[apple/security.git] / SecurityTests / clxutils / importExport / importExportRawKey

#! /bin/csh -f
#
# Run import/export tests for raw key pairs.
#
# Run this from SecurityTests/clxutils/importExport. The 
# kcImport and kcExport programs must exist in the location
# specified by the LOCAL_BUILD_DIR env var.
#

source setupCommon

set KEYSUBTOOL=./importExportKeyTool

# RSA key pair, BSAFE format, generated by rsatool
set RSA_KEY_BSAFE=${BUILD_DIR}/rsaBsafe
set RSA_PUB_KEY_BSAFE=${RSA_KEY_BSAFE}_pub.der
set RSA_PRIV_KEY_BSAFE=${RSA_KEY_BSAFE}_priv.der

# RSA key pair, openssl format, generated by rsatool
set RSA_KEY_OPENSSL=${BUILD_DIR}/rsaOpenssl
set RSA_PUB_KEY_OPENSSL=${RSA_KEY_OPENSSL}_pub.der
set RSA_PRIV_KEY_OPENSSL=${RSA_KEY_OPENSSL}_priv.der

# DSA key pair, BSAFE format, generated by rsatool
set DSA_KEY_BSAFE=${BUILD_DIR}/dsaBsafe
set DSA_PUB_KEY_BSAFE=${DSA_KEY_BSAFE}_pub.der
set DSA_PRIV_KEY_BSAFE=${DSA_KEY_BSAFE}_priv.der

# DSA key pair, openssl format, generated by rsatool
set DSA_KEY_OPENSSL=${BUILD_DIR}/dsaOpenssl
set DSA_PUB_KEY_OPENSSL=${DSA_KEY_OPENSSL}_pub.der
set DSA_PRIV_KEY_OPENSSL=${DSA_KEY_OPENSSL}_priv.der

# RSA private key, generated by openssl, PEM format 
set RSA_PRIV_KEY_PEM=${RSA_PRIV_KEY_OPENSSL}.pem

# DSA parameters
set DSA_PARAMS_512_DER=dsaParams_512.der
set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem

# ECDSA key pair, pub=X509, priv=pkcs8, generated by rsatool
set ECDSA_KEY_BASE=${BUILD_DIR}/ecdsaBase
set ECDSA_PUB_KEY=${ECDSA_KEY_BASE}_pub.der
set ECDSA_PRIV_KEY=${ECDSA_KEY_BASE}_priv.der
set ECDSA_KEY_SIZE=256

# user specified variables
set QUIET=NO
set KEYSIZE=512
set NOACL=NO
set NOACL_ARG=
set NOCLEAN=NO
set NOCLEAN_ARG=
#
# Verify existence of a few crucial things before we start.
#
if( ( ! -e $KCIMPORT ) || \
    ( ! -e $KCEXPORT ) || \
    ( ! -e $RSATOOL) ) then
        echo === You do not seem to have all of the required executables.
        echo === Please build all of cspxutils and clxutils. 
        echo === See the README files in those directories for info.
        exit(1)
endif

# user options

while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case q:
            set QUIET=YES
            shift
            breaksw
        case n:
            set NOACL=YES
			set NOACL_ARG=-n
            shift
            breaksw
		case N:
			set NOCLEAN=YES
			set NOCLEAN_ARG=N
            shift
            breaksw
        default:
            echo Usage: importExportRawKey \[q\(uiet\)\] \[n\(oACL\)\] \[N\(oClean\)\]
            exit(1)
    endsw
end

echo === Begin Raw Key Pair test ===
if ($QUIET == NO) then
	echo $CLEANKC
endif
$CLEANKC || exit(1)

###
### Basic RSA key pair testing, openssl generated
###

# Create RSA key pair using openssl
# private keys are only generated in PEM format
if ($QUIET == NO) then
	echo === RSA key pair testing, openssl generated ===
	echo Creating RSA key pair using openssl...
endif
set cmd="$RM -f $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY_PEM $KEYSIZE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null || exit(1)
set cmd="$BUILD_DIR/pemtool d $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$OPENSSL rsa -inform PEM -outform DER -in $RSA_PRIV_KEY_PEM -out $RSA_PUB_KEY_OPENSSL -pubout"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)


