diff --git a/bin/tests/system/kasp/clean.sh b/bin/tests/system/kasp/clean.sh index 7ab6c79130..ce556893bd 100644 --- a/bin/tests/system/kasp/clean.sh +++ b/bin/tests/system/kasp/clean.sh @@ -26,3 +26,4 @@ rm -f ns*/zones ns*/*.db.infile rm -f *.created published.test* retired.test* rm -f rndc.dnssec.*.out.* rm -f python.out.* +rm -f *-supported.file diff --git a/bin/tests/system/kasp/ns3/ed25519.conf b/bin/tests/system/kasp/ns3/ed25519.conf new file mode 100644 index 0000000000..89380e14cd --- /dev/null +++ b/bin/tests/system/kasp/ns3/ed25519.conf @@ -0,0 +1,15 @@ +dnssec-policy "ed25519" { + dnskey-ttl 1234; + + keys { + ksk key-directory lifetime P10Y algorithm 15; + zsk key-directory lifetime P5Y algorithm 15; + zsk key-directory lifetime P1Y algorithm 15 256; + }; +}; + +zone "ed25519.kasp" { + type primary; + file "ed25519.kasp.db"; + dnssec-policy "ed25519"; +}; diff --git a/bin/tests/system/kasp/ns3/ed448.conf b/bin/tests/system/kasp/ns3/ed448.conf new file mode 100644 index 0000000000..379f02c93a --- /dev/null +++ b/bin/tests/system/kasp/ns3/ed448.conf @@ -0,0 +1,15 @@ +dnssec-policy "ed448" { + dnskey-ttl 1234; + + keys { + ksk key-directory lifetime P10Y algorithm 16; + zsk key-directory lifetime P5Y algorithm 16; + zsk key-directory lifetime P1Y algorithm 16 456; + }; +}; + +zone "ed448.kasp" { + type primary; + file "ed448.kasp.db"; + dnssec-policy "ed448"; +}; diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh index 5ab3f7dc97..b72067b4b4 100644 --- a/bin/tests/system/kasp/ns3/setup.sh +++ b/bin/tests/system/kasp/ns3/setup.sh @@ -59,6 +59,18 @@ do cp template.db.in "$zonefile" done +if [ -f ../ed25519-supported.file ]; then + setup "ed25519.kasp" + cp template.db.in "$zonefile" + cat ed25519.conf >> named.conf +fi + +if [ -f ../ed448-supported.file ]; then + setup "ed448.kasp" + cp template.db.in "$zonefile" + cat ed448.conf >> named.conf +fi + # Set up zone that stays unsigned. zone="unsigned.kasp" echo_i "setting up zone: $zone" diff --git a/bin/tests/system/kasp/setup.sh b/bin/tests/system/kasp/setup.sh index b499fb8dae..5a1f853d3c 100644 --- a/bin/tests/system/kasp/setup.sh +++ b/bin/tests/system/kasp/setup.sh @@ -24,6 +24,14 @@ copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns6/named.conf.in ns6/named.conf +if $SHELL ../testcrypto.sh ed25519; then + echo "yes" > ed25519-supported.file +fi + +if $SHELL ../testcrypto.sh ed448; then + echo "yes" > ed448-supported.file +fi + # Setup zones ( cd ns2 diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index c5262a8fa9..4e4c12e1f2 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -2041,7 +2041,49 @@ check_apex check_subdomain dnssec_verify -# TODO: ED25519 and ED448. +# +# Zone: ed25519.kasp. +# +if [ -f ed25519-supported.file ]; then + set_zone "ed25519.kasp" + set_policy "ed25519" "3" "1234" + set_server "ns3" "10.53.0.3" + # Key properties. + set_keyalgorithm "KEY1" "15" "ED25519" "256" + set_keyalgorithm "KEY2" "15" "ED25519" "256" + set_keyalgorithm "KEY3" "15" "ED25519" "256" + # Key timings and states same as above. + + check_keys + check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" + set_keytimes_algorithm_policy + check_keytimes + check_apex + check_subdomain + dnssec_verify +fi + +# +# Zone: ed448.kasp. +# +if [ -f ed448-supported.file ]; then + set_zone "ed448.kasp" + set_policy "ed448" "3" "1234" + set_server "ns3" "10.53.0.3" + # Key properties. + set_keyalgorithm "KEY1" "16" "ED448" "456" + set_keyalgorithm "KEY2" "16" "ED448" "456" + set_keyalgorithm "KEY3" "16" "ED448" "456" + # Key timings and states same as above. + + check_keys + check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" + set_keytimes_algorithm_policy + check_keytimes + check_apex + check_subdomain + dnssec_verify +fi # Set key times for 'autosign' policy. set_keytimes_autosign_policy() {