Commit dd7d1df8 authored by Mukund Sivaraman's avatar Mukund Sivaraman

Increase minimum RSA keygen size to 1024 bits (#36895)

parent f5c39b07
4595. [func] dnssec-keygen will no longer generate RSA keys
less than 1024 bits in length. dnssec-keymgr
was similarly updated. [RT #36895]
4594. [func] "dnstap-read -x" prints a hex dump of the wire
format of each logged DNS message. [RT #44816]
......
......@@ -89,10 +89,10 @@ usage(void) {
"NSEC3RSASHA1 if using -3)\n");
fprintf(stderr, " -3: use NSEC3-capable algorithm\n");
fprintf(stderr, " -b <key size in bits>:\n");
fprintf(stderr, " RSAMD5:\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA1:\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA256:\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " RSAMD5:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA1:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " NSEC3RSASHA1:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA256:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " RSASHA512:\t[1024..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n");
fprintf(stderr, " DSA:\t\t[512..1024] and divisible by 64\n");
......@@ -748,7 +748,7 @@ main(int argc, char **argv) {
case DNS_KEYALG_RSASHA1:
case DNS_KEYALG_NSEC3RSASHA1:
case DNS_KEYALG_RSASHA256:
if (size != 0 && (size < 512 || size > MAX_RSA))
if (size != 0 && (size < 1024 || size > MAX_RSA))
fatal("RSA key size %d out of range", size);
break;
case DNS_KEYALG_RSASHA512:
......
......@@ -144,7 +144,7 @@
<para>
Specifies the number of bits in the key. The choice of key
size depends on the algorithm used. RSA keys must be
between 512 and 2048 bits. Diffie Hellman keys must be between
between 1024 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits. Elliptic curve algorithms don't need
......
......@@ -131,11 +131,11 @@ class Policy:
directory = None
valid_key_sz_per_algo = {'DSA': [512, 1024],
'NSEC3DSA': [512, 1024],
'RSAMD5': [512, 4096],
'RSASHA1': [512, 4096],
'RSAMD5': [1024, 4096],
'RSASHA1': [1024, 4096],
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [512, 4096],
'RSASHA512': [512, 4096],
'RSASHA256': [1024, 4096],
'RSASHA512': [1024, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None}
......
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
. ./clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
echo "I:generating keys and preparing zones"
cd ns1 && $SHELL keygen.sh
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
(cd ns1 && $SHELL -e sign.sh)
......@@ -13,7 +13,7 @@ zone=dlv.isc.org
infile=dlv.isc.org.db.in
zonefile=dlv.isc.org.db
dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $dlvkey.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
......@@ -21,7 +21,7 @@ zone=.
infile=root.db.in
zonefile=root.db
rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $rootkey.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
......
......@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
$DDNSCONFGEN -q -r $RANDFILE -z example.nil > ns1/ddns.key
......@@ -11,6 +11,6 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......@@ -24,7 +24,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
cp ../ns6/dsset-optout-tld$TP .
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key > $zonefile
......
......@@ -98,7 +98,7 @@ privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $privzone`
privkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $privzone`
cat $privinfile $privkeyname.key >$privzonefile
......@@ -112,7 +112,7 @@ dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $dlvzone`
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
......
......@@ -13,9 +13,9 @@ zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host cnameandkey.$zone`
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 768 -n host dnameandkey.$zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
......@@ -25,7 +25,7 @@ zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -35,7 +35,7 @@ zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
......@@ -46,7 +46,7 @@ zone=keyless.example.
infile=generic.example.db.in
zonefile=keyless.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -66,7 +66,7 @@ zone=secure.nsec3.example.
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -79,7 +79,7 @@ zone=nsec3.nsec3.example.
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -92,7 +92,7 @@ zone=optout.nsec3.example.
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -105,7 +105,7 @@ zone=nsec3.example.
infile=nsec3.example.db.in
zonefile=nsec3.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -118,7 +118,7 @@ zone=secure.optout.example.
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -131,7 +131,7 @@ zone=nsec3.optout.example.
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -144,7 +144,7 @@ zone=optout.optout.example.
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -157,7 +157,7 @@ zone=optout.example.
infile=optout.example.db.in
zonefile=optout.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -170,7 +170,7 @@ zone=nsec3-unknown.example.
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -183,7 +183,7 @@ zone=optout-unknown.example.
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -197,7 +197,7 @@ zone=dnskey-unknown.example.
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -216,7 +216,7 @@ zone=dnskey-nsec3-unknown.example.
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -234,7 +234,7 @@ zone=multiple.example.
infile=multiple.example.db.in
zonefile=multiple.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -257,7 +257,7 @@ zone=rsasha256.example.
infile=rsasha256.example.db.in
zonefile=rsasha256.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -362,7 +362,7 @@ zonefile=ttlpatch.example.db
signedfile=ttlpatch.example.db.signed
patchedfile=ttlpatch.example.db.patched
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
......@@ -377,7 +377,7 @@ infile=split-dnssec.example.db.in
zonefile=split-dnssec.example.db
signedfile=split-dnssec.example.db.signed
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
: > $signedfile
......@@ -391,7 +391,7 @@ infile=split-smart.example.db.in
zonefile=split-smart.example.db
signedfile=split-smart.example.db.signed
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
cp $infile $zonefile
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
: > $signedfile
......@@ -495,7 +495,7 @@ zone=badds.example.
infile=bogus.example.db.in
zonefile=badds.example.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......
......@@ -15,7 +15,7 @@ zone=optout-tld
infile=optout-tld.db.in
zonefile=optout-tld.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $keyname.key >$zonefile
......
......@@ -15,8 +15,8 @@ zone=split-rrsig
infile=split-rrsig.db.in
zonefile=split-rrsig.db
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
cat $infile $k1.key $k2.key >$zonefile
......
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......
......@@ -2938,16 +2938,23 @@ until test $alg = 256
do
size=
case $alg in
1) size="-b 512";;
1) # RSA/MD5
size="-b 1024";;
2) # Diffie Helman
alg=`expr $alg + 1`
continue;;
3) size="-b 512";;
5) size="-b 512";;
6) size="-b 512";;
7) size="-b 512";;
8) size="-b 512";;
10) size="-b 1024";;
3) # DSA/SHA1
size="-b 512";;
5) # RSA/SHA-1
size="-b 1024";;
6) # DSA-NSEC3-SHA1
size="-b 512";;
7) # RSASHA1-NSEC3-SHA1
size="-b 1024";;
8) # RSA/SHA-256
size="-b 1024";;
10) # RSA/SHA-512
size="-b 1024";;
157|160|161|162|163|164|165) # private - non standard
alg=`expr $alg + 1`
continue;;
......
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cp ns1/named1.conf ns1/named.conf
cp ns2/named1.conf ns2/named.conf
......
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL sign.sh
......@@ -14,7 +14,7 @@ SYSTEMTESTTOP=../..
zone=.
rm -f K.+*+*.key
rm -f K.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
[ $? = 0 ] || cat signer.out
......
......@@ -12,35 +12,35 @@ SYSTEMTESTTOP=../..
zone=bits
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=noixfr
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=master
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=dynamic
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=updated
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
......@@ -50,7 +50,7 @@ cp master2.db.in updated.db
zone=expired
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
......@@ -58,7 +58,7 @@ $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone}
zone=retransfer
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
......@@ -71,20 +71,20 @@ $DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
zone=retransfer3
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
for s in a c d h k l m q z
do
zone=test-$s
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
done
for s in b f i o p t v
do
zone=test-$s
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
done
......
......@@ -9,7 +9,7 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cp ns1/root.db.in ns1/root.db
rm -f ns1/root.db.signed
......
......@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
......@@ -9,7 +9,7 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
$SHELL clean.sh
......
......@@ -7,7 +7,7 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
rm -f named-compilezone
ln -s $CHECKZONE named-compilezone
......
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL ./clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
pzone=parent.nil
czone=child.parent.nil
......
......@@ -28,7 +28,7 @@ rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
$GENRANDOM 400 $RANDFILE
$GENRANDOM 800 $RANDFILE
echo "I:signing zones"
$SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
......
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cp ns1/named1.conf ns1/named.conf
......
......@@ -9,7 +9,7 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
#
# jnl and database files MUST be removed before we start
......
......@@ -160,7 +160,7 @@ grep ns6.other.nil dig.out.ns1 > /dev/null 2>&1 || ret=1
ret=0
echo "I:check SIG(0) key is accepted"
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 512 -T KEY -n ENTITY xxx`
key=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -T KEY -n ENTITY xxx`
echo "" | $NSUPDATE -k ${key}.private > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
......
......@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
......@@ -16,7 +16,7 @@ for domain in example example.com; do
infile=${domain}.db.in
zonefile=${domain}.db
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
keyname1=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -f KSK -n zone $zone`
cat $infile $keyname1.key $keyname2.key > $zonefile
......
......@@ -9,6 +9,6 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cd ns1 && $SHELL -e sign.sh
......@@ -11,4 +11,4 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
......@@ -11,7 +11,7 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE
cp ns2/redirect.db.in ns2/redirect.db
cp ns2/example.db.in ns2/example.db
......
......@@ -9,7 +9,7 @@
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
test -r $RANDFILE || $GENRANDOM 400 $RANDFILE
test -r $RANDFILE || $GENRANDOM 800 $RANDFILE