You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

139 lines
6.9 KiB

  1. #!/bin/sh
  2. PRINT_PASSED=2
  3. printf "Initializing tests ...\n"
  4. OPENSSL_PEM="$(mktemp)"
  5. OPENSSL_DER="$(mktemp)"
  6. NONCE=$(dd if=/dev/urandom bs=1 count=4 2>/dev/null | hexdump -e '1/1 "%02x"')
  7. SUBJECT="/C=ZZ/ST=Somewhere/L=None/O=OpenWrt'$NONCE'/CN=OpenWrt"
  8. openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
  9. -out "$OPENSSL_PEM" -subj "$SUBJECT" \
  10. || ( printf "error: generating PEM certificate with openssl"; return 1)
  11. openssl req -x509 -nodes -days 1 -keyout /dev/null 2>/dev/null \
  12. -out "$OPENSSL_DER" -outform der -subj "$SUBJECT" \
  13. || ( printf "error: generating DER certificate with openssl"; return 1)
  14. test() {
  15. eval "$1 >/dev/null "
  16. if [ $? -eq "$2" ]
  17. then
  18. [ "${PRINT_PASSED}" -gt 0 ] \
  19. && printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) passed."
  20. else
  21. printf "%-72s%-1s\n" "$1" ">/dev/null (-> $2?) failed!!!"
  22. [ "${PRINT_PASSED}" -gt 1 ] && exit 1
  23. fi
  24. }
  25. [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting openssl itself ...\n"
  26. [ "$PRINT_PASSED" -gt 1 ] && printf " * right PEM:\n"
  27. test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0 ' 0
  28. test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86300 ' 0
  29. test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 86400 ' 1
  30. [ "$PRINT_PASSED" -gt 1 ] && printf " * right DER:\n"
  31. test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0 -inform der ' 0
  32. test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86300 -inform der ' 0
  33. test 'cat "$OPENSSL_DER" | openssl x509 -checkend 86400 -inform der ' 1
  34. [ "$PRINT_PASSED" -gt 1 ] && printf " * wrong:\n"
  35. test 'cat "$OPENSSL_PEM" | openssl x509 -checkend 0 -inform der 2>/dev/null' 1
  36. test 'cat "$OPENSSL_DER" | openssl x509 -checkend 0 2>/dev/null' 1
  37. [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g checkend ...\n"
  38. [ "$PRINT_PASSED" -gt 1 ] && printf " * right PEM:\n"
  39. test 'cat "$OPENSSL_PEM" | ./px5g checkend 0 ' 0
  40. test 'cat "$OPENSSL_PEM" | ./px5g checkend 86300 ' 0
  41. test 'cat "$OPENSSL_PEM" | ./px5g checkend 86400 ' 1
  42. [ "$PRINT_PASSED" -gt 1 ] && printf " * right DER:\n"
  43. test 'cat "$OPENSSL_DER" | ./px5g checkend -der 0 ' 0
  44. test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86300 ' 0
  45. test 'cat "$OPENSSL_DER" | ./px5g checkend -der 86400 ' 1
  46. [ "$PRINT_PASSED" -gt 1 ] && printf " * in option:\n"
  47. test 'cat "$OPENSSL_DER" | ./px5g checkend -in /proc/self/fd/0 -der 0 ' 0
  48. test 'cat "$OPENSSL_DER" | ./px5g checkend -der -in /proc/self/fd/0 99 ' 0
  49. [ "$PRINT_PASSED" -gt 1 ] && printf " * wrong:\n"
  50. test 'cat "$OPENSSL_PEM" | ./px5g checkend -der 0 2>/dev/null' 1
  51. test 'cat "$OPENSSL_DER" | ./px5g checkend 0 2>/dev/null' 1
  52. [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g eckey ...\n"
  53. [ "$PRINT_PASSED" -gt 1 ] && printf " * standard curves:\n"
  54. test './px5g eckey P-256 | openssl ec -check 2>/dev/null' 0
  55. test './px5g eckey P-384 | openssl ec -check 2>/dev/null' 0
  56. test './px5g eckey secp384r1 | openssl ec -check 2>/dev/null' 0
  57. test './px5g eckey secp256r1 | openssl ec -check 2>/dev/null' 0
