security/nss/tests/tools/tools.sh@6474c204b198
security/nss/tests/tools/tools.sh
Wed, 31 Dec 2014 06:09:35 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 06:09:35 +0100
- changeset 0
- 6474c204b198
- permissions
- -rw-r--r--
Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.
1 #! /bin/bash
2 #
3 # This Source Code Form is subject to the terms of the Mozilla Public
4 # License, v. 2.0. If a copy of the MPL was not distributed with this
5 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 ########################################################################
8 #
9 # mozilla/security/nss/tests/tools/tools.sh
10 #
11 # Script to test basic functionality of NSS tools
12 #
13 # needs to work on all Unix and Windows platforms
14 #
15 # tests implemented:
16 # pk12util
17 # signtool
18 #
19 # special strings
20 # ---------------
21 # FIXME ... known problems, search for this string
22 # NOTE .... unexpected behavior
23 ########################################################################
25 export pkcs12v2pbeWithSha1And128BitRc4=\
26 "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC4"
28 export pkcs12v2pbeWithSha1And40BitRc4=\
29 "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4"
31 export pkcs12v2pbeWithSha1AndTripleDESCBC=\
32 "PKCS #12 V2 PBE With SHA-1 and Triple DES-CBC"
34 export pkcs12v2pbeWithSha1And128BitRc2Cbc=\
35 "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC2 CBC"
37 export pkcs12v2pbeWithSha1And40BitRc2Cbc=\
38 "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC2 CBC"
40 export pkcs12v2pbeWithMd2AndDESCBC=\
41 "PKCS #5 Password Based Encryption with MD2 and DES-CBC"
43 export pkcs12v2pbeWithMd5AndDESCBC=\
44 "PKCS #5 Password Based Encryption with MD5 and DES-CBC"
46 export pkcs12v2pbeWithSha1AndDESCBC=\
47 "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
49 export pkcs5pbeWithMD2AndDEScbc=\
50 "PKCS #5 Password Based Encryption with MD2 and DES-CBC"
52 export pkcs5pbeWithMD5AndDEScbc=\
53 "PKCS #5 Password Based Encryption with MD5 and DES-CBC"
55 export pkcs5pbeWithSha1AndDEScbc=\
56 "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC"
58 ############################## tools_init ##############################
59 # local shell function to initialize this script
60 ########################################################################
61 tools_init()
62 {
63 SCRIPTNAME=tools.sh # sourced - $0 would point to all.sh
65 if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
66 CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
67 fi
69 if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
70 cd ../common
71 . ./init.sh
72 fi
73 if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
74 cd ../cert
75 . ./cert.sh
76 fi
77 SCRIPTNAME=tools.sh
79 if [ -z "$NSS_DISABLE_ECC" ] ; then
80 html_head "Tools Tests with ECC"
81 else
82 html_head "Tools Tests"
83 fi
85 grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
86 Exit 15 "Fatal - S/MIME of cert.sh needs to pass first"
87 }
89 TOOLSDIR=${HOSTDIR}/tools
90 COPYDIR=${TOOLSDIR}/copydir
91 SIGNDIR=${TOOLSDIR}/signdir
93 R_TOOLSDIR=../tools
94 R_COPYDIR=../tools/copydir
95 R_SIGNDIR=../tools/signdir
96 P_R_COPYDIR=${R_COPYDIR}
97 P_R_SIGNDIR=${R_SIGNDIR}
98 if [ -n "${MULTIACCESS_DBM}" ]; then
99 P_R_COPYDIR="multiaccess:Tools.$version"
100 P_R_SIGNDIR="multiaccess:Tools.sign.$version"
101 fi
103 mkdir -p ${TOOLSDIR}
104 mkdir -p ${COPYDIR}
105 mkdir -p ${SIGNDIR}
106 cp ${ALICEDIR}/* ${SIGNDIR}/
107 mkdir -p ${TOOLSDIR}/html
108 cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html
110 cd ${TOOLSDIR}
111 }
113 ########################## list_p12_file ###############################
114 # List the key and cert in the specified p12 file
115 ########################################################################
116 list_p12_file()
117 {
118 echo "$SCRIPTNAME: Listing Alice's pk12 file"
119 echo "pk12util -l ${1} -w ${R_PWFILE}"
121 ${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1
122 ret=$?
