rdata_test.c revision 1.4
1 /* $NetBSD: rdata_test.c,v 1.4 2025/01/26 16:25:48 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #include <inttypes.h> 17 #include <sched.h> /* IWYU pragma: keep */ 18 #include <setjmp.h> 19 #include <stdarg.h> 20 #include <stdbool.h> 21 #include <stddef.h> 22 #include <stdlib.h> 23 #include <string.h> 24 #include <unistd.h> 25 26 #define UNIT_TESTING 27 28 #include <cmocka.h> 29 #include <openssl_shim.h> 30 31 #include <openssl/err.h> 32 33 #include <isc/commandline.h> 34 #include <isc/hex.h> 35 #include <isc/lex.h> 36 #include <isc/stdio.h> 37 #include <isc/types.h> 38 #include <isc/util.h> 39 40 #include <dns/rdata.h> 41 42 #include <tests/dns.h> 43 44 /* 45 * An array of these structures is passed to compare_ok(). 46 */ 47 struct compare_ok { 48 const char *text1; /* text passed to fromtext_*() */ 49 const char *text2; /* text passed to fromtext_*() */ 50 int answer; /* -1, 0, 1 */ 51 int lineno; /* source line defining this RDATA */ 52 }; 53 typedef struct compare_ok compare_ok_t; 54 55 struct textvsunknown { 56 const char *text1; 57 const char *text2; 58 }; 59 typedef struct textvsunknown textvsunknown_t; 60 61 /* 62 * An array of these structures is passed to check_text_ok(). 63 */ 64 typedef struct text_ok { 65 const char *text_in; /* text passed to fromtext_*() */ 66 const char *text_out; /* text expected from totext_*(); 67 * NULL indicates text_in is invalid */ 68 unsigned int loop; 69 } text_ok_t; 70 71 /* 72 * An array of these structures is passed to check_wire_ok(). 73 */ 74 typedef struct wire_ok { 75 unsigned char data[512]; /* RDATA in wire format */ 76 size_t len; /* octets of data to parse */ 77 bool ok; /* is this RDATA valid? */ 78 unsigned int loop; 79 } wire_ok_t; 80 81 #define COMPARE(r1, r2, answer) { r1, r2, answer, __LINE__ } 82 #define COMPARE_SENTINEL() { NULL, NULL, 0, __LINE__ } 83 84 #define TEXT_VALID_CHANGED(data_in, data_out) { data_in, data_out, 0 } 85 #define TEXT_VALID(data) { data, data, 0 } 86 #define TEXT_VALID_LOOP(loop, data) { data, data, loop } 87 #define TEXT_VALID_LOOPCHG(loop, data_in, data_out) { data_in, data_out, loop } 88 #define TEXT_INVALID(data) { data, NULL, 0 } 89 #define TEXT_SENTINEL() TEXT_INVALID(NULL) 90 91 #define VARGC(...) (sizeof((unsigned char[]){ __VA_ARGS__ })) 92 #define WIRE_TEST(ok, loop, ...) \ 93 { { __VA_ARGS__ }, VARGC(__VA_ARGS__), ok, loop } 94 #define WIRE_VALID(...) WIRE_TEST(true, 0, __VA_ARGS__) 95 #define WIRE_VALID_LOOP(loop, ...) WIRE_TEST(true, loop, __VA_ARGS__) 96 /* 97 * WIRE_INVALID() test cases must always have at least one octet specified to 98 * distinguish them from WIRE_SENTINEL(). Use the 'empty_ok' parameter passed 99 * to check_wire_ok() for indicating whether empty RDATA is allowed for a given 100 * RR type or not. 101 */ 102 #define WIRE_INVALID(FIRST, ...) WIRE_TEST(false, 0, FIRST, __VA_ARGS__) 103 #define WIRE_SENTINEL() WIRE_TEST(false, 0) 104 105 static void 106 detect_uncleared_libcrypto_error(void) { 107 const char *file, *func, *data; 108 int line, flags; 109 long err; 110 bool leak = false; 111 while ((err = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 112 0L) 113 { 114 fprintf(stderr, 115 "# Uncleared libcrypto error: %s:%d %s %s %ld %x\n", 116 file, line, func, data, err, flags); 117 leak = true; 118 } 119 assert_false(leak); 120 } 121 122 /* 123 * Call dns_rdata_fromwire() for data in 'src', which is 'srclen' octets in 124 * size and represents RDATA of given 'type' and 'class'. Store the resulting 125 * uncompressed wire form in 'dst', which is 'dstlen' octets in size, and make 126 * 'rdata' refer to that uncompressed wire form. 127 */ 128 static isc_result_t 129 wire_to_rdata(const unsigned char *src, size_t srclen, dns_rdataclass_t rdclass, 130 dns_rdatatype_t type, unsigned char *dst, size_t dstlen, 131 dns_rdata_t *rdata) { 132 isc_buffer_t source, target; 133 isc_result_t result; 134 135 /* 136 * Set up len-octet buffer pointing at data. 137 */ 138 isc_buffer_constinit(&source, src, srclen); 139 isc_buffer_add(&source, srclen); 140 isc_buffer_setactive(&source, srclen); 141 142 /* 143 * Initialize target buffer. 144 */ 145 isc_buffer_init(&target, dst, dstlen); 146 147 /* 148 * Try converting input data into uncompressed wire form. 149 */ 150 result = dns_rdata_fromwire(rdata, rdclass, type, &source, 151 DNS_DECOMPRESS_ALWAYS, &target); 152 detect_uncleared_libcrypto_error(); 153 154 return result; 155 } 156 157 /* 158 * Call dns_rdata_towire() for rdata and write to result to dst. 159 */ 160 static isc_result_t 161 rdata_towire(dns_rdata_t *rdata, unsigned char *dst, size_t dstlen, 162 size_t *length) { 163 isc_buffer_t target; 164 dns_compress_t cctx; 165 isc_result_t result; 166 167 /* 168 * Initialize target buffer. 169 */ 170 isc_buffer_init(&target, dst, dstlen); 171 172 /* 173 * Try converting input data into uncompressed wire form. 174 */ 175 dns_compress_init(&cctx, mctx, 0); 176 result = dns_rdata_towire(rdata, &cctx, &target); 177 detect_uncleared_libcrypto_error(); 178 dns_compress_invalidate(&cctx); 179 180 *length = isc_buffer_usedlength(&target); 181 182 return result; 183 } 184 185 static isc_result_t 186 additionaldata_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype, 187 dns_rdataset_t *found DNS__DB_FLARG) { 188 UNUSED(arg); 189 UNUSED(name); 190 UNUSED(qtype); 191 UNUSED(found); 192 return ISC_R_SUCCESS; 193 } 194 195 /* 196 * call dns_rdata_additionaldata() for rdata. 197 */ 198 static isc_result_t 199 rdata_additionadata(dns_rdata_t *rdata) { 200 return dns_rdata_additionaldata(rdata, dns_rootname, additionaldata_cb, 201 NULL); 202 } 203 204 /* 205 * Call dns_rdata_checknames() with various owner names chosen to 206 * match well known forms. 207 * 208 * We are currently only checking that the calls do not trigger 209 * assertion failures. 210 * 211 * XXXMPA A future extension could be to record the expected 212 * result and the expected value of 'bad'. 213 */ 214 static void 215 rdata_checknames(dns_rdata_t *rdata) { 216 dns_fixedname_t fixed, bfixed; 217 dns_name_t *name, *bad; 218 isc_result_t result; 219 220 name = dns_fixedname_initname(&fixed); 221 bad = dns_fixedname_initname(&bfixed); 222 223 (void)dns_rdata_checknames(rdata, dns_rootname, NULL); 224 (void)dns_rdata_checknames(rdata, dns_rootname, bad); 225 226 result = dns_name_fromstring(name, "example.net", dns_rootname, 0, 227 NULL); 228 assert_int_equal(result, ISC_R_SUCCESS); 229 (void)dns_rdata_checknames(rdata, name, NULL); 230 (void)dns_rdata_checknames(rdata, name, bad); 231 232 result = dns_name_fromstring(name, "in-addr.arpa", dns_rootname, 0, 233 NULL); 234 assert_int_equal(result, ISC_R_SUCCESS); 235 (void)dns_rdata_checknames(rdata, name, NULL); 236 (void)dns_rdata_checknames(rdata, name, bad); 237 238 result = dns_name_fromstring(name, "ip6.arpa", dns_rootname, 0, NULL); 239 assert_int_equal(result, ISC_R_SUCCESS); 240 (void)dns_rdata_checknames(rdata, name, NULL); 241 (void)dns_rdata_checknames(rdata, name, bad); 242 } 243 244 /* 245 * Test whether converting rdata to a type-specific struct and then back to 246 * rdata results in the same uncompressed wire form. This checks whether 247 * tostruct_*() and fromstruct_*() routines for given RR class and type behave 248 * consistently. 249 * 250 * This function is called for every correctly processed input RDATA, from both 251 * check_text_ok_single() and check_wire_ok_single(). 252 */ 253 static void 254 check_struct_conversions(dns_rdata_t *rdata, size_t structsize, 255 unsigned int loop) { 256 dns_rdataclass_t rdclass = rdata->rdclass; 257 dns_rdatatype_t type = rdata->type; 258 isc_result_t result; 259 isc_buffer_t target; 260 void *rdata_struct; 261 char buf[1024]; 262 unsigned int count = 0; 263 264 rdata_struct = isc_mem_allocate(mctx, structsize); 265 assert_non_null(rdata_struct); 266 267 /* 268 * Convert from uncompressed wire form into type-specific struct. 269 */ 270 result = dns_rdata_tostruct(rdata, rdata_struct, NULL); 271 detect_uncleared_libcrypto_error(); 272 assert_int_equal(result, ISC_R_SUCCESS); 273 274 /* 275 * Convert from type-specific struct into uncompressed wire form. 276 */ 277 isc_buffer_init(&target, buf, sizeof(buf)); 278 result = dns_rdata_fromstruct(NULL, rdclass, type, rdata_struct, 279 &target); 280 assert_int_equal(result, ISC_R_SUCCESS); 281 282 /* 283 * Ensure results are consistent. 284 */ 285 assert_int_equal(isc_buffer_usedlength(&target), rdata->length); 286 287 assert_memory_equal(buf, rdata->data, rdata->length); 288 289 /* 290 * Check that one can walk hip rendezvous servers and 291 * https/svcb parameters. 292 */ 293 switch (type) { 294 case dns_rdatatype_hip: { 295 dns_rdata_hip_t *hip = rdata_struct; 296 297 for (result = dns_rdata_hip_first(hip); result == ISC_R_SUCCESS; 298 result = dns_rdata_hip_next(hip)) 299 { 300 dns_name_t name; 301 dns_name_init(&name, NULL); 302 dns_rdata_hip_current(hip, &name); 303 assert_int_not_equal(dns_name_countlabels(&name), 0); 304 assert_true(dns_name_isabsolute(&name)); 305 count++; 306 } 307 assert_int_equal(result, ISC_R_NOMORE); 308 assert_int_equal(count, loop); 309 break; 310 } 311 case dns_rdatatype_https: { 312 dns_rdata_in_https_t *https = rdata_struct; 313 314 for (result = dns_rdata_in_https_first(https); 315 result == ISC_R_SUCCESS; 316 result = dns_rdata_in_https_next(https)) 317 { 318 isc_region_t region; 319 dns_rdata_in_https_current(https, ®ion); 320 assert_true(region.length >= 4); 321 count++; 322 } 323 assert_int_equal(result, ISC_R_NOMORE); 324 assert_int_equal(count, loop); 325 break; 326 } 327 case dns_rdatatype_svcb: { 328 dns_rdata_in_svcb_t *svcb = rdata_struct; 329 330 for (result = dns_rdata_in_svcb_first(svcb); 331 result == ISC_R_SUCCESS; 332 result = dns_rdata_in_svcb_next(svcb)) 333 { 334 isc_region_t region; 335 dns_rdata_in_svcb_current(svcb, ®ion); 336 assert_true(region.length >= 4); 337 count++; 338 } 339 assert_int_equal(result, ISC_R_NOMORE); 340 assert_int_equal(count, loop); 341 break; 342 } 343 } 344 345 isc_mem_free(mctx, rdata_struct); 346 } 347 348 /* 349 * Check whether converting supplied text form RDATA into uncompressed wire 350 * form succeeds (tests fromtext_*()). If so, try converting it back into text 351 * form and see if it results in the original text (tests totext_*()). 352 */ 353 static void 354 check_text_ok_single(const text_ok_t *text_ok, dns_rdataclass_t rdclass, 355 dns_rdatatype_t type, size_t structsize) { 356 unsigned char buf_fromtext[1024], buf_fromwire[1024], buf_towire[1024]; 357 dns_rdata_t rdata = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 358 char buf_totext[1024] = { 0 }; 359 isc_buffer_t target; 360 isc_result_t result; 361 size_t length = 0; 362 363 if (debug) { 364 fprintf(stdout, "#check_text_ok_single(%s)\n", 365 text_ok->text_in); 366 } 367 /* 368 * Try converting text form RDATA into uncompressed wire form. 369 */ 370 result = dns_test_rdatafromstring(&rdata, rdclass, type, buf_fromtext, 371 sizeof(buf_fromtext), 372 text_ok->text_in, false); 373 /* 374 * Check whether result is as expected. 375 */ 376 if (text_ok->text_out != NULL) { 377 if (debug && result != ISC_R_SUCCESS) { 378 fprintf(stdout, "# '%s'\n", text_ok->text_in); 379 fprintf(stdout, "# result=%s\n", 380 isc_result_totext(result)); 381 } 382 assert_int_equal(result, ISC_R_SUCCESS); 383 } else { 384 if (debug && result == ISC_R_SUCCESS) { 385 fprintf(stdout, "#'%s'\n", text_ok->text_in); 386 } 387 assert_int_not_equal(result, ISC_R_SUCCESS); 388 } 389 390 /* 391 * If text form RDATA was not parsed correctly, performing any 392 * additional checks is pointless. 393 */ 394 if (result != ISC_R_SUCCESS) { 395 return; 396 } 397 398 /* 399 * Try converting uncompressed wire form RDATA back into text form and 400 * check whether the resulting text is the same as the original one. 401 */ 402 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 403 result = dns_rdata_totext(&rdata, NULL, &target); 404 detect_uncleared_libcrypto_error(); 405 if (result != ISC_R_SUCCESS && debug) { 406 size_t i; 407 fprintf(stdout, "# dns_rdata_totext -> %s", 408 isc_result_totext(result)); 409 for (i = 0; i < rdata.length; i++) { 410 if ((i % 16) == 0) { 411 fprintf(stdout, "\n#"); 412 } 413 fprintf(stdout, " %02x", rdata.data[i]); 414 } 415 fprintf(stdout, "\n"); 416 } 417 assert_int_equal(result, ISC_R_SUCCESS); 418 /* 419 * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() 420 * may attempt different output formats writing into the apparently 421 * unused part of the buffer. 422 */ 423 isc_buffer_putuint8(&target, 0); 424 if (debug && strcmp(buf_totext, text_ok->text_out) != 0) { 425 fprintf(stdout, "# '%s' != '%s'\n", buf_totext, 426 text_ok->text_out); 427 } 428 assert_string_equal(buf_totext, text_ok->text_out); 429 430 if (debug) { 431 fprintf(stdout, "#dns_rdata_totext -> '%s'\n", buf_totext); 432 } 433 434 /* 435 * Ensure that fromtext_*() output is valid input for fromwire_*(). 436 */ 437 result = wire_to_rdata(rdata.data, rdata.length, rdclass, type, 438 buf_fromwire, sizeof(buf_fromwire), &rdata2); 439 assert_int_equal(result, ISC_R_SUCCESS); 440 assert_int_equal(rdata.length, rdata2.length); 441 assert_memory_equal(rdata.data, buf_fromwire, rdata.length); 442 443 /* 444 * Ensure that fromtext_*() output is valid input for towire_*(). 445 */ 446 result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); 447 assert_int_equal(result, ISC_R_SUCCESS); 448 assert_int_equal(rdata.length, length); 449 assert_memory_equal(rdata.data, buf_towire, length); 450 451 /* 452 * Test that additionaldata_*() succeeded. 453 */ 454 result = rdata_additionadata(&rdata); 455 assert_int_equal(result, ISC_R_SUCCESS); 456 457 /* 458 * Exercise checknames_*(). 459 */ 460 rdata_checknames(&rdata); 461 462 /* 463 * Perform two-way conversion checks between uncompressed wire form and 464 * type-specific struct. 