diff options
author | emaldona%redhat.com <devnull@localhost> | 2008-09-18 21:03:24 +0000 |
---|---|---|
committer | emaldona%redhat.com <devnull@localhost> | 2008-09-18 21:03:24 +0000 |
commit | ae6fbf48631dcba3a3f035eafbb84a6461edf130 (patch) | |
tree | 48e15ba47d33903b3d338cbe1622437eda009ffa | |
parent | bded997bfc8227334a0385b24811bfcefb58f243 (diff) | |
download | nss-hg-ae6fbf48631dcba3a3f035eafbb84a6461edf130.tar.gz |
Bug 452076: added tests for -c and -C options with various algorithms
-rw-r--r-- | security/nss/tests/tools/tools.sh | 316 |
1 files changed, 296 insertions, 20 deletions
diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index 76e1234a6..0f4fb73b6 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -41,7 +41,7 @@ # # mozilla/security/nss/tests/tools/tools.sh # -# Script to test basic functionallity of NSS tools +# Script to test basic functionality of NSS tools # # needs to work on all Unix and Windows platforms # @@ -55,6 +55,39 @@ # NOTE .... unexpected behavior ######################################################################## + export pkcs12v2pbeWithSha1And128BitRc4=\ +"PKCS #12 V2 PBE With Sha1 and 128 Bit RC4" + + export pkcs12v2pbeWithSha1And40BitRc4=\ +"PKCS #12 V2 PBE With Sha1 and 40 Bit RC4" + + export pkcs12v2pbeWithSha1AndTripleDESCBC=\ +"PKCS #12 V2 PBE With Sha1 and Triple DES CBC" + + export pkcs12v2pbeWithSha1And128BitRc2Cbc=\ +"PKCS #12 V2 PBE With Sha1 and 128 Bit RC2 CBC" + + export pkcs12v2pbeWithSha1And40BitRc2Cbc=\ +"PKCS #12 V2 PBE With Sha1 and 40 Bit RC2 CBC" + + export pkcs12v2pbeWithMd2AndDESCBC=\ +"PKCS #5 Password Based Encryption with MD2 and DES CBC" + + export pkcs12v2pbeWithMd5AndDESCBC=\ +"PKCS #5 Password Based Encryption with MD5 and DES CBC" + + export pkcs12v2pbeWithSha1AndDESCBC=\ +"PKCS #5 Password Based Encryption with SHA1 and DES CBC" + + export pkcs5pbeWithMD2AndDEScbc=\ +"PKCS #5 Password Based Encryption with MD2 and DES CBC" + + export pkcs5pbeWithMD5AndDEScbc=\ +"PKCS #5 Password Based Encryption with MD5 and DES CBC" + + export pkcs5pbeWithSha1AndDEScbc=\ +"PKCS #5 Password Based Encryption with SHA1 and DES CBC" + ############################## tools_init ############################## # local shell function to initialize this script ######################################################################## @@ -104,33 +137,267 @@ tools_init() cd ${TOOLSDIR} } -############################## tools_p12 ############################### -# local shell function to test basic functionality of pk12util +########################## list_p12_file ############################### +# List the key and cert in the specified p12 file ######################################################################## -tools_p12() +list_p12_file() { - echo "$SCRIPTNAME: Exporting Alice's email cert & key------------------" - echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" - echo " -w ${R_PWFILE}" - ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ - -w ${R_PWFILE} 2>&1 + echo "$SCRIPTNAME: Listing Alice's pk12 file" + echo "pk12util -l ${1} -w ${R_PWFILE}" + + ${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1 ret=$? - html_msg $ret 0 "Exporting Alice's email cert & key (pk12util -o)" + html_msg $ret 0 "Listing ${1} (pk12util -l)" check_tmpfile +} - echo "$SCRIPTNAME: Importing Alice's email cert & key -----------------" - echo "pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" - ${BINDIR}/pk12util -i Alice.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 +######################################################################## +# Import the key and cert from the specified p12 file +######################################################################## +import_p12_file() +{ + echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file" + echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + + ${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 ret=$? - html_msg $ret 0 "Importing Alice's email cert & key (pk12util -i)" + html_msg $ret 0 "Importing ${1} (pk12util -i)" + check_tmpfile +} + +######################################################################## +# Export the key and cert to a p12 file using default ciphers +######################################################################## +export_with_default_ciphers() +{ + echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)" + check_tmpfile + return $ret +} + +######################################################################## +# Exports key/cert to a p12 file, the key encryption cipher is specified +# and the cert encryption cipher is blank for default. +######################################################################## +export_with_key_cipher() +{ + # $1 key encryption cipher + echo "$SCRIPTNAME: Exporting with [${1}:default]" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)" check_tmpfile + return $ret +} + +######################################################################## +# Exports key/cert to a p12 file, the key encryption cipher is left +# empty for default and the cert encryption cipher is specified. +######################################################################## +export_with_cert_cipher() +{ + # $1 certificate encryption cipher + echo "$SCRIPTNAME: Exporting with [default:${1}]" + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}" + ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)" + check_tmpfile + return $ret +} - echo "$SCRIPTNAME: Listing Alice's pk12 file -----------------" - echo "pk12util -l Alice.p12 -w ${R_PWFILE}" - ${BINDIR}/pk12util -l Alice.p12 -w ${R_PWFILE} 2>&1 +######################################################################## +# Exports key/cert to a p12 file, both the key encryption cipher and +# the cert encryption cipher are specified. +######################################################################## +export_with_both_key_and_cert_cipher() +{ + # $1 key encryption cipher or "" + # $2 certificate encryption cipher or "" + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c "${1}" -C "${2}" 2>&1 + ret=$? + html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)" + check_tmpfile + return $ret +} + +######################################################################## +# Exports key and cert to a p12 file, both the key encryption cipher +# and the cert encryption cipher are specified. The key and cert are +# imported and the p12 file is listed +######################################################################## +export_list_import() +{ + # $1 key encryption cipher + # $2 certificate encryption cipher + + if [[ "${1}" != "" && "${2}" != "" ]]; then + export_with_both_key_and_cert_cipher "${1}" "${2}" + elif [[ "${1}" != "" && "${2}" = "" ]]; then + export_with_key_cipher "${1}" + elif [[ "${1}" = "" && "${2}" != "" ]]; then + export_with_cert_cipher "${2}" + else + export_with_default_ciphers + fi + + list_p12_file Alice.p12 + import_p12_file Alice.p12 +} + +######################################################################## +# Export using the pkcs5pbe ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs5pbe_ciphers() +{ + # specify each on key and cert cipher + for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ + "${pkcs5pbeWithMD5AndDEScbc}" \ + "${pkcs5pbeWithSha1AndDEScbc}"\ + ""; do + for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ + "${pkcs5pbeWithMD5AndDEScbc}" \ + "${pkcs5pbeWithSha1AndDEScbc}" \ + ""\ + "null"; do + export_list_import "${key_cipher}" "${cert_cipher}" + done + done +} + +######################################################################## +# Export using the pkcs5v2 ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs5v2_ciphers() +{ + # These should pass + for key_cipher in\ + RC2-CBC \ + DES-EDE3-CBC \ + AES-128-CBC \ + AES-192-CBC \ + AES-256-CBC \ + CAMELLIA-128-CBC \ + CAMELLIA-192-CBC \ + CAMELLIA-256-CBC; do + +#--------------------------------------------------------------- +# Bug 452464 - pk12util -o fails when -C option specifies AES or +# Camellia ciphers +# FIXME Restore these to the list +# AES-128-CBC, \ +# AES-192-CBC, \ +# AES-256-CBC, \ +# CAMELLIA-128-CBC, \ +# CAMELLIA-192-CBC, \ +# CAMELLIA-256-CBC, \ +# when 452464 is fixed +#--------------------------------------------------------------- + for cert_cipher in \ + RC2-CBC \ + DES-EDE3-CBC \ + null; do + export_list_import ${key_cipher} ${cert_cipher} + done + done +} + +######################################################################## +# Export using the pkcs12v2pbe ciphers for key and certificate encryption. +# List the contents of and import from the p12 file. +######################################################################## +tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() +{ +#--------------------------------------------------------------- +# Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers +# FIXME - Restore these to the list +# "${pkcs12v2pbeWithSha1And128BitRc4}" \ +# "${pkcs12v2pbeWithSha1And40BitRc4}" \ +# "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ +# "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ +# "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ +# "${pkcs12v2pbeWithMd2AndDESCBC}" \ +# "${pkcs12v2pbeWithMd5AndDESCBC}" \ +# "${pkcs12v2pbeWithSha1AndDESCBC}" \ +# ""; do +# when 452471 is fixed +#--------------------------------------------------------------- +# for key_cipher in \ + key_cipher="" + for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \ + "${pkcs12v2pbeWithSha1And40BitRc4}" \ + "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ + "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ + "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ + "${pkcs12v2pbeWithMd2AndDESCBC}" \ + "${pkcs12v2pbeWithMd5AndDESCBC}" \ + "${pkcs12v2pbeWithSha1AndDESCBC}" \ + ""\ + "null"; do + export_list_import "${key_cipher}" "${key_cipher}" + done + #done +} + +######################################################################### +# Export with no encryption on key should fail but on cert should pass +######################################################################### +tools_p12_export_with_null_ciphers() +{ + # use null as the key encryption algorithm default for the cert one + # should fail + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c null 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [null:default] (pk12util -o)" + check_tmpfile + + # use default as the key encryption algorithm null for the cert one + # should pass + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -C null 2>&1 ret=$? - html_msg $ret 0 "Listing Alice's pk12 file (pk12util -l)" + html_msg $ret 0 "Exporting with [default:null] (pk12util -o)" check_tmpfile + +} + +######################################################################### +# Exports using the default key and certificate encryption ciphers. +# Imports from and lists the contents of the p12 file. +# Repeats the test with ECC if enabled. +######################################################################## +tools_p12_export_list_import_with_default_ciphers() +{ + echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers" + + export_list_import "" "" if [ -n "$NSS_ENABLE_ECC" ] ; then echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" @@ -156,7 +423,18 @@ tools_p12() html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" check_tmpfile fi +} +############################## tools_p12 ############################### +# local shell function to test basic functionality of pk12util +######################################################################## +tools_p12() +{ + tools_p12_export_list_import_with_default_ciphers + tools_p12_export_list_import_all_pkcs5v2_ciphers + tools_p12_export_list_import_all_pkcs5pbe_ciphers + tools_p12_export_list_import_all_pkcs12v2pbe_ciphers + tools_p12_export_with_null_ciphers } ############################## tools_sign ############################## @@ -240,9 +518,7 @@ tools_cleanup() ################## main ################################################# tools_init - tools_p12 - tools_sign tools_cleanup |