From: James Coglan Date: Wed, 12 Jun 2024 16:17:29 +0000 (+0100) Subject: resolved: tests for dns_resource_record_equal(); RRSIG records X-Git-Tag: v257-rc1~843^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c6c48d58ea8e2d473b067767b9c77e6c8440a463;p=thirdparty%2Fsystemd.git resolved: tests for dns_resource_record_equal(); RRSIG records --- diff --git a/src/resolve/test-dns-rr.c b/src/resolve/test-dns-rr.c index 723fb4a5efb..aae46c8fede 100644 --- a/src/resolve/test-dns-rr.c +++ b/src/resolve/test-dns-rr.c @@ -1611,4 +1611,268 @@ TEST(dns_resource_record_equal_naptr_bad_replacement) { ASSERT_FALSE(dns_resource_record_equal(a, b)); } +/* ================================================================ + * dns_resource_record_equal() : RRSIG + * ================================================================ */ + +TEST(dns_resource_record_equal_rrsig_copy) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + ASSERT_TRUE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_type_covered) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.type_covered = DNS_TYPE_AAAA; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_algorithm) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.algorithm = DNSSEC_ALGORITHM_DSA; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_labels) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.labels = 2; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_original_ttl) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.original_ttl = 3601; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_expiration) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.expiration = a->rrsig.expiration + 1; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_inception) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.inception = a->rrsig.inception - 1; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_key_tag) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.key_tag = 0x4321; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_signer) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + free(b->rrsig.signer); + b->rrsig.signer = strdup("www.example.com"); + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + +TEST(dns_resource_record_equal_rrsig_bad_signature) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *a = NULL, *b = NULL; + + a = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_RRSIG, "www.example.com"); + ASSERT_NOT_NULL(a); + a->rrsig.type_covered = DNS_TYPE_A; + a->rrsig.algorithm = DNSSEC_ALGORITHM_ECC; + a->rrsig.labels = 3; + a->rrsig.original_ttl = 3600; + a->rrsig.expiration = 1720361303; + a->rrsig.inception = 1717769303; + a->rrsig.key_tag = 0x1234; + a->rrsig.signer = strdup("example.com"); + + const uint8_t signature[] = { + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + a->rrsig.signature_size = sizeof(signature); + a->rrsig.signature = memdup(signature, a->rrsig.signature_size); + + b = dns_resource_record_copy(a); + ASSERT_NOT_NULL(b); + b->rrsig.signature_size -= 1; + ASSERT_FALSE(dns_resource_record_equal(a, b)); +} + DEFINE_TEST_MAIN(LOG_DEBUG);