tests/test-policies/01-keysize.pol

a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt/*
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt * Copyright (C) 2016  Internet Systems Consortium, Inc. ("ISC")
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt *
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt */
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntpolicy keysize_rsa {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    algorithm rsasha1;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    coverage 1y;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    roll-period zsk 3mo;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    pre-publish zsk 2w;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    post-publish zsk 2w;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    roll-period ksk 1y;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    pre-publish ksk 1mo;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    post-publish ksk 2mo;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    keyttl 1h;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size ksk 2048;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size zsk 1024;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntpolicy keysize_dsa {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    algorithm dsa;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    coverage 1y;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size ksk 2048;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size zsk 1024;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntzone good_rsa.test {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    policy keysize_rsa;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntzone bad_rsa.test {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    policy keysize_rsa;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size ksk 511;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntzone good_dsa.test {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    policy keysize_dsa;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size ksk 1024;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size zsk 768;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Huntzone bad_dsa.test {
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    policy keysize_dsa;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size ksk 1024;
a27dc50157eb8267becffcd800eb1abf7e16ae7cEvan Hunt    key-size zsk 769;
f6096b958c8b58c4709860d7c4dcdde5deeacb7aEvan Hunt};