From a28308f0007e4e15b48116c3980073134c68faa9 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@pemensik-thinkpadp1gen4i.brq.csb>
Date: Tue, 3 Dec 2024 20:38:36 +0100
Subject: [PATCH] WIP: test digests provided by ldns

Related: RHEL-20391
---
 Makefile.in        |  17 +++++-
 configure.ac       |   2 +-
 test/test_digest.c | 140 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 156 insertions(+), 3 deletions(-)
 create mode 100644 test/test_digest.c

diff --git a/Makefile.in b/Makefile.in
index 32b91576..4cadc7b8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -88,7 +88,7 @@ LINTFLAGS       += -D"_RuneLocale=int"
 DEPFLAG		= @DEPFLAG@
 EXEEXT=@EXEEXT@
 
-INSTALL		= $(srcdir)/install-sh
+INSTALL		= install
 
 LIBLOBJS	= $(LIBOBJS:.o=.lo)
 LDNS_LOBJS	= buffer.lo dane.lo dname.lo dnssec.lo dnssec_sign.lo dnssec_verify.lo dnssec_zone.lo duration.lo error.lo higher.lo host2str.lo host2wire.lo keys.lo net.lo packet.lo parse.lo radix.lo rbtree.lo rdata.lo resolver.lo rr.lo rr_functions.lo sha1.lo sha2.lo str2host.lo tsig.lo update.lo util.lo wire2host.lo zone.lo edns.lo
@@ -116,6 +116,8 @@ LDNS_DANE	= examples/ldns-dane
 LDNS_DANE_LOBJS	= examples/ldns-dane.lo
 EX_SSL_PROGS	= examples/ldns-nsec3-hash examples/ldns-revoke examples/ldns-signzone examples/ldns-verify-zone
 EX_SSL_LOBJS	= examples/ldns-nsec3-hash.lo examples/ldns-revoke.lo examples/ldns-signzone.lo examples/ldns-verify-zone.lo
+TEST_DIGEST	= test/test_digest
+TEST_DIGEST_LOBJS = test/test_digest.lo
 
 COMPILE		= $(CC) $(CPPFLAGS) $(CFLAGS)
 COMP_LIB	= $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS)
@@ -148,6 +150,7 @@ setup-builddir:
 	@if test ! -h config.h ; then ln -s ldns/config.h . ; fi
 	@if test ! -h lib ; then ln -s .libs lib ; fi ;
 	@if test ! -d include ; then $(INSTALL) -d include; fi
+	@if test ! -d test ; then mkdir test ; fi
 	@if test ! -h include/ldns ; then ln -s ../ldns include/ldns || echo "include/ldns exists"; fi
 
 # builddir/ is used by 60-compile-builddir
@@ -209,6 +212,10 @@ $(EXAMPLE_PROGS):
 $(TESTNS):
 	$(LINK_EXE) $(TESTNS_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $(TESTNS) $(top_builddir)/libldns.la
 
+# Need LIBSSL_LIBS
+$(TEST_DIGEST): setup-builddir $(TEST_DIGEST_LOBJS)
+	$(LINK_EXE) $(TEST_DIGEST_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $(TEST_DIGEST) $(top_builddir)/libldns.la
+
 # Need LIBSSL_LIBS
 $(LDNS_DPA):
 	$(LINK_EXE) $(LDNS_DPA_LOBJS) $(LIBLOBJS) $(LIB) $(LIBPCAP_LIBS) $(LIBSSL_LIBS) $(LIBS) \
@@ -510,7 +517,10 @@ allclean: test-clean clean
 test-clean:
 	tpkg -b test clean
 
-test: examples drill @TEST_P5_DNS_LDNS@
+test_native: $(TEST_DIGEST)
+	./$(TEST_DIGEST)
+
+test: examples drill @TEST_P5_DNS_LDNS@ test_native
 	./test/test_all.sh
 
 
@@ -1114,6 +1124,8 @@ drill/work.lo drill/work.o: $(srcdir)/drill/work.c $(srcdir)/drill/drill.h ldns/
  $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \
  $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \
  $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h
+test/test_digest.lo test/test_digest.o: $(srcdir)/test/test_digest.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \
+ ldns/common.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h
 examples/ldns-chaos: examples/ldns-chaos.lo examples/ldns-chaos.o $(LIB)
 examples/ldns-compare-zones: examples/ldns-compare-zones.lo examples/ldns-compare-zones.o $(LIB)
 examples/ldnsd: examples/ldnsd.lo examples/ldnsd.o $(LIB)
@@ -1139,3 +1151,4 @@ examples/ldns-revoke: examples/ldns-revoke.lo examples/ldns-revoke.o $(LIB)
 examples/ldns-signzone: examples/ldns-signzone.lo examples/ldns-signzone.o $(LIB)
 examples/ldns-verify-zone: examples/ldns-verify-zone.lo examples/ldns-verify-zone.o $(LIB)
 examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testns.o examples/ldns-testpkts.lo examples/ldns-testpkts.o  $(LIB)
+test/test_digest: test/test_digest.lo $(LIB)
diff --git a/configure.ac b/configure.ac
index 9bf9823f..ac7855ec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,7 +74,7 @@ ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"])
 AC_DEFUN([COPY_FILES],
 [
 for file in $1; do
-	sh $srcdir/install-sh -m 644 $file $2
+	install -m 644 $file $2
 done
 ])
 
