summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/libdnssec/sample_keys.h (renamed from tests/libdnssec/sample_keys.h)4
-rw-r--r--tests/Makefile.am1
-rw-r--r--tests/Makefile.in1
-rw-r--r--tests/knot/semantic_check_data/nsec_nonauth.invalid27
-rw-r--r--tests/knot/test_semantic_check.in2
-rw-r--r--tests/libdnssec/test_key.c4
-rw-r--r--tests/libdnssec/test_key_ds.c4
-rw-r--r--tests/libdnssec/test_keystore_pkcs11.c5
-rw-r--r--tests/libdnssec/test_sign.c6
-rw-r--r--tests/libknot/test_xdp_tcp.c17
-rw-r--r--tests/libzscanner/TESTS1
-rw-r--r--tests/libzscanner/data/57_SVCB.in9
-rw-r--r--tests/libzscanner/data/57_SVCB.out28
-rw-r--r--tests/libzscanner/data/59_WALLET.in14
-rw-r--r--tests/libzscanner/data/59_WALLET.out32
-rw-r--r--tests/libzscanner/test_zscanner.in2
16 files changed, 139 insertions, 18 deletions
diff --git a/tests/libdnssec/sample_keys.h b/src/libdnssec/sample_keys.h
index cd9f18f..5b6155e 100644
--- a/tests/libdnssec/sample_keys.h
+++ b/src/libdnssec/sample_keys.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
#pragma once
-#include <binary.h>
+#include "libdnssec/binary.h"
typedef struct key_parameters {
// DNSSEC fields
diff --git a/tests/Makefile.am b/tests/Makefile.am
index eb6f1aa..c173b61 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -27,7 +27,6 @@ LDADD += \
EXTRA_DIST = \
tap/libtap.sh \
- libdnssec/sample_keys.h \
knot/semantic_check_data \
knot/test_semantic_check.in \
libzscanner/data \
diff --git a/tests/Makefile.in b/tests/Makefile.in
index b02c209..3170082 100644
--- a/tests/Makefile.in
+++ b/tests/Makefile.in
@@ -1473,7 +1473,6 @@ LDADD = libtap.la $(am__append_1) $(top_builddir)/src/libknot.la \
$(top_builddir)/src/libzscanner.la $(gnutls_LIBS) $(lmdb_LIBS)
EXTRA_DIST = \
tap/libtap.sh \
- libdnssec/sample_keys.h \
knot/semantic_check_data \
knot/test_semantic_check.in \
libzscanner/data \
diff --git a/tests/knot/semantic_check_data/nsec_nonauth.invalid b/tests/knot/semantic_check_data/nsec_nonauth.invalid
new file mode 100644
index 0000000..ce5ee4d
--- /dev/null
+++ b/tests/knot/semantic_check_data/nsec_nonauth.invalid
@@ -0,0 +1,27 @@
+;; Zone dump (Knot DNS 3.4.dev0+1720175447.11b935381)
+example.com. 3600 SOA dns1.example.com. hostmaster.example.com. 2010111214 21600 3600 604800 86400
+example.com. 3600 NS dns1.example.com.
+example.com. 3600 DNSKEY 256 3 13 4t69Zp7W+FQCRVjSjaLlmYuzHp14ljBcUSEcpfSwtl3w6LVb+vzPdjhbdX2Mmzdg+MZBWwnRMDspGl16gmoXig==
+example.com. 3600 DNSKEY 257 3 13 kamWKsByy8ilBkCfW1fZ9hn+At61Zjf90Ou6lshQeXS3WkeJO/5vuRNZdjv9C5tyb5CBA2QOvSM1Eg/7Cx4ztA==
+example.com. 0 CDS 3310 13 2 E9C99BE505F97345832D2433034A79ED22EB062F99666A026818F7D35B710821
+example.com. 0 CDNSKEY 257 3 13 kamWKsByy8ilBkCfW1fZ9hn+At61Zjf90Ou6lshQeXS3WkeJO/5vuRNZdjv9C5tyb5CBA2QOvSM1Eg/7Cx4ztA==
+deleg.example.com. 3600 A 127.0.0.1
+deleg.example.com. 3600 NS deleg.example.com.
