-e "s/@CONTROLPORT@/${CONTROLPORT}/g" \
-e "s/@DEFAULT_ALGORITHM@/${DEFAULT_ALGORITHM}/g" \
-e "s/@DEFAULT_ALGORITHM_NUMBER@/${DEFAULT_ALGORITHM_NUMBER}/g" \
+ -e "s/@DEFAULT_ALGORITHM_DST_NUMBER@/${DEFAULT_ALGORITHM_DST_NUMBER}/g" \
-e "s/@DEFAULT_BITS@/${DEFAULT_BITS}/g" \
-e "s/@ALTERNATIVE_ALGORITHM@/${ALTERNATIVE_ALGORITHM}/g" \
-e "s/@ALTERNATIVE_ALGORITHM_NUMBER@/${ALTERNATIVE_ALGORITHM_NUMBER}/g" \
+ -e "s/@ALTERNATIVE_ALGORITHM_DST_NUMBER@/${ALTERNATIVE_ALGORITHM_DST_NUMBER}/g" \
-e "s/@ALTERNATIVE_BITS@/${ALTERNATIVE_BITS}/g" \
-e "s/@DEFAULT_HMAC@/${DEFAULT_HMAC}/g" \
-e "s/@DISABLED_ALGORITHM@/${DISABLED_ALGORITHM}/g" \
-e "s/@DISABLED_ALGORITHM_NUMBER@/${DISABLED_ALGORITHM_NUMBER}/g" \
+ -e "s/@DISABLED_ALGORITHM_NUMBER@/${DISABLED_ALGORITHM_DST_NUMBER}/g" \
-e "s/@DISABLED_BITS@/${DISABLED_BITS}/g" \
$1 >$2
}
| awk '
tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
for (i = 1; i <= NF; i++ ) {
- if (i <= 12) {
+ if (i <= 13) {
printf("%s ", $i);
continue;
}
tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
for (i = 1; i <= NF; i++ ) {
- if (i <= 12) {
+ if (i <= 13) {
printf("%s ", $i);
continue;
}
return ksigning, zsigning
+ def get_dnsalg(self) -> int:
+ alg = int(self.get_metadata("Algorithm"))
+ return alg
+
def ttl(self) -> int:
with open(self.keyfile, "r", encoding="utf-8") as file:
for line in file:
offline_ksk=offline_ksk, zsk_missing=zsk_missing, smooth=smooth
)
- alg = key.get_metadata("Algorithm")
+ alg = key.get_dnsalg()
rtype = dns.rdatatype.to_text(covers)
expect = rf"IN RRSIG {rtype} {alg} (\d) (\d+) (\d+) (\d+) {key.tag} {fqdn}"
"ALGORITHM_SET": "none",
"DEFAULT_ALGORITHM": "",
"DEFAULT_ALGORITHM_NUMBER": "",
+ "DEFAULT_ALGORITHM_DST_NUMBER": "",
"DEFAULT_BITS": "",
# Alternative algorithm for test cases that require more than one algorithm
# (for example algorithm rollover). Must be different from
# DEFAULT_ALGORITHM.
"ALTERNATIVE_ALGORITHM": "",
"ALTERNATIVE_ALGORITHM_NUMBER": "",
+ "ALTERNATIVE_ALGORITHM_DST_NUMBER": "",
"ALTERNATIVE_BITS": "",
# Algorithm that is used for tests against the "disable-algorithms"
# configuration option. Must be different from above algorithms.
"DISABLED_ALGORITHM": "",
"DISABLED_ALGORITHM_NUMBER": "",
+ "DISABLED_ALGORITHM_DST_NUMBER": "",
"DISABLED_BITS": "",
# Default HMAC algorithm. Must match the rndc configuration in
# bin/tests/system/_common (rndc.conf, rndc.key)
class Algorithm(NamedTuple):
name: str
number: int
+ dst: int
bits: int
"disable-algorithms" configuration option."""
