From a16e10ad8a3fe2f3386b20d598c7083850303471 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Mon, 19 Jun 2023 14:14:39 +1000
Subject: [PATCH] Test support with legacy HMAC K files with nsupdate

tsig-keygen generates key files that are different to those that
where generated by dnssec-keygen.  Check that nsupdate can still
read those old format files.

(cherry picked from commit e1fb17e72c069534cd08ad187e419005d75bbcf6)
---
 bin/tests/system/nsupdate/clean.sh            |  1 +
 .../ns1/legacy/Klegacy-157.+157+23571.key     |  1 +
 .../ns1/legacy/Klegacy-157.+157+23571.private |  7 +++++
 .../ns1/legacy/Klegacy-161.+161+23350.key     |  1 +
 .../ns1/legacy/Klegacy-161.+161+23350.private |  7 +++++
 .../ns1/legacy/Klegacy-162.+162+00032.key     |  1 +
 .../ns1/legacy/Klegacy-162.+162+00032.private |  7 +++++
 .../ns1/legacy/Klegacy-163.+163+48857.key     |  1 +
 .../ns1/legacy/Klegacy-163.+163+48857.private |  7 +++++
 .../ns1/legacy/Klegacy-164.+164+09001.key     |  1 +
 .../ns1/legacy/Klegacy-164.+164+09001.private |  7 +++++
 .../ns1/legacy/Klegacy-165.+165+61012.key     |  1 +
 .../ns1/legacy/Klegacy-165.+165+61012.private |  7 +++++
 bin/tests/system/nsupdate/ns1/named.conf.in   | 12 ++++++++
 bin/tests/system/nsupdate/setup.sh            | 11 +++++++
 bin/tests/system/nsupdate/tests.sh            | 30 +++++++++++++++++++
 16 files changed, 102 insertions(+)
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key
 create mode 100644 bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private

diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
index 1746ec1474..2302d685c0 100644
--- a/bin/tests/system/nsupdate/clean.sh
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -31,6 +31,7 @@ rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.d
 rm -f ns1/many.test.db
 rm -f ns1/maxjournal.db
 rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
+rm -f ns1/legacy157.key ns1/legacy161.key ns1/legacy162.key ns1/legacy163.key ns1/legacy164.key ns1/legacy165.key
 rm -f ns1/sample.db
 rm -f ns1/sha512.key ns1/ddns.key
 rm -f ns10/_default.tsigkeys
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key
new file mode 100644
index 0000000000..bed002b19d
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key
@@ -0,0 +1 @@
+legacy-157. IN KEY 0 3 157 mGcDSCx/fF121GOVJlITLg==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private
new file mode 100644
index 0000000000..3ce72dd12d
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: mGcDSCx/fF121GOVJlITLg==
+Bits: AAA=
+Created: 20230619042408
+Publish: 20230619042408
+Activate: 20230619042408
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key
new file mode 100644
index 0000000000..cb50883139
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key
@@ -0,0 +1 @@
+legacy-161. IN KEY 0 3 161 N80fGvcr8JifzRUJ62R4rQ==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private
new file mode 100644
index 0000000000..dea2850f66
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 161 (HMAC_SHA1)
+Key: N80fGvcr8JifzRUJ62R4rQ==
+Bits: AAA=
+Created: 20230619042427
+Publish: 20230619042427
+Activate: 20230619042427
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key
new file mode 100644
index 0000000000..126c94f943
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key
@@ -0,0 +1 @@
+legacy-162. IN KEY 0 3 162 nSIKzFAGS7/tvBs8JteI+Q==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private
new file mode 100644
index 0000000000..af78756918
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 162 (HMAC_SHA224)
+Key: nSIKzFAGS7/tvBs8JteI+Q==
+Bits: AAA=
+Created: 20230619042555
+Publish: 20230619042555
+Activate: 20230619042555
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key
new file mode 100644
index 0000000000..6945b1b6cd
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key
@@ -0,0 +1 @@
+legacy-163. IN KEY 0 3 163 CvaupxnDeES3HnlYhTq53w==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private
new file mode 100644
index 0000000000..590ba14623
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 163 (HMAC_SHA256)
+Key: CvaupxnDeES3HnlYhTq53w==
+Bits: AAA=
+Created: 20230619042525
+Publish: 20230619042525
+Activate: 20230619042525
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key
new file mode 100644
index 0000000000..4869618e83
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key
@@ -0,0 +1 @@
+legacy-164. IN KEY 0 3 164 wDldBJwJrYfPoL1Pj4ucOQ==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private
new file mode 100644
index 0000000000..f06f67a731
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 164 (HMAC_SHA384)
+Key: wDldBJwJrYfPoL1Pj4ucOQ==
+Bits: AAA=
+Created: 20230619042615
+Publish: 20230619042615
+Activate: 20230619042615
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key
new file mode 100644
index 0000000000..45a2811ba6
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key
@@ -0,0 +1 @@
+legacy-165. IN KEY 0 3 165 OgZrTcEa8P76hVY+xyN7Wg==
diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private
new file mode 100644
index 0000000000..1635f2aea8
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 165 (HMAC_SHA512)
+Key: OgZrTcEa8P76hVY+xyN7Wg==
+Bits: AAA=
+Created: 20230619042627
+Publish: 20230619042627
+Activate: 20230619042627
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index aa423c2253..2c1899f17a 100644
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -129,6 +129,12 @@ include "sha224.key";
 include "sha256.key";
 include "sha384.key";
 include "sha512.key";
+include "legacy157.key";
+include "legacy161.key";
+include "legacy162.key";
+include "legacy163.key";
+include "legacy164.key";
+include "legacy165.key";
 
 zone "keytests.nil" {
 	type primary;
@@ -140,6 +146,12 @@ zone "keytests.nil" {
 	    grant sha256-key name sha256.keytests.nil. ANY;
 	    grant sha384-key name sha384.keytests.nil. ANY;
 	    grant sha512-key name sha512.keytests.nil. ANY;
+	    grant legacy-157 name 157.keytests.nil. ANY;
+	    grant legacy-161 name 161.keytests.nil. ANY;
+	    grant legacy-162 name 162.keytests.nil. ANY;
+	    grant legacy-163 name 163.keytests.nil. ANY;
+	    grant legacy-164 name 164.keytests.nil. ANY;
+	    grant legacy-165 name 165.keytests.nil. ANY;
 	};
 };
 
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index a4a1a3f8f9..b12c79789e 100644
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -83,6 +83,17 @@ $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
 $TSIGKEYGEN -a hmac-sha384 sha384-key > ns1/sha384.key
 $TSIGKEYGEN -a hmac-sha512 sha512-key > ns1/sha512.key
 
+if $FEATURETEST --md5; then
+	echo 'key "legacy-157" { algorithm "hmac-md5"; secret "mGcDSCx/fF121GOVJlITLg=="; };' > ns1/legacy157.key
+else
+	echo "/* MD5 NOT SUPPORTED */" > ns1/legacy157.key
+fi
+echo 'key "legacy-161" { algorithm "hmac-sha1"; secret "N80fGvcr8JifzRUJ62R4rQ=="; };' > ns1/legacy161.key
+echo 'key "legacy-162" { algorithm "hmac-sha224"; secret "nSIKzFAGS7/tvBs8JteI+Q=="; };' > ns1/legacy162.key
+echo 'key "legacy-163" { algorithm "hmac-sha256"; secret "CvaupxnDeES3HnlYhTq53w=="; };' > ns1/legacy163.key
+echo 'key "legacy-164" { algorithm "hmac-sha384"; secret "wDldBJwJrYfPoL1Pj4ucOQ=="; };' > ns1/legacy164.key
+echo 'key "legacy-165" { algorithm "hmac-sha512"; secret "OgZrTcEa8P76hVY+xyN7Wg=="; };' > ns1/legacy165.key
+
 (cd ns3; $SHELL -e sign.sh)
 
 cp -f ns1/many.test.db.in ns1/many.test.db
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 9b6c774753..81b51926ce 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -840,6 +840,36 @@ fi
 
 n=$((n + 1))
 ret=0
+
+n=$((n + 1))
+ret=0
+echo_i "check TSIG key algorithms using legacy K file pairs (nsupdate -k) ($n)"
+if $FEATURETEST --md5
+then
+	ALGS="157 161 162 163 164 165"
+else
+	ALGS="161 162 163 164 165"
+	echo_i "skipping disabled md5 (157) algorithm"
+fi
+for alg in $ALGS; do
+    $NSUPDATE -k ns1/legacy/Klegacy-${alg}.+${alg}+*.key <<END > /dev/null || ret=1
+server 10.53.0.1 ${PORT}
+update add ${alg}.keytests.nil. 600 A 10.10.10.3
+send
+END
+done
+sleep 2
+for alg in $ALGS; do
+    $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
+done
+if [ $ret -ne 0 ]; then
+    echo_i "failed"
+    status=1
+fi
+
+n=$((n + 1))
+ret=0
+
 echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
 if $FEATURETEST --md5
 then