1#! /bin/csh -f
2#
3# Run one iteration of openssl wrap export test.
4# Only used as a subroutine call from importExportOpensslWrap
5#
6# Usage
7#   exportOpensslTool rawKey oskeyGen osKeyParse alg(rsa|dsa) keysize quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO)
8#
9if ( $#argv != 8 ) then
10	echo usage error for exportOpensslTool
11	exit(1)
12endif
13set RAWKEY=$argv[1]
14set OS_KEY_EXP=$argv[2]
15set OS_KEY_PARSE_OS=$argv[3]
16set KEY_ALG=$argv[4]
17set KEY_SIZE=$argv[5]
18set QUIET=$argv[6]
19set QUIET_ARG=
20if ($QUIET == YES) then
21	set QUIET_ARG=-q
22endif
23set NOACL_ARG=
24if ($argv[7] == YES) then
25	set NOACL_ARG=-n
26endif
27set SECURE_PHRASE_ARG=
28if ($argv[8] == YES) then
29	set SECURE_PHRASE_ARG=-Z
30endif
31
32source setupCommon
33
34set PASSWORD=foobar
35set OS_PWD_ARG="-passout pass:$PASSWORD"
36
37if ($QUIET == NO) then
38	echo $CLEANKC
39endif
40$CLEANKC || exit(1)
41#
42# import the raw key
43#
44set cmd="$KCIMPORT $RAWKEY -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG"
45if ($QUIET == NO) then
46	echo $cmd
47endif
48$cmd || exit(1)
49set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
50if ($QUIET == NO) then
51	echo $cmd
52endif
53$cmd || exit(1)
54#
55# Export it in openssl wrap form 
56#
57set cmd="$RM -f $OS_KEY_EXP"
58if ($QUIET == NO) then
59	echo $cmd
60endif
61$cmd || exit(1)
62set cmd="$KCEXPORT $KEYCHAIN -t privKeys -f openssl -w -z $PASSWORD -o $OS_KEY_EXP -q $SECURE_PHRASE_ARG"
63if ($QUIET == NO) then
64	echo $cmd
65endif
66$cmd || exit(1)
67#
68# Ensure that openssl can read it, then write it in unencrypted form
69# Save openssl's stderr in a temp file and cat that to our stderr only on error.
70#
71set STDERR_TMP=/tmp/openssl_stderr
72set cmd="$RM -f $OS_KEY_PARSE_OS"
73if ($QUIET == NO) then
74	echo $cmd
75endif
76$cmd || exit(1)
77set cmd="$OPENSSL $KEY_ALG -inform PEM -outform DER -in $OS_KEY_EXP -passin pass:$PASSWORD -out $OS_KEY_PARSE_OS"
78if ($QUIET == NO) then
79	echo $cmd
80endif
81$cmd >& $STDERR_TMP
82if($status != 0) then
83	cat $STDERR_TMP > /dev/stderr
84	exit(1)
85endif
86rm $STDERR_TMP
87#
88# Then ensure we can read the parsed result
89#
90if ($QUIET == NO) then
91	echo $CLEANKC
92endif
93$CLEANKC || exit(1)
94set cmd="$KCIMPORT $OS_KEY_PARSE_OS -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG"
95if ($QUIET == NO) then
96	echo $cmd
97endif
98$cmd || exit(1)
99set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG"
100if ($QUIET == NO) then
101	echo $cmd
102endif
103$cmd || exit(1)
104