mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 01:59:26 +00:00
ef7aba7072
The OpenSSL 1.x Engines support has been deprecated in the OpenSSL 3.x and is going to be removed. Remove the OpenSSL Engine support in favor of OpenSSL Providers.
219 lines
5.1 KiB
C
219 lines
5.1 KiB
C
/*
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
*
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
* information regarding copyright ownership.
|
|
*/
|
|
|
|
#include <inttypes.h>
|
|
#include <sched.h> /* IWYU pragma: keep */
|
|
#include <setjmp.h>
|
|
#include <stdarg.h>
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
#define UNIT_TESTING
|
|
#include <cmocka.h>
|
|
|
|
#include <isc/buffer.h>
|
|
#include <isc/util.h>
|
|
|
|
#include <dns/nsec3.h>
|
|
#include <dns/private.h>
|
|
#include <dns/rdataclass.h>
|
|
#include <dns/rdatatype.h>
|
|
|
|
#include <dst/dst.h>
|
|
|
|
#include <tests/dns.h>
|
|
|
|
static dns_rdatatype_t privatetype = 65534;
|
|
|
|
static int
|
|
setup_test(void **state) {
|
|
isc_result_t result;
|
|
|
|
UNUSED(state);
|
|
|
|
result = dst_lib_init(mctx);
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
return (1);
|
|
}
|
|
|
|
return (0);
|
|
}
|
|
|
|
static int
|
|
teardown_test(void **state) {
|
|
UNUSED(state);
|
|
|
|
dst_lib_destroy();
|
|
|
|
return (0);
|
|
}
|
|
|
|
typedef struct {
|
|
unsigned char alg;
|
|
dns_keytag_t keyid;
|
|
bool remove;
|
|
bool complete;
|
|
} signing_testcase_t;
|
|
|
|
typedef struct {
|
|
unsigned char hash;
|
|
unsigned char flags;
|
|
unsigned int iterations;
|
|
unsigned long salt;
|
|
bool remove;
|
|
bool pending;
|
|
bool nonsec;
|
|
} nsec3_testcase_t;
|
|
|
|
static void
|
|
make_signing(signing_testcase_t *testcase, dns_rdata_t *private,
|
|
unsigned char *buf, size_t len) {
|
|
dns_rdata_init(private);
|
|
|
|
buf[0] = testcase->alg;
|
|
buf[1] = (testcase->keyid & 0xff00) >> 8;
|
|
buf[2] = (testcase->keyid & 0xff);
|
|
buf[3] = testcase->remove;
|
|
buf[4] = testcase->complete;
|
|
private->data = buf;
|
|
private->length = len;
|
|
private->type = privatetype;
|
|
private->rdclass = dns_rdataclass_in;
|
|
}
|
|
|
|
static void
|
|
make_nsec3(nsec3_testcase_t *testcase, dns_rdata_t *private,
|
|
unsigned char *pbuf) {
|
|
dns_rdata_nsec3param_t params;
|
|
dns_rdata_t nsec3param = DNS_RDATA_INIT;
|
|
unsigned char bufdata[BUFSIZ];
|
|
isc_buffer_t buf;
|
|
uint32_t salt;
|
|
unsigned char *sp;
|
|
int slen = 4;
|
|
|
|
/* for simplicity, we're using a maximum salt length of 4 */
|
|
salt = htonl(testcase->salt);
|
|
sp = (unsigned char *)&salt;
|
|
while (slen > 0 && *sp == '\0') {
|
|
slen--;
|
|
sp++;
|
|
}
|
|
|
|
params.common.rdclass = dns_rdataclass_in;
|
|
params.common.rdtype = dns_rdatatype_nsec3param;
|
|
params.hash = testcase->hash;
|
|
params.iterations = testcase->iterations;
|
|
params.salt = sp;
