1/* $NetBSD: rdata_test.c,v 1.2 2024/02/21 22:52:50 christos Exp $ */ 2 3/* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16#include <inttypes.h> 17#include <sched.h> /* IWYU pragma: keep */ 18#include <setjmp.h> 19#include <stdarg.h> 20#include <stdbool.h> 21#include <stddef.h> 22#include <stdlib.h> 23#include <string.h> 24#include <unistd.h> 25 26#define UNIT_TESTING 27 28#include <openssl_shim.h> 29 30#include <openssl/err.h> 31 32#include <isc/cmocka.h> 33#include <isc/commandline.h> 34#include <isc/hex.h> 35#include <isc/lex.h> 36#include <isc/print.h> 37#include <isc/stdio.h> 38#include <isc/types.h> 39#include <isc/util.h> 40 41#include <dns/rdata.h> 42 43#include <tests/dns.h> 44 45static bool debug = false; 46 47/* 48 * An array of these structures is passed to compare_ok(). 49 */ 50struct compare_ok { 51 const char *text1; /* text passed to fromtext_*() */ 52 const char *text2; /* text passed to fromtext_*() */ 53 int answer; /* -1, 0, 1 */ 54 int lineno; /* source line defining this RDATA */ 55}; 56typedef struct compare_ok compare_ok_t; 57 58struct textvsunknown { 59 const char *text1; 60 const char *text2; 61}; 62typedef struct textvsunknown textvsunknown_t; 63 64/* 65 * An array of these structures is passed to check_text_ok(). 66 */ 67typedef struct text_ok { 68 const char *text_in; /* text passed to fromtext_*() */ 69 const char *text_out; /* text expected from totext_*(); 70 * NULL indicates text_in is invalid */ 71 unsigned int loop; 72} text_ok_t; 73 74/* 75 * An array of these structures is passed to check_wire_ok(). 76 */ 77typedef struct wire_ok { 78 unsigned char data[512]; /* RDATA in wire format */ 79 size_t len; /* octets of data to parse */ 80 bool ok; /* is this RDATA valid? */ 81 unsigned int loop; 82} wire_ok_t; 83 84#define COMPARE(r1, r2, answer) \ 85 { \ 86 r1, r2, answer, __LINE__ \ 87 } 88#define COMPARE_SENTINEL() \ 89 { \ 90 NULL, NULL, 0, __LINE__ \ 91 } 92 93#define TEXT_VALID_CHANGED(data_in, data_out) \ 94 { \ 95 data_in, data_out, 0 \ 96 } 97#define TEXT_VALID(data) \ 98 { \ 99 data, data, 0 \ 100 } 101#define TEXT_VALID_LOOP(loop, data) \ 102 { \ 103 data, data, loop \ 104 } 105#define TEXT_VALID_LOOPCHG(loop, data_in, data_out) \ 106 { \ 107 data_in, data_out, loop \ 108 } 109#define TEXT_INVALID(data) \ 110 { \ 111 data, NULL, 0 \ 112 } 113#define TEXT_SENTINEL() TEXT_INVALID(NULL) 114 115#define VARGC(...) (sizeof((unsigned char[]){ __VA_ARGS__ })) 116#define WIRE_TEST(ok, loop, ...) \ 117 { \ 118 { __VA_ARGS__ }, VARGC(__VA_ARGS__), ok, loop \ 119 } 120#define WIRE_VALID(...) WIRE_TEST(true, 0, __VA_ARGS__) 121#define WIRE_VALID_LOOP(loop, ...) WIRE_TEST(true, loop, __VA_ARGS__) 122/* 123 * WIRE_INVALID() test cases must always have at least one octet specified to 124 * distinguish them from WIRE_SENTINEL(). Use the 'empty_ok' parameter passed 125 * to check_wire_ok() for indicating whether empty RDATA is allowed for a given 126 * RR type or not. 127 */ 128#define WIRE_INVALID(FIRST, ...) WIRE_TEST(false, 0, FIRST, __VA_ARGS__) 129#define WIRE_SENTINEL() WIRE_TEST(false, 0) 130 131static void 132detect_uncleared_libcrypto_error(void) { 133 const char *file, *func, *data; 134 int line, flags; 135 long err; 136 bool leak = false; 137 while ((err = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 138 0L) 139 { 140 fprintf(stderr, 141 "# Uncleared libcrypto error: %s:%d %s %s %ld %x\n", 142 file, line, func, data, err, flags); 143 leak = true; 144 } 145 assert_false(leak); 146} 147 148/* 149 * Call dns_rdata_fromwire() for data in 'src', which is 'srclen' octets in 150 * size and represents RDATA of given 'type' and 'class'. Store the resulting 151 * uncompressed wire form in 'dst', which is 'dstlen' octets in size, and make 152 * 'rdata' refer to that uncompressed wire form. 153 */ 154static isc_result_t 155wire_to_rdata(const unsigned char *src, size_t srclen, dns_rdataclass_t rdclass, 156 dns_rdatatype_t type, unsigned char *dst, size_t dstlen, 157 dns_rdata_t *rdata) { 158 isc_buffer_t source, target; 159 dns_decompress_t dctx; 160 isc_result_t result; 161 162 /* 163 * Set up len-octet buffer pointing at data. 164 */ 165 isc_buffer_constinit(&source, src, srclen); 166 isc_buffer_add(&source, srclen); 167 isc_buffer_setactive(&source, srclen); 168 169 /* 170 * Initialize target buffer. 171 */ 172 isc_buffer_init(&target, dst, dstlen); 173 174 /* 175 * Try converting input data into uncompressed wire form. 176 */ 177 dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY); 178 result = dns_rdata_fromwire(rdata, rdclass, type, &source, &dctx, 0, 179 &target); 180 dns_decompress_invalidate(&dctx); 181 detect_uncleared_libcrypto_error(); 182 183 return (result); 184} 185 186/* 187 * Call dns_rdata_towire() for rdata and write to result to dst. 188 */ 189static isc_result_t 190rdata_towire(dns_rdata_t *rdata, unsigned char *dst, size_t dstlen, 191 size_t *length) { 192 isc_buffer_t target; 193 dns_compress_t cctx; 194 isc_result_t result; 195 196 /* 197 * Initialize target buffer. 198 */ 199 isc_buffer_init(&target, dst, dstlen); 200 201 /* 202 * Try converting input data into uncompressed wire form. 203 */ 204 dns_compress_init(&cctx, -1, mctx); 205 result = dns_rdata_towire(rdata, &cctx, &target); 206 detect_uncleared_libcrypto_error(); 207 dns_compress_invalidate(&cctx); 208 209 *length = isc_buffer_usedlength(&target); 210 211 return (result); 212} 213 214static isc_result_t 215additionaldata_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype, 216 dns_rdataset_t *found) { 217 UNUSED(arg); 218 UNUSED(name); 219 UNUSED(qtype); 220 UNUSED(found); 221 return (ISC_R_SUCCESS); 222} 223 224/* 225 * call dns_rdata_additionaldata() for rdata. 226 */ 227static isc_result_t 228rdata_additionadata(dns_rdata_t *rdata) { 229 return (dns_rdata_additionaldata(rdata, dns_rootname, additionaldata_cb, 230 NULL)); 231} 232 233/* 234 * Call dns_rdata_checknames() with various owner names chosen to 235 * match well known forms. 236 * 237 * We are currently only checking that the calls do not trigger 238 * assertion failures. 239 * 240 * XXXMPA A future extension could be to record the expected 241 * result and the expected value of 'bad'. 242 */ 243static void 244rdata_checknames(dns_rdata_t *rdata) { 245 dns_fixedname_t fixed, bfixed; 246 dns_name_t *name, *bad; 247 isc_result_t result; 248 249 name = dns_fixedname_initname(&fixed); 250 bad = dns_fixedname_initname(&bfixed); 251 252 (void)dns_rdata_checknames(rdata, dns_rootname, NULL); 253 (void)dns_rdata_checknames(rdata, dns_rootname, bad); 254 255 result = dns_name_fromstring(name, "example.net", 0, NULL); 256 assert_int_equal(result, ISC_R_SUCCESS); 257 (void)dns_rdata_checknames(rdata, name, NULL); 258 (void)dns_rdata_checknames(rdata, name, bad); 259 260 result = dns_name_fromstring(name, "in-addr.arpa", 0, NULL); 261 assert_int_equal(result, ISC_R_SUCCESS); 262 (void)dns_rdata_checknames(rdata, name, NULL); 263 (void)dns_rdata_checknames(rdata, name, bad); 264 265 result = dns_name_fromstring(name, "ip6.arpa", 0, NULL); 266 assert_int_equal(result, ISC_R_SUCCESS); 267 (void)dns_rdata_checknames(rdata, name, NULL); 268 (void)dns_rdata_checknames(rdata, name, bad); 269} 270 271/* 272 * Test whether converting rdata to a type-specific struct and then back to 273 * rdata results in the same uncompressed wire form. This checks whether 274 * tostruct_*() and fromstruct_*() routines for given RR class and type behave 275 * consistently. 276 * 277 * This function is called for every correctly processed input RDATA, from both 278 * check_text_ok_single() and check_wire_ok_single(). 279 */ 280static void 281check_struct_conversions(dns_rdata_t *rdata, size_t structsize, 282 unsigned int loop) { 283 dns_rdataclass_t rdclass = rdata->rdclass; 284 dns_rdatatype_t type = rdata->type; 285 isc_result_t result; 286 isc_buffer_t target; 287 void *rdata_struct; 288 char buf[1024]; 289 unsigned int count = 0; 290 291 rdata_struct = isc_mem_allocate(mctx, structsize); 292 assert_non_null(rdata_struct); 293 294 /* 295 * Convert from uncompressed wire form into type-specific struct. 296 */ 297 result = dns_rdata_tostruct(rdata, rdata_struct, NULL); 298 detect_uncleared_libcrypto_error(); 299 assert_int_equal(result, ISC_R_SUCCESS); 300 301 /* 302 * Convert from type-specific struct into uncompressed wire form. 303 */ 304 isc_buffer_init(&target, buf, sizeof(buf)); 305 result = dns_rdata_fromstruct(NULL, rdclass, type, rdata_struct, 306 &target); 307 assert_int_equal(result, ISC_R_SUCCESS); 308 309 /* 310 * Ensure results are consistent. 311 */ 312 assert_int_equal(isc_buffer_usedlength(&target), rdata->length); 313 314 assert_memory_equal(buf, rdata->data, rdata->length); 315 316 /* 317 * Check that one can walk hip rendezvous servers and 318 * https/svcb parameters. 319 */ 320 switch (type) { 321 case dns_rdatatype_hip: { 322 dns_rdata_hip_t *hip = rdata_struct; 323 324 for (result = dns_rdata_hip_first(hip); result == ISC_R_SUCCESS; 325 result = dns_rdata_hip_next(hip)) 326 { 327 dns_name_t name; 328 dns_name_init(&name, NULL); 329 dns_rdata_hip_current(hip, &name); 330 assert_int_not_equal(dns_name_countlabels(&name), 0); 331 assert_true(dns_name_isabsolute(&name)); 332 count++; 333 } 334 assert_int_equal(result, ISC_R_NOMORE); 335 assert_int_equal(count, loop); 336 break; 337 } 338 case dns_rdatatype_https: { 339 dns_rdata_in_https_t *https = rdata_struct; 340 341 for (result = dns_rdata_in_https_first(https); 342 result == ISC_R_SUCCESS; 343 result = dns_rdata_in_https_next(https)) 344 { 345 isc_region_t region; 346 dns_rdata_in_https_current(https, ®ion); 347 assert_true(region.length >= 4); 348 count++; 349 } 350 assert_int_equal(result, ISC_R_NOMORE); 351 assert_int_equal(count, loop); 352 break; 353 } 354 case dns_rdatatype_svcb: { 355 dns_rdata_in_svcb_t *svcb = rdata_struct; 356 357 for (result = dns_rdata_in_svcb_first(svcb); 358 result == ISC_R_SUCCESS; 359 result = dns_rdata_in_svcb_next(svcb)) 360 { 361 isc_region_t region; 362 dns_rdata_in_svcb_current(svcb, ®ion); 363 assert_true(region.length >= 4); 364 count++; 365 } 366 assert_int_equal(result, ISC_R_NOMORE); 367 assert_int_equal(count, loop); 368 break; 369 } 370 } 371 372 isc_mem_free(mctx, rdata_struct); 373} 374 375/* 376 * Check whether converting supplied text form RDATA into uncompressed wire 377 * form succeeds (tests fromtext_*()). If so, try converting it back into text 378 * form and see if it results in the original text (tests totext_*()). 379 */ 380static void 381check_text_ok_single(const text_ok_t *text_ok, dns_rdataclass_t rdclass, 382 dns_rdatatype_t type, size_t structsize) { 383 unsigned char buf_fromtext[1024], buf_fromwire[1024], buf_towire[1024]; 384 dns_rdata_t rdata = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 385 char buf_totext[1024] = { 0 }; 386 isc_buffer_t target; 387 isc_result_t result; 388 size_t length = 0; 389 390 if (debug) { 391 fprintf(stdout, "#check_text_ok_single(%s)\n", 392 text_ok->text_in); 393 } 394 /* 395 * Try converting text form RDATA into uncompressed wire form. 396 */ 397 result = dns_test_rdatafromstring(&rdata, rdclass, type, buf_fromtext, 398 sizeof(buf_fromtext), 399 text_ok->text_in, false); 400 /* 401 * Check whether result is as expected. 402 */ 403 if (text_ok->text_out != NULL) { 404 if (debug && result != ISC_R_SUCCESS) { 405 fprintf(stdout, "# '%s'\n", text_ok->text_in); 406 fprintf(stdout, "# result=%s\n", 407 isc_result_totext(result)); 408 } 409 assert_int_equal(result, ISC_R_SUCCESS); 410 } else { 411 if (debug && result == ISC_R_SUCCESS) { 412 fprintf(stdout, "#'%s'\n", text_ok->text_in); 413 } 414 assert_int_not_equal(result, ISC_R_SUCCESS); 415 } 416 417 /* 418 * If text form RDATA was not parsed correctly, performing any 419 * additional checks is pointless. 420 */ 421 if (result != ISC_R_SUCCESS) { 422 return; 423 } 424 425 /* 426 * Try converting uncompressed wire form RDATA back into text form and 427 * check whether the resulting text is the same as the original one. 428 */ 429 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 430 result = dns_rdata_totext(&rdata, NULL, &target); 431 detect_uncleared_libcrypto_error(); 432 if (result != ISC_R_SUCCESS && debug) { 433 size_t i; 434 fprintf(stdout, "# dns_rdata_totext -> %s", 435 isc_result_totext(result)); 436 for (i = 0; i < rdata.length; i++) { 437 if ((i % 16) == 0) { 438 fprintf(stdout, "\n#"); 439 } 440 fprintf(stdout, " %02x", rdata.data[i]); 441 } 442 fprintf(stdout, "\n"); 443 } 444 assert_int_equal(result, ISC_R_SUCCESS); 445 /* 446 * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() 447 * may attempt different output formats writing into the apparently 448 * unused part of the buffer. 449 */ 450 isc_buffer_putuint8(&target, 0); 451 if (debug && strcmp(buf_totext, text_ok->text_out) != 0) { 452 fprintf(stdout, "# '%s' != '%s'\n", buf_totext, 453 text_ok->text_out); 454 } 455 assert_string_equal(buf_totext, text_ok->text_out); 456 457 if (debug) { 458 fprintf(stdout, "#dns_rdata_totext -> '%s'\n", buf_totext); 459 } 460 461 /* 462 * Ensure that fromtext_*() output is valid input for fromwire_*(). 