diff options
Diffstat (limited to 'bin/tests/system/pkcs11/setup.sh')
-rw-r--r-- | bin/tests/system/pkcs11/setup.sh | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/bin/tests/system/pkcs11/setup.sh b/bin/tests/system/pkcs11/setup.sh new file mode 100644 index 0000000..274ccf6 --- /dev/null +++ b/bin/tests/system/pkcs11/setup.sh @@ -0,0 +1,96 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +SYSTEMTESTTOP=.. +# shellcheck source=conf.sh +. "$SYSTEMTESTTOP/conf.sh" + +set -u + +echo_i "Generating keys for Native PKCS#11" >&2 + +infile=ns1/example.db.in + +printf '%s' "${HSMPIN:-1234}" > pin +PWD=$(pwd) + +copy_setports ns1/named.conf.in ns1/named.conf + +get_random() { + dd if=/dev/urandom bs=1 count=2 2>/dev/null | od -tu2 -An +} + +genpkcs() ( + alg="$1" + bits="$2" + label="$3" + id="$(get_random)" + + $PK11DEL -l "$label" -w0 >/dev/null || true + $PK11GEN -a "$alg" -b "$bits" -l "$label" -i "$id" >/dev/null +) + +keyfrlab() ( + alg="$1" + bits="$2" + label="$3" + zone="$4" + shift 4 + + $KEYFRLAB -a "$alg" -l "pkcs11:object=$label;pin-source=$PWD/pin" "$@" "$zone" +) + +genzsk() ( + genpkcs "$@" + keyfrlab "$@" +) + +genksk() ( + genpkcs "$@" + keyfrlab "$@" -f ksk +) + +algs= +for algbits in rsasha256:2048 rsasha512:2048 ecdsap256sha256:256 ecdsap384sha384:384 ed25519:256 ed448:456; do + alg=$(echo "$algbits" | cut -f 1 -d :) + bits=$(echo "$algbits" | cut -f 2 -d :) + zone="$alg.example" + zonefile="ns1/$alg.example.db" + if $SHELL "$SYSTEMTESTTOP/testcrypto.sh" "$alg"; then + echo "$alg" >> supported + algs="$algs$alg " + + zsk1=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk1" "$zone") + zsk2=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk2" "$zone") + ksk1=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk1" "$zone") + ksk2=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk2" "$zone") + + cat "$infile" "$zsk1.key" "$ksk1.key" > "$zonefile" + $SIGNER -a -P -g -o "$zone" "$zonefile" > /dev/null + cp "$zsk2.key" "ns1/$alg.zsk" + cp "$ksk2.key" "ns1/$alg.ksk" + mv "K$alg"* ns1/ + + cat >> ns1/named.conf <<EOF +zone "$alg.example." { + type primary; + file "$alg.example.db.signed"; + allow-update { any; }; +}; + +EOF + fi +done +echo_i "Generated keys for Native PKCS#11: $algs" |