#! /bin/csh -f # # Run import/export tests for raw key pairs. # # Run this from SecurityTests/clxutils/importExport. The # kcImport and kcExport programs must exist in the location # specified by the LOCAL_BUILD_DIR env var. # source setupCommon set KEYSUBTOOL=./importExportKeyTool # RSA key pair, BSAFE format, generated by rsatool set RSA_KEY_BSAFE=${BUILD_DIR}/rsaBsafe set RSA_PUB_KEY_BSAFE=${RSA_KEY_BSAFE}_pub.der set RSA_PRIV_KEY_BSAFE=${RSA_KEY_BSAFE}_priv.der # RSA key pair, openssl format, generated by rsatool set RSA_KEY_OPENSSL=${BUILD_DIR}/rsaOpenssl set RSA_PUB_KEY_OPENSSL=${RSA_KEY_OPENSSL}_pub.der set RSA_PRIV_KEY_OPENSSL=${RSA_KEY_OPENSSL}_priv.der # DSA key pair, BSAFE format, generated by rsatool set DSA_KEY_BSAFE=${BUILD_DIR}/dsaBsafe set DSA_PUB_KEY_BSAFE=${DSA_KEY_BSAFE}_pub.der set DSA_PRIV_KEY_BSAFE=${DSA_KEY_BSAFE}_priv.der # DSA key pair, openssl format, generated by rsatool set DSA_KEY_OPENSSL=${BUILD_DIR}/dsaOpenssl set DSA_PUB_KEY_OPENSSL=${DSA_KEY_OPENSSL}_pub.der set DSA_PRIV_KEY_OPENSSL=${DSA_KEY_OPENSSL}_priv.der # RSA private key, generated by openssl, PEM format set RSA_PRIV_KEY_PEM=${RSA_PRIV_KEY_OPENSSL}.pem # DSA parameters set DSA_PARAMS_512_DER=dsaParams_512.der set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem # ECDSA key pair, pub=X509, priv=pkcs8, generated by rsatool set ECDSA_KEY_BASE=${BUILD_DIR}/ecdsaBase set ECDSA_PUB_KEY=${ECDSA_KEY_BASE}_pub.der set ECDSA_PRIV_KEY=${ECDSA_KEY_BASE}_priv.der set ECDSA_KEY_SIZE=256 # user specified variables set QUIET=NO set KEYSIZE=512 set NOACL=NO set NOACL_ARG= set NOCLEAN=NO set NOCLEAN_ARG= # # Verify existence of a few crucial things before we start. # if( ( ! -e $KCIMPORT ) || \ ( ! -e $KCEXPORT ) || \ ( ! -e $RSATOOL) ) then echo === You do not seem to have all of the required executables. echo === Please build all of cspxutils and clxutils. echo === See the README files in those directories for info. exit(1) endif # user options while ( $#argv > 0 ) switch ( "$argv[1]" ) case q: set QUIET=YES shift breaksw case n: set NOACL=YES set NOACL_ARG=-n shift breaksw case N: set NOCLEAN=YES set NOCLEAN_ARG=N shift breaksw default: echo Usage: importExportRawKey \[q\(uiet\)\] \[n\(oACL\)\] \[N\(oClean\)\] exit(1) endsw end echo === Begin Raw Key Pair test === if ($QUIET == NO) then echo $CLEANKC endif $CLEANKC || exit(1) ### ### Basic RSA key pair testing, openssl generated ### # Create RSA key pair using openssl # private keys are only generated in PEM format if ($QUIET == NO) then echo === RSA key pair testing, openssl generated === echo Creating RSA key pair using openssl... endif set cmd="$RM -f $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY_PEM $KEYSIZE" if ($QUIET == NO) then echo $cmd endif $cmd >& /dev/null || exit(1) set cmd="$BUILD_DIR/pemtool d $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$OPENSSL rsa -inform PEM -outform DER -in $RSA_PRIV_KEY_PEM -out $RSA_PUB_KEY_OPENSSL -pubout" if ($QUIET == NO) then echo $cmd endif $cmd >& /dev/null || exit(1) $KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1) ### ### Basic RSA key pair testing, BSAFE format ### # Create RSA key pair in BSAFE format if ($QUIET == NO) then echo === RSA key pair testing, BSAFE format === echo Creating RSA key pair in BSAFE format... endif set cmd="$RM -f $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL g k=$RSA_KEY_BSAFE z=$KEYSIZE b=1 v=8 q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) $KEYSUBTOOL $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1) ### ### Basic RSA key pair testing, openssl format ### # Create RSA key pair in openssl format if ($QUIET == NO) then echo === RSA key pair testing, OpenSSL format === echo Creating RSA key pair in OpenSSL format... endif set cmd="$RM -f $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL g k=$RSA_KEY_OPENSSL z=$KEYSIZE b=x v=1 q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) $KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1) ### ### Basic DSA key pair testing, BSAFE format ### if ($QUIET == NO) then echo === DSA key pair testing, BSAFE format === echo Creating DSA key pair in BSAFE format... endif set cmd="$RM -f $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL g a=d k=$DSA_KEY_BSAFE z=$KEYSIZE b=b v=b m=$DSA_PARAMS_512_DER q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) $KEYSUBTOOL $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1) ### ### Basic DSA key pair testing, openssl format ### # Create DSA key pair in openssl format if ($QUIET == NO) then echo === DSA key pair testing, OpenSSL format === echo Creating DSA key pair in OpenSSL format... endif set cmd="$RM -f $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL g a=d k=$DSA_KEY_OPENSSL z=$KEYSIZE b=x v=o m=$DSA_PARAMS_512_DER q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) $KEYSUBTOOL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1) ### ### Basic ECDSA key pair testing, default format ### # Create ECDSA key pair if ($QUIET == NO) then echo === ECDSA key pair testing, default format === echo Creating ECDSA key pair in default format... endif set cmd="$RM -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) set cmd="$RSATOOL g a=e k=$ECDSA_KEY_BASE z=$ECDSA_KEY_SIZE q" if ($QUIET == NO) then echo $cmd endif $cmd || exit(1) $KEYSUBTOOL $ECDSA_PUB_KEY $ECDSA_PRIV_KEY $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1) # clean up if ($NOCLEAN == NO) then set cmd1="rm -f $RSA_KEY_BSAFE $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $RSA_KEY_OPENSSL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL" set cmd2="rm -f $DSA_KEY_BSAFE $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $DSA_KEY_OPENSSL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $RSA_PRIV_KEY_PEM" set cmd3="rm -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY" if ($QUIET == NO) then echo $cmd1 echo $cmd2 echo $cmd3 endif $cmd1 || exit(1) $cmd2 || exit(1) $cmd3 || exit(1) endif if ($QUIET == NO) then echo === Raw Key Pair test complete === endif