From: W.C.A. Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 20 Jun 2025 12:31:44 +0000 (+0200)
Subject: - xfr-tsig, unit tests for md5, sha1, sha224, sha256, sha384 and sha512.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29c8b3edba347c076972bcb16cf751302d98b50d;p=thirdparty%2Funbound.git

- xfr-tsig, unit tests for md5, sha1, sha224, sha256, sha384 and sha512.
---

diff --git a/testcode/unittsig.c b/testcode/unittsig.c
index a352100c7..e53633d41 100644
--- a/testcode/unittsig.c
+++ b/testcode/unittsig.c
@@ -294,7 +294,7 @@ static int
 read_packet_hex(char* line, struct sldns_buffer* buf, FILE* in,
 	const char* fname)
 {
-	char l[1024];
+	char l[102400];
 	char* s;
 	sldns_buffer_clear(buf);
 	if(!read_hex_segment(line, buf)) {
@@ -302,7 +302,7 @@ read_packet_hex(char* line, struct sldns_buffer* buf, FILE* in,
 		return 0;
 	}
 	while(fgets(l, sizeof(l), in)) {
-		line[sizeof(l)-1]=0;
+		l[sizeof(l)-1]=0;
 		s = get_keyword(l);
 		if(strcmp(s, "endpacket") == 0)
 			break;
@@ -459,6 +459,8 @@ handle_tsig_sign_query(char* line, struct tsig_key_table* key_table,
 				ret, expected_result);
 	}
 	unit_assert(ret == expected_result);
+
+	tsig_delete(tsig);
 }
 