-RSASHA1 = Algorithm("RSASHA1", 5, 2048)
-RSASHA256 = Algorithm("RSASHA256", 8, 2048)
-RSASHA512 = Algorithm("RSASHA512", 10, 2048)
-ECDSAP256SHA256 = Algorithm("ECDSAP256SHA256", 13, 256)
-ECDSAP384SHA384 = Algorithm("ECDSAP384SHA384", 14, 384)
-ED25519 = Algorithm("ED25519", 15, 256)
-ED448 = Algorithm("ED448", 16, 456)
+RSASHA1 = Algorithm("RSASHA1", 5, 5, 2048)
+RSASHA256 = Algorithm("RSASHA256", 8, 8, 2048)
+RSASHA512 = Algorithm("RSASHA512", 10, 10, 2048)
+ECDSAP256SHA256 = Algorithm("ECDSAP256SHA256", 13, 13, 256)
+ECDSAP384SHA384 = Algorithm("ECDSAP384SHA384", 14, 14, 384)
+ED25519 = Algorithm("ED25519", 15, 15, 256)
+ED448 = Algorithm("ED448", 16, 16, 456)
ALL_ALGORITHMS = [
RSASHA1,
def set_alg_env(alg: Algorithm, prefix):
algs_env[f"{prefix}_ALGORITHM"] = alg.name
algs_env[f"{prefix}_ALGORITHM_NUMBER"] = str(alg.number)
+ algs_env[f"{prefix}_ALGORITHM_DST_NUMBER"] = str(alg.dst)
algs_env[f"{prefix}_BITS"] = str(alg.bits)
assert isinstance(algs.default, Algorithm)
def check_keys(
keys,
lifetime,
- alg=os.environ["DEFAULT_ALGORITHM_NUMBER"],
+ alg=os.environ["DEFAULT_ALGORITHM_DST_NUMBER"],
size=os.environ["DEFAULT_BITS"],
offset=0,
with_state=False,
count = 0
for key in bundle_keys:
found = False
- alg = key.get_metadata("Algorithm")
+ alg = key.get_dnsalg()
expect = f"{zone}. 3600 IN RRSIG {rrtype} {alg} 2 3600 {sigend} {sigstart} {key.tag} {zone}."
# there must be a signature of this ksk
for line in bundle_lines:
ksks_altalg = []
for ksk in ksks:
alg = ksk.get_metadata("Algorithm")
- if alg == os.environ.get("DEFAULT_ALGORITHM_NUMBER"):
+ if alg == os.environ.get("DEFAULT_ALGORITHM_DST_NUMBER"):
ksks_defalg.append(ksk)
- elif alg == os.environ.get("ALTERNATIVE_ALGORITHM_NUMBER"):
+ elif alg == os.environ.get("ALTERNATIVE_ALGORITHM_DST_NUMBER"):
ksks_altalg.append(ksk)
assert len(ksks_defalg) == 1
check_keys(ksks_defalg, None)
- alg = os.environ.get("ALTERNATIVE_ALGORITHM_NUMBER")
+ alg = os.environ.get("ALTERNATIVE_ALGORITHM_DST_NUMBER")
size = os.environ.get("ALTERNATIVE_BITS")
check_keys(ksks_altalg, None, alg, size)
zsks_altalg = []
for zsk in zsks:
alg = zsk.get_metadata("Algorithm")
- if alg == os.environ.get("DEFAULT_ALGORITHM_NUMBER"):
+ if alg == os.environ.get("DEFAULT_ALGORITHM_DST_NUMBER"):
zsks_defalg.append(zsk)
- elif alg == os.environ.get("ALTERNATIVE_ALGORITHM_NUMBER"):
+ elif alg == os.environ.get("ALTERNATIVE_ALGORITHM_DST_NUMBER"):
zsks_altalg.append(zsk)
assert len(zsks_defalg) == 4
lifetime = timedelta(days=31 * 3)
check_keys(zsks_defalg, lifetime)
- alg = os.environ.get("ALTERNATIVE_ALGORITHM_NUMBER")
+ alg = os.environ.get("ALTERNATIVE_ALGORITHM_DST_NUMBER")
size = os.environ.get("ALTERNATIVE_BITS")
lifetime = timedelta(days=31 * 5)
check_keys(zsks_altalg, lifetime, alg, size)
lifetime = timedelta(days=31 * 3)
check_keys(zsks_defalg, lifetime, with_state=True)
- alg = os.environ.get("ALTERNATIVE_ALGORITHM_NUMBER")
+ alg = os.environ.get("ALTERNATIVE_ALGORITHM_DST_NUMBER")
size = os.environ.get("ALTERNATIVE_BITS")
lifetime = timedelta(days=31 * 5)
check_keys(zsks_altalg, lifetime, alg, size, with_state=True)
projects / thirdparty / bind9.git / commitdiff
