#! /bin/csh -f # # Run one iteration of PKCS8 portion of import/export tests. # Only used as a subroutine call from importExportPkcs8. # # Usage # impExpOpensslEcdsaTool keySizeBits quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO) noClean(YES|NO) # if ( $#argv != 5 ) then exit(1) endif set KEYBITS=$argv[1] set QUIET=$argv[2] set QUIET_ARG= set QUIET_ARG_N= if ($QUIET == YES) then set QUIET_ARG=q set QUIET_ARG_N=-q endif set NOACL_ARG= if ($argv[3] == YES) then set NOACL_ARG=-n endif set SECURE_PHRASE_ARG= if ($argv[4] == YES) then set SECURE_PHRASE_ARG=-Z endif set NOCLEAN=$argv[5] set OS_CURVE= switch ( $KEYBITS ) case 256: set OS_CURVE = prime256v1 breaksw case 384: set OS_CURVE = secp384r1 breaksw case 521: set OS_CURVE = secp521r1 breaksw default: echo "***Unknown key size" exit(1) endsw source setupCommon set PASSWORD=foobar set OS_PWD_ARG="-passout pass:$PASSWORD" set PLAINTEXT=somePlainText set SIGFILE=${BUILD_DIR}/ecdsaSig set KEYBASE=${BUILD_DIR}/opensslGen # formats of these - with _priv.der, _pub.der suffixes - dictated by rsatool set KEYFILE_PRIV=${KEYBASE}_priv.der set KEYFILE_PUB=${KEYBASE}_pub.der set EXPORT_KEYBASE=${BUILD_DIR}/ecdsaExpFromP8 set EXPORT_KEYFILE=${EXPORT_KEYBASE}_priv.der set P8FILE=${BUILD_DIR}/ecdsaPriv.p8 # empty the keychain if ($QUIET == NO) then echo $CLEANKC endif $CLEANKC || exit(1) # generate the single key set cmd="$OPENSSL ecparam -genkey -outform DER -out $KEYFILE_PRIV -name $OS_CURVE -noout" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # sign with CDSA set cmd="$RSATOOL s a=e k=$KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # Public key in openssl form is the unified key produced by openssl set cmd="cp $KEYFILE_PRIV $KEYFILE_PUB" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # verify with CDSA set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # Use openssl to create a p8 with the private key set cmd="$OPENSSL pkcs8 -topk8 -inform DER -outform DER -in $KEYFILE_PRIV -out $P8FILE $OS_PWD_ARG" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # Import that p8, no ACL, extractable in the clear set cmd="$KCIMPORT $P8FILE -k $KEYCHAIN -f pkcs8 -w -n -e -z $PASSWORD $QUIET_ARG_N" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # export in openssl format set cmd="$KCEXPORT $KEYCHAIN -f openssl -o $EXPORT_KEYFILE -t privKeys $QUIET_ARG_N" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) # Sign and verify again set cmd="$RSATOOL s a=e k=$EXPORT_KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) if($NOCLEAN == NO) then set cmd="rm -f $SIGFILE $KEYFILE_PRIV $KEYFILE_PUB $EXPORT_KEYFILE $P8FILE" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) endif