463 */ 464 result = wire_to_rdata(rdata.data, rdata.length, rdclass, type, 465 buf_fromwire, sizeof(buf_fromwire), &rdata2); 466 assert_int_equal(result, ISC_R_SUCCESS); 467 assert_int_equal(rdata.length, rdata2.length); 468 assert_memory_equal(rdata.data, buf_fromwire, rdata.length); 469 470 /* 471 * Ensure that fromtext_*() output is valid input for towire_*(). 472 */ 473 result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); 474 assert_int_equal(result, ISC_R_SUCCESS); 475 assert_int_equal(rdata.length, length); 476 assert_memory_equal(rdata.data, buf_towire, length); 477 478 /* 479 * Test that additionaldata_*() succeeded. 480 */ 481 result = rdata_additionadata(&rdata); 482 assert_int_equal(result, ISC_R_SUCCESS); 483 484 /* 485 * Exercise checknames_*(). 486 */ 487 rdata_checknames(&rdata); 488 489 /* 490 * Perform two-way conversion checks between uncompressed wire form and 491 * type-specific struct. 492 */ 493 check_struct_conversions(&rdata, structsize, text_ok->loop); 494} 495 496/* 497 * Test whether converting rdata to text form and then parsing the result of 498 * that conversion again results in the same uncompressed wire form. This 499 * checks whether totext_*() output is parsable by fromtext_*() for given RR 500 * class and type. 501 * 502 * This function is called for every input RDATA which is successfully parsed 503 * by check_wire_ok_single() and whose type is not a meta-type. 504 */ 505static void 506check_text_conversions(dns_rdata_t *rdata) { 507 char buf_totext[1024] = { 0 }; 508 unsigned char buf_fromtext[1024]; 509 isc_result_t result; 510 isc_buffer_t target; 511 dns_rdata_t rdata2 = DNS_RDATA_INIT; 512 513 /* 514 * Convert uncompressed wire form RDATA into text form. This 515 * conversion must succeed since input RDATA was successfully 516 * parsed by check_wire_ok_single(). 517 */ 518 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 519 result = dns_rdata_totext(rdata, NULL, &target); 520 detect_uncleared_libcrypto_error(); 521 assert_int_equal(result, ISC_R_SUCCESS); 522 /* 523 * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() 524 * may attempt different output formats writing into the apparently 525 * unused part of the buffer. 526 */ 527 isc_buffer_putuint8(&target, 0); 528 if (debug) { 529 fprintf(stdout, "#'%s'\n", buf_totext); 530 } 531 532 /* 533 * Try parsing text form RDATA output by dns_rdata_totext() again. 534 */ 535 result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, 536 buf_fromtext, sizeof(buf_fromtext), 537 buf_totext, false); 538 if (debug && result != ISC_R_SUCCESS) { 539 fprintf(stdout, "# result = %s\n", isc_result_totext(result)); 540 fprintf(stdout, "# '%s'\n", buf_fromtext); 541 } 542 assert_int_equal(result, ISC_R_SUCCESS); 543 assert_int_equal(rdata2.length, rdata->length); 544 assert_memory_equal(buf_fromtext, rdata->data, rdata->length); 545} 546 547/* 548 * Test whether converting rdata to multi-line text form and then parsing the 549 * result of that conversion again results in the same uncompressed wire form. 550 * This checks whether multi-line totext_*() output is parsable by fromtext_*() 551 * for given RR class and type. 552 * 553 * This function is called for every input RDATA which is successfully parsed 554 * by check_wire_ok_single() and whose type is not a meta-type. 555 */ 556static void 557check_multiline_text_conversions(dns_rdata_t *rdata) { 558 char buf_totext[1024] = { 0 }; 559 unsigned char buf_fromtext[1024]; 560 isc_result_t result; 561 isc_buffer_t target; 562 dns_rdata_t rdata2 = DNS_RDATA_INIT; 563 unsigned int flags; 564 565 /* 566 * Convert uncompressed wire form RDATA into multi-line text form. 567 * This conversion must succeed since input RDATA was successfully 568 * parsed by check_wire_ok_single(). 569 */ 570 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 571 flags = dns_master_styleflags(&dns_master_style_default); 572 result = dns_rdata_tofmttext(rdata, dns_rootname, flags, 80 - 32, 4, 573 "\n", &target); 574 detect_uncleared_libcrypto_error(); 575 assert_int_equal(result, ISC_R_SUCCESS); 576 /* 577 * Ensure buf_totext is properly NUL terminated as 578 * dns_rdata_tofmttext() may attempt different output formats 579 * writing into the apparently unused part of the buffer. 580 */ 581 isc_buffer_putuint8(&target, 0); 582 if (debug) { 583 fprintf(stdout, "#'%s'\n", buf_totext); 584 } 585 586 /* 587 * Try parsing multi-line text form RDATA output by 588 * dns_rdata_tofmttext() again. 589 */ 590 result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, 591 buf_fromtext, sizeof(buf_fromtext), 592 buf_totext, false); 593 assert_int_equal(result, ISC_R_SUCCESS); 594 assert_int_equal(rdata2.length, rdata->length); 595 assert_memory_equal(buf_fromtext, rdata->data, rdata->length); 596} 597 598/* 599 * Test whether supplied wire form RDATA is properly handled as being either 600 * valid or invalid for an RR of given rdclass and type. 601 */ 602static void 603check_wire_ok_single(const wire_ok_t *wire_ok, dns_rdataclass_t rdclass, 604 dns_rdatatype_t type, size_t structsize) { 605 unsigned char buf[1024], buf_towire[1024]; 606 isc_result_t result; 607 dns_rdata_t rdata = DNS_RDATA_INIT; 608 size_t length = 0; 609 610 /* 611 * Try converting wire data into uncompressed wire form. 612 */ 613 result = wire_to_rdata(wire_ok->data, wire_ok->len, rdclass, type, buf, 614 sizeof(buf), &rdata); 615 /* 616 * Check whether result is as expected. 617 */ 618 if (wire_ok->ok) { 619 assert_int_equal(result, ISC_R_SUCCESS); 620 } else { 621 assert_int_not_equal(result, ISC_R_SUCCESS); 622 } 623 624 if (result != ISC_R_SUCCESS) { 625 return; 626 } 627 628 /* 629 * If data was parsed correctly, perform two-way conversion checks 630 * between uncompressed wire form and type-specific struct. 631 * 632 * If the RR type is not a meta-type, additionally perform two-way 633 * conversion checks between: 634 * 635 * - uncompressed wire form and text form, 636 * - uncompressed wire form and multi-line text form. 637 */ 638 check_struct_conversions(&rdata, structsize, wire_ok->loop); 639 if (!dns_rdatatype_ismeta(rdata.type)) { 640 check_text_conversions(&rdata); 641 check_multiline_text_conversions(&rdata); 642 } 643 644 /* 645 * Ensure that fromwire_*() output is valid input for towire_*(). 646 */ 647 result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); 648 assert_int_equal(result, ISC_R_SUCCESS); 649 assert_int_equal(rdata.length, length); 650 assert_memory_equal(rdata.data, buf_towire, length); 651 652 /* 653 * Test that additionaldata_*() succeeded. 654 */ 655 result = rdata_additionadata(&rdata); 656 assert_int_equal(result, ISC_R_SUCCESS); 657 658 /* 659 * Exercise checknames_*(). 660 */ 661 rdata_checknames(&rdata); 662} 663 664/* 665 * Test fromtext_*() and totext_*() routines for given RR class and type for 666 * each text form RDATA in the supplied array. See the comment for 667 * check_text_ok_single() for an explanation of how exactly these routines are 668 * tested. 669 */ 670static void 671check_text_ok(const text_ok_t *text_ok, dns_rdataclass_t rdclass, 672 dns_rdatatype_t type, size_t structsize) { 673 size_t i; 674 675 /* 676 * Check all entries in the supplied array. 677 */ 678 for (i = 0; text_ok[i].text_in != NULL; i++) { 679 check_text_ok_single(&text_ok[i], rdclass, type, structsize); 680 } 681} 682 683/* 684 * For each wire form RDATA in the supplied array, check whether it is properly 685 * handled as being either valid or invalid for an RR of given rdclass and 686 * type, then check whether trying to process a zero-length wire data buffer 687 * yields the expected result. This checks whether the fromwire_*() routine 688 * for given RR class and type behaves as expected. 689 */ 690static void 691check_wire_ok(const wire_ok_t *wire_ok, bool empty_ok, dns_rdataclass_t rdclass, 692 dns_rdatatype_t type, size_t structsize) { 693 wire_ok_t empty_wire = WIRE_TEST(empty_ok, 0); 694 size_t i; 695 696 /* 697 * Check all entries in the supplied array. 698 */ 699 for (i = 0; wire_ok[i].len != 0; i++) { 700 if (debug) { 701 fprintf(stderr, "calling check_wire_ok_single on %zu\n", 702 i); 703 } 704 check_wire_ok_single(&wire_ok[i], rdclass, type, structsize); 705 } 706 707 /* 708 * Check empty wire data. 709 */ 710 check_wire_ok_single(&empty_wire, rdclass, type, structsize); 711} 712 713/* 714 * Check that two records compare as expected with dns_rdata_compare(). 715 */ 716static void 717check_compare_ok_single(const compare_ok_t *compare_ok, 718 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 719 dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 720 unsigned char buf1[1024], buf2[1024]; 721 isc_result_t result; 722 int answer; 723 724 result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, 725 sizeof(buf1), compare_ok->text1, 726 false); 727 if (result != ISC_R_SUCCESS) { 728 fail_msg("# line %d: '%s': expected success, got failure", 729 compare_ok->lineno, compare_ok->text1); 730 } 731 732 result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, 733 sizeof(buf2), compare_ok->text2, 734 false); 735 736 if (result != ISC_R_SUCCESS) { 737 fail_msg("# line %d: '%s': expected success, got failure", 738 compare_ok->lineno, compare_ok->text2); 739 } 740 741 answer = dns_rdata_compare(&rdata1, &rdata2); 742 detect_uncleared_libcrypto_error(); 743 if (compare_ok->answer == 0 && answer != 0) { 744 fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " 745 "expected equal, got %s", 746 compare_ok->lineno, compare_ok->text1, 747 compare_ok->text2, 748 (answer > 0) ? "greater than" : "less than"); 749 } 750 if (compare_ok->answer < 0 && answer >= 0) { 751 fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " 752 "expected less than, got %s", 753 compare_ok->lineno, compare_ok->text1, 754 compare_ok->text2, 755 (answer == 0) ? "equal" : "greater than"); 756 } 757 if (compare_ok->answer > 0 && answer <= 0) { 758 fail_msg("line %d: dns_rdata_compare('%s', '%s'): " 759 "expected greater than, got %s", 760 compare_ok->lineno, compare_ok->text1, 761 compare_ok->text2, 762 (answer == 0) ? "equal" : "less than"); 763 } 764} 765 766/* 767 * Check that all the records sets in compare_ok compare as expected 768 * with dns_rdata_compare(). 769 */ 770static void 771check_compare_ok(const compare_ok_t *compare_ok, dns_rdataclass_t rdclass, 772 dns_rdatatype_t type) { 773 size_t i; 774 /* 775 * Check all entries in the supplied array. 776 */ 777 for (i = 0; compare_ok[i].text1 != NULL; i++) { 778 check_compare_ok_single(&compare_ok[i], rdclass, type); 779 } 780} 781 782/* 783 * Test whether supplied sets of text form and/or wire form RDATA are handled 784 * as expected. 785 * 786 * The empty_ok argument denotes whether an attempt to parse a zero-length wire 787 * data buffer should succeed or not (it is valid for some RR types). There is 788 * no point in performing a similar check for empty text form RDATA, because 789 * dns_rdata_fromtext() returns ISC_R_UNEXPECTEDEND before calling fromtext_*() 790 * for the given RR class and type. 791 */ 792static void 793check_rdata(const text_ok_t *text_ok, const wire_ok_t *wire_ok, 794 const compare_ok_t *compare_ok, bool empty_ok, 795 dns_rdataclass_t rdclass, dns_rdatatype_t type, size_t structsize) { 796 if (text_ok != NULL) { 797 check_text_ok(text_ok, rdclass, type, structsize); 798 } 799 if (wire_ok != NULL) { 800 check_wire_ok(wire_ok, empty_ok, rdclass, type, structsize); 801 } 802 if (compare_ok != NULL) { 803 check_compare_ok(compare_ok, rdclass, type); 804 } 805} 806 807/* 808 * Check presentation vs unknown format of the record. 809 */ 810static void 811check_textvsunknown_single(const textvsunknown_t *textvsunknown, 812 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 813 dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 814 unsigned char buf1[1024], buf2[1024]; 815 isc_result_t result; 816 817 result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, 818 sizeof(buf1), textvsunknown->text1, 819 false); 820 if (debug && result != ISC_R_SUCCESS) { 821 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 822 fprintf(stdout, "# result=%s\n", isc_result_totext(result)); 823 } 824 assert_int_equal(result, ISC_R_SUCCESS); 825 result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, 826 sizeof(buf2), textvsunknown->text2, 827 false); 828 if (debug && result != ISC_R_SUCCESS) { 829 fprintf(stdout, "# '%s'\n", textvsunknown->text2); 830 fprintf(stdout, "# result=%s\n", isc_result_totext(result)); 831 } 832 assert_int_equal(result, ISC_R_SUCCESS); 833 if (debug && rdata1.length != rdata2.length) { 834 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 835 fprintf(stdout, "# rdata1.length (%u) != rdata2.length (%u)\n", 836 rdata1.length, rdata2.length); 837 } 838 assert_int_equal(rdata1.length, rdata2.length); 839 if (debug && memcmp(rdata1.data, rdata2.data, rdata1.length) != 0) { 840 unsigned int i; 841 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 842 for (i = 0; i < rdata1.length; i++) { 843 if (rdata1.data[i] != rdata2.data[i]) { 844 fprintf(stderr, "# %u: %02x != %02x\n", i, 845 rdata1.data[i], rdata2.data[i]); 846 } 847 } 848 } 849 assert_memory_equal(rdata1.data, rdata2.data, rdata1.length); 850} 851 852static void 853check_textvsunknown(const textvsunknown_t *textvsunknown, 854 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 855 size_t i; 856 857 /* 858 * Check all entries in the supplied array. 