key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
*/
key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
*/
key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
*/
key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
*/
key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-rm -f good.conf.in good.conf.out badzero.conf *.out
-rm -f good-kasp.conf.in
-rm -rf test.keydir
+rm -f bad-kasp-keydir1.conf
+rm -f bad-kasp-keydir2.conf
+rm -f bad-kasp-keydir3.conf
+rm -f bad-kasp-keydir4.conf
+rm -f bad-kasp-keydir5.conf
rm -f checkconf.out*
rm -f diff.out*
-rm -f ns*/named.lock
+rm -f good-kasp.conf.in
rm -f good-server-christmas-tree.conf
+rm -f good.conf.in good.conf.out badzero.conf *.out
+rm -f ns*/named.lock
+rm -rf test.keydir
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
+. ../conf.sh
+
+copy_setports bad-kasp-keydir1.conf.in bad-kasp-keydir1.conf
+copy_setports bad-kasp-keydir2.conf.in bad-kasp-keydir2.conf
+copy_setports bad-kasp-keydir3.conf.in bad-kasp-keydir3.conf
+copy_setports bad-kasp-keydir4.conf.in bad-kasp-keydir4.conf
+copy_setports bad-kasp-keydir5.conf.in bad-kasp-keydir5.conf
cp -f good-server-christmas-tree.conf.in good-server-christmas-tree.conf
rm -f test.* good1.db.raw named-compilezone
rm -f ns*/named.lock
+rm -f zones/bad-tsig.db
rm -f zones/zone1_*.txt
./named-compilezone -D -F raw -o good1.db.raw example \
zones/good1.db > /dev/null 2>&1
+
+copy_setports zones/bad-tsig.db.in zones/bad-tsig.db
NS ns
ns A 192.0.2.1
-tsig TSIG hmac-sha1. 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
+tsig TSIG @DEFAULT_HMAC@ 1516135665 300 20 thBt8DheAD7qpqSFTiGK999sxGg= 54994 NOERROR 0
};
key "keyforview1" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "keyforview2" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
key "keyforview3" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0=";
};
# Test with views.
set_zone "example.net"
set_server "ns4" "10.53.0.4"
-TSIG="hmac-sha1:keyforview1:$VIEW1"
+TSIG="$DEFAULT_HMAC:keyforview1:$VIEW1"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example1"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
-TSIG="hmac-sha1:keyforview2:$VIEW2"
+TSIG="$DEFAULT_HMAC:keyforview2:$VIEW2"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
-TSIG="hmac-sha1:keyforview3:$VIEW3"
+TSIG="$DEFAULT_HMAC:keyforview3:$VIEW3"
wait_for_nsec
check_keys
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"
};
key "external" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
};
key "external" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
init_view_migration
set_keyalgorithm "KEY1" "8" "RSASHA256" "2048"
set_keyalgorithm "KEY2" "8" "RSASHA256" "1024"
-TSIG="hmac-sha1:external:$VIEW1"
+TSIG="$DEFAULT_HMAC:external:$VIEW1"
wait_for_nsec
# Make sure the zone is signed with legacy keys.
check_keys
init_view_migration
set_keyalgorithm "KEY1" "8" "RSASHA256" "2048"
set_keyalgorithm "KEY2" "8" "RSASHA256" "1024"
-TSIG="hmac-sha1:internal:$VIEW2"
+TSIG="$DEFAULT_HMAC:internal:$VIEW2"
wait_for_nsec
# Make sure the zone is signed with legacy keys.
check_keys
set_keystate "KEY3" "STATE_ZRRSIG" "hidden"
# Various signing policy checks (external).
-TSIG="hmac-sha1:external:$VIEW1"
+TSIG="$DEFAULT_HMAC:external:$VIEW1"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
dnssec_verify
# Various signing policy checks (internal).
-TSIG="hmac-sha1:internal:$VIEW2"
+TSIG="$DEFAULT_HMAC:internal:$VIEW2"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"
};
key int {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
};
key ext {
- algorithm "hmac-sha1";
+ algorithm @DEFAULT_HMAC@;
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
};
n=$((n+1))
echo_i "checking initial in-view zone file is loaded ($n)"
ret=0
-TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
-TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
echo_i "update in-view zone ($n)"
ret=0
-TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 <<END || ret=1
server 10.53.0.7
zone test.
echo_i "checking update ($n)"
ret=0
-TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n
grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
n=$((n+1))
echo_i "checking zone file edits are loaded ($n)"
ret=0
-TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
-TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+TSIG="$DEFAULT_HMAC:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
projects / thirdparty / bind9.git / commitdiff
