xref: /freebsd/crypto/heimdal/lib/hx509/test_nist2.in (revision 6a068746777241722b2b32c5d0bc443a2a64d80b) 
1c19800e8SDoug Rabson#!/bin/sh
2c19800e8SDoug Rabson#
3*ae771770SStanislav Sedov# Copyright (c) 2004 - 2008 Kungliga Tekniska Högskolan
4c19800e8SDoug Rabson# (Royal Institute of Technology, Stockholm, Sweden).
5c19800e8SDoug Rabson# All rights reserved.
6c19800e8SDoug Rabson#
7c19800e8SDoug Rabson# Redistribution and use in source and binary forms, with or without
8c19800e8SDoug Rabson# modification, are permitted provided that the following conditions
9c19800e8SDoug Rabson# are met:
10c19800e8SDoug Rabson#
11c19800e8SDoug Rabson# 1. Redistributions of source code must retain the above copyright
12c19800e8SDoug Rabson#    notice, this list of conditions and the following disclaimer.
13c19800e8SDoug Rabson#
14c19800e8SDoug Rabson# 2. Redistributions in binary form must reproduce the above copyright
15c19800e8SDoug Rabson#    notice, this list of conditions and the following disclaimer in the
16c19800e8SDoug Rabson#    documentation and/or other materials provided with the distribution.
17c19800e8SDoug Rabson#
18c19800e8SDoug Rabson# 3. Neither the name of the Institute nor the names of its contributors
19c19800e8SDoug Rabson#    may be used to endorse or promote products derived from this software
20c19800e8SDoug Rabson#    without specific prior written permission.
21c19800e8SDoug Rabson#
22c19800e8SDoug Rabson# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23c19800e8SDoug Rabson# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24c19800e8SDoug Rabson# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25c19800e8SDoug Rabson# ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26c19800e8SDoug Rabson# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27c19800e8SDoug Rabson# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28c19800e8SDoug Rabson# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29c19800e8SDoug Rabson# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30c19800e8SDoug Rabson# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31c19800e8SDoug Rabson# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32c19800e8SDoug Rabson# SUCH DAMAGE.
33c19800e8SDoug Rabson#
34c19800e8SDoug Rabson# $Id: test_nist.in 21787 2007-08-02 08:50:24Z lha $
35c19800e8SDoug Rabson#
36c19800e8SDoug Rabson
37c19800e8SDoug Rabsonsrcdir="@srcdir@"
38c19800e8SDoug Rabsonobjdir="@objdir@"
39c19800e8SDoug Rabsonnistdir=${objdir}/PKITS_data
40c19800e8SDoug Rabsonnistzip=${srcdir}/data/PKITS_data.zip
41*ae771770SStanislav Sedovegrep="@egrep@"
42c19800e8SDoug Rabson
43c19800e8SDoug Rabsonlimit="${1:-nolimit}"
44c19800e8SDoug Rabson
45c19800e8SDoug Rabsonstat="--statistic-file=${objdir}/statfile"
46c19800e8SDoug Rabson
47c19800e8SDoug Rabsonhxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
48c19800e8SDoug Rabson
49c19800e8SDoug Rabson# nistzip is not distributed part of the distribution
50c19800e8SDoug Rabsontest -f "$nistzip" || exit 77
51c19800e8SDoug Rabson
52c19800e8SDoug Rabsonif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
53c19800e8SDoug Rabson    exit 77
54c19800e8SDoug Rabsonfi
55c19800e8SDoug Rabsonif ${hxtool} info | grep 'rand: not available' > /dev/null ; then
56c19800e8SDoug Rabson    exit 77
57c19800e8SDoug Rabsonfi
58c19800e8SDoug Rabson
59*ae771770SStanislav Sedov#--------- Try to find unzip
60*ae771770SStanislav Sedov
61*ae771770SStanislav Sedovoldifs=$IFS
