1 files changed, 218 insertions, 0 deletions
diff --git a/tests/dns/private_test.c b/tests/dns/private_test.c
new file mode 100644
index 0000000..9f3a87f
--- /dev/null
+++ b/tests/dns/private_test.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/util.h>
+
+#include <dns/nsec3.h>
+#include <dns/private.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+
+#include <dst/dst.h>
+
+#include <tests/dns.h>
+
+static dns_rdatatype_t privatetype = 65534;
+
+static int
+setup_test(void **state) {
+	isc_result_t result;
+
+	UNUSED(state);
+
+	result = dst_lib_init(mctx, NULL);
+
+	if (result != ISC_R_SUCCESS) {
+		return (1);
+	}
+
+	return (0);
+}
+
+static int
+teardown_test(void **state) {
+	UNUSED(state);
+
+	dst_lib_destroy();
+
+	return (0);
+}
+
+typedef struct {
+	unsigned char alg;
+	dns_keytag_t keyid;
+	bool remove;
+	bool complete;
+} signing_testcase_t;
+
+typedef struct {
+	unsigned char hash;
+	unsigned char flags;
+	unsigned int iterations;
+	unsigned long salt;
+	bool remove;
+	bool pending;
+	bool nonsec;
+} nsec3_testcase_t;
+
+static void
+make_signing(signing_testcase_t *testcase, dns_rdata_t *private,
+	     unsigned char *buf, size_t len) {
+	dns_rdata_init(private);
+
+	buf[0] = testcase->alg;
+	buf[1] = (testcase->keyid & 0xff00) >> 8;
+	buf[2] = (testcase->keyid & 0xff);
+	buf[3] = testcase->remove;
+	buf[4] = testcase->complete;
+	private->data = buf;
+	private->length = len;
+	private->type = privatetype;
+	private->rdclass = dns_rdataclass_in;
+}
+
+static void
+make_nsec3(nsec3_testcase_t *testcase, dns_rdata_t *private,
+	   unsigned char *pbuf) {
+	dns_rdata_nsec3param_t params;
+	dns_rdata_t nsec3param = DNS_RDATA_INIT;
+	unsigned char bufdata[BUFSIZ];
+	isc_buffer_t buf;
+	uint32_t salt;
+	unsigned char *sp;
+	int slen = 4;
+
+	/* for simplicity, we're using a maximum salt length of 4 */
+	salt = htonl(testcase->salt);
+	sp = (unsigned char *)&salt;
+	while (slen > 0 && *sp == '\0') {
+		slen--;
+		sp++;
+	}
+
+	params.common.rdclass = dns_rdataclass_in;
+	params.common.rdtype = dns_rdatatype_nsec3param;
+	params.hash = testcase->hash;
+	params.iterations = testcase->iterations;
+	params.salt = sp;
+	params.salt_length = slen;
+
+	params.flags = testcase->flags;
+	if (testcase->remove) {
+		params.flags |= DNS_NSEC3FLAG_REMOVE;
+		if (testcase->nonsec) {
+			params.flags |= DNS_NSEC3FLAG_NONSEC;
+		}
+	} else {
+		params.flags |= DNS_NSEC3FLAG_CREATE;
+		if (testcase->pending) {
+			params.flags |= DNS_NSEC3FLAG_INITIAL;
+		}
+	}
+
+	isc_buffer_init(&buf, bufdata, sizeof(bufdata));
+	dns_rdata_fromstruct(&nsec3param, dns_rdataclass_in,
+			     dns_rdatatype_nsec3param, &params, &buf);
+
+	dns_rdata_init(private);
+
+	dns_nsec3param_toprivate(&nsec3param, private, privatetype, pbuf,
+				 DNS_NSEC3PARAM_BUFFERSIZE + 1);
+}
+
+/* convert private signing records to text */
+ISC_RUN_TEST_IMPL(private_signing_totext) {
+	dns_rdata_t private;
+	int i;
+
+	signing_testcase_t testcases[] = { { DST_ALG_RSASHA512, 12345, 0, 0 },
+					   { DST_ALG_RSASHA256, 54321, 1, 0 },
+					   { DST_ALG_NSEC3RSASHA1, 22222, 0,
+					     1 },
+					   { DST_ALG_RSASHA1, 33333, 1, 1 } };
+	const char *results[] = { "Signing with key 12345/RSASHA512",
+				  "Removing signatures for key 54321/RSASHA256",
+				  "Done signing with key 22222/NSEC3RSASHA1",
+				  ("Done removing signatures for key "
+				   "33333/RSASHA1") };
+	int ncases = 4;
+
+	UNUSED(state);
+
+	for (i = 0; i < ncases; i++) {
+		unsigned char data[5];
+		char output[BUFSIZ];
+		isc_buffer_t buf;
+
+		isc_buffer_init(&buf, output, sizeof(output));
+
+		make_signing(&testcases[i], &private, data, sizeof(data));
+		dns_private_totext(&private, &buf);
+		assert_string_equal(output, results[i]);
+	}
+}
+
+/* convert private chain records to text */
+ISC_RUN_TEST_IMPL(private_nsec3_totext) {
+	dns_rdata_t private;
+	int i;
+
+	nsec3_testcase_t testcases[] = {
+		{ 1, 0, 1, 0xbeef, 0, 0, 0 },
+		{ 1, 1, 10, 0xdadd, 0, 0, 0 },
+		{ 1, 0, 20, 0xbead, 0, 1, 0 },
+		{ 1, 0, 30, 0xdeaf, 1, 0, 0 },
+		{ 1, 0, 100, 0xfeedabee, 1, 0, 1 },
+	};
+	const char *results[] = { "Creating NSEC3 chain 1 0 1 BEEF",
+				  "Creating NSEC3 chain 1 1 10 DADD",
+				  "Pending NSEC3 chain 1 0 20 BEAD",
+				  ("Removing NSEC3 chain 1 0 30 DEAF / "
+				   "creating NSEC chain"),
+				  "Removing NSEC3 chain 1 0 100 FEEDABEE" };
+	int ncases = 5;
+
+	UNUSED(state);
+
+	for (i = 0; i < ncases; i++) {
+		unsigned char data[DNS_NSEC3PARAM_BUFFERSIZE + 1];
+		char output[BUFSIZ];
+		isc_buffer_t buf;
+
+		isc_buffer_init(&buf, output, sizeof(output));
+
+		make_nsec3(&testcases[i], &private, data);
+		dns_private_totext(&private, &buf);
+		assert_string_equal(output, results[i]);
+	}
+}
+
+ISC_TEST_LIST_START
+ISC_TEST_ENTRY_CUSTOM(private_signing_totext, setup_test, teardown_test)
+ISC_TEST_ENTRY_CUSTOM(private_nsec3_totext, setup_test, teardown_test)
+ISC_TEST_LIST_END
+
+ISC_TEST_MAIN