 /** Handle one line from the TSIG test file */
@@ -534,4 +536,9 @@ tsig_test(void)
 {
 	unit_show_feature("tsig");
 	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.1");
+	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.2");
+	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.3");
+	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.4");
+	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.5");
+	tsig_test_one(SRCDIRSTR "/testdata/tsig_test.6");
 }
diff --git a/testdata/tsig_test.1 b/testdata/tsig_test.1
new file mode 100644
index 000000000..c636a8639
--- /dev/null
+++ b/testdata/tsig_test.1
@@ -0,0 +1,55 @@
+# Test with algorithm MD5
+file-algorithm md5
+
+tsig-key:
+	name: "test.key"
+	algorithm: md5
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# check with the same contents
+check-packet
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a03010000010000000000010377777707657861
+6d706c65036e657400001000010474657374036b
+65790000fa00ff00000000003a08686d61632d6d
+6435077369672d616c670372656703696e740000
+0068552ab2012c0010d4a4778ce91160dc5dfd85
+7e66f57bda3a0300000000
+endpacket
+
+# www.example.net A
+packet
+e707002000010000000000010377777707657861
+6d706c65036e6574000001000100002910000000
+00000000
+endpacket
+
+tsig-sign-query test.key 1750419725 1
+
+check-packet
+e707002000010000000000020377777707657861
+6d706c65036e6574000001000100002910000000
+000000000474657374036b65790000fa00ff0000
+0000003a08686d61632d6d6435077369672d616c
+670372656703696e740000006855490d012c0010
+c00e00f1bafa240f41ee9cbe507b9802e7070000
+0000
+endpacket
+
+# reply for www.example.net A
+#packet
+#e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000
+#endpacket
diff --git a/testdata/tsig_test.2 b/testdata/tsig_test.2
new file mode 100644
index 000000000..e5946cfcf
--- /dev/null
+++ b/testdata/tsig_test.2
@@ -0,0 +1,36 @@
+# Test with algorithm
+file-algorithm sha1
+
+tsig-key:
+	name: "test.key"
+	algorithm: sha1
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068552ab2012c0014ddea549c7a82a0c4309c0894f884adf9dcf7cd2c3a0300000000
+endpacket
+
+# www.example.net A
+packet
+092d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-sign-query test.key 1750420740 1
+
+check-packet
+092d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c0014f493f53a80f43dbd81df4f2feb7064de8247ba0b092d00000000
+endpacket
+
+# reply for www.example.net A
+#packet
+#092d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000002f09686d61632d7368613100000068554d04012c001475eace537fd51a9fbf192a10b20bfe824dd20318092d00000000
+#endpacket
diff --git a/testdata/tsig_test.3 b/testdata/tsig_test.3
new file mode 100644
index 000000000..bb869ae56
--- /dev/null
+++ b/testdata/tsig_test.3
@@ -0,0 +1,36 @@
+# Test with algorithm
+file-algorithm sha224
+
+tsig-key:
+	name: "test.key"
+	algorithm: sha224
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff0000000000390b686d61632d73686132323400000068552ab2012c001c104d12e4ccab950cb7690233661549b027567ea0c8beb868a7c1c4f33a0300000000
+endpacket
+
+# www.example.net A
+packet
+7e7e0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-sign-query test.key 1750421692 1
+
+check-packet
+7e7e0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c03431f500872691d8780dafe326cdbe56ceaaca1d0ea3e3a262848e77e7e00000000
+endpacket
+
+# reply for www.example.net A
+#packet
+#7e7e8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff0000000000390b686d61632d736861323234000000685550bc012c001c0fa7ddec264122b5e0c3d1a64ed043c3d68582f0ae2ba2d5b3e186127e7e00000000
+#endpacket
diff --git a/testdata/tsig_test.4 b/testdata/tsig_test.4
new file mode 100644
index 000000000..f5b00b828
--- /dev/null
+++ b/testdata/tsig_test.4
@@ -0,0 +1,36 @@
+# Test with algorithm
+file-algorithm sha256
+
+tsig-key:
+	name: "test.key"
+	algorithm: sha256
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068552ab2012c00200c35a60a42461678af59a10fbb1a18dcca69e62d58abdc8be808ab095d4beb403a0300000000
+endpacket
+
+# www.example.net A
+packet
+c7580000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-sign-query test.key 1750421767 1
+
+check-packet
+c7580000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020aa49c7e324b075dd057aeaba998ee10b6c72f8573f56d3b42fb2f65ee1e81f76c75800000000
+endpacket
+
+# reply for www.example.net A
+#packet
+#c7588400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003d0b686d61632d73686132353600000068555107012c0020a377c921817d4009a6ab35e7f84aa697751b3a976701e8fb6b843965325bf9bdc75800000000
+#endpacket
diff --git a/testdata/tsig_test.5 b/testdata/tsig_test.5
new file mode 100644
index 000000000..f775b12c6
--- /dev/null
+++ b/testdata/tsig_test.5
@@ -0,0 +1,36 @@
+# Test with algorithm
+file-algorithm sha384
+
+tsig-key:
+	name: "test.key"
+	algorithm: sha384
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068552ab2012c00302416b7442f06e5ab2f9814d391c48b73384ab59cccc7de20ecad999a38de62aaa1b61ac0cd3df299bab30776c92322f03a0300000000
+endpacket
+
+# www.example.net A
+packet
+aafc0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-sign-query test.key 1750421817 1
+
+check-packet
+aafc0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00300953f74bcc78dae61e9d93aad74e128dbc240a671de017efd3707235be7890cbf2a51255f5843438fbaa26d04caca506aafc00000000
+endpacket
+
+# reply for www.example.net A
+#packet
+#aafc8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000004d0b686d61632d73686133383400000068555139012c00301e895712f5633d84e82afd7b1dcdd792c5d51532c7a5f52701c9bd464f0d8f6cc735530d16417e8bf3cf104808554642aafc00000000
+#endpacket
diff --git a/testdata/tsig_test.6 b/testdata/tsig_test.6
new file mode 100644
index 000000000..d26e26b05
--- /dev/null
+++ b/testdata/tsig_test.6
@@ -0,0 +1,36 @@
+# Test with algorithm
+file-algorithm sha512
+
+tsig-key:
+	name: "test.key"
+	algorithm: sha512
+	secret: "K2tf3TRjvQkVCmJF3/Z9vA=="
+
+packet
+# www.example.net. IN TXT
+3a03010000010000000000000377777707657861
+6d706c65036e65740000100001
+endpacket
+
+# sign the query with <key> <timepoint> <expected function ret>
+tsig-sign-query test.key 1750411954 1
+
+check-packet
+3a030100000100000000000103777777076578616d706c65036e657400001000010474657374036b65790000fa00ff00000000005d0b686d61632d73686135313200000068552ab2012c00403cd816538bec85fea4ae45a6fb2e961622a4dfad2afa69da999c53133d02e9f2ba789a14b489678b83ab319662d2388fcc7286bfa11d88e71614c845e77584c43a0300000000
+endpacket
+
+# www.example.net A
+packet
+e74d0000000100000000000103777777076578616d706c65036e657400000100010000291000000000000000
+endpacket
+
+tsig-sign-query test.key 1750421867 1
+
+check-packet
+e74d0000000100000000000203777777076578616d706c65036e6574000001000100002910000000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040bbc78c7a8019119b79f89f3ed66d874acb3a29bfcd3ac75fce3779d60d41080fe536c03de404a9143314eabce88a0c5eff6204d94d3225cf42327322c8a48acae74d00000000
+endpacket
+
+# reply for www.example.net A
+#packet
+#e74d8400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000005d0b686d61632d7368613531320000006855516b012c0040690c00d5e01a382b7a4c07739e0faab1a3c98f5bae1b49213032b7da070c4b985056894e1ebc88468d5d070d0589ea8032fb88f3a1902fa91211d2b4989bbb93e74d00000000
+#endpacket