importExportRawKey   [plain text]

#! /bin/csh -f
#
# Run import/export tests for raw key pairs.
#
# Run this from SecurityTests/clxutils/importExport. The 
# kcImport and kcExport programs must exist in the location
# specified by the LOCAL_BUILD_DIR env var.
#

source setupCommon

set KEYSUBTOOL=./importExportKeyTool

# RSA key pair, BSAFE format, generated by rsatool
set RSA_KEY_BSAFE=${BUILD_DIR}/rsaBsafe
set RSA_PUB_KEY_BSAFE=${RSA_KEY_BSAFE}_pub.der
set RSA_PRIV_KEY_BSAFE=${RSA_KEY_BSAFE}_priv.der

# RSA key pair, openssl format, generated by rsatool
set RSA_KEY_OPENSSL=${BUILD_DIR}/rsaOpenssl
set RSA_PUB_KEY_OPENSSL=${RSA_KEY_OPENSSL}_pub.der
set RSA_PRIV_KEY_OPENSSL=${RSA_KEY_OPENSSL}_priv.der

# DSA key pair, BSAFE format, generated by rsatool
set DSA_KEY_BSAFE=${BUILD_DIR}/dsaBsafe
set DSA_PUB_KEY_BSAFE=${DSA_KEY_BSAFE}_pub.der
set DSA_PRIV_KEY_BSAFE=${DSA_KEY_BSAFE}_priv.der

# DSA key pair, openssl format, generated by rsatool
set DSA_KEY_OPENSSL=${BUILD_DIR}/dsaOpenssl
set DSA_PUB_KEY_OPENSSL=${DSA_KEY_OPENSSL}_pub.der
set DSA_PRIV_KEY_OPENSSL=${DSA_KEY_OPENSSL}_priv.der

# RSA private key, generated by openssl, PEM format 
set RSA_PRIV_KEY_PEM=${RSA_PRIV_KEY_OPENSSL}.pem

# DSA parameters
set DSA_PARAMS_512_DER=dsaParams_512.der
set DSA_PARAMS_512_PEM=dsaParamOpenssl.pem

# ECDSA key pair, pub=X509, priv=pkcs8, generated by rsatool
set ECDSA_KEY_BASE=${BUILD_DIR}/ecdsaBase
set ECDSA_PUB_KEY=${ECDSA_KEY_BASE}_pub.der
set ECDSA_PRIV_KEY=${ECDSA_KEY_BASE}_priv.der
set ECDSA_KEY_SIZE=256

# user specified variables
set QUIET=NO
set KEYSIZE=512
set NOACL=NO
set NOACL_ARG=
set NOCLEAN=NO
set NOCLEAN_ARG=
#
# Verify existence of a few crucial things before we start.
#
if( ( ! -e $KCIMPORT ) || \
    ( ! -e $KCEXPORT ) || \
    ( ! -e $RSATOOL) ) then
        echo === You do not seem to have all of the required executables.
        echo === Please build all of cspxutils and clxutils. 
        echo === See the README files in those directories for info.
        exit(1)
endif

# user options

while ( $#argv > 0 )
    switch ( "$argv[1]" )
        case q:
            set QUIET=YES
            shift
            breaksw
        case n:
            set NOACL=YES
			set NOACL_ARG=-n
            shift
            breaksw
		case N:
			set NOCLEAN=YES
			set NOCLEAN_ARG=N
            shift
            breaksw
        default:
            echo Usage: importExportRawKey \[q\(uiet\)\] \[n\(oACL\)\] \[N\(oClean\)\]
            exit(1)
    endsw
end

echo === Begin Raw Key Pair test ===
if ($QUIET == NO) then
	echo $CLEANKC
endif
$CLEANKC || exit(1)