465 */ 466 check_struct_conversions(&rdata, structsize, text_ok->loop); 467 } 468 469 /* 470 * Test whether converting rdata to text form and then parsing the result of 471 * that conversion again results in the same uncompressed wire form. This 472 * checks whether totext_*() output is parsable by fromtext_*() for given RR 473 * class and type. 474 * 475 * This function is called for every input RDATA which is successfully parsed 476 * by check_wire_ok_single() and whose type is not a meta-type. 477 */ 478 static void 479 check_text_conversions(dns_rdata_t *rdata) { 480 char buf_totext[1024] = { 0 }; 481 unsigned char buf_fromtext[1024]; 482 isc_result_t result; 483 isc_buffer_t target; 484 dns_rdata_t rdata2 = DNS_RDATA_INIT; 485 486 /* 487 * Convert uncompressed wire form RDATA into text form. This 488 * conversion must succeed since input RDATA was successfully 489 * parsed by check_wire_ok_single(). 490 */ 491 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 492 result = dns_rdata_totext(rdata, NULL, &target); 493 detect_uncleared_libcrypto_error(); 494 assert_int_equal(result, ISC_R_SUCCESS); 495 /* 496 * Ensure buf_totext is properly NUL terminated as dns_rdata_totext() 497 * may attempt different output formats writing into the apparently 498 * unused part of the buffer. 499 */ 500 isc_buffer_putuint8(&target, 0); 501 if (debug) { 502 fprintf(stdout, "#'%s'\n", buf_totext); 503 } 504 505 /* 506 * Try parsing text form RDATA output by dns_rdata_totext() again. 507 */ 508 result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, 509 buf_fromtext, sizeof(buf_fromtext), 510 buf_totext, false); 511 if (debug && result != ISC_R_SUCCESS) { 512 fprintf(stdout, "# result = %s\n", isc_result_totext(result)); 513 fprintf(stdout, "# '%s'\n", buf_fromtext); 514 } 515 assert_int_equal(result, ISC_R_SUCCESS); 516 assert_int_equal(rdata2.length, rdata->length); 517 assert_memory_equal(buf_fromtext, rdata->data, rdata->length); 518 } 519 520 /* 521 * Test whether converting rdata to multi-line text form and then parsing the 522 * result of that conversion again results in the same uncompressed wire form. 523 * This checks whether multi-line totext_*() output is parsable by fromtext_*() 524 * for given RR class and type. 525 * 526 * This function is called for every input RDATA which is successfully parsed 527 * by check_wire_ok_single() and whose type is not a meta-type. 528 */ 529 static void 530 check_multiline_text_conversions(dns_rdata_t *rdata) { 531 char buf_totext[1024] = { 0 }; 532 unsigned char buf_fromtext[1024]; 533 isc_result_t result; 534 isc_buffer_t target; 535 dns_rdata_t rdata2 = DNS_RDATA_INIT; 536 unsigned int flags; 537 538 /* 539 * Convert uncompressed wire form RDATA into multi-line text form. 540 * This conversion must succeed since input RDATA was successfully 541 * parsed by check_wire_ok_single(). 542 */ 543 isc_buffer_init(&target, buf_totext, sizeof(buf_totext)); 544 flags = dns_master_styleflags(&dns_master_style_default); 545 result = dns_rdata_tofmttext(rdata, dns_rootname, flags, 80 - 32, 4, 546 "\n", &target); 547 detect_uncleared_libcrypto_error(); 548 assert_int_equal(result, ISC_R_SUCCESS); 549 /* 550 * Ensure buf_totext is properly NUL terminated as 551 * dns_rdata_tofmttext() may attempt different output formats 552 * writing into the apparently unused part of the buffer. 553 */ 554 isc_buffer_putuint8(&target, 0); 555 if (debug) { 556 fprintf(stdout, "#'%s'\n", buf_totext); 557 } 558 559 /* 560 * Try parsing multi-line text form RDATA output by 561 * dns_rdata_tofmttext() again. 562 */ 563 result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type, 564 buf_fromtext, sizeof(buf_fromtext), 565 buf_totext, false); 566 assert_int_equal(result, ISC_R_SUCCESS); 567 assert_int_equal(rdata2.length, rdata->length); 568 assert_memory_equal(buf_fromtext, rdata->data, rdata->length); 569 } 570 571 /* 572 * Test whether supplied wire form RDATA is properly handled as being either 573 * valid or invalid for an RR of given rdclass and type. 574 */ 575 static void 576 check_wire_ok_single(const wire_ok_t *wire_ok, dns_rdataclass_t rdclass, 577 dns_rdatatype_t type, size_t structsize) { 578 unsigned char buf[1024], buf_towire[1024]; 579 isc_result_t result; 580 dns_rdata_t rdata = DNS_RDATA_INIT; 581 size_t length = 0; 582 583 /* 584 * Try converting wire data into uncompressed wire form. 585 */ 586 result = wire_to_rdata(wire_ok->data, wire_ok->len, rdclass, type, buf, 587 sizeof(buf), &rdata); 588 /* 589 * Check whether result is as expected. 590 */ 591 if (wire_ok->ok) { 592 assert_int_equal(result, ISC_R_SUCCESS); 593 } else { 594 assert_int_not_equal(result, ISC_R_SUCCESS); 595 } 596 597 if (result != ISC_R_SUCCESS) { 598 return; 599 } 600 601 /* 602 * If data was parsed correctly, perform two-way conversion checks 603 * between uncompressed wire form and type-specific struct. 604 * 605 * If the RR type is not a meta-type, additionally perform two-way 606 * conversion checks between: 607 * 608 * - uncompressed wire form and text form, 609 * - uncompressed wire form and multi-line text form. 610 */ 611 check_struct_conversions(&rdata, structsize, wire_ok->loop); 612 if (!dns_rdatatype_ismeta(rdata.type)) { 613 check_text_conversions(&rdata); 614 check_multiline_text_conversions(&rdata); 615 } 616 617 /* 618 * Ensure that fromwire_*() output is valid input for towire_*(). 619 */ 620 result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length); 621 assert_int_equal(result, ISC_R_SUCCESS); 622 assert_int_equal(rdata.length, length); 623 assert_memory_equal(rdata.data, buf_towire, length); 624 625 /* 626 * Test that additionaldata_*() succeeded. 627 */ 628 result = rdata_additionadata(&rdata); 629 assert_int_equal(result, ISC_R_SUCCESS); 630 631 /* 632 * Exercise checknames_*(). 633 */ 634 rdata_checknames(&rdata); 635 } 636 637 /* 638 * Test fromtext_*() and totext_*() routines for given RR class and type for 639 * each text form RDATA in the supplied array. See the comment for 640 * check_text_ok_single() for an explanation of how exactly these routines are 641 * tested. 642 */ 643 static void 644 check_text_ok(const text_ok_t *text_ok, dns_rdataclass_t rdclass, 645 dns_rdatatype_t type, size_t structsize) { 646 size_t i; 647 648 /* 649 * Check all entries in the supplied array. 650 */ 651 for (i = 0; text_ok[i].text_in != NULL; i++) { 652 check_text_ok_single(&text_ok[i], rdclass, type, structsize); 653 } 654 } 655 656 /* 657 * For each wire form RDATA in the supplied array, check whether it is properly 658 * handled as being either valid or invalid for an RR of given rdclass and 659 * type, then check whether trying to process a zero-length wire data buffer 660 * yields the expected result. This checks whether the fromwire_*() routine 661 * for given RR class and type behaves as expected. 662 */ 663 static void 664 check_wire_ok(const wire_ok_t *wire_ok, bool empty_ok, dns_rdataclass_t rdclass, 665 dns_rdatatype_t type, size_t structsize) { 666 wire_ok_t empty_wire = WIRE_TEST(empty_ok, 0); 667 size_t i; 668 669 /* 670 * Check all entries in the supplied array. 671 */ 672 for (i = 0; wire_ok[i].len != 0; i++) { 673 if (debug) { 674 fprintf(stderr, "calling check_wire_ok_single on %zu\n", 675 i); 676 } 677 check_wire_ok_single(&wire_ok[i], rdclass, type, structsize); 678 } 679 680 /* 681 * Check empty wire data. 682 */ 683 check_wire_ok_single(&empty_wire, rdclass, type, structsize); 684 } 685 686 /* 687 * Check that two records compare as expected with dns_rdata_compare(). 688 */ 689 static void 690 check_compare_ok_single(const compare_ok_t *compare_ok, 691 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 692 dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 693 unsigned char buf1[1024], buf2[1024]; 694 isc_result_t result; 695 int answer; 696 697 result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, 698 sizeof(buf1), compare_ok->text1, 699 false); 700 if (result != ISC_R_SUCCESS) { 701 fail_msg("# line %d: '%s': expected success, got failure", 702 compare_ok->lineno, compare_ok->text1); 703 } 704 705 result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, 706 sizeof(buf2), compare_ok->text2, 707 false); 708 709 if (result != ISC_R_SUCCESS) { 710 fail_msg("# line %d: '%s': expected success, got failure", 711 compare_ok->lineno, compare_ok->text2); 712 } 713 714 answer = dns_rdata_compare(&rdata1, &rdata2); 715 detect_uncleared_libcrypto_error(); 716 if (compare_ok->answer == 0 && answer != 0) { 717 fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " 718 "expected equal, got %s", 719 compare_ok->lineno, compare_ok->text1, 720 compare_ok->text2, 721 (answer > 0) ? "greater than" : "less than"); 722 } 723 if (compare_ok->answer < 0 && answer >= 0) { 724 fail_msg("# line %d: dns_rdata_compare('%s', '%s'): " 725 "expected less than, got %s", 726 compare_ok->lineno, compare_ok->text1, 727 compare_ok->text2, 728 (answer == 0) ? "equal" : "greater than"); 729 } 730 if (compare_ok->answer > 0 && answer <= 0) { 731 fail_msg("line %d: dns_rdata_compare('%s', '%s'): " 732 "expected greater than, got %s", 733 compare_ok->lineno, compare_ok->text1, 734 compare_ok->text2, 735 (answer == 0) ? "equal" : "less than"); 736 } 737 } 738 739 /* 740 * Check that all the records sets in compare_ok compare as expected 741 * with dns_rdata_compare(). 742 */ 743 static void 744 check_compare_ok(const compare_ok_t *compare_ok, dns_rdataclass_t rdclass, 745 dns_rdatatype_t type) { 746 size_t i; 747 /* 748 * Check all entries in the supplied array. 749 */ 750 for (i = 0; compare_ok[i].text1 != NULL; i++) { 751 check_compare_ok_single(&compare_ok[i], rdclass, type); 752 } 753 } 754 755 /* 756 * Test whether supplied sets of text form and/or wire form RDATA are handled 757 * as expected. 758 * 759 * The empty_ok argument denotes whether an attempt to parse a zero-length wire 760 * data buffer should succeed or not (it is valid for some RR types). There is 761 * no point in performing a similar check for empty text form RDATA, because 762 * dns_rdata_fromtext() returns ISC_R_UNEXPECTEDEND before calling fromtext_*() 763 * for the given RR class and type. 764 */ 765 static void 766 check_rdata(const text_ok_t *text_ok, const wire_ok_t *wire_ok, 767 const compare_ok_t *compare_ok, bool empty_ok, 768 dns_rdataclass_t rdclass, dns_rdatatype_t type, size_t structsize) { 769 if (text_ok != NULL) { 770 check_text_ok(text_ok, rdclass, type, structsize); 771 } 772 if (wire_ok != NULL) { 773 check_wire_ok(wire_ok, empty_ok, rdclass, type, structsize); 774 } 775 if (compare_ok != NULL) { 776 check_compare_ok(compare_ok, rdclass, type); 777 } 778 } 779 780 /* 781 * Check presentation vs unknown format of the record. 782 */ 783 static void 784 check_textvsunknown_single(const textvsunknown_t *textvsunknown, 785 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 786 dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT; 787 unsigned char buf1[1024], buf2[1024]; 788 isc_result_t result; 789 790 result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1, 791 sizeof(buf1), textvsunknown->text1, 792 false); 793 if (debug && result != ISC_R_SUCCESS) { 794 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 795 fprintf(stdout, "# result=%s\n", isc_result_totext(result)); 796 } 797 assert_int_equal(result, ISC_R_SUCCESS); 798 result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2, 799 sizeof(buf2), textvsunknown->text2, 800 false); 801 if (debug && result != ISC_R_SUCCESS) { 802 fprintf(stdout, "# '%s'\n", textvsunknown->text2); 803 fprintf(stdout, "# result=%s\n", isc_result_totext(result)); 804 } 805 assert_int_equal(result, ISC_R_SUCCESS); 806 if (debug && rdata1.length != rdata2.length) { 807 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 808 fprintf(stdout, "# rdata1.length (%u) != rdata2.length (%u)\n", 809 rdata1.length, rdata2.length); 810 } 811 assert_int_equal(rdata1.length, rdata2.length); 812 if (debug && memcmp(rdata1.data, rdata2.data, rdata1.length) != 0) { 813 unsigned int i; 814 fprintf(stdout, "# '%s'\n", textvsunknown->text1); 815 for (i = 0; i < rdata1.length; i++) { 816 if (rdata1.data[i] != rdata2.data[i]) { 817 fprintf(stderr, "# %u: %02x != %02x\n", i, 818 rdata1.data[i], rdata2.data[i]); 819 } 820 } 821 } 822 assert_memory_equal(rdata1.data, rdata2.data, rdata1.length); 823 } 824 825 static void 826 check_textvsunknown(const textvsunknown_t *textvsunknown, 827 dns_rdataclass_t rdclass, dns_rdatatype_t type) { 828 size_t i; 829 830 /* 831 * Check all entries in the supplied array. 832 */ 833 for (i = 0; textvsunknown[i].text1 != NULL; i++) { 834 check_textvsunknown_single(&textvsunknown[i], rdclass, type); 835 } 836 } 837 838 /* 839 * Common tests for RR types based on KEY that require key data: 840 * 841 * - CDNSKEY (RFC 7344) 842 * - DNSKEY (RFC 4034) 843 * - RKEY (draft-reid-dnsext-rkey-00) 844 */ 845 static void 846 key_required(void **state, dns_rdatatype_t type, size_t size) { 847 wire_ok_t wire_ok[] = { /* 848 * RDATA must be at least 5 octets in size: 849 * 850 * - 2 octets for Flags, 851 * - 1 octet for Protocol, 852 * - 1 octet for Algorithm, 853 * - Public Key must not be empty. 854 * 855 * RFC 2535 section 3.1.2 allows the Public Key 856 * to be empty if bits 0-1 of Flags are both 857 * set, but that only applies to KEY records: 858 * for the RR types tested here, the Public Key 859 * must not be empty. 