859 */ 860 for (i = 0; textvsunknown[i].text1 != NULL; i++) { 861 check_textvsunknown_single(&textvsunknown[i], rdclass, type); 862 } 863} 864 865/* 866 * Common tests for RR types based on KEY that require key data: 867 * 868 * - CDNSKEY (RFC 7344) 869 * - DNSKEY (RFC 4034) 870 * - RKEY (draft-reid-dnsext-rkey-00) 871 */ 872static void 873key_required(void **state, dns_rdatatype_t type, size_t size) { 874 wire_ok_t wire_ok[] = { /* 875 * RDATA must be at least 5 octets in size: 876 * 877 * - 2 octets for Flags, 878 * - 1 octet for Protocol, 879 * - 1 octet for Algorithm, 880 * - Public Key must not be empty. 881 * 882 * RFC 2535 section 3.1.2 allows the Public Key 883 * to be empty if bits 0-1 of Flags are both 884 * set, but that only applies to KEY records: 885 * for the RR types tested here, the Public Key 886 * must not be empty. 887 */ 888 WIRE_INVALID(0x00), 889 WIRE_INVALID(0x00, 0x00), 890 WIRE_INVALID(0x00, 0x00, 0x00), 891 WIRE_INVALID(0xc0, 0x00, 0x00, 0x00), 892 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 893 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 894 WIRE_SENTINEL() 895 }; 896 897 UNUSED(state); 898 899 check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, type, size); 900} 901 902/* APL RDATA manipulations */ 903ISC_RUN_TEST_IMPL(apl) { 904 text_ok_t text_ok[] = { 905 /* empty list */ 906 TEXT_VALID(""), 907 /* min,max prefix IPv4 */ 908 TEXT_VALID("1:0.0.0.0/0"), TEXT_VALID("1:127.0.0.1/32"), 909 /* min,max prefix IPv6 */ 910 TEXT_VALID("2:::/0"), TEXT_VALID("2:::1/128"), 911 /* negated */ 912 TEXT_VALID("!1:0.0.0.0/0"), TEXT_VALID("!1:127.0.0.1/32"), 913 TEXT_VALID("!2:::/0"), TEXT_VALID("!2:::1/128"), 914 /* bits set after prefix length - not disallowed */ 915 TEXT_VALID("1:127.0.0.0/0"), TEXT_VALID("2:8000::/0"), 916 /* multiple */ 917 TEXT_VALID("1:0.0.0.0/0 1:127.0.0.1/32"), 918 TEXT_VALID("1:0.0.0.0/0 !1:127.0.0.1/32"), 919 /* family 0, prefix 0, positive */ 920 TEXT_VALID("\\# 4 00000000"), 921 /* family 0, prefix 0, negative */ 922 TEXT_VALID("\\# 4 00000080"), 923 /* prefix too long */ 924 TEXT_INVALID("1:0.0.0.0/33"), TEXT_INVALID("2:::/129"), 925 /* 926 * Sentinel. 927 */ 928 TEXT_SENTINEL() 929 }; 930 wire_ok_t wire_ok[] = { /* zero length */ 931 WIRE_VALID(), 932 /* prefix too big IPv4 */ 933 WIRE_INVALID(0x00, 0x01, 33U, 0x00), 934 /* prefix too big IPv6 */ 935 WIRE_INVALID(0x00, 0x02, 129U, 0x00), 936 /* trailing zero octet in afdpart */ 937 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), 938 /* 939 * Sentinel. 940 */ 941 WIRE_SENTINEL() 942 }; 943 944 check_rdata(text_ok, wire_ok, NULL, true, dns_rdataclass_in, 945 dns_rdatatype_apl, sizeof(dns_rdata_in_apl_t)); 946} 947 948/* 949 * http://broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf 950 * 951 * ATMA RR���s have the following RDATA format: 952 * 953 * 1 1 1 1 1 1 954 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 955 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 956 * | FORMAT | | 957 * +--+--+--+--+--+--+--+--+ | 958 * / ADDRESS / 959 * | | 960 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 961 * 962 * The fields have the following meaning: 963 * 964 * * FORMAT: One octet that indicates the format of ADDRESS. The two 965 * possible values for FORMAT are value 0 indicating ATM End System Address 966 * (AESA) format and value 1 indicating E.164 format. 967 * 968 * * ADDRESS: Variable length string of octets containing the ATM address of 969 * the node to which this RR pertains. 970 * 971 * When the format value is 0, indicating that the address is in AESA format, 972 * the address is coded as described in ISO 8348/AD 2 using the preferred 973 * binary encoding of the ISO NSAP format. When the format value is 1, 974 * indicating that the address is in E.164 format, the Address/Number Digits 975 * appear in the order in which they would be entered on a numeric keypad. 976 * Digits are coded in IA5 characters with the leftmost bit of each digit set 977 * to 0. This ATM address appears in ATM End System Address Octets field (AESA 978 * format) or the Address/Number Digits field (E.164 format) of the Called 979 * party number information element [ATMUNI3.1]. Subaddress information is 980 * intentionally not included because E.164 subaddress information is used for 981 * routing. 982 * 983 * ATMA RRs cause no additional section processing. 984 */ 985ISC_RUN_TEST_IMPL(atma) { 986 text_ok_t text_ok[] = { TEXT_VALID("00"), 987 TEXT_VALID_CHANGED("0.0", "00"), 988 /* 989 * multiple consecutive periods 990 */ 991 TEXT_INVALID("0..0"), 992 /* 993 * trailing period 994 */ 995 TEXT_INVALID("00."), 996 /* 997 * leading period 998 */ 999 TEXT_INVALID(".00"), 1000 /* 1001 * Not full octets. 1002 */ 1003 TEXT_INVALID("000"), 1004 /* 1005 * E.164 1006 */ 1007 TEXT_VALID("+61200000000"), 1008 /* 1009 * E.164 with periods 1010 */ 1011 TEXT_VALID_CHANGED("+61.2.0000.0000", "+6120000" 1012 "0000"), 1013 /* 1014 * E.164 with period at end 1015 */ 1016 TEXT_INVALID("+61200000000."), 1017 /* 1018 * E.164 with multiple consecutive periods 1019 */ 1020 TEXT_INVALID("+612..00000000"), 1021 /* 1022 * E.164 with period before the leading digit. 1023 */ 1024 TEXT_INVALID("+.61200000000"), 1025 /* 1026 * Sentinel. 1027 */ 1028 TEXT_SENTINEL() }; 1029 wire_ok_t wire_ok[] = { 1030 /* 1031 * Too short. 1032 */ 1033 WIRE_INVALID(0x00), WIRE_INVALID(0x01), 1034 /* 1035 * all digits 1036 */ 1037 WIRE_VALID(0x01, '6', '1', '2', '0', '0', '0'), 1038 /* 1039 * non digit 1040 */ 1041 WIRE_INVALID(0x01, '+', '6', '1', '2', '0', '0', '0'), 1042 /* 1043 * Sentinel. 1044 */ 1045 WIRE_SENTINEL() 1046 }; 1047 1048 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1049 dns_rdatatype_atma, sizeof(dns_rdata_in_atma_t)); 1050} 1051 1052/* AMTRELAY RDATA manipulations */ 1053ISC_RUN_TEST_IMPL(amtrelay) { 1054 text_ok_t text_ok[] = { 1055 TEXT_INVALID(""), TEXT_INVALID("0"), TEXT_INVALID("0 0"), 1056 /* gateway type 0 */ 1057 TEXT_VALID("0 0 0"), TEXT_VALID("0 1 0"), 1058 TEXT_INVALID("0 2 0"), /* discovery out of range */ 1059 TEXT_VALID("255 1 0"), /* max precedence */ 1060 TEXT_INVALID("256 1 0"), /* precedence out of range */ 1061 1062 /* IPv4 gateway */ 1063 TEXT_INVALID("0 0 1"), /* no address */ 1064 TEXT_VALID("0 0 1 0.0.0.0"), 1065 TEXT_INVALID("0 0 1 0.0.0.0 x"), /* extra */ 1066 TEXT_INVALID("0 0 1 0.0.0.0.0"), /* bad address */ 1067 TEXT_INVALID("0 0 1 ::"), /* bad address */ 1068 TEXT_INVALID("0 0 1 ."), /* bad address */ 1069 1070 /* IPv6 gateway */ 1071 TEXT_INVALID("0 0 2"), /* no address */ 1072 TEXT_VALID("0 0 2 ::"), TEXT_INVALID("0 0 2 :: xx"), /* extra */ 1073 TEXT_INVALID("0 0 2 0.0.0.0"), /* bad address */ 1074 TEXT_INVALID("0 0 2 ."), /* bad address */ 1075 1076 /* hostname gateway */ 1077 TEXT_INVALID("0 0 3"), /* no name */ 1078 /* IPv4 is a valid name */ 1079 TEXT_VALID_CHANGED("0 0 3 0.0.0.0", "0 0 3 0.0.0.0."), 1080 /* IPv6 is a valid name */ 1081 TEXT_VALID_CHANGED("0 0 3 ::", "0 0 3 ::."), 1082 TEXT_VALID_CHANGED("0 0 3 example", "0 0 3 example."), 1083 TEXT_VALID("0 0 3 example."), 1084 TEXT_INVALID("0 0 3 example. x"), /* extra */ 1085 1086 /* unknown gateway */ 1087 TEXT_VALID("\\# 2 0004"), TEXT_VALID("\\# 2 0084"), 1088 TEXT_VALID("\\# 2 007F"), TEXT_VALID("\\# 3 000400"), 1089 TEXT_VALID("\\# 3 008400"), TEXT_VALID("\\# 3 00FF00"), 1090 1091 /* 1092 * Sentinel. 1093 */ 1094 TEXT_SENTINEL() 1095 }; 1096 wire_ok_t wire_ok[] = { 1097 WIRE_INVALID(0x00), WIRE_VALID(0x00, 0x00), 1098 WIRE_VALID(0x00, 0x80), WIRE_INVALID(0x00, 0x00, 0x00), 1099 WIRE_INVALID(0x00, 0x80, 0x00), 1100 1101 WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), 1102 WIRE_INVALID(0x00, 0x01, 0x00, 0x00), 1103 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), 1104 WIRE_VALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00), 1105 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), 1106 1107 WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), 1108 WIRE_VALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 1109 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 1110 0x15), 1111 WIRE_INVALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 1112 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 1113 0x14, 0x15, 0x16), 1114 1115 WIRE_INVALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), 1116 WIRE_INVALID(0x00, 0x03, 0x00, 0x00), /* extra */ 1117 1118 WIRE_VALID(0x00, 0x04), WIRE_VALID(0x00, 0x04, 0x00), 1119 /* 1120 * Sentinel. 1121 */ 1122 WIRE_SENTINEL() 1123 }; 1124 1125 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1126 dns_rdatatype_amtrelay, sizeof(dns_rdata_amtrelay_t)); 1127} 1128 1129ISC_RUN_TEST_IMPL(cdnskey) { 1130 key_required(state, dns_rdatatype_cdnskey, sizeof(dns_rdata_cdnskey_t)); 1131} 1132 1133/* 1134 * CSYNC tests. 1135 * 1136 * RFC 7477: 1137 * 1138 * 2.1. The CSYNC Resource Record Format 1139 * 1140 * 2.1.1. The CSYNC Resource Record Wire Format 1141 * 1142 * The CSYNC RDATA consists of the following fields: 1143 * 1144 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1145 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1146 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1147 * | SOA Serial | 1148 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1149 * | Flags | Type Bit Map / 1150 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1151 * / Type Bit Map (continued) / 1152 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1153 * 1154 * 2.1.1.1. The SOA Serial Field 1155 * 1156 * The SOA Serial field contains a copy of the 32-bit SOA serial number 1157 * from the child zone. If the soaminimum flag is set, parental agents 1158 * querying children's authoritative servers MUST NOT act on data from 1159 * zones advertising an SOA serial number less than this value. See 1160 * [RFC1982] for properly implementing "less than" logic. If the 1161 * soaminimum flag is not set, parental agents MUST ignore the value in 1162 * the SOA Serial field. Clients can set the field to any value if the 1163 * soaminimum flag is unset, such as the number zero. 1164 * 1165 * (...) 1166 * 1167 * 2.1.1.2. The Flags Field 1168 * 1169 * The Flags field contains 16 bits of boolean flags that define 1170 * operations that affect the processing of the CSYNC record. The flags 1171 * defined in this document are as follows: 1172 * 1173 * 0x00 0x01: "immediate" 1174 * 1175 * 0x00 0x02: "soaminimum" 1176 * 1177 * The definitions for how the flags are to be used can be found in 1178 * Section 3. 1179 * 1180 * The remaining flags are reserved for use by future specifications. 1181 * Undefined flags MUST be set to 0 by CSYNC publishers. Parental 1182 * agents MUST NOT process a CSYNC record if it contains a 1 value for a 1183 * flag that is unknown to or unsupported by the parental agent. 1184 * 1185 * 2.1.1.2.1. The Type Bit Map Field 1186 * 1187 * The Type Bit Map field indicates the record types to be processed by 1188 * the parental agent, according to the procedures in Section 3. The 1189 * Type Bit Map field is encoded in the same way as the Type Bit Map 1190 * field of the NSEC record, described in [RFC4034], Section 4.1.2. If 1191 * a bit has been set that a parental agent implementation does not 1192 * understand, the parental agent MUST NOT act upon the record. 1193 * Specifically, a parental agent must not simply copy the data, and it 1194 * must understand the semantics associated with a bit in the Type Bit 1195 * Map field that has been set to 1. 1196 */ 1197ISC_RUN_TEST_IMPL(csync) { 1198 text_ok_t text_ok[] = { TEXT_INVALID(""), 1199 TEXT_INVALID("0"), 1200 TEXT_VALID("0 0"), 1201 TEXT_VALID("0 0 A"), 1202 TEXT_VALID("0 0 NS"), 1203 TEXT_VALID("0 0 AAAA"), 1204 TEXT_VALID("0 0 A AAAA"), 1205 TEXT_VALID("0 0 A NS AAAA"), 1206 TEXT_INVALID("0 0 A NS AAAA BOGUS"), 1207 TEXT_SENTINEL() }; 1208 wire_ok_t wire_ok[] = { 1209 /* 1210 * Short. 1211 */ 1212 WIRE_INVALID(0x00), 1213 /* 1214 * Short. 1215 */ 1216 WIRE_INVALID(0x00, 0x00), 1217 /* 1218 * Short. 1219 */ 1220 WIRE_INVALID(0x00, 0x00, 0x00), 1221 /* 1222 * Short. 1223 */ 1224 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 1225 /* 1226 * Short. 1227 */ 1228 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), 1229 /* 1230 * Serial + flags only. 1231 */ 1232 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1233 /* 1234 * Bad type map. 1235 */ 1236 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1237 /* 1238 * Bad type map. 1239 */ 1240 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1241 /* 1242 * Good type map. 1243 */ 1244 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1245 0x02), 1246 /* 1247 * Sentinel. 1248 */ 1249 WIRE_SENTINEL() 1250 }; 1251 1252 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1253 dns_rdatatype_csync, sizeof(dns_rdata_csync_t)); 1254} 1255 1256ISC_RUN_TEST_IMPL(dnskey) { 1257 key_required(state, dns_rdatatype_dnskey, sizeof(dns_rdata_dnskey_t)); 1258} 1259 1260/* 1261 * DOA tests. 