michael@0: #! /bin/bash michael@0: # michael@0: # This Source Code Form is subject to the terms of the Mozilla Public michael@0: # License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: # file, You can obtain one at http://mozilla.org/MPL/2.0/. michael@0: michael@0: ######################################################################## michael@0: # michael@0: # mozilla/security/nss/tests/tools/tools.sh michael@0: # michael@0: # Script to test basic functionality of NSS tools michael@0: # michael@0: # needs to work on all Unix and Windows platforms michael@0: # michael@0: # tests implemented: michael@0: # pk12util michael@0: # signtool michael@0: # michael@0: # special strings michael@0: # --------------- michael@0: # FIXME ... known problems, search for this string michael@0: # NOTE .... unexpected behavior michael@0: ######################################################################## michael@0: michael@0: export pkcs12v2pbeWithSha1And128BitRc4=\ michael@0: "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC4" michael@0: michael@0: export pkcs12v2pbeWithSha1And40BitRc4=\ michael@0: "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4" michael@0: michael@0: export pkcs12v2pbeWithSha1AndTripleDESCBC=\ michael@0: "PKCS #12 V2 PBE With SHA-1 and Triple DES-CBC" michael@0: michael@0: export pkcs12v2pbeWithSha1And128BitRc2Cbc=\ michael@0: "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC2 CBC" michael@0: michael@0: export pkcs12v2pbeWithSha1And40BitRc2Cbc=\ michael@0: "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC2 CBC" michael@0: michael@0: export pkcs12v2pbeWithMd2AndDESCBC=\ michael@0: "PKCS #5 Password Based Encryption with MD2 and DES-CBC" michael@0: michael@0: export pkcs12v2pbeWithMd5AndDESCBC=\ michael@0: "PKCS #5 Password Based Encryption with MD5 and DES-CBC" michael@0: michael@0: export pkcs12v2pbeWithSha1AndDESCBC=\ michael@0: "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC" michael@0: michael@0: export pkcs5pbeWithMD2AndDEScbc=\ michael@0: "PKCS #5 Password Based Encryption with MD2 and DES-CBC" michael@0: michael@0: export pkcs5pbeWithMD5AndDEScbc=\ michael@0: "PKCS #5 Password Based Encryption with MD5 and DES-CBC" michael@0: michael@0: export pkcs5pbeWithSha1AndDEScbc=\ michael@0: "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC" michael@0: michael@0: ############################## tools_init ############################## michael@0: # local shell function to initialize this script michael@0: ######################################################################## michael@0: tools_init() michael@0: { michael@0: SCRIPTNAME=tools.sh # sourced - $0 would point to all.sh michael@0: michael@0: if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for michael@0: CLEANUP="${SCRIPTNAME}" # cleaning this script will do it michael@0: fi michael@0: michael@0: if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then michael@0: cd ../common michael@0: . ./init.sh michael@0: fi michael@0: if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here michael@0: cd ../cert michael@0: . ./cert.sh michael@0: fi michael@0: SCRIPTNAME=tools.sh michael@0: michael@0: if [ -z "$NSS_DISABLE_ECC" ] ; then michael@0: html_head "Tools Tests with ECC" michael@0: else michael@0: html_head "Tools Tests" michael@0: fi michael@0: michael@0: grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || { michael@0: Exit 15 "Fatal - S/MIME of cert.sh needs to pass first" michael@0: } michael@0: michael@0: TOOLSDIR=${HOSTDIR}/tools michael@0: COPYDIR=${TOOLSDIR}/copydir michael@0: SIGNDIR=${TOOLSDIR}/signdir michael@0: michael@0: R_TOOLSDIR=../tools michael@0: R_COPYDIR=../tools/copydir michael@0: R_SIGNDIR=../tools/signdir michael@0: P_R_COPYDIR=${R_COPYDIR} michael@0: P_R_SIGNDIR=${R_SIGNDIR} michael@0: if [ -n "${MULTIACCESS_DBM}" ]; then michael@0: P_R_COPYDIR="multiaccess:Tools.$version" michael@0: P_R_SIGNDIR="multiaccess:Tools.sign.