diff options
Diffstat (limited to 'bin/tests/system/eddsa')
| -rw-r--r-- | bin/tests/system/eddsa/ns1/sign.sh | 34 | ||||
| -rw-r--r-- | bin/tests/system/eddsa/ns2/sign.sh | 13 | ||||
| -rw-r--r-- | bin/tests/system/eddsa/ns3/sign.sh | 13 | ||||
| -rw-r--r-- | bin/tests/system/eddsa/prereq.sh | 4 | ||||
| -rw-r--r-- | bin/tests/system/eddsa/setup.sh | 16 | ||||
| -rw-r--r-- | bin/tests/system/eddsa/tests.sh | 98 |
6 files changed, 88 insertions, 90 deletions
diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 148e475..b60064c 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -23,34 +23,34 @@ echo_i "ns1/sign.sh" cp $infile $zonefile if [ -f ../ed25519-supported.file ]; then - zsk25519=$($KEYGEN -q -a ED25519 -n zone "$zone") - ksk25519=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone") - cat "$ksk25519.key" "$zsk25519.key" >> "$zonefile" - $DSFROMKEY -a sha-256 "$ksk25519.key" >> dsset-256 + zsk25519=$($KEYGEN -q -a ED25519 -n zone "$zone") + ksk25519=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone") + cat "$ksk25519.key" "$zsk25519.key" >>"$zonefile" + $DSFROMKEY -a sha-256 "$ksk25519.key" >>dsset-256 fi if [ -f ../ed448-supported.file ]; then - zsk448=$($KEYGEN -q -a ED448 -n zone "$zone") - ksk448=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone") - cat "$ksk448.key" "$zsk448.key" >> "$zonefile" - $DSFROMKEY -a sha-256 "$ksk448.key" >> dsset-256 + zsk448=$($KEYGEN -q -a ED448 -n zone "$zone") + ksk448=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone") + cat "$ksk448.key" "$zsk448.key" >>"$zonefile" + $DSFROMKEY -a sha-256 "$ksk448.key" >>dsset-256 fi # Configure the resolving server with a static key. if [ -f ../ed25519-supported.file ]; then - keyfile_to_static_ds $ksk25519 > trusted.conf - cp trusted.conf ../ns2/trusted.conf + keyfile_to_static_ds $ksk25519 >trusted.conf + cp trusted.conf ../ns2/trusted.conf else - keyfile_to_static_ds $ksk448 > trusted.conf - cp trusted.conf ../ns2/trusted.conf + keyfile_to_static_ds $ksk448 >trusted.conf + cp trusted.conf ../ns2/trusted.conf fi if [ -f ../ed448-supported.file ]; then - keyfile_to_static_ds $ksk448 > trusted.conf - cp trusted.conf ../ns3/trusted.conf + keyfile_to_static_ds $ksk448 >trusted.conf + cp trusted.conf ../ns3/trusted.conf else - keyfile_to_static_ds $ksk25519 > trusted.conf - cp trusted.conf ../ns3/trusted.conf + keyfile_to_static_ds $ksk25519 >trusted.conf + cp trusted.conf ../ns3/trusted.conf fi -$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -g -o "$zone" "$zonefile" >/dev/null 2>signer.err || cat signer.err diff --git a/bin/tests/system/eddsa/ns2/sign.sh b/bin/tests/system/eddsa/ns2/sign.sh index 09bfb93..64dc562 100644 --- a/bin/tests/system/eddsa/ns2/sign.sh +++ b/bin/tests/system/eddsa/ns2/sign.sh @@ -26,12 +26,11 @@ cp $infile $zonefile if [ -f ../ed25519-supported.file ]; then - for i in Xexample.com.+015+03613 Xexample.com.+015+35217 - do - cp "$i.key" "$(echo $i.key | sed s/X/K/)" - cp "$i.private" "$(echo $i.private | sed s/X/K/)" - cat "$(echo $i.key | sed s/X/K/)" >> "$zonefile" - done + for i in Xexample.com.+015+03613 Xexample.com.+015+35217; do + cp "$i.key" "$(echo $i.key | sed s/X/K/)" + cp "$i.private" "$(echo $i.private | sed s/X/K/)" + cat "$(echo $i.key | sed s/X/K/)" >>"$zonefile" + done fi -$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile >/dev/null 2>signer.err || cat signer.err diff --git a/bin/tests/system/eddsa/ns3/sign.sh b/bin/tests/system/eddsa/ns3/sign.sh index 3cb8b45..d32a035 100644 --- a/bin/tests/system/eddsa/ns3/sign.sh +++ b/bin/tests/system/eddsa/ns3/sign.sh @@ -25,12 +25,11 @@ echo_i "ns3/sign.sh" cp $infile $zonefile if [ -f ../ed448-supported.file ]; then - for i in Xexample.com.+016+09713 Xexample.com.+016+38353 - do - cp "$i.key" "$(echo $i.key | sed s/X/K/)" - cp "$i.private" "$(echo $i.private | sed s/X/K/)" - cat "$(echo $i.key | sed s/X/K/)" >> "$zonefile" - done + for i in Xexample.com.+016+09713 Xexample.com.+016+38353; do + cp "$i.key" "$(echo $i.key | sed s/X/K/)" + cp "$i.private" "$(echo $i.private | sed s/X/K/)" + cat "$(echo $i.key | sed s/X/K/)" >>"$zonefile" + done fi -$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" >/dev/null 2>signer.err || cat signer.err diff --git a/bin/tests/system/eddsa/prereq.sh b/bin/tests/system/eddsa/prereq.sh index a1a16ae..7367154 100644 --- a/bin/tests/system/eddsa/prereq.sh +++ b/bin/tests/system/eddsa/prereq.sh @@ -16,10 +16,10 @@ SYSTEMTESTTOP=.. supported=0 if $SHELL ../testcrypto.sh ed25519; then - supported=1 + supported=1 fi if $SHELL ../testcrypto.sh ed448; then - supported=1 + supported=1 fi [ "$supported" -eq 1 ] || exit 1 diff --git a/bin/tests/system/eddsa/setup.sh b/bin/tests/system/eddsa/setup.sh index 4bac09a..ba28d9b 100644 --- a/bin/tests/system/eddsa/setup.sh +++ b/bin/tests/system/eddsa/setup.sh @@ -15,11 +15,11 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh if $SHELL ../testcrypto.sh ed25519; then - echo "yes" > ed25519-supported.file + echo "yes" >ed25519-supported.file fi if $SHELL ../testcrypto.sh ed448; then - echo "yes" > ed448-supported.file + echo "yes" >ed448-supported.file fi copy_setports ns1/named.conf.in ns1/named.conf @@ -27,14 +27,14 @@ copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns3/named.conf.in ns3/named.conf ( - cd ns1 - $SHELL sign.sh + cd ns1 + $SHELL sign.sh ) ( - cd ns2 - $SHELL sign.sh + cd ns2 + $SHELL sign.sh ) ( - cd ns3 - $SHELL sign.sh + cd ns3 + $SHELL sign.sh ) diff --git a/bin/tests/system/eddsa/tests.sh b/bin/tests/system/eddsa/tests.sh index 705f5de..9d119cb 100644 --- a/bin/tests/system/eddsa/tests.sh +++ b/bin/tests/system/eddsa/tests.sh @@ -18,66 +18,66 @@ status=0 n=0 dig_with_opts() { - "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" + "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" } if [ -f ed25519-supported.file ]; then - # Check the example. domain - n=$((n+1)) - echo_i "checking that Ed25519 positive validation works ($n)" - ret=0 - dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 - dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 - $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 - grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status+ret)) + # Check the example. domain + n=$((n + 1)) + echo_i "checking that Ed25519 positive validation works ($n)" + ret=0 + dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1 + dig_with_opts . @10.53.0.2 soa >dig.out.ns2.test$n || ret=1 + $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 + grep "flags:.*ad.*QUERY" dig.out.ns2.test$n >/dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) - # Check test vectors (RFC 8080 + errata) - n=$((n+1)) - echo_i "checking that Ed25519 test vectors match ($n)" - ret=0 - grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/null || ret=1 - grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1 - grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1 - grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status+ret)) + # Check test vectors (RFC 8080 + errata) + n=$((n + 1)) + echo_i "checking that Ed25519 test vectors match ($n)" + ret=0 + grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed >/dev/null || ret=1 + grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed >/dev/null || ret=1 + grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed >/dev/null || ret=1 + grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed >/dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) else - echo_i "algorithm Ed25519 not supported, skipping vectors match test" + echo_i "algorithm Ed25519 not supported, skipping vectors match test" fi if [ -f ed448-supported.file ]; then - # Check the example. domain - n=$((n+1)) - echo_i "checking that Ed448 positive validation works ($n)" - ret=0 - dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 - dig_with_opts . @10.53.0.3 soa > dig.out.ns3.test$n || ret=1 - $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1 - grep "flags:.*ad.*QUERY" dig.out.ns3.test$n > /dev/null || ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status+ret)) + # Check the example. domain + n=$((n + 1)) + echo_i "checking that Ed448 positive validation works ($n)" + ret=0 + dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1 + dig_with_opts . @10.53.0.3 soa >dig.out.ns3.test$n || ret=1 + $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1 + grep "flags:.*ad.*QUERY" dig.out.ns3.test$n >/dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) - # Check test vectors (RFC 8080 + errata) - n=$((n+1)) - echo_i "checking that Ed448 test vectors match ($n)" - ret=0 - grep '3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLm' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'jInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKi' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'wZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQ' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'vE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'WKsJlwEA' ns3/example.com.db.signed > /dev/null || ret=1 + # Check test vectors (RFC 8080 + errata) + n=$((n + 1)) + echo_i "checking that Ed448 test vectors match ($n)" + ret=0 + grep '3cPAHkmlnxcDHMyg7vFC34l0blBhuG1qpwLm' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'jInI8w1CMB29FkEAIJUA0amxWndkmnBZ6SKi' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'wZSAxGILn/NBtOXft0+Gj7FSvOKxE/07+4RQ' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'vE581N3Aj/JtIyaiYVdnYtyMWbSNyGEY2213' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'WKsJlwEA' ns3/example.com.db.signed >/dev/null || ret=1 - grep 'E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3ur' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'CyHyvEp4Sp8Syg1eI+lJ57CSnZqjJP41O/9l' ns3/example.com.db.signed > /dev/null || ret=1 - grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns3/example.com.db.signed > /dev/null || ret=1 - grep 'ZmQ0YQUA' ns3/example.com.db.signed > /dev/null || ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=$((status+ret)) + grep 'E1/oLjSGIbmLny/4fcgM1z4oL6aqo+izT3ur' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'CyHyvEp4Sp8Syg1eI+lJ57CSnZqjJP41O/9l' ns3/example.com.db.signed >/dev/null || ret=1 + grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns3/example.com.db.signed >/dev/null || ret=1 + grep 'ZmQ0YQUA' ns3/example.com.db.signed >/dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) else - echo_i "algorithm Ed448 not supported, skipping vectors match test" + echo_i "algorithm Ed448 not supported, skipping vectors match test" fi echo_i "exit status: $status" |