diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index a440a31a76..717bef14b8 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -20,6 +20,11 @@ TOP=${SYSTEMTESTTOP:=.}/../../.. # Make it absolute so that it continues to work after we cd. TOP=`cd $TOP && pwd` +# Default algorithm for testing +DEFAULT_ALGORITHM=ECDSAP256SHA256 +DEFAULT_ALGORITHM_NUMBER=13 +DEFAULT_BITS=256 + ARPANAME=$TOP/bin/tools/arpaname CDS=$TOP/bin/dnssec/dnssec-cds CHECKCONF=$TOP/bin/check/named-checkconf @@ -378,7 +383,11 @@ copy_setports() { -e "s/@EXTRAPORT6@/${EXTRAPORT6}/g" \ -e "s/@EXTRAPORT7@/${EXTRAPORT7}/g" \ -e "s/@EXTRAPORT8@/${EXTRAPORT8}/g" \ - -e "s/@CONTROLPORT@/${CONTROLPORT}/g" $1 > $2 + -e "s/@CONTROLPORT@/${CONTROLPORT}/g" \ + -e "s/@DEFAULT_ALGORITHM@/${DEFAULT_ALGORITHM}/g" \ + -e "s/@DEFAULT_ALGORITHM_NUMBER@/${DEFAULT_ALGORITHM_NUMBER}/g" \ + -e "s/@DEFAULT_BITS@/${DEFAULT_BITS}/g" \ + $1 > $2 } # diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32 index da89e167c2..4adaff0bc6 100644 --- a/bin/tests/system/conf.sh.win32 +++ b/bin/tests/system/conf.sh.win32 @@ -26,6 +26,11 @@ TOP=`cd $TOP && pwd` # Visual Studio build configurations are Release and Debug VSCONF=Debug +# Default algorithm for testing +DEFAULT_ALGORITHM=ECDSAP256SHA256 +DEFAULT_ALGORITHM_NUMBER=13 +DEFAULT_BITS=256 + ARPANAME=$TOP/Build/$VSCONF/arpaname@EXEEXT@ CHECKCONF=$TOP/Build/$VSCONF/named-checkconf@EXEEXT@ CHECKDS="$PYTHON `cygpath -w $TOP/bin/python/dnssec-checkds.py`" @@ -361,7 +366,11 @@ copy_setports() { -e "s/${atsign}EXTRAPORT6${atsign}/${EXTRAPORT6}/g" \ -e "s/${atsign}EXTRAPORT7${atsign}/${EXTRAPORT7}/g" \ -e "s/${atsign}EXTRAPORT8${atsign}/${EXTRAPORT8}/g" \ - -e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" $1 > $2 + -e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" \ + -e "s/${atsign}DEFAULT_ALGORITM${atsign}/${DEFAULT_ALGORITHM}/g" \ + -e "s/${atsign}DEFAULT_ALGORITHM_NUMBER${atsign}/${DEFAULT_ALGORITHM_NUMBER}/g" \ + -e "s/${atsign}DEFAULT_BITS${atsign}/${DEFAULT_BITS}/g" \ + $1 > $2 } # diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index d1404b78b8..d1bf35bb77 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -23,8 +23,8 @@ infile=root.db.in zonefile=root.db outfile=root.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dlv/ns2/sign.sh b/bin/tests/system/dlv/ns2/sign.sh index d7b82e1377..5c34418895 100755 --- a/bin/tests/system/dlv/ns2/sign.sh +++ b/bin/tests/system/dlv/ns2/sign.sh @@ -24,8 +24,8 @@ zonefile=druz.db outfile=druz.pre dlvzone=utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index a85f7860f7..fa51ae1daf 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -26,8 +26,8 @@ zonefile=child1.utld.db outfile=child1.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -42,8 +42,8 @@ zonefile=child3.utld.db outfile=child3.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -58,8 +58,8 @@ zonefile=child4.utld.db outfile=child4.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -73,8 +73,8 @@ zonefile=child5.utld.db outfile=child5.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -88,8 +88,8 @@ infile=child.db.in zonefile=child7.utld.db outfile=child7.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -103,8 +103,8 @@ infile=child.db.in zonefile=child8.utld.db outfile=child8.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -118,8 +118,8 @@ zonefile=child9.utld.db outfile=child9.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -132,8 +132,8 @@ zonefile=child10.utld.db outfile=child10.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -147,8 +147,8 @@ outfile=child1.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -164,8 +164,8 @@ outfile=child3.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -181,8 +181,8 @@ outfile=child4.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -197,8 +197,8 @@ outfile=child5.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -213,8 +213,8 @@ zonefile=child7.druz.db outfile=child7.druz.signed dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile @@ -228,8 +228,8 @@ infile=child.db.in zonefile=child8.druz.db outfile=child8.druz.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -243,8 +243,8 @@ zonefile=child9.druz.db outfile=child9.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -258,8 +258,8 @@ outfile=child10.druz.signed dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP" -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -272,8 +272,8 @@ infile=dlv.db.in zonefile=dlv.utld.db outfile=dlv.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dlv/ns6/sign.sh b/bin/tests/system/dlv/ns6/sign.sh index cc5b2911ca..65f5f5d42b 100755 --- a/bin/tests/system/dlv/ns6/sign.sh +++ b/bin/tests/system/dlv/ns6/sign.sh @@ -21,8 +21,8 @@ infile=child.db.in zonefile=grand.child1.utld.db outfile=grand.child1.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -36,8 +36,8 @@ zonefile=grand.child3.utld.db outfile=grand.child3.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -51,8 +51,8 @@ zonefile=grand.child4.utld.db outfile=grand.child4.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -66,8 +66,8 @@ zonefile=grand.child5.utld.db outfile=grand.child5.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -81,8 +81,8 @@ zonefile=grand.child7.utld.db outfile=grand.child7.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -96,8 +96,8 @@ zonefile=grand.child8.utld.db outfile=grand.child8.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -111,8 +111,8 @@ zonefile=grand.child9.utld.db outfile=grand.child9.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -125,8 +125,8 @@ zonefile=grand.child10.utld.db outfile=grand.child10.signed dlvzone=dlv.utld. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -138,8 +138,8 @@ infile=child.db.in zonefile=grand.child1.druz.db outfile=grand.child1.druz.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -153,8 +153,8 @@ zonefile=grand.child3.druz.db outfile=grand.child3.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -168,8 +168,8 @@ zonefile=grand.child4.druz.db outfile=grand.child4.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -183,8 +183,8 @@ zonefile=grand.child5.druz.db outfile=grand.child5.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -198,8 +198,8 @@ zonefile=grand.child7.druz.db outfile=grand.child7.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -213,8 +213,8 @@ zonefile=grand.child8.druz.db outfile=grand.child8.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -228,8 +228,8 @@ zonefile=grand.child9.druz.db outfile=grand.child9.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -242,8 +242,8 @@ zonefile=grand.child10.druz.db outfile=grand.child10.druz.signed dlvzone=dlv.druz. -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index b0890df2a6..0a63a6bd4f 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -29,8 +29,8 @@ do cp ../ns3/dsset-$subdomain.example$TP . done -keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone` -keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` +keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` cat $infile $keyname1.key $keyname2.key >$zonefile @@ -89,8 +89,8 @@ zone=in-addr.arpa. infile=in-addr.arpa.db.in zonefile=in-addr.arpa.db -keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone` -keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` +keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null @@ -127,8 +127,8 @@ zone=badparam. infile=badparam.db.in zonefile=badparam.db -keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone` -keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone` +keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone` +keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/dnssec/ns6/named.conf.in b/bin/tests/system/dnssec/ns6/named.conf.in index c3f2930ee2..d9b7a94306 100644 --- a/bin/tests/system/dnssec/ns6/named.conf.in +++ b/bin/tests/system/dnssec/ns6/named.conf.in @@ -21,7 +21,7 @@ options { listen-on-v6 { none; }; recursion yes; notify yes; - disable-algorithms . { DSA; }; + disable-algorithms . { @DEFAULT_ALGORITHM@; }; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside . trust-anchor dlv; diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 2e225d2e48..f3490027a3 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -147,10 +147,10 @@ status=`expr $status + $ret` if [ -x ${DELV} ] ; then ret=0 - echo_i "checking postive validation NSEC using dns_client ($n)" + echo_i "checking positive validation NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.example > delv.out$n || ret=1 grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1 - grep "a.example..*.RRSIG.A 3 2 300 .*" delv.out$n > /dev/null || ret=1 + grep "a.example..*.RRSIG.A $DEFAULT_ALGORITHM_NUMBER 2 300 .*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -222,7 +222,7 @@ if [ -x ${DELV} ] ; then echo_i "checking positive wildcard validation NSEC using dns_client ($n)" $DELV $DELVOPTS @10.53.0.4 a a.wild.example > delv.out$n || ret=1 grep "a.wild.example..*10.0.0.27" delv.out$n > /dev/null || ret=1 - grep "a.wild.example..*RRSIG.A 3 2 300.*" delv.out$n > /dev/null || ret=1 + grep -E "a.wild.example..*RRSIG.A [0-9]+ 2 300.*" delv.out$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` @@ -1190,7 +1190,7 @@ n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` -echo_i "checking that lookups succeed after disabling a algorithm works ($n)" +echo_i "checking that lookups succeed after disabling an algorithm ($n)" ret=0 $DIG $DIGOPTS +noauth example. SOA @10.53.0.2 \ > dig.out.ns2.test$n || ret=1 @@ -2997,11 +2997,11 @@ echo_i "check dig's +nocrypto flag ($n)" ret=0 $DIG $DIGOPTS +norec +nocrypto DNSKEY . \ @10.53.0.1 > dig.out.dnskey.ns1.test$n || ret=1 -grep '256 3 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 -grep 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 +grep -E '256 [0-9]+ 1 \[key id = [1-9][0-9]*]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 +grep -E 'RRSIG.