1262 * 1263 * draft-durand-doa-over-dns-03: 1264 * 1265 * 3.2. DOA RDATA Wire Format 1266 * 1267 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1268 * 0: | | 1269 * | DOA-ENTERPRISE | 1270 * | | 1271 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1272 * 4: | | 1273 * | DOA-TYPE | 1274 * | | 1275 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1276 * 8: | DOA-LOCATION | DOA-MEDIA-TYPE / 1277 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1278 * 10: / / 1279 * / DOA-MEDIA-TYPE (continued) / 1280 * / / 1281 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1282 * / / 1283 * / DOA-DATA / 1284 * / / 1285 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1286 * 1287 * DOA-ENTERPRISE: a 32-bit unsigned integer in network order. 1288 * 1289 * DOA-TYPE: a 32-bit unsigned integer in network order. 1290 * 1291 * DOA-LOCATION: an 8-bit unsigned integer. 1292 * 1293 * DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]). The first 1294 * octet of the <character-string> contains the number of characters to 1295 * follow. 1296 * 1297 * DOA-DATA: A variable length blob of binary data. The length of the 1298 * DOA-DATA is not contained within the wire format of the RR and has to 1299 * be computed from the RDLENGTH of the entire RR once other fields have 1300 * been taken into account. 1301 * 1302 * 3.3. DOA RDATA Presentation Format 1303 * 1304 * The DOA-ENTERPRISE field is presented as an unsigned 32-bit decimal 1305 * integer with range 0 - 4,294,967,295. 1306 * 1307 * The DOA-TYPE field is presented as an unsigned 32-bit decimal integer 1308 * with range 0 - 4,294,967,295. 1309 * 1310 * The DOA-LOCATION field is presented as an unsigned 8-bit decimal 1311 * integer with range 0 - 255. 1312 * 1313 * The DOA-MEDIA-TYPE field is presented as a single <character-string>. 1314 * 1315 * The DOA-DATA is presented as Base64 encoded data [RFC4648] unless the 1316 * DOA-DATA is empty in which case it is presented as a single dash 1317 * character ("-", ASCII 45). White space is permitted within Base64 1318 * data. 1319 */ 1320ISC_RUN_TEST_IMPL(doa) { 1321 text_ok_t text_ok[] = { 1322 /* 1323 * Valid, non-empty DOA-DATA. 1324 */ 1325 TEXT_VALID("0 0 1 \"text/plain\" Zm9v"), 1326 /* 1327 * Valid, non-empty DOA-DATA with whitespace in between. 1328 */ 1329 TEXT_VALID_CHANGED("0 0 1 \"text/plain\" Zm 9v", "0 0 1 " 1330 "\"text/" 1331 "plain\" " 1332 "Zm9v"), 1333 /* 1334 * Valid, unquoted DOA-MEDIA-TYPE, non-empty DOA-DATA. 1335 */ 1336 TEXT_VALID_CHANGED("0 0 1 text/plain Zm9v", "0 0 1 " 1337 "\"text/plain\" " 1338 "Zm9v"), 1339 /* 1340 * Invalid, quoted non-empty DOA-DATA. 1341 */ 1342 TEXT_INVALID("0 0 1 \"text/plain\" \"Zm9v\""), 1343 /* 1344 * Valid, empty DOA-DATA. 1345 */ 1346 TEXT_VALID("0 0 1 \"text/plain\" -"), 1347 /* 1348 * Invalid, quoted empty DOA-DATA. 1349 */ 1350 TEXT_INVALID("0 0 1 \"text/plain\" \"-\""), 1351 /* 1352 * Invalid, missing "-" in empty DOA-DATA. 1353 */ 1354 TEXT_INVALID("0 0 1 \"text/plain\""), 1355 /* 1356 * Valid, undefined DOA-LOCATION. 1357 */ 1358 TEXT_VALID("0 0 100 \"text/plain\" Zm9v"), 1359 /* 1360 * Invalid, DOA-LOCATION too big. 1361 */ 1362 TEXT_INVALID("0 0 256 \"text/plain\" ZM9v"), 1363 /* 1364 * Valid, empty DOA-MEDIA-TYPE, non-empty DOA-DATA. 1365 */ 1366 TEXT_VALID("0 0 2 \"\" aHR0cHM6Ly93d3cuaXNjLm9yZy8="), 1367 /* 1368 * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. 1369 */ 1370 TEXT_VALID("0 0 1 \"\" -"), 1371 /* 1372 * Valid, DOA-MEDIA-TYPE with a space. 1373 */ 1374 TEXT_VALID("0 0 1 \"plain text\" Zm9v"), 1375 /* 1376 * Invalid, missing DOA-MEDIA-TYPE. 1377 */ 1378 TEXT_INVALID("1234567890 1234567890 1"), 1379 /* 1380 * Valid, DOA-DATA over 255 octets. 1381 */ 1382 TEXT_VALID("1234567890 1234567890 1 \"image/gif\" " 1383 "R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM" 1384 "/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAA" 1385 "AAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c" 1386 "3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS" 1387 "1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeF" 1388 "AgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9" 1389 "pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1" 1390 "SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7"), 1391 /* 1392 * Invalid, bad Base64 in DOA-DATA. 1393 */ 1394 TEXT_INVALID("1234567890 1234567890 1 \"image/gif\" R0lGODl"), 1395 /* 1396 * Sentinel. 1397 */ 1398 TEXT_SENTINEL() 1399 }; 1400 wire_ok_t wire_ok[] = { 1401 /* 1402 * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. 1403 */ 1404 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1405 0x00), 1406 /* 1407 * Invalid, missing DOA-MEDIA-TYPE. 1408 */ 1409 WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 1410 0x01), 1411 /* 1412 * Invalid, malformed DOA-MEDIA-TYPE length. 1413 */ 1414 WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 1415 0x01, 0xff), 1416 /* 1417 * Valid, empty DOA-DATA. 1418 */ 1419 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1420 0x03, 0x66, 0x6f, 0x6f), 1421 /* 1422 * Valid, non-empty DOA-DATA. 1423 */ 1424 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1425 0x03, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72), 1426 /* 1427 * Valid, DOA-DATA over 255 octets. 1428 */ 1429 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1430 0x06, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x00, 0x66, 1431 0x99, 0xff, 0xff, 0xff, 0x33, 0x99, 0xcc, 0xcc, 0xff, 1432 0xff, 0x99, 0xcc, 0xff, 0x33, 0x66, 0x99, 0x66, 0xcc, 1433 0xff, 0x99, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x99, 1434 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1435 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xf9, 1436 0x04, 0x01, 0x0a, 0x00, 0x0f, 0x00, 0x2c, 0x00, 0x00, 1437 0x00, 0x00, 0x28, 0x00, 0x19, 0x00, 0x00, 0x04, 0xc7, 1438 0xf0, 0x81, 0x49, 0x2b, 0x95, 0x36, 0x6b, 0x8d, 0xf7, 1439 0xec, 0x5e, 0x68, 0x81, 0x19, 0x29, 0x9e, 0x80, 0x89, 1440 0xae, 0x5c, 0xbb, 0x3e, 0xb0, 0x8a, 0xca, 0x1f, 0x1c, 1441 0xdc, 0x78, 0x00, 0x87, 0x34, 0xf7, 0xe4, 0xc0, 0xdb, 1442 0x6e, 0xd3, 0xbb, 0xfc, 0x82, 0x48, 0x1d, 0xb1, 0xa2, 1443 0x3a, 0x26, 0x93, 0xc5, 0x54, 0xe9, 0x49, 0x55, 0x96, 1444 0x2e, 0xa3, 0x6a, 0xd5, 0x45, 0x72, 0x6a, 0x93, 0x52, 1445 0xd7, 0x07, 0x77, 0x38, 0x0c, 0x6e, 0x83, 0x42, 0xe1, 1446 0x9c, 0x2b, 0x9b, 0x71, 0x58, 0x6c, 0xc7, 0x2b, 0x10, 1447 0x9c, 0xeb, 0x78, 0x01, 0x3a, 0x6f, 0xbf, 0x31, 0xe5, 1448 0x17, 0x39, 0x75, 0x03, 0x03, 0x83, 0x85, 0x67, 0x85, 1449 0x02, 0x04, 0x69, 0x7a, 0x7e, 0x7f, 0x52, 0x18, 0x5e, 1450 0x01, 0x83, 0x05, 0x75, 0x40, 0x78, 0x48, 0x57, 0x29, 1451 0x18, 0x41, 0x86, 0x75, 0x07, 0x82, 0x02, 0xa0, 0x41, 1452 0x2d, 0x3b, 0x92, 0x93, 0x7d, 0x04, 0x79, 0x77, 0x7d, 1453 0xa4, 0x4b, 0x00, 0x6c, 0xa1, 0xb1, 0x8c, 0x7a, 0x83, 1454 0x48, 0x4d, 0x12, 0xa7, 0xa8, 0xb1, 0x37, 0x83, 0x75, 1455 0x04, 0x99, 0x9b, 0x73, 0xb9, 0x48, 0x86, 0x6b, 0x01, 1456 0x89, 0xc8, 0x75, 0x6b, 0x03, 0xc0, 0x8e, 0x46, 0x35, 1457 0x49, 0x94, 0x7c, 0x6c, 0x95, 0xab, 0xcf, 0x7f, 0x36, 1458 0x48, 0x6a, 0x88, 0x05, 0x04, 0x05, 0x41, 0xde, 0x08, 1459 0xb1, 0x44, 0xda, 0x5f, 0xe7, 0x1e, 0xba, 0xe7, 0x4f, 1460 0x11, 0x00, 0x3b), 1461 /* 1462 * Sentinel. 1463 */ 1464 WIRE_SENTINEL() 1465 }; 1466 1467 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1468 dns_rdatatype_doa, sizeof(dns_rdata_doa_t)); 1469} 1470 1471/* 1472 * DS tests. 1473 * 1474 * RFC 4034: 1475 * 1476 * 5.1. DS RDATA Wire Format 1477 * 1478 * The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet 1479 * Algorithm field, a 1 octet Digest Type field, and a Digest field. 1480 * 1481 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1482 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1483 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1484 * | Key Tag | Algorithm | Digest Type | 1485 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1486 * / / 1487 * / Digest / 1488 * / / 1489 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1490 * 1491 * 5.1.1. The Key Tag Field 1492 * 1493 * The Key Tag field lists the key tag of the DNSKEY RR referred to by 1494 * the DS record, in network byte order. 1495 * 1496 * The Key Tag used by the DS RR is identical to the Key Tag used by 1497 * RRSIG RRs. Appendix B describes how to compute a Key Tag. 1498 * 1499 * 5.1.2. The Algorithm Field 1500 * 1501 * The Algorithm field lists the algorithm number of the DNSKEY RR 1502 * referred to by the DS record. 1503 * 1504 * The algorithm number used by the DS RR is identical to the algorithm 1505 * number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the 1506 * algorithm number types. 1507 * 1508 * 5.1.3. The Digest Type Field 1509 * 1510 * The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY 1511 * RR. The Digest Type field identifies the algorithm used to construct 1512 * the digest. Appendix A.2 lists the possible digest algorithm types. 1513 * 1514 * 5.1.4. The Digest Field 1515 * 1516 * The DS record refers to a DNSKEY RR by including a digest of that 1517 * DNSKEY RR. 1518 * 1519 * The digest is calculated by concatenating the canonical form of the 1520 * fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA, 1521 * and then applying the digest algorithm. 1522 * 1523 * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); 1524 * 1525 * "|" denotes concatenation 1526 * 1527 * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. 1528 * 1529 * The size of the digest may vary depending on the digest algorithm and 1530 * DNSKEY RR size. As of the time of this writing, the only defined 1531 * digest algorithm is SHA-1, which produces a 20 octet digest. 1532 */ 1533ISC_RUN_TEST_IMPL(ds) { 1534 text_ok_t text_ok[] = { 1535 /* 1536 * Invalid, empty record. 1537 */ 1538 TEXT_INVALID(""), 1539 /* 1540 * Invalid, no algorithm. 1541 */ 1542 TEXT_INVALID("0"), 1543 /* 1544 * Invalid, no digest type. 1545 */ 1546 TEXT_INVALID("0 0"), 1547 /* 1548 * Invalid, no digest. 1549 */ 1550 TEXT_INVALID("0 0 0"), 1551 /* 1552 * Valid, 1-octet digest for a reserved digest type. 1553 */ 1554 TEXT_VALID("0 0 0 00"), 1555 /* 1556 * Invalid, short SHA-1 digest. 1557 */ 1558 TEXT_INVALID("0 0 1 00"), 1559 TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B"), 1560 /* 1561 * Valid, 20-octet SHA-1 digest. 1562 */ 1563 TEXT_VALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B6A"), 1564 /* 1565 * Invalid, excessively long SHA-1 digest. 1566 */ 1567 TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B" 1568 "6A00"), 1569 /* 1570 * Invalid, short SHA-256 digest. 1571 */ 1572 TEXT_INVALID("0 0 2 00"), 1573 TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" 1574 "9BD59C5F237D9BF85434C313"), 1575 /* 1576 * Valid, 32-octet SHA-256 digest. 1577 */ 1578 TEXT_VALID_CHANGED("0 0 2 " 1579 "D001BD422FFDA9B745425B71DC17D007E691869B" 1580 "D59C5F237D9BF85434C3133F", 1581 "0 0 2 " 1582 "D001BD422FFDA9B745425B71DC17D007E691869B" 1583 "D59C5F237D9BF854 34C3133F"), 1584 /* 1585 * Invalid, excessively long SHA-256 digest. 1586 */ 1587 TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" 1588 "9BD59C5F237D9BF85434C3133F00"), 1589 /* 1590 * Valid, GOST is no longer supported, hence no length checks. 1591 */ 1592 TEXT_VALID("0 0 3 00"), 1593 /* 1594 * Invalid, short SHA-384 digest. 1595 */ 1596 TEXT_INVALID("0 0 4 00"), 1597 TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" 1598 "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" 1599 "A37A699F65E5"), 1600 /* 1601 * Valid, 48-octet SHA-384 digest. 1602 */ 1603 TEXT_VALID_CHANGED("0 0 4 " 1604 "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" 1605 "12128D238BEBB4814B648F5A841E15CAA2DE348891A" 1606 "37A" 1607 "699F65E54D", 1608 "0 0 4 " 1609 "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" 1610 "12128D238BEBB481 " 1611 "4B648F5A841E15CAA2DE348891A37A" 1612 "699F65E54D"), 1613 /* 1614 * Invalid, excessively long SHA-384 digest. 1615 */ 1616 TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" 1617 "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" 1618 "A37A699F65E54D00"), 1619 /* 1620 * Valid, 1-octet digest for an unassigned digest type. 1621 */ 1622 TEXT_VALID("0 0 5 00"), 1623 /* 1624 * Sentinel. 1625 */ 1626 TEXT_SENTINEL() 1627 }; 1628 wire_ok_t wire_ok[] = { 1629 /* 1630 * Invalid, truncated key tag. 1631 */ 1632 WIRE_INVALID(0x00), 1633 /* 1634 * Invalid, no algorithm. 1635 */ 1636 WIRE_INVALID(0x00, 0x00), 1637 /* 1638 * Invalid, no digest type. 1639 */ 1640 WIRE_INVALID(0x00, 0x00, 0x00), 1641 /* 1642 * Invalid, no digest. 1643 */ 1644 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 1645 /* 1646 * Valid, 1-octet digest for a reserved digest type. 1647 */ 1648 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 1649 /* 1650 * Invalid, short SHA-1 digest. 1651 */ 1652 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), 1653 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 1654 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 1655 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B), 1656 /* 1657 * Valid, 20-octet SHA-1 digest. 1658 */ 1659 WIRE_VALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 0x16, 1660 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 0x68, 0xF8, 1661 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A), 1662 /* 1663 * Invalid, excessively long SHA-1 digest. 