SecurityTests/clxutils/importExport/importExportPkcs8

   1 #! /bin/csh -f
   2 #
   3 # Run PKCS8 import/export tests.
   4 #
   5 # Run this from SecurityTests/clxutils/importExport. The
   6 # kcImport and kcExport programs must exist in the location
   7 # specified by the LOCAL_BUILD_DIR env var.
   8 #
   9
  10 source setupCommon
  11
  12 set PKCS8SUBTOOL=./importExportPkcs8Tool
  13 set PKCS8EXPORTTOOL=./exportPkcs8Tool
  14
  15 set P8_PASSWORD=foobar
  16
  17 # RSA private key, PEM, generated by openssl
  18 set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.clear.pem
  19
  20 # DSA private key, PEM, generated by openssl
  21 set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.clear.pem
  22
  23 # DSA parameters
  24 set DSA_PARAMS=dsaParamOpenssl.pem
  25
  26 # PKCS8 blob, generated by openssl
  27 set PKCS8_KEY_OS=${BUILD_DIR}/pkcs8.p8
  28
  29 # PKCS8 blob, generated by kcExport
  30 set PKCS8_KEY_EXP=${BUILD_DIR}/pkcs8_exp.p8
  31
  32 # raw key, generated by openssl after parsing our p8
  33 set PKCS8_KEY_PARSE_OS=${BUILD_DIR}/pkcs8_parse
  34
  35 # DSA parameters
  36 set DSA_PARAMS_512_DER=dsaParams_512.der
  37 set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem
  38
  39 # user specified variables
  40 set QUIET=NO
  41 set QUIET_ARG=
  42 set KEYSIZE=512
  43 set NOACL=NO
  44 set NOACL_ARG=
  45 set SECURE_PHRASE=NO
  46 set SECURE_PHRASE_ARG=
  47 set NOCLEAN=NO
  48
  49 # user options
  50
  51 while ( $#argv > 0 )
  52     switch ( "$argv[1]" )
  53         case q:
  54             set QUIET=YES
  55                         set QUIET_ARG=-q
  56             shift
  57             breaksw
  58         case n:
  59             set NOACL=YES
  60                         set NOACL_ARG=-n
  61             shift
  62             breaksw
  63         case s:
  64             set SECURE_PHRASE=YES
  65                         set SECURE_PHRASE_ARG=-Z
  66             shift
  67             breaksw
  68                 case N:
  69                         set NOCLEAN=YES
  70             shift
  71             breaksw
  72         default:
  73             echo Usage: importExportPkcs8 \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\]  \[N\(oClean\)\]
  74             exit(1)
  75     endsw
  76 end
  77
  78 echo === Begin PKCS8 test ===
  79 if ($QUIET == NO) then
  80         echo $CLEANKC
  81 endif
  82 $CLEANKC || exit(1)
  83
  84 ###
  85 ### RSA testing
  86 ###
  87
  88 # Create RSA key pair using openssl
  89 # private keys are only generated in PEM format
  90 if ($QUIET == NO) then
  91         echo ...RSA key testing, openssl generated
  92         echo Creating RSA private key using openssl...