###
### Basic RSA key pair testing, BSAFE format 
###

# Create RSA key pair in BSAFE format
if ($QUIET == NO) then
	echo === RSA key pair testing, BSAFE format ===
	echo Creating RSA key pair in BSAFE format...
endif
set cmd="$RM -f $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g k=$RSA_KEY_BSAFE z=$KEYSIZE b=1 v=8 q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic RSA key pair testing, openssl format 
###

# Create RSA key pair in openssl format
if ($QUIET == NO) then
	echo === RSA key pair testing, OpenSSL format ===
	echo Creating RSA key pair in OpenSSL format...
endif
set cmd="$RM -f $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g k=$RSA_KEY_OPENSSL z=$KEYSIZE b=x v=1 q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic DSA key pair testing, BSAFE format 
###

if ($QUIET == NO) then
	echo === DSA key pair testing, BSAFE format ===
	echo Creating DSA key pair in BSAFE format...
endif
set cmd="$RM -f $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=d k=$DSA_KEY_BSAFE z=$KEYSIZE b=b v=b m=$DSA_PARAMS_512_DER q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic DSA key pair testing, openssl format 
###

# Create DSA key pair in openssl format
if ($QUIET == NO) then
	echo === DSA key pair testing, OpenSSL format ===
	echo Creating DSA key pair in OpenSSL format...
endif
set cmd="$RM -f $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=d k=$DSA_KEY_OPENSSL z=$KEYSIZE b=x v=o m=$DSA_PARAMS_512_DER q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic ECDSA key pair testing, default format 
###

# Create ECDSA key pair 
if ($QUIET == NO) then
	echo === ECDSA key pair testing, default format ===
	echo Creating ECDSA key pair in default format...
endif
set cmd="$RM -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=e k=$ECDSA_KEY_BASE z=$ECDSA_KEY_SIZE q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $ECDSA_PUB_KEY $ECDSA_PRIV_KEY $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)


# clean up
if ($NOCLEAN == NO) then
	set cmd1="rm -f $RSA_KEY_BSAFE $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $RSA_KEY_OPENSSL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
	set cmd2="rm -f $DSA_KEY_BSAFE $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $DSA_KEY_OPENSSL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $RSA_PRIV_KEY_PEM"
	set cmd3="rm -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
	if ($QUIET == NO) then
		echo $cmd1
		echo $cmd2
		echo $cmd3
	endif
	$cmd1 || exit(1)
	$cmd2 || exit(1)
	$cmd3 || exit(1)
endif