1664 */ 1665 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 1666 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 1667 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A, 1668 0x00), 1669 /* 1670 * Invalid, short SHA-256 digest. 1671 */ 1672 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0x00), 1673 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 1674 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 1675 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 1676 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, 1677 0x34, 0xC3, 0x13), 1678 /* 1679 * Valid, 32-octet SHA-256 digest. 1680 */ 1681 WIRE_VALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 0x2F, 1682 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 0xDC, 0x17, 1683 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 0xD5, 0x9C, 0x5F, 1684 0x23, 0x7D, 0x9B, 0xF8, 0x54, 0x34, 0xC3, 0x13, 1685 0x3F), 1686 /* 1687 * Invalid, excessively long SHA-256 digest. 1688 */ 1689 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 1690 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 1691 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 1692 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, 1693 0x34, 0xC3, 0x13, 0x3F, 0x00), 1694 /* 1695 * Valid, GOST is no longer supported, hence no length checks. 1696 */ 1697 WIRE_VALID(0x00, 0x00, 0x00, 0x03, 0x00), 1698 /* 1699 * Invalid, short SHA-384 digest. 1700 */ 1701 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0x00), 1702 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 1703 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 1704 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 1705 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, 1706 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, 1707 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, 1708 0x9F, 0x65, 0xE5), 1709 /* 1710 * Valid, 48-octet SHA-384 digest. 1711 */ 1712 WIRE_VALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 0x5A, 1713 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 0x4B, 0x7D, 1714 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 0x12, 0x12, 0x8D, 1715 0x23, 0x8B, 0xEB, 0xB4, 0x81, 0x4B, 0x64, 0x8F, 0x5A, 1716 0x84, 0x1E, 0x15, 0xCA, 0xA2, 0xDE, 0x34, 0x88, 0x91, 1717 0xA3, 0x7A, 0x69, 0x9F, 0x65, 0xE5, 0x4D), 1718 /* 1719 * Invalid, excessively long SHA-384 digest. 1720 */ 1721 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 1722 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 1723 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 1724 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, 1725 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, 1726 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, 1727 0x9F, 0x65, 0xE5, 0x4D, 0x00), 1728 WIRE_VALID(0x00, 0x00, 0x04, 0x00, 0x00), 1729 /* 1730 * Sentinel. 1731 */ 1732 WIRE_SENTINEL() 1733 }; 1734 1735 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1736 dns_rdatatype_ds, sizeof(dns_rdata_ds_t)); 1737} 1738 1739/* 1740 * EDNS Client Subnet tests. 1741 * 1742 * RFC 7871: 1743 * 1744 * 6. Option Format 1745 * 1746 * This protocol uses an EDNS0 [RFC6891] option to include client 1747 * address information in DNS messages. The option is structured as 1748 * follows: 1749 * 1750 * +0 (MSB) +1 (LSB) 1751 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1752 * 0: | OPTION-CODE | 1753 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1754 * 2: | OPTION-LENGTH | 1755 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1756 * 4: | FAMILY | 1757 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1758 * 6: | SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH | 1759 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1760 * 8: | ADDRESS... / 1761 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1762 * 1763 * o (Defined in [RFC6891]) OPTION-CODE, 2 octets, for ECS is 8 (0x00 1764 * 0x08). 1765 * 1766 * o (Defined in [RFC6891]) OPTION-LENGTH, 2 octets, contains the 1767 * length of the payload (everything after OPTION-LENGTH) in octets. 1768 * 1769 * o FAMILY, 2 octets, indicates the family of the address contained in 1770 * the option, using address family codes as assigned by IANA in 1771 * Address Family Numbers [Address_Family_Numbers]. 1772 * 1773 * The format of the address part depends on the value of FAMILY. This 1774 * document only defines the format for FAMILY 1 (IPv4) and FAMILY 2 1775 * (IPv6), which are as follows: 1776 * 1777 * o SOURCE PREFIX-LENGTH, an unsigned octet representing the leftmost 1778 * number of significant bits of ADDRESS to be used for the lookup. 1779 * In responses, it mirrors the same value as in the queries. 1780 * 1781 * o SCOPE PREFIX-LENGTH, an unsigned octet representing the leftmost 1782 * number of significant bits of ADDRESS that the response covers. 1783 * In queries, it MUST be set to 0. 1784 * 1785 * o ADDRESS, variable number of octets, contains either an IPv4 or 1786 * IPv6 address, depending on FAMILY, which MUST be truncated to the 1787 * number of bits indicated by the SOURCE PREFIX-LENGTH field, 1788 * padding with 0 bits to pad to the end of the last octet needed. 1789 * 1790 * o A server receiving an ECS option that uses either too few or too 1791 * many ADDRESS octets, or that has non-zero ADDRESS bits set beyond 1792 * SOURCE PREFIX-LENGTH, SHOULD return FORMERR to reject the packet, 1793 * as a signal to the software developer making the request to fix 1794 * their implementation. 1795 * 1796 * All fields are in network byte order ("big-endian", per [RFC1700], 1797 * Data Notation). 1798 */ 1799ISC_RUN_TEST_IMPL(edns_client_subnet) { 1800 wire_ok_t wire_ok[] = { 1801 /* 1802 * Option code with no content. 1803 */ 1804 WIRE_INVALID(0x00, 0x08, 0x00, 0x00), 1805 /* 1806 * Option code family 0, source 0, scope 0. 1807 */ 1808 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00), 1809 /* 1810 * Option code family 1 (IPv4), source 0, scope 0. 1811 */ 1812 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00), 1813 /* 1814 * Option code family 2 (IPv6) , source 0, scope 0. 1815 */ 1816 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00), 1817 /* 1818 * Extra octet. 1819 */ 1820 WIRE_INVALID(0x00, 0x08, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 1821 0x00), 1822 /* 1823 * Source too long for IPv4. 1824 */ 1825 WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 33, 0x00, 0x00, 1826 0x00, 0x00, 0x00), 1827 /* 1828 * Source too long for IPv6. 1829 */ 1830 WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 129, 0x00, 0x00, 1831 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1832 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1833 /* 1834 * Scope too long for IPv4. 1835 */ 1836 WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 0x00, 33, 0x00, 1837 0x00, 0x00, 0x00), 1838 /* 1839 * Scope too long for IPv6. 1840 */ 1841 WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 0x00, 129, 0x00, 1842 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1843 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1844 /* 1845 * When family=0, source and scope should be 0. 1846 */ 1847 WIRE_VALID(0x00, 0x08, 0x00, 4, 0x00, 0x00, 0x00, 0x00), 1848 /* 1849 * When family=0, source and scope should be 0. 1850 */ 1851 WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x01, 0x00, 0x00), 1852 /* 1853 * When family=0, source and scope should be 0. 1854 */ 1855 WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x00, 0x01, 0x00), 1856 /* 1857 * Length too short for source IPv4. 1858 */ 1859 WIRE_INVALID(0x00, 0x08, 0x00, 7, 0x00, 0x01, 32, 0x00, 0x00, 1860 0x00, 0x00), 1861 /* 1862 * Length too short for source IPv6. 1863 */ 1864 WIRE_INVALID(0x00, 0x08, 0x00, 19, 0x00, 0x02, 128, 0x00, 0x00, 1865 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1866 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1867 /* 1868 * Sentinel. 1869 */ 1870 WIRE_SENTINEL() 1871 }; 1872 1873 check_rdata(NULL, wire_ok, NULL, true, dns_rdataclass_in, 1874 dns_rdatatype_opt, sizeof(dns_rdata_opt_t)); 1875} 1876 1877/* 1878 * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt 1879 * 1880 * The RDATA portion of both the NIMLOC and EID records contains 1881 * uninterpreted binary data. The representation in the text master file 1882 * is an even number of hex characters (0 to 9, a to f), case is not 1883 * significant. For readability, whitespace may be included in the value 1884 * field and should be ignored when reading a master file. 1885 */ 1886ISC_RUN_TEST_IMPL(eid) { 1887 text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), 1888 TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), 1889 TEXT_INVALID("aab"), 1890 /* 1891 * Sentinel. 1892 */ 1893 TEXT_SENTINEL() }; 1894 wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), 1895 /* 1896 * Sentinel. 1897 */ 1898 WIRE_SENTINEL() }; 1899 1900 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1901 dns_rdatatype_eid, sizeof(dns_rdata_in_eid_t)); 1902} 1903 1904/* 1905 * test that an oversized HIP record will be rejected 1906 */ 1907ISC_RUN_TEST_IMPL(hip) { 1908 text_ok_t text_ok[] = { 1909 /* RFC 8005 examples. */ 1910 TEXT_VALID_LOOP(0, "2 200100107B1A74DF365639CC39F1D578 " 1911 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1912 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1913 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1914 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1915 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D"), 1916 TEXT_VALID_LOOP(1, "2 200100107B1A74DF365639CC39F1D578 " 1917 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1918 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1919 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1920 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1921 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " 1922 "rvs1.example.com."), 1923 TEXT_VALID_LOOP(2, "2 200100107B1A74DF365639CC39F1D578 " 1924 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1925 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1926 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1927 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1928 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " 1929 "rvs1.example.com. rvs2.example.com."), 1930 /* 1931 * Sentinel. 1932 */ 1933 TEXT_SENTINEL() 1934 }; 1935 unsigned char hipwire[DNS_RDATA_MAXLENGTH] = { 0x01, 0x00, 0x00, 0x01, 1936 0x00, 0x00, 0x04, 0x41, 1937 0x42, 0x43, 0x44, 0x00 }; 1938 unsigned char buf[1024 * 1024]; 1939 dns_rdata_t rdata = DNS_RDATA_INIT; 1940 isc_result_t result; 1941 size_t i; 1942 1943 /* 1944 * Fill the rest of input buffer with compression pointers. 1945 */ 1946 for (i = 12; i < sizeof(hipwire) - 2; i += 2) { 1947 hipwire[i] = 0xc0; 1948 hipwire[i + 1] = 0x06; 1949 } 1950 1951 result = wire_to_rdata(hipwire, sizeof(hipwire), dns_rdataclass_in, 1952 dns_rdatatype_hip, buf, sizeof(buf), &rdata); 1953 assert_int_equal(result, DNS_R_FORMERR); 1954 check_text_ok(text_ok, dns_rdataclass_in, dns_rdatatype_hip, 1955 sizeof(dns_rdata_hip_t)); 1956} 1957 1958/* 1959 * ISDN tests. 1960 * 1961 * RFC 1183: 1962 * 1963 * 3.2. The ISDN RR 1964 * 1965 * The ISDN RR is defined with mnemonic ISDN and type code 20 (decimal). 1966 * 1967 * An ISDN (Integrated Service Digital Network) number is simply a 1968 * telephone number. The intent of the members of the CCITT is to 1969 * upgrade all telephone and data network service to a common service. 1970 * 1971 * The numbering plan (E.163/E.164) is the same as the familiar 1972 * international plan for POTS (an un-official acronym, meaning Plain 1973 * Old Telephone Service). In E.166, CCITT says "An E.163/E.164 1974 * telephony subscriber may become an ISDN subscriber without a number 1975 * change." 1976 * 1977 * ISDN has the following format: 1978 * 1979 * <owner> <ttl> <class> ISDN <ISDN-address> <sa> 1980 * 1981 * The <ISDN-address> field is required; <sa> is optional. 1982 * 1983 * <ISDN-address> identifies the ISDN number of <owner> and DDI (Direct 1984 * Dial In) if any, as defined by E.164 [8] and E.163 [7], the ISDN and 1985 * PSTN (Public Switched Telephone Network) numbering plan. E.163 1986 * defines the country codes, and E.164 the form of the addresses. Its 1987 * format in master files is a <character-string> syntactically 1988 * identical to that used in TXT and HINFO. 1989 * 1990 * <sa> specifies the subaddress (SA). The format of <sa> in master 1991 * files is a <character-string> syntactically identical to that used in 1992 * TXT and HINFO. 1993 * 1994 * The format of ISDN is class insensitive. ISDN RRs cause no 1995 * additional section processing. 1996 * 1997 * The <ISDN-address> is a string of characters, normally decimal 1998 * digits, beginning with the E.163 country code and ending with the DDI 1999 * if any. Note that ISDN, in Q.931, permits any IA5 character in the 2000 * general case. 2001 * 2002 * The <sa> is a string of hexadecimal digits. For digits 0-9, the 2003 * concrete encoding in the Q.931 call setup information element is 2004 * identical to BCD. 2005 * 2006 * For example: 2007 * 2008 * Relay.Prime.COM. IN ISDN 150862028003217 2009 * sh.Prime.COM. IN ISDN 150862028003217 004 2010 * 2011 * (Note: "1" is the country code for the North American Integrated 2012 * Numbering Area, i.e., the system of "area codes" familiar to people 2013 * in those countries.) 