###
### Basic RSA key pair testing, openssl generated
###

# Create RSA key pair using openssl
# private keys are only generated in PEM format
if ($QUIET == NO) then
	echo === RSA key pair testing, openssl generated ===
	echo Creating RSA key pair using openssl...
endif
set cmd="$RM -f $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$OPENSSL genrsa -out $RSA_PRIV_KEY_PEM $KEYSIZE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null || exit(1)
set cmd="$BUILD_DIR/pemtool d $RSA_PRIV_KEY_PEM $RSA_PRIV_KEY_OPENSSL q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$OPENSSL rsa -inform PEM -outform DER -in $RSA_PRIV_KEY_PEM -out $RSA_PUB_KEY_OPENSSL -pubout"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd >& /dev/null || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)


###
### Basic RSA key pair testing, BSAFE format 
###

# Create RSA key pair in BSAFE format
if ($QUIET == NO) then
	echo === RSA key pair testing, BSAFE format ===
	echo Creating RSA key pair in BSAFE format...
endif
set cmd="$RM -f $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g k=$RSA_KEY_BSAFE z=$KEYSIZE b=1 v=8 q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic RSA key pair testing, openssl format 
###

# Create RSA key pair in openssl format
if ($QUIET == NO) then
	echo === RSA key pair testing, OpenSSL format ===
	echo Creating RSA key pair in OpenSSL format...
endif
set cmd="$RM -f $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g k=$RSA_KEY_OPENSSL z=$KEYSIZE b=x v=1 q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic DSA key pair testing, BSAFE format 
###

if ($QUIET == NO) then
	echo === DSA key pair testing, BSAFE format ===
	echo Creating DSA key pair in BSAFE format...
endif
set cmd="$RM -f $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=d k=$DSA_KEY_BSAFE z=$KEYSIZE b=b v=b m=$DSA_PARAMS_512_DER q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $KEYCHAIN bsafe $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic DSA key pair testing, openssl format 
###

# Create DSA key pair in openssl format
if ($QUIET == NO) then
	echo === DSA key pair testing, OpenSSL format ===
	echo Creating DSA key pair in OpenSSL format...
endif
set cmd="$RM -f $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=d k=$DSA_KEY_OPENSSL z=$KEYSIZE b=x v=o m=$DSA_PARAMS_512_DER q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)

###
### Basic ECDSA key pair testing, default format 
###

# Create ECDSA key pair 
if ($QUIET == NO) then
	echo === ECDSA key pair testing, default format ===
	echo Creating ECDSA key pair in default format...
endif
set cmd="$RM -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)
set cmd="$RSATOOL g a=e k=$ECDSA_KEY_BASE z=$ECDSA_KEY_SIZE q"
if ($QUIET == NO) then
	echo $cmd
endif
$cmd || exit(1)

$KEYSUBTOOL $ECDSA_PUB_KEY $ECDSA_PRIV_KEY $KEYCHAIN openssl $QUIET $NOACL $NOCLEAN || exit(1)


# clean up
if ($NOCLEAN == NO) then
	set cmd1="rm -f $RSA_KEY_BSAFE $RSA_PUB_KEY_BSAFE $RSA_PRIV_KEY_BSAFE $RSA_KEY_OPENSSL $RSA_PUB_KEY_OPENSSL $RSA_PRIV_KEY_OPENSSL"
	set cmd2="rm -f $DSA_KEY_BSAFE $DSA_PUB_KEY_BSAFE $DSA_PRIV_KEY_BSAFE $DSA_KEY_OPENSSL $DSA_PUB_KEY_OPENSSL $DSA_PRIV_KEY_OPENSSL $RSA_PRIV_KEY_PEM"
	set cmd3="rm -f $ECDSA_PUB_KEY $ECDSA_PRIV_KEY"
	if ($QUIET == NO) then
		echo $cmd1
		echo $cmd2
		echo $cmd3
	endif
	$cmd1 || exit(1)
	$cmd2 || exit(1)
	$cmd3 || exit(1)
endif

if ($QUIET == NO) then
	echo === Raw Key Pair test complete ===
endif