+dns1.example.com. 3600 A 192.0.2.1
+;; DNSSEC signatures
+example.com. 3600 RRSIG NS 13 2 3600 20240725130051 20240711113051 60718 example.com. 5KpS/T4LhDDAm/rtOUZ7R8ScH/mMZpWFcR+054OicV4t4JPGoqwgmogroFRd4k/WOF7cmQ31CEvN52Pga7kf9Q==
+example.com. 3600 RRSIG SOA 13 2 3600 20240725125558 20240711112558 60718 example.com. iLCQshkoeAPmc8ZP/0ynzw0zbIyZeTlomFunmsZuu//ZbGwYOC1gwRpHzfLpgeYx3jTD4qgUKoJuIzEnfrowrw==
+example.com. 3600 RRSIG NSEC 13 2 3600 20240725130247 20240711113247 60718 example.com. E+LTzopR5J1G+2RWDrUcGwOlzFtgUf4GwQltM1F4Z8AFSK3ZEk6xYbbhX2WlIQYyDodxcwgy08kuaeNHegv00w==
+example.com. 3600 RRSIG DNSKEY 13 2 3600 20240725125558 20240711112558 3310 example.com. dhFqMNl6AXJu/6uBWjNFjnf1JP8dbOu/VpRHAf4NwM3RlvUCSRZ6qZVQWA0/BvJ+E4iZyfsRYCDTaXEm7i8ZKA==
+example.com. 0 RRSIG CDS 13 2 0 20240725125558 20240711112558 3310 example.com. fWiN+LE02kX+kazNZbxBd6BJ88bq/IiwQ6+RsOEYsuC9yFxCa/9dcMF4Z9GN/qn5JFFfnJodQWR0O5iKFE+MBQ==
+example.com. 0 RRSIG CDNSKEY 13 2 0 20240725125558 20240711112558 3310 example.com. tsJ9oklWeJUWOnVW84GIKo/nVJNaqd/PWTVWaRBamSmJwiZusppsBxNTGqsQP+2W2cM1FtiuLiDsMm/zWfrppg==
+deleg.example.com. 3600 RRSIG NSEC 13 3 3600 20240725130247 20240711113247 60718 example.com. 5mvvVAdpVBKEtGxxFU3fKXl8pMGbyuqwMolOV2eRicPo851BZSeY3Cn1eCCHMn5E4GBglTW6Ugna5AnPoYKVRA==
+dns1.example.com. 3600 RRSIG A 13 3 3600 20240725125558 20240711112558 60718 example.com. O26Wir77dSZhE6vmuN2ktFvB+5DHxti3EeHUt56bByREQBHWVrZfLh6KJnmkzR9r7AnwQbIDrcP/9QYXK8Mjgw==
+dns1.example.com. 3600 RRSIG NSEC 13 3 3600 20240725130051 20240711113051 60718 example.com. wdfKi+OK0NDMUgrBZ6HBFNRGfXdFGh/OAaQJYbmkEuU/tPmp2Qhpb6EI0clFwALpa5H0MetTIRCKrpT2KlDLDQ==
+;; DNSSEC NSEC chain
+example.com. 3600 NSEC deleg.example.com. NS SOA RRSIG NSEC DNSKEY CDS CDNSKEY
+deleg.example.com. 3600 NSEC dns1.example.com. NS RRSIG NSEC
+dns1.example.com. 3600 NSEC example.com. A RRSIG NSEC
+
+;; NSEC for a node for which this zone is not authoritative
+nonauth.deleg.example.com. 3600 NSEC dns1.example.com. NS RRSIG NSEC
diff --git a/tests/knot/test_semantic_check.in b/tests/knot/test_semantic_check.in
index 7675896..73fb6e7 100644
--- a/tests/knot/test_semantic_check.in
+++ b/tests/knot/test_semantic_check.in
@@ -66,6 +66,7 @@ NSEC3PARAM_FLAGS="invalid flags in NSEC3PARAM"
NSEC_NONE="missing NSEC\(3\) record"
NSEC_RDATA_BITMAP="wrong NSEC\(3\) bitmap"
NSEC_RDATA_CHAIN="inconsistent NSEC\(3\) chain"
+NSEC_EXTRA="superfluous NSEC\(3\)"
NSEC3_INSECURE_DELEGATION_OPT="wrong NSEC3 opt-out"
NS_APEX="missing NS at the zone apex"
NS_GLUE="missing glue record"
@@ -124,6 +125,7 @@ expect_error "cdnskey.orphan.cdnskey" 0 1 "$CDNSKEY_NO_CDS"
expect_error "cdnskey.delete.invalid.cds" 0 1 "$CDNSKEY_DELETE"
expect_error "cdnskey.delete.invalid.cdnskey" 0 1 "$CDNSKEY_DELETE"
expect_error "delegation.signed" 0 1 "$NSEC_RDATA_BITMAP"
+expect_error "nsec_nonauth.invalid" 0 1 "$NSEC_EXTRA"
test_correct "rrsig_ttl.signed"
test_correct "no_error_delegation_bitmap.signed"
diff --git a/tests/libdnssec/test_key.c b/tests/libdnssec/test_key.c
index c3643f0..4f05405 100644
--- a/tests/libdnssec/test_key.c
+++ b/tests/libdnssec/test_key.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2023 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,7 +22,7 @@
#include "error.h"
#include "key.h"
-#include "sample_keys.h"
+#include "libdnssec/sample_keys.h"
