+++ /dev/null
-#! /bin/csh -f
-#
-# Run import/export tests for traditional openssl wrapped keys.
-#
-# Run this from SecurityTests/clxutils/importExport. The
-# kcImport and kcExport programs must exist in the location
-# specified by the LOCAL_BUILD_DIR env var.
-#
-
-source setupCommon
-
-set OPENSSLEXPORTTOOL=./exportOpensslTool
-
-set PASSWORD=foobar
-set OS_PWD_ARG="-passout pass:$PASSWORD"
-
-# RSA private key, raw format, generated by openssl
-set RSA_RAW_PRIV_KEY=${BUILD_DIR}/rsapriv_raw.pem
-
-# RSA private key, openssl wrap format, generated by openssl
-set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.os
-
-# RSA private key, openssl wrap format, generated by kcExport
-set RSA_PRIV_KEY_EXP=${BUILD_DIR}/rsapriv_exp_os
-
-# RSA private key, raw format, generated by openssl
-set DSA_RAW_PRIV_KEY=${BUILD_DIR}/dsapriv_raw.pem
-
-# DSA private key, PEM, generated by openssl
-set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.pem
-
-# DSA private key, openssl wrap format, generated by kcExport
-set DSA_PRIV_KEY_EXP=${BUILD_DIR}/dsapriv_exp_os
-
-# raw private key converted by openssl from our exported wrap
-set PRIV_KEY_PARSE=${BUILD_DIR}/privkey_parse
-
-# DSA parameters
-set DSA_PARAMS=dsaParamOpenssl.pem
-
-# user specified variables
-set QUIET=NO
-set QUIET_ARG=
-set KEYSIZE=512
-set NOACL=NO
-set NOACL_ARG=
-set SECURE_PHRASE=NO
-set SECURE_PHRASE_ARG=
-set NOCLEAN=NO
-
-# user options
-
-while ( $#argv > 0 )
- switch ( "$argv[1]" )
- case q:
- set QUIET=YES
- set QUIET_ARG=-q
- shift
- breaksw
- case n:
- set NOACL=YES
- set NOACL_ARG=-n
- shift
- breaksw
- case s:
- set SECURE_PHRASE=YES
- set SECURE_PHRASE_ARG=-Z
- shift
- breaksw
- case N:
- set NOCLEAN=YES
- shift
- breaksw
- default:
- echo Usage: importExportOpensslWrap \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
- exit(1)
- endsw
-end
-
-echo === Begin Openssl wrap test ===
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-
-if ($QUIET == NO) then
- echo ...Testing import of RSA key generated by openssl
-endif
-set cmd="$RM -f $RSA_PRIV_KEY"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-#
-# generate RSA with openssl
-#
-set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $OS_PWD_ARG -des $KEYSIZE"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd >& /dev/null|| exit(1)
-
-#
-# import
-#
-set cmd="$KCIMPORT $RSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-#
-# verify by examining the keychain
-#
-set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-
-#
-# import DSA
-#
-if ($QUIET == NO) then
- echo ...Testing import of DSA key generated by openssl
-endif
-if ($QUIET == NO) then
- echo $CLEANKC
-endif
-$CLEANKC || exit(1)
-set cmd="$RM -f $DSA_PRIV_KEY"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-#
-# generate DSA with openssl
-#
-set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $OS_PWD_ARG -des $DSA_PARAMS"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd >& /dev/null|| exit(1)
-#
-# import
-#
-set cmd="$KCIMPORT $DSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-#
-# verify by examining the keychain
-#
-set cmd="$DBVERIFY $KEYCHAIN_PATH dsa priv $KEYSIZE $QUIET_ARG"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd || exit(1)
-#
-# openssl wrap form Export
-#
-if ($QUIET == NO) then
- echo ...testing openssl export of RSA private key
-endif
-#
-# generate raw RSA with openssl
-#
-set cmd="$OPENSSL genrsa -out $RSA_RAW_PRIV_KEY $KEYSIZE"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd >& /dev/null|| exit(1)
-#
-set cmd="$OPENSSLEXPORTTOOL $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY_EXP $PRIV_KEY_PARSE rsa 512 $QUIET $NOACL $SECURE_PHRASE"
-$cmd || exit(1)
-
-if ($QUIET == NO) then
- echo ...testing openssl export of DSA private key
-endif
-#
-# generate DSA with openssl
-#
-set cmd="$OPENSSL gendsa -out $DSA_RAW_PRIV_KEY $DSA_PARAMS"
-if ($QUIET == NO) then
- echo $cmd
-endif
-$cmd >& /dev/null|| exit(1)
-#
-set cmd="$OPENSSLEXPORTTOOL $DSA_RAW_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE dsa 512 $QUIET $NOACL $SECURE_PHRASE"
-$cmd || exit(1)
-
-# cleanup
-if ($NOCLEAN == NO) then
- set cmd1="rm -f $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY $RSA_PRIV_KEY_EXP $DSA_RAW_PRIV_KEY"
- set cmd2="rm -f $DSA_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE"
- if ($QUIET == NO) then
- echo $cmd1
- echo $cmd2
- endif
- $cmd1 || exit(1)
- $cmd2 || exit(1)
-endif
-
-if ($QUIET == NO) then
- echo === Openssl wrap test complete ===
-endif
-
projects / apple / security.git / blobdiff