  58. test './px5g eckey secp256k1 | openssl ec -check 2>/dev/null' 0
  59. [ "$PRINT_PASSED" -gt 1 ] && printf " * more curves:\n"
  60. test './px5g eckey P-521 | openssl ec -check 2>/dev/null' 0
  61. test './px5g eckey secp521r1 | openssl ec -check 2>/dev/null' 0
  62. test './px5g eckey secp224r1 | openssl ec -check 2>/dev/null' 0
  63. test './px5g eckey secp224k1 | openssl ec -check 2>/dev/null' 0
  64. test './px5g eckey secp192r1 | openssl ec -check 2>/dev/null' 0
  65. test './px5g eckey secp192k1 | openssl ec -check 2>/dev/null' 0
  66. test './px5g eckey brainpoolP512r1 | openssl ec -check 2>/dev/null' 0
  67. test './px5g eckey brainpoolP384r1 | openssl ec -check 2>/dev/null' 0
  68. test './px5g eckey brainpoolP256r1 | openssl ec -check 2>/dev/null' 0
  69. [ "$PRINT_PASSED" -gt 1 ] && printf " * other options:\n"
  70. test './px5g eckey -out /proc/self/fd/1 | openssl ec -check 2>/dev/null' 0
  71. test './px5g eckey -der | openssl ec -check -inform der 2>/dev/null' 0
  72. [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g rsakey ...\n"
  73. [ "$PRINT_PASSED" -gt 1 ] && printf " * standard exponent:\n"
  74. test './px5g rsakey | openssl rsa -check 2>/dev/null' 0
  75. test './px5g rsakey 512 | openssl rsa -check 2>/dev/null' 0
  76. test './px5g rsakey 1024 | openssl rsa -check 2>/dev/null' 0
  77. test './px5g rsakey 2048 | openssl rsa -check 2>/dev/null' 0
  78. test './px5g rsakey 4096 | openssl rsa -check 2>/dev/null' 0
  79. test './px5g rsakey 1111 | openssl rsa -check 2>/dev/null' 0
  80. test './px5g rsakey 0 2>/dev/null' 1
  81. [ "$PRINT_PASSED" -gt 1 ] && printf " * small exponent:\n"
  82. test './px5g rsakey -3 | openssl rsa -check 2>/dev/null' 0
  83. test './px5g rsakey -3 512 | openssl rsa -check 2>/dev/null' 0
  84. test './px5g rsakey -3 1024 | openssl rsa -check 2>/dev/null' 0
  85. test './px5g rsakey -3 2048 | openssl rsa -check 2>/dev/null' 0
  86. test './px5g rsakey -3 4096 | openssl rsa -check 2>/dev/null' 0
  87. test './px5g rsakey -3 1111 | openssl rsa -check 2>/dev/null' 0
  88. test './px5g rsakey -3 0 2>/dev/null' 1
  89. [ "$PRINT_PASSED" -gt 1 ] && printf " * other options:\n"
  90. test './px5g rsakey -out /proc/self/fd/1 | openssl rsa -check 2>/dev/null' 0
  91. test './px5g rsakey -der | openssl rsa -check -inform der 2>/dev/null' 0
  92. [ "$PRINT_PASSED" -gt 0 ] && printf "\nTesting px5g selfsigned ...\n"
  93. test './px5g selfsigned -der | openssl x509 -checkend 0 -inform der ' 0
  94. test './px5g selfsigned -days 1 | openssl x509 -checkend 0 ' 0
  95. test './px5g selfsigned -days 1 | openssl x509 -checkend 86300' 0
  96. test './px5g selfsigned -days 1 | openssl x509 -checkend 86400' 1
  97. test './px5g selfsigned -out /proc/self/fd/1 | openssl x509 -checkend 0 ' 0
  98. test './px5g selfsigned -newkey rsa:666 | openssl x509 -checkend 0 ' 0
  99. test './px5g selfsigned -newkey ec | openssl x509 -checkend 0 ' 0
  100. test './px5g selfsigned -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 \
  101. | openssl x509 -checkend 0 ' 0
  102. test './px5g selfsigned -subj "$SUBJECT" | openssl x509 -noout \
  103. -subject -nameopt compat | grep -q subject="$SUBJECT" 2>/dev/null' 0
  104. test './px5g selfsigned -out /dev/null -keyout /proc/self/fd/1 \
  105. | openssl rsa -check 2>/dev/null ' 0
  106. rm "$OPENSSL_PEM" "$OPENSSL_DER"