test: Add IPCrypt2 tests

diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am
index 19a64dc7eb2d8c59a28838058c77bfca82fba48b..14761865b8308c3471f33e77099edc126a2423bc 100644 (file)
--- a/pdns/dnsdistdist/Makefile.am
+++ b/pdns/dnsdistdist/Makefile.am
@@ -337,6 +337,7 @@ testrunner_SOURCES = \
        dnsdist-edns.cc dnsdist-edns.hh \
        dnsdist-frontend.cc dnsdist-frontend.hh \
        dnsdist-idstate.cc dnsdist-idstate.hh \
+       dnsdist-ipcrypt2.cc dnsdist-ipcrypt2.hh \
        dnsdist-kvs.cc dnsdist-kvs.hh \
        dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \
        dnsdist-lua-bindings-dnsquestion.cc \
@@ -399,6 +400,7 @@ testrunner_SOURCES = \
        test-dnscrypt_cc.cc \
        test-dnsdist-connections-cache.cc \
        test-dnsdist-dnsparser.cc \
+       test-dnsdist-ipcrypt2_cc.cc \
        test-dnsdist-lua-ffi.cc \
        test-dnsdist_cc.cc \
        test-dnsdistasync.cc \
@@ -458,6 +460,7 @@ testrunner_LDADD = \
        $(LUA_LIBS) \
        $(RT_LIBS) \
        $(LIBCAP_LIBS) \
+       $(IPCRYPT2_LIBS) \
        $(ARC4RANDOM_LIBS)
 
 if HAVE_CDB

diff --git a/pdns/dnsdistdist/meson.build b/pdns/dnsdistdist/meson.build
index 4cc1eb63664c5adbd63ad1e7a470707d7963ac47..73cbdf994abab7b325fd3d612aa7efb36c9dfa98 100644 (file)
--- a/pdns/dnsdistdist/meson.build
+++ b/pdns/dnsdistdist/meson.build
@@ -528,6 +528,7 @@ test_sources += files(
   src_dir / 'test-dnsdist_cc.cc',
   src_dir / 'test-dnsdist-connections-cache.cc',
   src_dir / 'test-dnsdist-dnsparser.cc',
+  src_dir / 'test-dnsdist-ipcrypt2_cc.cc',
   src_dir / 'test-dnsdistdynblocks_hh.cc',
   src_dir / 'test-dnsdistedns.cc',
   src_dir / 'test-dnsdistkvs_cc.cc',
@@ -559,6 +560,7 @@ if get_option('unit-tests')
       dependencies: [
           dep_boost,
           dep_boost_test,
+          dep_ipcrypt2,
           dep_lua,
           dep_protozero,
       ],

diff --git a/pdns/dnsdistdist/test-dnsdist-ipcrypt2_cc.cc b/pdns/dnsdistdist/test-dnsdist-ipcrypt2_cc.cc
new file mode 100644 (file)
index 0000000..f5b7aa8
--- /dev/null
+++ b/pdns/dnsdistdist/test-dnsdist-ipcrypt2_cc.cc
@@ -0,0 +1,95 @@
+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#ifndef BOOST_TEST_DYN_LINK
+#define BOOST_TEST_DYN_LINK
+#include "iputils.hh"
+#include <boost/test/tools/old/interface.hpp>
+#include <boost/test/unit_test_suite.hpp>
+#include <stdexcept>
+#endif
+
+#define BOOST_TEST_NO_MAIN
+
+#include <boost/test/unit_test.hpp>
+
+#include "dnsdist-ipcrypt2.hh"
+
+BOOST_AUTO_TEST_SUITE(test_dnsdist_ipcrypt2_cc)
+
+BOOST_AUTO_TEST_CASE(pfx_success)
+{
+  auto ipcrypt = pdns::ipcrypt2::IPCrypt2(pdns::ipcrypt2::IPCryptMethod::pfx, "12345678901234567890123456789012");
+
+  auto encip = ipcrypt.encrypt(ComboAddress("127.0.0.1"));
+  BOOST_CHECK(encip.isIPv4());
+  BOOST_CHECK_NE(ComboAddress("127.0.0.1").toLogString(), encip.toLogString());
+
+  encip = ipcrypt.encrypt(ComboAddress("::1"));
+  BOOST_CHECK(encip.isIPv6());
+  BOOST_CHECK_NE(ComboAddress("::1").toLogString(), encip.toLogString());
+}
+
+BOOST_AUTO_TEST_CASE(pfx_bad_key)
+{
+  BOOST_CHECK_THROW(
+    auto ipcrypt = pdns::ipcrypt2::IPCrypt2(pdns::ipcrypt2::IPCryptMethod::pfx, "notlongenough"), std::runtime_error);
+}
+
+BOOST_AUTO_TEST_CASE(pfx_preserves)
+{
+  auto ipcrypt = pdns::ipcrypt2::IPCrypt2(pdns::ipcrypt2::IPCryptMethod::pfx, "12345678901234567890123456789012");
+
+  auto encip = ipcrypt.encrypt(ComboAddress("127.0.0.1"));
+  BOOST_CHECK(encip.isIPv4());
+  auto encip2 = ipcrypt.encrypt(ComboAddress("127.0.0.2"));
+  BOOST_CHECK(encip2.isIPv4());
+
+  BOOST_CHECK(encip != encip2);
+
+  auto nw = Netmask(encip, 24);
+  BOOST_CHECK(nw.match(encip));
+  BOOST_CHECK(nw.match(encip2));
+}
+
+BOOST_AUTO_TEST_CASE(assignment)
+{
+  std::optional<pdns::ipcrypt2::IPCrypt2> optIPCrypt;
+  optIPCrypt = std::make_optional(pdns::ipcrypt2::IPCrypt2(pdns::ipcrypt2::IPCryptMethod::pfx, "12345678901234567890123456789012"));
+
+  BOOST_CHECK(optIPCrypt.has_value());
+
+  auto encip = optIPCrypt->encrypt(ComboAddress("127.0.0.1"));
+  BOOST_CHECK(encip.isIPv4());
+  BOOST_CHECK_NE(ComboAddress("127.0.0.1").toLogString(), encip.toLogString());
+
+  encip = optIPCrypt->encrypt(ComboAddress("::1"));
+  BOOST_CHECK(encip.isIPv6());
+  BOOST_CHECK_NE(ComboAddress("::1").toLogString(), encip.toLogString());
+}
+
+BOOST_AUTO_TEST_CASE(unsupported_method)
+{
+  BOOST_CHECK_THROW(
+    auto ipcrypt = pdns::ipcrypt2::IPCrypt2(pdns::ipcrypt2::IPCryptMethod::deterministic, ""), std::runtime_error);
+}
+
+BOOST_AUTO_TEST_SUITE_END()