#define check_attr_scalar(key, type, name, def_val, set_val) { \
type value = dnssec_key_get_##name(key); \
diff --git a/tests/libdnssec/test_key_ds.c b/tests/libdnssec/test_key_ds.c
index fbc6327..29acf05 100644
--- a/tests/libdnssec/test_key_ds.c
+++ b/tests/libdnssec/test_key_ds.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -22,7 +22,7 @@
#include "libdnssec/crypto.h"
#include "libdnssec/error.h"
#include "libdnssec/key.h"
-#include "sample_keys.h"
+#include "libdnssec/sample_keys.h"
static void test_key(const char *name, const struct key_parameters *params)
{
diff --git a/tests/libdnssec/test_keystore_pkcs11.c b/tests/libdnssec/test_keystore_pkcs11.c
index 9828fce..5227d55 100644
--- a/tests/libdnssec/test_keystore_pkcs11.c
+++ b/tests/libdnssec/test_keystore_pkcs11.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -28,10 +28,9 @@
#include "libdnssec/crypto.h"
#include "libdnssec/error.h"
#include "libdnssec/keystore.h"
+#include "libdnssec/sample_keys.h"
#include "libdnssec/sign.h"
-#include "sample_keys.h"
-
#define ENV_SOFTHSM_DSO "KNOT_SOFTHSM2_DSO"
#define ENV_SOFTHSM_UTIL "KNOT_SOFTHSM2_UTIL"
diff --git a/tests/libdnssec/test_sign.c b/tests/libdnssec/test_sign.c
index 8f57a41..bdb19fb 100644
--- a/tests/libdnssec/test_sign.c
+++ b/tests/libdnssec/test_sign.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2021 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2024 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -17,14 +17,14 @@
#include <string.h>
#include <tap/basic.h>
-#include "sample_keys.h"
-
#include "binary.h"
#include "crypto.h"
#include "error.h"
#include "key.h"
#include "sign.h"
+#include "libdnssec/sample_keys.h"
+
static const dnssec_binary_t input_data = {
.size = 25,
.data = (uint8_t *)"Very good, young padawan."
diff --git a/tests/libknot/test_xdp_tcp.c b/tests/libknot/test_xdp_tcp.c
index f6b11b0..7f3b994 100644
--- a/tests/libknot/test_xdp_tcp.c
+++ b/tests/libknot/test_xdp_tcp.c
@@ -236,6 +236,20 @@ void test_syn(void)
test_conn = conn;
}
+void test_syn_ack_no(void)
+{
+ knot_xdp_msg_t msg;
+ knot_tcp_relay_t rl = { 0 };
+ prepare_msg(&msg, KNOT_XDP_MSG_SYN | KNOT_XDP_MSG_ACK, 1, 2);
+ int ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE);
+ is_int(KNOT_EOK, ret, "SYN+ACK deny: relay OK");
+ is_int(XDP_TCP_NOOP, rl.auto_answer, "SYN+ACK deny: no auto answer");
+ is_int(XDP_TCP_NOOP, rl.answer, "SYN+ACK deny: no answer");
+ is_int(0, test_table->usage, "SYN+ACK deny: no connection in normal table");
+ is_int(1, test_syn_table->usage, "SYN+ACK deny: one connection in SYN table");
+ knot_tcp_cleanup(test_syn_table, &rl, 1);
+}
+
void test_establish(void)
{
knot_xdp_msg_t msg;
@@ -260,7 +274,7 @@ void test_syn_ack(void)
knot_xdp_msg_t msg;
knot_tcp_relay_t rl = { 0 };
prepare_msg(&msg, KNOT_XDP_MSG_SYN | KNOT_XDP_MSG_ACK, 1000, 2000);
- int ret = knot_tcp_recv(&rl, &msg, 1, test_table, test_syn_table, XDP_TCP_IGNORE_NONE);
+ int ret = knot_tcp_recv(&rl, &msg, 1, test_table, NULL, XDP_TCP_IGNORE_NONE);
is_int(KNOT_EOK, ret, "SYN+ACK: relay OK");
ret = knot_tcp_send(test_sock, &rl, 1, 1);
is_int(KNOT_EOK, ret, "SYN+ACK: send OK");
@@ -613,6 +627,7 @@ int main(int argc, char *argv[])
init_mock(&test_sock, mock_send);
test_syn();
+ test_syn_ack_no();
test_establish();
test_syn_ack();
diff --git a/tests/libzscanner/TESTS b/tests/libzscanner/TESTS
index 227cdb4..1ac5755 100644