860 */ 861 WIRE_INVALID(0x00), 862 WIRE_INVALID(0x00, 0x00), 863 WIRE_INVALID(0x00, 0x00, 0x00), 864 WIRE_INVALID(0xc0, 0x00, 0x00, 0x00), 865 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 866 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 867 WIRE_SENTINEL() 868 }; 869 870 UNUSED(state); 871 872 check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, type, size); 873 } 874 875 /* APL RDATA manipulations */ 876 ISC_RUN_TEST_IMPL(apl) { 877 text_ok_t text_ok[] = { 878 /* empty list */ 879 TEXT_VALID(""), 880 /* min,max prefix IPv4 */ 881 TEXT_VALID("1:0.0.0.0/0"), TEXT_VALID("1:127.0.0.1/32"), 882 /* min,max prefix IPv6 */ 883 TEXT_VALID("2:::/0"), TEXT_VALID("2:::1/128"), 884 /* negated */ 885 TEXT_VALID("!1:0.0.0.0/0"), TEXT_VALID("!1:127.0.0.1/32"), 886 TEXT_VALID("!2:::/0"), TEXT_VALID("!2:::1/128"), 887 /* bits set after prefix length - not disallowed */ 888 TEXT_VALID("1:127.0.0.0/0"), TEXT_VALID("2:8000::/0"), 889 /* multiple */ 890 TEXT_VALID("1:0.0.0.0/0 1:127.0.0.1/32"), 891 TEXT_VALID("1:0.0.0.0/0 !1:127.0.0.1/32"), 892 /* family 0, prefix 0, positive */ 893 TEXT_VALID("\\# 4 00000000"), 894 /* family 0, prefix 0, negative */ 895 TEXT_VALID("\\# 4 00000080"), 896 /* prefix too long */ 897 TEXT_INVALID("1:0.0.0.0/33"), TEXT_INVALID("2:::/129"), 898 /* 899 * Sentinel. 900 */ 901 TEXT_SENTINEL() 902 }; 903 wire_ok_t wire_ok[] = { /* zero length */ 904 WIRE_VALID(), 905 /* prefix too big IPv4 */ 906 WIRE_INVALID(0x00, 0x01, 33U, 0x00), 907 /* prefix too big IPv6 */ 908 WIRE_INVALID(0x00, 0x02, 129U, 0x00), 909 /* trailing zero octet in afdpart */ 910 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), 911 /* 912 * Sentinel. 913 */ 914 WIRE_SENTINEL() 915 }; 916 917 check_rdata(text_ok, wire_ok, NULL, true, dns_rdataclass_in, 918 dns_rdatatype_apl, sizeof(dns_rdata_in_apl_t)); 919 } 920 921 /* 922 * http://broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf 923 * 924 * ATMA RRs have the following RDATA format: 925 * 926 * 1 1 1 1 1 1 927 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 928 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 929 * | FORMAT | | 930 * +--+--+--+--+--+--+--+--+ | 931 * / ADDRESS / 932 * | | 933 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 934 * 935 * The fields have the following meaning: 936 * 937 * * FORMAT: One octet that indicates the format of ADDRESS. The two 938 * possible values for FORMAT are value 0 indicating ATM End System Address 939 * (AESA) format and value 1 indicating E.164 format. 940 * 941 * * ADDRESS: Variable length string of octets containing the ATM address of 942 * the node to which this RR pertains. 943 * 944 * When the format value is 0, indicating that the address is in AESA format, 945 * the address is coded as described in ISO 8348/AD 2 using the preferred 946 * binary encoding of the ISO NSAP format. When the format value is 1, 947 * indicating that the address is in E.164 format, the Address/Number Digits 948 * appear in the order in which they would be entered on a numeric keypad. 949 * Digits are coded in IA5 characters with the leftmost bit of each digit set 950 * to 0. This ATM address appears in ATM End System Address Octets field (AESA 951 * format) or the Address/Number Digits field (E.164 format) of the Called 952 * party number information element [ATMUNI3.1]. Subaddress information is 953 * intentionally not included because E.164 subaddress information is used for 954 * routing. 955 * 956 * ATMA RRs cause no additional section processing. 957 */ 958 ISC_RUN_TEST_IMPL(atma) { 959 text_ok_t text_ok[] = { TEXT_VALID("00"), 960 TEXT_VALID_CHANGED("0.0", "00"), 961 /* 962 * multiple consecutive periods 963 */ 964 TEXT_INVALID("0..0"), 965 /* 966 * trailing period 967 */ 968 TEXT_INVALID("00."), 969 /* 970 * leading period 971 */ 972 TEXT_INVALID(".00"), 973 /* 974 * Not full octets. 975 */ 976 TEXT_INVALID("000"), 977 /* 978 * E.164 979 */ 980 TEXT_VALID("+61200000000"), 981 /* 982 * E.164 with periods 983 */ 984 TEXT_VALID_CHANGED("+61.2.0000.0000", "+6120000" 985 "0000"), 986 /* 987 * E.164 with period at end 988 */ 989 TEXT_INVALID("+61200000000."), 990 /* 991 * E.164 with multiple consecutive periods 992 */ 993 TEXT_INVALID("+612..00000000"), 994 /* 995 * E.164 with period before the leading digit. 996 */ 997 TEXT_INVALID("+.61200000000"), 998 /* 999 * Sentinel. 1000 */ 1001 TEXT_SENTINEL() }; 1002 wire_ok_t wire_ok[] = { 1003 /* 1004 * Too short. 1005 */ 1006 WIRE_INVALID(0x00), WIRE_INVALID(0x01), 1007 /* 1008 * all digits 1009 */ 1010 WIRE_VALID(0x01, '6', '1', '2', '0', '0', '0'), 1011 /* 1012 * non digit 1013 */ 1014 WIRE_INVALID(0x01, '+', '6', '1', '2', '0', '0', '0'), 1015 /* 1016 * Sentinel. 1017 */ 1018 WIRE_SENTINEL() 1019 }; 1020 1021 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1022 dns_rdatatype_atma, sizeof(dns_rdata_in_atma_t)); 1023 } 1024 1025 /* AMTRELAY RDATA manipulations */ 1026 ISC_RUN_TEST_IMPL(amtrelay) { 1027 text_ok_t text_ok[] = { 1028 TEXT_INVALID(""), TEXT_INVALID("0"), TEXT_INVALID("0 0"), 1029 /* gateway type 0 */ 1030 TEXT_VALID("0 0 0"), TEXT_VALID("0 1 0"), 1031 TEXT_INVALID("0 2 0"), /* discovery out of range */ 1032 TEXT_VALID("255 1 0"), /* max precedence */ 1033 TEXT_INVALID("256 1 0"), /* precedence out of range */ 1034 1035 /* IPv4 gateway */ 1036 TEXT_INVALID("0 0 1"), /* no address */ 1037 TEXT_VALID("0 0 1 0.0.0.0"), 1038 TEXT_INVALID("0 0 1 0.0.0.0 x"), /* extra */ 1039 TEXT_INVALID("0 0 1 0.0.0.0.0"), /* bad address */ 1040 TEXT_INVALID("0 0 1 ::"), /* bad address */ 1041 TEXT_INVALID("0 0 1 ."), /* bad address */ 1042 1043 /* IPv6 gateway */ 1044 TEXT_INVALID("0 0 2"), /* no address */ 1045 TEXT_VALID("0 0 2 ::"), TEXT_INVALID("0 0 2 :: xx"), /* extra */ 1046 TEXT_INVALID("0 0 2 0.0.0.0"), /* bad address */ 1047 TEXT_INVALID("0 0 2 ."), /* bad address */ 1048 1049 /* hostname gateway */ 1050 TEXT_INVALID("0 0 3"), /* no name */ 1051 /* IPv4 is a valid name */ 1052 TEXT_VALID_CHANGED("0 0 3 0.0.0.0", "0 0 3 0.0.0.0."), 1053 /* IPv6 is a valid name */ 1054 TEXT_VALID_CHANGED("0 0 3 ::", "0 0 3 ::."), 1055 TEXT_VALID_CHANGED("0 0 3 example", "0 0 3 example."), 1056 TEXT_VALID("0 0 3 example."), 1057 TEXT_INVALID("0 0 3 example. x"), /* extra */ 1058 1059 /* unknown gateway */ 1060 TEXT_VALID("\\# 2 0004"), TEXT_VALID("\\# 2 0084"), 1061 TEXT_VALID("\\# 2 007F"), TEXT_VALID("\\# 3 000400"), 1062 TEXT_VALID("\\# 3 008400"), TEXT_VALID("\\# 3 00FF00"), 1063 1064 /* 1065 * Sentinel. 1066 */ 1067 TEXT_SENTINEL() 1068 }; 1069 wire_ok_t wire_ok[] = { 1070 WIRE_INVALID(0x00), WIRE_VALID(0x00, 0x00), 1071 WIRE_VALID(0x00, 0x80), WIRE_INVALID(0x00, 0x00, 0x00), 1072 WIRE_INVALID(0x00, 0x80, 0x00), 1073 1074 WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), 1075 WIRE_INVALID(0x00, 0x01, 0x00, 0x00), 1076 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), 1077 WIRE_VALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00), 1078 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), 1079 1080 WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), 1081 WIRE_VALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 1082 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 1083 0x15), 1084 WIRE_INVALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 1085 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 1086 0x14, 0x15, 0x16), 1087 1088 WIRE_INVALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), 1089 WIRE_INVALID(0x00, 0x03, 0x00, 0x00), /* extra */ 1090 1091 WIRE_VALID(0x00, 0x04), WIRE_VALID(0x00, 0x04, 0x00), 1092 /* 1093 * Sentinel. 1094 */ 1095 WIRE_SENTINEL() 1096 }; 1097 1098 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1099 dns_rdatatype_amtrelay, sizeof(dns_rdata_amtrelay_t)); 1100 } 1101 1102 ISC_RUN_TEST_IMPL(cdnskey) { 1103 key_required(state, dns_rdatatype_cdnskey, sizeof(dns_rdata_cdnskey_t)); 1104 } 1105 1106 /* 1107 * CSYNC tests. 1108 * 1109 * RFC 7477: 1110 * 1111 * 2.1. The CSYNC Resource Record Format 1112 * 1113 * 2.1.1. The CSYNC Resource Record Wire Format 1114 * 1115 * The CSYNC RDATA consists of the following fields: 1116 * 1117 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1118 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1119 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1120 * | SOA Serial | 1121 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1122 * | Flags | Type Bit Map / 1123 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1124 * / Type Bit Map (continued) / 1125 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1126 * 1127 * 2.1.1.1. The SOA Serial Field 1128 * 1129 * The SOA Serial field contains a copy of the 32-bit SOA serial number 1130 * from the child zone. If the soaminimum flag is set, parental agents 1131 * querying children's authoritative servers MUST NOT act on data from 1132 * zones advertising an SOA serial number less than this value. See 1133 * [RFC1982] for properly implementing "less than" logic. If the 1134 * soaminimum flag is not set, parental agents MUST ignore the value in 1135 * the SOA Serial field. Clients can set the field to any value if the 1136 * soaminimum flag is unset, such as the number zero. 1137 * 1138 * (...) 1139 * 1140 * 2.1.1.2. The Flags Field 1141 * 1142 * The Flags field contains 16 bits of boolean flags that define 1143 * operations that affect the processing of the CSYNC record. The flags 1144 * defined in this document are as follows: 1145 * 1146 * 0x00 0x01: "immediate" 1147 * 1148 * 0x00 0x02: "soaminimum" 1149 * 1150 * The definitions for how the flags are to be used can be found in 1151 * Section 3. 1152 * 1153 * The remaining flags are reserved for use by future specifications. 1154 * Undefined flags MUST be set to 0 by CSYNC publishers. Parental 1155 * agents MUST NOT process a CSYNC record if it contains a 1 value for a 1156 * flag that is unknown to or unsupported by the parental agent. 1157 * 1158 * 2.1.1.2.1. The Type Bit Map Field 1159 * 1160 * The Type Bit Map field indicates the record types to be processed by 1161 * the parental agent, according to the procedures in Section 3. The 1162 * Type Bit Map field is encoded in the same way as the Type Bit Map 1163 * field of the NSEC record, described in [RFC4034], Section 4.1.2. If 1164 * a bit has been set that a parental agent implementation does not 1165 * understand, the parental agent MUST NOT act upon the record. 1166 * Specifically, a parental agent must not simply copy the data, and it 1167 * must understand the semantics associated with a bit in the Type Bit 1168 * Map field that has been set to 1. 1169 */ 1170 ISC_RUN_TEST_IMPL(csync) { 1171 text_ok_t text_ok[] = { TEXT_INVALID(""), 1172 TEXT_INVALID("0"), 1173 TEXT_VALID("0 0"), 1174 TEXT_VALID("0 0 A"), 1175 TEXT_VALID("0 0 NS"), 1176 TEXT_VALID("0 0 AAAA"), 1177 TEXT_VALID("0 0 A AAAA"), 1178 TEXT_VALID("0 0 A NS AAAA"), 1179 TEXT_INVALID("0 0 A NS AAAA BOGUS"), 1180 TEXT_SENTINEL() }; 1181 wire_ok_t wire_ok[] = { 1182 /* 1183 * Short. 1184 */ 1185 WIRE_INVALID(0x00), 1186 /* 1187 * Short. 1188 */ 1189 WIRE_INVALID(0x00, 0x00), 1190 /* 1191 * Short. 1192 */ 1193 WIRE_INVALID(0x00, 0x00, 0x00), 1194 /* 1195 * Short. 1196 */ 1197 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 1198 /* 1199 * Short. 1200 */ 1201 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), 1202 /* 1203 * Serial + flags only. 1204 */ 1205 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1206 /* 1207 * Bad type map. 1208 */ 1209 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1210 /* 1211 * Bad type map. 1212 */ 1213 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1214 /* 1215 * Good type map. 1216 */ 1217 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 1218 0x02), 1219 /* 1220 * Sentinel. 1221 */ 1222 WIRE_SENTINEL() 1223 }; 1224 1225 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1226 dns_rdatatype_csync, sizeof(dns_rdata_csync_t)); 1227 } 1228 1229 ISC_RUN_TEST_IMPL(dnskey) { 1230 key_required(state, dns_rdatatype_dnskey, sizeof(dns_rdata_dnskey_t)); 1231 } 1232 1233 /* 1234 * DOA tests. 1235 * 1236 * draft-durand-doa-over-dns-03: 1237 * 1238 * 3.2. DOA RDATA Wire Format 1239 * 1240 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1241 * 0: | | 1242 * | DOA-ENTERPRISE | 1243 * | | 1244 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1245 * 4: | | 1246 * | DOA-TYPE | 1247 * | | 1248 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1249 * 8: | DOA-LOCATION | DOA-MEDIA-TYPE / 1250 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1251 * 10: / / 1252 * / DOA-MEDIA-TYPE (continued) / 1253 * / / 1254 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1255 * / / 1256 * / DOA-DATA / 1257 * / / 1258 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1259 * 1260 * DOA-ENTERPRISE: a 32-bit unsigned integer in network order. 1261 * 1262 * DOA-TYPE: a 32-bit unsigned integer in network order. 1263 * 1264 * DOA-LOCATION: an 8-bit unsigned integer. 1265 * 1266 * DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]). The first 1267 * octet of the <character-string> contains the number of characters to 1268 * follow. 1269 * 1270 * DOA-DATA: A variable length blob of binary data. The length of the 1271 * DOA-DATA is not contained within the wire format of the RR and has to 1272 * be computed from the RDLENGTH of the entire RR once other fields have 1273 * been taken into account. 1274 * 1275 * 3.3. DOA RDATA Presentation Format 1276 * 1277 * The DOA-ENTERPRISE field is presented as an unsigned 32-bit decimal 1278 * integer with range 0 - 4,294,967,295. 1279 * 1280 * The DOA-TYPE field is presented as an unsigned 32-bit decimal integer 1281 * with range 0 - 4,294,967,295. 1282 * 1283 * The DOA-LOCATION field is presented as an unsigned 8-bit decimal 1284 * integer with range 0 - 255. 1285 * 1286 * The DOA-MEDIA-TYPE field is presented as a single <character-string>. 1287 * 1288 * The DOA-DATA is presented as Base64 encoded data [RFC4648] unless the 1289 * DOA-DATA is empty in which case it is presented as a single dash 1290 * character ("-", ASCII 45). White space is permitted within Base64 1291 * data. 1292 */ 1293 ISC_RUN_TEST_IMPL(doa) { 1294 text_ok_t text_ok[] = { 1295 /* 1296 * Valid, non-empty DOA-DATA. 1297 */ 1298 TEXT_VALID("0 0 1 \"text/plain\" Zm9v"), 1299 /* 1300 * Valid, non-empty DOA-DATA with whitespace in between. 