mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

Test legacy HMAC key files with dig

Browse Source 
tsig-keygen is now used to generate key files for TSIG.  These have
a different format to those that were generated by dnssec-keygen.
Test that dig can still read these files.
This commit is contained in:
Mark Andrews
2023-06-19 17:49:05 +10:00
parent e1fb17e72c
commit c91a208ef5
15 changed files with 131 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key Normal file
View File

@@ -0,0 +1 @@
hmac-md5-legacy. IN KEY 0 3 157 B7HCXJs0XnSPzypG5oHuGw==

7
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: B7HCXJs0XnSPzypG5oHuGw==
Bits: AAA=
Created: 20230619071002
Publish: 20230619071002
Activate: 20230619071002

1
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key Normal file
View File

@@ -0,0 +1 @@
hmac-sha1-legacy. IN KEY 0 3 161 TxGx9XBp6Pp5yYAOKXdERA==

7
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 161 (HMAC_SHA1)
Key: TxGx9XBp6Pp5yYAOKXdERA==
Bits: AAA=
Created: 20230619071031
Publish: 20230619071031
Activate: 20230619071031

1
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key Normal file
View File

@@ -0,0 +1 @@
hmac-sha224-legacy. IN KEY 0 3 162 H8Hyw718rLqToQFRLAeFWQ==

7
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 162 (HMAC_SHA224)
Key: H8Hyw718rLqToQFRLAeFWQ==
Bits: AAA=
Created: 20230619071136
Publish: 20230619071136
Activate: 20230619071136

1
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key Normal file
View File

@@ -0,0 +1 @@
hmac-sha256-legacy. IN KEY 0 3 163 fdT9hiPov4ThMEfRv1FNmA==

7
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 163 (HMAC_SHA256)
Key: fdT9hiPov4ThMEfRv1FNmA==
Bits: AAA=
Created: 20230619071043
Publish: 20230619071043
Activate: 20230619071043

1
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key Normal file
View File

@@ -0,0 +1 @@
hmac-sha384-legacy. IN KEY 0 3 164 fnshFIjQTLFap6+j2JGBkA==

7
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 164 (HMAC_SHA384)
Key: fnshFIjQTLFap6+j2JGBkA==
Bits: AAA=
Created: 20230619071109
Publish: 20230619071109
Activate: 20230619071109

1
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key Normal file
View File

@@ -0,0 +1 @@
hmac-sha512-legacy. IN KEY 0 3 165 BZwNLICp2tj4hi6gil41eg==

7
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private Normal file
View File

@@ -0,0 +1,7 @@
Private-key-format: v1.3
Algorithm: 165 (HMAC_SHA512)
Key: BZwNLICp2tj4hi6gil41eg==
Bits: AAA=
Created: 20230619071124
Publish: 20230619071124
Activate: 20230619071124

25
bin/tests/system/tsig/ns1/named-fips.conf.in
View File

@@ -49,6 +49,31 @@ key "sha512" {
algorithm hmac-sha512;
};
key "hmac-sha1-legacy" {
algorithm "hmac-sha1";
secret "TxGx9XBp6Pp5yYAOKXdERA==";
};
key "hmac-sha224-legacy" {
algorithm "hmac-sha224";
secret "H8Hyw718rLqToQFRLAeFWQ==";
};
key "hmac-sha256-legacy" {
algorithm "hmac-sha256";
secret "fdT9hiPov4ThMEfRv1FNmA==";
};
key "hmac-sha384-legacy" {
algorithm "hmac-sha384";
secret "fnshFIjQTLFap6+j2JGBkA==";
};
key "hmac-sha512-legacy" {
algorithm "hmac-sha512";
secret "BZwNLICp2tj4hi6gil41eg==";
};
key "sha1-trunc" {
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
algorithm hmac-sha1-80;

5
bin/tests/system/tsig/ns1/named.conf.in
View File

@@ -22,3 +22,8 @@ key "md5-trunc" {
secret "97rnFx24Tfna4mHPfgnerA==";
algorithm hmac-md5-80;
};
key "hmac-md5-legacy" {
algorithm "hmac-md5";
secret "B7HCXJs0XnSPzypG5oHuGw==";
};

53
bin/tests/system/tsig/tests.sh
View File

@@ -257,5 +257,58 @@ if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
if $FEATURETEST --md5
then
echo_i "fetching using hmac-md5 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-md5-legacy.+*.key @10.53.0.1 soa > dig.out.md5.legacy || ret=1
grep -i "md5.*TSIG.*NOERROR" dig.out.md5.legacy > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
else
echo_i "skipping using hmac-md5"
fi
echo_i "fetching using hmac-sha1 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha1-legacy.+*.key @10.53.0.1 soa > dig.out.sha1.legacy || ret=1
grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.legacy > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
echo_i "fetching using hmac-sha224 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha224-legacy.+*.key @10.53.0.1 soa > dig.out.sha224 || ret=1
grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
echo_i "fetching using hmac-sha256 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha256-legacy.*.key @10.53.0.1 soa > dig.out.sha256 || ret=1
grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
echo_i "fetching using hmac-sha384 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha384-legacy.*.key @10.53.0.1 soa > dig.out.sha384 || ret=1
grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
echo_i "fetching using hmac-sha512 (legacy)"
ret=0
$DIG $DIGOPTS example.nil. -k ns1/legacy/Khmac-sha512-legacy.*.key @10.53.0.1 soa > dig.out.sha512 || ret=1
grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
if [ $ret -eq 1 ] ; then
echo_i "failed"; status=1
fi
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1