- xfr-tsig, unit test for tsig_verify_reply.

diff --git a/testcode/unittsig.c b/testcode/unittsig.c
index dda0c2aff228b1bcf141cad89991129def420c7c..a57c8f60216530a2a3b4ba415ea87d20dc49a38b 100644 (file)
--- a/testcode/unittsig.c
+++ b/testcode/unittsig.c
@@ -118,6 +118,15 @@ static int vtest = 0;
  *     buffer. The expected rcode is the result of the verify,
  *     the expected result2 is the result of the sign. If that differs
  *     the test fails.
+ * tsig-verify-reply <key> <time> <expected result> <expected result2>
+ * <hex>
+ * endpacket
+ *     The data from previous packet in the buffer is used with
+ *     tsig-sign-query. Then the hex data is the reply, it is used
+ *     with tsig-verify-reply. It TSIG signs with key name, at timestamp
+ *     in secs. The result of the sign call is compared with the
+ *     expected result, the result of the verify call is compared with
+ *     the expected result2, and the test fails if not equal.
  *
  */
 
@@ -880,6 +889,97 @@ handle_tsig_sign_reply(char* line, FILE* in, const char* fname,
        sldns_buffer_copy(pkt, &reply_pkt);
 }
 
+/** Handle the tsig-verify-reply */
+static void
+handle_tsig_verify_reply(char* line, FILE* in, const char* fname,
+       struct tsig_key_table* key_table, struct sldns_buffer* pkt)
+{
+       char* arg = get_arg_on_line(line, "tsig-verify-reply");
+       char* s, *keyname, *timestr, *expectedstr, *expectedstr2;
+       int expected_result, expected_result2, ret;
+       uint64_t timepoint;
+       struct tsig_data* tsig;
+       size_t pos;
+       uint8_t buf[65536];
+       sldns_buffer reply_pkt;
+
+       s = arg;
+       keyname = get_next_arg_on_line(&s);
+       timestr = get_next_arg_on_line(&s);
+       expectedstr = get_next_arg_on_line(&s);
+       expectedstr2 = get_next_arg_on_line(&s);
+
+       timepoint = (uint64_t)atoll(timestr);
+       if(timepoint == 0 && strcmp(timestr, "0") != 0)
+               fatal_exit("expected time argument for %s", timestr);
+       expected_result = atoi(expectedstr);
+       if(expected_result == 0 && strcmp(expectedstr, "0") != 0)
+               fatal_exit("expected int argument for %s", expectedstr);
+       expected_result2 = atoi(expectedstr2);
+       if(expected_result2 == 0 && strcmp(expectedstr2, "0") != 0)
+               fatal_exit("expected int argument for %s", expectedstr2);
+
+       sldns_buffer_init_frm_data(&reply_pkt, buf, sizeof(buf));
+       if(!read_packet_hex("", &reply_pkt, in, fname))
+               fatal_exit("Could not read reply packet");
+       if(vtest >= 2) {
+               char* str = sldns_wire2str_pkt(sldns_buffer_begin(&reply_pkt),
+                       sldns_buffer_limit(&reply_pkt));
+               if(str)
+                       printf("reply packet: %s\n", str);
+               else
+                       printf("could not wire2str_pkt\n");
+               free(str);
+       }
+
+       if(vtest) {
+               printf("tsig-verify-reply with %s %d %d %d\n", keyname,
+                       (int)timepoint, expected_result, expected_result2);
+       }
+
+       tsig = tsig_create_fromstr(key_table, keyname);
+       if(!tsig)
+               fatal_exit("alloc fail or key not found %s", keyname);
+
+       /* Put position at the end of the packet to sign it. */
+       pos = sldns_buffer_limit(pkt);
+       sldns_buffer_clear(pkt);
+       sldns_buffer_set_position(pkt, pos);
+
+       ret = tsig_sign_query(tsig, pkt, key_table, timepoint);
+       sldns_buffer_flip(pkt);
+
+       if(vtest) {
+               if(ret == expected_result)
+                       printf("function ok, %s\n", (ret?"success":"fail"));
+               else
+                       printf("function returned %d, expected result %d\n",
+                               ret, expected_result);
+       }
+       unit_assert(ret == expected_result);
+
+       /* Verify the reply */
+       /* Put position before TSIG */
+       if(!tsig_find_rr(&reply_pkt)) {
+               if(vtest)
+                       printf("tsig-verify-reply found no TSIG RR\n");
+               unit_assert(0);
+               return;
+       }
+       ret = tsig_parse_verify_reply(tsig, &reply_pkt, key_table, timepoint);
+
+       if(vtest) {
+               if(ret == expected_result2)
+                       printf("function ok, %s\n", (ret?"success":"fail"));
+               else
+                       printf("function returned %d, expected result2 %d\n",
+                               ret, expected_result2);
+       }
+       unit_assert(ret == expected_result2);
+
+       tsig_delete(tsig);
+}
+
 /** Handle one line from the TSIG test file */
 static void
 handle_line(char* line, struct tsig_key_table* key_table,
@@ -908,7 +1008,9 @@ handle_line(char* line, struct tsig_key_table* key_table,
        } else if(strncmp(s, "tsig-verify-shared", 18) == 0) {
                handle_tsig_verify_shared(s, key_table, pkt);
        } else if(strncmp(s, "tsig-sign-reply", 15) == 0) {
-               handle_tsig_sign_reply(s, in,fname, key_table, pkt);
+               handle_tsig_sign_reply(s, in, fname, key_table, pkt);
+       } else if(strncmp(s, "tsig-verify-reply", 17) == 0) {
+               handle_tsig_verify_reply(s, in, fname, key_table, pkt);
        } else if(strncmp(s, "#", 1) == 0) {
                /* skip comment */
        } else if(strcmp(s, "") == 0) {