1301 */ 1302 TEXT_VALID_CHANGED("0 0 1 \"text/plain\" Zm 9v", "0 0 1 " 1303 "\"text/" 1304 "plain\" " 1305 "Zm9v"), 1306 /* 1307 * Valid, unquoted DOA-MEDIA-TYPE, non-empty DOA-DATA. 1308 */ 1309 TEXT_VALID_CHANGED("0 0 1 text/plain Zm9v", "0 0 1 " 1310 "\"text/plain\" " 1311 "Zm9v"), 1312 /* 1313 * Invalid, quoted non-empty DOA-DATA. 1314 */ 1315 TEXT_INVALID("0 0 1 \"text/plain\" \"Zm9v\""), 1316 /* 1317 * Valid, empty DOA-DATA. 1318 */ 1319 TEXT_VALID("0 0 1 \"text/plain\" -"), 1320 /* 1321 * Invalid, quoted empty DOA-DATA. 1322 */ 1323 TEXT_INVALID("0 0 1 \"text/plain\" \"-\""), 1324 /* 1325 * Invalid, missing "-" in empty DOA-DATA. 1326 */ 1327 TEXT_INVALID("0 0 1 \"text/plain\""), 1328 /* 1329 * Valid, undefined DOA-LOCATION. 1330 */ 1331 TEXT_VALID("0 0 100 \"text/plain\" Zm9v"), 1332 /* 1333 * Invalid, DOA-LOCATION too big. 1334 */ 1335 TEXT_INVALID("0 0 256 \"text/plain\" ZM9v"), 1336 /* 1337 * Valid, empty DOA-MEDIA-TYPE, non-empty DOA-DATA. 1338 */ 1339 TEXT_VALID("0 0 2 \"\" aHR0cHM6Ly93d3cuaXNjLm9yZy8="), 1340 /* 1341 * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. 1342 */ 1343 TEXT_VALID("0 0 1 \"\" -"), 1344 /* 1345 * Valid, DOA-MEDIA-TYPE with a space. 1346 */ 1347 TEXT_VALID("0 0 1 \"plain text\" Zm9v"), 1348 /* 1349 * Invalid, missing DOA-MEDIA-TYPE. 1350 */ 1351 TEXT_INVALID("1234567890 1234567890 1"), 1352 /* 1353 * Valid, DOA-DATA over 255 octets. 1354 */ 1355 TEXT_VALID("1234567890 1234567890 1 \"image/gif\" " 1356 "R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM" 1357 "/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAA" 1358 "AAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c" 1359 "3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS" 1360 "1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeF" 1361 "AgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9" 1362 "pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1" 1363 "SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7"), 1364 /* 1365 * Invalid, bad Base64 in DOA-DATA. 1366 */ 1367 TEXT_INVALID("1234567890 1234567890 1 \"image/gif\" R0lGODl"), 1368 /* 1369 * Sentinel. 1370 */ 1371 TEXT_SENTINEL() 1372 }; 1373 wire_ok_t wire_ok[] = { 1374 /* 1375 * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA. 1376 */ 1377 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1378 0x00), 1379 /* 1380 * Invalid, missing DOA-MEDIA-TYPE. 1381 */ 1382 WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 1383 0x01), 1384 /* 1385 * Invalid, malformed DOA-MEDIA-TYPE length. 1386 */ 1387 WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 1388 0x01, 0xff), 1389 /* 1390 * Valid, empty DOA-DATA. 1391 */ 1392 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1393 0x03, 0x66, 0x6f, 0x6f), 1394 /* 1395 * Valid, non-empty DOA-DATA. 1396 */ 1397 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1398 0x03, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72), 1399 /* 1400 * Valid, DOA-DATA over 255 octets. 1401 */ 1402 WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01, 1403 0x06, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x00, 0x66, 1404 0x99, 0xff, 0xff, 0xff, 0x33, 0x99, 0xcc, 0xcc, 0xff, 1405 0xff, 0x99, 0xcc, 0xff, 0x33, 0x66, 0x99, 0x66, 0xcc, 1406 0xff, 0x99, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x99, 1407 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 1408 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xf9, 1409 0x04, 0x01, 0x0a, 0x00, 0x0f, 0x00, 0x2c, 0x00, 0x00, 1410 0x00, 0x00, 0x28, 0x00, 0x19, 0x00, 0x00, 0x04, 0xc7, 1411 0xf0, 0x81, 0x49, 0x2b, 0x95, 0x36, 0x6b, 0x8d, 0xf7, 1412 0xec, 0x5e, 0x68, 0x81, 0x19, 0x29, 0x9e, 0x80, 0x89, 1413 0xae, 0x5c, 0xbb, 0x3e, 0xb0, 0x8a, 0xca, 0x1f, 0x1c, 1414 0xdc, 0x78, 0x00, 0x87, 0x34, 0xf7, 0xe4, 0xc0, 0xdb, 1415 0x6e, 0xd3, 0xbb, 0xfc, 0x82, 0x48, 0x1d, 0xb1, 0xa2, 1416 0x3a, 0x26, 0x93, 0xc5, 0x54, 0xe9, 0x49, 0x55, 0x96, 1417 0x2e, 0xa3, 0x6a, 0xd5, 0x45, 0x72, 0x6a, 0x93, 0x52, 1418 0xd7, 0x07, 0x77, 0x38, 0x0c, 0x6e, 0x83, 0x42, 0xe1, 1419 0x9c, 0x2b, 0x9b, 0x71, 0x58, 0x6c, 0xc7, 0x2b, 0x10, 1420 0x9c, 0xeb, 0x78, 0x01, 0x3a, 0x6f, 0xbf, 0x31, 0xe5, 1421 0x17, 0x39, 0x75, 0x03, 0x03, 0x83, 0x85, 0x67, 0x85, 1422 0x02, 0x04, 0x69, 0x7a, 0x7e, 0x7f, 0x52, 0x18, 0x5e, 1423 0x01, 0x83, 0x05, 0x75, 0x40, 0x78, 0x48, 0x57, 0x29, 1424 0x18, 0x41, 0x86, 0x75, 0x07, 0x82, 0x02, 0xa0, 0x41, 1425 0x2d, 0x3b, 0x92, 0x93, 0x7d, 0x04, 0x79, 0x77, 0x7d, 1426 0xa4, 0x4b, 0x00, 0x6c, 0xa1, 0xb1, 0x8c, 0x7a, 0x83, 1427 0x48, 0x4d, 0x12, 0xa7, 0xa8, 0xb1, 0x37, 0x83, 0x75, 1428 0x04, 0x99, 0x9b, 0x73, 0xb9, 0x48, 0x86, 0x6b, 0x01, 1429 0x89, 0xc8, 0x75, 0x6b, 0x03, 0xc0, 0x8e, 0x46, 0x35, 1430 0x49, 0x94, 0x7c, 0x6c, 0x95, 0xab, 0xcf, 0x7f, 0x36, 1431 0x48, 0x6a, 0x88, 0x05, 0x04, 0x05, 0x41, 0xde, 0x08, 1432 0xb1, 0x44, 0xda, 0x5f, 0xe7, 0x1e, 0xba, 0xe7, 0x4f, 1433 0x11, 0x00, 0x3b), 1434 /* 1435 * Sentinel. 1436 */ 1437 WIRE_SENTINEL() 1438 }; 1439 1440 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1441 dns_rdatatype_doa, sizeof(dns_rdata_doa_t)); 1442 } 1443 1444 /* 1445 * DS tests. 1446 * 1447 * RFC 4034: 1448 * 1449 * 5.1. DS RDATA Wire Format 1450 * 1451 * The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet 1452 * Algorithm field, a 1 octet Digest Type field, and a Digest field. 1453 * 1454 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 1455 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 1456 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1457 * | Key Tag | Algorithm | Digest Type | 1458 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1459 * / / 1460 * / Digest / 1461 * / / 1462 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 1463 * 1464 * 5.1.1. The Key Tag Field 1465 * 1466 * The Key Tag field lists the key tag of the DNSKEY RR referred to by 1467 * the DS record, in network byte order. 1468 * 1469 * The Key Tag used by the DS RR is identical to the Key Tag used by 1470 * RRSIG RRs. Appendix B describes how to compute a Key Tag. 1471 * 1472 * 5.1.2. The Algorithm Field 1473 * 1474 * The Algorithm field lists the algorithm number of the DNSKEY RR 1475 * referred to by the DS record. 1476 * 1477 * The algorithm number used by the DS RR is identical to the algorithm 1478 * number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the 1479 * algorithm number types. 1480 * 1481 * 5.1.3. The Digest Type Field 1482 * 1483 * The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY 1484 * RR. The Digest Type field identifies the algorithm used to construct 1485 * the digest. Appendix A.2 lists the possible digest algorithm types. 1486 * 1487 * 5.1.4. The Digest Field 1488 * 1489 * The DS record refers to a DNSKEY RR by including a digest of that 1490 * DNSKEY RR. 1491 * 1492 * The digest is calculated by concatenating the canonical form of the 1493 * fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA, 1494 * and then applying the digest algorithm. 1495 * 1496 * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA); 1497 * 1498 * "|" denotes concatenation 1499 * 1500 * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. 1501 * 1502 * The size of the digest may vary depending on the digest algorithm and 1503 * DNSKEY RR size. As of the time of this writing, the only defined 1504 * digest algorithm is SHA-1, which produces a 20 octet digest. 1505 */ 1506 ISC_RUN_TEST_IMPL(ds) { 1507 text_ok_t text_ok[] = { 1508 /* 1509 * Invalid, empty record. 1510 */ 1511 TEXT_INVALID(""), 1512 /* 1513 * Invalid, no algorithm. 1514 */ 1515 TEXT_INVALID("0"), 1516 /* 1517 * Invalid, no digest type. 1518 */ 1519 TEXT_INVALID("0 0"), 1520 /* 1521 * Invalid, no digest. 1522 */ 1523 TEXT_INVALID("0 0 0"), 1524 /* 1525 * Valid, 1-octet digest for a reserved digest type. 1526 */ 1527 TEXT_VALID("0 0 0 00"), 1528 /* 1529 * Invalid, short SHA-1 digest. 1530 */ 1531 TEXT_INVALID("0 0 1 00"), 1532 TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B"), 1533 /* 1534 * Valid, 20-octet SHA-1 digest. 1535 */ 1536 TEXT_VALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B6A"), 1537 /* 1538 * Invalid, excessively long SHA-1 digest. 1539 */ 1540 TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B" 1541 "6A00"), 1542 /* 1543 * Invalid, short SHA-256 digest. 1544 */ 1545 TEXT_INVALID("0 0 2 00"), 1546 TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" 1547 "9BD59C5F237D9BF85434C313"), 1548 /* 1549 * Valid, 32-octet SHA-256 digest. 1550 */ 1551 TEXT_VALID_CHANGED("0 0 2 " 1552 "D001BD422FFDA9B745425B71DC17D007E691869B" 1553 "D59C5F237D9BF85434C3133F", 1554 "0 0 2 " 1555 "D001BD422FFDA9B745425B71DC17D007E691869B" 1556 "D59C5F237D9BF854 34C3133F"), 1557 /* 1558 * Invalid, excessively long SHA-256 digest. 1559 */ 1560 TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186" 1561 "9BD59C5F237D9BF85434C3133F00"), 1562 /* 1563 * Valid, GOST is no longer supported, hence no length checks. 1564 */ 1565 TEXT_VALID("0 0 3 00"), 1566 /* 1567 * Invalid, short SHA-384 digest. 1568 */ 1569 TEXT_INVALID("0 0 4 00"), 1570 TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" 1571 "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" 1572 "A37A699F65E5"), 1573 /* 1574 * Valid, 48-octet SHA-384 digest. 1575 */ 1576 TEXT_VALID_CHANGED("0 0 4 " 1577 "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" 1578 "12128D238BEBB4814B648F5A841E15CAA2DE348891A" 1579 "37A" 1580 "699F65E54D", 1581 "0 0 4 " 1582 "AC748D6C5AA652904A8763D64B7DFFFFA98152BE" 1583 "12128D238BEBB481 " 1584 "4B648F5A841E15CAA2DE348891A37A" 1585 "699F65E54D"), 1586 /* 1587 * Invalid, excessively long SHA-384 digest. 1588 */ 1589 TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152" 1590 "BE12128D238BEBB4814B648F5A841E15CAA2DE348891" 1591 "A37A699F65E54D00"), 1592 /* 1593 * Valid, 1-octet digest for an unassigned digest type. 1594 */ 1595 TEXT_VALID("0 0 5 00"), 1596 /* 1597 * Sentinel. 1598 */ 1599 TEXT_SENTINEL() 1600 }; 1601 wire_ok_t wire_ok[] = { 1602 /* 1603 * Invalid, truncated key tag. 1604 */ 1605 WIRE_INVALID(0x00), 1606 /* 1607 * Invalid, no algorithm. 1608 */ 1609 WIRE_INVALID(0x00, 0x00), 1610 /* 1611 * Invalid, no digest type. 1612 */ 1613 WIRE_INVALID(0x00, 0x00, 0x00), 1614 /* 1615 * Invalid, no digest. 1616 */ 1617 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 1618 /* 1619 * Valid, 1-octet digest for a reserved digest type. 1620 */ 1621 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 1622 /* 1623 * Invalid, short SHA-1 digest. 1624 */ 1625 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00), 1626 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 1627 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 1628 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B), 1629 /* 1630 * Valid, 20-octet SHA-1 digest. 1631 */ 1632 WIRE_VALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 0x16, 1633 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 0x68, 0xF8, 1634 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A), 1635 /* 1636 * Invalid, excessively long SHA-1 digest. 1637 */ 1638 WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 1639 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 1640 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A, 1641 0x00), 1642 /* 1643 * Invalid, short SHA-256 digest. 1644 */ 1645 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0x00), 1646 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 1647 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 1648 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 1649 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, 1650 0x34, 0xC3, 0x13), 1651 /* 1652 * Valid, 32-octet SHA-256 digest. 1653 */ 1654 WIRE_VALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 0x2F, 1655 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 0xDC, 0x17, 1656 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 0xD5, 0x9C, 0x5F, 1657 0x23, 0x7D, 0x9B, 0xF8, 0x54, 0x34, 0xC3, 0x13, 1658 0x3F), 1659 /* 1660 * Invalid, excessively long SHA-256 digest. 1661 */ 1662 WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 1663 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 1664 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 1665 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54, 1666 0x34, 0xC3, 0x13, 0x3F, 0x00), 1667 /* 1668 * Valid, GOST is no longer supported, hence no length checks. 1669 */ 1670 WIRE_VALID(0x00, 0x00, 0x00, 0x03, 0x00), 1671 /* 1672 * Invalid, short SHA-384 digest. 1673 */ 1674 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0x00), 1675 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 1676 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 1677 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 1678 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, 1679 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, 1680 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, 1681 0x9F, 0x65, 0xE5), 1682 /* 1683 * Valid, 48-octet SHA-384 digest. 1684 */ 1685 WIRE_VALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 0x5A, 1686 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 0x4B, 0x7D, 1687 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 0x12, 0x12, 0x8D, 1688 0x23, 0x8B, 0xEB, 0xB4, 0x81, 0x4B, 0x64, 0x8F, 0x5A, 1689 0x84, 0x1E, 0x15, 0xCA, 0xA2, 0xDE, 0x34, 0x88, 0x91, 1690 0xA3, 0x7A, 0x69, 0x9F, 0x65, 0xE5, 0x4D), 1691 /* 1692 * Invalid, excessively long SHA-384 digest. 1693 */ 1694 WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 1695 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 1696 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 1697 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81, 1698 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA, 1699 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69, 1700 0x9F, 0x65, 0xE5, 0x4D, 0x00), 1701 WIRE_VALID(0x00, 0x00, 0x04, 0x00, 0x00), 1702 /* 1703 * Sentinel. 