DNSSEC: add unit tests for basic NSEC3 functions

refs #4

Knot.files

@@ -241,6 +241,8 @@ src/tests/libknot/dname_tests.c
 src/tests/libknot/dname_tests.h
 src/tests/libknot/dnssec_keys_tests.c
 src/tests/libknot/dnssec_keys_tests.h
+src/tests/libknot/dnssec_nsec3_tests.c
+src/tests/libknot/dnssec_nsec3_tests.h
 src/tests/libknot/dnssec_sign_tests.c
 src/tests/libknot/dnssec_sign_tests.h
 src/tests/libknot/rrset_tests.c

src/tests/Makefile.am

@@ -56,6 +56,8 @@ unittests_SOURCES =			\
 	libknot/rrset_tests.h		\
 	libknot/dnssec_keys_tests.c	\
 	libknot/dnssec_keys_tests.h	\
+	libknot/dnssec_nsec3_tests.c	\
+	libknot/dnssec_nsec3_tests.h	\
 	libknot/dnssec_sign_tests.c	\
 	libknot/dnssec_sign_tests.h	\
 	unittests_main.c

src/tests/libknot/dnssec_nsec3_tests.c

+/*  Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+#include <string.h>
+
+#include "tests/libknot/dnssec_nsec3_tests.h"
+
+#include "common/descriptor.h"
+#include "common/errcode.h"
+#include "libknot/dname.h"
+#include "libknot/dnssec/algorithm.h"
+#include "libknot/dnssec/nsec3.h"
+#include "libknot/rrset.h"
+
+static int dnssec_nsec3_tests_count(int argc, char *argv[]);
+static int dnssec_nsec3_tests_run(int argc, char *argv[]);
+
+unit_api dnssec_nsec3_tests_api = {
+	"libknot/dnssec/nsec3",
+	&dnssec_nsec3_tests_count,
+	&dnssec_nsec3_tests_run
+};
+
+static int dnssec_nsec3_tests_count(int argc, char *argv[])
+{
+	return 10;
+}
+
+static int dnssec_nsec3_tests_run(int argc, char *argv[])
+{
+	int result = KNOT_EOK;
+
+	// lengths of different hashes
+
+	ok(knot_nsec3_hash_length(1) == 20,
+	   "raw hash length for SHA1");
+	ok(knot_nsec3_hash_length(42) == 0,
+	   "raw hash length for unknown algorithm");
+	ok(knot_nsec3_hash_b32_length(1) == 32,
+	   "B32 hash length for SHA1");
+	ok(knot_nsec3_hash_b32_length(42) == 0,
+	   "B32 hash length for unknown algorithm");
+
+	//  parsing NSEC3PARAMs from wire
+
+	knot_nsec3_params_t params = { 0 };
+	knot_rrset_t *rrset = NULL;
+	uint8_t rdata[] = {
+		0x01,                  // hash algorithm
+		0x00,                  // flags
+		0x00, 0x0a,            // iterations
+		0x04,                  // salt length
+		'a', 'b', 'c', 'd'     // salt
+	};
+
+	rrset = knot_rrset_new(NULL, KNOT_RRTYPE_NSEC3PARAM, KNOT_CLASS_IN, 0);
+	result = knot_rrset_add_rdata(rrset, rdata, sizeof(rdata));
+	if (result == KNOT_EOK); {
+		result = knot_nsec3_params_from_wire(&params, rrset);
+	}
+
+	ok(params.algorithm == 1, "parse algorithm from wire");
+	ok(params.flags == 0, "parse flags from wire");
+	ok(params.iterations == 10, "parse iterations from wire");
+	ok(params.salt_length == 4, "parse salt length from wire");
+	ok(memcmp(params.salt, "abcd", 4) == 0, "parse salt from wire");
+
+	knot_rrset_deep_free(&rrset, 1);
+	knot_nsec3_params_free(&params);
+
+	// hash computation
+
+	params.algorithm = 1;
+	params.flags = 0;
+	params.iterations = 7;
+	params.salt_length = 14;
+	params.salt = (uint8_t *)strdup("happywithnsec3");
+
+	const char *dname_str = "knot-dns.cz.";
+	knot_dname_t *dname = knot_dname_from_str(dname_str, strlen(dname_str));
+
+	size_t digest_size = 0;
+	uint8_t *digest = NULL;
+	result = knot_nsec3_hash(&params, dname, knot_dname_size(dname),
+	                         &digest, &digest_size);
+
+	uint8_t expected[] = {
+		0x72, 0x40, 0x55, 0x83, 0x92, 0x93, 0x95, 0x28, 0xee, 0xa2,
+		0xcc, 0xe1, 0x13, 0xbe, 0xcd, 0x41, 0xee, 0x8a, 0x71, 0xfd
+	};
+
+	ok(result == KNOT_EOK && digest_size == sizeof(expected) &&
+	   memcmp(digest, expected, sizeof(expected)) == 0, "compute hash");
+
+	free(digest);
+	free(params.salt);
+	knot_dname_free(&dname);
+
+	return 0;
+}

src/tests/libknot/dnssec_nsec3_tests.h

+/*  Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _KNOTD_DNSSEC_NSEC3_TESTS_
+#define _KNOTD_DNSSEC_NSEC3_TESTS_
+
+#include "common/libtap/tap_unit.h"
+
+unit_api dnssec_nsec3_tests_api;
+
+#endif

src/tests/unittests_main.c

@@ -36,6 +36,7 @@
 #include "tests/libknot/dname_tests.h"
 #include "tests/libknot/ztree_tests.h"
 #include "tests/libknot/dnssec_keys_tests.h"
+#include "tests/libknot/dnssec_nsec3_tests.h"
 #include "tests/libknot/dnssec_sign_tests.h"
 #include "tests/libknot/rrset_tests.h"
 
@@ -71,8 +72,9 @@ int main(int argc, char *argv[])
 	        &wire_tests_api,
 	        &dname_tests_api,
 	        &ztree_tests_api,
-	        &dnssec_keys_tests_api,	//! Key manipulation.
-	        &dnssec_sign_tests_api,	//! DNSSEC signing/verification.
+	        &dnssec_keys_tests_api,  //! DNSSEC key manipulation.
+	        &dnssec_nsec3_tests_api, //! DNSSEC NSEC3 operations.
+	        &dnssec_sign_tests_api,  //! DNSSEC signing/verification.
 //	        &rrset_tests_api,
 
 	        NULL