123 html_msg $ret 0 "Listing ${1} (pk12util -l)"
124 check_tmpfile
125 }
127 ########################################################################
128 # Import the key and cert from the specified p12 file
129 ########################################################################
130 import_p12_file()
131 {
132 echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file"
133 echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
135 ${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
136 ret=$?
137 html_msg $ret 0 "Importing ${1} (pk12util -i)"
138 check_tmpfile
139 }
141 ########################################################################
142 # Export the key and cert to a p12 file using default ciphers
143 ########################################################################
144 export_with_default_ciphers()
145 {
146 echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)"
147 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
148 echo " -k ${R_PWFILE} -w ${R_PWFILE}"
149 ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
150 -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
151 ret=$?
152 html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)"
153 check_tmpfile
154 return $ret
155 }
157 ########################################################################
158 # Exports key/cert to a p12 file, the key encryption cipher is specified
159 # and the cert encryption cipher is blank for default.
160 ########################################################################
161 export_with_key_cipher()
162 {
163 # $1 key encryption cipher
164 echo "$SCRIPTNAME: Exporting with [${1}:default]"
165 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
166 echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}"
167 ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
168 -k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1
169 ret=$?
170 html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)"
171 check_tmpfile
172 return $ret
173 }
175 ########################################################################
176 # Exports key/cert to a p12 file, the key encryption cipher is left
177 # empty for default and the cert encryption cipher is specified.
178 ########################################################################
179 export_with_cert_cipher()
180 {
181 # $1 certificate encryption cipher
182 echo "$SCRIPTNAME: Exporting with [default:${1}]"
183 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
184 echo " -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}"
185 ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \
186 -k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1
187 ret=$?
188 html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)"
189 check_tmpfile
190 return $ret
191 }
193 ########################################################################
194 # Exports key/cert to a p12 file, both the key encryption cipher and
195 # the cert encryption cipher are specified.
196 ########################################################################
197 export_with_both_key_and_cert_cipher()
198 {
199 # $1 key encryption cipher or ""
200 # $2 certificate encryption cipher or ""
202 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
203 echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}"
204 ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
205 -k ${R_PWFILE} -w ${R_PWFILE} \
206 -c "${1}" -C "${2}" 2>&1
207 ret=$?
208 html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)"
209 check_tmpfile
210 return $ret
211 }
213 ########################################################################
214 # Exports key and cert to a p12 file, both the key encryption cipher
215 # and the cert encryption cipher are specified. The key and cert are
216 # imported and the p12 file is listed
217 ########################################################################
218 export_list_import()
219 {
220 # $1 key encryption cipher
221 # $2 certificate encryption cipher
223 if [ "${1}" != "DEFAULT" -a "${2}" != "DEFAULT" ]; then
224 export_with_both_key_and_cert_cipher "${1}" "${2}"
225 elif [ "${1}" != "DEFAULT" -a "${2}" = "DEFAULT" ]; then
226 export_with_key_cipher "${1}"
227 elif [ "${1}" = "DEFAULT" -a "${2}" != "DEFAULT" ]; then
228 export_with_cert_cipher "${2}"
229 else
230 export_with_default_ciphers
231 fi
233 list_p12_file Alice.p12
234 import_p12_file Alice.p12
235 }
237 ########################################################################
238 # Export using the pkcs5pbe ciphers for key and certificate encryption.
239 # List the contents of and import from the p12 file.
240 ########################################################################
241 tools_p12_export_list_import_all_pkcs5pbe_ciphers()
242 {
243 # specify each on key and cert cipher
244 for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
245 "${pkcs5pbeWithMD5AndDEScbc}" \
246 "${pkcs5pbeWithSha1AndDEScbc}"\
247 "DEFAULT"; do
248 for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \
249 "${pkcs5pbeWithMD5AndDEScbc}" \
250 "${pkcs5pbeWithSha1AndDEScbc}" \
251 "DEFAULT"\
252 "null"; do
253 export_list_import "${key_cipher}" "${cert_cipher}"
254 done
255 done
256 }
258 ########################################################################
259 # Export using the pkcs5v2 ciphers for key and certificate encryption.
260 # List the contents of and import from the p12 file.