if ($QUIET == NO) then
	echo === Raw Key Pair test complete ===
endif
Commit	Line	Data
d8f41ccd A	1	#! /bin/csh -f
	2	#
	3	# Run import/export tests for raw key pairs.
	4	#
	5	# Run this from SecurityTests/clxutils/importExport. The
	6	# kcImport and kcExport programs must exist in the location
	7	# specified by the LOCAL_BUILD_DIR env var.
	8	#
	9
	10	source setupCommon
	11
	12	set KEYSUBTOOL=./importExportKeyTool
	13
	14	# RSA key pair, BSAFE format, generated by rsatool
	15	set RSA_KEY_BSAFE=${BUILD_DIR}/rsaBsafe
	16	set RSA_PUB_KEY_BSAFE=${RSA_KEY_BSAFE}_pub.der
	17	set RSA_PRIV_KEY_BSAFE=${RSA_KEY_BSAFE}_priv.der
	18
	19	# RSA key pair, openssl format, generated by rsatool
	20	set RSA_KEY_OPENSSL=${BUILD_DIR}/rsaOpenssl
	21	set RSA_PUB_KEY_OPENSSL=${RSA_KEY_OPENSSL}_pub.der
	22	set RSA_PRIV_KEY_OPENSSL=${RSA_KEY_OPENSSL}_priv.der
	23
	24	# DSA key pair, BSAFE format, generated by rsatool
	25	set DSA_KEY_BSAFE=${BUILD_DIR}/dsaBsafe
	26	set DSA_PUB_KEY_BSAFE=${DSA_KEY_BSAFE}_pub.der
	27	set DSA_PRIV_KEY_BSAFE=${DSA_KEY_BSAFE}_priv.der
	28
	29	# DSA key pair, openssl format, generated by rsatool
	30	set DSA_KEY_OPENSSL=${BUILD_DIR}/dsaOpenssl
	31	set DSA_PUB_KEY_OPENSSL=${DSA_KEY_OPENSSL}_pub.der
	32	set DSA_PRIV_KEY_OPENSSL=${DSA_KEY_OPENSSL}_priv.der
	33
	34	# RSA private key, generated by openssl, PEM format
	35	set RSA_PRIV_KEY_PEM=${RSA_PRIV_KEY_OPENSSL}.pem
	36
	37	# DSA parameters
	38	set DSA_PARAMS_512_DER=dsaParams_512.der
	39	set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem
	40
	41	# ECDSA key pair, pub=X509, priv=pkcs8, generated by rsatool
	42	set ECDSA_KEY_BASE=${BUILD_DIR}/ecdsaBase
	43	set ECDSA_PUB_KEY=${ECDSA_KEY_BASE}_pub.der
	44	set ECDSA_PRIV_KEY=${ECDSA_KEY_BASE}_priv.der
	45	set ECDSA_KEY_SIZE=256
	46
	47	# user specified variables
	48	set QUIET=NO
	49	set KEYSIZE=512
	50	set NOACL=NO
	51	set NOACL_ARG=
	52	set NOCLEAN=NO
	53	set NOCLEAN_ARG=
	54	#
	55	# Verify existence of a few crucial things before we start.
	56	#
	57	if( ( ! -e $KCIMPORT ) \|\| \
	58	( ! -e $KCEXPORT ) \|\| \
	59	( ! -e $RSATOOL) ) then
	60	echo === You do not seem to have all of the required executables.
	61	echo === Please build all of cspxutils and clxutils.
	62	echo === See the README files in those directories for info.
	63	exit(1)
	64	endif
65
66	# user options
67
68	while ( $#argv > 0 )
69	switch ( "$argv[1]" )
70	case q:
71	set QUIET=YES
72	shift
73	breaksw
74	case n:
75	set NOACL=YES
76	set NOACL_ARG=-n
77	shift
78	breaksw
79	case N:
80	set NOCLEAN=YES
81	set NOCLEAN_ARG=N
82	shift
83	breaksw
84	default:
85	echo Usage: importExportRawKey \[q\(uiet\)\] \[n\(oACL\)\] \[N\(oClean\)\]
86	exit(1)
87	endsw
88	end
89
90	echo === Begin Raw Key Pair test ===
91	if ($QUIET == NO) then
92	echo $CLEANKC
93	endif
94	$CLEANKC \|\| exit(1)
95
96	###
97	### Basic RSA key pair testing, openssl generated
98	###
99
100	# Create RSA key pair using openssl
101	# private keys are only generated in PEM format
102	if ($QUIET == NO) then
103	echo === RSA key pair testing, openssl generated ===
104	echo Creating RSA key pair using openssl...
105	endif
106	set cmd="$RM -f $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL"
107	if ($QUIET == NO) then
108	echo $cmd
109	endif
110	$cmd \|\| exit(1)
111	set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY_PEM $KEYSIZE"
112	if ($QUIET == NO) then
113	echo $cmd
114	endif
115	$cmd >& /dev/null \|\| exit(1)
116	set cmd="$BUILD_DIR/pemtool d $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL q"
117	if ($QUIET == NO) then
118	echo $cmd
119	endif
120	$cmd \|\| exit(1)
121	set cmd="$OPENSSL rsa -inform PEM -outform DER -in $RSA_PRIV_KEY_PEM -out $RSA_PUB_KEY_OPENSSL -pubout"
122	if ($QUIET == NO) then
123	echo $cmd
124	endif
125	$cmd >& /dev/null \|\| exit(1)
126
127	$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN \|\| exit(1)
128
129
130	###
