importExportOpensslWrap   [plain text]

#! /bin/csh -f
#
# Run import/export tests for traditional openssl wrapped keys.
#
# Run this from SecurityTests/clxutils/importExport. The 
# kcImport and kcExport programs must exist in the location
# specified by the LOCAL_BUILD_DIR env var.
#

source setupCommon

set OPENSSLEXPORTTOOL=./exportOpensslTool

set PASSWORD=foobar
set OS_PWD_ARG="-passout pass:$PASSWORD"

# RSA private key, raw format, generated by openssl
set RSA_RAW_PRIV_KEY=${BUILD_DIR}/rsapriv_raw.pem

# RSA private key, openssl wrap format, generated by openssl
set RSA_PRIV_KEY=${BUILD_DIR}/rsapriv.os

# RSA private key, openssl wrap format, generated by kcExport
set RSA_PRIV_KEY_EXP=${BUILD_DIR}/rsapriv_exp_os

# RSA private key, raw format, generated by openssl
set DSA_RAW_PRIV_KEY=${BUILD_DIR}/dsapriv_raw.pem

# DSA private key, PEM, generated by openssl
set DSA_PRIV_KEY=${BUILD_DIR}/dsapriv.pem

# DSA private key, openssl wrap format, generated by kcExport
set DSA_PRIV_KEY_EXP=${BUILD_DIR}/dsapriv_exp_os

# raw private key converted by openssl from our exported wrap
set PRIV_KEY_PARSE=${BUILD_DIR}/privkey_parse

# DSA parameters
set DSA_PARAMS=dsaParamOpenssl.pem

# user specified variables
set QUIET=NO
set QUIET_ARG=
set KEYSIZE=512
set NOACL=NO
set NOACL_ARG=
set SECURE_PHRASE=NO
set SECURE_PHRASE_ARG=
set NOCLEAN=NO

# user options

while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case q:
            set QUIET=YES
			set QUIET_ARG=-q
            shift
            breaksw
        case n:
            set NOACL=YES
			set NOACL_ARG=-n
            shift
            breaksw
        case s:
            set SECURE_PHRASE=YES
			set SECURE_PHRASE_ARG=-Z
            shift
            breaksw
		case N:
			set NOCLEAN=YES
            shift
            breaksw
        default:
            echo Usage: importExportOpensslWrap \[q\(uiet\)\] \[n\(oACL\)\] \[s\(ecurePassphrase\)\] \[N\(oClean\)\]
            exit(1)
    endsw
end

echo === Begin Openssl wrap test ===
if ($QUIET == NO) then
	echo $CLEANKC
endif
$CLEANKC || exit(1)

if ($QUIET == NO) then
	echo ...Testing import of RSA key generated by openssl 
endif
set cmd="$RM -f $RSA_PRIV_KEY"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
#
# generate RSA with openssl
#
set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY $OS_PWD_ARG -des $KEYSIZE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null|| exit(1)

#
# import
#
set cmd="$KCIMPORT $RSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
#
# verify by examining the keychain 
#
set cmd="$DBVERIFY $KEYCHAIN_PATH rsa priv $KEYSIZE $QUIET_ARG"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

#
# import DSA
#
if ($QUIET == NO) then
	echo ...Testing import of DSA key generated by openssl 
endif
if ($QUIET == NO) then
	echo $CLEANKC
endif
$CLEANKC || exit(1)
set cmd="$RM -f $DSA_PRIV_KEY"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
#
# generate DSA with openssl
#
set cmd="$OPENSSL gendsa -out $DSA_PRIV_KEY $OS_PWD_ARG -des $DSA_PARAMS"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null|| exit(1)
#
# import
#
set cmd="$KCIMPORT $DSA_PRIV_KEY -k $KEYCHAIN -z $PASSWORD -f openssl -w -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
#
# verify by examining the keychain 
#
set cmd="$DBVERIFY $KEYCHAIN_PATH dsa priv $KEYSIZE $QUIET_ARG"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
#
# openssl wrap form Export
#
if ($QUIET == NO) then
	echo ...testing openssl export of RSA private key
endif
#
# generate raw RSA with openssl
#
set cmd="$OPENSSL genrsa -out $RSA_RAW_PRIV_KEY $KEYSIZE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null|| exit(1)
#
set cmd="$OPENSSLEXPORTTOOL $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY_EXP $PRIV_KEY_PARSE rsa 512 $QUIET $NOACL $SECURE_PHRASE"
$cmd || exit(1)

if ($QUIET == NO) then
	echo ...testing openssl export of DSA private key
endif
#
# generate DSA with openssl
#
set cmd="$OPENSSL gendsa -out $DSA_RAW_PRIV_KEY $DSA_PARAMS"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null|| exit(1)
#
set cmd="$OPENSSLEXPORTTOOL $DSA_RAW_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE dsa 512 $QUIET $NOACL $SECURE_PHRASE"
$cmd || exit(1)

# cleanup
if ($NOCLEAN == NO) then
	set cmd1="rm -f $RSA_RAW_PRIV_KEY $RSA_PRIV_KEY $RSA_PRIV_KEY_EXP $DSA_RAW_PRIV_KEY"
	set cmd2="rm -f $DSA_PRIV_KEY $DSA_PRIV_KEY_EXP $PRIV_KEY_PARSE"
	if ($QUIET == NO) then
		echo $cmd1
		echo $cmd2
	endif
	$cmd1 || exit(1)
	$cmd2 || exit(1)
endif

if ($QUIET == NO) then
	echo === Openssl wrap test complete ===
endif