261 ########################################################################
262 tools_p12_export_list_import_all_pkcs5v2_ciphers()
263 {
264 # These should pass
265 for key_cipher in\
266 RC2-CBC \
267 DES-EDE3-CBC \
268 AES-128-CBC \
269 AES-192-CBC \
270 AES-256-CBC \
271 CAMELLIA-128-CBC \
272 CAMELLIA-192-CBC \
273 CAMELLIA-256-CBC; do
275 #---------------------------------------------------------------
276 # Bug 452464 - pk12util -o fails when -C option specifies AES or
277 # Camellia ciphers
278 # FIXME Restore these to the list
279 # AES-128-CBC, \
280 # AES-192-CBC, \
281 # AES-256-CBC, \
282 # CAMELLIA-128-CBC, \
283 # CAMELLIA-192-CBC, \
284 # CAMELLIA-256-CBC, \
285 # when 452464 is fixed
286 #---------------------------------------------------------------
287 for cert_cipher in \
288 RC2-CBC \
289 DES-EDE3-CBC \
290 null; do
291 export_list_import ${key_cipher} ${cert_cipher}
292 done
293 done
294 }
296 ########################################################################
297 # Export using the pkcs12v2pbe ciphers for key and certificate encryption.
298 # List the contents of and import from the p12 file.
299 ########################################################################
300 tools_p12_export_list_import_all_pkcs12v2pbe_ciphers()
301 {
302 #---------------------------------------------------------------
303 # Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers
304 # FIXME - Restore these to the list
305 # "${pkcs12v2pbeWithSha1And128BitRc4}" \
306 # "${pkcs12v2pbeWithSha1And40BitRc4}" \
307 # "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
308 # "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
309 # "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
310 # "${pkcs12v2pbeWithMd2AndDESCBC}" \
311 # "${pkcs12v2pbeWithMd5AndDESCBC}" \
312 # "${pkcs12v2pbeWithSha1AndDESCBC}" \
313 # "DEFAULT"; do
314 # when 452471 is fixed
315 #---------------------------------------------------------------
316 # for key_cipher in \
317 key_cipher="DEFAULT"
318 for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \
319 "${pkcs12v2pbeWithSha1And40BitRc4}" \
320 "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \
321 "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \
322 "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \
323 "${pkcs12v2pbeWithMd2AndDESCBC}" \
324 "${pkcs12v2pbeWithMd5AndDESCBC}" \
325 "${pkcs12v2pbeWithSha1AndDESCBC}" \
326 "DEFAULT"\
327 "null"; do
328 export_list_import "${key_cipher}" "${key_cipher}"
329 done
330 #done
331 }
333 #########################################################################
334 # Export with no encryption on key should fail but on cert should pass
335 #########################################################################
336 tools_p12_export_with_null_ciphers()
337 {
338 # use null as the key encryption algorithm default for the cert one
339 # should fail
341 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
342 echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null"
343 ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
344 -k ${R_PWFILE} -w ${R_PWFILE} \
345 -c null 2>&1
346 ret=$?
347 html_msg $ret 30 "Exporting with [null:default] (pk12util -o)"
348 check_tmpfile
350 # use default as the key encryption algorithm null for the cert one
351 # should pass
353 echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\"
354 echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null"
355 ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \
356 -k ${R_PWFILE} -w ${R_PWFILE} \
357 -C null 2>&1
358 ret=$?
359 html_msg $ret 0 "Exporting with [default:null] (pk12util -o)"
360 check_tmpfile
362 }
364 #########################################################################
365 # Exports using the default key and certificate encryption ciphers.
366 # Imports from and lists the contents of the p12 file.
367 # Repeats the test with ECC if enabled.
368 ########################################################################
369 tools_p12_export_list_import_with_default_ciphers()
370 {
371 echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers"
373 export_list_import "DEFAULT" "DEFAULT"
375 if [ -z "$NSS_DISABLE_ECC" ] ; then
376 echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------"
377 echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\"
378 echo " -w ${R_PWFILE}"
379 ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \
380 -w ${R_PWFILE} 2>&1
381 ret=$?
382 html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)"
383 check_tmpfile
385 echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------"
386 echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}"
387 ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1
388 ret=$?
389 html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)"
390 check_tmpfile
392 echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------"
393 echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}"
394 ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1
395 ret=$?
