SecurityTests/clxutils/importExport/impExpOpensslEcdsaTool

   1 #! /bin/csh -f
   2 #
   3 # Run one iteration of PKCS8 portion of import/export tests.
   4 # Only used as a subroutine call from importExportPkcs8.
   5 #
   6 # Usage
   7 #   impExpOpensslEcdsaTool keySizeBits  quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO) noClean(YES|NO)
   8 #
   9 if ( $#argv != 5 ) then
  10         exit(1)
  11 endif
  12
  13 set KEYBITS=$argv[1]
  14 set QUIET=$argv[2]
  15 set QUIET_ARG=
  16 set QUIET_ARG_N=
  17 if ($QUIET == YES) then
  18         set QUIET_ARG=q
  19         set QUIET_ARG_N=-q
  20 endif
  21 set NOACL_ARG=
  22 if ($argv[3] == YES) then
  23         set NOACL_ARG=-n
  24 endif
  25 set SECURE_PHRASE_ARG=
  26 if ($argv[4] == YES) then
  27         set SECURE_PHRASE_ARG=-Z
  28 endif
  29 set NOCLEAN=$argv[5]
  30
  31 set OS_CURVE=
  32 switch ( $KEYBITS )
  33         case 256:
  34                 set OS_CURVE = prime256v1
  35                 breaksw
  36         case 384:
  37                 set OS_CURVE = secp384r1
  38                 breaksw
  39         case 521:
  40                 set OS_CURVE = secp521r1
  41                 breaksw
  42         default:
  43                 echo "***Unknown key size"
  44                 exit(1)
  45 endsw
  46
  47 source setupCommon
  48
  49 set PASSWORD=foobar
  50 set OS_PWD_ARG="-passout pass:$PASSWORD"
  51
  52 set PLAINTEXT=somePlainText
  53 set SIGFILE=${BUILD_DIR}/ecdsaSig
  54 set KEYBASE=${BUILD_DIR}/opensslGen
  55 # formats of these - with _priv.der, _pub.der suffixes - dictated by rsatool
  56 set KEYFILE_PRIV=${KEYBASE}_priv.der
  57 set KEYFILE_PUB=${KEYBASE}_pub.der
  58 set EXPORT_KEYBASE=${BUILD_DIR}/ecdsaExpFromP8
  59 set EXPORT_KEYFILE=${EXPORT_KEYBASE}_priv.der
  60 set P8FILE=${BUILD_DIR}/ecdsaPriv.p8
  61
  62 # empty the keychain
  63 if ($QUIET == NO) then
  64         echo $CLEANKC
  65 endif
  66 $CLEANKC || exit(1)
  67
  68 # generate the single key
  69 set cmd="$OPENSSL ecparam -genkey -outform DER -out $KEYFILE_PRIV -name $OS_CURVE -noout"
  70 if ($QUIET == NO) then
  71         echo $cmd
  72 endif
  73 $cmd || exit(1)
  74
  75 # sign with CDSA
  76 set cmd="$RSATOOL s a=e k=$KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
  77 if ($QUIET == NO) then
  78         echo $cmd
  79 endif
  80 $cmd || exit(1)
  81
  82 # Public key in openssl form is the unified key produced by openssl
  83 set cmd="cp $KEYFILE_PRIV $KEYFILE_PUB"
  84 if ($QUIET == NO) then
  85         echo $cmd
  86 endif
  87 $cmd || exit(1)
  88
  89 # verify with CDSA
  90 set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
  91 if ($QUIET == NO) then
  92         echo $cmd
  93 endif
  94 $cmd || exit(1)
  95
  96 # Use openssl to create a p8 with the private key
  97 set cmd="$OPENSSL pkcs8 -topk8 -inform DER -outform DER -in $KEYFILE_PRIV -out $P8FILE $OS_PWD_ARG"
  98 if ($QUIET == NO) then
  99         echo $cmd
 100 endif
 101 $cmd || exit(1)
 102
 103 # Import that p8, no ACL, extractable in the clear
 104 set cmd="$KCIMPORT $P8FILE -k $KEYCHAIN -f pkcs8 -w -n -e -z $PASSWORD $QUIET_ARG_N"
 105 if ($QUIET == NO) then
 106         echo $cmd
 107 endif
 108 $cmd || exit(1)
 109
 110 # export in openssl format
 111 set cmd="$KCEXPORT $KEYCHAIN -f openssl -o $EXPORT_KEYFILE -t privKeys $QUIET_ARG_N"
 112 if ($QUIET == NO) then
 113         echo $cmd
 114 endif
 115 $cmd || exit(1)
 116
 117 # Sign and verify again
 118 set cmd="$RSATOOL s a=e k=$EXPORT_KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
 119 if ($QUIET == NO) then
 120         echo $cmd
 121 endif
 122 $cmd || exit(1)
 123
 124 set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
 125 if ($QUIET == NO) then
 126         echo $cmd
 127 endif
 128 $cmd || exit(1)
 129
 130 if($NOCLEAN == NO) then
 131         set cmd="rm -f $SIGFILE $KEYFILE_PRIV $KEYFILE_PUB $EXPORT_KEYFILE $P8FILE"
 132         if ($QUIET == NO) then
 133                 echo $cmd
 134         endif
 135         $cmd || exit(1)
 136 endif