1704 */ 1705 WIRE_SENTINEL() 1706 }; 1707 1708 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1709 dns_rdatatype_ds, sizeof(dns_rdata_ds_t)); 1710 } 1711 1712 /* 1713 * EDNS Client Subnet tests. 1714 * 1715 * RFC 7871: 1716 * 1717 * 6. Option Format 1718 * 1719 * This protocol uses an EDNS0 [RFC6891] option to include client 1720 * address information in DNS messages. The option is structured as 1721 * follows: 1722 * 1723 * +0 (MSB) +1 (LSB) 1724 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1725 * 0: | OPTION-CODE | 1726 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1727 * 2: | OPTION-LENGTH | 1728 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1729 * 4: | FAMILY | 1730 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1731 * 6: | SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH | 1732 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1733 * 8: | ADDRESS... / 1734 * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+ 1735 * 1736 * o (Defined in [RFC6891]) OPTION-CODE, 2 octets, for ECS is 8 (0x00 1737 * 0x08). 1738 * 1739 * o (Defined in [RFC6891]) OPTION-LENGTH, 2 octets, contains the 1740 * length of the payload (everything after OPTION-LENGTH) in octets. 1741 * 1742 * o FAMILY, 2 octets, indicates the family of the address contained in 1743 * the option, using address family codes as assigned by IANA in 1744 * Address Family Numbers [Address_Family_Numbers]. 1745 * 1746 * The format of the address part depends on the value of FAMILY. This 1747 * document only defines the format for FAMILY 1 (IPv4) and FAMILY 2 1748 * (IPv6), which are as follows: 1749 * 1750 * o SOURCE PREFIX-LENGTH, an unsigned octet representing the leftmost 1751 * number of significant bits of ADDRESS to be used for the lookup. 1752 * In responses, it mirrors the same value as in the queries. 1753 * 1754 * o SCOPE PREFIX-LENGTH, an unsigned octet representing the leftmost 1755 * number of significant bits of ADDRESS that the response covers. 1756 * In queries, it MUST be set to 0. 1757 * 1758 * o ADDRESS, variable number of octets, contains either an IPv4 or 1759 * IPv6 address, depending on FAMILY, which MUST be truncated to the 1760 * number of bits indicated by the SOURCE PREFIX-LENGTH field, 1761 * padding with 0 bits to pad to the end of the last octet needed. 1762 * 1763 * o A server receiving an ECS option that uses either too few or too 1764 * many ADDRESS octets, or that has non-zero ADDRESS bits set beyond 1765 * SOURCE PREFIX-LENGTH, SHOULD return FORMERR to reject the packet, 1766 * as a signal to the software developer making the request to fix 1767 * their implementation. 1768 * 1769 * All fields are in network byte order ("big-endian", per [RFC1700], 1770 * Data Notation). 1771 */ 1772 ISC_RUN_TEST_IMPL(edns_client_subnet) { 1773 wire_ok_t wire_ok[] = { 1774 /* 1775 * Option code with no content. 1776 */ 1777 WIRE_INVALID(0x00, 0x08, 0x00, 0x00), 1778 /* 1779 * Option code family 0, source 0, scope 0. 1780 */ 1781 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00), 1782 /* 1783 * Option code family 1 (IPv4), source 0, scope 0. 1784 */ 1785 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00), 1786 /* 1787 * Option code family 2 (IPv6) , source 0, scope 0. 1788 */ 1789 WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00), 1790 /* 1791 * Extra octet. 1792 */ 1793 WIRE_INVALID(0x00, 0x08, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 1794 0x00), 1795 /* 1796 * Source too long for IPv4. 1797 */ 1798 WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 33, 0x00, 0x00, 1799 0x00, 0x00, 0x00), 1800 /* 1801 * Source too long for IPv6. 1802 */ 1803 WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 129, 0x00, 0x00, 1804 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1805 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1806 /* 1807 * Scope too long for IPv4. 1808 */ 1809 WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 0x00, 33, 0x00, 1810 0x00, 0x00, 0x00), 1811 /* 1812 * Scope too long for IPv6. 1813 */ 1814 WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 0x00, 129, 0x00, 1815 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1816 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1817 /* 1818 * When family=0, source and scope should be 0. 1819 */ 1820 WIRE_VALID(0x00, 0x08, 0x00, 4, 0x00, 0x00, 0x00, 0x00), 1821 /* 1822 * When family=0, source and scope should be 0. 1823 */ 1824 WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x01, 0x00, 0x00), 1825 /* 1826 * When family=0, source and scope should be 0. 1827 */ 1828 WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x00, 0x01, 0x00), 1829 /* 1830 * Length too short for source IPv4. 1831 */ 1832 WIRE_INVALID(0x00, 0x08, 0x00, 7, 0x00, 0x01, 32, 0x00, 0x00, 1833 0x00, 0x00), 1834 /* 1835 * Length too short for source IPv6. 1836 */ 1837 WIRE_INVALID(0x00, 0x08, 0x00, 19, 0x00, 0x02, 128, 0x00, 0x00, 1838 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1839 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 1840 /* 1841 * Sentinel. 1842 */ 1843 WIRE_SENTINEL() 1844 }; 1845 1846 check_rdata(NULL, wire_ok, NULL, true, dns_rdataclass_in, 1847 dns_rdatatype_opt, sizeof(dns_rdata_opt_t)); 1848 } 1849 1850 /* 1851 * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt 1852 * 1853 * The RDATA portion of both the NIMLOC and EID records contains 1854 * uninterpreted binary data. The representation in the text master file 1855 * is an even number of hex characters (0 to 9, a to f), case is not 1856 * significant. For readability, whitespace may be included in the value 1857 * field and should be ignored when reading a master file. 1858 */ 1859 ISC_RUN_TEST_IMPL(eid) { 1860 text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), 1861 TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), 1862 TEXT_INVALID("aab"), 1863 /* 1864 * Sentinel. 1865 */ 1866 TEXT_SENTINEL() }; 1867 wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), 1868 /* 1869 * Sentinel. 1870 */ 1871 WIRE_SENTINEL() }; 1872 1873 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 1874 dns_rdatatype_eid, sizeof(dns_rdata_in_eid_t)); 1875 } 1876 1877 /* 1878 * test that an oversized HIP record will be rejected 1879 */ 1880 ISC_RUN_TEST_IMPL(hip) { 1881 text_ok_t text_ok[] = { 1882 /* RFC 8005 examples. */ 1883 TEXT_VALID_LOOP(0, "2 200100107B1A74DF365639CC39F1D578 " 1884 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1885 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1886 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1887 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1888 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D"), 1889 TEXT_VALID_LOOP(1, "2 200100107B1A74DF365639CC39F1D578 " 1890 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1891 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1892 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1893 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1894 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " 1895 "rvs1.example.com."), 1896 TEXT_VALID_LOOP(2, "2 200100107B1A74DF365639CC39F1D578 " 1897 "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI" 1898 "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW" 1899 "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b" 1900 "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx" 1901 "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D " 1902 "rvs1.example.com. rvs2.example.com."), 1903 /* 1904 * Sentinel. 1905 */ 1906 TEXT_SENTINEL() 1907 }; 1908 unsigned char hipwire[DNS_RDATA_MAXLENGTH] = { 0x01, 0x00, 0x00, 0x01, 1909 0x00, 0x00, 0x04, 0x41, 1910 0x42, 0x43, 0x44, 0x00 }; 1911 unsigned char buf[1024 * 1024]; 1912 dns_rdata_t rdata = DNS_RDATA_INIT; 1913 isc_result_t result; 1914 size_t i; 1915 1916 /* 1917 * Fill the rest of input buffer with compression pointers. 1918 */ 1919 for (i = 12; i < sizeof(hipwire) - 2; i += 2) { 1920 hipwire[i] = 0xc0; 1921 hipwire[i + 1] = 0x06; 1922 } 1923 1924 result = wire_to_rdata(hipwire, sizeof(hipwire), dns_rdataclass_in, 1925 dns_rdatatype_hip, buf, sizeof(buf), &rdata); 1926 assert_int_equal(result, DNS_R_FORMERR); 1927 check_text_ok(text_ok, dns_rdataclass_in, dns_rdatatype_hip, 1928 sizeof(dns_rdata_hip_t)); 1929 } 1930 1931 /* 1932 * ISDN tests. 1933 * 1934 * RFC 1183: 1935 * 1936 * 3.2. The ISDN RR 1937 * 1938 * The ISDN RR is defined with mnemonic ISDN and type code 20 (decimal). 1939 * 1940 * An ISDN (Integrated Service Digital Network) number is simply a 1941 * telephone number. The intent of the members of the CCITT is to 1942 * upgrade all telephone and data network service to a common service. 1943 * 1944 * The numbering plan (E.163/E.164) is the same as the familiar 1945 * international plan for POTS (an un-official acronym, meaning Plain 1946 * Old Telephone Service). In E.166, CCITT says "An E.163/E.164 1947 * telephony subscriber may become an ISDN subscriber without a number 1948 * change." 1949 * 1950 * ISDN has the following format: 1951 * 1952 * <owner> <ttl> <class> ISDN <ISDN-address> <sa> 1953 * 1954 * The <ISDN-address> field is required; <sa> is optional. 1955 * 1956 * <ISDN-address> identifies the ISDN number of <owner> and DDI (Direct 1957 * Dial In) if any, as defined by E.164 [8] and E.163 [7], the ISDN and 1958 * PSTN (Public Switched Telephone Network) numbering plan. E.163 1959 * defines the country codes, and E.164 the form of the addresses. Its 1960 * format in master files is a <character-string> syntactically 1961 * identical to that used in TXT and HINFO. 1962 * 1963 * <sa> specifies the subaddress (SA). The format of <sa> in master 1964 * files is a <character-string> syntactically identical to that used in 1965 * TXT and HINFO. 1966 * 1967 * The format of ISDN is class insensitive. ISDN RRs cause no 1968 * additional section processing. 1969 * 1970 * The <ISDN-address> is a string of characters, normally decimal 1971 * digits, beginning with the E.163 country code and ending with the DDI 1972 * if any. Note that ISDN, in Q.931, permits any IA5 character in the 1973 * general case. 1974 * 1975 * The <sa> is a string of hexadecimal digits. For digits 0-9, the 1976 * concrete encoding in the Q.931 call setup information element is 1977 * identical to BCD. 1978 * 1979 * For example: 1980 * 1981 * Relay.Prime.COM. IN ISDN 150862028003217 1982 * sh.Prime.COM. IN ISDN 150862028003217 004 1983 * 1984 * (Note: "1" is the country code for the North American Integrated 1985 * Numbering Area, i.e., the system of "area codes" familiar to people 1986 * in those countries.) 1987 * 1988 * The RR data is the ASCII representation of the digits. It is encoded 1989 * as one or two <character-string>s, i.e., count followed by 1990 * characters. 1991 */ 1992 ISC_RUN_TEST_IMPL(isdn) { 1993 wire_ok_t wire_ok[] = { /* 1994 * "". 1995 */ 1996 WIRE_VALID(0x00), 1997 /* 1998 * "\001". 1999 */ 2000 WIRE_VALID(0x01, 0x01), 2001 /* 2002 * "\001" "". 2003 */ 2004 WIRE_VALID(0x01, 0x01, 0x00), 2005 /* 2006 * "\001" "\001". 2007 */ 2008 WIRE_VALID(0x01, 0x01, 0x01, 0x01), 2009 /* 2010 * Sentinel. 2011 */ 2012 WIRE_SENTINEL() 2013 }; 2014 2015 check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, 2016 dns_rdatatype_isdn, sizeof(dns_rdata_isdn_t)); 2017 } 2018 2019 /* 2020 * KEY tests. 2021 */ 2022 ISC_RUN_TEST_IMPL(key) { 2023 wire_ok_t wire_ok[] = { 2024 /* 2025 * RDATA is comprised of: 2026 * 2027 * - 2 octets for Flags, 2028 * - 1 octet for Protocol, 2029 * - 1 octet for Algorithm, 2030 * - variable number of octets for Public Key. 2031 * 2032 * RFC 2535 section 3.1.2 states that if bits 2033 * 0-1 of Flags are both set, the RR stops after 2034 * the algorithm octet and thus its length must 2035 * be 4 octets. In any other case, though, the 2036 * Public Key part must not be empty. 2037 * 2038 * Algorithms PRIVATEDNS (253) and PRIVATEOID (254) 2039 * have an algorithm identifier embedded and the start 2040 * of the public key. 2041 */ 2042 WIRE_INVALID(0x00), WIRE_INVALID(0x00, 0x00), 2043 WIRE_INVALID(0x00, 0x00, 0x00), 2044 WIRE_VALID(0xc0, 0x00, 0x00, 0x00), 2045 WIRE_INVALID(0xc0, 0x00, 0x00, 0x00, 0x00), 2046 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 2047 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 2048 /* PRIVATEDNS example. */ 2049 WIRE_INVALID(0x00, 0x00, 0x00, 253, 0x07, 'e', 'x', 'a', 'm', 2050 'p', 'l', 'e', 0x00), 2051 /* PRIVATEDNS example. + keydata */ 2052 WIRE_VALID(0x00, 0x00, 0x00, 253, 0x07, 'e', 'x', 'a', 'm', 'p', 2053 'l', 'e', 0x00, 0x00), 2054 /* PRIVATEDNS compression pointer. */ 2055 WIRE_INVALID(0x00, 0x00, 0x00, 253, 0xc0, 0x00, 0x00), 2056 /* PRIVATEOID */ 2057 WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x00), 2058 /* PRIVATEOID 1.3.6.1.4.1.2495 */ 2059 WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06, 2060 0x01, 0x04, 0x01, 0x93, 0x3f), 2061 /* PRIVATEOID 1.3.6.1.4.1.2495 + keydata */ 2062 WIRE_VALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06, 0x01, 2063 0x04, 0x01, 0x93, 0x3f, 0x00), 2064 /* PRIVATEOID malformed OID - high-bit set on last octet */ 2065 WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x06, 0x07, 0x2b, 0x06, 2066 0x01, 0x04, 0x01, 0x93, 0xbf, 0x00), 2067 /* PRIVATEOID malformed OID - wrong tag */ 2068 WIRE_INVALID(0x00, 0x00, 0x00, 254, 0x07, 0x07, 0x2b, 0x06, 2069 0x01, 0x04, 0x01, 0x93, 0x3f, 0x00), 2070 WIRE_SENTINEL() 2071 }; 2072 text_ok_t text_ok[] = { /* PRIVATEDNS example. */ 2073 TEXT_INVALID("0 0 253 B2V4YW1wbGUA"), 2074 /* PRIVATEDNS example. + keydata */ 2075 TEXT_VALID("0 0 253 B2V4YW1wbGUAAA=="), 2076 /* PRIVATEDNS compression pointer. */ 2077 TEXT_INVALID("0 0 253 wAAA"), 2078 /* PRIVATEOID */ 2079 TEXT_INVALID("0 0 254 AA=="), 2080 /* PRIVATEOID 1.3.6.1.4.1.2495 */ 2081 TEXT_INVALID("0 0 254 BgcrBgEEAZM/"), 2082 /* PRIVATEOID 1.3.6.1.4.1.2495 + keydata */ 2083 TEXT_VALID("0 0 254 BgcrBgEEAZM/AA=="), 2084 /* PRIVATEOID malformed OID - high-bit set on 2085 last octet */ 2086 TEXT_INVALID("0 0 254 BgcrBgEEAZO/AA=="), 2087 /* PRIVATEOID malformed OID - wrong tag */ 2088 TEXT_INVALID("0 0 254 BwcrBgEEAZM/AA=="), 2089 /* 2090 * Sentinel. 