* \[omitted]' dig.out.dnskey.ns1.test$n > /dev/null || ret=1 $DIG $DIGOPTS +norec +nocrypto DS example \ @10.53.0.1 > dig.out.ds.ns1.test$n || ret=1 -grep 'DS.* 3 [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1 +grep -E 'DS.* [0-9]+ [12] \[omitted]' dig.out.ds.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh index 4075b3415e..2b75296ec1 100755 --- a/bin/tests/system/filter-aaaa/ns1/sign.sh +++ b/bin/tests/system/filter-aaaa/ns1/sign.sh @@ -21,8 +21,8 @@ infile=signed.db.in zonefile=signed.db.signed outfile=signed.db.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/filter-aaaa/ns4/sign.sh b/bin/tests/system/filter-aaaa/ns4/sign.sh index 4075b3415e..2b75296ec1 100755 --- a/bin/tests/system/filter-aaaa/ns4/sign.sh +++ b/bin/tests/system/filter-aaaa/ns4/sign.sh @@ -21,8 +21,8 @@ infile=signed.db.in zonefile=signed.db.signed outfile=signed.db.signed -keyname1=`$KEYGEN -a DSA -b 768 -n zone $zone 2> /dev/null` -keyname2=`$KEYGEN -f KSK -a DSA -b 768 -n zone $zone 2> /dev/null` +keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` +keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/keymgr/policy.good b/bin/tests/system/keymgr/policy.good index 95af940e98..eb23246214 100644 --- a/bin/tests/system/keymgr/policy.good +++ b/bin/tests/system/keymgr/policy.good @@ -134,12 +134,12 @@ algorithm policy RSASHA1: zsk_standby None keyttl None -algorithm policy DSA: +algorithm policy RSASHA256: inherits None directory None - algorithm DSA + algorithm RSASHA256 coverage None - ksk_keysize 1024 + ksk_keysize 2048 zsk_keysize 2048 ksk_rollperiod None zsk_rollperiod None @@ -151,6 +151,23 @@ algorithm policy DSA: zsk_standby None keyttl None +algorithm policy ECDSAP256SHA256: + inherits None + directory None + algorithm ECDSAP256SHA256 + coverage None + ksk_keysize None + zsk_keysize None + ksk_rollperiod None + zsk_rollperiod None + ksk_prepublish None + ksk_postpublish None + zsk_prepublish None + zsk_postpublish None + ksk_standby None + zsk_standby None + keyttl None + policy extra: inherits default directory None diff --git a/bin/tests/system/keymgr/testpolicy.py b/bin/tests/system/keymgr/testpolicy.py index e9125cf347..723cf7224b 100644 --- a/bin/tests/system/keymgr/testpolicy.py +++ b/bin/tests/system/keymgr/testpolicy.py @@ -31,7 +31,8 @@ if len(sys.argv) > 0: # print algorithm policies print(pp.alg_policy['RSASHA1']) - print(pp.alg_policy['DSA']) + print(pp.alg_policy['RSASHA256']) + print(pp.alg_policy['ECDSAP256SHA256']) # print another named policy print(pp.named_policy['extra']) diff --git a/bin/tests/system/rootkeysentinel/ns2/sign.sh b/bin/tests/system/rootkeysentinel/ns2/sign.sh index 9d0e62d6c7..6501ce5dba 100644 --- a/bin/tests/system/rootkeysentinel/ns2/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns2/sign.sh @@ -22,8 +22,8 @@ zone=example. infile=example.db.in zonefile=example.db -keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone` -keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` +keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` cat $infile $keyname1.key $keyname2.key >$zonefile echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >> $zonefile diff --git a/bin/tests/system/sfcache/ns2/sign.sh b/bin/tests/system/sfcache/ns2/sign.sh index 709c20c8d5..4fe8a6c08e 100644 --- a/bin/tests/system/sfcache/ns2/sign.sh +++ b/bin/tests/system/sfcache/ns2/sign.sh @@ -16,8 +16,8 @@ zone=example. infile=example.db.in zonefile=example.db -keyname1=`$KEYGEN -q -a DSA -b 768 -n zone $zone` -keyname2=`$KEYGEN -q -a DSA -b 768 -n zone $zone` +keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` +keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone` cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/testcrypto.sh b/bin/tests/system/testcrypto.sh index 5ed278512d..b0fd76795c 100644 --- a/bin/tests/system/testcrypto.sh +++ b/bin/tests/system/testcrypto.sh @@ -15,7 +15,7 @@ SYSTEMTESTTOP=${SYSTEMTESTTOP:=..} prog=$0 args="" -alg="-a RSAMD5 -b 1024" +alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS" quiet=0 msg1="cryptography" diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh index 7350f0221d..74d16dd0ad 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh @@ -16,5 +16,5 @@ $SHELL clean.sh copy_setports ns1/named.conf.in ns1/named.conf -key=`$KEYGEN -Cq -K ns1 -a DSA -b 512 -n HOST -T KEY key.example.nil.` +key=`$KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.` cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db