--- /dev/null
+#! /bin/csh -f
+#
+# Run one iteration of PKCS8 portion of import/export tests.
+# Only used as a subroutine call from importExportPkcs8.
+#
+# Usage
+# impExpOpensslEcdsaTool keySizeBits quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO) noClean(YES|NO)
+#
+if ( $#argv != 5 ) then
+ exit(1)
+endif
+
+set KEYBITS=$argv[1]
+set QUIET=$argv[2]
+set QUIET_ARG=
+set QUIET_ARG_N=
+if ($QUIET == YES) then
+ set QUIET_ARG=q
+ set QUIET_ARG_N=-q
+endif
+set NOACL_ARG=
+if ($argv[3] == YES) then
+ set NOACL_ARG=-n
+endif
+set SECURE_PHRASE_ARG=
+if ($argv[4] == YES) then
+ set SECURE_PHRASE_ARG=-Z
+endif
+set NOCLEAN=$argv[5]
+
+set OS_CURVE=
+switch ( $KEYBITS )
+ case 256:
+ set OS_CURVE = prime256v1
+ breaksw
+ case 384:
+ set OS_CURVE = secp384r1
+ breaksw
+ case 521:
+ set OS_CURVE = secp521r1
+ breaksw
+ default:
+ echo "***Unknown key size"
+ exit(1)
+endsw
+
+source setupCommon
+
+set PASSWORD=foobar
+set OS_PWD_ARG="-passout pass:$PASSWORD"
+
+set PLAINTEXT=somePlainText
+set SIGFILE=${BUILD_DIR}/ecdsaSig
+set KEYBASE=${BUILD_DIR}/opensslGen
+# formats of these - with _priv.der, _pub.der suffixes - dictated by rsatool
+set KEYFILE_PRIV=${KEYBASE}_priv.der
+set KEYFILE_PUB=${KEYBASE}_pub.der
+set EXPORT_KEYBASE=${BUILD_DIR}/ecdsaExpFromP8
+set EXPORT_KEYFILE=${EXPORT_KEYBASE}_priv.der
+set P8FILE=${BUILD_DIR}/ecdsaPriv.p8
+
+# empty the keychain
+if ($QUIET == NO) then
+ echo $CLEANKC
+endif
+$CLEANKC || exit(1)
+
+# generate the single key
+set cmd="$OPENSSL ecparam -genkey -outform DER -out $KEYFILE_PRIV -name $OS_CURVE -noout"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# sign with CDSA
+set cmd="$RSATOOL s a=e k=$KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# Public key in openssl form is the unified key produced by openssl
+set cmd="cp $KEYFILE_PRIV $KEYFILE_PUB"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# verify with CDSA
+set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# Use openssl to create a p8 with the private key
+set cmd="$OPENSSL pkcs8 -topk8 -inform DER -outform DER -in $KEYFILE_PRIV -out $P8FILE $OS_PWD_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# Import that p8, no ACL, extractable in the clear
+set cmd="$KCIMPORT $P8FILE -k $KEYCHAIN -f pkcs8 -w -n -e -z $PASSWORD $QUIET_ARG_N"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# export in openssl format
+set cmd="$KCEXPORT $KEYCHAIN -f openssl -o $EXPORT_KEYFILE -t privKeys $QUIET_ARG_N"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+# Sign and verify again
+set cmd="$RSATOOL s a=e k=$EXPORT_KEYBASE v=o p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+set cmd="$RSATOOL v a=e k=$KEYBASE b=L p=$PLAINTEXT s=$SIGFILE $QUIET_ARG"
+if ($QUIET == NO) then
+ echo $cmd
+endif
+$cmd || exit(1)
+
+if($NOCLEAN == NO) then
+ set cmd="rm -f $SIGFILE $KEYFILE_PRIV $KEYFILE_PUB $EXPORT_KEYFILE $P8FILE"
+ if ($QUIET == NO) then
+ echo $cmd
+ endif
+ $cmd || exit(1)
+endif
projects / apple / security.git / blobdiff