From: W.C.A. Wijngaards Date: Wed, 25 Jun 2025 12:03:12 +0000 (+0200) Subject: - xfr-tsig, unit test cases for tsig errors. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47a2d71fd317801c8b28bfd919655eccf494bc67;p=thirdparty%2Funbound.git - xfr-tsig, unit test cases for tsig errors. --- diff --git a/testcode/unitmain.c b/testcode/unitmain.c index e88313ee7..acccc1c05 100644 --- a/testcode/unitmain.c +++ b/testcode/unitmain.c @@ -1333,6 +1333,7 @@ main(int argc, char* argv[]) if(NSS_NoDB_Init(".") != SECSuccess) fatal_exit("could not init NSS"); #endif /* HAVE_SSL or HAVE_NSS*/ +#if 0 // DEBUG authzone_test(); neg_test(); rnd_test(); @@ -1362,6 +1363,7 @@ main(int argc, char* argv[]) #ifdef HAVE_NGTCP2 doq_test(); #endif /* HAVE_NGTCP2 */ +#endif // DEBUG tsig_test(); if(log_get_lock()) { lock_basic_destroy((lock_basic_type*)log_get_lock()); diff --git a/testcode/unittsig.c b/testcode/unittsig.c index 172c8fc96..a4026118f 100644 --- a/testcode/unittsig.c +++ b/testcode/unittsig.c @@ -52,7 +52,7 @@ #define SRCDIRSTR xstr(SRCDIR) /** verbosity for this file, 0 no, 1 print some, 2 print packet dumps */ -static int vtest = 0; +static int vtest = 2; /** * Content of the TSIG test files. @@ -732,6 +732,8 @@ tsig_test_one(const char* fname) void tsig_test(void) { + verbosity = 4; // DEBUG + log_file(stdout); // DEBUG unit_show_feature("tsig"); tsig_test_one(SRCDIRSTR "/testdata/tsig_test.1"); tsig_test_one(SRCDIRSTR "/testdata/tsig_test.2"); diff --git a/testdata/tsig_test.1 b/testdata/tsig_test.1 index e84125964..8703f6f5a 100644 --- a/testdata/tsig_test.1 +++ b/testdata/tsig_test.1 @@ -64,6 +64,59 @@ endpacket tsig-verify-query test.key 1750419730 NOERROR NOERROR 0 +# purposely make a bad digest +# changed 'www' (0x777777) to 'aaa' (0x616161) +packet +e707002000010000000000020361616107657861 +6d706c65036e6574000001000100002910000000 +000000000474657374036b65790000fa00ff0000 +0000003a08686d61632d6d6435077369672d616c +670372656703696e740000006855490d012c0010 +c00e00f1bafa240f41ee9cbe507b9802e7070000 +0000 +endpacket + +tsig-verify-query test.key 1750419725 NOTAUTH BADSIG 0 + +# the wrong time is used, outside of the fudge region +packet +e707002000010000000000020377777707657861 +6d706c65036e6574000001000100002910000000 +000000000474657374036b65790000fa00ff0000 +0000003a08686d61632d6d6435077369672d616c +670372656703696e740000006855490d012c0010 +c00e00f1bafa240f41ee9cbe507b9802e7070000 +0000 +endpacket + +tsig-verify-query test.key 1750819725 NOTAUTH BADTIME 1750819725 + +# An unknown key is used, 2222.key +packet +e707002000010000000000020377777707657861 +6d706c65036e6574000001000100002910000000 +000000000432323232036b65790000fa00ff0000 +0000003a08686d61632d6d6435077369672d616c +670372656703696e740000006855490d012c0010 +c00e00f1bafa240f41ee9cbe507b9802e7070000 +0000 +endpacket + +tsig-verify-query 2222.key 1750419725 NOTAUTH BADKEY 0 + +# An unknown algorithm is used, hmac-UNK, 554e4b +packet +e707002000010000000000020377777707657861 +6d706c65036e6574000001000100002910000000 +000000000474657374036b65790000fa00ff0000 +0000003a08686d61632d554e4b077369672d616c +670372656703696e740000006855490d012c0010 +c00e00f1bafa240f41ee9cbe507b9802e7070000 +0000 +endpacket + +tsig-verify-query test.key 1750419725 NOTAUTH BADKEY 0 + # reply for www.example.net A #packet #e7078400000100010000000203777777076578616d706c65036e65740000010001c00c0001000100000e1000040a141e2800002904d00000000000000474657374036b65790000fa00ff00000000003a08686d61632d6d6435077369672d616c670372656703696e740000006855490d012c0010dc3c138476fcb04cc138aa5c59647b86e70700000000