diff --git a/testdata/tsig_test.1 b/testdata/tsig_test.1
index d74bd107651b422e38ea22b2822bdc155b445011..1f1ee27790e80fd644b472f98feb3104cf3a61aa 100644 (file)
--- a/testdata/tsig_test.1
+++ b/testdata/tsig_test.1
@@ -163,3 +163,14 @@ endpacket
 check-packet
 e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000
 endpacket
+
+# www.example.net A
+packet
+e707002000010000000000010377777707657861
+6d706c65036e6574000001000100002910000000
+00000000
+endpacket
+
+tsig-verify-reply test.key 1750419725 1 1
+e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000
+endpacket

diff --git a/testdata/tsig_test.2 b/testdata/tsig_test.2
index 552b0b16f5ccf90b817298b08c7461a0279e6d80..951f81404a1994c879d3b7570efe464ffb302b3d 100644 (file)
--- a/testdata/tsig_test.2
+++ b/testdata/tsig_test.2
@@ -46,3 +46,12 @@ endpacket
 check-packet
 092d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c001475eace537fd51a9fbf192a10b20bfe824dd20318092d00000000
 endpacket
+
+# www.example.net A
+packet
+092d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-verify-reply test.key 1750420740 1 1
+092d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c001475eace537fd51a9fbf192a10b20bfe824dd20318092d00000000
+endpacket

diff --git a/testdata/tsig_test.3 b/testdata/tsig_test.3
index 3d5cd618ec09b1b244616376b6c7ce5b040cf323..505ff2b32f4819dd8fe58b419a902981cf870b65 100644 (file)
--- a/testdata/tsig_test.3
+++ b/testdata/tsig_test.3
@@ -46,3 +46,12 @@ endpacket
 check-packet
 7e7e8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c0fa7ddec264122b5e0c3d1a64ed043c3d68582f0ae2ba2d5b3e186127e7e00000000
 endpacket
+
+# www.example.net A
+packet
+7e7e0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-verify-reply test.key 1750421692 1 1
+7e7e8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c0fa7ddec264122b5e0c3d1a64ed043c3d68582f0ae2ba2d5b3e186127e7e00000000
+endpacket

diff --git a/testdata/tsig_test.4 b/testdata/tsig_test.4
index f5b1a4b493fef6131ac6dad2ce66f541e2a9f0a0..4fff7844f8038bc9b8530da9ec8e1986ec770211 100644 (file)
--- a/testdata/tsig_test.4
+++ b/testdata/tsig_test.4
@@ -58,3 +58,12 @@ c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100
 endpacket
 
 tsig-verify-shared test.key 1750411954 0
+
+# www.example.net A
+packet
+c7580000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-verify-reply test.key 1750421767 1 1
+c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020a377c921817d4009a6ab35e7f84aa697751b3a976701e8fb6b843965325bf9bdc75800000000
+endpacket

diff --git a/testdata/tsig_test.5 b/testdata/tsig_test.5
index 5cfcb59cec394fba30c359a30b3f3a22103cae5a..ba9253a0f25a87ce26859fe12ffd34e9d73701c0 100644 (file)
--- a/testdata/tsig_test.5
+++ b/testdata/tsig_test.5
@@ -46,3 +46,12 @@ endpacket
 check-packet
 aafc8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00301e895712f5633d84e82afd7b1dcdd792c5d51532c7a5f52701c9bd464f0d8f6cc735530d16417e8bf3cf104808554642aafc00000000
 endpacket
+
+# www.example.net A
+packet
+aafc0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-verify-reply test.key 1750421817 1 1
+aafc8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00301e895712f5633d84e82afd7b1dcdd792c5d51532c7a5f52701c9bd464f0d8f6cc735530d16417e8bf3cf104808554642aafc00000000
+endpacket

diff --git a/testdata/tsig_test.6 b/testdata/tsig_test.6
index e04a07f90ab462c1862f08093206bbe114cad3de..efe15d73beceaf80820850c561e939739358b80c 100644 (file)
--- a/testdata/tsig_test.6
+++ b/testdata/tsig_test.6
@@ -46,3 +46,12 @@ endpacket
 check-packet
 e74d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040690c00d5e01a382b7a4c07739e0faab1a3c98f5bae1b49213032b7da070c4b985056894e1ebc88468d5d070d0589ea8032fb88f3a1902fa91211d2b4989bbb93e74d00000000
 endpacket
+
+# www.example.net A
+packet
+e74d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-verify-reply test.key 1750421867 1 1
+e74d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040690c00d5e01a382b7a4c07739e0faab1a3c98f5bae1b49213032b7da070c4b985056894e1ebc88468d5d070d0589ea8032fb88f3a1902fa91211d2b4989bbb93e74d00000000
+endpacket