--- a/tests/libzscanner/TESTS
+++ b/tests/libzscanner/TESTS
@@ -84,3 +84,4 @@
56_ZONEMD
57_SVCB
58_HTTPS
+59_WALLET
diff --git a/tests/libzscanner/data/57_SVCB.in b/tests/libzscanner/data/57_SVCB.in
index 78c07a6..e726aa4 100644
--- a/tests/libzscanner/data/57_SVCB.in
+++ b/tests/libzscanner/data/57_SVCB.in
@@ -20,7 +20,10 @@ $TTL 1
@ SVCB 1 . ech="Zm9vYg=="
@ SVCB 1 . ipv6hint=::1
@ SVCB 1 . ipv6hint="::1"
-@ SVCB 1 . key7
+@ SVCB 1 . dohpath=/q{?dns}
+@ SVCB 1 . dohpath="/dns-query{?dns}"
+@ SVCB 1 . ohttp
+@ SVCB 1 . key707
@ SVCB 1 . key65535
@ SVCB 1 . key65535=a
@ SVCB 1 . key65535="a"
@@ -90,6 +93,10 @@ example.com. SVCB 16 foo.example.org. alpn=f\\\092oo\092,bar,h2
@ SVCB 1 . ipv6hint=
@ SVCB 1 . ipv6hint=::1,,::2
@ SVCB 1 . ipv6hint=::W
+@ SVCB 1 . dohpath
+@ SVCB 1 . dohpath=
+@ SVCB 1 . ohttp=
+@ SVCB 1 . ohttp=x
; RFC KO examples
example.com. SVCB 1 foo.example.com. (
diff --git a/tests/libzscanner/data/57_SVCB.out b/tests/libzscanner/data/57_SVCB.out
index 3b701d2..33e1ffb 100644
--- a/tests/libzscanner/data/57_SVCB.out
+++ b/tests/libzscanner/data/57_SVCB.out
@@ -110,7 +110,25 @@ OWNER=00
CLASS=0001
RRTTL=00000001
RTYPE=0040
-RDATA=00010000070000
+RDATA=000100000700082F717B3F646E737D
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0040
+RDATA=000100000700102F646E732D71756572797B3F646E737D
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0040
+RDATA=00010000080000
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0040
+RDATA=00010002C30000
------
OWNER=00
CLASS=0001
@@ -300,6 +318,14 @@ WARNG=ZS_BAD_ADDRESS_CHAR
------
WARNG=ZS_BAD_ADDRESS_CHAR
------
+WARNG=ZS_BAD_SVCB_PARAM
+------
+WARNG=ZS_BAD_SVCB_PARAM
+------
+WARNG=ZS_BAD_SVCB_PARAM
+------
+WARNG=ZS_BAD_SVCB_PARAM
+------
WARNG=ZS_DUPLICATE_SVCB_KEY
------
WARNG=ZS_BAD_SVCB_PARAM
diff --git a/tests/libzscanner/data/59_WALLET.in b/tests/libzscanner/data/59_WALLET.in
new file mode 100644
index 0000000..9767506
--- /dev/null
+++ b/tests/libzscanner/data/59_WALLET.in
@@ -0,0 +1,14 @@
+$ORIGIN .
+$TTL 1
+
+; The WALLET is the same as the TXT, so there are the differences and basics only.
+
+; OK
+@ WALLET "" "test1" "\255" test2 ; Array of text strings
+@ WALLET \# 1 00 ; Hexadecimal rdata
+@ TYPE262 \# 1 00 ; TYPE + Hexadecimal rdata
+@ TYPE262 "" ; TYPE
+@ wallet "" ; Type in lower-case
+
+; KO
+@ WALLET
diff --git a/tests/libzscanner/data/59_WALLET.out b/tests/libzscanner/data/59_WALLET.out
new file mode 100644
index 0000000..11e6425
--- /dev/null
+++ b/tests/libzscanner/data/59_WALLET.out
@@ -0,0 +1,32 @@
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0106
+RDATA=0005746573743101FF057465737432
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0106
+RDATA=00
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0106
+RDATA=00
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0106
+RDATA=00
+------
+OWNER=00
+CLASS=0001
+RRTTL=00000001
+RTYPE=0106
+RDATA=00
+------
+WARNG=ZS_BAD_RDATA
+------
diff --git a/tests/libzscanner/test_zscanner.in b/tests/libzscanner/test_zscanner.in
index 10d2b5c..8cc9008 100644
--- a/tests/libzscanner/test_zscanner.in
+++ b/tests/libzscanner/test_zscanner.in
@@ -11,7 +11,7 @@ TMPDIR=$(test_tmpdir)
TESTS_DIR="$SOURCE"/data
ZSCANNER_TOOL="$BUILD"/zscanner-tool
-plan 86
+plan 87
mkdir -p "$TMPDIR"/includes/
for a in 1 2 3 4 5 6; do
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-23 06:18:33 +0000