mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00
Code Issues Releases Wiki Activity

Upgrade uses of hmac-sha1 to DEFAULT_HMAC

Browse Source 
where the test is not hmac-sha1 specific
This commit is contained in:
Mark Andrews 2022-07-05 18:53:53 +10:00
parent 19a7a1e557
commit c533e8bc5b
17 changed files with 52 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/tests/system/checkconf/bad-kasp-keydir1.conf → bin/tests/system/checkconf/bad-kasp-keydir1.conf.in
View File

@ -18,12 +18,12 @@
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

4
bin/tests/system/checkconf/bad-kasp-keydir2.conf → bin/tests/system/checkconf/bad-kasp-keydir2.conf.in
View File

@ -18,12 +18,12 @@
*/
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

4
bin/tests/system/checkconf/bad-kasp-keydir3.conf → bin/tests/system/checkconf/bad-kasp-keydir3.conf.in
View File

@ -19,12 +19,12 @@
*/
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

4
bin/tests/system/checkconf/bad-kasp-keydir4.conf → bin/tests/system/checkconf/bad-kasp-keydir4.conf.in
View File

@ -18,12 +18,12 @@
*/
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

4
bin/tests/system/checkconf/bad-kasp-keydir5.conf → bin/tests/system/checkconf/bad-kasp-keydir5.conf.in
View File

@ -19,12 +19,12 @@
*/
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

13
bin/tests/system/checkconf/clean.sh
View File

@ -11,10 +11,15 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f good.conf.in good.conf.out badzero.conf *.out
rm -f good-kasp.conf.in
rm -rf test.keydir
rm -f bad-kasp-keydir1.conf
rm -f bad-kasp-keydir2.conf
rm -f bad-kasp-keydir3.conf
rm -f bad-kasp-keydir4.conf
rm -f bad-kasp-keydir5.conf
rm -f checkconf.out*
rm -f diff.out*
rm -f ns*/named.lock
rm -f good-kasp.conf.in
rm -f good-server-christmas-tree.conf
rm -f good.conf.in good.conf.out badzero.conf *.out
rm -f ns*/named.lock
rm -rf test.keydir

7
bin/tests/system/checkconf/setup.sh
View File

@ -10,4 +10,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
. ../conf.sh
copy_setports bad-kasp-keydir1.conf.in bad-kasp-keydir1.conf
copy_setports bad-kasp-keydir2.conf.in bad-kasp-keydir2.conf
copy_setports bad-kasp-keydir3.conf.in bad-kasp-keydir3.conf
copy_setports bad-kasp-keydir4.conf.in bad-kasp-keydir4.conf
copy_setports bad-kasp-keydir5.conf.in bad-kasp-keydir5.conf
cp -f good-server-christmas-tree.conf.in good-server-christmas-tree.conf

1
bin/tests/system/checkzone/clean.sh
View File

@ -11,4 +11,5 @@
rm -f test.* good1.db.raw named-compilezone
rm -f ns*/named.lock
rm -f zones/bad-tsig.db
rm -f zones/zone1_*.txt

2
bin/tests/system/checkzone/setup.sh
View File

@ -15,3 +15,5 @@ ln -s $CHECKZONE named-compilezone
./named-compilezone -D -F raw -o good1.db.raw example \
zones/good1.db > /dev/null 2>&1
copy_setports zones/bad-tsig.db.in zones/bad-tsig.db

2
bin/tests/system/checkzone/zones/bad-tsig.db → bin/tests/system/checkzone/zones/bad-tsig.db.in
View File

@ -14,4 +14,4 @@ $TTL 600
NS ns
ns A 192.0.2.1
tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
tsig TSIG @DEFAULT_HMAC@ 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0

6
bin/tests/system/kasp/ns4/named.conf.in
View File

@ -38,17 +38,17 @@ key "sha256" {
};
key "keyforview1" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
key "keyforview3" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0=";
};

6
bin/tests/system/kasp/tests.sh
View File

@ -1872,7 +1872,7 @@ dnssec_verify
# Test with views.
set_zone "example.net"
set_server "ns4" "10.53.0.4"
TSIG="hmac-sha1:keyforview1:$VIEW1"
TSIG="$DEFAULT_HMAC:keyforview1:$VIEW1"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example1"
@ -1891,7 +1891,7 @@ check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
TSIG="hmac-sha1:keyforview2:$VIEW2"
TSIG="$DEFAULT_HMAC:keyforview2:$VIEW2"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"
@ -1908,7 +1908,7 @@ check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
TSIG="hmac-sha1:keyforview3:$VIEW3"
TSIG="$DEFAULT_HMAC:keyforview3:$VIEW3"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"

4
bin/tests/system/keymgr2kasp/ns4/named.conf.in
View File

@ -36,12 +36,12 @@ controls {
};
key "external" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

4
bin/tests/system/keymgr2kasp/ns4/named2.conf.in
View File

@ -57,12 +57,12 @@ dnssec-policy "rsasha256" {
};
key "external" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};

8
bin/tests/system/keymgr2kasp/tests.sh
View File

@ -957,7 +957,7 @@ set_server "ns4" "10.53.0.4"
init_view_migration
set_keyalgorithm "KEY1" "8" "RSASHA256" "2048"
set_keyalgorithm "KEY2" "8" "RSASHA256" "1024"
TSIG="hmac-sha1:external:$VIEW1"
TSIG="$DEFAULT_HMAC:external:$VIEW1"
wait_for_nsec
# Make sure the zone is signed with legacy keys.
check_keys
@ -987,7 +987,7 @@ set_server "ns4" "10.53.0.4"
init_view_migration
set_keyalgorithm "KEY1" "8" "RSASHA256" "2048"
set_keyalgorithm "KEY2" "8" "RSASHA256" "1024"
TSIG="hmac-sha1:internal:$VIEW2"
TSIG="$DEFAULT_HMAC:internal:$VIEW2"
wait_for_nsec
# Make sure the zone is signed with legacy keys.
check_keys
@ -1052,7 +1052,7 @@ set_keystate "KEY3" "STATE_DNSKEY" "rumoured"
set_keystate "KEY3" "STATE_ZRRSIG" "hidden"
# Various signing policy checks (external).
TSIG="hmac-sha1:external:$VIEW1"
TSIG="$DEFAULT_HMAC:external:$VIEW1"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
@ -1113,7 +1113,7 @@ check_apex
dnssec_verify
# Various signing policy checks (internal).
TSIG="hmac-sha1:internal:$VIEW2"
TSIG="$DEFAULT_HMAC:internal:$VIEW2"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"

4
bin/tests/system/rndc/ns7/named.conf.in
View File

@ -24,12 +24,12 @@ key rndc_key {
};
key int {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
};
key ext {
algorithm "hmac-sha1";
algorithm @DEFAULT_HMAC@;
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
};

12
bin/tests/system/rndc/tests.sh
View File

@ -739,10 +739,10 @@ status=$((status+ret))
n=$((n+1))
echo_i "checking initial in-view zone file is loaded ($n)"
ret=0
TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -750,7 +750,7 @@ status=$((status+ret))
echo_i "update in-view zone ($n)"
ret=0
TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 <<END || ret=1
server 10.53.0.7
zone test.
@ -765,7 +765,7 @@ status=$((status+ret))
echo_i "checking update ($n)"
ret=0
TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n
grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
@ -795,10 +795,10 @@ wait_for_log 3 "all zones loaded" ns7/named.run
n=$((n+1))
echo_i "checking zone file edits are loaded ($n)"
ret=0
TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi