From 65cdbd2a339bd1317e7bedb3b65cca5359dc2c34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Fern=C3=A1ndez=20L=C3=B3pez?= Date: Mon, 26 Dec 2022 12:18:15 +0100 Subject: [PATCH] Increase test coverage --- src/name/ip_address.rs | 258 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 257 insertions(+), 1 deletion(-) diff --git a/src/name/ip_address.rs b/src/name/ip_address.rs index 59499a6a..6180c335 100644 --- a/src/name/ip_address.rs +++ b/src/name/ip_address.rs @@ -508,10 +508,11 @@ mod tests { const IPV6_ADDRESSES_VALIDITY: &[(&[u8], bool)] = &[ // Valid IPv6 addresses (b"2a05:d018:076c:b685:e8ab:afd3:af51:3aed", true), + (b"2A05:D018:076C:B685:E8AB:AFD3:AF51:3AED", true), (b"ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true), + (b"FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF", true), (b"FFFF:ffff:ffff:ffff:ffff:ffff:ffff:ffff", true), // both case hex allowed // Invalid IPv6 addresses - // Missing octets on uncompressed addresses. The unmatching letter has the violation (b"aaa:ffff:ffff:ffff:ffff:ffff:ffff:ffff", false), (b"ffff:aaa:ffff:ffff:ffff:ffff:ffff:ffff", false), @@ -720,6 +721,261 @@ mod tests { ) } } + + #[test] + fn presented_id_matches_constraint_ipv4_test() { + let names_and_constraints = vec![ + ( + // 192.0.2.0 matches constraint 192.0.2.0/24 + [0xC0, 0x00, 0x02, 0x00], + [0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00], + Ok(true), + ), + ( + // 192.0.2.1 matches constraint 192.0.2.0/24 + [0xC0, 0x00, 0x02, 0x01], + [0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00], + Ok(true), + ), + ( + // 192.0.2.255 matches constraint 192.0.2.0/24 + [0xC0, 0x00, 0x02, 0xFF], + [0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00], + Ok(true), + ), + ( + // 192.0.1.255 does not match constraint 192.0.2.0/24 + [0xC0, 0x00, 0x01, 0xFF], + [0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00], + Ok(false), + ), + ( + // 192.0.3.0 does not match constraint 192.0.2.0/24 + [0xC0, 0x00, 0x03, 0x00], + [0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00], + Ok(false), + ), + ]; + for (name, constraint, match_result) in names_and_constraints { + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&name), + untrusted::Input::from(&constraint), + ), + match_result + ) + } + + // Invalid name length (shorter) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[0xC0, 0x00, 0x02]), + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00]), + ), + Err(Error::BadDER), + ); + + // Invalid name length (longer) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0x00]), + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (shorter) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00]), + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (longer) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00]), + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (IPv6 constraint for IPv4 address) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00]), + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ]), + ), + Ok(false), + ); + } + + #[test] + fn presented_id_matches_constraint_ipv6_test() { + let names_and_constraints = vec![ + ( + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000 matches constraint + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000/64 + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ], + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + Ok(true), + ), + ( + // 2001:0DB8:ABCD:0012:0000:0000:0000:0001 matches constraint + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000/64 + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x01, + ], + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + Ok(true), + ), + ( + // 2001:0DB8:ABCD:0012:FFFF:FFFF:FFFF:FFFF matches constraint + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000/64 + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, + ], + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + Ok(true), + ), + ( + // 2001:0DB8:ABCD:0011:0000:0000:0000:0000 does not match constraint + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000/64 + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ], + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + Ok(false), + ), + ( + // 2001:0DB8:ABCD:0013:0000:0000:0000:0000 does not match constraint + // 2001:0DB8:ABCD:0012:0000:0000:0000:0000/64 + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ], + [ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + Ok(false), + ), + ]; + for (name, constraint, match_result) in names_and_constraints { + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&name), + untrusted::Input::from(&constraint), + ), + match_result + ) + } + + // Invalid name length (shorter) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00 + ]), + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ]), + ), + Err(Error::BadDER), + ); + + // Invalid name length (longer) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 + ]), + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (shorter) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ]), + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00 + ]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (longer) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ]), + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + ]), + ), + Err(Error::BadDER), + ); + + // Unmatching constraint size (IPv4 constraint for IPv6 address) + assert_eq!( + presented_id_matches_constraint( + untrusted::Input::from(&[ + 0x20, 0x01, 0x0D, 0xB8, 0xAB, 0xCD, 0x00, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, + ]), + untrusted::Input::from(&[0xC0, 0x00, 0x02, 0x00, 0xFF, 0xFF, 0xFF, 0x00]), + ), + Ok(false), + ); + } } #[cfg(all(test, feature = "alloc"))]