Verified Commit df53930e authored by Michal Nowak's avatar Michal Nowak
Browse files

Add README.md file to rsabigexponent system test

This README.md describes why is bigkey needed.

(cherry picked from commit a247f24d)
parent 5d830664
Pipeline #62460 failed with stages
in 20 minutes and 13 seconds
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
See COPYRIGHT in the source root or https://isc.org/copyright.html for terms.
The `rsabigexponent` test is used to `check max-rsa-exponent-size`.
We only run this test on builds without PKCS#11, as we have control over
the RSA exponent size with plain OpenSSL. We have not explored how to do
this with PKCS#11, which would require generating such a key and then
signing a zone with it. Additionally, even with control of the exponent
size with PKCS#11, generating a DNSKEY with this property and signing
such a zone would be slow and undesirable for each test run; instead, we
use a pregenerated DNSKEY and a saved signed zone. These are located in
`rsabigexponent/ns2` and currently use RSASHA1 for the `DNSKEY`
algorithm; however, that may need to be changed in the future.
To generate the `DNSKEY` used in this test, we used `bigkey.c`, as
dnssec-keygen is not capable of generating such keys.
Do **not** remove `bigkey.c` as it may be needed to generate a new
`DNSKEY` for testing purposes.
`bigkey` is used to both test that we are not running under PKCS#11 and
generate a `DNSKEY` key with a large RSA exponent.
......@@ -940,6 +940,7 @@
./bin/tests/system/rrsetorder/dig.out.random.good9 X 2006,2018,2019,2020,2021
./bin/tests/system/rrsetorder/setup.sh SH 2018,2019,2020,2021
./bin/tests/system/rrsetorder/tests.sh SH 2006,2007,2008,2011,2012,2014,2015,2016,2017,2018,2019,2020,2021
./bin/tests/system/rsabigexponent/README.md TXT.BRIEF 2021
./bin/tests/system/rsabigexponent/bigkey.c C 2012,2014,2015,2016,2017,2018,2019,2020,2021
./bin/tests/system/rsabigexponent/clean.sh SH 2012,2014,2016,2018,2019,2020,2021
./bin/tests/system/rsabigexponent/ns1/sign.sh SH 2012,2014,2016,2018,2019,2020,2021
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment