search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove building with NOCRYPTO option
[minix.git] / external / bsd / bind / dist / bin / tests / system / dnssec / ns2 / sign.sh
blobfb056f678532e0985338d00b13449ea4c195b1a4
1 #!/bin/sh -e
2 #
3 # Copyright (C) 2004, 2006-2012, 2014 Internet Systems Consortium, Inc. ("ISC")
4 # Copyright (C) 2000-2003 Internet Software Consortium.
5 #
6 # Permission to use, copy, modify, and/or distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
9 #
10 # THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 # REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 # AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 # LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 # PERFORMANCE OF THIS SOFTWARE.
17
18 SYSTEMTESTTOP=../..
19 . $SYSTEMTESTTOP/conf.sh
20
21 zone=example.
22 infile=example.db.in
23 zonefile=example.db
24
25 # Have the child generate a zone key and pass it to us.
26
27 ( cd ../ns3 && $SHELL sign.sh )
28
29 for subdomain in secure bogus dnskey-unknown dnskey-nsec3-unknown \
30 dynamic keyless nsec3 optout nsec3-unknown optout-unknown \
31 multiple rsasha256 rsasha512 kskonly update-nsec3 auto-nsec \
32 auto-nsec3 secure.below-cname ttlpatch split-dnssec split-smart \
33 expired expiring upper lower
34
35 do
36 cp ../ns3/dsset-$subdomain.example. .
37 done
38
39 keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
40 keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
41
42 cat $infile $keyname1.key $keyname2.key >$zonefile
43
44 $SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
45
46 #
47 # lower/uppercase the signature bits with the exception of the last characters
48 # changing the last 4 characters will lead to a bad base64 encoding.
49 #
50 $CHECKZONE -D -q -i local $zone $zonefile.signed |
51 awk '
52 tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
53 for (i = 1; i <= NF; i++ ) {
54 if (i <= 12) {
55 printf("%s ", $i);
56 continue;
57 }
58 prefix = substr($i, 1, length($i) - 4);
59 suffix = substr($i, length($i) - 4, 4);
60 if (i > 12 && tolower(prefix) != prefix)
61 printf("%s%s", tolower(prefix), suffix);
62 else if (i > 12 && toupper(prefix) != prefix)
63 printf("%s%s", toupper(prefix), suffix);
64 else
65 printf("%s%s ", prefix, suffix);
66 }
67 printf("\n");
68 next;
69 }
70
71 tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
72 for (i = 1; i <= NF; i++ ) {
73 if (i <= 12) {
74 printf("%s ", $i);
75 continue;
76 }
77 prefix = substr($i, 1, length($i) - 4);
78 suffix = substr($i, length($i) - 4, 4);
79 if (i > 12 && tolower(prefix) != prefix)
80 printf("%s%s", tolower(prefix), suffix);
81 else if (i > 12 && toupper(prefix) != prefix)
82 printf("%s%s", toupper(prefix), suffix);
83 else
84 printf("%s%s ", prefix, suffix);
85 }
86 printf("\n");
87 next;
88 }
89
90 { print; }' > $zonefile.signed++ && mv $zonefile.signed++ $zonefile.signed
91
92 #
93 # signed in-addr.arpa w/ a delegation for 10.in-addr.arpa which is unsigned.
94 #
95 zone=in-addr.arpa.
96 infile=in-addr.arpa.db.in
97 zonefile=in-addr.arpa.db
98
99 keyname1=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
100 keyname2=`$KEYGEN -q -r $RANDFILE -a DSA -b 768 -n zone $zone`
101
102 cat $infile $keyname1.key $keyname2.key >$zonefile
103 $SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
104
105 # Sign the privately secure file
106
107 privzone=private.secure.example.
108 privinfile=private.secure.example.db.in
109 privzonefile=private.secure.example.db
110
111 privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
112
113 cat $privinfile $privkeyname.key >$privzonefile
114
115 $SIGNER -P -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
116
117 # Sign the DLV secure zone.
118
119
120 dlvzone=dlv.
121 dlvinfile=dlv.db.in
122 dlvzonefile=dlv.db
123
124 dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
125
126 cat $dlvinfile $dlvkeyname.key dlvset-$privzone > $dlvzonefile
127
128 $SIGNER -P -g -r $RANDFILE -o $dlvzone $dlvzonefile > /dev/null
129
130 # Sign the badparam secure file
131
132 zone=badparam.
133 infile=badparam.db.in
134 zonefile=badparam.db
135
136 keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
137 keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
138
139 cat $infile $keyname1.key $keyname2.key >$zonefile
140
141 $SIGNER -P -3 - -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
142
143 sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad
144
145 # Sign the single-nsec3 secure zone with optout
146
147 zone=single-nsec3.
148 infile=single-nsec3.db.in
149 zonefile=single-nsec3.db
150
151 keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -f KSK $zone`
152 keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
153
154 cat $infile $keyname1.key $keyname2.key >$zonefile
155
156 $SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
157
158 #
159 # algroll has just has the old DNSKEY records removed and is waiting
160 # for them to be flushed from caches. We still need to generate
161 # RRSIGs for the old DNSKEY.
162 #
163 zone=algroll.
164 infile=algroll.db.in
165 zonefile=algroll.db
166
167 keyold1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
168 keyold2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
169 keynew1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
170 keynew2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
171
172 cat $infile $keynew1.key $keynew2.key >$zonefile
173
174 $SIGNER -P -r $RANDFILE -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
175
176 #
177 # Make a zone big enough that it takes several seconds to generate a new
178 # nsec3 chain.
179 #
180 zone=nsec3chain-test
181 zonefile=nsec3chain-test.db
182 cat > $zonefile << 'EOF'
183 $TTL 10
184 @ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
185 @ 10 NS ns2
186 @ 10 NS ns3
187 ns2 10 A 10.53.0.2
188 ns3 10 A 10.53.0.3
189 EOF
190 awk 'END { for (i = 0; i < 300; i++)
191 print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
192 key1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone -fk $zone`
193 key2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
194 cat $key1.key $key2.key >> $zonefile
195 $SIGNER -P -3 - -A -H 1 -g -r $RANDFILE -o $zone -k $key1 $zonefile $key2 > /dev/null
MINIX 3 (repo.or.cz mirror)