51febffba7b360a866462f872eda9..b11c0ed681212c5fc2ea34e84e2ed7071c1cfe2c 100644 (file)
--- a/testdata/tsig_test.3
+++ b/testdata/tsig_test.3
@@ -30,6 +30,8 @@ check-packet
 7e7e0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c03431f500872691d8780dafe326cdbe56ceaaca1d0ea3e3a262848e77e7e00000000
 endpacket
 
+tsig-verify-query test.key 1750421692 NOERROR NOERROR 0
+
 # reply for www.example.net A
 #packet
 #7e7e8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c0fa7ddec264122b5e0c3d1a64ed043c3d68582f0ae2ba2d5b3e186127e7e00000000

diff --git a/testdata/tsig_test.4 b/testdata/tsig_test.4
index f5b00b82891d6b9d20be84670b29271718372cad..a916c442e652b1dfdc1f23f50b6caa1f5148137a 100644 (file)
--- a/testdata/tsig_test.4
+++ b/testdata/tsig_test.4
@@ -30,6 +30,8 @@ check-packet
 c7580000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020aa49c7e324b075dd057aeaba998ee10b6c72f8573f56d3b42fb2f65ee1e81f76c75800000000
 endpacket
 
+tsig-verify-query test.key 1750421767 NOERROR NOERROR 0
+
 # reply for www.example.net A
 #packet
 #c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020a377c921817d4009a6ab35e7f84aa697751b3a976701e8fb6b843965325bf9bdc75800000000

diff --git a/testdata/tsig_test.5 b/testdata/tsig_test.5
index f775b12c6f76a2e2a60c8fe96e94673029fa923f..7f291bc301d4959cc94ad7735352990ece27decb 100644 (file)
--- a/testdata/tsig_test.5
+++ b/testdata/tsig_test.5
@@ -30,6 +30,8 @@ check-packet
 aafc0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00300953f74bcc78dae61e9d93aad74e128dbc240a671de017efd3707235be7890cbf2a51255f5843438fbaa26d04caca506aafc00000000
 endpacket
 
+tsig-verify-query test.key 1750421817 NOERROR NOERROR 0
+
 # reply for www.example.net A
 #packet
 #aafc8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00301e895712f5633d84e82afd7b1dcdd792c5d51532c7a5f52701c9bd464f0d8f6cc735530d16417e8bf3cf104808554642aafc00000000

diff --git a/testdata/tsig_test.6 b/testdata/tsig_test.6
index d26e26b056964b0a792ff344e0cf624c69859ac6..a662abb64e91724976df636b40a890e36da6ef46 100644 (file)
--- a/testdata/tsig_test.6
+++ b/testdata/tsig_test.6
@@ -30,6 +30,8 @@ check-packet
 e74d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040bbc78c7a8019119b79f89f3ed66d874acb3a29bfcd3ac75fce3779d60d41080fe536c03de404a9143314eabce88a0c5eff6204d94d3225cf42327322c8a48acae74d00000000
 endpacket
 
+tsig-verify-query test.key 1750421867 NOERROR NOERROR 0
+
 # reply for www.example.net A
 #packet
 #e74d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040690c00d5e01a382b7a4c07739e0faab1a3c98f5bae1b49213032b7da070c4b985056894e1ebc88468d5d070d0589ea8032fb88f3a1902fa91211d2b4989bbb93e74d00000000