396 html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)"
397 check_tmpfile
398 fi
399 }
401 ############################## tools_p12 ###############################
402 # local shell function to test basic functionality of pk12util
403 ########################################################################
404 tools_p12()
405 {
406 tools_p12_export_list_import_with_default_ciphers
407 tools_p12_export_list_import_all_pkcs5v2_ciphers
408 tools_p12_export_list_import_all_pkcs5pbe_ciphers
409 tools_p12_export_list_import_all_pkcs12v2pbe_ciphers
410 tools_p12_export_with_null_ciphers
411 }
413 ############################## tools_sign ##############################
414 # local shell function pk12util uses a hardcoded tmp file, if this exists
415 # and is owned by another user we don't get reasonable errormessages
416 ########################################################################
417 check_tmpfile()
418 {
419 if [ $ret != "0" -a -f /tmp/Pk12uTemp ] ; then
420 echo "Error: pk12util temp file exists. Please remove this file and"
421 echo " rerun the test (/tmp/Pk12uTemp) "
422 fi
423 }
425 ############################## tools_sign ##############################
426 # local shell function to test basic functionality of signtool
427 ########################################################################
428 tools_sign()
429 {
430 echo "$SCRIPTNAME: Create objsign cert -------------------------------"
431 echo "signtool -G \"objectsigner\" -d ${P_R_SIGNDIR} -p \"nss\""
432 ${BINDIR}/signtool -G "objsigner" -d ${P_R_SIGNDIR} -p "nss" 2>&1 <<SIGNSCRIPT
433 y
434 TEST
435 MOZ
436 NSS
437 NY
438 US
439 liz
440 liz@moz.org
441 SIGNSCRIPT
442 html_msg $? 0 "Create objsign cert (signtool -G)"
444 echo "$SCRIPTNAME: Signing a jar of files ----------------------------"
445 echo "signtool -Z nojs.jar -d ${P_R_SIGNDIR} -p \"nss\" -k objsigner \\"
446 echo " ${R_TOOLSDIR}/html"
447 ${BINDIR}/signtool -Z nojs.jar -d ${P_R_SIGNDIR} -p "nss" -k objsigner \
448 ${R_TOOLSDIR}/html
449 html_msg $? 0 "Signing a jar of files (signtool -Z)"
451 echo "$SCRIPTNAME: Listing signed files in jar ----------------------"
452 echo "signtool -v nojs.jar -d ${P_R_SIGNDIR} -p nss -k objsigner"
453 ${BINDIR}/signtool -v nojs.jar -d ${P_R_SIGNDIR} -p nss -k objsigner
454 html_msg $? 0 "Listing signed files in jar (signtool -v)"
456 echo "$SCRIPTNAME: Show who signed jar ------------------------------"
457 echo "signtool -w nojs.jar -d ${P_R_SIGNDIR}"
458 ${BINDIR}/signtool -w nojs.jar -d ${P_R_SIGNDIR}
459 html_msg $? 0 "Show who signed jar (signtool -w)"
461 echo "$SCRIPTNAME: Signing a xpi of files ----------------------------"
462 echo "signtool -Z nojs.xpi -X -d ${P_R_SIGNDIR} -p \"nss\" -k objsigner \\"
463 echo " ${R_TOOLSDIR}/html"
464 ${BINDIR}/signtool -Z nojs.xpi -X -d ${P_R_SIGNDIR} -p "nss" -k objsigner \
465 ${R_TOOLSDIR}/html
466 html_msg $? 0 "Signing a xpi of files (signtool -Z -X)"
468 echo "$SCRIPTNAME: Listing signed files in xpi ----------------------"
469 echo "signtool -v nojs.xpi -d ${P_R_SIGNDIR} -p nss -k objsigner"
470 ${BINDIR}/signtool -v nojs.xpi -d ${P_R_SIGNDIR} -p nss -k objsigner
471 html_msg $? 0 "Listing signed files in xpi (signtool -v)"
473 echo "$SCRIPTNAME: Show who signed xpi ------------------------------"
474 echo "signtool -w nojs.xpi -d ${P_R_SIGNDIR}"
475 ${BINDIR}/signtool -w nojs.xpi -d ${P_R_SIGNDIR}
476 html_msg $? 0 "Show who signed xpi (signtool -w)"
478 }
480 ############################## tools_cleanup ###########################
481 # local shell function to finish this script (no exit since it might be
482 # sourced)
483 ########################################################################
484 tools_cleanup()
485 {
486 html "</TABLE><BR>"
487 cd ${QADIR}
488 . common/cleanup.sh
489 }
491 ################## main #################################################
493 tools_init
494 tools_p12
495 tools_sign
496 tools_cleanup
