From d4a7fe5aaa82c08fdcc3408996ac038047ab4676 Mon Sep 17 00:00:00 2001 From: Otto Moerbeek Date: Thu, 9 Oct 2025 09:27:51 +0200 Subject: [PATCH] auth/rec: seperate out dnssec constants from DNSSECKeeper by moving them to a DNSSEC class This allows not having ueberbackend.hh in rec, it makes no sense including that file in rec A bit of churn in rec, but all mechanical Signed-off-by: Otto Moerbeek --- pdns/Makefile.am | 2 + pdns/dnssec.hh | 190 +++++++++++++++++++ pdns/dnssecinfra.cc | 32 ++-- pdns/dnsseckeeper.hh | 118 +----------- pdns/opensslsigners.cc | 66 +++---- pdns/recursordist/Makefile.am | 4 +- pdns/recursordist/dnssec.hh | 1 + pdns/recursordist/rec-main.cc | 4 +- pdns/recursordist/syncres.cc | 8 +- pdns/recursordist/test-aggressive_nsec_cc.cc | 40 ++-- pdns/recursordist/test-syncres_cc.hh | 2 +- pdns/recursordist/test-syncres_cc1.cc | 14 +- pdns/recursordist/test-syncres_cc10.cc | 58 +++--- pdns/recursordist/test-syncres_cc2.cc | 6 +- pdns/recursordist/test-syncres_cc3.cc | 28 +-- pdns/recursordist/test-syncres_cc4.cc | 82 ++++---- pdns/recursordist/test-syncres_cc5.cc | 158 +++++++-------- pdns/recursordist/test-syncres_cc6.cc | 114 +++++------ pdns/recursordist/test-syncres_cc7.cc | 96 +++++----- pdns/recursordist/test-syncres_cc8.cc | 76 ++++---- pdns/recursordist/test-syncres_cc9.cc | 62 +++--- pdns/recursordist/ueberbackend.hh | 1 - pdns/recursordist/validate-recursor.cc | 4 +- pdns/sodiumsigners.cc | 4 +- pdns/test-signers.cc | 28 +-- pdns/validate.cc | 6 +- 26 files changed, 643 insertions(+), 561 deletions(-) create mode 100644 pdns/dnssec.hh create mode 120000 pdns/recursordist/dnssec.hh delete mode 120000 pdns/recursordist/ueberbackend.hh diff --git a/pdns/Makefile.am b/pdns/Makefile.am index 9722a3fd12..d429e782b5 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -223,6 +223,7 @@ pdns_server_SOURCES = \ dnsparser.cc \ dnsproxy.cc dnsproxy.hh \ dnsrecords.cc dnsrecords.hh \ + dnssec.hh \ dnssecinfra.cc dnssecinfra.hh \ dnsseckeeper.hh \ dnssecsigner.cc \ @@ -357,6 +358,7 @@ pdnsutil_SOURCES = \ dnspacket.cc \ dnsparser.cc dnsparser.hh \ dnsrecords.cc \ + dnssec.hh \ dnssecinfra.cc dnssecinfra.hh \ dnssecsigner.cc \ dnswriter.cc dnswriter.hh \ diff --git a/pdns/dnssec.hh b/pdns/dnssec.hh new file mode 100644 index 0000000000..2387f0ab69 --- /dev/null +++ b/pdns/dnssec.hh @@ -0,0 +1,190 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include "misc.hh" + +class DNSSEC +{ +public: + + enum keytype_t : uint8_t + { + KSK, + ZSK, + CSK + }; + enum keyalgorithm_t : uint8_t + { + RSAMD5 = 1, + DH = 2, + DSA = 3, + RSASHA1 = 5, + DSANSEC3SHA1 = 6, + RSASHA1NSEC3SHA1 = 7, + RSASHA256 = 8, + RSASHA512 = 10, + ECCGOST = 12, + ECDSA256 = 13, + ECDSA384 = 14, + ED25519 = 15, + ED448 = 16 + }; + + enum dsdigestalgorithm_t : uint8_t + { + DIGEST_SHA1 = 1, + DIGEST_SHA256 = 2, + DIGEST_GOST = 3, + DIGEST_SHA384 = 4 + }; + + static std::string keyTypeToString(keytype_t keyType) + { + switch (keyType) { + case DNSSEC::KSK: + return "KSK"; + case DNSSEC::ZSK: + return "ZSK"; + case DNSSEC::CSK: + return "CSK"; + default: + return "UNKNOWN"; + } + } + + /* + * Returns the algorithm number based on the mnemonic (or old PowerDNS value of) a string. + * See https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml for the mapping + */ + static int shorthand2algorithm(const std::string& algorithm) + { + // XXX map based approach likely better + if (pdns_iequals(algorithm, "rsamd5")) { + return RSAMD5; + } + if (pdns_iequals(algorithm, "dh")) { + return DH; + } + if (pdns_iequals(algorithm, "dsa")) { + return DSA; + } + if (pdns_iequals(algorithm, "rsasha1")) { + return RSASHA1; + } + if (pdns_iequals(algorithm, "dsa-nsec3-sha1")) { + return DSANSEC3SHA1; + } + if (pdns_iequals(algorithm, "rsasha1-nsec3-sha1")) { + return RSASHA1NSEC3SHA1; + } + if (pdns_iequals(algorithm, "rsasha256")) { + return RSASHA256; + } + if (pdns_iequals(algorithm, "rsasha512")) { + return RSASHA512; + } + if (pdns_iequals(algorithm, "ecc-gost")) { + return ECCGOST; + } + if (pdns_iequals(algorithm, "gost")) { + return ECCGOST; + } + if (pdns_iequals(algorithm, "ecdsa256")) { + return ECDSA256; + } + if (pdns_iequals(algorithm, "ecdsap256sha256")) { + return ECDSA256; + } + if (pdns_iequals(algorithm, "ecdsa384")) { + return ECDSA384; + } + if (pdns_iequals(algorithm, "ecdsap384sha384")) { + return ECDSA384; + } + if (pdns_iequals(algorithm, "ed25519")) { + return ED25519; + } + if (pdns_iequals(algorithm, "ed448")) { + return ED448; + } + if (pdns_iequals(algorithm, "indirect")) { + return 252; + } + if (pdns_iequals(algorithm, "privatedns")) { + return 253; + } + if (pdns_iequals(algorithm, "privateoid")) { + return 254; + } + return -1; + } + + /* + * Returns the mnemonic from https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml + */ + static std::string algorithm2name(uint8_t algo) + { + switch (algo) { + case 0: + case 4: + case 9: + case 11: + return "Reserved"; + case RSAMD5: + return "RSAMD5"; + case DH: + return "DH"; + case DSA: + return "DSA"; + case RSASHA1: + return "RSASHA1"; + case DSANSEC3SHA1: + return "DSA-NSEC3-SHA1"; + case RSASHA1NSEC3SHA1: + return "RSASHA1-NSEC3-SHA1"; + case RSASHA256: + return "RSASHA256"; + case RSASHA512: + return "RSASHA512"; + case ECCGOST: + return "ECC-GOST"; + case ECDSA256: + return "ECDSAP256SHA256"; + case ECDSA384: + return "ECDSAP384SHA384"; + case ED25519: + return "ED25519"; + case ED448: + return "ED448"; + case 252: + return "INDIRECT"; + case 253: + return "PRIVATEDNS"; + case 254: + return "PRIVATEOID"; + default: + return "Unallocated/Reserved"; + } + } +}; diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index d6826db6ca..be8e8c17db 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -35,7 +35,7 @@ #include #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include #include #include // for 'operator+=()' @@ -247,7 +247,7 @@ string DNSCryptoKeyEngine::listSupportedAlgoNames() else { first = false; } - ret.append(DNSSECKeeper::algorithm2name(algo)); + ret.append(DNSSEC::algorithm2name(algo)); if (isAlgorithmSwitchedOff(algo)) { ret.append("(disabled)"); } @@ -373,11 +373,11 @@ bool DNSCryptoKeyEngine::testVerify(unsigned int algo, maker_t* verifier) string b64pubkey; string b64sig; switch (algo) { - case DNSSECKeeper::RSASHA1: + case DNSSEC::RSASHA1: b64pubkey = pubkey5; b64sig = sig5; break; - case DNSSECKeeper::RSASHA1NSEC3SHA1: + case DNSSEC::RSASHA1NSEC3SHA1: b64pubkey = pubkey7; b64sig = sig7; break; @@ -428,15 +428,15 @@ void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t auto dckeSign = signer(algo); auto dckeVerify = verifier(algo); - cout<<"Testing algorithm "<getName()<<"' ->'"<getName()<<"' -> '"<getName()<<"' "; + cout<<"Testing algorithm "<getName()<<"' ->'"<getName()<<"' -> '"<getName()<<"' "; unsigned int bits; if(algo <= 10) bits=2048; - else if(algo == DNSSECKeeper::ECCGOST || algo == DNSSECKeeper::ECDSA256 || algo == DNSSECKeeper::ED25519) + else if(algo == DNSSEC::ECCGOST || algo == DNSSEC::ECDSA256 || algo == DNSSEC::ED25519) bits = 256; - else if(algo == DNSSECKeeper::ECDSA384) + else if(algo == DNSSEC::ECDSA384) bits = 384; - else if(algo == DNSSECKeeper::ED448) + else if(algo == DNSSEC::ED448) bits = 456; else throw runtime_error("Can't guess key size for algorithm "+std::to_string(algo)); @@ -580,14 +580,14 @@ bool DNSCryptoKeyEngine::isAlgorithmSupported(unsigned int algo) static unsigned int digestToAlgorithmNumber(uint8_t digest) { switch(digest) { - case DNSSECKeeper::DIGEST_SHA1: - return DNSSECKeeper::RSASHA1; - case DNSSECKeeper::DIGEST_SHA256: - return DNSSECKeeper::RSASHA256; - case DNSSECKeeper::DIGEST_GOST: - return DNSSECKeeper::ECCGOST; - case DNSSECKeeper::DIGEST_SHA384: - return DNSSECKeeper::ECDSA384; + case DNSSEC::DIGEST_SHA1: + return DNSSEC::RSASHA1; + case DNSSEC::DIGEST_SHA256: + return DNSSEC::RSASHA256; + case DNSSEC::DIGEST_GOST: + return DNSSEC::ECCGOST; + case DNSSEC::DIGEST_SHA384: + return DNSSEC::ECDSA384; default: throw std::runtime_error("Unknown digest type " + std::to_string(digest)); } diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh index ad6f4e864c..311dca74d7 100644 --- a/pdns/dnsseckeeper.hh +++ b/pdns/dnsseckeeper.hh @@ -20,8 +20,7 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #pragma once -#include -#include + #include #include #include @@ -34,35 +33,14 @@ #include "dnspacket.hh" #include "ueberbackend.hh" #include "lock.hh" +#include "dnssec.hh" using namespace ::boost::multi_index; -class DNSSECKeeper : public boost::noncopyable +class DNSSECKeeper : public DNSSEC { public: - enum keytype_t { KSK, ZSK, CSK }; - enum keyalgorithm_t : uint8_t { - RSAMD5=1, - DH=2, - DSA=3, - RSASHA1=5, - DSANSEC3SHA1=6, - RSASHA1NSEC3SHA1=7, - RSASHA256=8, - RSASHA512=10, - ECCGOST=12, - ECDSA256=13, - ECDSA384=14, - ED25519=15, - ED448=16 - }; - - enum dsdigestalgorithm_t : uint8_t { - DIGEST_SHA1=1, - DIGEST_SHA256=2, - DIGEST_GOST=3, - DIGEST_SHA384=4 - }; + DNSSECKeeper(const DNSSECKeeper&) = delete; struct KeyMetaData { @@ -76,94 +54,6 @@ public: typedef std::pair keymeta_t; typedef std::vector keyset_t; - static string keyTypeToString(const keytype_t &keyType) - { - switch(keyType) { - case DNSSECKeeper::KSK: - return("KSK"); - case DNSSECKeeper::ZSK: - return("ZSK"); - case DNSSECKeeper::CSK: - return("CSK"); - default: - return("UNKNOWN"); - } - } - - /* - * Returns the algorithm number based on the mnemonic (or old PowerDNS value of) a string. - * See https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml for the mapping - */ - static int shorthand2algorithm(const string &algorithm) - { - if (pdns_iequals(algorithm, "rsamd5")) return RSAMD5; - if (pdns_iequals(algorithm, "dh")) return DH; - if (pdns_iequals(algorithm, "dsa")) return DSA; - if (pdns_iequals(algorithm, "rsasha1")) return RSASHA1; - if (pdns_iequals(algorithm, "dsa-nsec3-sha1")) return DSANSEC3SHA1; - if (pdns_iequals(algorithm, "rsasha1-nsec3-sha1")) return RSASHA1NSEC3SHA1; - if (pdns_iequals(algorithm, "rsasha256")) return RSASHA256; - if (pdns_iequals(algorithm, "rsasha512")) return RSASHA512; - if (pdns_iequals(algorithm, "ecc-gost")) return ECCGOST; - if (pdns_iequals(algorithm, "gost")) return ECCGOST; - if (pdns_iequals(algorithm, "ecdsa256")) return ECDSA256; - if (pdns_iequals(algorithm, "ecdsap256sha256")) return ECDSA256; - if (pdns_iequals(algorithm, "ecdsa384")) return ECDSA384; - if (pdns_iequals(algorithm, "ecdsap384sha384")) return ECDSA384; - if (pdns_iequals(algorithm, "ed25519")) return ED25519; - if (pdns_iequals(algorithm, "ed448")) return ED448; - if (pdns_iequals(algorithm, "indirect")) return 252; - if (pdns_iequals(algorithm, "privatedns")) return 253; - if (pdns_iequals(algorithm, "privateoid")) return 254; - return -1; - } - - /* - * Returns the mnemonic from https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml - */ - static string algorithm2name(uint8_t algo) { - switch(algo) { - case 0: - case 4: - case 9: - case 11: - return "Reserved"; - case RSAMD5: - return "RSAMD5"; - case DH: - return "DH"; - case DSA: - return "DSA"; - case RSASHA1: - return "RSASHA1"; - case DSANSEC3SHA1: - return "DSA-NSEC3-SHA1"; - case RSASHA1NSEC3SHA1: - return "RSASHA1-NSEC3-SHA1"; - case RSASHA256: - return "RSASHA256"; - case RSASHA512: - return "RSASHA512"; - case ECCGOST: - return "ECC-GOST"; - case ECDSA256: - return "ECDSAP256SHA256"; - case ECDSA384: - return "ECDSAP384SHA384"; - case ED25519: - return "ED25519"; - case ED448: - return "ED448"; - case 252: - return "INDIRECT"; - case 253: - return "PRIVATEDNS"; - case 254: - return "PRIVATEOID"; - default: - return "Unallocated/Reserved"; - } - } private: UeberBackend* d_keymetadb; diff --git a/pdns/opensslsigners.cc b/pdns/opensslsigners.cc index 91d438dab6..3a8df543b1 100644 --- a/pdns/opensslsigners.cc +++ b/pdns/opensslsigners.cc @@ -48,7 +48,7 @@ #include #include "opensslsigners.hh" #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #if (OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2090100fL) /* OpenSSL < 1.1.0 needs support for threading/locking in the calling application. */ @@ -315,15 +315,15 @@ int OpenSSLRSADNSCryptoKeyEngine::getBits() const void OpenSSLRSADNSCryptoKeyEngine::create(unsigned int bits) { // When changing the bitsizes, also edit them in ::checkKey - if ((d_algorithm == DNSSECKeeper::RSASHA1 || d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1) && (bits < 512 || bits > 4096)) { + if ((d_algorithm == DNSSEC::RSASHA1 || d_algorithm == DNSSEC::RSASHA1NSEC3SHA1) && (bits < 512 || bits > 4096)) { /* RFC3110 */ throw runtime_error(getName() + " RSASHA1 key generation failed for invalid bits size " + std::to_string(bits)); } - if (d_algorithm == DNSSECKeeper::RSASHA256 && (bits < 512 || bits > 4096)) { + if (d_algorithm == DNSSEC::RSASHA256 && (bits < 512 || bits > 4096)) { /* RFC5702 */ throw runtime_error(getName() + " RSASHA256 key generation failed for invalid bits size " + std::to_string(bits)); } - if (d_algorithm == DNSSECKeeper::RSASHA512 && (bits < 1024 || bits > 4096)) { + if (d_algorithm == DNSSEC::RSASHA512 && (bits < 1024 || bits > 4096)) { /* RFC5702 */ throw runtime_error(getName() + " RSASHA512 key generation failed for invalid bits size " + std::to_string(bits)); } @@ -594,14 +594,14 @@ DNSCryptoKeyEngine::storvector_t OpenSSLRSADNSCryptoKeyEngine::convertToISCVecto string algorithm = std::to_string(d_algorithm); switch (d_algorithm) { - case DNSSECKeeper::RSASHA1: - case DNSSECKeeper::RSASHA1NSEC3SHA1: + case DNSSEC::RSASHA1: + case DNSSEC::RSASHA1NSEC3SHA1: algorithm += " (RSASHA1)"; break; - case DNSSECKeeper::RSASHA256: + case DNSSEC::RSASHA256: algorithm += " (RSASHA256)"; break; - case DNSSECKeeper::RSASHA512: + case DNSSEC::RSASHA512: algorithm += " (RSASHA512)"; break; default: @@ -626,12 +626,12 @@ DNSCryptoKeyEngine::storvector_t OpenSSLRSADNSCryptoKeyEngine::convertToISCVecto std::size_t OpenSSLRSADNSCryptoKeyEngine::hashSize() const { switch (d_algorithm) { - case DNSSECKeeper::RSASHA1: - case DNSSECKeeper::RSASHA1NSEC3SHA1: + case DNSSEC::RSASHA1: + case DNSSEC::RSASHA1NSEC3SHA1: return SHA_DIGEST_LENGTH; - case DNSSECKeeper::RSASHA256: + case DNSSEC::RSASHA256: return SHA256_DIGEST_LENGTH; - case DNSSECKeeper::RSASHA512: + case DNSSEC::RSASHA512: return SHA512_DIGEST_LENGTH; default: throw runtime_error(getName() + " does not support hash operations for algorithm " + std::to_string(d_algorithm)); @@ -643,14 +643,14 @@ const EVP_MD* OpenSSLRSADNSCryptoKeyEngine::hasher() const const EVP_MD* messageDigest = nullptr; switch (d_algorithm) { - case DNSSECKeeper::RSASHA1: - case DNSSECKeeper::RSASHA1NSEC3SHA1: + case DNSSEC::RSASHA1: + case DNSSEC::RSASHA1NSEC3SHA1: messageDigest = EVP_sha1(); break; - case DNSSECKeeper::RSASHA256: + case DNSSEC::RSASHA256: messageDigest = EVP_sha256(); break; - case DNSSECKeeper::RSASHA512: + case DNSSEC::RSASHA512: messageDigest = EVP_sha512(); break; default: @@ -666,7 +666,7 @@ const EVP_MD* OpenSSLRSADNSCryptoKeyEngine::hasher() const std::string OpenSSLRSADNSCryptoKeyEngine::hash(const std::string& message) const { - if (d_algorithm == DNSSECKeeper::RSASHA1 || d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1) { + if (d_algorithm == DNSSEC::RSASHA1 || d_algorithm == DNSSEC::RSASHA1NSEC3SHA1) { std::string l_hash{}; l_hash.resize(SHA_DIGEST_LENGTH); // NOLINTNEXTLINE(*-cast): Using OpenSSL C APIs. @@ -674,7 +674,7 @@ std::string OpenSSLRSADNSCryptoKeyEngine::hash(const std::string& message) const return l_hash; } - if (d_algorithm == DNSSECKeeper::RSASHA256) { + if (d_algorithm == DNSSEC::RSASHA256) { std::string l_hash{}; l_hash.resize(SHA256_DIGEST_LENGTH); // NOLINTNEXTLINE(*-cast): Using OpenSSL C APIs. @@ -682,7 +682,7 @@ std::string OpenSSLRSADNSCryptoKeyEngine::hash(const std::string& message) const return l_hash; } - if (d_algorithm == DNSSECKeeper::RSASHA512) { + if (d_algorithm == DNSSEC::RSASHA512) { std::string l_hash{}; l_hash.resize(SHA512_DIGEST_LENGTH); // NOLINTNEXTLINE(*-cast): Using OpenSSL C APIs. @@ -881,13 +881,13 @@ bool OpenSSLRSADNSCryptoKeyEngine::checkKey(std::optional 4096)) { + if ((d_algorithm == DNSSEC::RSASHA1 || d_algorithm == DNSSEC::RSASHA1NSEC3SHA1 || d_algorithm == DNSSEC::RSASHA256) && (getBits() < 512 || getBits() > 4096)) { retval = false; if (errorMessages.has_value()) { errorMessages->get().push_back("key is " + std::to_string(getBits()) + " bytes, should be between 512 and 4096"); } } - if (d_algorithm == DNSSECKeeper::RSASHA512 && (getBits() < 1024 || getBits() > 4096)) { + if (d_algorithm == DNSSEC::RSASHA512 && (getBits() < 1024 || getBits() > 4096)) { retval = false; if (errorMessages.has_value()) { errorMessages->get().push_back("key is " + std::to_string(getBits()) + " bytes, should be between 1024 and 4096"); @@ -1313,10 +1313,10 @@ const EVP_MD* OpenSSLECDSADNSCryptoKeyEngine::hasher() const const EVP_MD* messageDigest = nullptr; switch (d_algorithm) { - case DNSSECKeeper::ECDSA256: + case DNSSEC::ECDSA256: messageDigest = EVP_sha256(); break; - case DNSSECKeeper::ECDSA384: + case DNSSEC::ECDSA384: messageDigest = EVP_sha384(); break; default: @@ -1333,9 +1333,9 @@ const EVP_MD* OpenSSLECDSADNSCryptoKeyEngine::hasher() const std::size_t OpenSSLECDSADNSCryptoKeyEngine::hashSize() const { switch (d_algorithm) { - case DNSSECKeeper::ECDSA256: + case DNSSEC::ECDSA256: return SHA256_DIGEST_LENGTH; - case DNSSECKeeper::ECDSA384: + case DNSSEC::ECDSA384: return SHA384_DIGEST_LENGTH; default: throw runtime_error(getName() + " does not support hash operations for algorithm " + std::to_string(d_algorithm)); @@ -2053,19 +2053,19 @@ const struct LoaderStruct { LoaderStruct() { - DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA1NSEC3SHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA256, &OpenSSLRSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(DNSSECKeeper::RSASHA512, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::RSASHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::RSASHA1NSEC3SHA1, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::RSASHA256, &OpenSSLRSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::RSASHA512, &OpenSSLRSADNSCryptoKeyEngine::maker); #ifdef HAVE_LIBCRYPTO_ECDSA - DNSCryptoKeyEngine::report(DNSSECKeeper::ECDSA256, &OpenSSLECDSADNSCryptoKeyEngine::maker); - DNSCryptoKeyEngine::report(DNSSECKeeper::ECDSA384, &OpenSSLECDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::ECDSA256, &OpenSSLECDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::ECDSA384, &OpenSSLECDSADNSCryptoKeyEngine::maker); #endif #ifdef HAVE_LIBCRYPTO_ED25519 - DNSCryptoKeyEngine::report(DNSSECKeeper::ED25519, &OpenSSLEDDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::ED25519, &OpenSSLEDDSADNSCryptoKeyEngine::maker); #endif #ifdef HAVE_LIBCRYPTO_ED448 - DNSCryptoKeyEngine::report(DNSSECKeeper::ED448, &OpenSSLEDDSADNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::ED448, &OpenSSLEDDSADNSCryptoKeyEngine::maker); #endif } } loaderOpenSSL; diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am index d70a78e927..8b896cb067 100644 --- a/pdns/recursordist/Makefile.am +++ b/pdns/recursordist/Makefile.am @@ -135,8 +135,8 @@ pdns_recursor_SOURCES = \ dnspacket.hh \ dnsparser.hh dnsparser.cc \ dnsrecords.cc dnsrecords.hh \ + dnssec.hh \ dnssecinfra.hh dnssecinfra.cc \ - dnsseckeeper.hh \ dnswriter.cc dnswriter.hh \ dolog.hh \ ednscookies.cc ednscookies.hh \ @@ -299,8 +299,8 @@ testrunner_SOURCES = \ dnsname.cc dnsname.hh \ dnsparser.hh dnsparser.cc \ dnsrecords.cc \ + dnssec.hh \ dnssecinfra.cc \ - dnsseckeeper.hh \ dnswriter.cc dnswriter.hh \ ednscookies.cc ednscookies.hh \ ednsextendederror.cc ednsextendederror.hh \ diff --git a/pdns/recursordist/dnssec.hh b/pdns/recursordist/dnssec.hh new file mode 120000 index 0000000000..fbfdf9d5dc --- /dev/null +++ b/pdns/recursordist/dnssec.hh @@ -0,0 +1 @@ +../dnssec.hh \ No newline at end of file diff --git a/pdns/recursordist/rec-main.cc b/pdns/recursordist/rec-main.cc index 55149fa15c..dcf32ef8d8 100644 --- a/pdns/recursordist/rec-main.cc +++ b/pdns/recursordist/rec-main.cc @@ -38,7 +38,7 @@ #include "rec-taskqueue.hh" #include "secpoll-recursor.hh" #include "logging.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "rec-rust-lib/cxxsettings.hh" #include "json.hh" #include "rec-system-resolve.hh" @@ -1691,7 +1691,7 @@ static int initDNSSEC(Logr::log_t log) } } else { - for (auto algo : {DNSSECKeeper::RSASHA1, DNSSECKeeper::RSASHA1NSEC3SHA1}) { + for (auto algo : {DNSSEC::RSASHA1, DNSSEC::RSASHA1NSEC3SHA1}) { if (!DNSCryptoKeyEngine::verifyOne(algo)) { DNSCryptoKeyEngine::switchOffAlgorithm(algo); nums.push_back(std::to_string(algo)); diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc index e7c8ae1ffa..98bd947ee5 100644 --- a/pdns/recursordist/syncres.cc +++ b/pdns/recursordist/syncres.cc @@ -36,7 +36,7 @@ #include "lua-recursor4.hh" #include "rec-lua-conf.hh" #include "syncres.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "validate-recursor.hh" #include "rec-taskqueue.hh" #include "shuffle.hh" @@ -3684,10 +3684,10 @@ vState SyncRes::getDSRecords(const DNSName& zone, dsset_t& dsSet, bool onlyTA, u const auto dscontent = getRR(record); if (dscontent && isSupportedDS(*dscontent, LogObject(prefix))) { // Make GOST a lower prio than SHA256 - if (dscontent->d_digesttype == DNSSECKeeper::DIGEST_GOST && bestDigestType == DNSSECKeeper::DIGEST_SHA256) { + if (dscontent->d_digesttype == DNSSEC::DIGEST_GOST && bestDigestType == DNSSEC::DIGEST_SHA256) { continue; } - if (dscontent->d_digesttype > bestDigestType || (bestDigestType == DNSSECKeeper::DIGEST_GOST && dscontent->d_digesttype == DNSSECKeeper::DIGEST_SHA256)) { + if (dscontent->d_digesttype > bestDigestType || (bestDigestType == DNSSEC::DIGEST_GOST && dscontent->d_digesttype == DNSSEC::DIGEST_SHA256)) { bestDigestType = dscontent->d_digesttype; } dsSet.insert(*dscontent); @@ -3703,7 +3703,7 @@ vState SyncRes::getDSRecords(const DNSName& zone, dsset_t& dsSet, bool onlyTA, u * We interpret that as: do not use SHA-1 if SHA-256 or SHA-384 is available */ for (auto dsrec = dsSet.begin(); dsrec != dsSet.end();) { - if (dsrec->d_digesttype == DNSSECKeeper::DIGEST_SHA1 && dsrec->d_digesttype != bestDigestType) { + if (dsrec->d_digesttype == DNSSEC::DIGEST_SHA1 && dsrec->d_digesttype != bestDigestType) { dsrec = dsSet.erase(dsrec); } else { diff --git a/pdns/recursordist/test-aggressive_nsec_cc.cc b/pdns/recursordist/test-aggressive_nsec_cc.cc index 948d7743d9..900d65b62b 100644 --- a/pdns/recursordist/test-aggressive_nsec_cc.cc +++ b/pdns/recursordist/test-aggressive_nsec_cc.cc @@ -50,8 +50,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_nxdomain) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -146,8 +146,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_nodata) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -232,8 +232,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_nodata_wildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -325,8 +325,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_ancestor) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -439,8 +439,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec_wildcard_synthesis) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -556,8 +556,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec3_nxdomain) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -659,8 +659,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec3_nodata) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -746,8 +746,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec3_nodata_wildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -851,8 +851,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec3_ancestor) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -971,8 +971,8 @@ BOOST_AUTO_TEST_CASE(test_aggressive_nsec3_wildcard_synthesis) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); diff --git a/pdns/recursordist/test-syncres_cc.hh b/pdns/recursordist/test-syncres_cc.hh index 1e0e22590c..4c67da23b1 100644 --- a/pdns/recursordist/test-syncres_cc.hh +++ b/pdns/recursordist/test-syncres_cc.hh @@ -23,7 +23,7 @@ #include "arguments.hh" #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "rec-lua-conf.hh" #include "syncres.hh" #include "test-common.hh" diff --git a/pdns/recursordist/test-syncres_cc1.cc b/pdns/recursordist/test-syncres_cc1.cc index 8bbe47a083..3e3efa3691 100644 --- a/pdns/recursordist/test-syncres_cc1.cc +++ b/pdns/recursordist/test-syncres_cc1.cc @@ -2389,9 +2389,9 