ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
b0f477df875a39146a69f1ab622bfb87a760c028
bind9/bin/tests/system/pkcs11/setup.sh
Evan Hunt df698d73f4 update all copyright headers to eliminate the typo
2020-09-14 16:50:58 -07:00

93 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -eu
SYSTEMTESTTOP=..
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
echo_i "Generating keys for Native PKCS#11" >&2
infile=ns1/example.db.in
printf '%s' "${HSMPIN:-1234}" > pin
PWD=$(pwd)
copy_setports ns1/named.conf.in ns1/named.conf
get_random() {
dd if=/dev/urandom bs=1 count=2 2>/dev/null | od -tu2 -An
}
genpkcs() (
alg="$1"
bits="$2"
label="$3"
id="$(get_random)"
$PK11DEL -l "$label" -w0 >/dev/null || true
$PK11GEN -a "$alg" -b "$bits" -l "$label" -i "$id" >/dev/null
)
keyfrlab() (
alg="$1"
bits="$2"
label="$3"
zone="$4"
shift 4
$KEYFRLAB -a "$alg" -l "pkcs11:object=$label;pin-source=$PWD/pin" "$@" "$zone"
)
genzsk() (
genpkcs "$@"
keyfrlab "$@"
)
genksk() (
genpkcs "$@"
keyfrlab "$@" -f ksk
)
algs=
for algbits in rsasha256:2048 rsasha512:2048 ecdsap256sha256:256 ecdsap384sha384:384 ed25519:256 ed448:456; do
alg=$(echo "$algbits" | cut -f 1 -d :)
bits=$(echo "$algbits" | cut -f 2 -d :)
zone="$alg.example"
zonefile="ns1/$alg.example.db"
if $SHELL "$SYSTEMTESTTOP/testcrypto.sh" "$alg"; then
echo "$alg" >> supported
algs="$algs$alg "
zsk1=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk1" "$zone")
zsk2=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk2" "$zone")
ksk1=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk1" "$zone")
ksk2=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk2" "$zone")
cat "$infile" "$zsk1.key" "$ksk1.key" > "$zonefile"
$SIGNER -a -P -g -o "$zone" "$zonefile" > /dev/null
cp "$zsk2.key" "ns1/$alg.zsk"
cp "$ksk2.key" "ns1/$alg.ksk"
mv "K$alg"* ns1/
cat >> ns1/named.conf <<EOF
zone "$alg.example." {
type master;
file "$alg.example.db.signed";
allow-update { any; };
};
EOF
fi
done
echo_i "Generated keys for Native PKCS#11: $algs"
View Git Blame Copy Permalink