diff --git a/test/test_digest.c b/test/test_digest.c
new file mode 100644
index 00000000..03ec27f4
--- /dev/null
+++ b/test/test_digest.c
@@ -0,0 +1,140 @@
+/*
+ * test_digest.c -- Test internal digest function
+ *
+ * Copyright (c) 2024, Red Hat. All rights reserved.
+ * 
+ * This software is open source.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * 
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * 
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <ldns/sha2.h>
+#include <ldns/ldns.h>
+#include <ldns/util.h>
+
+#include "ldns/config.h"
+
+#ifdef HAVE_OPENSSL_EVP_H
+#  include <openssl/evp.h>
+#endif
+
+#if LDNS_REVISION >= 0x10804
+	typedef const unsigned char digest_data_t;
+#else
+	typedef unsigned char digest_data_t;
+#endif
+
+typedef unsigned char * (*ldns_md_f)(digest_data_t *data, unsigned int data_len, unsigned char *digest);
+
+static void print_hex(const unsigned char *digest, unsigned int digest_len)
+{
+	for (size_t i = 0; i < digest_len; i++)
+		printf("%02x", digest[i]);
+
+	printf("\n");
+}
+
+static int test_md(ldns_md_f ldns_md, unsigned int digest_len, const char *md_name, unsigned char *sign_buf, size_t sign_len)
+{
+	unsigned char *digest = NULL;
+#ifdef HAVE_OPENSSL_EVP_H
+	int match = 1;
+	const EVP_MD *md = EVP_get_digestbyname(md_name);
+	unsigned char *digest_o = NULL;
+#endif
+
+	digest = calloc(1, digest_len);
+	digest = ldns_md(sign_buf, sign_len, digest);
+	printf("%-6s: ", md_name);
+	print_hex(digest, digest_len);
+
+#ifdef HAVE_OPENSSL_EVP_H
+	/* recheck output with openssl */
+	digest_o = calloc(1, digest_len);
+	if (!EVP_Digest(sign_buf, sign_len, digest_o, &digest_len, md, NULL))
+		puts("OpenSSL error!");
+	match = memcmp(digest, digest_o, digest_len);
+	if (match == 0)
+		printf("Result %s matches OpenSSL.\n", md_name);
+	else
+		printf("Result %s DIFFERS from OpenSSL: %d\n", md_name, match);
+
+	free(digest);
+	free(digest_o);
+	return match;
+#else
+	/* print only ldns digest, nothing to compare it to. */
+	return 0;
+#endif
+}
+
+int main(void)
+{
+	int match = 0;
+	unsigned char sign_buf[] = { 0x00, 0x06, 0x08, 0x02, 0x00, 0x00, 0x0e, 0x10, \
+				     0x64, 0x8a, 0xfd, 0xa0, 0x64, 0x78, 0x7a, 0x55, \
+				     0xd5, 0xf3, 0x03, 0x70, 0x75, 0x62, 0x02, 0x73, \
+				     0x61, 0x00, 0x03, 0x70, 0x75, 0x62, 0x02, 0x73, \
+				     0x61, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, \
+				     0x0e, 0x10, 0x00, 0x36, 0x02, 0x63, 0x31, 0x03, \
+				     0x64, 0x6e, 0x73, 0x02, 0x73, 0x61, 0x00, 0x0a, \
+				     0x68, 0x6f, 0x73, 0x74, 0x6d, 0x61, 0x73, 0x74, \
+				     0x65, 0x72, 0x03, 0x6e, 0x69, 0x63, 0x03, 0x6e, \
+				     0x65, 0x74, 0x02, 0x73, 0x61, 0x00, 0x78, 0x95, \
+				     0x72, 0x89, 0x00, 0x00, 0x2a, 0x30, 0x00, 0x00, \
+				     0x0e, 0x10, 0x00, 0x36, 0xee, 0x80, 0x00, 0x00, \
+				     0x0e, 0x10 };
+
+	/* If you want to see sign_buf contents, uncomment this */
+	if (getenv("DEBUG")) {
+	   printf("    sign_buf len: %zd\nsign_buf content: ", sizeof(sign_buf));
+	   for (size_t i=0; i < sizeof(sign_buf); i++) {
+	     if (sign_buf[i] > 31 && sign_buf[i] < 127) {
+	       printf("%c", sign_buf[i]);
+	     } else {
+	       printf("\\%o", sign_buf[i]);
+	     }
+	   }
+	   printf("\n   digests: ");
+	}
+	match += (test_md(&ldns_sha1,   LDNS_SHA1_DIGEST_LENGTH,   "sha1",   sign_buf, sizeof(sign_buf)) != 0);
+	match += (test_md(&ldns_sha256, LDNS_SHA256_DIGEST_LENGTH, "sha256", sign_buf, sizeof(sign_buf)) != 0);
+	match += (test_md(&ldns_sha384, LDNS_SHA384_DIGEST_LENGTH, "sha384", sign_buf, sizeof(sign_buf)) != 0);
+	match += (test_md(&ldns_sha512, LDNS_SHA512_DIGEST_LENGTH, "sha512", sign_buf, sizeof(sign_buf)) != 0);
+
+	return (abs(match));
+}