2014 * 2015 * The RR data is the ASCII representation of the digits. It is encoded 2016 * as one or two <character-string>s, i.e., count followed by 2017 * characters. 2018 */ 2019ISC_RUN_TEST_IMPL(isdn) { 2020 wire_ok_t wire_ok[] = { /* 2021 * "". 2022 */ 2023 WIRE_VALID(0x00), 2024 /* 2025 * "\001". 2026 */ 2027 WIRE_VALID(0x01, 0x01), 2028 /* 2029 * "\001" "". 2030 */ 2031 WIRE_VALID(0x01, 0x01, 0x00), 2032 /* 2033 * "\001" "\001". 2034 */ 2035 WIRE_VALID(0x01, 0x01, 0x01, 0x01), 2036 /* 2037 * Sentinel. 2038 */ 2039 WIRE_SENTINEL() 2040 }; 2041 2042 check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, 2043 dns_rdatatype_isdn, sizeof(dns_rdata_isdn_t)); 2044} 2045 2046/* 2047 * KEY tests. 2048 */ 2049ISC_RUN_TEST_IMPL(key) { 2050 wire_ok_t wire_ok[] = { /* 2051 * RDATA is comprised of: 2052 * 2053 * - 2 octets for Flags, 2054 * - 1 octet for Protocol, 2055 * - 1 octet for Algorithm, 2056 * - variable number of octets for Public Key. 2057 * 2058 * RFC 2535 section 3.1.2 states that if bits 2059 * 0-1 of Flags are both set, the RR stops after 2060 * the algorithm octet and thus its length must 2061 * be 4 octets. In any other case, though, the 2062 * Public Key part must not be empty. 2063 */ 2064 WIRE_INVALID(0x00), 2065 WIRE_INVALID(0x00, 0x00), 2066 WIRE_INVALID(0x00, 0x00, 0x00), 2067 WIRE_VALID(0xc0, 0x00, 0x00, 0x00), 2068 WIRE_INVALID(0xc0, 0x00, 0x00, 0x00, 0x00), 2069 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 2070 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 2071 WIRE_SENTINEL() 2072 }; 2073 2074 check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, 2075 dns_rdatatype_key, sizeof(dns_rdata_key_t)); 2076} 2077 2078/* 2079 * LOC tests. 2080 */ 2081ISC_RUN_TEST_IMPL(loc) { 2082 text_ok_t text_ok[] = { 2083 TEXT_VALID_CHANGED("0 N 0 E 0", "0 0 0.000 N 0 0 0.000 E 0.00m " 2084 "1m 10000m 10m"), 2085 TEXT_VALID_CHANGED("0 S 0 W 0", "0 0 0.000 N 0 0 0.000 E 0.00m " 2086 "1m 10000m 10m"), 2087 TEXT_VALID_CHANGED("0 0 N 0 0 E 0", "0 0 0.000 N 0 0 0.000 E " 2088 "0.00m 1m 10000m 10m"), 2089 TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", 2090 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2091 "10m"), 2092 TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", 2093 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2094 "10m"), 2095 TEXT_VALID_CHANGED("0 0 0. N 0 0 0. E 0", 2096 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2097 "10m"), 2098 TEXT_VALID_CHANGED("0 0 .0 N 0 0 .0 E 0", 2099 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2100 "10m"), 2101 TEXT_INVALID("0 North 0 East 0"), 2102 TEXT_INVALID("0 South 0 West 0"), 2103 TEXT_INVALID("0 0 . N 0 0 0. E 0"), 2104 TEXT_INVALID("0 0 0. N 0 0 . E 0"), 2105 TEXT_INVALID("0 0 0. N 0 0 0. E m"), 2106 TEXT_INVALID("0 0 0. N 0 0 0. E 0 ."), 2107 TEXT_INVALID("0 0 0. N 0 0 0. E 0 m"), 2108 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 ."), 2109 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 m"), 2110 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 ."), 2111 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 m"), 2112 TEXT_VALID_CHANGED("90 N 180 E 0", "90 0 0.000 N 180 0 0.000 E " 2113 "0.00m 1m 10000m 10m"), 2114 TEXT_INVALID("90 1 N 180 E 0"), 2115 TEXT_INVALID("90 0 1 N 180 E 0"), 2116 TEXT_INVALID("90 N 180 1 E 0"), 2117 TEXT_INVALID("90 N 180 0 1 E 0"), 2118 TEXT_VALID_CHANGED("90 S 180 W 0", "90 0 0.000 S 180 0 0.000 W " 2119 "0.00m 1m 10000m 10m"), 2120 TEXT_INVALID("90 1 S 180 W 0"), 2121 TEXT_INVALID("90 0 1 S 180 W 0"), 2122 TEXT_INVALID("90 S 180 1 W 0"), 2123 TEXT_INVALID("90 S 180 0 1 W 0"), 2124 TEXT_INVALID("0 0 0.000 E 0 0 0.000 E -0.95m 1m 10000m 10m"), 2125 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.95m 1m 10000m 10m"), 2126 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.05m 1m 10000m 10m"), 2127 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -100000.00m 1m 10000m 10m"), 2128 TEXT_VALID("0 0 0.000 N 0 0 0.000 E 42849672.95m 1m 10000m " 2129 "10m"), 2130 /* 2131 * Sentinel. 2132 */ 2133 TEXT_SENTINEL() 2134 }; 2135 2136 check_rdata(text_ok, 0, NULL, false, dns_rdataclass_in, 2137 dns_rdatatype_loc, sizeof(dns_rdata_loc_t)); 2138} 2139 2140/* 2141 * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt 2142 * 2143 * The RDATA portion of both the NIMLOC and EID records contains 2144 * uninterpreted binary data. The representation in the text master file 2145 * is an even number of hex characters (0 to 9, a to f), case is not 2146 * significant. For readability, whitespace may be included in the value 2147 * field and should be ignored when reading a master file. 2148 */ 2149ISC_RUN_TEST_IMPL(nimloc) { 2150 text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), 2151 TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), 2152 TEXT_INVALID("aab"), 2153 /* 2154 * Sentinel. 2155 */ 2156 TEXT_SENTINEL() }; 2157 wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), 2158 /* 2159 * Sentinel. 2160 */ 2161 WIRE_SENTINEL() }; 2162 2163 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2164 dns_rdatatype_nimloc, sizeof(dns_rdata_in_nimloc_t)); 2165} 2166 2167/* 2168 * NSEC tests. 2169 * 2170 * RFC 4034: 2171 * 2172 * 4.1. NSEC RDATA Wire Format 2173 * 2174 * The RDATA of the NSEC RR is as shown below: 2175 * 2176 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 2177 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2178 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2179 * / Next Domain Name / 2180 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2181 * / Type Bit Maps / 2182 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2183 * 2184 * 4.1.1. The Next Domain Name Field 2185 * 2186 * The Next Domain field contains the next owner name (in the canonical 2187 * ordering of the zone) that has authoritative data or contains a 2188 * delegation point NS RRset; see Section 6.1 for an explanation of 2189 * canonical ordering. The value of the Next Domain Name field in the 2190 * last NSEC record in the zone is the name of the zone apex (the owner 2191 * name of the zone's SOA RR). This indicates that the owner name of 2192 * the NSEC RR is the last name in the canonical ordering of the zone. 2193 * 2194 * A sender MUST NOT use DNS name compression on the Next Domain Name 2195 * field when transmitting an NSEC RR. 2196 * 2197 * Owner names of RRsets for which the given zone is not authoritative 2198 * (such as glue records) MUST NOT be listed in the Next Domain Name 2199 * unless at least one authoritative RRset exists at the same owner 2200 * name. 2201 * 2202 * 4.1.2. The Type Bit Maps Field 2203 * 2204 * The Type Bit Maps field identifies the RRset types that exist at the 2205 * NSEC RR's owner name. 2206 * 2207 * The RR type space is split into 256 window blocks, each representing 2208 * the low-order 8 bits of the 16-bit RR type space. Each block that 2209 * has at least one active RR type is encoded using a single octet 2210 * window number (from 0 to 255), a single octet bitmap length (from 1 2211 * to 32) indicating the number of octets used for the window block's 2212 * bitmap, and up to 32 octets (256 bits) of bitmap. 2213 * 2214 * Blocks are present in the NSEC RR RDATA in increasing numerical 2215 * order. 2216 * 2217 * Type Bit Maps Field = ( Window Block # | Bitmap Length | Bitmap )+ 2218 * 2219 * where "|" denotes concatenation. 2220 * 2221 * Each bitmap encodes the low-order 8 bits of RR types within the 2222 * window block, in network bit order. The first bit is bit 0. For 2223 * window block 0, bit 1 corresponds to RR type 1 (A), bit 2 corresponds 2224 * to RR type 2 (NS), and so forth. For window block 1, bit 1 2225 * corresponds to RR type 257, and bit 2 to RR type 258. If a bit is 2226 * set, it indicates that an RRset of that type is present for the NSEC 2227 * RR's owner name. If a bit is clear, it indicates that no RRset of 2228 * that type is present for the NSEC RR's owner name. 2229 * 2230 * Bits representing pseudo-types MUST be clear, as they do not appear 2231 * in zone data. If encountered, they MUST be ignored upon being read. 2232 */ 2233ISC_RUN_TEST_IMPL(nsec) { 2234 text_ok_t text_ok[] = { TEXT_INVALID(""), TEXT_INVALID("."), 2235 TEXT_VALID(". RRSIG"), TEXT_SENTINEL() }; 2236 wire_ok_t wire_ok[] = { WIRE_INVALID(0x00), WIRE_INVALID(0x00, 0x00), 2237 WIRE_INVALID(0x00, 0x00, 0x00), 2238 WIRE_VALID(0x00, 0x00, 0x01, 0x02), 2239 WIRE_SENTINEL() }; 2240 2241 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2242 dns_rdatatype_nsec, sizeof(dns_rdata_nsec_t)); 2243} 2244 2245/* 2246 * NSEC3 tests. 2247 * 2248 * RFC 5155. 2249 */ 2250ISC_RUN_TEST_IMPL(nsec3) { 2251 text_ok_t text_ok[] = { TEXT_INVALID(""), 2252 TEXT_INVALID("."), 2253 TEXT_INVALID(". RRSIG"), 2254 TEXT_INVALID("1 0 10 76931F"), 2255 TEXT_INVALID("1 0 10 76931F " 2256 "IMQ912BREQP1POLAH3RMONG&" 2257 "UED541AS"), 2258 TEXT_INVALID("1 0 10 76931F " 2259 "IMQ912BREQP1POLAH3RMONGAUED541AS " 2260 "A RRSIG BADTYPE"), 2261 TEXT_VALID("1 0 10 76931F " 2262 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM A " 2263 "RRSIG"), 2264 TEXT_VALID("1 0 10 76931F " 2265 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), 2266 TEXT_VALID("1 0 10 - " 2267 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), 2268 TEXT_SENTINEL() }; 2269 2270 check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in, 2271 dns_rdatatype_nsec3, sizeof(dns_rdata_nsec3_t)); 2272} 2273 2274/* NXT RDATA manipulations */ 2275ISC_RUN_TEST_IMPL(nxt) { 2276 compare_ok_t compare_ok[] = { 2277 COMPARE("a. A SIG", "a. A SIG", 0), 2278 /* 2279 * Records that differ only in the case of the next 2280 * name should be equal. 2281 */ 2282 COMPARE("A. A SIG", "a. A SIG", 0), 2283 /* 2284 * Sorting on name field. 2285 */ 2286 COMPARE("A. A SIG", "b. A SIG", -1), 2287 COMPARE("b. A SIG", "A. A SIG", 1), 2288 /* bit map differs */ 2289 COMPARE("b. A SIG", "b. A AAAA SIG", -1), 2290 /* order of bit map does not matter */ 2291 COMPARE("b. A SIG AAAA", "b. A AAAA SIG", 0), COMPARE_SENTINEL() 2292 }; 2293 2294 check_rdata(NULL, NULL, compare_ok, false, dns_rdataclass_in, 2295 dns_rdatatype_nxt, sizeof(dns_rdata_nxt_t)); 2296} 2297 2298ISC_RUN_TEST_IMPL(rkey) { 2299 text_ok_t text_ok[] = { /* 2300 * Valid, flags set to 0 and a key is present. 2301 */ 2302 TEXT_VALID("0 0 0 aaaa"), 2303 /* 2304 * Invalid, non-zero flags. 2305 */ 2306 TEXT_INVALID("1 0 0 aaaa"), 2307 TEXT_INVALID("65535 0 0 aaaa"), 2308 /* 2309 * Sentinel. 2310 */ 2311 TEXT_SENTINEL() 2312 }; 2313 wire_ok_t wire_ok[] = { /* 2314 * Valid, flags set to 0 and a key is present. 2315 */ 2316 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 2317 /* 2318 * Invalid, non-zero flags. 2319 */ 2320 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), 2321 WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00), 2322 /* 2323 * Sentinel. 2324 */ 2325 WIRE_SENTINEL() 2326 }; 2327 key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); 2328 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2329 dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); 2330} 2331 2332/* SSHFP RDATA manipulations */ 2333ISC_RUN_TEST_IMPL(sshfp) { 2334 text_ok_t text_ok[] = { TEXT_INVALID(""), /* too short */ 2335 TEXT_INVALID("0"), /* reserved, too short */ 2336 TEXT_VALID("0 0"), /* no finger print */ 2337 TEXT_VALID("0 0 AA"), /* reserved */ 2338 TEXT_INVALID("0 1 AA"), /* too short SHA 1 2339 * digest */ 2340 TEXT_INVALID("0 2 AA"), /* too short SHA 256 2341 * digest */ 2342 TEXT_VALID("0 3 AA"), /* unknown finger print 2343 * type */ 2344 /* good length SHA 1 digest */ 2345 TEXT_VALID("1 1 " 2346 "00112233445566778899AABBCCDDEEFF171" 2347 "81920"), 2348 /* good length SHA 256 digest */ 2349 TEXT_VALID("4 2 " 2350 "A87F1B687AC0E57D2A081A2F282672334D9" 2351 "0ED316D2B818CA9580EA3 84D92401"), 2352 /* 2353 * totext splits the fingerprint into chunks and 2354 * emits uppercase hex. 2355 */ 2356 TEXT_VALID_CHANGED("1 2 " 2357 "00112233445566778899aabbccd" 2358 "deeff " 2359 "00112233445566778899AABBCCD" 2360 "DEEFF", 2361 "1 2 " 2362 "00112233445566778899AABBCCD" 2363 "DEEFF" 2364 "00112233445566778899AABB " 2365 "CCDDEEFF"), 2366 TEXT_SENTINEL() }; 2367 wire_ok_t wire_ok[] = { 2368 WIRE_INVALID(0x00), /* reserved too short */ 2369 WIRE_VALID(0x00, 0x00), /* reserved no finger print */ 2370 WIRE_VALID(0x00, 0x00, 0x00), /* reserved */ 2371 2372 /* too short SHA 1 digests */ 2373 WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), 2374 WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2375 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2376 0xEE, 0xFF, 0x17, 0x18, 0x19), 2377 /* good length SHA 1 digest */ 2378 WIRE_VALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 2379 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 2380 0x17, 0x18, 0x19, 0x20), 2381 /* too long SHA 1 digest */ 2382 WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2383 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2384 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21), 2385 /* too short SHA 256 digests */ 2386 WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), 2387 WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2388 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2389 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 2390 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 2391 0x31), 2392 /* good length SHA 256 digest */ 2393 WIRE_VALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 2394 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 2395 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 2396 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32), 2397 /* too long SHA 256 digest */ 2398 WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2399 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2400 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 2401 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 2402 0x31, 0x32, 0x33), 2403 /* unknown digest, * no fingerprint */ 2404 WIRE_VALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), /* unknown 2405 * digest 2406 */ 2407 WIRE_SENTINEL() 2408 }; 2409 2410 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2411 dns_rdatatype_sshfp, sizeof(dns_rdata_sshfp_t)); 2412} 2413 2414/* 2415 * WKS tests. 