2  * testcode/unitzonemd.c - unit test for zonemd.
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
59 /** zonemd unit test, generate a zonemd digest and check if correct */
64 	size_t hashlen = 0;  in zonemd_generate_test()
68 	struct auth_zone* z;  in zonemd_generate_test()  local
87 	z = authtest_addzone(az, zname, zfile);  in zonemd_generate_test()
88 	unit_assert(z);  in zonemd_generate_test()
89 	lock_rw_wrlock(&z->lock);  in zonemd_generate_test()
90 	z->zonemd_check = 1;  in zonemd_generate_test()
91 	lock_rw_unlock(&z->lock);  in zonemd_generate_test()
94 	result = auth_zone_generate_zonemd_hash(z, scheme, hashalgo,  in zonemd_generate_test()
102 	for(i=0; i<hashlen; i++) {  in zonemd_generate_test()
104 		output[i*2] = hexl[(zonemd_hash[i]&0xf0)>>4];  in zonemd_generate_test()
105 		output[i*2+1] = hexl[zonemd_hash[i]&0xf];  in zonemd_generate_test()
107 	output[hashlen*2] = 0;  in zonemd_generate_test()
110 	for(i=0; i<strlen(digestdup); i++) {  in zonemd_generate_test()
115 		dname_str(z->name, zname);  in zonemd_generate_test()
117 			"scheme=%d hashalgo=%d\n", zname, z->zonefile,  in zonemd_generate_test()
122 	unit_assert(strcmp(output, digestdup) == 0);  in zonemd_generate_test()
142 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
143 	 * from section A.1 */  in zonemd_generate_tests()
147 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
148 	 * from section A.2 */  in zonemd_generate_tests()
152 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
153 	 * from section A.3 SHA384 digest */  in zonemd_generate_tests()
157 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
158 	 * from section A.3 SHA512 digest*/  in zonemd_generate_tests()
162 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
163 	 * from section A.4 */  in zonemd_generate_tests()
167 	/* https://tools.ietf.org/html/draft-ietf-dnsop-dns-zone-digest-12  in zonemd_generate_tests()
168 	 * from section A.5.  in zonemd_generate_tests()
170 	zonemd_generate_test("root-servers.net", SRCDIRSTR "/testdata/zonemd.example_a5.zone",  in zonemd_generate_tests()
184 	size_t hashlen = 0, hashwronglen = 0;  in zonemd_check_test()
186 	struct auth_zone* z;  in zonemd_check_test()  local
205 	z = authtest_addzone(az, zname, zfile);  in zonemd_check_test()
206 	unit_assert(z);  in zonemd_check_test()
207 	lock_rw_wrlock(&z->lock);  in zonemd_check_test()
208 	z->zonemd_check = 1;  in zonemd_check_test()
209 	lock_rw_unlock(&z->lock);  in zonemd_check_test()
211 	if(sldns_str2wire_hex_buf(digest, hash, &hashlen) != 0) {  in zonemd_check_test()
212 		unit_assert(0); /* parse failure */  in zonemd_check_test()
215 	if(sldns_str2wire_hex_buf(digestwrong, hashwrong, &hashwronglen) != 0) {  in zonemd_check_test()
216 		unit_assert(0); /* parse failure */  in zonemd_check_test()
220 	result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,  in zonemd_check_test()
223 	result = auth_zone_generate_zonemd_check(z, 241, hashalgo,  in zonemd_check_test()
225 	unit_assert(result && strcmp(reason, "unsupported scheme")==0);  in zonemd_check_test()
226 	result = auth_zone_generate_zonemd_check(z, scheme, 242,  in zonemd_check_test()
228 	unit_assert(result && strcmp(reason, "unsupported algorithm")==0);  in zonemd_check_test()
229 	result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,  in zonemd_check_test()
231 	unit_assert(!result && strcmp(reason, "digest length too small, less than 12")==0);  in zonemd_check_test()
232 	result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,  in zonemd_check_test()
234 	unit_assert(!result && strcmp(reason, "incorrect digest")==0);  in zonemd_check_test()
235 	result = auth_zone_generate_zonemd_check(z, scheme, hashalgo,  in zonemd_check_test()
236 		hashwrong, hashwronglen-3, region, buf, &reason);  in zonemd_check_test()
