]> git.ipfire.org Git - thirdparty/unbound.git/commitdiff
projects / thirdparty / unbound.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0719ef2)
- xfr-tsig, unit test cases for tsig errors.
authorW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 25 Jun 2025 12:03:12 +0000 (14:03 +0200)
committerW.C.A. Wijngaards <wouter@nlnetlabs.nl>
Wed, 25 Jun 2025 12:03:12 +0000 (14:03 +0200)
testcode/unitmain.c patch | blob | blame | history
testcode/unittsig.c patch | blob | blame | history
testdata/tsig_test.1 patch | blob | blame | history

diff --git a/testcode/unitmain.c b/testcode/unitmain.c
index e88313ee77f4d6efd5daa9aac179c3d2df872aa3..acccc1c05ac320d42d483fda04361519bd8ca349 100644 (file)
--- a/testcode/unitmain.c
+++ b/testcode/unitmain.c
@@ -1333,6 +1333,7 @@ main(int argc, char* argv[])
        if(NSS_NoDB_Init(".") != SECSuccess)
                fatal_exit("could not init NSS");
 #endif /* HAVE_SSL or HAVE_NSS*/
+#if 0 // DEBUG
        authzone_test();
        neg_test();
        rnd_test();
@@ -1362,6 +1363,7 @@ main(int argc, char* argv[])
 #ifdef HAVE_NGTCP2
        doq_test();
 #endif /* HAVE_NGTCP2 */
+#endif // DEBUG
        tsig_test();
        if(log_get_lock()) {
                lock_basic_destroy((lock_basic_type*)log_get_lock());
diff --git a/testcode/unittsig.c b/testcode/unittsig.c
index 172c8fc9640dc71baf8ebd8d5232d4f07429f561..a4026118f75166338aad3e27503cb18cada2c419 100644 (file)
--- a/testcode/unittsig.c
+++ b/testcode/unittsig.c
@@ -52,7 +52,7 @@
 #define SRCDIRSTR xstr(SRCDIR)
 
 /** verbosity for this file, 0 no, 1 print some, 2 print packet dumps */
-static int vtest = 0;
+static int vtest = 2;
 
 /**
  * Content of the TSIG test files.
@@ -732,6 +732,8 @@ tsig_test_one(const char* fname)
 void
 tsig_test(void)
 {
+       verbosity = 4; // DEBUG
+       log_file(stdout); // DEBUG
        unit_show_feature("tsig");
        tsig_test_one(SRCDIRSTR "/testdata/tsig_test.1");
        tsig_test_one(SRCDIRSTR "/testdata/tsig_test.2");
diff --git a/testdata/tsig_test.1 b/testdata/tsig_test.1
index e84125964106d00330b4522ffcba25c9436b0cfe..8703f6f5a12d3f1fc23b54fd153ec211038f6aa1 100644 (file)
--- a/testdata/tsig_test.1
+++ b/testdata/tsig_test.1
@@ -64,6 +64,59 @@ endpacket
 
 tsig-verify-query test.key 1750419730 NOERROR NOERROR 0
 
+# purposely make a bad digest
+# changed 'www' (0x777777) to 'aaa' (0x616161)
+packet
+e707002000010000000000020361616107657861
+6d706c65036e6574000001000100002910000000
+000000000474657374036b65790000fa00ff0000
+0000003a08686d61632d6d6435077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+tsig-verify-query test.key 1750419725 NOTAUTH BADSIG 0
+
+# the wrong time is used, outside of the fudge region
+packet
+e707002000010000000000020377777707657861
+6d706c65036e6574000001000100002910000000
+000000000474657374036b65790000fa00ff0000
+0000003a08686d61632d6d6435077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+tsig-verify-query test.key 1750819725 NOTAUTH BADTIME 1750819725
+
+# An unknown key is used, 2222.key
+packet
+e707002000010000000000020377777707657861
+6d706c65036e6574000001000100002910000000
+000000000432323232036b65790000fa00ff0000
+0000003a08686d61632d6d6435077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+tsig-verify-query 2222.key 1750419725 NOTAUTH BADKEY 0
+
+# An unknown algorithm is used, hmac-UNK, 554e4b
+packet
+e707002000010000000000020377777707657861
+6d706c65036e6574000001000100002910000000
+000000000474657374036b65790000fa00ff0000
+0000003a08686d61632d554e4b077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+tsig-verify-query test.key 1750419725 NOTAUTH BADKEY 0
+
 # reply for www.example.net A
 #packet
 #e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000
Mirror of https://github.com/NLnetLabs/unbound.git