SecurityTests/clxutils/importExport/exportOpensslTool

   1 #! /bin/csh -f
   2 #
   3 # Run one iteration of openssl wrap export test.
   4 # Only used as a subroutine call from importExportOpensslWrap
   5 #
   6 # Usage
   7 #   exportOpensslTool rawKey oskeyGen osKeyParse alg(rsa|dsa) keysize quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO)
   8 #
   9 if ( $#argv != 8 ) then
  10         echo usage error for exportOpensslTool
  11         exit(1)
  12 endif
  13 set RAWKEY=$argv[1]
  14 set OS_KEY_EXP=$argv[2]
  15 set OS_KEY_PARSE_OS=$argv[3]
  16 set KEY_ALG=$argv[4]
  17 set KEY_SIZE=$argv[5]
  18 set QUIET=$argv[6]
  19 set QUIET_ARG=
  20 if ($QUIET == YES) then
  21         set QUIET_ARG=-q
  22 endif
  23 set NOACL_ARG=
  24 if ($argv[7] == YES) then
  25         set NOACL_ARG=-n
  26 endif
  27 set SECURE_PHRASE_ARG=
  28 if ($argv[8] == YES) then
  29         set SECURE_PHRASE_ARG=-Z
  30 endif
  31
  32 source setupCommon
  33
  34 set PASSWORD=foobar
  35 set OS_PWD_ARG="-passout pass:$PASSWORD"
  36
  37 if ($QUIET == NO) then
  38         echo $CLEANKC
  39 endif
  40 $CLEANKC || exit(1)
  41 #
  42 # import the raw key
  43 #
  44 set cmd="$KCIMPORT $RAWKEY -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
  45 if ($QUIET == NO) then
  46         echo $cmd
  47 endif
  48 $cmd || exit(1)
  49 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
  50 if ($QUIET == NO) then
  51         echo $cmd
  52 endif
  53 $cmd || exit(1)
  54 #
  55 # Export it in openssl wrap form
  56 #
  57 set cmd="$RM -f $OS_KEY_EXP"
  58 if ($QUIET == NO) then
  59         echo $cmd
  60 endif
  61 $cmd || exit(1)
  62 set cmd="$KCEXPORT $KEYCHAIN -t privKeys -f openssl -w -z $PASSWORD -o $OS_KEY_EXP -q $SECURE_PHRASE_ARG"
  63 if ($QUIET == NO) then
  64         echo $cmd
  65 endif
  66 $cmd || exit(1)
  67 #
  68 # Ensure that openssl can read it, then write it in unencrypted form
  69 # Save openssl's stderr in a temp file and cat that to our stderr only on error.
  70 #
  71 set STDERR_TMP=/tmp/openssl_stderr
  72 set cmd="$RM -f $OS_KEY_PARSE_OS"
  73 if ($QUIET == NO) then
  74         echo $cmd
  75 endif
  76 $cmd || exit(1)
  77 set cmd="$OPENSSL $KEY_ALG -inform PEM -outform DER -in $OS_KEY_EXP -passin pass:$PASSWORD -out $OS_KEY_PARSE_OS"
  78 if ($QUIET == NO) then
  79         echo $cmd
  80 endif
  81 $cmd >& $STDERR_TMP
  82 if($status != 0) then
  83         cat $STDERR_TMP > /dev/stderr
  84         exit(1)
  85 endif
  86 rm $STDERR_TMP
  87 #
  88 # Then ensure we can read the parsed result
  89 #
  90 if ($QUIET == NO) then
  91         echo $CLEANKC
  92 endif
  93 $CLEANKC || exit(1)
  94 set cmd="$KCIMPORT $OS_KEY_PARSE_OS -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG"
  95 if ($QUIET == NO) then
  96         echo $cmd
  97 endif
  98 $cmd || exit(1)
  99 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
 100 if ($QUIET == NO) then
 101         echo $cmd
 102 endif
 103 $cmd || exit(1)