Test support with legacy HMAC K files with nsupdate

tsig-keygen generates key files that are different to those that
where generated by dnssec-keygen.  Check that nsupdate can still
read those old format files.

(cherry picked from commit e1fb17e72c069534cd08ad187e419005d75bbcf6)

diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
index 1746ec147420b58234ab7ac34b111f81b1f16ee1..2302d685c0f42ab1e476d0834ae517a805b32f8d 100644 (file)
--- a/bin/tests/system/nsupdate/clean.sh
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -31,6 +31,7 @@ rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.d
 rm -f ns1/many.test.db
 rm -f ns1/maxjournal.db
 rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
+rm -f ns1/legacy157.key ns1/legacy161.key ns1/legacy162.key ns1/legacy163.key ns1/legacy164.key ns1/legacy165.key
 rm -f ns1/sample.db
 rm -f ns1/sha512.key ns1/ddns.key
 rm -f ns10/_default.tsigkeys

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key
new file mode 100644 (file)
index 0000000..bed002b
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key
@@ -0,0 +1 @@
+legacy-157. IN KEY 0 3 157 mGcDSCx/fF121GOVJlITLg==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private
new file mode 100644 (file)
index 0000000..3ce72dd
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 157 (HMAC_MD5)
+Key: mGcDSCx/fF121GOVJlITLg==
+Bits: AAA=
+Created: 20230619042408
+Publish: 20230619042408
+Activate: 20230619042408

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key
new file mode 100644 (file)
index 0000000..cb50883
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key
@@ -0,0 +1 @@
+legacy-161. IN KEY 0 3 161 N80fGvcr8JifzRUJ62R4rQ==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private
new file mode 100644 (file)
index 0000000..dea2850
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 161 (HMAC_SHA1)
+Key: N80fGvcr8JifzRUJ62R4rQ==
+Bits: AAA=
+Created: 20230619042427
+Publish: 20230619042427
+Activate: 20230619042427

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key
new file mode 100644 (file)
index 0000000..126c94f
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key
@@ -0,0 +1 @@
+legacy-162. IN KEY 0 3 162 nSIKzFAGS7/tvBs8JteI+Q==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private
new file mode 100644 (file)
index 0000000..af78756
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 162 (HMAC_SHA224)
+Key: nSIKzFAGS7/tvBs8JteI+Q==
+Bits: AAA=
+Created: 20230619042555
+Publish: 20230619042555
+Activate: 20230619042555

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key
new file mode 100644 (file)
index 0000000..6945b1b
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key
@@ -0,0 +1 @@
+legacy-163. IN KEY 0 3 163 CvaupxnDeES3HnlYhTq53w==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private
new file mode 100644 (file)
index 0000000..590ba14
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 163 (HMAC_SHA256)
+Key: CvaupxnDeES3HnlYhTq53w==
+Bits: AAA=
+Created: 20230619042525
+Publish: 20230619042525
+Activate: 20230619042525

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key
new file mode 100644 (file)
index 0000000..4869618
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key
@@ -0,0 +1 @@
+legacy-164. IN KEY 0 3 164 wDldBJwJrYfPoL1Pj4ucOQ==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private
new file mode 100644 (file)
index 0000000..f06f67a
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 164 (HMAC_SHA384)
+Key: wDldBJwJrYfPoL1Pj4ucOQ==
+Bits: AAA=
+Created: 20230619042615
+Publish: 20230619042615
+Activate: 20230619042615

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key
new file mode 100644 (file)
index 0000000..45a2811
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key
@@ -0,0 +1 @@
+legacy-165. IN KEY 0 3 165 OgZrTcEa8P76hVY+xyN7Wg==

diff --git a/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private
new file mode 100644 (file)
index 0000000..1635f2a
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.3
+Algorithm: 165 (HMAC_SHA512)
+Key: OgZrTcEa8P76hVY+xyN7Wg==
+Bits: AAA=
+Created: 20230619042627
+Publish: 20230619042627
+Activate: 20230619042627

diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
index aa423c22530ba14b239933aecd45cb9b46f1f566..2c1899f17a836a705d2ad571cab28d71a023fcf4 100644 (file)
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
@@ -129,6 +129,12 @@ include "sha224.key";
 include "sha256.key";
 include "sha384.key";
 include "sha512.key";
+include "legacy157.key";
+include "legacy161.key";
+include "legacy162.key";
+include "legacy163.key";
+include "legacy164.key";
+include "legacy165.key";
 
 zone "keytests.nil" {
        type primary;
@@ -140,6 +146,12 @@ zone "keytests.nil" {
            grant sha256-key name sha256.keytests.nil. ANY;
            grant sha384-key name sha384.keytests.nil. ANY;
            grant sha512-key name sha512.keytests.nil. ANY;
+           grant legacy-157 name 157.keytests.nil. ANY;
+           grant legacy-161 name 161.keytests.nil. ANY;
+           grant legacy-162 name 162.keytests.nil. ANY;
+           grant legacy-163 name 163.keytests.nil. ANY;
+           grant legacy-164 name 164.keytests.nil. ANY;
+           grant legacy-165 name 165.keytests.nil. ANY;
        };
 };
 

diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index a4a1a3f8f9bd4b51d42c3071778629fc3ccc80cc..b12c79789e9b7c66d83085b176edc1dd8e30cfc2 100644 (file)
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -83,6 +83,17 @@ $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
 $TSIGKEYGEN -a hmac-sha384 sha384-key > ns1/sha384.key
 $TSIGKEYGEN -a hmac-sha512 sha512-key > ns1/sha512.key
 
+if $FEATURETEST --md5; then
+       echo 'key "legacy-157" { algorithm "hmac-md5"; secret "mGcDSCx/fF121GOVJlITLg=="; };' > ns1/legacy157.key
+else
+       echo "/* MD5 NOT SUPPORTED */" > ns1/legacy157.key
+fi
+echo 'key "legacy-161" { algorithm "hmac-sha1"; secret "N80fGvcr8JifzRUJ62R4rQ=="; };' > ns1/legacy161.key
+echo 'key "legacy-162" { algorithm "hmac-sha224"; secret "nSIKzFAGS7/tvBs8JteI+Q=="; };' > ns1/legacy162.key
+echo 'key "legacy-163" { algorithm "hmac-sha256"; secret "CvaupxnDeES3HnlYhTq53w=="; };' > ns1/legacy163.key
+echo 'key "legacy-164" { algorithm "hmac-sha384"; secret "wDldBJwJrYfPoL1Pj4ucOQ=="; };' > ns1/legacy164.key
+echo 'key "legacy-165" { algorithm "hmac-sha512"; secret "OgZrTcEa8P76hVY+xyN7Wg=="; };' > ns1/legacy165.key
+
 (cd ns3; $SHELL -e sign.sh)
 
 cp -f ns1/many.test.db.in ns1/many.test.db

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 9b6c77475349943ae0da7106e8ba007ca328f97e..81b51926ce8ccb5b1c79aa4c4e80145c68585809 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -840,6 +840,36 @@ fi
 
 n=$((n + 1))
 ret=0
+
+n=$((n + 1))
+ret=0
+echo_i "check TSIG key algorithms using legacy K file pairs (nsupdate -k) ($n)"
+if $FEATURETEST --md5
+then
+       ALGS="157 161 162 163 164 165"
+else
+       ALGS="161 162 163 164 165"
+       echo_i "skipping disabled md5 (157) algorithm"
+fi
+for alg in $ALGS; do
+    $NSUPDATE -k ns1/legacy/Klegacy-${alg}.+${alg}+*.key <<END > /dev/null || ret=1
+server 10.53.0.1 ${PORT}
+update add ${alg}.keytests.nil. 600 A 10.10.10.3
+send
+END
+done
+sleep 2
+for alg in $ALGS; do
+    $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
+done
+if [ $ret -ne 0 ]; then
+    echo_i "failed"
+    status=1
+fi
+
+n=$((n + 1))
+ret=0
+
 echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
 if $FEATURETEST --md5
 then