2416 * 2417 * RFC 1035: 2418 * 2419 * 3.4.2. WKS RDATA format 2420 * 2421 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2422 * | ADDRESS | 2423 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2424 * | PROTOCOL | | 2425 * +--+--+--+--+--+--+--+--+ | 2426 * | | 2427 * / <BIT MAP> / 2428 * / / 2429 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2430 * 2431 * where: 2432 * 2433 * ADDRESS An 32 bit Internet address 2434 * 2435 * PROTOCOL An 8 bit IP protocol number 2436 * 2437 * <BIT MAP> A variable length bit map. The bit map must be a 2438 * multiple of 8 bits long. 2439 * 2440 * The WKS record is used to describe the well known services supported by 2441 * a particular protocol on a particular internet address. The PROTOCOL 2442 * field specifies an IP protocol number, and the bit map has one bit per 2443 * port of the specified protocol. The first bit corresponds to port 0, 2444 * the second to port 1, etc. If the bit map does not include a bit for a 2445 * protocol of interest, that bit is assumed zero. The appropriate values 2446 * and mnemonics for ports and protocols are specified in [RFC-1010]. 2447 * 2448 * For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port 2449 * 25 (SMTP). If this bit is set, a SMTP server should be listening on TCP 2450 * port 25; if zero, SMTP service is not supported on the specified 2451 * address. 2452 */ 2453ISC_RUN_TEST_IMPL(wks) { 2454 text_ok_t text_ok[] = { /* 2455 * Valid, IPv4 address in dotted-quad form. 2456 */ 2457 TEXT_VALID("127.0.0.1 6"), 2458 /* 2459 * Invalid, IPv4 address not in dotted-quad 2460 * form. 2461 */ 2462 TEXT_INVALID("127.1 6"), 2463 /* 2464 * Sentinel. 2465 */ 2466 TEXT_SENTINEL() 2467 }; 2468 wire_ok_t wire_ok[] = { /* 2469 * Too short. 2470 */ 2471 WIRE_INVALID(0x00, 0x08, 0x00, 0x00), 2472 /* 2473 * Minimal TCP. 2474 */ 2475 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 6), 2476 /* 2477 * Minimal UDP. 2478 */ 2479 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 17), 2480 /* 2481 * Minimal other. 2482 */ 2483 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 1), 2484 /* 2485 * Sentinel. 2486 */ 2487 WIRE_SENTINEL() 2488 }; 2489 2490 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2491 dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t)); 2492} 2493 2494ISC_RUN_TEST_IMPL(https_svcb) { 2495 /* 2496 * Known keys: mandatory, apln, no-default-alpn, port, 2497 * ipv4hint, port, ipv6hint, dohpath. 2498 */ 2499 text_ok_t text_ok[] = { 2500 /* unknown key invalid */ 2501 TEXT_INVALID("1 . unknown="), 2502 /* no domain */ 2503 TEXT_INVALID("0"), 2504 /* minimal record */ 2505 TEXT_VALID_LOOP(0, "0 ."), 2506 /* Alias form requires SvcFieldValue to be empty */ 2507 TEXT_INVALID("0 . alpn=\"h2\""), 2508 /* no "key" prefix */ 2509 TEXT_INVALID("2 svc.example.net. 0=\"2222\""), 2510 /* no key value */ 2511 TEXT_INVALID("2 svc.example.net. key"), 2512 /* no key value */ 2513 TEXT_INVALID("2 svc.example.net. key=\"2222\""), 2514 /* zero pad invalid */ 2515 TEXT_INVALID("2 svc.example.net. key07=\"2222\""), 2516 TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), 2517 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key8=2222", 2518 "2 svc.example.net. key8=\"2222\""), 2519 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2", 2520 "2 svc.example.net. alpn=\"h2\""), 2521 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h3", 2522 "2 svc.example.net. alpn=\"h3\""), 2523 /* alpn has 2 sub field "h2" and "h3" */ 2524 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2,h3", 2525 "2 svc.example.net. alpn=\"h2,h3\""), 2526 /* apln has 2 sub fields "h1,h2" and "h3" (comma escaped) */ 2527 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h1\\\\,h2,h3", 2528 "2 svc.example.net. alpn=\"h1\\\\,h2,h3\""), 2529 TEXT_VALID_LOOP(1, "2 svc.example.net. port=50"), 2530 /* no-default-alpn, alpn is required */ 2531 TEXT_INVALID("2 svc.example.net. no-default-alpn"), 2532 /* no-default-alpn with alpn present */ 2533 TEXT_VALID_LOOPCHG( 2534 2, "2 svc.example.net. no-default-alpn alpn=h2", 2535 "2 svc.example.net. alpn=\"h2\" no-default-alpn"), 2536 /* empty hint */ 2537 TEXT_INVALID("2 svc.example.net. ipv4hint="), 2538 TEXT_VALID_LOOP(1, "2 svc.example.net. " 2539 "ipv4hint=10.50.0.1,10.50.0.2"), 2540 /* empty hint */ 2541 TEXT_INVALID("2 svc.example.net. ipv6hint="), 2542 TEXT_VALID_LOOP(1, "2 svc.example.net. ipv6hint=::1,2002::1"), 2543 TEXT_VALID_LOOP(1, "2 svc.example.net. ech=abcdefghijkl"), 2544 /* bad base64 */ 2545 TEXT_INVALID("2 svc.example.net. ech=abcdefghijklm"), 2546 TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), 2547 /* Out of key order on input (alpn == key1). */ 2548 TEXT_VALID_LOOPCHG(2, 2549 "2 svc.example.net. key8=\"2222\" alpn=h2", 2550 "2 svc.example.net. alpn=\"h2\" " 2551 "key8=\"2222\""), 2552 TEXT_VALID_LOOP(1, "2 svc.example.net. key65535=\"2222\""), 2553 TEXT_INVALID("2 svc.example.net. key65536=\"2222\""), 2554 TEXT_VALID_LOOP(1, "2 svc.example.net. key10"), 2555 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key11=", 2556 "2 svc.example.net. key11"), 2557 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key12=\"\"", 2558 "2 svc.example.net. key12"), 2559 /* empty alpn-id sub fields */ 2560 TEXT_INVALID("2 svc.example.net. alpn"), 2561 TEXT_INVALID("2 svc.example.net. alpn="), 2562 TEXT_INVALID("2 svc.example.net. alpn=,h1"), 2563 TEXT_INVALID("2 svc.example.net. alpn=h1,"), 2564 TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"), 2565 /* mandatory */ 2566 TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn " 2567 "alpn=\"h2\""), 2568 TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=alpn,port " 2569 "alpn=\"h2\" port=443"), 2570 TEXT_VALID_LOOPCHG(3, 2571 "2 svc.example.net. mandatory=port,alpn " 2572 "alpn=\"h2\" port=443", 2573 "2 svc.example.net. mandatory=alpn,port " 2574 "alpn=\"h2\" port=443"), 2575 TEXT_INVALID("2 svc.example.net. mandatory=mandatory"), 2576 TEXT_INVALID("2 svc.example.net. mandatory=port"), 2577 TEXT_INVALID("2 svc.example.net. mandatory=,port port=433"), 2578 TEXT_INVALID("2 svc.example.net. mandatory=port, port=433"), 2579 TEXT_INVALID("2 svc.example.net. " 2580 "mandatory=alpn,,port alpn=h2 port=433"), 2581 /* mandatory w/ unknown key values */ 2582 TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=key8 key8"), 2583 TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=key8,key9 " 2584 "key8 key9"), 2585 TEXT_VALID_LOOPCHG( 2586 3, "2 svc.example.net. mandatory=key9,key8 key8 key9", 2587 "2 svc.example.net. mandatory=key8,key9 key8 key9"), 2588 TEXT_INVALID("2 svc.example.net. " 2589 "mandatory=key8,key8"), 2590 TEXT_INVALID("2 svc.example.net. mandatory=,key8"), 2591 TEXT_INVALID("2 svc.example.net. mandatory=key8,"), 2592 TEXT_INVALID("2 svc.example.net. " 2593 "mandatory=key8,,key8"), 2594 /* Invalid test vectors */ 2595 TEXT_INVALID("1 foo.example.com. ( key123=abc key123=def )"), 2596 TEXT_INVALID("1 foo.example.com. mandatory"), 2597 TEXT_INVALID("1 foo.example.com. alpn"), 2598 TEXT_INVALID("1 foo.example.com. port"), 2599 TEXT_INVALID("1 foo.example.com. ipv4hint"), 2600 TEXT_INVALID("1 foo.example.com. ipv6hint"), 2601 TEXT_INVALID("1 foo.example.com. no-default-alpn=abc"), 2602 TEXT_INVALID("1 foo.example.com. mandatory=key123"), 2603 TEXT_INVALID("1 foo.example.com. mandatory=mandatory"), 2604 TEXT_INVALID("1 foo.example.com. ( mandatory=key123,key123 " 2605 "key123=abc)"), 2606 /* dohpath tests */ 2607 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{?dns}", 2608 "1 example.net. key7=\"/{?dns}\""), 2609 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}", 2610 "1 example.net. key7=\"/some/path{?dns}\""), 2611 TEXT_INVALID("1 example.com. dohpath=no-slash"), 2612 TEXT_INVALID("1 example.com. dohpath=/{?notdns}"), 2613 TEXT_INVALID("1 example.com. dohpath=/notvariable"), 2614 TEXT_SENTINEL() 2615 2616 }; 2617 wire_ok_t wire_ok[] = { 2618 /* 2619 * Too short 2620 */ 2621 WIRE_INVALID(0x00, 0x00), 2622 /* 2623 * Minimal length record. 2624 */ 2625 WIRE_VALID(0x00, 0x00, 0x00), 2626 /* 2627 * Alias with non-empty SvcFieldValue (key7=""). 2628 */ 2629 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00), 2630 /* 2631 * Bad key7= length (longer than rdata). 2632 */ 2633 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x07, 0x00, 0x01), 2634 /* 2635 * Port (0x03) too small (zero and one octets). 2636 */ 2637 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x00), 2638 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00), 2639 /* Valid port */ 2640 WIRE_VALID_LOOP(1, 0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x02, 2641 0x00, 0x00), 2642 /* 2643 * Port (0x03) too big (three octets). 2644 */ 2645 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x03, 0x00, 2646 0x00, 0x00), 2647 /* 2648 * Duplicate keys. 2649 */ 2650 WIRE_INVALID(0x01, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 2651 0x80, 0x00, 0x00), 2652 /* 2653 * Out of order keys. 2654 */ 2655 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x81, 0x00, 0x00, 0x00, 2656 0x80, 0x00, 0x00), 2657 /* 2658 * Empty of mandatory key list. 2659 */ 2660 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), 2661 /* 2662 * "mandatory=mandatory" is invalid 2663 */ 2664 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 2665 0x00), 2666 /* 2667 * Out of order mandatory key list. 2668 */ 2669 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 2670 0x80, 0x00, 0x71, 0x00, 0x71, 0x00, 0x00, 0x00, 2671 0x80, 0x00, 0x00), 2672 /* 2673 * Alpn(0x00 0x01) (length 0x00 0x09) "h1,h2" + "h3" 2674 */ 2675 WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, 2676 5, 'h', '1', ',', 'h', '2', 2, 'h', '3'), 2677 /* 2678 * Alpn(0x00 0x01) (length 0x00 0x09) "h1\h2" + "h3" 2679 */ 2680 WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, 2681 5, 'h', '1', '\\', 'h', '2', 2, 'h', '3'), 2682 /* 2683 * no-default-alpn (0x00 0x02) without alpn, alpn is required. 2684 */ 2685 WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00), 2686 /* 2687 * Alpn(0x00 0x01) with zero length elements is invalid 2688 */ 2689 WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x05, 2690 0x00, 0x00, 0x00, 0x00, 0x00), 2691 WIRE_SENTINEL() 2692 }; 2693 /* Test vectors from RFCXXXX */ 2694 textvsunknown_t textvsunknown[] = { 2695 /* AliasForm */ 2696 { "0 foo.example.com", "\\# 19 ( 00 00 03 66 6f 6f 07 65 78 61 " 2697 "6d 70 6c 65 03 63 6f 6d 00)" }, 2698 /* ServiceForm */ 2699 { "1 .", "\\# 3 ( 00 01 00)" }, 2700 /* Port example */ 2701 { "16 foo.example.com port=53", 2702 "\\# 25 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2703 "6d 00 00 03 00 02 00 35 )" }, 2704 /* Unregistered keys with unquoted value. */ 2705 { "1 foo.example.com key667=hello", 2706 "\\# 28 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2707 "6d 00 02 9b 00 05 68 65 6c 6c 6f )" }, 2708 /* 2709 * Quoted decimal-escaped character. 2710 * 1 foo.example.com key667="hello\210qoo" 2711 */ 2712 { "1 foo.example.com key667=\"hello\\210qoo\"", 2713 "\\# 32 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2714 "6d 00 02 9b 00 09 68 65 6c 6c 6f d2 71 6f 6f )" }, 2715 /* 2716 * IPv6 hints example, quoted. 2717 * 1 foo.example.com ipv6hint="2001:db8::1,2001:db8::53:1" 2718 */ 2719 { "1 foo.example.com ipv6hint=\"2001:db8::1,2001:db8::53:1\"", 2720 "\\# 55 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2721 "6d 00 00 06 00 20 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 " 2722 "00 01 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 )" }, 2723 /* SvcParamValues and mandatory out of order. */ 2724 { "16 foo.example.org alpn=h2,h3-19 mandatory=ipv4hint,alpn " 2725 "ipv4hint=192.0.2.1", 2726 "\\# 48 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2727 "67 00 00 00 00 04 00 01 00 04 00 01 00 09 02 68 32 05 68 33 " 2728 "2d 31 39 00 04 00 04 c0 00 02 01 )" }, 2729 /* 2730 * Quoted ALPN with escaped comma and backslash. 2731 * 16 foo.example.org alpn="f\\\\oo\\,bar,h2" 2732 */ 2733 { "16 foo.example.org alpn=\"f\\\\\\\\oo\\\\,bar,h2\"", 2734 "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2735 "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, 2736 /* 2737 * Unquoted ALPN with escaped comma and backslash. 