diff options
Diffstat (limited to 'lib/dns/tests/nsec3_test.c')
| -rw-r--r-- | lib/dns/tests/nsec3_test.c | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/lib/dns/tests/nsec3_test.c b/lib/dns/tests/nsec3_test.c new file mode 100644 index 0000000..8a53344 --- /dev/null +++ b/lib/dns/tests/nsec3_test.c @@ -0,0 +1,207 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + + +/*! \file */ + +#include <config.h> + +#include <atf-c.h> + +#include <unistd.h> + +#include <dns/db.h> +#include <dns/nsec3.h> + +#include "dnstest.h" + +#if defined(OPENSSL) || defined(PKCS11CRYPTO) +/* + * Helper functions + */ + +static void +iteration_test(const char *file, unsigned int expected) { + isc_result_t result; + dns_db_t *db = NULL; + unsigned int iterations; + + result = dns_test_loaddb(&db, dns_dbtype_zone, "test", file); + ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "%s", file); + + result = dns_nsec3_maxiterations(db, NULL, mctx, &iterations); + ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, "%s", file); + + ATF_CHECK_EQ_MSG(iterations, expected, "%s", file); + + dns_db_detach(&db); +} + +/*% + * Structure containing parameters for nsec3param_salttotext_test(). + */ +typedef struct { + const char *nsec3param_text; /* NSEC3PARAM RDATA in text form */ + const char *expected_salt; /* string expected in target buffer */ +} nsec3param_salttotext_test_params_t; + +/*% + * Check whether dns_nsec3param_salttotext() handles supplied text form + * NSEC3PARAM RDATA correctly: test whether the result of calling the former is + * as expected and whether it properly checks available buffer space. + * + * Assumes supplied text form NSEC3PARAM RDATA is valid as testing handling of + * invalid NSEC3PARAM RDATA is out of scope of this unit test. + */ +static void +nsec3param_salttotext_test(const nsec3param_salttotext_test_params_t *params) { + dns_rdata_t rdata = DNS_RDATA_INIT; + dns_rdata_nsec3param_t nsec3param; + unsigned char buf[1024]; + isc_result_t result; + char salt[64]; + size_t length; + + /* + * Prepare a dns_rdata_nsec3param_t structure for testing. + */ + result = dns_test_rdatafromstring(&rdata, dns_rdataclass_in, + dns_rdatatype_nsec3param, buf, + sizeof(buf), + params->nsec3param_text); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + result = dns_rdata_tostruct(&rdata, &nsec3param, NULL); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + + /* + * Check typical use. + */ + result = dns_nsec3param_salttotext(&nsec3param, salt, sizeof(salt)); + ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, + "\"%s\": expected success, got %s\n", + params->nsec3param_text, isc_result_totext(result)); + ATF_CHECK_EQ_MSG(strcmp(salt, params->expected_salt), 0, + "\"%s\": expected salt \"%s\", got \"%s\"", + params->nsec3param_text, params->expected_salt, salt); + + /* + * Ensure available space in the buffer is checked before the salt is + * printed to it and that the amount of space checked for includes the + * terminating NULL byte. + */ + length = strlen(params->expected_salt); + ATF_REQUIRE(length < sizeof(salt) - 1); /* prevent buffer overwrite */ + ATF_REQUIRE(length > 0U); /* prevent length underflow */ + + result = dns_nsec3param_salttotext(&nsec3param, salt, length - 1); + ATF_CHECK_EQ_MSG(result, ISC_R_NOSPACE, + "\"%s\": expected a %lu-byte target buffer to be " + "rejected, got %s\n", + params->nsec3param_text, (unsigned long)(length - 1), + isc_result_totext(result)); + result = dns_nsec3param_salttotext(&nsec3param, salt, length); + ATF_CHECK_EQ_MSG(result, ISC_R_NOSPACE, + "\"%s\": expected a %lu-byte target buffer to be " + "rejected, got %s\n", + params->nsec3param_text, (unsigned long)length, + isc_result_totext(result)); + result = dns_nsec3param_salttotext(&nsec3param, salt, length + 1); + ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS, + "\"%s\": expected a %lu-byte target buffer to be " + "accepted, got %s\n", + params->nsec3param_text, (unsigned long)(length + 1), + isc_result_totext(result)); +} + +/* + * Individual unit tests + */ + +ATF_TC(max_iterations); +ATF_TC_HEAD(max_iterations, tc) { + atf_tc_set_md_var(tc, "descr", "check that appropriate max iterations " + " is returned for different key size mixes"); +} +ATF_TC_BODY(max_iterations, tc) { + isc_result_t result; + + UNUSED(tc); + + result = dns_test_begin(NULL, false); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + + iteration_test("testdata/nsec3/1024.db", 150); + iteration_test("testdata/nsec3/2048.db", 500); + iteration_test("testdata/nsec3/4096.db", 2500); + iteration_test("testdata/nsec3/min-1024.db", 150); + iteration_test("testdata/nsec3/min-2048.db", 500); + + dns_test_end(); +} + +ATF_TC(nsec3param_salttotext); +ATF_TC_HEAD(nsec3param_salttotext, tc) { + atf_tc_set_md_var(tc, "descr", "check dns_nsec3param_salttotext()"); +} +ATF_TC_BODY(nsec3param_salttotext, tc) { + isc_result_t result; + size_t i; + + const nsec3param_salttotext_test_params_t tests[] = { + /* + * Tests with non-empty salts. + */ + { "0 0 10 0123456789abcdef", "0123456789ABCDEF" }, + { "0 1 11 0123456789abcdef", "0123456789ABCDEF" }, + { "1 0 12 42", "42" }, + { "1 1 13 42", "42" }, + /* + * Test with empty salt. + */ + { "0 0 0 -", "-" }, + }; + + UNUSED(tc); + + result = dns_test_begin(NULL, false); + ATF_REQUIRE_EQ(result, ISC_R_SUCCESS); + + for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) { + nsec3param_salttotext_test(&tests[i]); + } + + dns_test_end(); +} +#else +ATF_TC(untested); +ATF_TC_HEAD(untested, tc) { + atf_tc_set_md_var(tc, "descr", "skipping nsec3 test"); +} +ATF_TC_BODY(untested, tc) { + UNUSED(tc); + atf_tc_skip("DNSSEC not available"); +} +#endif + +/* + * Main + */ +ATF_TP_ADD_TCS(tp) { +#if defined(OPENSSL) || defined(PKCS11CRYPTO) + ATF_TP_ADD_TC(tp, max_iterations); + ATF_TP_ADD_TC(tp, nsec3param_salttotext); +#else + ATF_TP_ADD_TC(tp, untested); +#endif + + return (atf_no_error()); +} + |