diff options
Diffstat (limited to 'security/nss/tests/tools')
| -rw-r--r-- | security/nss/tests/tools/TestOldAES128CA.p12 | bin | 0 -> 2628 bytes | |||
| -rw-r--r-- | security/nss/tests/tools/TestOldCA.p12 | bin | 0 -> 2588 bytes | |||
| -rw-r--r-- | security/nss/tests/tools/tools.sh | 152 |
3 files changed, 104 insertions, 48 deletions
diff --git a/security/nss/tests/tools/TestOldAES128CA.p12 b/security/nss/tests/tools/TestOldAES128CA.p12 Binary files differnew file mode 100644 index 000000000..a05be8bde --- /dev/null +++ b/security/nss/tests/tools/TestOldAES128CA.p12 diff --git a/security/nss/tests/tools/TestOldCA.p12 b/security/nss/tests/tools/TestOldCA.p12 Binary files differnew file mode 100644 index 000000000..40d5671b9 --- /dev/null +++ b/security/nss/tests/tools/TestOldCA.p12 diff --git a/security/nss/tests/tools/tools.sh b/security/nss/tests/tools/tools.sh index 26abf3e4e..11be23e05 100644 --- a/security/nss/tests/tools/tools.sh +++ b/security/nss/tests/tools/tools.sh @@ -29,7 +29,7 @@ "PKCS #12 V2 PBE With SHA-1 and 40 Bit RC4" export pkcs12v2pbeWithSha1AndTripleDESCBC=\ -"PKCS #12 V2 PBE With SHA-1 and Triple DES-CBC" +"PKCS #12 V2 PBE With SHA-1 and 3KEY Triple DES-CBC" export pkcs12v2pbeWithSha1And128BitRc2Cbc=\ "PKCS #12 V2 PBE With SHA-1 and 128 Bit RC2 CBC" @@ -76,11 +76,7 @@ tools_init() fi SCRIPTNAME=tools.sh - if [ -z "$NSS_DISABLE_ECC" ] ; then - html_head "Tools Tests with ECC" - else - html_head "Tools Tests" - fi + html_head "Tools Tests" grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || { Exit 15 "Fatal - S/MIME of cert.sh needs to pass first" @@ -106,6 +102,9 @@ tools_init() cp ${ALICEDIR}/* ${SIGNDIR}/ mkdir -p ${TOOLSDIR}/html cp ${QADIR}/tools/sign*.html ${TOOLSDIR}/html + mkdir -p ${TOOLSDIR}/data + cp ${QADIR}/tools/TestOldCA.p12 ${TOOLSDIR}/data + cp ${QADIR}/tools/TestOldAES128CA.p12 ${TOOLSDIR}/data cd ${TOOLSDIR} } @@ -249,7 +248,7 @@ tools_p12_export_list_import_all_pkcs5pbe_ciphers() "${pkcs5pbeWithMD5AndDEScbc}" \ "${pkcs5pbeWithSha1AndDEScbc}" \ "DEFAULT"\ - "null"; do + "none"; do export_list_import "${key_cipher}" "${cert_cipher}" done done @@ -273,12 +272,9 @@ tools_p12_export_list_import_all_pkcs5v2_ciphers() CAMELLIA-256-CBC; do #--------------------------------------------------------------- -# Bug 452464 - pk12util -o fails when -C option specifies AES or +# Bug 452464 - pk12util -o fails when -C option specifies # Camellia ciphers # FIXME Restore these to the list -# AES-128-CBC, \ -# AES-192-CBC, \ -# AES-256-CBC, \ # CAMELLIA-128-CBC, \ # CAMELLIA-192-CBC, \ # CAMELLIA-256-CBC, \ @@ -287,7 +283,10 @@ tools_p12_export_list_import_all_pkcs5v2_ciphers() for cert_cipher in \ RC2-CBC \ DES-EDE3-CBC \ - null; do + AES-128-CBC \ + AES-192-CBC \ + AES-256-CBC \ + none; do export_list_import ${key_cipher} ${cert_cipher} done done @@ -324,8 +323,8 @@ tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() "${pkcs12v2pbeWithMd5AndDESCBC}" \ "${pkcs12v2pbeWithSha1AndDESCBC}" \ "DEFAULT"\ - "null"; do - export_list_import "${key_cipher}" "${key_cipher}" + "none"; do + export_list_import "${key_cipher}" "${cert_cipher}" done #done } @@ -333,35 +332,60 @@ tools_p12_export_list_import_all_pkcs12v2pbe_ciphers() ######################################################################### # Export with no encryption on key should fail but on cert should pass ######################################################################### -tools_p12_export_with_null_ciphers() +tools_p12_export_with_none_ciphers() { - # use null as the key encryption algorithm default for the cert one + # use none as the key encryption algorithm default for the cert one # should fail echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" - echo " -k ${R_PWFILE} -w ${R_PWFILE} -c null" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c none" ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ -k ${R_PWFILE} -w ${R_PWFILE} \ - -c null 2>&1 + -c none 2>&1 ret=$? - html_msg $ret 30 "Exporting with [null:default] (pk12util -o)" + html_msg $ret 30 "Exporting with [none:default] (pk12util -o)" check_tmpfile - # use default as the key encryption algorithm null for the cert one + # use default as the key encryption algorithm none for the cert one # should pass echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" - echo " -k ${R_PWFILE} -w ${R_PWFILE} -C null" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C none" ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ -k ${R_PWFILE} -w ${R_PWFILE} \ - -C null 2>&1 + -C none 2>&1 ret=$? - html_msg $ret 0 "Exporting with [default:null] (pk12util -o)" + html_msg $ret 0 "Exporting with [default:none] (pk12util -o)" check_tmpfile } ######################################################################### +# Export with invalid cipher should fail +######################################################################### +tools_p12_export_with_invalid_ciphers() +{ + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -c INVALID_CIPHER" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -c INVALID_CIPHER 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [INVALID_CIPHER:default] (pk12util -o)" + check_tmpfile + + echo "pk12util -o Alice.p12 -n \"Alice\" -d ${P_R_ALICEDIR} \\" + echo " -k ${R_PWFILE} -w ${R_PWFILE} -C INVALID_CIPHER" + ${BINDIR}/pk12util -o Alice.p12 -n Alice -d ${P_R_ALICEDIR} \ + -k ${R_PWFILE} -w ${R_PWFILE} \ + -C INVALID_CIPHER 2>&1 + ret=$? + html_msg $ret 30 "Exporting with [default:INVALID_CIPHER] (pk12util -o)" + check_tmpfile + +} + +######################################################################### # Exports using the default key and certificate encryption ciphers. # Imports from and lists the contents of the p12 file. # Repeats the test with ECC if enabled. @@ -372,30 +396,44 @@ tools_p12_export_list_import_with_default_ciphers() export_list_import "DEFAULT" "DEFAULT" - if [ -z "$NSS_DISABLE_ECC" ] ; then - echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" - echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" - echo " -w ${R_PWFILE}" - ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ - -w ${R_PWFILE} 2>&1 - ret=$? - html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)" - check_tmpfile - - echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------" - echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" - ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 - ret=$? - html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)" - check_tmpfile - - echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------" - echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}" - ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1 - ret=$? - html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" - check_tmpfile - fi + echo "$SCRIPTNAME: Exporting Alice's email EC cert & key---------------" + echo "pk12util -o Alice-ec.p12 -n \"Alice-ec\" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \\" + echo " -w ${R_PWFILE}" + ${BINDIR}/pk12util -o Alice-ec.p12 -n "Alice-ec" -d ${P_R_ALICEDIR} -k ${R_PWFILE} \ + -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Exporting Alice's email EC cert & key (pk12util -o)" + check_tmpfile + + echo "$SCRIPTNAME: Importing Alice's email EC cert & key --------------" + echo "pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + ${BINDIR}/pk12util -i Alice-ec.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Importing Alice's email EC cert & key (pk12util -i)" + check_tmpfile + + echo "$SCRIPTNAME: Listing Alice's pk12 EC file -----------------" + echo "pk12util -l Alice-ec.p12 -w ${R_PWFILE}" + ${BINDIR}/pk12util -l Alice-ec.p12 -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Listing Alice's pk12 EC file (pk12util -l)" + check_tmpfile +} + +tools_p12_import_old_files() +{ + echo "$SCRIPTNAME: Importing PKCS#12 files created with older NSS --------------" + echo "pk12util -i TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldCA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Importing PKCS#12 file created with NSS 3.21 (PBES2 with BMPString password)" + check_tmpfile + + echo "pk12util -i TestOldAES128CA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE}" + ${BINDIR}/pk12util -i ${TOOLSDIR}/data/TestOldAES128CA.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -w ${R_PWFILE} 2>&1 + ret=$? + html_msg $ret 0 "Importing PKCS#12 file created with NSS 3.29.5 (PBES2 with incorrect AES-128-CBC algorithm ID)" + check_tmpfile } ############################## tools_p12 ############################### @@ -407,7 +445,9 @@ tools_p12() tools_p12_export_list_import_all_pkcs5v2_ciphers tools_p12_export_list_import_all_pkcs5pbe_ciphers tools_p12_export_list_import_all_pkcs12v2pbe_ciphers - tools_p12_export_with_null_ciphers + tools_p12_export_with_none_ciphers + tools_p12_export_with_invalid_ciphers + tools_p12_import_old_files } ############################## tools_sign ############################## @@ -477,6 +517,21 @@ SIGNSCRIPT } +tools_modutil() +{ + echo "$SCRIPTNAME: Test if DB created by modutil -create is initialized" + mkdir -p ${R_TOOLSDIR}/moddir + # copied from modu function in cert.sh + # echo is used to press Enter expected by modutil + echo | ${BINDIR}/modutil -create -dbdir "${R_TOOLSDIR}/moddir" 2>&1 + ret=$? + ${BINDIR}/certutil -S -s 'CN=TestUser' -d "${TOOLSDIR}/moddir" -n TestUser \ + -x -t ',,' -z "${R_NOISE_FILE}" + ret=$? + html_msg $ret 0 "Test if DB created by modutil -create is initialized" + check_tmpfile +} + ############################## tools_cleanup ########################### # local shell function to finish this script (no exit since it might be # sourced) @@ -493,6 +548,7 @@ tools_cleanup() tools_init tools_p12 tools_sign +tools_modutil tools_cleanup |