Blame tests/gen-keys.sh

Packit Service 087331
#!/bin/bash
Packit Service 087331
# SPDX-License-Identifier: GPL-2.0
Packit Service 087331
#
Packit Service 087331
# Generate keys for the tests
Packit Service 087331
#
Packit Service 087331
# Copyright (C) 2020 Vitaly Chikunov <vt@altlinux.org>
Packit Service 087331
#
Packit Service 087331
# This program is free software; you can redistribute it and/or modify
Packit Service 087331
# it under the terms of the GNU General Public License as published by
Packit Service 087331
# the Free Software Foundation; either version 2, or (at your option)
Packit Service 087331
# any later version.
Packit Service 087331
#
Packit Service 087331
# This program is distributed in the hope that it will be useful,
Packit Service 087331
# but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 087331
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 087331
# GNU General Public License for more details.
Packit Service 087331
Packit Service 087331
cd "$(dirname "$0")" || exit 1
Packit Service 087331
PATH=../src:$PATH
Packit Service 087331
type openssl
Packit Service 087331
Packit Service 087331
log() {
Packit Service 087331
  echo - "$*"
Packit Service 087331
  eval "$@"
Packit Service 087331
}
Packit Service 087331
Packit Service 087331
if [ "$1" = clean ]; then
Packit Service 087331
  rm -f test-ca.conf
Packit Service 087331
elif [ "$1" = force ] || [ ! -e test-ca.conf ]; then
Packit Service 087331
cat > test-ca.conf <<- EOF
Packit Service 087331
	[ req ]
Packit Service 087331
	distinguished_name = req_distinguished_name
Packit Service 087331
	prompt = no
Packit Service 087331
	string_mask = utf8only
Packit Service 087331
	x509_extensions = v3_ca
Packit Service 087331
Packit Service 087331
	[ req_distinguished_name ]
Packit Service 087331
	O = IMA-CA
Packit Service 087331
	CN = IMA/EVM certificate signing key
Packit Service 087331
	emailAddress = ca@ima-ca
Packit Service 087331
Packit Service 087331
	[ v3_ca ]
Packit Service 087331
	basicConstraints=CA:TRUE
Packit Service 087331
	subjectKeyIdentifier=hash
Packit Service 087331
	authorityKeyIdentifier=keyid:always,issuer
Packit Service 087331
EOF
Packit Service 087331
fi
Packit Service 087331
Packit Service 087331
# RSA
Packit Service 087331
# Second key will be used for wrong key tests.
Packit Service 087331
for m in 1024 2048; do
Packit Service 087331
  if [ "$1" = clean ] || [ "$1" = force ]; then
Packit Service 087331
    rm -f test-rsa$m.cer test-rsa$m.key test-rsa$m.pub
Packit Service 087331
  fi
Packit Service 087331
  if [ "$1" = clean ]; then
Packit Service 087331
    continue
Packit Service 087331
  fi
Packit Service 087331
  if [ ! -e test-rsa$m.key ]; then
Packit Service 087331
    log openssl req -verbose -new -nodes -utf8 -sha1 -days 10000 -batch -x509 \
Packit Service 087331
      -config test-ca.conf \
Packit Service 087331
      -newkey rsa:$m \
Packit Service 087331
      -out test-rsa$m.cer -outform DER \
Packit Service 087331
      -keyout test-rsa$m.key
Packit Service 087331
    # for v1 signatures
Packit Service 087331
    log openssl pkey -in test-rsa$m.key -out test-rsa$m.pub -pubout
Packit Service 087331
  fi
Packit Service 087331
done
Packit Service 087331
Packit Service 087331
# EC-RDSA
Packit Service 087331
for m in \
Packit Service 087331
  gost2012_256:A \
Packit Service 087331
  gost2012_256:B \
Packit Service 087331
  gost2012_256:C \
Packit Service 087331
  gost2012_512:A \
Packit Service 087331
  gost2012_512:B; do
Packit Service 087331
    IFS=':' read -r algo param <<< "$m"
Packit Service 087331
    if [ "$1" = clean ] || [ "$1" = force ]; then
Packit Service 087331
      rm -f "test-$algo-$param.key" "test-$algo-$param.cer" "test-$algo-$param.pub"
Packit Service 087331
    fi
Packit Service 087331
    if [ "$1" = clean ]; then
Packit Service 087331
      continue
Packit Service 087331
    fi
Packit Service 087331
    [ -e "test-$algo-$param.key" ] && continue
Packit Service 087331
    log openssl req -nodes -x509 -utf8 -days 10000 -batch \
Packit Service 087331
      -config test-ca.conf \
Packit Service 087331
      -newkey "$algo" \
Packit Service 087331
      -pkeyopt "paramset:$param" \
Packit Service 087331
      -out    "test-$algo-$param.cer" -outform DER \
Packit Service 087331
      -keyout "test-$algo-$param.key"
Packit Service 087331
    if [ -s "test-$algo-$param.key" ]; then
Packit Service 087331
      log openssl pkey -in "test-$algo-$param.key" -out "test-$algo-$param.pub" -pubout
Packit Service 087331
    fi
Packit Service 087331
done
Packit Service 087331
Packit Service 087331
# This script leaves test-ca.conf, *.cer, *.pub, *.key files for sing/verify tests.
Packit Service 087331
# They are never deleted except by `make distclean'.
Packit Service 087331