237 	unit_assert(!result && strcmp(reason, "incorrect digest length")==0);  in zonemd_check_test()
253 	time_t now = 0;  in zonemd_verify_test()
257 	struct auth_zone* z;  in zonemd_verify_test()  local
260 	memset(&env, 0, sizeof(env));  in zonemd_verify_test()
272 	env.cfg->val_date_override = cfg_convert_timeval(date_override);  in zonemd_verify_test()
273 	if(!env.cfg->val_date_override)  in zonemd_verify_test()
275 	if(env.cfg->module_conf)  in zonemd_verify_test()
276 		free(env.cfg->module_conf);  in zonemd_verify_test()
277 	env.cfg->module_conf = strdup("validator iterator");  in zonemd_verify_test()
278 	if(!env.cfg->module_conf)  in zonemd_verify_test()
281 		if(!cfg_strlist_insert(&env.cfg->trust_anchor_list,  in zonemd_verify_test()
292 	if(!modstack_call_startup(&mods, env.cfg->module_conf, &env))  in zonemd_verify_test()
294 	if(!modstack_call_init(&mods, env.cfg->module_conf, &env))  in zonemd_verify_test()
301 	z = authtest_addzone(env.auth_zones, zname, zfile);  in zonemd_verify_test()
302 	if(!z)  in zonemd_verify_test()
306 	lock_rw_wrlock(&z->lock);  in zonemd_verify_test()
307 	z->zonemd_check = 1;  in zonemd_verify_test()
308 	auth_zone_verify_zonemd(z, &env, &mods, &result, 1, 0);  in zonemd_verify_test()
309 	lock_rw_unlock(&z->lock);  in zonemd_verify_test()
312 			(strcmp(result, "ZONEMD verification successful")==0?"successful":"failed"),  in zonemd_verify_test()
317 	unit_assert(strcmp(result, result_wanted) == 0);  in zonemd_verify_test()
318 	if(strcmp(result, "ZONEMD verification successful") == 0 ||  in zonemd_verify_test()
319 		strcmp(result, "DNSSEC verified nonexistence of ZONEMD") == 0 ||  in zonemd_verify_test()
320 		strcmp(result, "no ZONEMD present") == 0) {  in zonemd_verify_test()
321 		lock_rw_rdlock(&z->lock);  in zonemd_verify_test()
322 		unit_assert(!z->zone_expired);  in zonemd_verify_test()
323 		lock_rw_unlock(&z->lock);  in zonemd_verify_test()
325 		lock_rw_rdlock(&z->lock);  in zonemd_verify_test()
326 		unit_assert(z->zone_expired);  in zonemd_verify_test()
327 		lock_rw_unlock(&z->lock);  in zonemd_verify_test()
354 		"example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
363 	/* no trust anchor, so it succeeds for zone with a correct ZONEMD */  in zonemd_verify_tests()
372 		"example.org. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
376 	/* load a DNSSEC signed zone, but no trust anchor */  in zonemd_verify_tests()
384 	/* load a DNSSEC zone with NSEC3, but no trust anchor */  in zonemd_verify_tests()
393 	/* this zonefile has a correct ZONEMD digest and  in zonemd_verify_tests()
407 	/* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */  in zonemd_verify_tests()
410 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
413 	/* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */  in zonemd_verify_tests()
416 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
420 	/* load a DNSSEC NSEC zone without ZONEMD */  in zonemd_verify_tests()
423 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
426 	/* load a DNSSEC NSEC3 zone without ZONEMD */  in zonemd_verify_tests()
429 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
436 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
447 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
459 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
465 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
472 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
483 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
495 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()
507 …"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af", */  in zonemd_verify_tests()
515 		"example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af",  in zonemd_verify_tests()