2738 * 16 foo.example.org alpn=f\\\092oo\092,bar,h2 2739 */ 2740 { "16 foo.example.org alpn=f\\\\\\092oo\\092,bar,h2", 2741 "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2742 "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, 2743 { NULL, NULL } 2744 }; 2745 2746 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2747 dns_rdatatype_svcb, sizeof(dns_rdata_in_svcb_t)); 2748 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2749 dns_rdatatype_https, sizeof(dns_rdata_in_https_t)); 2750 2751 check_textvsunknown(textvsunknown, dns_rdataclass_in, 2752 dns_rdatatype_svcb); 2753 check_textvsunknown(textvsunknown, dns_rdataclass_in, 2754 dns_rdatatype_https); 2755} 2756 2757/* 2758 * ZONEMD tests. 2759 * 2760 * Excerpted from RFC 8976: 2761 * 2762 * The ZONEMD RDATA wire format is encoded as follows: 2763 * 2764 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 2765 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2766 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2767 * | Serial | 2768 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2769 * | Scheme |Hash Algorithm | | 2770 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 2771 * | Digest | 2772 * / / 2773 * / / 2774 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2775 * 2776 * 2.2.1. The Serial Field 2777 * 2778 * The Serial field is a 32-bit unsigned integer in network byte order. 2779 * It is the serial number from the zone's SOA record ([RFC1035], 2780 * Section 3.3.13) for which the zone digest was generated. 2781 * 2782 * It is included here to clearly bind the ZONEMD RR to a particular 2783 * version of the zone's content. Without the serial number, a stand- 2784 * alone ZONEMD digest has no obvious association to any particular 2785 * instance of a zone. 2786 * 2787 * 2.2.2. The Scheme Field 2788 * 2789 * The Scheme field is an 8-bit unsigned integer that identifies the 2790 * methods by which data is collated and presented as input to the 2791 * hashing function. 2792 * 2793 * Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme 2794 * defined for ZONEMD records and it MUST be supported by 2795 * implementations. The "ZONEMD Schemes" registry is further described 2796 * in Section 5. 2797 * 2798 * Scheme values 240-254 are allocated for Private Use. 2799 * 2800 * 2.2.3. The Hash Algorithm Field 2801 * 2802 * The Hash Algorithm field is an 8-bit unsigned integer that identifies 2803 * the cryptographic hash algorithm used to construct the digest. 2804 * 2805 * Herein, SHA384 ([RFC6234]), with Hash Algorithm value 1, is the only 2806 * standardized Hash Algorithm defined for ZONEMD records that MUST be 2807 * supported by implementations. When SHA384 is used, the size of the 2808 * Digest field is 48 octets. The result of the SHA384 digest algorithm 2809 * MUST NOT be truncated, and the entire 48-octet digest is published in 2810 * the ZONEMD record. 2811 * 2812 * SHA512 ([RFC6234]), with Hash Algorithm value 2, is also defined for 2813 * ZONEMD records and SHOULD be supported by implementations. When 2814 * SHA512 is used, the size of the Digest field is 64 octets. The 2815 * result of the SHA512 digest algorithm MUST NOT be truncated, and the 2816 * entire 64-octet digest is published in the ZONEMD record. 2817 * 2818 * Hash Algorithm values 240-254 are allocated for Private Use. 2819 * 2820 * The "ZONEMD Hash Algorithms" registry is further described in 2821 * Section 5. 2822 * 2823 * 2.2.4. The Digest Field 2824 * 2825 * The Digest field is a variable-length sequence of octets containing 2826 * the output of the hash algorithm. The length of the Digest field is 2827 * determined by deducting the fixed size of the Serial, Scheme, and 2828 * Hash Algorithm fields from the RDATA size in the ZONEMD RR header. 2829 * 2830 * The Digest field MUST NOT be shorter than 12 octets. Digests for the 2831 * SHA384 and SHA512 hash algorithms specified herein are never 2832 * truncated. Digests for future hash algorithms MAY be truncated but 2833 * MUST NOT be truncated to a length that results in less than 96 bits 2834 * (12 octets) of equivalent strength. 2835 * 2836 * Section 3 describes how to calculate the digest for a zone. 2837 * Section 4 describes how to use the digest to verify the contents of a 2838 * zone. 2839 * 2840 */ 2841 2842ISC_RUN_TEST_IMPL(zonemd) { 2843 text_ok_t text_ok[] = { 2844 TEXT_INVALID(""), 2845 /* No digest scheme or digest type*/ 2846 TEXT_INVALID("0"), 2847 /* No digest type */ 2848 TEXT_INVALID("0 0"), 2849 /* No digest */ 2850 TEXT_INVALID("0 0 0"), 2851 /* No digest */ 2852 TEXT_INVALID("99999999 0 0"), 2853 /* No digest */ 2854 TEXT_INVALID("2019020700 0 0"), 2855 /* Digest too short */ 2856 TEXT_INVALID("2019020700 1 1 DEADBEEF"), 2857 /* Digest too short */ 2858 TEXT_INVALID("2019020700 1 2 DEADBEEF"), 2859 /* Digest too short */ 2860 TEXT_INVALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBE"), 2861 /* Digest type unknown */ 2862 TEXT_VALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBEEF"), 2863 /* Digest type max */ 2864 TEXT_VALID("2019020700 1 255 DEADBEEFDEADBEEFDEADBEEF"), 2865 /* Digest type too big */ 2866 TEXT_INVALID("2019020700 0 256 DEADBEEFDEADBEEFDEADBEEF"), 2867 /* Scheme max */ 2868 TEXT_VALID("2019020700 255 3 DEADBEEFDEADBEEFDEADBEEF"), 2869 /* Scheme too big */ 2870 TEXT_INVALID("2019020700 256 3 DEADBEEFDEADBEEFDEADBEEF"), 2871 /* SHA384 */ 2872 TEXT_VALID("2019020700 1 1 " 2873 "7162D2BB75C047A53DE98767C9192BEB" 2874 "14DB01E7E2267135DAF0230A 19BA4A31" 2875 "6AF6BF64AA5C7BAE24B2992850300509"), 2876 /* SHA512 */ 2877 TEXT_VALID("2019020700 1 2 " 2878 "08CFA1115C7B948C4163A901270395EA" 2879 "226A930CD2CBCF2FA9A5E6EB 85F37C8A" 2880 "4E114D884E66F176EAB121CB02DB7D65" 2881 "2E0CC4827E7A3204 F166B47E5613FD27"), 2882 /* SHA384 too short and with private scheme */ 2883 TEXT_INVALID("2021042801 0 1 " 2884 "7162D2BB75C047A53DE98767C9192BEB" 2885 "6AF6BF64AA5C7BAE24B2992850300509"), 2886 /* SHA512 too short and with private scheme */ 2887 TEXT_INVALID("2021042802 5 2 " 2888 "A897B40072ECAE9E4CA3F1F227DE8F5E" 2889 "480CDEBB16DFC64C1C349A7B5F6C71AB" 2890 "E8A88B76EF0BA1604EC25752E946BF98"), 2891 TEXT_SENTINEL() 2892 }; 2893 wire_ok_t wire_ok[] = { 2894 /* 2895 * Short. 2896 */ 2897 WIRE_INVALID(0x00), 2898 /* 2899 * Short. 2900 */ 2901 WIRE_INVALID(0x00, 0x00), 2902 /* 2903 * Short. 2904 */ 2905 WIRE_INVALID(0x00, 0x00, 0x00), 2906 /* 2907 * Short. 2908 */ 2909 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 2910 /* 2911 * Short. 2912 */ 2913 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), 2914 /* 2915 * Short. 2916 */ 2917 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 2918 /* 2919 * Short 11-octet digest. 2920 */ 2921 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2923 0x00), 2924 /* 2925 * Minimal, 12-octet hash for an undefined digest type. 2926 */ 2927 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2928 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2929 0x00), 2930 /* 2931 * SHA-384 is defined, so we insist there be a digest of 2932 * the expected length. 2933 */ 2934 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 2935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 2936 0x00, 0x00), 2937 /* 2938 * 48-octet digest, valid for SHA-384. 2939 */ 2940 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xde, 0xad, 0xbe, 2941 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2942 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2943 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2944 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2945 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 2946 0xce), 2947 /* 2948 * 56-octet digest, too long for SHA-384. 2949 */ 2950 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0xde, 0xad, 2951 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2952 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2953 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2954 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2955 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2956 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2957 0xbe, 0xef, 0xfa, 0xce), 2958 /* 2959 * 56-octet digest, too short for SHA-512 2960 */ 2961 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 2962 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2963 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2964 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2965 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2966 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2967 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2968 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad), 2969 /* 2970 * 64-octet digest, just right for SHA-512 2971 */ 2972 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 0xbe, 2973 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2974 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2975 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2976 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2977 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2978 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2979 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef), 2980 /* 2981 * 72-octet digest, too long for SHA-512 2982 */ 2983 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 2984 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2985 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2986 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2987 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2988 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2989 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 2990 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 2991 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2992 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), 2993 /* 2994 * 56-octet digest, valid for an undefined digest type. 2995 */ 2996 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xde, 0xad, 0xbe, 2997 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 2998 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 2999 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3000 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3001 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3002 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), 3003 /* 3004 * Sentinel. 3005 */ 3006 WIRE_SENTINEL() 3007 }; 3008 3009 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 3010 dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t)); 3011} 3012 3013ISC_RUN_TEST_IMPL(atcname) { 3014 unsigned int i; 3015 3016#define UNR "# Unexpected result from dns_rdatatype_atcname for type %u\n" 3017 for (i = 0; i < 0xffffU; i++) { 3018 bool tf = dns_rdatatype_atcname((dns_rdatatype_t)i); 3019 switch (i) { 3020 case dns_rdatatype_nsec: 3021 case dns_rdatatype_key: 3022 case dns_rdatatype_rrsig: 3023 if (!tf) { 3024 print_message(UNR, i); 3025 } 3026 assert_true(tf); 3027 break; 3028 default: 3029 if (tf) { 3030 print_message(UNR, i); 3031 } 3032 assert_false(tf); 3033 break; 3034 } 3035 } 3036#undef UNR 3037} 3038 3039ISC_RUN_TEST_IMPL(atparent) { 3040 unsigned int i; 3041 3042#define UNR "# Unexpected result from dns_rdatatype_atparent for type %u\n" 3043 for (i = 0; i < 0xffffU; i++) { 3044 bool tf = dns_rdatatype_atparent((dns_rdatatype_t)i); 3045 switch (i) { 3046 case dns_rdatatype_ds: 3047 if (!tf) { 3048 print_message(UNR, i); 3049 } 3050 assert_true(tf); 3051 break; 3052 default: 3053 if (tf) { 3054 print_message(UNR, i); 3055 } 3056 assert_false(tf); 3057 break; 3058 } 3059 } 3060#undef UNR 3061} 3062 3063ISC_RUN_TEST_IMPL(iszonecutauth) { 3064 unsigned int i; 3065#define UNR "# Unexpected result from dns_rdatatype_iszonecutauth for type %u\n" 3066 for (i = 0; i < 0xffffU; i++) { 3067 bool tf = dns_rdatatype_iszonecutauth((dns_rdatatype_t)i); 3068 switch (i) { 3069 case dns_rdatatype_ns: 3070 case dns_rdatatype_ds: 3071 case dns_rdatatype_nsec: 3072 case dns_rdatatype_key: 3073 case dns_rdatatype_rrsig: 3074 if (!tf) { 3075 print_message(UNR, i); 3076 } 3077 assert_true(tf); 3078 break; 3079 default: 3080 if (tf) { 3081 print_message(UNR, i); 3082 } 3083 assert_false(tf); 3084 break; 3085 } 3086 } 3087#undef UNR 3088} 3089 3090ISC_TEST_LIST_START 3091 3092/* types */ 3093ISC_TEST_ENTRY(amtrelay) 3094ISC_TEST_ENTRY(apl) 3095ISC_TEST_ENTRY(atma) 3096ISC_TEST_ENTRY(cdnskey) 3097ISC_TEST_ENTRY(csync) 3098ISC_TEST_ENTRY(dnskey) 3099ISC_TEST_ENTRY(doa) 3100ISC_TEST_ENTRY(ds) 3101ISC_TEST_ENTRY(eid) 3102ISC_TEST_ENTRY(hip) 3103ISC_TEST_ENTRY(https_svcb) 3104ISC_TEST_ENTRY(isdn) 3105ISC_TEST_ENTRY(key) 3106ISC_TEST_ENTRY(loc) 3107ISC_TEST_ENTRY(nimloc) 3108ISC_TEST_ENTRY(nsec) 3109ISC_TEST_ENTRY(nsec3) 3110ISC_TEST_ENTRY(nxt) 3111ISC_TEST_ENTRY(rkey) 3112ISC_TEST_ENTRY(sshfp) 3113ISC_TEST_ENTRY(wks) 3114ISC_TEST_ENTRY(zonemd) 3115 3116/* other tests */ 3117ISC_TEST_ENTRY(edns_client_subnet) 3118ISC_TEST_ENTRY(atcname) 3119ISC_TEST_ENTRY(atparent) 3120ISC_TEST_ENTRY(iszonecutauth) 3121ISC_TEST_LIST_END 3122 3123ISC_TEST_MAIN 3124