]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/impExpOpensslEcdsaTool
Security-57031.10.10.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / impExpOpensslEcdsaTool
1 #! /bin/csh -f
2 #
3 # Run one iteration of PKCS8 portion of import/export tests.
4 # Only used as a subroutine call from importExportPkcs8.
5 #
6 # Usage
7 # impExpOpensslEcdsaTool keySizeBits quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO) noClean(YES|NO)
8 #
9 if ( $#argv != 5 ) then
10 exit(1)
11 endif
12
13 set KEYBITS=$argv[1]
14 set QUIET=$argv[2]
15 set QUIET_ARG=
16 set QUIET_ARG_N=
17 if ($QUIET == YES) then
18 set QUIET_ARG=q
19 set QUIET_ARG_N=-q
20 endif
21 set NOACL_ARG=
22 if ($argv[3] == YES) then
23 set NOACL_ARG=-n
24 endif
25 set SECURE_PHRASE_ARG=
26 if ($argv[4] == YES) then
27 set SECURE_PHRASE_ARG=-Z
28 endif
29 set NOCLEAN=$argv[5]
30
31 set OS_CURVE=
32 switch ( $KEYBITS )
33 case 256:
34 set OS_CURVE = prime256v1
35 breaksw
36 case 384:
37 set OS_CURVE = secp384r1
38 breaksw
39 case 521:
40 set OS_CURVE = secp521r1
41 breaksw
42 default:
43 echo "***Unknown key size"
44 exit(1)
45 endsw
46
47 source setupCommon
48
49 set PASSWORD=foobar
50 set OS_PWD_ARG="-passout pass:$PASSWORD"
51
52 set PLAINTEXT=somePlainText
53 set SIGFILE=${BUILD_DIR}/ecdsaSig
54 set KEYBASE=${BUILD_DIR}/opensslGen
55 # formats of these - with _priv.der, _pub.der suffixes - dictated by rsatool
56 set KEYFILE_PRIV=${KEYBASE}_priv.der
57 set KEYFILE_PUB=${KEYBASE}_pub.der
58 set EXPORT_KEYBASE=${BUILD_DIR}/ecdsaExpFromP8
59 set EXPORT_KEYFILE=${EXPORT_KEYBASE}_priv.der
60 set P8FILE=${BUILD_DIR}/ecdsaPriv.p8
61
62 # empty the keychain
63 if ($QUIET == NO) then
64 echo $CLEANKC
65 endif
66 $CLEANKC || exit(1)
67
68 # generate the single key
69 set cmd="$OPENSSL ecparam -genkey -outform DER -out $KEYFILE_PRIV -name $OS_CURVE -noout"
70 if ($QUIET == NO) then
71 echo $cmd
72 endif
73 $cmd || exit(1)
74
75 # sign with CDSA
76 set cmd="$RSATOOL s a=e k=$KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
77 if ($QUIET == NO) then
78 echo $cmd
79 endif
80 $cmd || exit(1)
81
82 # Public key in openssl form is the unified key produced by openssl
83 set cmd="cp $KEYFILE_PRIV $KEYFILE_PUB"
84 if ($QUIET == NO) then
85 echo $cmd
86 endif
87 $cmd || exit(1)
88
89 # verify with CDSA
90 set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
91 if ($QUIET == NO) then
92 echo $cmd
93 endif
94 $cmd || exit(1)
95
96 # Use openssl to create a p8 with the private key
97 set cmd="$OPENSSL pkcs8 -topk8 -inform DER -outform DER -in $KEYFILE_PRIV -out $P8FILE $OS_PWD_ARG"
98 if ($QUIET == NO) then
99 echo $cmd
100 endif
101 $cmd || exit(1)
102
103 # Import that p8, no ACL, extractable in the clear
104 set cmd="$KCIMPORT $P8FILE -k $KEYCHAIN -f pkcs8 -w -n -e -z $PASSWORD $QUIET_ARG_N"
105 if ($QUIET == NO) then
106 echo $cmd
107 endif
108 $cmd || exit(1)
109
110 # export in openssl format
111 set cmd="$KCEXPORT $KEYCHAIN -f openssl -o $EXPORT_KEYFILE -t privKeys $QUIET_ARG_N"
112 if ($QUIET == NO) then
113 echo $cmd
114 endif
115 $cmd || exit(1)
116
117 # Sign and verify again
118 set cmd="$RSATOOL s a=e k=$EXPORT_KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
119 if ($QUIET == NO) then
120 echo $cmd
121 endif
122 $cmd || exit(1)
123
124 set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
125 if ($QUIET == NO) then
126 echo $cmd
127 endif
128 $cmd || exit(1)
129
130 if($NOCLEAN == NO) then
131 set cmd="rm -f $SIGFILE $KEYFILE_PRIV $KEYFILE_PUB $EXPORT_KEYFILE $P8FILE"
132 if ($QUIET == NO) then
133 echo $cmd
134 endif
135 $cmd || exit(1)
136 endif