From 441f04f147fb42c2d805477ff6977bca304c1177 Mon Sep 17 00:00:00 2001
From: Ali Mohammad Pur <ali.mpfard@gmail.com>
Date: Thu, 27 Feb 2025 00:01:26 +0100
Subject: [PATCH] wip

---
 Libraries/LibDNS/Message.cpp | 6 ++++++
 Libraries/LibDNS/Resolver.h  | 9 ++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/Libraries/LibDNS/Message.cpp b/Libraries/LibDNS/Message.cpp
index 0b024694e47..62117851d49 100644
--- a/Libraries/LibDNS/Message.cpp
+++ b/Libraries/LibDNS/Message.cpp
@@ -703,6 +703,9 @@ ErrorOr<void> DomainName::to_raw(ByteBuffer& out) const
 
 String DomainName::to_string() const
 {
+    if (labels.is_empty())
+        return "."_string;
+
     StringBuilder builder;
     for (size_t i = 0; i < labels.size(); ++i) {
         builder.append(labels[i]);
@@ -714,6 +717,9 @@ String DomainName::to_string() const
 
 String DomainName::to_canonical_string() const
 {
+    if (labels.is_empty())
+        return "."_string;
+
     StringBuilder builder;
     for (size_t i = 0; i < labels.size(); ++i) {
         auto& label = labels[i];
diff --git a/Libraries/LibDNS/Resolver.h b/Libraries/LibDNS/Resolver.h
index c5911d63ae6..4b1eb1337a6 100644
--- a/Libraries/LibDNS/Resolver.h
+++ b/Libraries/LibDNS/Resolver.h
@@ -20,10 +20,9 @@
 #include <LibCore/Socket.h>
 #include <LibCore/Timer.h>
 #include <LibCrypto/Certificate/Certificate.h>
-#include <LibCrypto/Curves/Ed25519.h>
+#include <LibCrypto/Curves/EdwardsCurve.h>
 #include <LibCrypto/PK/RSA.h>
 #include <LibDNS/Message.h>
-#include <LibThreading/MutexProtected.h>
 #include <LibThreading/RWLockProtected.h>
 
 #undef DNS_DEBUG
@@ -619,7 +618,7 @@ private:
             result->set_being_dnssec_validated(true);
 
             Vector<Messages::Records::DNSKEY> parent_zone_keys;
-            auto is_root_zone = lookup.parsed_name.labels.size() == 1;
+            auto is_root_zone = lookup.parsed_name.labels.size() == 0;
 
             if (!is_root_zone) {
                 auto parent_result = this->lookup(lookup.parsed_name.parent().to_string().to_byte_string(), Messages::Class::IN, { Messages::ResourceType::DNSKEY }, { .validate_dnssec_locally = true })
@@ -924,7 +923,7 @@ private:
             auto const prefix = rsa_prefix_for(Crypto::Hash::HashKind::SHA256);
             auto n = Crypto::UnsignedBigInteger::import_data(dnskey.public_key_rsa_modulus());
             auto e = Crypto::UnsignedBigInteger::import_data(dnskey.public_key_rsa_exponent());
-            Crypto::PK::RSA_PKCS1_EMSA rsa { Crypto::Hash::HashKind::SHA256, Crypto::PK::RSAPublicKey { move(n), move(e) } };
+            Crypto::PK::RSA_PSS_EMSA rsa { Crypto::Hash::HashKind::SHA256, Crypto::PK::RSAPublicKey { move(n), move(e) } };
             auto digest = Crypto::Hash::SHA256::hash(to_be_signed);
             ByteBuffer prefixed_digest;
             TRY_OR_REJECT_PROMISE(promise, prefixed_digest.try_ensure_capacity(prefix.size() + digest.data_length()));
@@ -939,7 +938,7 @@ private:
         }
         case Messages::DNSSEC::Algorithm::ED25519: {
             Crypto::Curves::Ed25519 ed25519;
-            if (!ed25519.verify(dnskey.public_key.bytes(), rrsig.signature.bytes(), to_be_signed.bytes())) {
+            if (!TRY_OR_REJECT_PROMISE(promise, ed25519.verify(dnskey.public_key.bytes(), rrsig.signature.bytes(), to_be_signed.bytes()))) {
                 promise->reject(Error::from_string_literal("ED25519 signature validation failed"));
                 return promise;
             }