2091 */ 2092 TEXT_SENTINEL() 2093 }; 2094 2095 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2096 dns_rdatatype_key, sizeof(dns_rdata_key_t)); 2097 } 2098 2099 /* 2100 * LOC tests. 2101 */ 2102 ISC_RUN_TEST_IMPL(loc) { 2103 text_ok_t text_ok[] = { 2104 TEXT_VALID_CHANGED("0 N 0 E 0", "0 0 0.000 N 0 0 0.000 E 0.00m " 2105 "1m 10000m 10m"), 2106 TEXT_VALID_CHANGED("0 S 0 W 0", "0 0 0.000 N 0 0 0.000 E 0.00m " 2107 "1m 10000m 10m"), 2108 TEXT_VALID_CHANGED("0 0 N 0 0 E 0", "0 0 0.000 N 0 0 0.000 E " 2109 "0.00m 1m 10000m 10m"), 2110 TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", 2111 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2112 "10m"), 2113 TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0", 2114 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2115 "10m"), 2116 TEXT_VALID_CHANGED("0 0 0. N 0 0 0. E 0", 2117 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2118 "10m"), 2119 TEXT_VALID_CHANGED("0 0 .0 N 0 0 .0 E 0", 2120 "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m " 2121 "10m"), 2122 TEXT_INVALID("0 North 0 East 0"), 2123 TEXT_INVALID("0 South 0 West 0"), 2124 TEXT_INVALID("0 0 . N 0 0 0. E 0"), 2125 TEXT_INVALID("0 0 0. N 0 0 . E 0"), 2126 TEXT_INVALID("0 0 0. N 0 0 0. E m"), 2127 TEXT_INVALID("0 0 0. N 0 0 0. E 0 ."), 2128 TEXT_INVALID("0 0 0. N 0 0 0. E 0 m"), 2129 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 ."), 2130 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 m"), 2131 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 ."), 2132 TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 m"), 2133 TEXT_VALID_CHANGED("90 N 180 E 0", "90 0 0.000 N 180 0 0.000 E " 2134 "0.00m 1m 10000m 10m"), 2135 TEXT_INVALID("90 1 N 180 E 0"), 2136 TEXT_INVALID("90 0 1 N 180 E 0"), 2137 TEXT_INVALID("90 N 180 1 E 0"), 2138 TEXT_INVALID("90 N 180 0 1 E 0"), 2139 TEXT_VALID_CHANGED("90 S 180 W 0", "90 0 0.000 S 180 0 0.000 W " 2140 "0.00m 1m 10000m 10m"), 2141 TEXT_INVALID("90 1 S 180 W 0"), 2142 TEXT_INVALID("90 0 1 S 180 W 0"), 2143 TEXT_INVALID("90 S 180 1 W 0"), 2144 TEXT_INVALID("90 S 180 0 1 W 0"), 2145 TEXT_INVALID("0 0 0.000 E 0 0 0.000 E -0.95m 1m 10000m 10m"), 2146 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.95m 1m 10000m 10m"), 2147 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.05m 1m 10000m 10m"), 2148 TEXT_VALID("0 0 0.000 N 0 0 0.000 E -100000.00m 1m 10000m 10m"), 2149 TEXT_VALID("0 0 0.000 N 0 0 0.000 E 42849672.95m 1m 10000m " 2150 "10m"), 2151 /* 2152 * Sentinel. 2153 */ 2154 TEXT_SENTINEL() 2155 }; 2156 2157 check_rdata(text_ok, 0, NULL, false, dns_rdataclass_in, 2158 dns_rdatatype_loc, sizeof(dns_rdata_loc_t)); 2159 } 2160 2161 /* 2162 * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt 2163 * 2164 * The RDATA portion of both the NIMLOC and EID records contains 2165 * uninterpreted binary data. The representation in the text master file 2166 * is an even number of hex characters (0 to 9, a to f), case is not 2167 * significant. For readability, whitespace may be included in the value 2168 * field and should be ignored when reading a master file. 2169 */ 2170 ISC_RUN_TEST_IMPL(nimloc) { 2171 text_ok_t text_ok[] = { TEXT_VALID("AABBCC"), 2172 TEXT_VALID_CHANGED("AA bb cc", "AABBCC"), 2173 TEXT_INVALID("aab"), 2174 /* 2175 * Sentinel. 2176 */ 2177 TEXT_SENTINEL() }; 2178 wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC), 2179 /* 2180 * Sentinel. 2181 */ 2182 WIRE_SENTINEL() }; 2183 2184 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2185 dns_rdatatype_nimloc, sizeof(dns_rdata_in_nimloc_t)); 2186 } 2187 2188 /* 2189 * NSEC tests. 2190 * 2191 * RFC 4034: 2192 * 2193 * 4.1. NSEC RDATA Wire Format 2194 * 2195 * The RDATA of the NSEC RR is as shown below: 2196 * 2197 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 2198 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2199 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2200 * / Next Domain Name / 2201 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2202 * / Type Bit Maps / 2203 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2204 * 2205 * 4.1.1. The Next Domain Name Field 2206 * 2207 * The Next Domain field contains the next owner name (in the canonical 2208 * ordering of the zone) that has authoritative data or contains a 2209 * delegation point NS RRset; see Section 6.1 for an explanation of 2210 * canonical ordering. The value of the Next Domain Name field in the 2211 * last NSEC record in the zone is the name of the zone apex (the owner 2212 * name of the zone's SOA RR). This indicates that the owner name of 2213 * the NSEC RR is the last name in the canonical ordering of the zone. 2214 * 2215 * A sender MUST NOT use DNS name compression on the Next Domain Name 2216 * field when transmitting an NSEC RR. 2217 * 2218 * Owner names of RRsets for which the given zone is not authoritative 2219 * (such as glue records) MUST NOT be listed in the Next Domain Name 2220 * unless at least one authoritative RRset exists at the same owner 2221 * name. 2222 * 2223 * 4.1.2. The Type Bit Maps Field 2224 * 2225 * The Type Bit Maps field identifies the RRset types that exist at the 2226 * NSEC RR's owner name. 2227 * 2228 * The RR type space is split into 256 window blocks, each representing 2229 * the low-order 8 bits of the 16-bit RR type space. Each block that 2230 * has at least one active RR type is encoded using a single octet 2231 * window number (from 0 to 255), a single octet bitmap length (from 1 2232 * to 32) indicating the number of octets used for the window block's 2233 * bitmap, and up to 32 octets (256 bits) of bitmap. 2234 * 2235 * Blocks are present in the NSEC RR RDATA in increasing numerical 2236 * order. 2237 * 2238 * Type Bit Maps Field = ( Window Block # | Bitmap Length | Bitmap )+ 2239 * 2240 * where "|" denotes concatenation. 2241 * 2242 * Each bitmap encodes the low-order 8 bits of RR types within the 2243 * window block, in network bit order. The first bit is bit 0. For 2244 * window block 0, bit 1 corresponds to RR type 1 (A), bit 2 corresponds 2245 * to RR type 2 (NS), and so forth. For window block 1, bit 1 2246 * corresponds to RR type 257, and bit 2 to RR type 258. If a bit is 2247 * set, it indicates that an RRset of that type is present for the NSEC 2248 * RR's owner name. If a bit is clear, it indicates that no RRset of 2249 * that type is present for the NSEC RR's owner name. 2250 * 2251 * Bits representing pseudo-types MUST be clear, as they do not appear 2252 * in zone data. If encountered, they MUST be ignored upon being read. 2253 */ 2254 ISC_RUN_TEST_IMPL(nsec) { 2255 text_ok_t text_ok[] = { TEXT_INVALID(""), TEXT_INVALID("."), 2256 TEXT_VALID(". RRSIG"), TEXT_SENTINEL() }; 2257 wire_ok_t wire_ok[] = { WIRE_INVALID(0x00), WIRE_INVALID(0x00, 0x00), 2258 WIRE_INVALID(0x00, 0x00, 0x00), 2259 WIRE_VALID(0x00, 0x00, 0x01, 0x02), 2260 WIRE_SENTINEL() }; 2261 2262 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2263 dns_rdatatype_nsec, sizeof(dns_rdata_nsec_t)); 2264 } 2265 2266 /* 2267 * NSEC3 tests. 2268 * 2269 * RFC 5155. 2270 */ 2271 ISC_RUN_TEST_IMPL(nsec3) { 2272 text_ok_t text_ok[] = { TEXT_INVALID(""), 2273 TEXT_INVALID("."), 2274 TEXT_INVALID(". RRSIG"), 2275 TEXT_INVALID("1 0 10 76931F"), 2276 TEXT_INVALID("1 0 10 76931F " 2277 "IMQ912BREQP1POLAH3RMONG&" 2278 "UED541AS"), 2279 TEXT_INVALID("1 0 10 76931F " 2280 "IMQ912BREQP1POLAH3RMONGAUED541AS " 2281 "A RRSIG BADTYPE"), 2282 TEXT_VALID("1 0 10 76931F " 2283 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM A " 2284 "RRSIG"), 2285 TEXT_VALID("1 0 10 76931F " 2286 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), 2287 TEXT_VALID("1 0 10 - " 2288 "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"), 2289 TEXT_SENTINEL() }; 2290 2291 check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in, 2292 dns_rdatatype_nsec3, sizeof(dns_rdata_nsec3_t)); 2293 } 2294 2295 /* NXT RDATA manipulations */ 2296 ISC_RUN_TEST_IMPL(nxt) { 2297 compare_ok_t compare_ok[] = { 2298 COMPARE("a. A SIG", "a. A SIG", 0), 2299 /* 2300 * Records that differ only in the case of the next 2301 * name should be equal. 2302 */ 2303 COMPARE("A. A SIG", "a. A SIG", 0), 2304 /* 2305 * Sorting on name field. 2306 */ 2307 COMPARE("A. A SIG", "b. A SIG", -1), 2308 COMPARE("b. A SIG", "A. A SIG", 1), 2309 /* bit map differs */ 2310 COMPARE("b. A SIG", "b. A AAAA SIG", -1), 2311 /* order of bit map does not matter */ 2312 COMPARE("b. A SIG AAAA", "b. A AAAA SIG", 0), COMPARE_SENTINEL() 2313 }; 2314 2315 check_rdata(NULL, NULL, compare_ok, false, dns_rdataclass_in, 2316 dns_rdatatype_nxt, sizeof(dns_rdata_nxt_t)); 2317 } 2318 2319 ISC_RUN_TEST_IMPL(rkey) { 2320 text_ok_t text_ok[] = { /* 2321 * Valid, flags set to 0 and a key is present. 2322 */ 2323 TEXT_VALID("0 0 0 aaaa"), 2324 /* 2325 * Invalid, non-zero flags. 2326 */ 2327 TEXT_INVALID("1 0 0 aaaa"), 2328 TEXT_INVALID("65535 0 0 aaaa"), 2329 /* 2330 * Sentinel. 2331 */ 2332 TEXT_SENTINEL() 2333 }; 2334 wire_ok_t wire_ok[] = { /* 2335 * Valid, flags set to 0 and a key is present. 2336 */ 2337 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00), 2338 /* 2339 * Invalid, non-zero flags. 2340 */ 2341 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00), 2342 WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00), 2343 /* 2344 * Sentinel. 2345 */ 2346 WIRE_SENTINEL() 2347 }; 2348 key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); 2349 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2350 dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t)); 2351 } 2352 2353 ISC_RUN_TEST_IMPL(resinfo) { 2354 text_ok_t text_ok[] = { 2355 TEXT_VALID_CHANGED("qnamemin exterr=15,16,17 " 2356 "infourl=https://resolver.example.com/guide", 2357 "\"qnamemin\" \"exterr=15,16,17\" " 2358 "\"infourl=https://resolver.example.com/" 2359 "guide\""), 2360 /* 2361 * Sentinel. 2362 */ 2363 TEXT_SENTINEL() 2364 }; 2365 check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in, 2366 dns_rdatatype_resinfo, sizeof(dns_rdata_rkey_t)); 2367 } 2368 2369 /* SSHFP RDATA manipulations */ 2370 ISC_RUN_TEST_IMPL(sshfp) { 2371 text_ok_t text_ok[] = { TEXT_INVALID(""), /* too short */ 2372 TEXT_INVALID("0"), /* reserved, too short */ 2373 TEXT_VALID("0 0"), /* no finger print */ 2374 TEXT_VALID("0 0 AA"), /* reserved */ 2375 TEXT_INVALID("0 1 AA"), /* too short SHA 1 2376 * digest */ 2377 TEXT_INVALID("0 2 AA"), /* too short SHA 256 2378 * digest */ 2379 TEXT_VALID("0 3 AA"), /* unknown finger print 2380 * type */ 2381 /* good length SHA 1 digest */ 2382 TEXT_VALID("1 1 " 2383 "00112233445566778899AABBCCDDEEFF171" 2384 "81920"), 2385 /* good length SHA 256 digest */ 2386 TEXT_VALID("4 2 " 2387 "A87F1B687AC0E57D2A081A2F282672334D9" 2388 "0ED316D2B818CA9580EA3 84D92401"), 2389 /* 2390 * totext splits the fingerprint into chunks and 2391 * emits uppercase hex. 2392 */ 2393 TEXT_VALID_CHANGED("1 2 " 2394 "00112233445566778899aabbccd" 2395 "deeff " 2396 "00112233445566778899AABBCCD" 2397 "DEEFF", 2398 "1 2 " 2399 "00112233445566778899AABBCCD" 2400 "DEEFF" 2401 "00112233445566778899AABB " 2402 "CCDDEEFF"), 2403 TEXT_SENTINEL() }; 2404 wire_ok_t wire_ok[] = { 2405 WIRE_INVALID(0x00), /* reserved too short */ 2406 WIRE_VALID(0x00, 0x00), /* reserved no finger print */ 2407 WIRE_VALID(0x00, 0x00, 0x00), /* reserved */ 2408 2409 /* too short SHA 1 digests */ 2410 WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00), 2411 WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2412 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2413 0xEE, 0xFF, 0x17, 0x18, 0x19), 2414 /* good length SHA 1 digest */ 2415 WIRE_VALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 2416 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 2417 0x17, 0x18, 0x19, 0x20), 2418 /* too long SHA 1 digest */ 2419 WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2420 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2421 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21), 2422 /* too short SHA 256 digests */ 2423 WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00), 2424 WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2425 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2426 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 2427 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 2428 0x31), 2429 /* good length SHA 256 digest */ 2430 WIRE_VALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 2431 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, 2432 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 2433 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32), 2434 /* too long SHA 256 digest */ 2435 WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 2436 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 2437 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 2438 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30, 2439 0x31, 0x32, 0x33), 2440 /* unknown digest, * no fingerprint */ 2441 WIRE_VALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), /* unknown 2442 * digest 2443 */ 2444 WIRE_SENTINEL() 2445 }; 2446 2447 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2448 dns_rdatatype_sshfp, sizeof(dns_rdata_sshfp_t)); 2449 } 2450 2451 ISC_RUN_TEST_IMPL(wallet) { 2452 text_ok_t text_ok[] = { TEXT_VALID_CHANGED("cid-example wid-example", 2453 "\"cid-example\" " 2454 "\"wid-example\""), 2455 /* 2456 * Sentinel. 