1#! /bin/csh -f 2# 3# Run one iteration of openssl wrap export test. 4# Only used as a subroutine call from importExportOpensslWrap 5# 6# Usage 7# exportOpensslTool rawKey oskeyGen osKeyParse alg(rsa|dsa) keysize quiet(YES|NO) noACL(YES|NO) securePhrase(YES|NO) 8# 9if ( $#argv != 8 ) then 10 echo usage error for exportOpensslTool 11 exit(1) 12endif 13set RAWKEY=$argv[1] 14set OS_KEY_EXP=$argv[2] 15set OS_KEY_PARSE_OS=$argv[3] 16set KEY_ALG=$argv[4] 17set KEY_SIZE=$argv[5] 18set QUIET=$argv[6] 19set QUIET_ARG= 20if ($QUIET == YES) then 21 set QUIET_ARG=-q 22endif 23set NOACL_ARG= 24if ($argv[7] == YES) then 25 set NOACL_ARG=-n 26endif 27set SECURE_PHRASE_ARG= 28if ($argv[8] == YES) then 29 set SECURE_PHRASE_ARG=-Z 30endif 31 32source setupCommon 33 34set PASSWORD=foobar 35set OS_PWD_ARG="-passout pass:$PASSWORD" 36 37if ($QUIET == NO) then 38 echo $CLEANKC 39endif 40$CLEANKC || exit(1) 41# 42# import the raw key 43# 44set cmd="$KCIMPORT $RAWKEY -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG $SECURE_PHRASE_ARG" 45if ($QUIET == NO) then 46 echo $cmd 47endif 48$cmd || exit(1) 49set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG" 50if ($QUIET == NO) then 51 echo $cmd 52endif 53$cmd || exit(1) 54# 55# Export it in openssl wrap form 56# 57set cmd="$RM -f $OS_KEY_EXP" 58if ($QUIET == NO) then 59 echo $cmd 60endif 61$cmd || exit(1) 62set cmd="$KCEXPORT $KEYCHAIN -t privKeys -f openssl -w -z $PASSWORD -o $OS_KEY_EXP -q $SECURE_PHRASE_ARG" 63if ($QUIET == NO) then 64 echo $cmd 65endif 66$cmd || exit(1) 67# 68# Ensure that openssl can read it, then write it in unencrypted form 69# Save openssl's stderr in a temp file and cat that to our stderr only on error. 70# 71set STDERR_TMP=/tmp/openssl_stderr 72set cmd="$RM -f $OS_KEY_PARSE_OS" 73if ($QUIET == NO) then 74 echo $cmd 75endif 76$cmd || exit(1) 77set cmd="$OPENSSL $KEY_ALG -inform PEM -outform DER -in $OS_KEY_EXP -passin pass:$PASSWORD -out $OS_KEY_PARSE_OS" 78if ($QUIET == NO) then 79 echo $cmd 80endif 81$cmd >& $STDERR_TMP 82if($status != 0) then 83 cat $STDERR_TMP > /dev/stderr 84 exit(1) 85endif 86rm $STDERR_TMP 87# 88# Then ensure we can read the parsed result 89# 90if ($QUIET == NO) then 91 echo $CLEANKC 92endif 93$CLEANKC || exit(1) 94set cmd="$KCIMPORT $OS_KEY_PARSE_OS -k $KEYCHAIN -f openssl -F openssl -T priv -K 1 $QUIET_ARG $NOACL_ARG" 95if ($QUIET == NO) then 96 echo $cmd 97endif 98$cmd || exit(1) 99set cmd="$DBVERIFY $KEYCHAIN_PATH $KEY_ALG priv $KEY_SIZE $QUIET_ARG" 100if ($QUIET == NO) then 101 echo $cmd 102endif 103$cmd || exit(1) 104