]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/importExportPkcs8
Security-57031.30.12.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / importExportPkcs8
1 #! /bin/csh -f
2 #
3 # Run PKCS8 import/export tests.
4 #
5 # Run this from SecurityTests/clxutils/importExport. The
6 # kcImport and kcExport programs must exist in the location
7 # specified by the LOCAL_BUILD_DIR env var.
8 #
9
10 source setupCommon
11
12 set PKCS8SUBTOOL=./importExportPkcs8Tool
13 set PKCS8EXPORTTOOL=./exportPkcs8Tool
14
15 set P8_PASSWORD=foobar
16
17 # RSA private key, PEM, generated by openssl
18 set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.clear.pem
19
20 # DSA private key, PEM, generated by openssl
21 set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.clear.pem
22
23 # DSA parameters
24 set DSA_PARAMS=dsaParamOpenssl.pem
25
26 # PKCS8 blob, generated by openssl
27 set PKCS8_KEY_OS=${BUILD_DIR}/pkcs8.p8
28
29 # PKCS8 blob, generated by kcExport
30 set PKCS8_KEY_EXP=${BUILD_DIR}/pkcs8_exp.p8
31
32 # raw key, generated by openssl after parsing our p8
33 set PKCS8_KEY_PARSE_OS=${BUILD_DIR}/pkcs8_parse
34
35 # DSA parameters
36 set DSA_PARAMS_512_DER=dsaParams_512.der
37 set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem
38
39 # user specified variables
40 set QUIET=NO
41 set QUIET_ARG=
42 set KEYSIZE=512
43 set NOACL=NO
44 set NOACL_ARG=
45 set SECURE_PHRASE=NO
46 set SECURE_PHRASE_ARG=
47 set NOCLEAN=NO
48
49 # user options
50
51 while ( $#argv > 0 )
52 switch ( "$argv[1]" )
53 case q:
54 set QUIET=YES
55 set QUIET_ARG=-q
56 shift
57 breaksw
58 case n:
59 set NOACL=YES
60 set NOACL_ARG=-n
61 shift
62 breaksw
63 case s:
64 set SECURE_PHRASE=YES
65 set SECURE_PHRASE_ARG=-Z
66 shift
67 breaksw
68 case N:
69 set NOCLEAN=YES
70 shift
71 breaksw
72 default:
73 echo Usage: importExportPkcs8 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
74 exit(1)
75 endsw
76 end
77
78 echo === Begin PKCS8 test ===
79 if ($QUIET == NO) then
80 echo $CLEANKC
81 endif
82 $CLEANKC || exit(1)
83
84 ###
85 ### RSA testing
86 ###
87
88 # Create RSA key pair using openssl
89 # private keys are only generated in PEM format
90 if ($QUIET == NO) then
91 echo ...RSA key testing, openssl generated
92 echo Creating RSA private key using openssl...
93 endif
94 set cmd="$RM -f $RSA_PRIV_KEY"
95 if ($QUIET == NO) then
96 echo $cmd
97 endif
98 $cmd || exit(1)
99 set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $KEYSIZE"
100 if ($QUIET == NO) then
101 echo $cmd
102 endif
103 $cmd >& /dev/null|| exit(1)
104
105 #############
106 #
107 # PKCS5 v1.5 algorithms:
108 #
109 if ($QUIET == NO) then
110 echo ...testing PKCS5 v1.5 PBE with RSA keys
111 endif
112 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD5-DES rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
113 $cmd || exit(1)
114 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD2-DES rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
115 $cmd || exit(1)
116 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-64 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
117 $cmd || exit(1)
118 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD2-RC2-64 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
119 $cmd || exit(1)
120 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD5-RC2-64 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
121 $cmd || exit(1)
122 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-DES rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
123 $cmd || exit(1)
124
125 #
126 # PKCS5 v2.0 PBE algorithms
127 #
128 if ($QUIET == NO) then
129 echo ...testing PKCS5 v2.0 PBE with RSA keys
130 endif
131 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des3 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
132 $cmd || exit(1)
133 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
134 $cmd || exit(1)
135 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 rc2 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
136 $cmd || exit(1)
137
138 #
139 # PKCS12 PBE algorithms
140 # NOTE we do not support PBE-SHA1-2DES (no double DES in the CSP)
141 #
142 if ($QUIET == NO) then
143 echo ...testing PKCS12 PBE with RSA keys
144 endif
145 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC4-128 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
146 $cmd || exit(1)
147 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC4-40 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
148 $cmd || exit(1)
149 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-3DES rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
150 $cmd || exit(1)
151 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-128 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
152 $cmd || exit(1)
153 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-40 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
154 $cmd || exit(1)
155
156 #
157 # PKCS8 import, DSA form.
158 # The PKCS8 logic is (mostly) algorithm independent so we'll just do a few of these
159 # to make sure the CSP can import and export correctly.
160 #
161 if ($QUIET == NO) then
162 echo ...testing PKCS8 import with DSA keys
163 endif
164 set cmd="$RM -f $DSA_PRIV_KEY"
165 if ($QUIET == NO) then
166 echo $cmd
167 endif
168 $cmd || exit(1)
169 set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $DSA_PARAMS"
170 if ($QUIET == NO) then
171 echo $cmd
172 endif
173 $cmd >& /dev/null || exit(1)
174 set cmd="$PKCS8SUBTOOL $DSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-40 dsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
175 $cmd || exit(1)
176 set cmd="$PKCS8SUBTOOL $DSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des3 dsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
177 $cmd || exit(1)
178
179 #
180 # PKCS8 Export
181 #
182 if ($QUIET == NO) then
183 echo ...testing PKCS8 Export of RSA private key
184 endif
185 set cmd="$PKCS8EXPORTTOOL $RSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN PEM rsa 512 $QUIET $NOACL $SECURE_PHRASE"
186 $cmd || exit(1)
187 set cmd="$PKCS8EXPORTTOOL $RSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN DER rsa 512 $QUIET $NOACL $SECURE_PHRASE"
188 $cmd || exit(1)
189
190 if ($QUIET == NO) then
191 echo ...testing PKCS8 Export of DSA private key
192 endif
193 set cmd="$PKCS8EXPORTTOOL $DSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN PEM dsa 512 $QUIET $NOACL $SECURE_PHRASE"
194 $cmd || exit(1)
195 set cmd="$PKCS8EXPORTTOOL $DSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN DER dsa 512 $QUIET $NOACL $SECURE_PHRASE"
196 $cmd || exit(1)
197
198 # cleanup
199 if($NOCLEAN == NO) then
200 set cmd="rm -f $RSA_PRIV_KEY $DSA_PRIV_KEY $PKCS8_KEY_OS $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS"
201 if ($QUIET == NO) then
202 echo $cmd
203 endif
204 $cmd || exit(1)
205 endif
206
207 if ($QUIET == NO) then
208 echo === PKCS8 test complete ===
209 endif
210