blob: 486b9ae98df161cbc627bf1d83a4f42fa87e8c46 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/bin/sh
PRINT_PASSED=2
printf "Initializing tests ...\n"
OPENSSL_PEM="$(mktemp)"
OPENSSL_DER="$(mktemp)"
NONCE=$(dd if=/dev/urandom bs=1 count=4 2>/dev/null | hexdump -e '1/1 "%02x"')
SUBJECT="/C=ZZ/ST=Somewhere/L=None/O=OpenWrt'$NONCE'/CN=OpenWrt"
openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
-out "$OPENSSL_PEM" -subj "$SUBJECT" \
|| ( printf "error: generating PEM certificate with openssl"; return 1)
openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
-out "$OPENSSL_DER" -outform der -subj "$SUBJECT" \
|| ( printf "error: generating DER certificate with openssl"; return 1)
test() {
eval "$1 >/dev/null "
if [ $? -eq "$2" ]
then
[ "${PRINT_PASSED}" -gt 0 ] \
&& printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) passed."
else
printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) failed!!!"
[ "${PRINT_PASSED}" -gt 1 ] && exit 1
fi
}
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting openssl itself ...\n"
[ "$PRINT_PASSED" -gt 1 ] && printf " * right PEM:\n"
test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0 ' 0
test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86300 ' 0
test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86400 ' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * right DER:\n"
test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0 -inform der ' 0
test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86300 -inform der ' 0
test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86400 -inform der ' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * wrong:\n"
test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0 -inform der 2>/dev/null' 1
test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0 2>/dev/null' 1
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g checkend ...\n"
[ "$PRINT_PASSED" -gt 1 ] && printf " * right PEM:\n"
test 'cat "$OPENSSL_PEM" | ./px5g checkend 0 ' 0
test 'cat "$OPENSSL_PEM" | ./px5g checkend 86300 ' 0
test 'cat "$OPENSSL_PEM" | ./px5g checkend 86400 ' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * right DER:\n"
test 'cat "$OPENSSL_DER" | ./px5g checkend -der 0 ' 0
test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86300 ' 0
test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86400 ' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * in option:\n"
test 'cat "$OPENSSL_DER" | ./px5g checkend -in /proc/self/fd/0 -der 0 ' 0
test 'cat "$OPENSSL_DER" | ./px5g checkend -der -in /proc/self/fd/0 99 ' 0
[ "$PRINT_PASSED" -gt 1 ] && printf " * wrong:\n"
test 'cat "$OPENSSL_PEM" | ./px5g checkend -der 0 2>/dev/null' 1
test 'cat "$OPENSSL_DER" | ./px5g checkend 0 2>/dev/null' 1
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g eckey ...\n"
[ "$PRINT_PASSED" -gt 1 ] && printf " * standard curves:\n"
test './px5g eckey P-256 | openssl ec -check 2>/dev/null' 0
test './px5g eckey P-384 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp384r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp256r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp256k1 | openssl ec -check 2>/dev/null' 0
[ "$PRINT_PASSED" -gt 1 ] && printf " * more curves:\n"
test './px5g eckey P-521 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp521r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp224r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp224k1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp192r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey secp192k1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey brainpoolP512r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey brainpoolP384r1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey brainpoolP256r1 | openssl ec -check 2>/dev/null' 0
[ "$PRINT_PASSED" -gt 1 ] && printf " * other options:\n"
test './px5g eckey -out /proc/self/fd/1 | openssl ec -check 2>/dev/null' 0
test './px5g eckey -der | openssl ec -check -inform der 2>/dev/null' 0
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g rsakey ...\n"
[ "$PRINT_PASSED" -gt 1 ] && printf " * standard exponent:\n"
test './px5g rsakey | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 512 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 1024 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 2048 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 4096 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 1111 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey 0 2>/dev/null' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * small exponent:\n"
test './px5g rsakey -3 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 512 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 1024 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 2048 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 4096 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 1111 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -3 0 2>/dev/null' 1
[ "$PRINT_PASSED" -gt 1 ] && printf " * other options:\n"
test './px5g rsakey -out /proc/self/fd/1 | openssl rsa -check 2>/dev/null' 0
test './px5g rsakey -der | openssl rsa -check -inform der 2>/dev/null' 0
[ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g selfsigned ...\n"
test './px5g selfsigned -der | openssl x509 -checkend 0 -inform der ' 0
test './px5g selfsigned -days 1 | openssl x509 -checkend 0 ' 0
test './px5g selfsigned -days 1 | openssl x509 -checkend 86300' 0
test './px5g selfsigned -days 1 | openssl x509 -checkend 86400' 1
test './px5g selfsigned -out /proc/self/fd/1 | openssl x509 -checkend 0 ' 0
test './px5g selfsigned -newkey rsa:666 | openssl x509 -checkend 0 ' 0
test './px5g selfsigned -newkey ec | openssl x509 -checkend 0 ' 0
test './px5g selfsigned -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 \
| openssl x509 -checkend 0 ' 0
test './px5g selfsigned -subj "$SUBJECT" | openssl x509 -noout \
-subject -nameopt compat | grep -q subject="$SUBJECT" 2>/dev/null' 0
test './px5g selfsigned -out /dev/null -keyout /proc/self/fd/1 \
| openssl rsa -check 2>/dev/null ' 0
rm "$OPENSSL_PEM" "$OPENSSL_DER"
|