From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Wed, 27 Jan 2021 21:27:42 +0000 (+0100)
Subject: Add a unit test directly testing hashQNameWithSalt()
X-Git-Tag: dnsdist-1.6.0-alpha1^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dc2054695c51413f35ee19a8b05ef7389c3b8c6;p=thirdparty%2Fpdns.git

Add a unit test directly testing hashQNameWithSalt()
---

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 110f5f1dfa..d57a13ae6f 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -491,6 +491,7 @@ string hashQNameWithSalt(const NSEC3PARAMRecordContent& ns3prc, const DNSName& q
 
 string hashQNameWithSalt(const std::string& salt, unsigned int iterations, const DNSName& qname)
 {
+  // rfc5155 section 5
   unsigned int times = iterations;
   unsigned char hash[SHA_DIGEST_LENGTH];
   string toHash(qname.toDNSStringLC() + salt);
diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc
index a2f9626d1d..3d6872309f 100644
--- a/pdns/test-signers.cc
+++ b/pdns/test-signers.cc
@@ -8,10 +8,12 @@
 
 #include <boost/tuple/tuple.hpp>
 
+#include "base32.hh"
 #include "base64.hh"
 #include "dnsseckeeper.hh"
 #include "dnssecinfra.hh"
 #include "misc.hh"
+
 BOOST_AUTO_TEST_SUITE(test_signers)
 
 static const std::string message = "Very good, young padawan.";
@@ -256,4 +258,29 @@ BOOST_AUTO_TEST_CASE(test_ed448_signer) {
 }
 #endif /* defined(HAVE_LIBDECAF) || defined(HAVE_LIBCRYPTO_ED448) */
 
+BOOST_AUTO_TEST_CASE(test_hash_qname_with_salt) {
+  const unsigned char salt[] = { 0xaa, 0xbb, 0xcc, 0xdd };
+  const unsigned int iterations{12};
+  const std::vector<std::pair<std::string, std::string>> namesToHashes = {
+    // rfc5155 appendix A
+    { "example", "0p9mhaveqvm6t7vbl5lop2u3t2rp3tom" },
+    { "a.example", "35mthgpgcu1qg68fab165klnsnk3dpvl" },
+    { "ai.example", "gjeqe526plbf1g8mklp59enfd789njgi" },
+    { "ns1.example", "2t7b4g4vsa5smi47k61mv5bv1a22bojr" },
+    { "ns2.example", "q04jkcevqvmu85r014c7dkba38o0ji5r" },
+    { "w.example", "k8udemvp1j2f7eg6jebps17vp3n8i58h" },
+    { "*.w.example", "r53bq7cc2uvmubfu5ocmm6pers9tk9en" },
+    { "x.w.example", "b4um86eghhds6nea196smvmlo4ors995" },
+    { "y.w.example", "ji6neoaepv8b5o6k4ev33abha8ht9fgc" },
+    { "x.y.w.example", "2vptu5timamqttgl4luu9kg21e0aor3s" },
+    { "xx.example", "t644ebqk9bibcna874givr6joj62mlhv" },
+    { "2t7b4g4vsa5smi47k61mv5bv1a22bojr.example", "kohar7mbb8dc2ce8a9qvl8hon4k53uhi" },
+  };
+
+  for (const auto& [name, expectedHash] : namesToHashes) {
+    auto hash = hashQNameWithSalt(std::string(reinterpret_cast<const char*>(salt), sizeof(salt)), iterations, DNSName(name));
+    BOOST_CHECK_EQUAL(toBase32Hex(hash), expectedHash);
+  }
+}
+
 BOOST_AUTO_TEST_SUITE_END()