62*ae771770SStanislav SedovIFS=:
63*ae771770SStanislav Sedovset -- $PATH
64*ae771770SStanislav SedovIFS=$oldifs
65*ae771770SStanislav Sedovfound=
66*ae771770SStanislav Sedov
67*ae771770SStanislav Sedovfor p in "$@" ; do
68*ae771770SStanislav Sedov    test -x "$p/unzip" && { found=1 ; break; }
69*ae771770SStanislav Sedovdone
70*ae771770SStanislav Sedovtest "X$found" = "X" && exit 77
71*ae771770SStanislav Sedov
72*ae771770SStanislav Sedov#---------
73*ae771770SStanislav Sedov
74*ae771770SStanislav Sedov
75c19800e8SDoug Rabsonecho "nist tests, version 2"
76c19800e8SDoug Rabson
77c19800e8SDoug Rabsonif [ ! -d "$nistdir" ] ; then
78c19800e8SDoug Rabson    ( mkdir "$nistdir" && unzip -d "${nistdir}" "${nistzip}" ) >/dev/null || \
79c19800e8SDoug Rabson	{ rm -rf "$nistdir" ; exit 1; }
80c19800e8SDoug Rabsonfi
81c19800e8SDoug Rabson
82c19800e8SDoug Rabsonec=
83c19800e8SDoug Rabsonname=
84c19800e8SDoug Rabsondescription=
85c19800e8SDoug Rabsonwhile read result cert other ; do
86c19800e8SDoug Rabson    if expr "$result" : "#" > /dev/null; then
87c19800e8SDoug Rabson	name=${cert}
88c19800e8SDoug Rabson	description="${other}"
89c19800e8SDoug Rabson	continue
90c19800e8SDoug Rabson    fi
91c19800e8SDoug Rabson
92c19800e8SDoug Rabson    test nolimit != "${limit}" && ! expr "$name" : "$limit" > /dev/null && continue
93c19800e8SDoug Rabson
94c19800e8SDoug Rabson    test "$result" = "end" && break
95c19800e8SDoug Rabson
96c19800e8SDoug Rabson    args=
97c19800e8SDoug Rabson    args="$args cert:FILE:$nistdir/certs/$cert"
98c19800e8SDoug Rabson    args="$args chain:DIR:$nistdir/certs"
99c19800e8SDoug Rabson    args="$args anchor:FILE:$nistdir/certs/TrustAnchorRootCertificate.crt"
100c19800e8SDoug Rabson
101c19800e8SDoug Rabson    for a in $nistdir/crls/*.crl; do
102c19800e8SDoug Rabson	args="$args crl:FILE:$a"
103c19800e8SDoug Rabson    done
104c19800e8SDoug Rabson
105*ae771770SStanislav Sedov    cmd="${hxtool} verify --time=2008-05-20 $args"
106c19800e8SDoug Rabson    eval ${cmd} > /dev/null
107c19800e8SDoug Rabson    res=$?
108c19800e8SDoug Rabson
109c19800e8SDoug Rabson    case "${result},${res}" in
110c19800e8SDoug Rabson    0,0) r="PASSs";;
111c19800e8SDoug Rabson    0,*) r="FAILs";;
112c19800e8SDoug Rabson    [123],0) r="FAILf";;
113c19800e8SDoug Rabson    [123],*) r="PASSf";;
114c19800e8SDoug Rabson    *) echo="unknown result ${result},${res}" ; exit 1 ;;
115c19800e8SDoug Rabson    esac
116*ae771770SStanislav Sedov    if ${egrep} "^${name} FAIL" $srcdir/data/nist-result2 > /dev/null; then
117c19800e8SDoug Rabson	if expr "$r" : "PASS" >/dev/null; then
118c19800e8SDoug Rabson	    echo "${name} passed when expected not to"
119c19800e8SDoug Rabson	    echo "# ${description}" > nist2-passed-${name}.tmp
120c19800e8SDoug Rabson	    ec=1
121c19800e8SDoug Rabson	fi
122*ae771770SStanislav Sedov    elif ${egrep} "^${name} EITHER" $srcdir/data/nist-result2 > /dev/null; then
123*ae771770SStanislav Sedov	:
124c19800e8SDoug Rabson    elif expr "$r" : "FAIL.*" >/dev/null ; then
125c19800e8SDoug Rabson	echo "$r ${name} ${description}"
126c19800e8SDoug Rabson	echo "# ${description}" > nist2-failed-${name}.tmp
127c19800e8SDoug Rabson	echo "$cmd" >> nist2-failed-${name}.tmp
128c19800e8SDoug Rabson	ec=1
129c19800e8SDoug Rabson    fi
130c19800e8SDoug Rabson
131c19800e8SDoug Rabsondone < $srcdir/data/nist-data2
132c19800e8SDoug Rabson
133c19800e8SDoug Rabson
134c19800e8SDoug Rabsonecho "done!"
135c19800e8SDoug Rabson
136c19800e8SDoug Rabsonexit $ec
137