diff options
Diffstat (limited to 'security/nss/tests/tools')
-rw-r--r-- | security/nss/tests/tools/tools.sh | 64 |
1 files changed, 45 insertions, 19 deletions
diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index 26abf3e4e..769bafa00 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -29,7 +29,7 @@ "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4" export pkcs12v2pbeWithSha1AndTripleDESCBC=\ -"PKCS #12 V2 PBE With SHA-1 and Triple DES-CBC" +"PKCS #12 V2 PBE With SHA-1 and 3KEY Triple DES-CBC" export pkcs12v2pbeWithSha1And128BitRc2Cbc=\ "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC2 CBC" @@ -249,7 +249,7 @@ tools_p12_export_list_import_all_pkcs5pbe_ciphers() "${pkcs5pbeWithMD5AndDEScbc}" \ "${pkcs5pbeWithSha1AndDEScbc}" \ "DEFAULT"\ - "null"; do + "none"; do export_list_import "${key_cipher}" "${cert_cipher}" done done @@ -273,12 +273,9 @@ tools_p12_export_list_import_all_pkcs5v2_ciphers() CAMELLIA-256-CBC; do #--------------------------------------------------------------- -# Bug 452464 - pk12util -o fails when -C option specifies AES or +# Bug 452464 - pk12util -o fails when -C option specifies # Camellia ciphers # FIXME Restore these to the list -# AES-128-CBC, \ -# AES-192-CBC, \ -# AES-256-CBC, \ # CAMELLIA-128-CBC, \ # CAMELLIA-192-CBC, \ # CAMELLIA-256-CBC, \ @@ -287,7 +284,10 @@ tools_p12_export_list_import_all_pkcs5v2_ciphers() for cert_cipher in \ RC2-CBC \ DES-EDE3-CBC \ - null; do + AES-128-CBC \ + AES-192-CBC \ + AES-256-CBC \ + none; do export_list_import ${key_cipher} ${cert_cipher} done done @@ -324,8 +324,8 @@ tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() "${pkcs12v2pbeWithMd5AndDESCBC}" \ "${pkcs12v2pbeWithSha1AndDESCBC}" \ "DEFAULT"\ - "null"; do - export_list_import "${key_cipher}" "${key_cipher}" + "none"; do + export_list_import "${key_cipher}" "${cert_cipher}" done #done } @@ -333,35 +333,60 @@ tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() ######################################################################### # Export with no encryption on key should fail but on cert should pass ######################################################################### -tools_p12_export_with_null_ciphers() +tools_p12_export_with_none_ciphers() { - # use null as the key encryption algorithm default for the cert one + # use none as the key encryption algorithm default for the cert one # should fail echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" - echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c none" ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ -k ${R_PWFILE} -w ${R_PWFILE} \ - -c null 2>&1 + -c none 2>&1 ret=$? - html_msg $ret 30 "Exporting with [null:default] (pk12util -o)" + html_msg $ret 30 "Exporting with [none:default] (pk12util -o)" check_tmpfile - # use default as the key encryption algorithm null for the cert one + # use default as the key encryption algorithm none for the cert one # should pass echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" - echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C none" ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ -k ${R_PWFILE} -w ${R_PWFILE} \ - -C null 2>&1 + -C none 2>&1 ret=$? - html_msg $ret 0 "Exporting with [default:null] (pk12util -o)" + html_msg $ret 0 "Exporting with [default:none] (pk12util -o)" check_tmpfile } ######################################################################### +# Export with invalid cipher should fail +######################################################################### +tools_p12_export_with_invalid_ciphers() +{ + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c INVALID_CIPHER" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c INVALID_CIPHER 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [INVALID_CIPHER:default] (pk12util -o)" + check_tmpfile + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C INVALID_CIPHER" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -C INVALID_CIPHER 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [default:INVALID_CIPHER] (pk12util -o)" + check_tmpfile + +} + +######################################################################### # Exports using the default key and certificate encryption ciphers. # Imports from and lists the contents of the p12 file. # Repeats the test with ECC if enabled. @@ -407,7 +432,8 @@ tools_p12() tools_p12_export_list_import_all_pkcs5v2_ciphers tools_p12_export_list_import_all_pkcs5pbe_ciphers tools_p12_export_list_import_all_pkcs12v2pbe_ciphers - tools_p12_export_with_null_ciphers + tools_p12_export_with_none_ciphers + tools_p12_export_with_invalid_ciphers } ############################## tools_sign ############################## |