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(dnameOwner, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(dnameTarget, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(dnameOwner, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(dnameTarget, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queries = 0; @@ -2541,8 +2541,8 @@ BOOST_AUTO_TEST_CASE(test_dname_plus_ns_dnssec_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(dnameTarget, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(dnameTarget, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queries = 0; @@ -2648,8 +2648,8 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_insecure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(dnameOwner, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(dnameOwner, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queries = 0; diff --git a/pdns/recursordist/test-syncres_cc10.cc b/pdns/recursordist/test-syncres_cc10.cc index fb1c85cff0..2cbd4ba579 100644 --- a/pdns/recursordist/test-syncres_cc10.cc +++ b/pdns/recursordist/test-syncres_cc10.cc @@ -154,10 +154,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut_invalid_ds_denia auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -284,9 +284,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_wrong_rrsig_fake_signer) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -397,9 +397,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_missing_soa) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -541,9 +541,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_missing_dnskey) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -669,9 +669,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nxd_dnskey) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -797,9 +797,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nxd_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -912,22 +912,22 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_loop) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); /* Generate key material for "powerdns.com." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey key; key.setKey(std::move(dcke), 257); - DSRecordContent drc = makeDSFromDNSKey(DNSName("powerdns.com."), key.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(DNSName("powerdns.com."), key.getDNSKEY(), DNSSEC::DIGEST_SHA256); testkeysset_t wrongKeys; - auto wrongDcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto wrongDcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); wrongDcke->create(wrongDcke->getBits()); DNSSECPrivateKey wrongKey; wrongKey.setKey(std::move(wrongDcke), 256); - DSRecordContent uselessdrc = makeDSFromDNSKey(DNSName("powerdns.com."), wrongKey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent uselessdrc = makeDSFromDNSKey(DNSName("powerdns.com."), wrongKey.getDNSKEY(), DNSSEC::DIGEST_SHA256); wrongKeys[DNSName("powerdns.com.")] = std::pair(wrongKey, uselessdrc); keys[DNSName("powerdns.com.")] = std::pair(key, drc); @@ -1018,15 +1018,15 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_ds_loop) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); /* Generate key material for "powerdns.com." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey key; key.setKey(std::move(dcke), 257); - DSRecordContent drc = makeDSFromDNSKey(DNSName("powerdns.com."), key.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(DNSName("powerdns.com."), key.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[DNSName("powerdns.com.")] = std::pair(key, drc); g_luaconfs.setState(luaconfsCopy); diff --git a/pdns/recursordist/test-syncres_cc2.cc b/pdns/recursordist/test-syncres_cc2.cc index 8297413b2e..b000ad9384 100644 --- a/pdns/recursordist/test-syncres_cc2.cc +++ b/pdns/recursordist/test-syncres_cc2.cc @@ -809,9 +809,9 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(parent1, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(parent2, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(parent1, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(parent2, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; diff --git a/pdns/recursordist/test-syncres_cc3.cc b/pdns/recursordist/test-syncres_cc3.cc index 621802900b..5419a239ce 100644 --- a/pdns/recursordist/test-syncres_cc3.cc +++ b/pdns/recursordist/test-syncres_cc3.cc @@ -203,8 +203,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_extra_answers) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com"), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com"), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); sr->setAsyncCallback([&](const ComboAddress& address, const DNSName& domain, int type, bool /* doTCP */, bool /* sendRDQuery */, int /* EDNS0Level */, struct timeval* /* now */, boost::optional& /* srcmask */, const ResolveContext& /* context */, LWResult* res, bool* /* chained */) { @@ -985,8 +985,8 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); const ComboAddress forwardedNS("192.0.2.42:53"); @@ -1055,8 +1055,8 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_nord_dnssec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("test."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("test."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); const ComboAddress forwardedNS("192.0.2.42:53"); @@ -1157,9 +1157,9 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_bogus) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(cnameTarget, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(cnameTarget, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); const ComboAddress forwardedNS("192.0.2.42:53"); @@ -1225,9 +1225,9 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_nodata_bogus) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); const ComboAddress forwardedNS("192.0.2.42:53"); @@ -1289,8 +1289,8 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_cname_wildcard_expanded auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(cnameTarget, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(cnameTarget, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); const ComboAddress forwardedNS("192.0.2.42:53"); diff --git a/pdns/recursordist/test-syncres_cc4.cc b/pdns/recursordist/test-syncres_cc4.cc index f89f2dcc14..5fa61d6666 100644 --- a/pdns/recursordist/test-syncres_cc4.cc +++ b/pdns/recursordist/test-syncres_cc4.cc @@ -138,7 +138,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_delegation) testkeysset_t keys; auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); /* make sure that the signature inception and validity times are computed @@ -440,7 +440,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig) { initSR(); - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); @@ -470,7 +470,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_future) { initSR(); - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); @@ -512,7 +512,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_extreme_timestamps) { initSR(); - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); @@ -563,7 +563,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_csk) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -630,17 +630,17 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_ksk_zsk) testkeysset_t kskeys; /* Generate key material for "." */ - auto dckeZ = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dckeZ = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dckeZ->create(dckeZ->getBits()); DNSSECPrivateKey ksk; ksk.setKey(std::move(dckeZ), 257); - DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSEC::DIGEST_SHA256); - auto dckeK = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dckeK = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dckeK->create(dckeK->getBits()); DNSSECPrivateKey zsk; zsk.setKey(std::move(dckeK), 256); - DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSEC::DIGEST_SHA256); kskeys[target] = std::pair(ksk, kskds); zskeys[target] = std::pair(zsk, zskds); @@ -716,7 +716,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_dnskey) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -781,11 +781,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_without_zone_flag) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey csk; csk.setKey(std::move(dcke), 0); - DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[target] = std::pair(csk, ds); @@ -857,11 +857,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_revoked) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey csk; csk.setKey(std::move(dcke), 257 | 128); - DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[target] = std::pair(csk, ds); @@ -934,17 +934,17 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) testkeysset_t keys; /* Generate key material for "." */ - auto dckeDS = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dckeDS = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dckeDS->create(dckeDS->getBits()); DNSSECPrivateKey dskey; dskey.setKey(std::move(dckeDS), 257); - DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSEC::DIGEST_SHA256); - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); - DSRecordContent seconddrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent seconddrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSEC::DIGEST_SHA256); dskeys[target] = std::pair(dskey, drc); keys[target] = std::pair(dpk, seconddrc); @@ -1058,7 +1058,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_too_many_dss) luaconfsCopy.dsAnchors.clear(); /* generate more DSs for the zone than we are willing to consider: only the last one will be used to generate DNSKEY records */ for (size_t idx = 0; idx < (g_maxDSsToConsider + 10U); idx++) { - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); } g_luaconfs.setState(luaconfsCopy); @@ -1138,7 +1138,7 @@ PrivateKey: Ovj4pzrSh0U6aEVoKaPFhK1D4NMG0xrymj9+6TpwC8o=)PKEY"); DNSSECPrivateKey dskey; dskey.setKey(std::move(dckeDS), 257); assert(dskey.getTag() == 31337); - DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSEC::DIGEST_SHA256); dskeys[target] = std::pair(dskey, drc); /* Different key, same tag */ @@ -1148,7 +1148,7 @@ PrivateKey: n7SRA4n6NejhZBWQOhjTaICYSpkTl6plJn1ATFG23FI=)PKEY"); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); assert(dpk.getTag() == dskey.getTag()); - DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[target] = std::pair(dpk, uselessdrc); /* Set the root DS (one of them!) */ @@ -1238,7 +1238,7 @@ PrivateKey: Ovj4pzrSh0U6aEVoKaPFhK1D4NMG0xrymj9+6TpwC8o=)PKEY"); DNSSECPrivateKey dskey; dskey.setKey(std::move(dckeDS), 257); assert(dskey.getTag() == 31337); - DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSEC::DIGEST_SHA256); dskeys[target] = std::pair(dskey, drc); /* Different key, same tag */ @@ -1250,7 +1250,7 @@ PrivateKey: pTaMJcvNrPIIiQiHGvCLZZASroyQpUwew5FvCgjHNsk=)PKEY"); // so that the validation of the DNSKEY rrset succeeds dpk.setKey(std::move(dcke), 258); assert(dpk.getTag() == dskey.getTag()); - DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[target] = std::pair(dpk, uselessdrc); /* Set the root DSs (only one of them) */ @@ -1332,14 +1332,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); - auto dckeRRSIG = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dckeRRSIG = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dckeRRSIG->create(dckeRRSIG->getBits()); DNSSECPrivateKey rrsigkey; rrsigkey.setKey(std::move(dckeRRSIG), 257); - DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSEC::DIGEST_SHA256); rrsigkeys[target] = std::pair(rrsigkey, rrsigds); @@ -1407,7 +1407,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1482,7 +1482,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig_noaa) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1557,13 +1557,13 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; /* Fake algorithm number (private) */ dpk.setKey(std::move(dcke), 256, 253); - DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSEC::DIGEST_SHA256); keys[target] = std::pair(dpk, drc); /* Fake algorithm number (private) */ drc.d_algorithm = 253; @@ -1638,11 +1638,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) testkeysset_t keys; /* Generate key material for "." */ - auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256); + auto dcke = DNSCryptoKeyEngine::make(DNSSEC::ECDSA256); dcke->create(dcke->getBits()); DNSSECPrivateKey dpk; dpk.setKey(std::move(dcke), 256); - DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256); + DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSEC::DIGEST_SHA256); /* Fake digest number (reserved) */ drc.d_digesttype = 0; @@ -1719,7 +1719,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_sig) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); /* make sure that the signature inception and validity times are computed @@ -1791,7 +1791,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_too_many_sigs) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); /* make sure that the signature inception and validity times are computed @@ -1869,7 +1869,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_too_many_sig_validations) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); /* make sure that the signature inception and validity times are computed @@ -1933,7 +1933,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); @@ -1952,7 +1952,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) } /* FORCE WRONG ALGO */ - addRRSIG(keys, res->d_records, domain, 300, false, DNSSECKeeper::RSASHA256); + addRRSIG(keys, res->d_records, domain, 300, false, DNSSEC::RSASHA256); addRecordToLW(res, "a.root-servers.net.", QType::A, "198.41.0.4", DNSResourceRecord::ADDITIONAL, 3600); addRecordToLW(res, "a.root-servers.net.", QType::AAAA, "2001:503:ba3e::2:30", DNSResourceRecord::ADDITIONAL, 3600); @@ -2003,8 +2003,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -2084,8 +2084,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds_direct) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); diff --git a/pdns/recursordist/test-syncres_cc5.cc b/pdns/recursordist/test-syncres_cc5.cc index a1e873e02e..afc04616de 100644 --- a/pdns/recursordist/test-syncres_cc5.cc +++ b/pdns/recursordist/test-syncres_cc5.cc @@ -22,9 +22,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_various_algos) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA384, DNSSECKeeper::DIGEST_SHA384, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA384, DNSSEC::DIGEST_SHA384, keys); g_luaconfs.setState(luaconfsCopy); @@ -124,9 +124,9 @@ static void testFixedPointInTime(time_t fixedNow) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::RSASHA512, DNSSECKeeper::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA384, DNSSECKeeper::DIGEST_SHA384, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::RSASHA512, DNSSEC::DIGEST_SHA384, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA384, DNSSEC::DIGEST_SHA384, keys); g_luaconfs.setState(luaconfsCopy); @@ -250,9 +250,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_a_then_ns) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -354,8 +354,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_a_then_ns) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -455,9 +455,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_with_nta) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); /* Add a NTA for "powerdns.com" */ luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; @@ -556,9 +556,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_with_nta) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); /* Add a NTA for "powerdns.com" */ luaconfsCopy.negAnchors[target] = "NTA for PowerDNS.com"; @@ -643,9 +643,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -734,9 +734,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nxdomain_nsec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -848,9 +848,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -965,9 +965,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard_proof_before_rrsig) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1085,9 +1085,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard_proof_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1193,8 +1193,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_nodata_nowildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1273,8 +1273,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1364,8 +1364,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_too_many_nsec3s) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1454,8 +1454,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_too_many_nsec3s_per_query) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1535,8 +1535,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1631,8 +1631,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_too_many_ite auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1723,9 +1723,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1844,9 +1844,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard_proof_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1947,9 +1947,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard_too_many_iterations) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -2060,9 +2060,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard_missing) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -2164,9 +2164,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_wildcard_expanded_onto_itself) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); @@ -2219,9 +2219,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_wildcard_expanded_onto_itself_nodata auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); @@ -2273,9 +2273,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_wildcard_like_expanded_from_wildcard auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); @@ -2335,11 +2335,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_incomplete_cache_zonecut_qm) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("net."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("herokuapp.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("nsone.net."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("net."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("herokuapp.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("nsone.net."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -2469,9 +2469,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_servfail_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -2580,9 +2580,9 @@ static void dnssec_secure_servfail_dnskey(DNSSECMode mode, vState /* expectedVal auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -2702,9 +2702,9 @@ static void dnssec_secure_servfail_dnskey_insecure(DNSSECMode mode, vState expec auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, pdnskeys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, pdnskeys); g_luaconfs.setState(luaconfsCopy); diff --git a/pdns/recursordist/test-syncres_cc6.cc b/pdns/recursordist/test-syncres_cc6.cc index 295fb9c57f..9f0d7ec580 100644 --- a/pdns/recursordist/test-syncres_cc6.cc +++ b/pdns/recursordist/test-syncres_cc6.cc @@ -21,9 +21,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -140,10 +140,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_sign_loop) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("www.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("www.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -260,9 +260,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_denial_loop) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.insecure.powerdns."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.insecure.powerdns."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -338,7 +338,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_root) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); @@ -395,11 +395,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_dnskey_signed_child) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("www.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.www.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("www.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.www.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -505,9 +505,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_dnskey_unpublished) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("unpublished.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("unpublished.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -603,9 +603,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_dnskey_unpublished_nsec3) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("unpublished.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("unpublished.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -700,8 +700,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -810,9 +810,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -898,9 +898,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_no_nsec) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -987,8 +987,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1095,8 +1095,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_optout) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1208,8 +1208,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nxd_optout) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1313,9 +1313,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_direct_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1380,8 +1380,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_direct_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1443,9 +1443,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1564,9 +1564,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_without_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1661,9 +1661,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_broken_without_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -1759,11 +1759,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_broken_cname_ds) luaconfsCopy.dsAnchors.clear(); // We have two set of keys as powerdns.com and sub.powerdns.com are Insecure but still have RRSIGS - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, pdnskeys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, pdnskeys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, pdnskeys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, pdnskeys); g_luaconfs.setState(luaconfsCopy); @@ -1865,10 +1865,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_cname_for_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); diff --git a/pdns/recursordist/test-syncres_cc7.cc b/pdns/recursordist/test-syncres_cc7.cc index 641d3f08f7..72fb85a555 100644 --- a/pdns/recursordist/test-syncres_cc7.cc +++ b/pdns/recursordist/test-syncres_cc7.cc @@ -22,10 +22,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_ta_skipped_cut) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); /* No key material for .com */ /* But TA for sub.powerdns.com. */ - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); luaconfsCopy.dsAnchors[DNSName("sub.powerdns.com.")].insert(keys[DNSName("sub.powerdns.com.")].second); g_luaconfs.setState(luaconfsCopy); @@ -149,8 +149,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); @@ -277,9 +277,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -403,9 +403,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname_glue) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -523,9 +523,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -645,10 +645,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("power-dns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -741,10 +741,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("power-dns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -837,10 +837,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("power-dns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -933,10 +933,10 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("power-dns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("power-dns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1050,9 +1050,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); /* No key material for .com */ - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); luaconfsCopy.dsAnchors[target].insert(keys[target].second); g_luaconfs.setState(luaconfsCopy); @@ -1146,9 +1146,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta_norrsig) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); /* No key material for .com */ - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); luaconfsCopy.dsAnchors[target].insert(keys[target].second); g_luaconfs.setState(luaconfsCopy); @@ -1241,7 +1241,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_nta) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); /* Add a NTA for "." */ luaconfsCopy.negAnchors[g_rootdnsname] = "NTA for Root"; g_luaconfs.setState(luaconfsCopy); @@ -1365,9 +1365,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nodata) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1427,8 +1427,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_missing_soa_on_nodata) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1500,8 +1500,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_missing_soa_on_nxd) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1573,9 +1573,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nxdomain) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1638,8 +1638,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cut_with_cname_at_apex) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1773,8 +1773,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_cname_inside_secure_zone) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; diff --git a/pdns/recursordist/test-syncres_cc8.cc b/pdns/recursordist/test-syncres_cc8.cc index 86e4789385..3f531c6ed3 100644 --- a/pdns/recursordist/test-syncres_cc8.cc +++ b/pdns/recursordist/test-syncres_cc8.cc @@ -20,7 +20,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_nowrap) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -69,7 +69,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_1) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -105,7 +105,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_2) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -141,7 +141,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_only_one_nsec) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -177,7 +177,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -222,7 +222,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_ancestor_nxqtype_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -273,8 +273,8 @@ BOOST_AUTO_TEST_CASE(test_nsec_ds_denial_from_child) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -305,7 +305,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -347,7 +347,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial_soa) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -387,7 +387,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxqtype_cname) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -416,7 +416,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_ds) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -451,7 +451,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_cname) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -480,7 +480,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxdomain_denial_missing_wildcard) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -508,7 +508,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -548,7 +548,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_expanded_wildcard_proof) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -579,7 +579,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_wildcard_with_cname) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -645,7 +645,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_wildcard_with_cname) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -723,7 +723,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -782,8 +782,8 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_invalid_signer) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -819,8 +819,8 @@ BOOST_AUTO_TEST_CASE(test_nsec3_denial_invalid_signer) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("sub.example.org."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("sub.example.org."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -875,7 +875,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -955,7 +955,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_denial_too_many_iterations) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -985,7 +985,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_many_labels_between_name_and_closest_encloser) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -1047,7 +1047,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -1089,7 +1089,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial_soa) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -1129,7 +1129,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ent_opt_out) initSR(); testkeysset_t keys; - generateKeyMaterial(DNSName("."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); vector records; @@ -1191,8 +1191,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1259,8 +1259,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_bogus_validity) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1331,8 +1331,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_cache_validity) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1401,7 +1401,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1533,7 +1533,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_bogus) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1621,7 +1621,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_secure_any) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; diff --git a/pdns/recursordist/test-syncres_cc9.cc b/pdns/recursordist/test-syncres_cc9.cc index 88525c34d2..a024b032e8 100644 --- a/pdns/recursordist/test-syncres_cc9.cc +++ b/pdns/recursordist/test-syncres_cc9.cc @@ -28,7 +28,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -176,7 +176,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_bogus) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -271,7 +271,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_additional_without_rrsig) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -353,8 +353,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -439,8 +439,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure_ds) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -572,8 +572,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -742,12 +742,12 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA1, keys2); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA1, keys2); // But add the existing root key otherwise no RRSIG can be created auto rootkey = keys.find(g_rootdnsname); keys2.insert(*rootkey); @@ -771,7 +771,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo) BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(dsSet.size(), 1U); for (const auto& dsRecord : dsSet) { - BOOST_CHECK_EQUAL(dsRecord.d_digesttype, DNSSECKeeper::DIGEST_SHA256); + BOOST_CHECK_EQUAL(dsRecord.d_digesttype, DNSSEC::DIGEST_SHA256); } } @@ -788,17 +788,17 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_all_sha) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA1, keys2); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA1, keys2); // But add the existing root key otherwise no RRSIG can be created auto rootkey = keys.find(g_rootdnsname); keys2.insert(*rootkey); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA384, keys3); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA384, keys3); // But add the existing root key otherwise no RRSIG can be created keys3.insert(*rootkey); @@ -824,7 +824,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_all_sha) BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(dsSet.size(), 2U); for (const auto& dsRecord : dsSet) { - BOOST_CHECK(dsRecord.d_digesttype == DNSSECKeeper::DIGEST_SHA384 || dsRecord.d_digesttype == DNSSECKeeper::DIGEST_SHA256); + BOOST_CHECK(dsRecord.d_digesttype == DNSSEC::DIGEST_SHA384 || dsRecord.d_digesttype == DNSSEC::DIGEST_SHA256); } } @@ -841,17 +841,17 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_two_highest) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); // As testkeysset_t only contains one DSRecordContent, create another one with a different hash algo - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys2); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys2); // But add the existing root key otherwise no RRSIG can be created auto rootkey = keys.find(g_rootdnsname); keys2.insert(*rootkey); - generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA1, keys3); + generateKeyMaterial(target, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA1, keys3); // But add the existing root key otherwise no RRSIG can be created keys3.insert(*rootkey); @@ -877,7 +877,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_two_highest) BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(dsSet.size(), 2U); for (const auto& dsRecord : dsSet) { - BOOST_CHECK_EQUAL(dsRecord.d_digesttype, DNSSECKeeper::DIGEST_SHA256); + BOOST_CHECK_EQUAL(dsRecord.d_digesttype, DNSSEC::DIGEST_SHA256); } } @@ -966,9 +966,9 @@ BOOST_AUTO_TEST_CASE(test_bogus_does_not_replace_secure_in_the_cache) testkeysset_t keys; auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("powerdns.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("powerdns.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); sr->setAsyncCallback([&](const ComboAddress& address, const DNSName& domain, int type, bool /* doTCP */, bool /* sendRDQuery */, int /* EDNS0Level */, struct timeval* /* now */, boost::optional& /* srcmask */, const ResolveContext& /* context */, LWResult* res, bool* /* chained */) { @@ -1233,8 +1233,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_referral_on_ds_query_insecure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("signed.ds-ignorant.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("signed.ds-ignorant.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; @@ -1321,9 +1321,9 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_referral_on_ds_query_secure) auto luaconfsCopy = g_luaconfs.getCopy(); luaconfsCopy.dsAnchors.clear(); - generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); - generateKeyMaterial(DNSName("ds-ignorant.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); - generateKeyMaterial(DNSName("signed.ds-ignorant.com."), DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys); + generateKeyMaterial(g_rootdnsname, DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors); + generateKeyMaterial(DNSName("ds-ignorant.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); + generateKeyMaterial(DNSName("signed.ds-ignorant.com."), DNSSEC::ECDSA256, DNSSEC::DIGEST_SHA256, keys); g_luaconfs.setState(luaconfsCopy); size_t queriesCount = 0; diff --git a/pdns/recursordist/ueberbackend.hh b/pdns/recursordist/ueberbackend.hh deleted file mode 120000 index 8b71d5e829..0000000000 --- a/pdns/recursordist/ueberbackend.hh +++ /dev/null @@ -1 +0,0 @@ -../ueberbackend.hh \ No newline at end of file diff --git a/pdns/recursordist/validate-recursor.cc b/pdns/recursordist/validate-recursor.cc index 331927312b..cd16ea6b64 100644 --- a/pdns/recursordist/validate-recursor.cc +++ b/pdns/recursordist/validate-recursor.cc @@ -4,7 +4,7 @@ #include "logger.hh" #include "rec-lua-conf.hh" #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "zoneparser-tng.hh" #include "rec-tcounters.hh" @@ -63,7 +63,7 @@ bool updateTrustAnchorsFromFile(const std::string& fname, map& if (dnskeyr == nullptr) { throw PDNSException("Unable to parse DNSKEY record '" + resourceRecord.qname.toString() + " " + resourceRecord.getZoneRepresentation() + "'"); } - auto dsr = makeDSFromDNSKey(resourceRecord.qname, *dnskeyr, DNSSECKeeper::DIGEST_SHA256); + auto dsr = makeDSFromDNSKey(resourceRecord.qname, *dnskeyr, DNSSEC::DIGEST_SHA256); newDSAnchors[resourceRecord.qname].insert(std::move(dsr)); } } diff --git a/pdns/sodiumsigners.cc b/pdns/sodiumsigners.cc index 8607e066f1..ba90685870 100644 --- a/pdns/sodiumsigners.cc +++ b/pdns/sodiumsigners.cc @@ -8,7 +8,7 @@ extern "C" #include } #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" class SodiumED25519DNSCryptoKeyEngine : public DNSCryptoKeyEngine { @@ -210,7 +210,7 @@ const struct LoaderSodiumStruct { LoaderSodiumStruct() { - DNSCryptoKeyEngine::report(DNSSECKeeper::ED25519, &SodiumED25519DNSCryptoKeyEngine::maker); + DNSCryptoKeyEngine::report(DNSSEC::ED25519, &SodiumED25519DNSCryptoKeyEngine::maker); } } loadersodium; } diff --git a/pdns/test-signers.cc b/pdns/test-signers.cc index 22cb402df5..33b274ddc3 100644 --- a/pdns/test-signers.cc +++ b/pdns/test-signers.cc @@ -12,7 +12,7 @@ #include "base32.hh" #include "base64.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "dnssecinfra.hh" #include "misc.hh" @@ -86,7 +86,7 @@ static const SignerParams rsaSha256SignerParams = SignerParams .flags = 256, .rfcFlags = 0, - .algorithm = DNSSECKeeper::RSASHA256, + .algorithm = DNSSEC::RSASHA256, .isDeterministic = true, #if OPENSSL_VERSION_MAJOR >= 3 @@ -156,7 +156,7 @@ static const SignerParams ecdsaSha256 = SignerParams .flags = 256, .rfcFlags = 0, - .algorithm = DNSSECKeeper::ECDSA256, + .algorithm = DNSSEC::ECDSA256, .isDeterministic = false, #if OPENSSL_VERSION_MAJOR >= 3 @@ -223,7 +223,7 @@ static const SignerParams ed25519 = SignerParams{ .flags = 256, .rfcFlags = 257, - .algorithm = DNSSECKeeper::ED25519, + .algorithm = DNSSEC::ED25519, .isDeterministic = true, .pem = "-----BEGIN PRIVATE KEY-----\n" @@ -285,7 +285,7 @@ static const SignerParams ed448 = SignerParams{ .flags = 256, .rfcFlags = 257, - .algorithm = DNSSECKeeper::ED448, + .algorithm = DNSSEC::ED448, .isDeterministic = true, .pem = "-----BEGIN PRIVATE KEY-----\n" @@ -307,19 +307,19 @@ struct Fixture BOOST_TEST_MESSAGE("Setting up signer params:"); - addSignerParams(DNSSECKeeper::RSASHA256, "RSA SHA256", rsaSha256SignerParams); + addSignerParams(DNSSEC::RSASHA256, "RSA SHA256", rsaSha256SignerParams); #ifdef HAVE_LIBCRYPTO_ECDSA - addSignerParams(DNSSECKeeper::ECDSA256, "ECDSA SHA256", ecdsaSha256); + addSignerParams(DNSSEC::ECDSA256, "ECDSA SHA256", ecdsaSha256); #endif // We need to have HAVE_LIBCRYPTO_ED25519 for the PEM reader/writer. #if defined(HAVE_LIBCRYPTO_ED25519) - addSignerParams(DNSSECKeeper::ED25519, "ED25519", ed25519); + addSignerParams(DNSSEC::ED25519, "ED25519", ed25519); #endif #if defined(HAVE_LIBCRYPTO_ED448) - addSignerParams(DNSSECKeeper::ED448, "ED448", ed448); + addSignerParams(DNSSEC::ED448, "ED448", ed448); #endif } @@ -342,13 +342,13 @@ static void checkRR(const SignerParams& signer) sortedRecords_t rrs; /* values taken from rfc8080 for ed25519 and ed448, rfc5933 for gost */ - DNSName qname(dpk.getAlgorithm() == DNSSECKeeper::ECCGOST ? "www.example.net." : "example.com."); + DNSName qname(dpk.getAlgorithm() == DNSSEC::ECCGOST ? "www.example.net." : "example.com."); RRSIGRecordContent rrc; uint32_t expire = 1440021600; uint32_t inception = 1438207200; - if (dpk.getAlgorithm() == DNSSECKeeper::ECCGOST) { + if (dpk.getAlgorithm() == DNSSEC::ECCGOST) { rrc.d_signer = DNSName("example.net."); inception = 946684800; expire = 1893456000; @@ -413,17 +413,17 @@ static void test_generic_signer(std::shared_ptr dcke, DNSKEY BOOST_CHECK_EQUAL(drc.getZoneRepresentation(), signer.zoneRepresentation); DNSName name(signer.name); - auto ds1 = makeDSFromDNSKey(name, drc, DNSSECKeeper::DIGEST_SHA1); + auto ds1 = makeDSFromDNSKey(name, drc, DNSSEC::DIGEST_SHA1); if (!signer.dsSHA1.empty()) { BOOST_CHECK_EQUAL(ds1.getZoneRepresentation(), signer.dsSHA1); } - auto ds2 = makeDSFromDNSKey(name, drc, DNSSECKeeper::DIGEST_SHA256); + auto ds2 = makeDSFromDNSKey(name, drc, DNSSEC::DIGEST_SHA256); if (!signer.dsSHA256.empty()) { BOOST_CHECK_EQUAL(ds2.getZoneRepresentation(), signer.dsSHA256); } - auto ds4 = makeDSFromDNSKey(name, drc, DNSSECKeeper::DIGEST_SHA384); + auto ds4 = makeDSFromDNSKey(name, drc, DNSSEC::DIGEST_SHA384); if (!signer.dsSHA384.empty()) { BOOST_CHECK_EQUAL(ds4.getZoneRepresentation(), signer.dsSHA384); } diff --git a/pdns/validate.cc b/pdns/validate.cc index 6f7aa17b20..24a090bdec 100644 --- a/pdns/validate.cc +++ b/pdns/validate.cc @@ -23,7 +23,7 @@ #include "validate.hh" #include "misc.hh" #include "dnssecinfra.hh" -#include "dnsseckeeper.hh" +#include "dnssec.hh" #include "rec-lua-conf.hh" #include "base32.hh" #include "logger.hh" @@ -1051,7 +1051,7 @@ namespace { try { auto dke = DNSCryptoKeyEngine::makeFromPublicKeyString(key.d_algorithm, key.d_key); result = dke->verify(msg, sig.d_signature); - VLOG(log, qname << ": Signature by key with tag "<