mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-28 04:21:07 -05:00
7b2880d191
this changes most visble uses of master/slave terminology in tests.sh
and most uses of 'type master' or 'type slave' in named.conf files.
files in the checkconf test were not updated in order to confirm that
the old syntax still works. rpzrecurse was also left mostly unchanged
to avoid interference with DNSRPS.
(cherry picked from commit e43b3c1fa1)
92 lines
2.1 KiB
Bash
92 lines
2.1 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
set -eu
|
|
|
|
SYSTEMTESTTOP=..
|
|
# shellcheck source=conf.sh
|
|
. "$SYSTEMTESTTOP/conf.sh"
|
|
|
|
echo_i "Generating keys for Native PKCS#11" >&2
|
|
|
|
infile=ns1/example.db.in
|
|
|
|
printf '%s' "${HSMPIN:-1234}" > pin
|
|
PWD=$(pwd)
|
|
|
|
copy_setports ns1/named.conf.in ns1/named.conf
|
|
|
|
get_random() {
|
|
dd if=/dev/urandom bs=1 count=2 2>/dev/null | od -tu2 -An
|
|
}
|
|
|
|
genpkcs() (
|
|
alg="$1"
|
|
bits="$2"
|
|
label="$3"
|
|
id="$(get_random)"
|
|
|
|
$PK11DEL -l "$label" -w0 >/dev/null || true
|
|
$PK11GEN -a "$alg" -b "$bits" -l "$label" -i "$id" >/dev/null
|
|
)
|
|
|
|
keyfrlab() (
|
|
alg="$1"
|
|
bits="$2"
|
|
label="$3"
|
|
zone="$4"
|
|
shift 4
|
|
|
|
$KEYFRLAB -a "$alg" -l "pkcs11:object=$label;pin-source=$PWD/pin" "$@" "$zone"
|
|
)
|
|
|
|
genzsk() (
|
|
genpkcs "$@"
|
|
keyfrlab "$@"
|
|
)
|
|
|
|
genksk() (
|
|
genpkcs "$@"
|
|
keyfrlab "$@" -f ksk
|
|
)
|
|
|
|
algs=
|
|
for algbits in rsasha256:2048 rsasha512:2048 ecdsap256sha256:256 ecdsap384sha384:384 ed25519:256 ed448:456; do
|
|
alg=$(echo "$algbits" | cut -f 1 -d :)
|
|
bits=$(echo "$algbits" | cut -f 2 -d :)
|
|
zone="$alg.example"
|
|
zonefile="ns1/$alg.example.db"
|
|
if $SHELL "$SYSTEMTESTTOP/testcrypto.sh" "$alg"; then
|
|
echo "$alg" >> supported
|
|
algs="$algs$alg "
|
|
|
|
zsk1=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk1" "$zone")
|
|
zsk2=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk2" "$zone")
|
|
ksk1=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk1" "$zone")
|
|
ksk2=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk2" "$zone")
|
|
|
|
cat "$infile" "$zsk1.key" "$ksk1.key" > "$zonefile"
|
|
$SIGNER -a -P -g -o "$zone" "$zonefile" > /dev/null
|
|
cp "$zsk2.key" "ns1/$alg.zsk"
|
|
cp "$ksk2.key" "ns1/$alg.ksk"
|
|
mv "K$alg"* ns1/
|
|
|
|
cat >> ns1/named.conf <<EOF
|
|
zone "$alg.example." {
|
|
type primary;
|
|
file "$alg.example.db.signed";
|
|
allow-update { any; };
|
|
};
|
|
|
|
EOF
|
|
fi
|
|
done
|
|
echo_i "Generated keys for Native PKCS#11: $algs"
|