mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-28 04:34:54 -04:00
Convert the system tests that were using DSA to use a default algorithm defined in conf.sh
This commit is contained in:
Ondřej Surý
parent
3994b1f9c2
commit
09fd5c442b
17 changed files with 136 additions and 100 deletions
|
|
@ -20,6 +20,11 @@ TOP=${SYSTEMTESTTOP:=.}/../../..
|
|||
# Make it absolute so that it continues to work after we cd.
|
||||
TOP=`cd $TOP && pwd`
|
||||
|
||||
# Default algorithm for testing
|
||||
DEFAULT_ALGORITHM=ECDSAP256SHA256
|
||||
DEFAULT_ALGORITHM_NUMBER=13
|
||||
DEFAULT_BITS=256
|
||||
|
||||
ARPANAME=$TOP/bin/tools/arpaname
|
||||
CDS=$TOP/bin/dnssec/dnssec-cds
|
||||
CHECKCONF=$TOP/bin/check/named-checkconf
|
||||
|
|
@ -378,7 +383,11 @@ copy_setports() {
|
|||
-e "s/@EXTRAPORT6@/${EXTRAPORT6}/g" \
|
||||
-e "s/@EXTRAPORT7@/${EXTRAPORT7}/g" \
|
||||
-e "s/@EXTRAPORT8@/${EXTRAPORT8}/g" \
|
||||
-e "s/@CONTROLPORT@/${CONTROLPORT}/g" $1 > $2
|
||||
-e "s/@CONTROLPORT@/${CONTROLPORT}/g" \
|
||||
-e "s/@DEFAULT_ALGORITHM@/${DEFAULT_ALGORITHM}/g" \
|
||||
-e "s/@DEFAULT_ALGORITHM_NUMBER@/${DEFAULT_ALGORITHM_NUMBER}/g" \
|
||||
-e "s/@DEFAULT_BITS@/${DEFAULT_BITS}/g" \
|
||||
$1 > $2
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -26,6 +26,11 @@ TOP=`cd $TOP && pwd`
|
|||
# Visual Studio build configurations are Release and Debug
|
||||
VSCONF=Debug
|
||||
|
||||
# Default algorithm for testing
|
||||
DEFAULT_ALGORITHM=ECDSAP256SHA256
|
||||
DEFAULT_ALGORITHM_NUMBER=13
|
||||
DEFAULT_BITS=256
|
||||
|
||||
ARPANAME=$TOP/Build/$VSCONF/arpaname@EXEEXT@
|
||||
CHECKCONF=$TOP/Build/$VSCONF/named-checkconf@EXEEXT@
|
||||
CHECKDS="$PYTHON `cygpath -w $TOP/bin/python/dnssec-checkds.py`"
|
||||
|
|
@ -361,7 +366,11 @@ copy_setports() {
|
|||
-e "s/${atsign}EXTRAPORT6${atsign}/${EXTRAPORT6}/g" \
|
||||
-e "s/${atsign}EXTRAPORT7${atsign}/${EXTRAPORT7}/g" \
|
||||
-e "s/${atsign}EXTRAPORT8${atsign}/${EXTRAPORT8}/g" \
|
||||
-e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" $1 > $2
|
||||
-e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" \
|
||||
-e "s/${atsign}DEFAULT_ALGORITM${atsign}/${DEFAULT_ALGORITHM}/g" \
|
||||
-e "s/${atsign}DEFAULT_ALGORITHM_NUMBER${atsign}/${DEFAULT_ALGORITHM_NUMBER}/g" \
|
||||
-e "s/${atsign}DEFAULT_BITS${atsign}/${DEFAULT_BITS}/g" \
|
||||
$1 > $2
|
||||
}
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ infile=root.db.in
|
|||
zonefile=root.db
|
||||
outfile=root.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -24,8 +24,8 @@ zonefile=druz.db
|
|||
outfile=druz.pre
|
||||
dlvzone=utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -26,8 +26,8 @@ zonefile=child1.utld.db
|
|||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -42,8 +42,8 @@ zonefile=child3.utld.db
|
|||
outfile=child3.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -58,8 +58,8 @@ zonefile=child4.utld.db
|
|||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -73,8 +73,8 @@ zonefile=child5.utld.db
|
|||
outfile=child5.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -88,8 +88,8 @@ infile=child.db.in
|
|||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -103,8 +103,8 @@ infile=child.db.in
|
|||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -118,8 +118,8 @@ zonefile=child9.utld.db
|
|||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -132,8 +132,8 @@ zonefile=child10.utld.db
|
|||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -147,8 +147,8 @@ outfile=child1.druz.signed
|
|||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -164,8 +164,8 @@ outfile=child3.druz.signed
|
|||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -181,8 +181,8 @@ outfile=child4.druz.signed
|
|||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -197,8 +197,8 @@ outfile=child5.druz.signed
|
|||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -213,8 +213,8 @@ zonefile=child7.druz.db
|
|||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
|
@ -228,8 +228,8 @@ infile=child.db.in
|
|||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -243,8 +243,8 @@ zonefile=child9.druz.db
|
|||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -258,8 +258,8 @@ outfile=child10.druz.signed
|
|||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -272,8 +272,8 @@ infile=dlv.db.in
|
|||
zonefile=dlv.utld.db
|
||||
outfile=dlv.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ infile=child.db.in
|
|||
zonefile=grand.child1.utld.db
|
||||
outfile=grand.child1.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -36,8 +36,8 @@ zonefile=grand.child3.utld.db
|
|||
outfile=grand.child3.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -51,8 +51,8 @@ zonefile=grand.child4.utld.db
|
|||
outfile=grand.child4.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -66,8 +66,8 @@ zonefile=grand.child5.utld.db
|
|||
outfile=grand.child5.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -81,8 +81,8 @@ zonefile=grand.child7.utld.db
|
|||
outfile=grand.child7.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -96,8 +96,8 @@ zonefile=grand.child8.utld.db
|
|||
outfile=grand.child8.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -111,8 +111,8 @@ zonefile=grand.child9.utld.db
|
|||
outfile=grand.child9.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -125,8 +125,8 @@ zonefile=grand.child10.utld.db
|
|||
outfile=grand.child10.signed
|
||||
dlvzone=dlv.utld.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -138,8 +138,8 @@ infile=child.db.in
|
|||
zonefile=grand.child1.druz.db
|
||||
outfile=grand.child1.druz.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -153,8 +153,8 @@ zonefile=grand.child3.druz.db
|
|||
outfile=grand.child3.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -168,8 +168,8 @@ zonefile=grand.child4.druz.db
|
|||
outfile=grand.child4.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -183,8 +183,8 @@ zonefile=grand.child5.druz.db
|
|||
outfile=grand.child5.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -198,8 +198,8 @@ zonefile=grand.child7.druz.db
|
|||
outfile=grand.child7.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -213,8 +213,8 @@ zonefile=grand.child8.druz.db
|
|||
outfile=grand.child8.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -228,8 +228,8 @@ zonefile=grand.child9.druz.db
|
|||
outfile=grand.child9.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -242,8 +242,8 @@ zonefile=grand.child10.druz.db
|
|||
outfile=grand.child10.druz.signed
|
||||
dlvzone=dlv.druz.
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ do
|
|||
cp ../ns3/dsset-$subdomain.example$TP .
|
||||
done
|
||||
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
@ -89,8 +89,8 @@ zone=in-addr.arpa.
|
|||
infile=in-addr.arpa.db.in
|
||||
zonefile=in-addr.arpa.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
|
@ -127,8 +127,8 @@ zone=badparam.
