summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/pkcs11/setup.sh
blob: 4fc5ec5b992e57fe1922f93eb6d57fb07e6bd362 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

infile=ns1/example.db.in

/bin/echo -n ${HSMPIN:-1234}> pin
PWD=`pwd`

zone=rsa.example
zonefile=ns1/rsa.example.db
have_rsa=`grep rsa supported`
if [ "x$have_rsa" != "x" ]; then
    $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk1 -i 01
    $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk2 -i 02
    $PK11GEN -a RSA -b 2048 -l robie-rsa-ksk

    rsazsk1=`$KEYFRLAB -a RSASHA1 \
            -l "object=robie-rsa-zsk1;pin-source=$PWD/pin" rsa.example`
    rsazsk2=`$KEYFRLAB -a RSASHA1 \
            -l "object=robie-rsa-zsk2;pin-source=$PWD/pin" rsa.example`
    rsaksk=`$KEYFRLAB -a RSASHA1 -f ksk \
            -l "object=robie-rsa-ksk;pin-source=$PWD/pin" rsa.example`

    cat $infile $rsazsk1.key $rsaksk.key > $zonefile
    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
            > /dev/null 2> signer.err || cat signer.err
    cp $rsazsk2.key ns1/rsa.key
    mv Krsa* ns1
else
    # RSA not available and will not be tested; make a placeholder
    cp $infile ${zonefile}.signed
fi

zone=ecc.example
zonefile=ns1/ecc.example.db
have_ecc=`grep ecc supported`
if [ "x$have_ecc" != "x" ]; then
    $PK11GEN -a ECC -b 256 -l robie-ecc-zsk1 -i 03
    $PK11GEN -a ECC -b 256 -l robie-ecc-zsk2 -i 04
    $PK11GEN -a ECC -b 384 -l robie-ecc-ksk

    ecczsk1=`$KEYFRLAB -a ECDSAP256SHA256 \
            -l "object=robie-ecc-zsk1;pin-source=$PWD/pin" ecc.example`
    ecczsk2=`$KEYFRLAB -a ECDSAP256SHA256 \
            -l "object=robie-ecc-zsk2;pin-source=$PWD/pin" ecc.example`
    eccksk=`$KEYFRLAB -a ECDSAP384SHA384 -f ksk \
            -l "object=robie-ecc-ksk;pin-source=$PWD/pin" ecc.example`

    cat $infile $ecczsk1.key $eccksk.key > $zonefile
    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
        > /dev/null 2> signer.err || cat signer.err
    cp $ecczsk2.key ns1/ecc.key
    mv Kecc* ns1
else
    # ECC not available and will not be tested; make a placeholder
    cp $infile ${zonefile}.signed
fi

zone=ecx.example
zonefile=ns1/ecx.example.db
have_ecx=`grep ecx supported`
if [ "x$have_ecx" != "x" ]; then
    $PK11GEN -a ECX -b 256 -l robie-ecx-zsk1 -i 05
    $PK11GEN -a ECX -b 256 -l robie-ecx-zsk2 -i 06
    $PK11GEN -a ECX -b 256 -l robie-ecx-ksk
#   $PK11GEN -a ECX -b 456 -l robie-ecx-ksk

    ecxzsk1=`$KEYFRLAB -a ED25519 \
            -l "object=robie-ecx-zsk1;pin-source=$PWD/pin" ecx.example`
    ecxzsk2=`$KEYFRLAB -a ED25519 \
            -l "object=robie-ecx-zsk2;pin-source=$PWD/pin" ecx.example`
    ecxksk=`$KEYFRLAB -a ED25519 -f ksk \
            -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`
#   ecxksk=`$KEYFRLAB -a ED448 -f ksk \
#           -l "object=robie-ecx-ksk;pin-source=$PWD/pin" ecx.example`

    cat $infile $ecxzsk1.key $ecxksk.key > $zonefile
    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
        > /dev/null 2> signer.err || cat signer.err
    cp $ecxzsk2.key ns1/ecx.key
    mv Kecx* ns1
else
    # ECX not available and will not be tested; make a placeholder
    cp $infile ${zonefile}.signed
fi

rm -f signer.err