2457 */ 2458 TEXT_SENTINEL() }; 2459 check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in, 2460 dns_rdatatype_wallet, sizeof(dns_rdata_rkey_t)); 2461 } 2462 2463 /* 2464 * WKS tests. 2465 * 2466 * RFC 1035: 2467 * 2468 * 3.4.2. WKS RDATA format 2469 * 2470 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2471 * | ADDRESS | 2472 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2473 * | PROTOCOL | | 2474 * +--+--+--+--+--+--+--+--+ | 2475 * | | 2476 * / <BIT MAP> / 2477 * / / 2478 * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ 2479 * 2480 * where: 2481 * 2482 * ADDRESS An 32 bit Internet address 2483 * 2484 * PROTOCOL An 8 bit IP protocol number 2485 * 2486 * <BIT MAP> A variable length bit map. The bit map must be a 2487 * multiple of 8 bits long. 2488 * 2489 * The WKS record is used to describe the well known services supported by 2490 * a particular protocol on a particular internet address. The PROTOCOL 2491 * field specifies an IP protocol number, and the bit map has one bit per 2492 * port of the specified protocol. The first bit corresponds to port 0, 2493 * the second to port 1, etc. If the bit map does not include a bit for a 2494 * protocol of interest, that bit is assumed zero. The appropriate values 2495 * and mnemonics for ports and protocols are specified in [RFC-1010]. 2496 * 2497 * For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port 2498 * 25 (SMTP). If this bit is set, a SMTP server should be listening on TCP 2499 * port 25; if zero, SMTP service is not supported on the specified 2500 * address. 2501 */ 2502 ISC_RUN_TEST_IMPL(wks) { 2503 text_ok_t text_ok[] = { /* 2504 * Valid, IPv4 address in dotted-quad form. 2505 */ 2506 TEXT_VALID("127.0.0.1 6"), 2507 /* 2508 * Invalid, IPv4 address not in dotted-quad 2509 * form. 2510 */ 2511 TEXT_INVALID("127.1 6"), 2512 /* 2513 * Sentinel. 2514 */ 2515 TEXT_SENTINEL() 2516 }; 2517 wire_ok_t wire_ok[] = { /* 2518 * Too short. 2519 */ 2520 WIRE_INVALID(0x00, 0x08, 0x00, 0x00), 2521 /* 2522 * Minimal TCP. 2523 */ 2524 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 6), 2525 /* 2526 * Minimal UDP. 2527 */ 2528 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 17), 2529 /* 2530 * Minimal other. 2531 */ 2532 WIRE_VALID(0x00, 0x08, 0x00, 0x00, 1), 2533 /* 2534 * Sentinel. 2535 */ 2536 WIRE_SENTINEL() 2537 }; 2538 2539 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2540 dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t)); 2541 } 2542 2543 ISC_RUN_TEST_IMPL(https_svcb) { 2544 /* 2545 * Known keys: mandatory, apln, no-default-alpn, port, 2546 * ipv4hint, port, ipv6hint, dohpath. 2547 */ 2548 text_ok_t text_ok[] = { 2549 /* unknown key invalid */ 2550 TEXT_INVALID("1 . unknown="), 2551 /* no domain */ 2552 TEXT_INVALID("0"), 2553 /* minimal record */ 2554 TEXT_VALID_LOOP(0, "0 ."), 2555 /* Alias form possible future extension */ 2556 TEXT_VALID_LOOP(1, "0 . alpn=\"h2\""), 2557 /* no "key" prefix */ 2558 TEXT_INVALID("2 svc.example.net. 0=\"2222\""), 2559 /* no key value */ 2560 TEXT_INVALID("2 svc.example.net. key"), 2561 /* no key value */ 2562 TEXT_INVALID("2 svc.example.net. key=\"2222\""), 2563 /* zero pad invalid */ 2564 TEXT_INVALID("2 svc.example.net. key07=\"2222\""), 2565 TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), 2566 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key8=2222", 2567 "2 svc.example.net. key8=\"2222\""), 2568 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2", 2569 "2 svc.example.net. alpn=\"h2\""), 2570 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h3", 2571 "2 svc.example.net. alpn=\"h3\""), 2572 /* alpn has 2 sub field "h2" and "h3" */ 2573 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2,h3", 2574 "2 svc.example.net. alpn=\"h2,h3\""), 2575 /* apln has 2 sub fields "h1,h2" and "h3" (comma escaped) */ 2576 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h1\\\\,h2,h3", 2577 "2 svc.example.net. alpn=\"h1\\\\,h2,h3\""), 2578 TEXT_VALID_LOOP(1, "2 svc.example.net. port=50"), 2579 /* no-default-alpn, alpn is required */ 2580 TEXT_INVALID("2 svc.example.net. no-default-alpn"), 2581 /* no-default-alpn with alpn present */ 2582 TEXT_VALID_LOOPCHG( 2583 2, "2 svc.example.net. no-default-alpn alpn=h2", 2584 "2 svc.example.net. alpn=\"h2\" no-default-alpn"), 2585 /* empty hint */ 2586 TEXT_INVALID("2 svc.example.net. ipv4hint="), 2587 TEXT_VALID_LOOP(1, "2 svc.example.net. " 2588 "ipv4hint=10.50.0.1,10.50.0.2"), 2589 /* empty hint */ 2590 TEXT_INVALID("2 svc.example.net. ipv6hint="), 2591 TEXT_VALID_LOOP(1, "2 svc.example.net. ipv6hint=::1,2002::1"), 2592 TEXT_VALID_LOOP(1, "2 svc.example.net. ech=abcdefghijkl"), 2593 /* bad base64 */ 2594 TEXT_INVALID("2 svc.example.net. ech=abcdefghijklm"), 2595 TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""), 2596 /* Out of key order on input (alpn == key1). */ 2597 TEXT_VALID_LOOPCHG(2, 2598 "2 svc.example.net. key8=\"2222\" alpn=h2", 2599 "2 svc.example.net. alpn=\"h2\" " 2600 "key8=\"2222\""), 2601 TEXT_VALID_LOOP(1, "2 svc.example.net. key65535=\"2222\""), 2602 TEXT_INVALID("2 svc.example.net. key65536=\"2222\""), 2603 TEXT_VALID_LOOP(1, "2 svc.example.net. key10"), 2604 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key11=", 2605 "2 svc.example.net. key11"), 2606 TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key12=\"\"", 2607 "2 svc.example.net. key12"), 2608 /* empty alpn-id sub fields */ 2609 TEXT_INVALID("2 svc.example.net. alpn"), 2610 TEXT_INVALID("2 svc.example.net. alpn="), 2611 TEXT_INVALID("2 svc.example.net. alpn=,h1"), 2612 TEXT_INVALID("2 svc.example.net. alpn=h1,"), 2613 TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"), 2614 /* empty alpn-id sub fields - RFC 1035 escaped commas */ 2615 TEXT_INVALID("2 svc.example.net. alpn=\\,abc"), 2616 TEXT_INVALID("2 svc.example.net. alpn=abc\\,"), 2617 TEXT_INVALID("2 svc.example.net. alpn=a\\,\\,abc"), 2618 /* mandatory */ 2619 TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn " 2620 "alpn=\"h2\""), 2621 TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=alpn,port " 2622 "alpn=\"h2\" port=443"), 2623 TEXT_VALID_LOOPCHG(3, 2624 "2 svc.example.net. mandatory=port,alpn " 2625 "alpn=\"h2\" port=443", 2626 "2 svc.example.net. mandatory=alpn,port " 2627 "alpn=\"h2\" port=443"), 2628 TEXT_INVALID("2 svc.example.net. mandatory=mandatory"), 2629 TEXT_INVALID("2 svc.example.net. mandatory=port"), 2630 TEXT_INVALID("2 svc.example.net. mandatory=,port port=433"), 2631 TEXT_INVALID("2 svc.example.net. mandatory=port, port=433"), 2632 TEXT_INVALID("2 svc.example.net. " 2633 "mandatory=alpn,,port alpn=h2 port=433"), 2634 /* mandatory w/ unknown key values */ 2635 TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=key8 key8"), 2636 TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=key8,key9 " 2637 "key8 key9"), 2638 TEXT_VALID_LOOPCHG( 2639 3, "2 svc.example.net. mandatory=key9,key8 key8 key9", 2640 "2 svc.example.net. mandatory=key8,key9 key8 key9"), 2641 TEXT_INVALID("2 svc.example.net. " 2642 "mandatory=key8,key8"), 2643 TEXT_INVALID("2 svc.example.net. mandatory=,key8"), 2644 TEXT_INVALID("2 svc.example.net. mandatory=key8,"), 2645 TEXT_INVALID("2 svc.example.net. " 2646 "mandatory=key8,,key8"), 2647 /* Invalid test vectors */ 2648 TEXT_INVALID("1 foo.example.com. ( key123=abc key123=def )"), 2649 TEXT_INVALID("1 foo.example.com. mandatory"), 2650 TEXT_INVALID("1 foo.example.com. alpn"), 2651 TEXT_INVALID("1 foo.example.com. port"), 2652 TEXT_INVALID("1 foo.example.com. ipv4hint"), 2653 TEXT_INVALID("1 foo.example.com. ipv6hint"), 2654 TEXT_INVALID("1 foo.example.com. no-default-alpn=abc"), 2655 TEXT_INVALID("1 foo.example.com. mandatory=key123"), 2656 TEXT_INVALID("1 foo.example.com. mandatory=mandatory"), 2657 TEXT_INVALID("1 foo.example.com. ( mandatory=key123,key123 " 2658 "key123=abc)"), 2659 /* dohpath tests */ 2660 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns}", 2661 "1 example.net. key7=\"/{dns}\""), 2662 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{+dns}", 2663 "1 example.net. key7=\"/{+dns}\""), 2664 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{#dns}", 2665 "1 example.net. key7=\"/{#dns}\""), 2666 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{.dns}", 2667 "1 example.net. key7=\"/{.dns}\""), 2668 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=\"/{;dns}\"", 2669 "1 example.net. key7=\"/{;dns}\""), 2670 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{?dns}", 2671 "1 example.net. key7=\"/{?dns}\""), 2672 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}", 2673 "1 example.net. key7=\"/some/path{?dns}\""), 2674 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns:9999}", 2675 "1 example.net. key7=\"/{dns:9999}\""), 2676 TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{dns*}", 2677 "1 example.net. key7=\"/{dns*}\""), 2678 TEXT_VALID_LOOPCHG( 2679 1, "1 example.net. dohpath=/some/path?key=value{&dns}", 2680 "1 example.net. key7=\"/some/path?key=value{&dns}\""), 2681 TEXT_VALID_LOOPCHG(1, 2682 "1 example.net. " 2683 "dohpath=/some/path?key=value{&dns,x*}", 2684 "1 example.net. " 2685 "key7=\"/some/path?key=value{&dns,x*}\""), 2686 TEXT_INVALID("1 example.com. dohpath=not-relative"), 2687 TEXT_INVALID("1 example.com. dohpath=/{?no_dns_variable}"), 2688 TEXT_INVALID("1 example.com. dohpath=/novariable"), 2689 TEXT_INVALID("1 example.com. dohpath=/{?dnsx}"), 2690 /* index too big > 9999 */ 2691 TEXT_INVALID("1 example.com. dohpath=/{?dns:10000}"), 2692 /* index not postive */ 2693 TEXT_INVALID("1 example.com. dohpath=/{?dns:0}"), 2694 /* index leading zero */ 2695 TEXT_INVALID("1 example.com. dohpath=/{?dns:01}"), 2696 /* two operators */ 2697 TEXT_INVALID("1 example.com. dohpath=/{??dns}"), 2698 /* invalid % encoding */ 2699 TEXT_INVALID("1 example.com. dohpath=/%a{?dns}"), 2700 /* invalid % encoding */ 2701 TEXT_INVALID("1 example.com. dohpath=/{?dns,%a}"), 2702 /* incomplete macro */ 2703 TEXT_INVALID("1 example.com. dohpath=/{?dns" /*}*/), 2704 TEXT_SENTINEL() 2705 2706 }; 2707 wire_ok_t wire_ok[] = { 2708 /* 2709 * Too short 2710 */ 2711 WIRE_INVALID(0x00, 0x00), 2712 /* 2713 * Minimal length record. 2714 */ 2715 WIRE_VALID(0x00, 0x00, 0x00), 2716 /* 2717 * Alias with invalid dohpath. 2718 */ 2719 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00), 2720 /* 2721 * Bad key7= length (longer than rdata). 2722 */ 2723 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x07, 0x00, 0x01), 2724 /* 2725 * Port (0x03) too small (zero and one octets). 2726 */ 2727 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x00), 2728 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00), 2729 /* Valid port */ 2730 WIRE_VALID_LOOP(1, 0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x02, 2731 0x00, 0x00), 2732 /* 2733 * Port (0x03) too big (three octets). 2734 */ 2735 WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x03, 0x00, 2736 0x00, 0x00), 2737 /* 2738 * Duplicate keys. 2739 */ 2740 WIRE_INVALID(0x01, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 2741 0x80, 0x00, 0x00), 2742 /* 2743 * Out of order keys. 2744 */ 2745 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x81, 0x00, 0x00, 0x00, 2746 0x80, 0x00, 0x00), 2747 /* 2748 * Empty of mandatory key list. 2749 */ 2750 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00), 2751 /* 2752 * "mandatory=mandatory" is invalid 2753 */ 2754 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 2755 0x00), 2756 /* 2757 * Out of order mandatory key list. 2758 */ 2759 WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 2760 0x80, 0x00, 0x71, 0x00, 0x71, 0x00, 0x00, 0x00, 2761 0x80, 0x00, 0x00), 2762 /* 2763 * Alpn(0x00 0x01) (length 0x00 0x09) "h1,h2" + "h3" 2764 */ 2765 WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, 2766 5, 'h', '1', ',', 'h', '2', 2, 'h', '3'), 2767 /* 2768 * Alpn(0x00 0x01) (length 0x00 0x09) "h1\h2" + "h3" 2769 */ 2770 WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09, 2771 5, 'h', '1', '\\', 'h', '2', 2, 'h', '3'), 2772 /* 2773 * no-default-alpn (0x00 0x02) without alpn, alpn is required. 2774 */ 2775 WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00), 2776 /* 2777 * Alpn(0x00 0x01) with zero length elements is invalid 2778 */ 2779 WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x05, 2780 0x00, 0x00, 0x00, 0x00, 0x00), 2781 WIRE_SENTINEL() 2782 }; 2783 /* Test vectors from RFCXXXX */ 2784 textvsunknown_t textvsunknown[] = { 2785 /* AliasForm */ 2786 { "0 foo.example.com", "\\# 19 ( 00 00 03 66 6f 6f 07 65 78 61 " 2787 "6d 70 6c 65 03 63 6f 6d 00)" }, 2788 /* ServiceForm */ 2789 { "1 .", "\\# 3 ( 00 01 00)" }, 2790 /* Port example */ 2791 { "16 foo.example.com port=53", 2792 "\\# 25 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2793 "6d 00 00 03 00 02 00 35 )" }, 2794 /* Unregistered keys with unquoted value. */ 2795 { "1 foo.example.com key667=hello", 2796 "\\# 28 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2797 "6d 00 02 9b 00 05 68 65 6c 6c 6f )" }, 2798 /* 2799 * Quoted decimal-escaped character. 2800 * 1 foo.example.com key667="hello\210qoo" 2801 */ 2802 { "1 foo.example.com key667=\"hello\\210qoo\"", 2803 "\\# 32 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2804 "6d 00 02 9b 00 09 68 65 6c 6c 6f d2 71 6f 6f )" }, 2805 /* 2806 * IPv6 hints example, quoted. 2807 * 1 foo.example.com ipv6hint="2001:db8::1,2001:db8::53:1" 2808 */ 2809 { "1 foo.example.com ipv6hint=\"2001:db8::1,2001:db8::53:1\"", 2810 "\\# 55 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f " 2811 "6d 00 00 06 00 20 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 " 2812 "00 01 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 )" }, 2813 /* SvcParamValues and mandatory out of order. */ 2814 { "16 foo.example.org alpn=h2,h3-19 mandatory=ipv4hint,alpn " 2815 "ipv4hint=192.0.2.1", 2816 "\\# 48 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2817 "67 00 00 00 00 04 00 01 00 04 00 01 00 09 02 68 32 05 68 33 " 2818 "2d 31 39 00 04 00 04 c0 00 02 01 )" }, 2819 /* 2820 * Quoted ALPN with escaped comma and backslash. 