|
|||
infile=badparam.db.in
|
||||
zonefile=badparam.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ options {
|
|||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
notify yes;
|
||||
disable-algorithms . { DSA; };
|
||||
disable-algorithms . { @DEFAULT_ALGORITHM@; };
|
||||
dnssec-enable yes;
|
||||
dnssec-validation yes;
|
||||
dnssec-lookaside . trust-anchor dlv;
|
||||
|
|
|
|||
|
|
@ -147,10 +147,10 @@ status=`expr $status + $ret`
|
|||
|
||||
if [ -x ${DELV} ] ; then
|
||||
ret=0
|
||||
echo_i "checking postive validation NSEC using dns_client ($n)"
|
||||
echo_i "checking positive validation NSEC using dns_client ($n)"
|
||||
$DELV $DELVOPTS @10.53.0.4 a a.example > delv.out$n || ret=1
|
||||
grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1
|
||||
grep "a.example..*.RRSIG.A 3 2 300 .*" delv.out$n > /dev/null || ret=1
|
||||
grep "a.example..*.RRSIG.A $DEFAULT_ALGORITHM_NUMBER 2 300 .*" delv.out$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
|
@ -222,7 +222,7 @@ if [ -x ${DELV} ] ; then
|
|||
echo_i "checking positive wildcard validation NSEC using dns_client ($n)"
|
||||
$DELV $DELVOPTS @10.53.0.4 a a.wild.example > delv.out$n || ret=1
|
||||
grep "a.wild.example..*10.0.0.27" delv.out$n > /dev/null || ret=1
|
||||
grep "a.wild.example..*RRSIG.A 3 2 300.*" delv.out$n > /dev/null || ret=1
|
||||
grep -E "a.wild.example..*RRSIG.A [0-9]+ 2 300.*" delv.out$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
|
@ -1190,7 +1190,7 @@ n=`expr $n + 1`
|
|||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo_i "checking that lookups succeed after disabling a algorithm works ($n)"
|
||||
echo_i "checking that lookups succeed after disabling an algorithm ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS +noauth example. SOA @10.53.0.2 \
|
||||
> dig.out.ns2.test$n || ret=1
|
||||
|
|
@ -2997,11 +2997,11 @@ echo_i "check dig's +nocrypto flag ($n)"
|
|||
ret=0
|
||||
$DIG $DIGOPTS +norec +nocrypto DNSKEY . \
|
||||
@10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1
|
||||
grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
grep -E '256 [0-9]+ 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
grep -E 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1
|
||||
$DIG $DIGOPTS +norec +nocrypto DS example \
|
||||
@10.53.0.1 > dig.out.ds.ns1.test$n || ret=1
|
||||
grep 'DS.* 3 [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1
|
||||
grep -E 'DS.* [0-9]+ [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ infile=signed.db.in
|
|||
zonefile=signed.db.signed
|
||||
outfile=signed.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ infile=signed.db.in
|
|||
zonefile=signed.db.signed
|
||||
outfile=signed.db.signed
|
||||
|
||||
keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null`
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -134,12 +134,12 @@ algorithm policy RSASHA1:
|
|||
zsk_standby None
|
||||
keyttl None
|
||||
|
||||
algorithm policy DSA:
|
||||
algorithm policy RSASHA256:
|
||||
inherits None
|
||||
directory None
|
||||
algorithm DSA
|
||||
algorithm RSASHA256
|
||||
coverage None
|
||||
ksk_keysize 1024
|
||||
ksk_keysize 2048
|
||||
zsk_keysize 2048
|
||||
ksk_rollperiod None
|
||||
zsk_rollperiod None
|
||||
|
|
@ -151,6 +151,23 @@ algorithm policy DSA:
|
|||
zsk_standby None
|
||||
keyttl None
|
||||
|
||||
algorithm policy ECDSAP256SHA256:
|
||||
inherits None
|
||||
directory None
|
||||
algorithm ECDSAP256SHA256
|
||||
coverage None
|
||||
ksk_keysize None
|
||||
zsk_keysize None
|
||||
ksk_rollperiod None
|
||||
zsk_rollperiod None
|
||||
ksk_prepublish None
|
||||
ksk_postpublish None
|
||||
zsk_prepublish None
|
||||
zsk_postpublish None
|
||||
ksk_standby None
|
||||
zsk_standby None
|
||||
keyttl None
|
||||
|
||||
policy extra:
|
||||
inherits default
|
||||
directory None
|
||||
|
|
|
|||
|
|
@ -31,7 +31,8 @@ if len(sys.argv) > 0:
|
|||
|
||||
# print algorithm policies
|
||||
print(pp.alg_policy['RSASHA1'])
|
||||
print(pp.alg_policy['DSA'])
|
||||
print(pp.alg_policy['RSASHA256'])
|
||||
print(pp.alg_policy['ECDSAP256SHA256'])
|
||||
|
||||
# print another named policy
|
||||
print(pp.named_policy['extra'])
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ zone=example.
|
|||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ zone=example.
|
|||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone`
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ SYSTEMTESTTOP=${SYSTEMTESTTOP:=..}
|
|||
prog=$0
|
||||
|
||||
args=""
|
||||
alg="-a RSAMD5 -b 1024"
|
||||
alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
|
||||
quiet=0
|
||||
|
||||
msg1="cryptography"
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@ $SHELL clean.sh
|
|||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
key=`$KEYGEN -Cq -K ns1 -a DSA -b 512 -n HOST -T KEY key.example.nil.`
|
||||
key=`$KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.`
|
||||
cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
|
||||
|
|
|
|||
Loading…
Reference in a new issue