SecurityTests/clxutils/importExport/importExportOpensslWrap

   1 #! /bin/csh -f
   2 #
   3 # Run import/export tests for traditional openssl wrapped keys.
   4 #
   5 # Run this from SecurityTests/clxutils/importExport. The
   6 # kcImport and kcExport programs must exist in the location
   7 # specified by the LOCAL_BUILD_DIR env var.
   8 #
   9
  10 source setupCommon
  11
  12 set OPENSSLEXPORTTOOL=./exportOpensslTool
  13
  14 set PASSWORD=foobar
  15 set OS_PWD_ARG="-passout pass:$PASSWORD"
  16
  17 # RSA private key, raw format, generated by openssl
  18 set RSA_RAW_PRIV_KEY=${BUILD_DIR}/rsapriv_raw.pem
  19
  20 # RSA private key, openssl wrap format, generated by openssl
  21 set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.os
  22
  23 # RSA private key, openssl wrap format, generated by kcExport
  24 set RSA_PRIV_KEY_EXP=${BUILD_DIR}/rsapriv_exp_os
  25
  26 # RSA private key, raw format, generated by openssl
  27 set DSA_RAW_PRIV_KEY=${BUILD_DIR}/dsapriv_raw.pem
  28
  29 # DSA private key, PEM, generated by openssl
  30 set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.pem
  31
  32 # DSA private key, openssl wrap format, generated by kcExport
  33 set DSA_PRIV_KEY_EXP=${BUILD_DIR}/dsapriv_exp_os
  34
  35 # raw private key converted by openssl from our exported wrap
  36 set PRIV_KEY_PARSE=${BUILD_DIR}/privkey_parse
  37
  38 # DSA parameters
  39 set DSA_PARAMS=dsaParamOpenssl.pem
  40
  41 # user specified variables
  42 set QUIET=NO
  43 set QUIET_ARG=
  44 set KEYSIZE=512
  45 set NOACL=NO
  46 set NOACL_ARG=
  47 set SECURE_PHRASE=NO
  48 set SECURE_PHRASE_ARG=
  49 set NOCLEAN=NO
  50
  51 # user options
  52
  53 while ( $#argv > 0 )
  54     switch ( "$argv[1]" )
  55         case q:
  56             set QUIET=YES
  57                         set QUIET_ARG=-q
  58             shift
  59             breaksw
  60         case n:
  61             set NOACL=YES
  62                         set NOACL_ARG=-n
  63             shift
  64             breaksw
  65         case s:
  66             set SECURE_PHRASE=YES
  67                         set SECURE_PHRASE_ARG=-Z
  68             shift
  69             breaksw
  70                 case N:
  71                         set NOCLEAN=YES
  72             shift
  73             breaksw
  74         default:
  75             echo Usage: importExportOpensslWrap \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
  76             exit(1)
  77     endsw
  78 end
  79
  80 echo === Begin Openssl wrap test ===
  81 if ($QUIET == NO) then
  82         echo $CLEANKC
  83 endif
  84 $CLEANKC || exit(1)
  85
  86 if ($QUIET == NO) then
  87         echo ...Testing import of RSA key generated by openssl
  88 endif
  89 set cmd="$RM -f $RSA_PRIV_KEY"
  90 if ($QUIET == NO) then
  91         echo $cmd
  92 endif
  93 $cmd || exit(1)
  94 #
  95 # generate RSA with openssl
  96 #
  97 set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $OS_PWD_ARG -des $KEYSIZE"
  98 if ($QUIET == NO) then
  99         echo $cmd
 100 endif
 101 $cmd >& /dev/null|| exit(1)
 102
 103 #
 104 # import
 105 #
 106 set cmd="$KCIMPORT $RSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
 107 if ($QUIET == NO) then
 108         echo $cmd
 109 endif
 110 $cmd || exit(1)
 111 #
 112 # verify by examining the keychain
 113 #
 114 set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
 115 if ($QUIET == NO) then
 116         echo $cmd
 117 endif
 118 $cmd || exit(1)
 119
 120 #
 121 # import DSA
 122 #
 123 if ($QUIET == NO) then
 124         echo ...Testing import of DSA key generated by openssl
 125 endif
 126 if ($QUIET == NO) then
 127         echo $CLEANKC
 128 endif
 129 $CLEANKC || exit(1)
 130 set cmd="$RM -f $DSA_PRIV_KEY"
 131 if ($QUIET == NO) then
 132         echo $cmd
 133 endif
 134 $cmd || exit(1)
 135 #
 136 # generate DSA with openssl
 137 #
 138 set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $OS_PWD_ARG -des $DSA_PARAMS"
 139 if ($QUIET == NO) then
 140         echo $cmd
 141 endif
 142 $cmd >& /dev/null|| exit(1)
 143 #
 144 # import
 145 #
 146 set cmd="$KCIMPORT $DSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
 147 if ($QUIET == NO) then
 148         echo $cmd
 149 endif
 150 $cmd || exit(1)
 151 #
 152 # verify by examining the keychain
 153 #
 154 set cmd="$DBVERIFY $KEYCHAIN_PATH dsa priv $KEYSIZE $QUIET_ARG"
 155 if ($QUIET == NO) then
 156         echo $cmd
 157 endif
 158 $cmd || exit(1)
 159 #
 160 # openssl wrap form Export
 161 #
 162 if ($QUIET == NO) then
 163         echo ...testing openssl export of RSA private key
 164 endif
 165 #
 166 # generate raw RSA with openssl
 167 #
 168 set cmd="$OPENSSL genrsa -out $RSA_RAW_PRIV_KEY $KEYSIZE"
 169 if ($QUIET == NO) then
 170         echo $cmd
 171 endif
 172 $cmd >& /dev/null|| exit(1)
 173 #
 174 set cmd="$OPENSSLEXPORTTOOL $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY_EXP $PRIV_KEY_PARSE rsa 512 $QUIET $NOACL $SECURE_PHRASE"
 175 $cmd || exit(1)
 176
 177 if ($QUIET == NO) then
 178         echo ...testing openssl export of DSA private key
 179 endif
 180 #
 181 # generate DSA with openssl
 182 #
 183 set cmd="$OPENSSL gendsa -out $DSA_RAW_PRIV_KEY $DSA_PARAMS"
 184 if ($QUIET == NO) then
 185         echo $cmd
 186 endif
 187 $cmd >& /dev/null|| exit(1)
 188 #
 189 set cmd="$OPENSSLEXPORTTOOL $DSA_RAW_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE dsa 512 $QUIET $NOACL $SECURE_PHRASE"
 190 $cmd || exit(1)
 191
 192 # cleanup
 193 if ($NOCLEAN == NO) then
 194         set cmd1="rm -f $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY $RSA_PRIV_KEY_EXP $DSA_RAW_PRIV_KEY"
 195         set cmd2="rm -f $DSA_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE"
 196         if ($QUIET == NO) then
 197                 echo $cmd1
 198                 echo $cmd2
 199         endif
 200         $cmd1 || exit(1)
 201         $cmd2 || exit(1)
 202 endif
 203
 204 if ($QUIET == NO) then
 205         echo === Openssl wrap test complete ===
 206 endif
 207