  93 endif
  94 set cmd="$RM -f $RSA_PRIV_KEY"
  95 if ($QUIET == NO) then
  96         echo $cmd
  97 endif
  98 $cmd || exit(1)
  99 set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $KEYSIZE"
 100 if ($QUIET == NO) then
 101         echo $cmd
 102 endif
 103 $cmd >& /dev/null|| exit(1)
 104
 105 #############
 106 #
 107 # PKCS5 v1.5 algorithms:
 108 #
 109 if ($QUIET == NO) then
 110         echo ...testing PKCS5 v1.5 PBE with RSA keys
 111 endif
 112 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD5-DES rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 113 $cmd || exit(1)
 114 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD2-DES rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 115 $cmd || exit(1)
 116 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-64 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 117 $cmd || exit(1)
 118 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD2-RC2-64 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 119 $cmd || exit(1)
 120 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-MD5-RC2-64 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 121 $cmd || exit(1)
 122 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-DES rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 123 $cmd || exit(1)
 124
 125 #
 126 # PKCS5 v2.0 PBE algorithms
 127 #
 128 if ($QUIET == NO) then
 129         echo ...testing PKCS5 v2.0 PBE with RSA keys
 130 endif
 131 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des3 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 132 $cmd || exit(1)
 133 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 134 $cmd || exit(1)
 135 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 rc2 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 136 $cmd || exit(1)
 137
 138 #
 139 # PKCS12 PBE algorithms
 140 # NOTE we do not support PBE-SHA1-2DES (no double DES in the CSP)
 141 #
 142 if ($QUIET == NO) then
 143         echo ...testing PKCS12 PBE with RSA keys
 144 endif
 145 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC4-128 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 146 $cmd || exit(1)
 147 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC4-40 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 148 $cmd || exit(1)
 149 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-3DES rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 150 $cmd || exit(1)
 151 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-128 rsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 152 $cmd || exit(1)
 153 set cmd="$PKCS8SUBTOOL $RSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-40 rsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 154 $cmd || exit(1)
 155
 156 #
 157 # PKCS8 import, DSA form.
 158 # The PKCS8 logic is (mostly) algorithm independent so we'll just do a few of these
 159 # to make sure the CSP can import and export correctly.
 160 #
 161 if ($QUIET == NO) then
 162         echo ...testing PKCS8 import with DSA keys
 163 endif
 164 set cmd="$RM -f $DSA_PRIV_KEY"
 165 if ($QUIET == NO) then
 166         echo $cmd
 167 endif
 168 $cmd || exit(1)
 169 set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $DSA_PARAMS"
 170 if ($QUIET == NO) then
 171         echo $cmd
 172 endif
 173 $cmd >& /dev/null || exit(1)
 174 set cmd="$PKCS8SUBTOOL $DSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v1 PBE-SHA1-RC2-40 dsa 512 $QUIET $NOACL DER $SECURE_PHRASE"
 175 $cmd || exit(1)
 176 set cmd="$PKCS8SUBTOOL $DSA_PRIV_KEY $PKCS8_KEY_OS $KEYCHAIN -v2 des3 dsa 512 $QUIET $NOACL PEM $SECURE_PHRASE"
 177 $cmd || exit(1)
 178
 179 #
 180 # PKCS8 Export
 181 #
 182 if ($QUIET == NO) then
 183         echo ...testing PKCS8 Export of RSA private key
 184 endif
 185 set cmd="$PKCS8EXPORTTOOL $RSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN PEM rsa 512 $QUIET $NOACL $SECURE_PHRASE"
 186 $cmd || exit(1)
 187 set cmd="$PKCS8EXPORTTOOL $RSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN DER rsa 512 $QUIET $NOACL $SECURE_PHRASE"
 188 $cmd || exit(1)
 189
 190 if ($QUIET == NO) then
 191         echo ...testing PKCS8 Export of DSA private key
 192 endif
 193 set cmd="$PKCS8EXPORTTOOL $DSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN PEM dsa 512 $QUIET $NOACL $SECURE_PHRASE"
 194 $cmd || exit(1)
 195 set cmd="$PKCS8EXPORTTOOL $DSA_PRIV_KEY $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS $KEYCHAIN DER dsa 512 $QUIET $NOACL $SECURE_PHRASE"
 196 $cmd || exit(1)
 197
 198 # cleanup
 199 if($NOCLEAN == NO) then
 200         set cmd="rm -f $RSA_PRIV_KEY $DSA_PRIV_KEY $PKCS8_KEY_OS $PKCS8_KEY_EXP $PKCS8_KEY_PARSE_OS"
 201         if ($QUIET == NO) then
 202                 echo $cmd
 203         endif
 204         $cmd || exit(1)
 205 endif
 206
 207 if ($QUIET == NO) then
 208         echo === PKCS8 test complete ===
 209 endif
 210