]> git.saurik.com Git - apple/security.git/blob - SecurityTests/clxutils/importExport/importExportOpensslWrap
Security-57031.1.35.tar.gz
[apple/security.git] / SecurityTests / clxutils / importExport / importExportOpensslWrap
1 #! /bin/csh -f
2 #
3 # Run import/export tests for traditional openssl wrapped keys.
4 #
5 # Run this from SecurityTests/clxutils/importExport. The
6 # kcImport and kcExport programs must exist in the location
7 # specified by the LOCAL_BUILD_DIR env var.
8 #
9
10 source setupCommon
11
12 set OPENSSLEXPORTTOOL=./exportOpensslTool
13
14 set PASSWORD=foobar
15 set OS_PWD_ARG="-passout pass:$PASSWORD"
16
17 # RSA private key, raw format, generated by openssl
18 set RSA_RAW_PRIV_KEY=${BUILD_DIR}/rsapriv_raw.pem
19
20 # RSA private key, openssl wrap format, generated by openssl
21 set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.os
22
23 # RSA private key, openssl wrap format, generated by kcExport
24 set RSA_PRIV_KEY_EXP=${BUILD_DIR}/rsapriv_exp_os
25
26 # RSA private key, raw format, generated by openssl
27 set DSA_RAW_PRIV_KEY=${BUILD_DIR}/dsapriv_raw.pem
28
29 # DSA private key, PEM, generated by openssl
30 set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.pem
31
32 # DSA private key, openssl wrap format, generated by kcExport
33 set DSA_PRIV_KEY_EXP=${BUILD_DIR}/dsapriv_exp_os
34
35 # raw private key converted by openssl from our exported wrap
36 set PRIV_KEY_PARSE=${BUILD_DIR}/privkey_parse
37
38 # DSA parameters
39 set DSA_PARAMS=dsaParamOpenssl.pem
40
41 # user specified variables
42 set QUIET=NO
43 set QUIET_ARG=
44 set KEYSIZE=512
45 set NOACL=NO
46 set NOACL_ARG=
47 set SECURE_PHRASE=NO
48 set SECURE_PHRASE_ARG=
49 set NOCLEAN=NO
50
51 # user options
52
53 while ( $#argv > 0 )
54 switch ( "$argv[1]" )
55 case q:
56 set QUIET=YES
57 set QUIET_ARG=-q
58 shift
59 breaksw
60 case n:
61 set NOACL=YES
62 set NOACL_ARG=-n
63 shift
64 breaksw
65 case s:
66 set SECURE_PHRASE=YES
67 set SECURE_PHRASE_ARG=-Z
68 shift
69 breaksw
70 case N:
71 set NOCLEAN=YES
72 shift
73 breaksw
74 default:
75 echo Usage: importExportOpensslWrap \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
76 exit(1)
77 endsw
78 end
79
80 echo === Begin Openssl wrap test ===
81 if ($QUIET == NO) then
82 echo $CLEANKC
83 endif
84 $CLEANKC || exit(1)
85
86 if ($QUIET == NO) then
87 echo ...Testing import of RSA key generated by openssl
88 endif
89 set cmd="$RM -f $RSA_PRIV_KEY"
90 if ($QUIET == NO) then
91 echo $cmd
92 endif
93 $cmd || exit(1)
94 #
95 # generate RSA with openssl
96 #
97 set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $OS_PWD_ARG -des $KEYSIZE"
98 if ($QUIET == NO) then
99 echo $cmd
100 endif
101 $cmd >& /dev/null|| exit(1)
102
103 #
104 # import
105 #
106 set cmd="$KCIMPORT $RSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
107 if ($QUIET == NO) then
108 echo $cmd
109 endif
110 $cmd || exit(1)
111 #
112 # verify by examining the keychain
113 #
114 set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
115 if ($QUIET == NO) then
116 echo $cmd
117 endif
118 $cmd || exit(1)
119
120 #
121 # import DSA
122 #
123 if ($QUIET == NO) then
124 echo ...Testing import of DSA key generated by openssl
125 endif
126 if ($QUIET == NO) then
127 echo $CLEANKC
128 endif
129 $CLEANKC || exit(1)
130 set cmd="$RM -f $DSA_PRIV_KEY"
131 if ($QUIET == NO) then
132 echo $cmd
133 endif
134 $cmd || exit(1)
135 #
136 # generate DSA with openssl
137 #
138 set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $OS_PWD_ARG -des $DSA_PARAMS"
139 if ($QUIET == NO) then
140 echo $cmd
141 endif
142 $cmd >& /dev/null|| exit(1)
143 #
144 # import
145 #
146 set cmd="$KCIMPORT $DSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
147 if ($QUIET == NO) then
148 echo $cmd
149 endif
150 $cmd || exit(1)
151 #
152 # verify by examining the keychain
153 #
154 set cmd="$DBVERIFY $KEYCHAIN_PATH dsa priv $KEYSIZE $QUIET_ARG"
155 if ($QUIET == NO) then
156 echo $cmd
157 endif
158 $cmd || exit(1)
159 #
160 # openssl wrap form Export
161 #
162 if ($QUIET == NO) then
163 echo ...testing openssl export of RSA private key
164 endif
165 #
166 # generate raw RSA with openssl
167 #
168 set cmd="$OPENSSL genrsa -out $RSA_RAW_PRIV_KEY $KEYSIZE"
169 if ($QUIET == NO) then
170 echo $cmd
171 endif
172 $cmd >& /dev/null|| exit(1)
173 #
174 set cmd="$OPENSSLEXPORTTOOL $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY_EXP $PRIV_KEY_PARSE rsa 512 $QUIET $NOACL $SECURE_PHRASE"
175 $cmd || exit(1)
176
177 if ($QUIET == NO) then
178 echo ...testing openssl export of DSA private key
179 endif
180 #
181 # generate DSA with openssl
182 #
183 set cmd="$OPENSSL gendsa -out $DSA_RAW_PRIV_KEY $DSA_PARAMS"
184 if ($QUIET == NO) then
185 echo $cmd
186 endif
187 $cmd >& /dev/null|| exit(1)
188 #
189 set cmd="$OPENSSLEXPORTTOOL $DSA_RAW_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE dsa 512 $QUIET $NOACL $SECURE_PHRASE"
190 $cmd || exit(1)
191
192 # cleanup
193 if ($NOCLEAN == NO) then
194 set cmd1="rm -f $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY $RSA_PRIV_KEY_EXP $DSA_RAW_PRIV_KEY"
195 set cmd2="rm -f $DSA_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE"
196 if ($QUIET == NO) then
197 echo $cmd1
198 echo $cmd2
199 endif
200 $cmd1 || exit(1)
201 $cmd2 || exit(1)
202 endif
203
204 if ($QUIET == NO) then
205 echo === Openssl wrap test complete ===
206 endif
207