xref: /freebsd/crypto/heimdal/lib/hx509/test_crypto.in (revision 63a938566d524836885917d95bd491aa4400b181)
1#!/bin/sh
2#
3# Copyright (c) 2006 Kungliga Tekniska Högskolan
4# (Royal Institute of Technology, Stockholm, Sweden).
5# All rights reserved.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10#
11# 1. Redistributions of source code must retain the above copyright
12#    notice, this list of conditions and the following disclaimer.
13#
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# 3. Neither the name of the Institute nor the names of its contributors
19#    may be used to endorse or promote products derived from this software
20#    without specific prior written permission.
21#
22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32# SUCH DAMAGE.
33#
34# $Id$
35#
36
37srcdir="@srcdir@"
38objdir="@objdir@"
39
40stat="--statistic-file=${objdir}/statfile"
41
42hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
43
44if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
45    exit 77
46fi
47if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
48    exit 77
49fi
50
51
52echo "Bleichenbacher good cert (from eay)"
53${hxtool} verify --missing-revoke \
54    --time=2006-09-25 \
55    cert:FILE:$srcdir/data/bleichenbacher-good.pem \
56    anchor:FILE:$srcdir/data/bleichenbacher-good.pem > /dev/null || exit 1
57
58echo "Bleichenbacher bad cert (from eay)"
59${hxtool} verify --missing-revoke \
60    --time=2006-09-25 \
61    cert:FILE:$srcdir/data/bleichenbacher-bad.pem \
62    anchor:FILE:$srcdir/data/bleichenbacher-bad.pem > /dev/null && exit 1
63
64echo "Bleichenbacher good cert (from yutaka)"
65${hxtool} verify --missing-revoke \
66    --time=2006-09-25 \
67    cert:FILE:$srcdir/data/yutaka-pad-ok-cert.pem \
68    anchor:FILE:$srcdir/data/yutaka-pad-ok-ca.pem > /dev/null || exit 1
69
70echo "Bleichenbacher bad cert (from yutaka)"
71${hxtool} verify --missing-revoke \
72    --time=2006-09-25 \
73    cert:FILE:$srcdir/data/yutaka-pad-broken-cert.pem \
74    anchor:FILE:$srcdir/data/yutaka-pad-broken-ca.pem > /dev/null && exit 1
75
76# Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
77# Andrew Pyshkin <pychkine@cdc.informatik.tu-darmstadt.de>
78echo "Bleichenbacher bad cert (sf pad correct)"
79${hxtool} verify --missing-revoke \
80    --time=2006-09-25 \
81    cert:FILE:$srcdir/data/bleichenbacher-sf-pad-correct.pem \
82    anchor:FILE:$srcdir/data/sf-class2-root.pem > /dev/null && exit 1
83
84echo Read 50 kilobyte random data
85${hxtool} random-data 50kilobyte > random-data || exit 1
86
87echo "crypto select1"
88${hxtool} crypto-select > test || { echo "select1"; exit 1; }
89cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
90	{ echo "select1 failure"; exit 1; }
91
92echo "crypto select1"
93${hxtool} crypto-select --type=digest > test || { echo "select1"; exit 1; }
94cmp test ${srcdir}/tst-crypto-select1 > /dev/null || \
95	{ echo "select1 failure"; exit 1; }
96
97echo "crypto select2"
98${hxtool} crypto-select --type=public-sig > test || { echo "select2"; exit 1; }
99cmp test ${srcdir}/tst-crypto-select2 > /dev/null || \
100	{ echo "select2 failure"; exit 1; }
101
102echo "crypto select3"
103${hxtool} crypto-select \
104	--type=public-sig \
105	--peer-cmstype=1.2.840.113549.1.1.4 \
106	 > test || { echo "select3"; exit 1; }
107cmp test ${srcdir}/tst-crypto-select3 > /dev/null || \
108	{ echo "select3 failure"; exit 1; }
109
110echo "crypto select4"
111${hxtool} crypto-select \
112	--type=public-sig \
113	--peer-cmstype=1.2.840.113549.1.1.5 \
114	--peer-cmstype=1.2.840.113549.1.1.4 \
115	 > test || { echo "select4"; exit 1; }
116cmp test ${srcdir}/tst-crypto-select4 > /dev/null || \
117	{ echo "select4 failure"; exit 1; }
118
119echo "crypto select5"
120${hxtool} crypto-select \
121	--type=public-sig \
122	--peer-cmstype=1.2.840.113549.1.1.11 \
123	--peer-cmstype=1.2.840.113549.1.1.5 \
124	 > test || { echo "select5"; exit 1; }
125cmp test ${srcdir}/tst-crypto-select5 > /dev/null || \
126	{ echo "select5 failure"; exit 1; }
127
128echo "crypto select6"
129${hxtool} crypto-select \
130	--type=public-sig \
131	--peer-cmstype=1.2.840.113549.2.5 \
132	--peer-cmstype=1.2.840.113549.1.1.5 \
133	 > test || { echo "select6"; exit 1; }
134cmp test ${srcdir}/tst-crypto-select6 > /dev/null || \
135	{ echo "select6 failure"; exit 1; }
136
137echo "crypto select7"
138${hxtool} crypto-select \
139	--type=secret \
140	--peer-cmstype=2.16.840.1.101.3.4.1.42 \
141	--peer-cmstype=1.2.840.113549.3.7 \
142	--peer-cmstype=1.2.840.113549.1.1.5 \
143	 > test || { echo "select7"; exit 1; }
144cmp test ${srcdir}/tst-crypto-select7 > /dev/null || \
145	{ echo "select7 failure"; exit 1; }
146
147#echo "crypto available1"
148#${hxtool} crypto-available \
149#	--type=all \
150#	> test || { echo "available1"; exit 1; }
151#cmp test ${srcdir}/tst-crypto-available1 > /dev/null || \
152#	{ echo "available1 failure"; exit 1; }
153
154echo "crypto available2"
155${hxtool} crypto-available \
156	--type=digest \
157	> test || { echo "available2"; exit 1; }
158cmp test ${srcdir}/tst-crypto-available2 > /dev/null || \
159	{ echo "available2 failure"; exit 1; }
160
161#echo "crypto available3"
162#${hxtool} crypto-available \
163#	--type=public-sig \
164#	> test || { echo "available3"; exit 1; }
165#cmp test ${srcdir}/tst-crypto-available3 > /dev/null || \
166#	{ echo "available3 failure"; exit 1; }
167
168echo "copy keystore FILE existing -> FILE"
169${hxtool} certificate-copy \
170    FILE:${srcdir}/data/test.crt,${srcdir}/data/test.key \
171    FILE:out.pem || exit 1
172
173echo "copy keystore FILE -> FILE"
174${hxtool} certificate-copy \
175    FILE:out.pem \
176    FILE:out2.pem || exit 1
177
178echo "copy keystore FILE -> PKCS12"
179${hxtool} certificate-copy \
180    FILE:out.pem \
181    PKCS12:out2.pem || exit 1
182
183echo "print certificate with utf8"
184${hxtool} print \
185	FILE:$srcdir/data/j.pem >/dev/null 2>/dev/null || exit 1
186
187echo "Make sure that we can parse EC private keys"
188${hxtool} print --content \
189    FILE:$srcdir/data/pkinit-ec.crt,$srcdir/data/pkinit-ec.key \
190    > /dev/null || exit 1
191
192exit 0
193