2821 * 16 foo.example.org alpn="f\\\\oo\\,bar,h2" 2822 */ 2823 { "16 foo.example.org alpn=\"f\\\\\\\\oo\\\\,bar,h2\"", 2824 "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2825 "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, 2826 /* 2827 * Unquoted ALPN with escaped comma and backslash. 2828 * 16 foo.example.org alpn=f\\\092oo\092,bar,h2 2829 */ 2830 { "16 foo.example.org alpn=f\\\\\\092oo\\092,bar,h2", 2831 "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 " 2832 "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" }, 2833 { NULL, NULL } 2834 }; 2835 2836 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2837 dns_rdatatype_svcb, sizeof(dns_rdata_in_svcb_t)); 2838 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 2839 dns_rdatatype_https, sizeof(dns_rdata_in_https_t)); 2840 2841 check_textvsunknown(textvsunknown, dns_rdataclass_in, 2842 dns_rdatatype_svcb); 2843 check_textvsunknown(textvsunknown, dns_rdataclass_in, 2844 dns_rdatatype_https); 2845 } 2846 2847 /* 2848 * ZONEMD tests. 2849 * 2850 * Excerpted from RFC 8976: 2851 * 2852 * The ZONEMD RDATA wire format is encoded as follows: 2853 * 2854 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 2855 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2856 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2857 * | Serial | 2858 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2859 * | Scheme |Hash Algorithm | | 2860 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | 2861 * | Digest | 2862 * / / 2863 * / / 2864 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 2865 * 2866 * 2.2.1. The Serial Field 2867 * 2868 * The Serial field is a 32-bit unsigned integer in network byte order. 2869 * It is the serial number from the zone's SOA record ([RFC1035], 2870 * Section 3.3.13) for which the zone digest was generated. 2871 * 2872 * It is included here to clearly bind the ZONEMD RR to a particular 2873 * version of the zone's content. Without the serial number, a stand- 2874 * alone ZONEMD digest has no obvious association to any particular 2875 * instance of a zone. 2876 * 2877 * 2.2.2. The Scheme Field 2878 * 2879 * The Scheme field is an 8-bit unsigned integer that identifies the 2880 * methods by which data is collated and presented as input to the 2881 * hashing function. 2882 * 2883 * Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme 2884 * defined for ZONEMD records and it MUST be supported by 2885 * implementations. The "ZONEMD Schemes" registry is further described 2886 * in Section 5. 2887 * 2888 * Scheme values 240-254 are allocated for Private Use. 2889 * 2890 * 2.2.3. The Hash Algorithm Field 2891 * 2892 * The Hash Algorithm field is an 8-bit unsigned integer that identifies 2893 * the cryptographic hash algorithm used to construct the digest. 2894 * 2895 * Herein, SHA384 ([RFC6234]), with Hash Algorithm value 1, is the only 2896 * standardized Hash Algorithm defined for ZONEMD records that MUST be 2897 * supported by implementations. When SHA384 is used, the size of the 2898 * Digest field is 48 octets. The result of the SHA384 digest algorithm 2899 * MUST NOT be truncated, and the entire 48-octet digest is published in 2900 * the ZONEMD record. 2901 * 2902 * SHA512 ([RFC6234]), with Hash Algorithm value 2, is also defined for 2903 * ZONEMD records and SHOULD be supported by implementations. When 2904 * SHA512 is used, the size of the Digest field is 64 octets. The 2905 * result of the SHA512 digest algorithm MUST NOT be truncated, and the 2906 * entire 64-octet digest is published in the ZONEMD record. 2907 * 2908 * Hash Algorithm values 240-254 are allocated for Private Use. 2909 * 2910 * The "ZONEMD Hash Algorithms" registry is further described in 2911 * Section 5. 2912 * 2913 * 2.2.4. The Digest Field 2914 * 2915 * The Digest field is a variable-length sequence of octets containing 2916 * the output of the hash algorithm. The length of the Digest field is 2917 * determined by deducting the fixed size of the Serial, Scheme, and 2918 * Hash Algorithm fields from the RDATA size in the ZONEMD RR header. 2919 * 2920 * The Digest field MUST NOT be shorter than 12 octets. Digests for the 2921 * SHA384 and SHA512 hash algorithms specified herein are never 2922 * truncated. Digests for future hash algorithms MAY be truncated but 2923 * MUST NOT be truncated to a length that results in less than 96 bits 2924 * (12 octets) of equivalent strength. 2925 * 2926 * Section 3 describes how to calculate the digest for a zone. 2927 * Section 4 describes how to use the digest to verify the contents of a 2928 * zone. 2929 * 2930 */ 2931 2932 ISC_RUN_TEST_IMPL(zonemd) { 2933 text_ok_t text_ok[] = { 2934 TEXT_INVALID(""), 2935 /* No digest scheme or digest type*/ 2936 TEXT_INVALID("0"), 2937 /* No digest type */ 2938 TEXT_INVALID("0 0"), 2939 /* No digest */ 2940 TEXT_INVALID("0 0 0"), 2941 /* No digest */ 2942 TEXT_INVALID("99999999 0 0"), 2943 /* No digest */ 2944 TEXT_INVALID("2019020700 0 0"), 2945 /* Digest too short */ 2946 TEXT_INVALID("2019020700 1 1 DEADBEEF"), 2947 /* Digest too short */ 2948 TEXT_INVALID("2019020700 1 2 DEADBEEF"), 2949 /* Digest too short */ 2950 TEXT_INVALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBE"), 2951 /* Digest type unknown */ 2952 TEXT_VALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBEEF"), 2953 /* Digest type max */ 2954 TEXT_VALID("2019020700 1 255 DEADBEEFDEADBEEFDEADBEEF"), 2955 /* Digest type too big */ 2956 TEXT_INVALID("2019020700 0 256 DEADBEEFDEADBEEFDEADBEEF"), 2957 /* Scheme max */ 2958 TEXT_VALID("2019020700 255 3 DEADBEEFDEADBEEFDEADBEEF"), 2959 /* Scheme too big */ 2960 TEXT_INVALID("2019020700 256 3 DEADBEEFDEADBEEFDEADBEEF"), 2961 /* SHA384 */ 2962 TEXT_VALID("2019020700 1 1 " 2963 "7162D2BB75C047A53DE98767C9192BEB" 2964 "14DB01E7E2267135DAF0230A 19BA4A31" 2965 "6AF6BF64AA5C7BAE24B2992850300509"), 2966 /* SHA512 */ 2967 TEXT_VALID("2019020700 1 2 " 2968 "08CFA1115C7B948C4163A901270395EA" 2969 "226A930CD2CBCF2FA9A5E6EB 85F37C8A" 2970 "4E114D884E66F176EAB121CB02DB7D65" 2971 "2E0CC4827E7A3204 F166B47E5613FD27"), 2972 /* SHA384 too short and with private scheme */ 2973 TEXT_INVALID("2021042801 0 1 " 2974 "7162D2BB75C047A53DE98767C9192BEB" 2975 "6AF6BF64AA5C7BAE24B2992850300509"), 2976 /* SHA512 too short and with private scheme */ 2977 TEXT_INVALID("2021042802 5 2 " 2978 "A897B40072ECAE9E4CA3F1F227DE8F5E" 2979 "480CDEBB16DFC64C1C349A7B5F6C71AB" 2980 "E8A88B76EF0BA1604EC25752E946BF98"), 2981 TEXT_SENTINEL() 2982 }; 2983 wire_ok_t wire_ok[] = { 2984 /* 2985 * Short. 2986 */ 2987 WIRE_INVALID(0x00), 2988 /* 2989 * Short. 2990 */ 2991 WIRE_INVALID(0x00, 0x00), 2992 /* 2993 * Short. 2994 */ 2995 WIRE_INVALID(0x00, 0x00, 0x00), 2996 /* 2997 * Short. 2998 */ 2999 WIRE_INVALID(0x00, 0x00, 0x00, 0x00), 3000 /* 3001 * Short. 3002 */ 3003 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), 3004 /* 3005 * Short. 3006 */ 3007 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), 3008 /* 3009 * Short 11-octet digest. 3010 */ 3011 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 3012 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 3013 0x00), 3014 /* 3015 * Minimal, 12-octet hash for an undefined digest type. 3016 */ 3017 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 3018 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 3019 0x00), 3020 /* 3021 * SHA-384 is defined, so we insist there be a digest of 3022 * the expected length. 3023 */ 3024 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 3025 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 3026 0x00, 0x00), 3027 /* 3028 * 48-octet digest, valid for SHA-384. 3029 */ 3030 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xde, 0xad, 0xbe, 3031 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3032 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3033 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3034 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3035 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 3036 0xce), 3037 /* 3038 * 56-octet digest, too long for SHA-384. 3039 */ 3040 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0xde, 0xad, 3041 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3042 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3043 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3044 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3045 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3046 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3047 0xbe, 0xef, 0xfa, 0xce), 3048 /* 3049 * 56-octet digest, too short for SHA-512 3050 */ 3051 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 3052 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3053 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3054 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3055 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3056 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3057 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3058 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad), 3059 /* 3060 * 64-octet digest, just right for SHA-512 3061 */ 3062 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 0xbe, 3063 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3064 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3065 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3066 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3067 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3068 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3069 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef), 3070 /* 3071 * 72-octet digest, too long for SHA-512 3072 */ 3073 WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 3074 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3075 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3076 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3077 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3078 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3079 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 3080 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 3081 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3082 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), 3083 /* 3084 * 56-octet digest, valid for an undefined digest type. 3085 */ 3086 WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xde, 0xad, 0xbe, 3087 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3088 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3089 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3090 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 3091 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 3092 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), 3093 /* 3094 * Sentinel. 3095 */ 3096 WIRE_SENTINEL() 3097 }; 3098 3099 check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, 3100 dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t)); 3101 } 3102 3103 ISC_RUN_TEST_IMPL(atcname) { 3104 unsigned int i; 3105 3106 #define UNR "# Unexpected result from dns_rdatatype_atcname for type %u\n" 3107 for (i = 0; i < 0xffffU; i++) { 3108 bool tf = dns_rdatatype_atcname((dns_rdatatype_t)i); 3109 switch (i) { 3110 case dns_rdatatype_nsec: 3111 case dns_rdatatype_key: 3112 case dns_rdatatype_rrsig: 3113 if (!tf) { 3114 print_message(UNR, i); 3115 } 3116 assert_true(tf); 3117 break; 3118 default: 3119 if (tf) { 3120 print_message(UNR, i); 3121 } 3122 assert_false(tf); 3123 break; 3124 } 3125 } 3126 #undef UNR 3127 } 3128 3129 ISC_RUN_TEST_IMPL(atparent) { 3130 unsigned int i; 3131 3132 #define UNR "# Unexpected result from dns_rdatatype_atparent for type %u\n" 3133 for (i = 0; i < 0xffffU; i++) { 3134 bool tf = dns_rdatatype_atparent((dns_rdatatype_t)i); 3135 switch (i) { 3136 case dns_rdatatype_ds: 3137 if (!tf) { 3138 print_message(UNR, i); 3139 } 3140 assert_true(tf); 3141 break; 3142 default: 3143 if (tf) { 3144 print_message(UNR, i); 3145 } 3146 assert_false(tf); 3147 break; 3148 } 3149 } 3150 #undef UNR 3151 } 3152 3153 ISC_RUN_TEST_IMPL(iszonecutauth) { 3154 unsigned int i; 3155 #define UNR "# Unexpected result from dns_rdatatype_iszonecutauth for type %u\n" 3156 for (i = 0; i < 0xffffU; i++) { 3157 bool tf = dns_rdatatype_iszonecutauth((dns_rdatatype_t)i); 3158 switch (i) { 3159 case dns_rdatatype_ns: 3160 case dns_rdatatype_ds: 3161 case dns_rdatatype_nsec: 3162 case dns_rdatatype_key: 3163 case dns_rdatatype_rrsig: 3164 if (!tf) { 3165 print_message(UNR, i); 3166 } 3167 assert_true(tf); 3168 break; 3169 default: 3170 if (tf) { 3171 print_message(UNR, i); 3172 } 3173 assert_false(tf); 3174 break; 3175 } 3176 } 3177 #undef UNR 3178 } 3179 3180 ISC_TEST_LIST_START 3181 3182 /* types */ 3183 ISC_TEST_ENTRY(amtrelay) 3184 ISC_TEST_ENTRY(apl) 3185 ISC_TEST_ENTRY(atma) 3186 ISC_TEST_ENTRY(cdnskey) 3187 ISC_TEST_ENTRY(csync) 3188 ISC_TEST_ENTRY(dnskey) 3189 ISC_TEST_ENTRY(doa) 3190 ISC_TEST_ENTRY(ds) 3191 ISC_TEST_ENTRY(eid) 3192 ISC_TEST_ENTRY(hip) 3193 ISC_TEST_ENTRY(https_svcb) 3194 ISC_TEST_ENTRY(isdn) 3195 ISC_TEST_ENTRY(key) 3196 ISC_TEST_ENTRY(loc) 3197 ISC_TEST_ENTRY(nimloc) 3198 ISC_TEST_ENTRY(nsec) 3199 ISC_TEST_ENTRY(nsec3) 3200 ISC_TEST_ENTRY(nxt) 3201 ISC_TEST_ENTRY(rkey) 3202 ISC_TEST_ENTRY(resinfo) 3203 ISC_TEST_ENTRY(sshfp) 3204 ISC_TEST_ENTRY(wallet) 3205 ISC_TEST_ENTRY(wks) 3206 ISC_TEST_ENTRY(zonemd) 3207 3208 /* other tests */ 3209 ISC_TEST_ENTRY(edns_client_subnet) 3210 ISC_TEST_ENTRY(atcname) 3211 ISC_TEST_ENTRY(atparent) 3212 ISC_TEST_ENTRY(iszonecutauth) 3213 ISC_TEST_LIST_END 3214 3215 ISC_TEST_MAIN 3216
Indexes created Mon Mar 02 05:31:46 UTC 2026