131	### Basic RSA key pair testing, BSAFE format
132	###
133
134	# Create RSA key pair in BSAFE format
135	if ($QUIET == NO) then
136	echo === RSA key pair testing, BSAFE format ===
137	echo Creating RSA key pair in BSAFE format...
138	endif
139	set cmd="$RM -f $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE"
140	if ($QUIET == NO) then
141	echo $cmd
142	endif
143	$cmd \|\| exit(1)
144	set cmd="$RSATOOL g k=$RSA_KEY_BSAFE z=$KEYSIZE b=1 v=8 q"
145	if ($QUIET == NO) then
146	echo $cmd
147	endif
148	$cmd \|\| exit(1)
149
150	$KEYSUBTOOL $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN \|\| exit(1)
151
152	###
153	### Basic RSA key pair testing, openssl format
154	###
155
156	# Create RSA key pair in openssl format
157	if ($QUIET == NO) then
158	echo === RSA key pair testing, OpenSSL format ===
159	echo Creating RSA key pair in OpenSSL format...
160	endif
161	set cmd="$RM -f $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
162	if ($QUIET == NO) then
163	echo $cmd
164	endif
165	$cmd \|\| exit(1)
166	set cmd="$RSATOOL g k=$RSA_KEY_OPENSSL z=$KEYSIZE b=x v=1 q"
167	if ($QUIET == NO) then
168	echo $cmd
169	endif
170	$cmd \|\| exit(1)
171
172	$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN \|\| exit(1)
173
174	###
175	### Basic DSA key pair testing, BSAFE format
176	###
177
178	if ($QUIET == NO) then
179	echo === DSA key pair testing, BSAFE format ===
180	echo Creating DSA key pair in BSAFE format...
181	endif
182	set cmd="$RM -f $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE"
183	if ($QUIET == NO) then
184	echo $cmd
185	endif
186	$cmd \|\| exit(1)
187	set cmd="$RSATOOL g a=d k=$DSA_KEY_BSAFE z=$KEYSIZE b=b v=b m=$DSA_PARAMS_512_DER q"
188	if ($QUIET == NO) then
189	echo $cmd
190	endif
191	$cmd \|\| exit(1)
192
193	$KEYSUBTOOL $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN \|\| exit(1)
194
195	###
196	### Basic DSA key pair testing, openssl format
197	###
198
199	# Create DSA key pair in openssl format
200	if ($QUIET == NO) then
201	echo === DSA key pair testing, OpenSSL format ===
202	echo Creating DSA key pair in OpenSSL format...
203	endif
204	set cmd="$RM -f $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL"
205	if ($QUIET == NO) then
206	echo $cmd
207	endif
208	$cmd \|\| exit(1)
209	set cmd="$RSATOOL g a=d k=$DSA_KEY_OPENSSL z=$KEYSIZE b=x v=o m=$DSA_PARAMS_512_DER q"
210	if ($QUIET == NO) then
211	echo $cmd
212	endif
213	$cmd \|\| exit(1)
214
215	$KEYSUBTOOL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN \|\| exit(1)
216
217	###
218	### Basic ECDSA key pair testing, default format
219	###
220
221	# Create ECDSA key pair
222	if ($QUIET == NO) then
223	echo === ECDSA key pair testing, default format ===
224	echo Creating ECDSA key pair in default format...
225	endif
226	set cmd="$RM -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
227	if ($QUIET == NO) then
228	echo $cmd
229	endif
230	$cmd \|\| exit(1)
231	set cmd="$RSATOOL g a=e k=$ECDSA_KEY_BASE z=$ECDSA_KEY_SIZE q"
232	if ($QUIET == NO) then
233	echo $cmd
234	endif
235	$cmd \|\| exit(1)
236
237	$KEYSUBTOOL $ECDSA_PUB_KEY $ECDSA_PRIV_KEY $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN \|\| exit(1)
238
239
240	# clean up
241	if ($NOCLEAN == NO) then
242	set cmd1="rm -f $RSA_KEY_BSAFE $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $RSA_KEY_OPENSSL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
243	set cmd2="rm -f $DSA_KEY_BSAFE $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $DSA_KEY_OPENSSL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $RSA_PRIV_KEY_PEM"
244	set cmd3="rm -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
245	if ($QUIET == NO) then
246	echo $cmd1
247	echo $cmd2
248	echo $cmd3
249	endif
250	$cmd1 \|\| exit(1)
251	$cmd2 \|\| exit(1)
252	$cmd3 \|\| exit(1)
253	endif
254
255	if ($QUIET == NO) then
256	echo === Raw Key Pair test complete ===
257	endif
258