|
|
params.salt_length = slen;
|
|
|
|
params.flags = testcase->flags;
|
|
if (testcase->remove) {
|
|
params.flags |= DNS_NSEC3FLAG_REMOVE;
|
|
if (testcase->nonsec) {
|
|
params.flags |= DNS_NSEC3FLAG_NONSEC;
|
|
}
|
|
} else {
|
|
params.flags |= DNS_NSEC3FLAG_CREATE;
|
|
if (testcase->pending) {
|
|
params.flags |= DNS_NSEC3FLAG_INITIAL;
|
|
}
|
|
}
|
|
|
|
isc_buffer_init(&buf, bufdata, sizeof(bufdata));
|
|
dns_rdata_fromstruct(&nsec3param, dns_rdataclass_in,
|
|
dns_rdatatype_nsec3param, ¶ms, &buf);
|
|
|
|
dns_rdata_init(private);
|
|
|
|
dns_nsec3param_toprivate(&nsec3param, private, privatetype, pbuf,
|
|
DNS_NSEC3PARAM_BUFFERSIZE + 1);
|
|
}
|
|
|
|
/* convert private signing records to text */
|
|
ISC_RUN_TEST_IMPL(private_signing_totext) {
|
|
dns_rdata_t private;
|
|
int i;
|
|
|
|
signing_testcase_t testcases[] = { { DST_ALG_RSASHA512, 12345, 0, 0 },
|
|
{ DST_ALG_RSASHA256, 54321, 1, 0 },
|
|
{ DST_ALG_NSEC3RSASHA1, 22222, 0,
|
|
1 },
|
|
{ DST_ALG_RSASHA1, 33333, 1, 1 } };
|
|
const char *results[] = { "Signing with key 12345/RSASHA512",
|
|
"Removing signatures for key 54321/RSASHA256",
|
|
"Done signing with key 22222/NSEC3RSASHA1",
|
|
("Done removing signatures for key "
|
|
"33333/RSASHA1") };
|
|
int ncases = 4;
|
|
|
|
UNUSED(state);
|
|
|
|
for (i = 0; i < ncases; i++) {
|
|
unsigned char data[5];
|
|
char output[BUFSIZ];
|
|
isc_buffer_t buf;
|
|
|
|
isc_buffer_init(&buf, output, sizeof(output));
|
|
|
|
make_signing(&testcases[i], &private, data, sizeof(data));
|
|
dns_private_totext(&private, &buf);
|
|
assert_string_equal(output, results[i]);
|
|
}
|
|
}
|
|
|
|
/* convert private chain records to text */
|
|
ISC_RUN_TEST_IMPL(private_nsec3_totext) {
|
|
dns_rdata_t private;
|
|
int i;
|
|
|
|
nsec3_testcase_t testcases[] = {
|
|
{ 1, 0, 1, 0xbeef, 0, 0, 0 },
|
|
{ 1, 1, 10, 0xdadd, 0, 0, 0 },
|
|
{ 1, 0, 20, 0xbead, 0, 1, 0 },
|
|
{ 1, 0, 30, 0xdeaf, 1, 0, 0 },
|
|
{ 1, 0, 100, 0xfeedabee, 1, 0, 1 },
|
|
};
|
|
const char *results[] = { "Creating NSEC3 chain 1 0 1 BEEF",
|
|
"Creating NSEC3 chain 1 1 10 DADD",
|
|
"Pending NSEC3 chain 1 0 20 BEAD",
|
|
("Removing NSEC3 chain 1 0 30 DEAF / "
|
|
"creating NSEC chain"),
|
|
"Removing NSEC3 chain 1 0 100 FEEDABEE" };
|
|
int ncases = 5;
|
|
|
|
UNUSED(state);
|
|
|
|
for (i = 0; i < ncases; i++) {
|
|
unsigned char data[DNS_NSEC3PARAM_BUFFERSIZE + 1];
|
|
char output[BUFSIZ];
|
|
isc_buffer_t buf;
|
|
|
|
isc_buffer_init(&buf, output, sizeof(output));
|
|
|
|
make_nsec3(&testcases[i], &private, data);
|
|
dns_private_totext(&private, &buf);
|
|
assert_string_equal(output, results[i]);
|
|
}
|
|
}
|
|
|
|
ISC_TEST_LIST_START
|
|
ISC_TEST_ENTRY_CUSTOM(private_signing_totext, setup_test, teardown_test)
|
|
ISC_TEST_ENTRY_CUSTOM(private_nsec3_totext, setup_test, teardown_test)
|
|
ISC_TEST_LIST_END
|
|
|
|
ISC_TEST_MAIN
|