$version" michael@0: fi michael@0: michael@0: mkdir -p ${TOOLSDIR} michael@0: mkdir -p ${COPYDIR} michael@0: mkdir -p ${SIGNDIR} michael@0: cp ${ALICEDIR}/* ${SIGNDIR}/ michael@0: mkdir -p ${TOOLSDIR}/html michael@0: cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html michael@0: michael@0: cd ${TOOLSDIR} michael@0: } michael@0: michael@0: ########################## list_p12_file ############################### michael@0: # List the key and cert in the specified p12 file michael@0: ######################################################################## michael@0: list_p12_file() michael@0: { michael@0: echo "$SCRIPTNAME: Listing Alice's pk12 file" michael@0: echo "pk12util -l ${1} -w ${R_PWFILE}" michael@0: michael@0: ${BINDIR}/pk12util -l ${1} -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Listing ${1} (pk12util -l)" michael@0: check_tmpfile michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Import the key and cert from the specified p12 file michael@0: ######################################################################## michael@0: import_p12_file() michael@0: { michael@0: echo "$SCRIPTNAME: Importing Alice's pk12 ${1} file" michael@0: echo "pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" michael@0: michael@0: ${BINDIR}/pk12util -i ${1} -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Importing ${1} (pk12util -i)" michael@0: check_tmpfile michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Export the key and cert to a p12 file using default ciphers michael@0: ######################################################################## michael@0: export_with_default_ciphers() michael@0: { michael@0: echo "$SCRIPTNAME: Exporting Alice's key & cert with [default:default] (pk12util -o)" michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE}" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting Alices's key & cert with [default:default] (pk12util -o)" michael@0: check_tmpfile michael@0: return $ret michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Exports key/cert to a p12 file, the key encryption cipher is specified michael@0: # and the cert encryption cipher is blank for default. michael@0: ######################################################################## michael@0: export_with_key_cipher() michael@0: { michael@0: # $1 key encryption cipher michael@0: echo "$SCRIPTNAME: Exporting with [${1}:default]" michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1}" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} -c "${1}" 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting with [${1}:default] (pk12util -o)" michael@0: check_tmpfile michael@0: return $ret michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Exports key/cert to a p12 file, the key encryption cipher is left michael@0: # empty for default and the cert encryption cipher is specified. michael@0: ######################################################################## michael@0: export_with_cert_cipher() michael@0: { michael@0: # $1 certificate encryption cipher michael@0: echo "$SCRIPTNAME: Exporting with [default:${1}]" michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE} -C ${1}" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n "Alice" -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} -C "${1}" 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting with [default:${1}] (pk12util -o)" michael@0: check_tmpfile michael@0: return $ret michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Exports key/cert to a p12 file, both the key encryption cipher and michael@0: # the cert encryption cipher are specified. michael@0: ######################################################################## michael@0: export_with_both_key_and_cert_cipher() michael@0: { michael@0: # $1 key encryption cipher or "" michael@0: # $2 certificate encryption cipher or "" michael@0: michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE} -c ${1} -C ${2}" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} \ michael@0: -c "${1}" -C "${2}" 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting with [${1}:${2}] (pk12util -o)" michael@0: check_tmpfile michael@0: return $ret michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Exports key and cert to a p12 file, both the key encryption cipher michael@0: # and the cert encryption cipher are specified. The key and cert are michael@0: # imported and the p12 file is listed michael@0: ######################################################################## michael@0: export_list_import() michael@0: { michael@0: # $1 key encryption cipher michael@0: # $2 certificate encryption cipher michael@0: michael@0: if [ "${1}" != "DEFAULT" -a "${2}" != "DEFAULT" ]; then michael@0: export_with_both_key_and_cert_cipher "${1}" "${2}" michael@0: elif [ "${1}" != "DEFAULT" -a "${2}" = "DEFAULT" ]; then michael@0: export_with_key_cipher "${1}" michael@0: elif [ "${1}" = "DEFAULT" -a "${2}" != "DEFAULT" ]; then michael@0: export_with_cert_cipher "${2}" michael@0: else michael@0: export_with_default_ciphers michael@0: fi michael@0: michael@0: list_p12_file Alice.p12 michael@0: import_p12_file Alice.p12 michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Export using the pkcs5pbe ciphers for key and certificate encryption. michael@0: # List the contents of and import from the p12 file. michael@0: ######################################################################## michael@0: tools_p12_export_list_import_all_pkcs5pbe_ciphers() michael@0: { michael@0: # specify each on key and cert cipher michael@0: for key_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ michael@0: "${pkcs5pbeWithMD5AndDEScbc}" \ michael@0: "${pkcs5pbeWithSha1AndDEScbc}"\ michael@0: "DEFAULT"; do michael@0: for cert_cipher in "${pkcs5pbeWithMD2AndDEScbc}" \ michael@0: "${pkcs5pbeWithMD5AndDEScbc}" \ michael@0: "${pkcs5pbeWithSha1AndDEScbc}" \ michael@0: "DEFAULT"\ michael@0: "null"; do michael@0: export_list_import "${key_cipher}" "${cert_cipher}" michael@0: done michael@0: done michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Export using the pkcs5v2 ciphers for key and certificate encryption. michael@0: # List the contents of and import from the p12 file. michael@0: ######################################################################## michael@0: tools_p12_export_list_import_all_pkcs5v2_ciphers() michael@0: { michael@0: # These should pass michael@0: for key_cipher in\ michael@0: RC2-CBC \ michael@0: DES-EDE3-CBC \ michael@0: AES-128-CBC \ michael@0: AES-192-CBC \ michael@0: AES-256-CBC \ michael@0: CAMELLIA-128-CBC \ michael@0: CAMELLIA-192-CBC \ michael@0: CAMELLIA-256-CBC; do michael@0: michael@0: #--------------------------------------------------------------- michael@0: # Bug 452464 - pk12util -o fails when -C option specifies AES or michael@0: # Camellia ciphers michael@0: # FIXME Restore these to the list michael@0: # AES-128-CBC, \ michael@0: # AES-192-CBC, \ michael@0: # AES-256-CBC, \ michael@0: # CAMELLIA-128-CBC, \ michael@0: # CAMELLIA-192-CBC, \ michael@0: # CAMELLIA-256-CBC, \ michael@0: # when 452464 is fixed michael@0: #--------------------------------------------------------------- michael@0: for cert_cipher in \ michael@0: RC2-CBC \ michael@0: DES-EDE3-CBC \ michael@0: null; do michael@0: export_list_import ${key_cipher} ${cert_cipher} michael@0: done michael@0: done michael@0: } michael@0: michael@0: ######################################################################## michael@0: # Export using the pkcs12v2pbe ciphers for key and certificate encryption. michael@0: # List the contents of and import from the p12 file. michael@0: ######################################################################## michael@0: tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() michael@0: { michael@0: #--------------------------------------------------------------- michael@0: # Bug 452471 - pk12util -o fails when -c option specifies pkcs12v2 PBE ciphers michael@0: # FIXME - Restore these to the list michael@0: # "${pkcs12v2pbeWithSha1And128BitRc4}" \ michael@0: # "${pkcs12v2pbeWithSha1And40BitRc4}" \ michael@0: # "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ michael@0: # "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ michael@0: # "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ michael@0: # "${pkcs12v2pbeWithMd2AndDESCBC}" \ michael@0: # "${pkcs12v2pbeWithMd5AndDESCBC}" \ michael@0: # "${pkcs12v2pbeWithSha1AndDESCBC}" \ michael@0: # "DEFAULT"; do michael@0: # when 452471 is fixed michael@0: #--------------------------------------------------------------- michael@0: # for key_cipher in \ michael@0: key_cipher="DEFAULT" michael@0: for cert_cipher in "${pkcs12v2pbeWithSha1And128BitRc4}" \ michael@0: "${pkcs12v2pbeWithSha1And40BitRc4}" \ michael@0: "${pkcs12v2pbeWithSha1AndTripleDESCBC}" \ michael@0: "${pkcs12v2pbeWithSha1And128BitRc2Cbc}" \ michael@0: "${pkcs12v2pbeWithSha1And40BitRc2Cbc}" \ michael@0: "${pkcs12v2pbeWithMd2AndDESCBC}" \ michael@0: "${pkcs12v2pbeWithMd5AndDESCBC}" \ michael@0: "${pkcs12v2pbeWithSha1AndDESCBC}" \ michael@0: "DEFAULT"\ michael@0: "null"; do michael@0: export_list_import "${key_cipher}" "${key_cipher}" michael@0: done michael@0: #done michael@0: } michael@0: michael@0: ######################################################################### michael@0: # Export with no encryption on key should fail but on cert should pass michael@0: ######################################################################### michael@0: tools_p12_export_with_null_ciphers() michael@0: { michael@0: # use null as the key encryption algorithm default for the cert one michael@0: # should fail michael@0: michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} \ michael@0: -c null 2>&1 michael@0: ret=$? michael@0: html_msg $ret 30 "Exporting with [null:default] (pk12util -o)" michael@0: check_tmpfile michael@0: michael@0: # use default as the key encryption algorithm null for the cert one michael@0: # should pass michael@0: michael@0: echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" michael@0: echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null" michael@0: ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ michael@0: -k ${R_PWFILE} -w ${R_PWFILE} \ michael@0: -C null 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting with [default:null] (pk12util -o)" michael@0: check_tmpfile michael@0: michael@0: } michael@0: michael@0: ######################################################################### michael@0: # Exports using the default key and certificate encryption ciphers. michael@0: # Imports from and lists the contents of the p12 file. michael@0: # Repeats the test with ECC if enabled. michael@0: ######################################################################## michael@0: tools_p12_export_list_import_with_default_ciphers() michael@0: { michael@0: echo "$SCRIPTNAME: Exporting Alice's email cert & key - default ciphers" michael@0: michael@0: export_list_import "DEFAULT" "DEFAULT" michael@0: michael@0: if [ -z "$NSS_DISABLE_ECC" ] ; then michael@0: echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" michael@0: echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" michael@0: echo " -w ${R_PWFILE}" michael@0: ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ michael@0: -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)" michael@0: check_tmpfile michael@0: michael@0: echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------" michael@0: echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" michael@0: ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)" michael@0: check_tmpfile michael@0: michael@0: echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------" michael@0: echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}" michael@0: ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1 michael@0: ret=$? michael@0: html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" michael@0: check_tmpfile michael@0: fi michael@0: } michael@0: michael@0: ############################## tools_p12 ############################### michael@0: # local shell function to test basic functionality of pk12util michael@0: ######################################################################## michael@0: tools_p12() michael@0: { michael@0: tools_p12_export_list_import_with_default_ciphers michael@0: tools_p12_export_list_import_all_pkcs5v2_ciphers michael@0: tools_p12_export_list_import_all_pkcs5pbe_ciphers michael@0: tools_p12_export_list_import_all_pkcs12v2pbe_ciphers michael@0: tools_p12_export_with_null_ciphers michael@0: } michael@0: michael@0: ############################## tools_sign ############################## michael@0: # local shell function pk12util uses a hardcoded tmp file, if this exists michael@0: # and is owned by another user we don't get reasonable errormessages michael@0: ######################################################################## michael@0: check_tmpfile() michael@0: { michael@0: if [ $ret != "0" -a -f /tmp/Pk12uTemp ] ; then michael@0: echo "Error: pk12util temp file exists. Please remove this file and" michael@0: echo " rerun the test (/tmp/Pk12uTemp) " michael@0: fi michael@0: } michael@0: michael@0: ############################## tools_sign ############################## michael@0: # local shell function to test basic functionality of signtool michael@0: ######################################################################## michael@0: tools_sign() michael@0: { michael@0: echo "$SCRIPTNAME: Create objsign cert -------------------------------" michael@0: echo "signtool -G \"objectsigner\" -d ${P_R_SIGNDIR} -p \"nss\"" michael@0: ${BINDIR}/signtool -G "objsigner" -d ${P_R_SIGNDIR} -p "nss" 2>&1 <
" michael@0: cd ${QADIR} michael@0: . common/cleanup.sh michael@0: } michael@0: michael@0: ################## main ################################################# michael@0: michael@0: tools_init michael@0: tools_p12 michael@0: tools_sign michael@0: tools_cleanup michael@0: michael@0: