SecurityTests/clxutils/importExport/exportPkcs8Tool

   1 #! /bin/csh -f
   2 #
   3 # Run one iteration of PKCS8 export test.
   4 # Only used as a subroutine call from importExportPkcs8.
   5 #
   6 # Usage
   7 #   exportPkcs8Tool rawKey p8keyGen p8KeyParse keychain p8Format(PEM|DER) alg(rsa|dsa) keysize quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO)
   8 #
   9 if ( $#argv != 10 ) then
  10         exit(1)
  11 endif
  12 set RAWKEY=$argv[1]
  13 set PKCS8_KEY_EXP=$argv[2]
  14 set PKCS8_KEY_PARSE_OS=$argv[3]
  15 set KEYCHAIN=$argv[4]
  16 set FORMAT=$argv[5]
  17 set KEY_ALG=$argv[6]
  18 set KEY_SIZE=$argv[7]
  19 set QUIET=$argv[8]
  20 set QUIET_ARG=
  21 if ($QUIET == YES) then
  22         set QUIET_ARG=-q
  23 endif
  24 set NOACL_ARG=
  25 if ($argv[9] == YES) then
  26         set NOACL_ARG=-n
  27 endif
  28 set SECURE_PHRASE_ARG=
  29 if ($argv[10] == YES) then
  30         set SECURE_PHRASE_ARG=-Z
  31 endif
  32
  33 set PEM_ARG=
  34 if ($FORMAT == PEM) then
  35         set PEM_ARG=-p
  36 endif
  37
  38 set BUILD_DIR=$LOCAL_BUILD_DIR
  39
  40 source setupCommon
  41
  42 set P8_PASSWORD=foobar
  43 set OS_PWD_ARG="-passout pass:$P8_PASSWORD"
  44
  45 if ($QUIET == NO) then
  46         echo $CLEANKC
  47 endif
  48 $CLEANKC || exit(1)
  49 #
  50 # import the raw key
  51 #
  52 set cmd="$KCIMPORT $RAWKEY -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
  53 if ($QUIET == NO) then
  54         echo $cmd
  55 endif
  56 $cmd || exit(1)
  57 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
  58 if ($QUIET == NO) then
  59         echo $cmd
  60 endif
  61 $cmd || exit(1)
  62 #
  63 # Export it in P8 form
  64 #
  65 set cmd="$RM -f $PKCS8_KEY_EXP"
  66 if ($QUIET == NO) then
  67         echo $cmd
  68 endif
  69 $cmd || exit(1)
  70 set cmd="$KCEXPORT $KEYCHAIN -t privKeys -f pkcs8 -z $P8_PASSWORD -o $PKCS8_KEY_EXP $PEM_ARG -q $SECURE_PHRASE_ARG"
  71 if ($QUIET == NO) then
  72         echo $cmd
  73 endif
  74 $cmd || exit(1)
  75 #
  76 # Ensure that openssl can read it
  77 #
  78 set cmd="$RM -f $PKCS8_KEY_PARSE_OS"
  79 if ($QUIET == NO) then
  80         echo $cmd
  81 endif
  82 $cmd || exit(1)
  83 set cmd="$OPENSSL pkcs8 -inform $FORMAT -outform DER -in $PKCS8_KEY_EXP -passin pass:$P8_PASSWORD -out $PKCS8_KEY_PARSE_OS"
  84 if ($QUIET == NO) then
  85         echo $cmd
  86 endif
  87 $cmd || exit(1)
  88 #
  89 # Then ensure we can read the parsed result
  90 #
  91 if ($QUIET == NO) then
  92         echo $CLEANKC
  93 endif
  94 $CLEANKC || exit(1)
  95 set cmd="$KCIMPORT $PKCS8_KEY_PARSE_OS -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
  96 if ($QUIET == NO) then
  97         echo $cmd
  98 endif
  99 $cmd || exit(1)
 100 set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
 101 if ($QUIET == NO) then
 102         echo $cmd
 103 endif
 104 $cmd || exit(1)