tests/ecdsa/ecdsa

   1 #!/bin/sh
   2
   3 # Copyright (C) 2011-2012 Free Software Foundation, Inc.
   4 #
   5 # Author: Nikos Mavrogiannopoulos
   6 #
   7 # This file is part of GnuTLS.
   8 #
   9 # GnuTLS is free software; you can redistribute it and/or modify it
  10 # under the terms of the GNU General Public License as published by the
  11 # Free Software Foundation; either version 3 of the License, or (at
  12 # your option) any later version.
  13 #
  14 # GnuTLS is distributed in the hope that it will be useful, but
  15 # WITHOUT ANY WARRANTY; without even the implied warranty of
  16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17 # General Public License for more details.
  18 #
  19 # You should have received a copy of the GNU General Public License
  20 # along with GnuTLS; if not, write to the Free Software Foundation,
  21 # Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  22
  23 #set -e
  24
  25 srcdir=${srcdir:-.}
  26 CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
  27
  28 echo ca > template
  29 echo cn = "ECDSA SHA 256 CA" >> template
  30
  31 $CERTTOOL --generate-privkey --ecc > key-ca-ecdsa.pem 2>/dev/null
  32
  33 $CERTTOOL -d 2 --generate-self-signed --template template \
  34     --load-privkey key-ca-ecdsa.pem \
  35     --outfile new-ca-ecdsa.pem \
  36     --hash sha256 >out 2>&1
  37
  38 if [ $? != 0 ];then
  39         cat out
  40         exit 1
  41 fi
  42
  43 echo ca > template
  44 $CERTTOOL --generate-privkey --ecc > key-subca-ecdsa.pem 2>/dev/null
  45 echo cn = "ECDSA SHA 224 Mid CA" >> template
  46
  47 $CERTTOOL -d 2 --generate-certificate --template template \
  48     --load-ca-privkey key-ca-ecdsa.pem \
  49     --load-ca-certificate new-ca-ecdsa.pem \
  50     --load-privkey key-subca-ecdsa.pem \
  51     --outfile new-subca-ecdsa.pem \
  52     --hash sha224 >out 2>&1
  53
  54 if [ $? != 0 ];then
  55         cat out
  56         exit 1
  57 fi
  58
  59 echo cn = "End-user" > template
  60
  61 $CERTTOOL --generate-privkey --ecc > key-ecdsa.pem 2>/dev/null
  62
  63 $CERTTOOL -d 2 --generate-certificate --template template \
  64     --load-ca-privkey key-subca-ecdsa.pem \
  65     --load-ca-certificate new-subca-ecdsa.pem \
  66     --load-privkey key-ecdsa.pem \
  67     --outfile new-user.pem >out 2>&1
  68
  69 if [ $? != 0 ];then
  70         cat out
  71         exit 1
  72 fi
  73
  74 cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out
  75 $CERTTOOL --verify-chain <out > verify
  76
  77 if [ $? != 0 ];then
  78         cat verify
  79         exit 1
  80 fi
  81
  82 rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out
  83 rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem
  84
  85 $CERTTOOL -k < ${srcdir}/bad-key.pem | grep "validation failed" >/dev/null 2>&1
  86 if [ $? != 0 ];then
  87         echo "certtool didn't detect a bad ECDSA key."
  88         exit 1
  89 fi
  90
  91 exit 0