]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/exportOpensslTool
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / exportOpensslTool
1 #! /bin/csh -f
2 #
3 # Run one iteration of openssl wrap export test.
4 # Only used as a subroutine call from importExportOpensslWrap
5 #
6 # Usage
7 # exportOpensslTool rawKey oskeyGen osKeyParse alg(rsa|dsa) keysize quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO)
8 #
9 if ( $#argv != 8 ) then
10 echo usage error for exportOpensslTool
11 exit(1)
12 endif
13 set RAWKEY=$argv[1]
14 set OS_KEY_EXP=$argv[2]
15 set OS_KEY_PARSE_OS=$argv[3]
16 set KEY_ALG=$argv[4]
17 set KEY_SIZE=$argv[5]
18 set QUIET=$argv[6]
19 set QUIET_ARG=
20 if ($QUIET == YES) then
21 set QUIET_ARG=-q
22 endif
23 set NOACL_ARG=
24 if ($argv[7] == YES) then
25 set NOACL_ARG=-n
26 endif
27 set SECURE_PHRASE_ARG=
28 if ($argv[8] == YES) then
29 set SECURE_PHRASE_ARG=-Z
30 endif
31
32 source setupCommon
33
34 set PASSWORD=foobar
35 set OS_PWD_ARG="-passout pass:$PASSWORD"
36
37 if ($QUIET == NO) then
38 echo $CLEANKC
39 endif
40 $CLEANKC || exit(1)
41 #
42 # import the raw key
43 #
44 set cmd="$KCIMPORT $RAWKEY -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
45 if ($QUIET == NO) then
46 echo $cmd
47 endif
48 $cmd || exit(1)
49 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
50 if ($QUIET == NO) then
51 echo $cmd
52 endif
53 $cmd || exit(1)
54 #
55 # Export it in openssl wrap form
56 #
57 set cmd="$RM -f $OS_KEY_EXP"
58 if ($QUIET == NO) then
59 echo $cmd
60 endif
61 $cmd || exit(1)
62 set cmd="$KCEXPORT $KEYCHAIN -t privKeys -f openssl -w -z $PASSWORD -o $OS_KEY_EXP -q $SECURE_PHRASE_ARG"
63 if ($QUIET == NO) then
64 echo $cmd
65 endif
66 $cmd || exit(1)
67 #
68 # Ensure that openssl can read it, then write it in unencrypted form
69 # Save openssl's stderr in a temp file and cat that to our stderr only on error.
70 #
71 set STDERR_TMP=/tmp/openssl_stderr
72 set cmd="$RM -f $OS_KEY_PARSE_OS"
73 if ($QUIET == NO) then
74 echo $cmd
75 endif
76 $cmd || exit(1)
77 set cmd="$OPENSSL $KEY_ALG -inform PEM -outform DER -in $OS_KEY_EXP -passin pass:$PASSWORD -out $OS_KEY_PARSE_OS"
78 if ($QUIET == NO) then
79 echo $cmd
80 endif
81 $cmd >& $STDERR_TMP
82 if($status != 0) then
83 cat $STDERR_TMP > /dev/stderr
84 exit(1)
85 endif
86 rm $STDERR_TMP
87 #
88 # Then ensure we can read the parsed result
89 #
90 if ($QUIET == NO) then
91 echo $CLEANKC
92 endif
93 $CLEANKC || exit(1)
94 set cmd="$KCIMPORT $OS_KEY_PARSE_OS -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG"
95 if ($QUIET == NO) then
96 echo $cmd
97 endif
98 $cmd || exit(1)
99 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
100 if ($QUIET == NO) then
101 echo $cmd
102 endif
103 $cmd || exit(1)