diff options
Diffstat (limited to 'bin/tests/system/pkcs11/setup.sh')
| -rw-r--r-- | bin/tests/system/pkcs11/setup.sh | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/bin/tests/system/pkcs11/setup.sh b/bin/tests/system/pkcs11/setup.sh index 274ccf6..8a5c62f 100644 --- a/bin/tests/system/pkcs11/setup.sh +++ b/bin/tests/system/pkcs11/setup.sh @@ -23,67 +23,67 @@ echo_i "Generating keys for Native PKCS#11" >&2 infile=ns1/example.db.in -printf '%s' "${HSMPIN:-1234}" > pin +printf '%s' "${HSMPIN:-1234}" >pin PWD=$(pwd) copy_setports ns1/named.conf.in ns1/named.conf get_random() { - dd if=/dev/urandom bs=1 count=2 2>/dev/null | od -tu2 -An + dd if=/dev/urandom bs=1 count=2 2>/dev/null | od -tu2 -An } genpkcs() ( - alg="$1" - bits="$2" - label="$3" - id="$(get_random)" + alg="$1" + bits="$2" + label="$3" + id="$(get_random)" - $PK11DEL -l "$label" -w0 >/dev/null || true - $PK11GEN -a "$alg" -b "$bits" -l "$label" -i "$id" >/dev/null + $PK11DEL -l "$label" -w0 >/dev/null || true + $PK11GEN -a "$alg" -b "$bits" -l "$label" -i "$id" >/dev/null ) keyfrlab() ( - alg="$1" - bits="$2" - label="$3" - zone="$4" - shift 4 + alg="$1" + bits="$2" + label="$3" + zone="$4" + shift 4 - $KEYFRLAB -a "$alg" -l "pkcs11:object=$label;pin-source=$PWD/pin" "$@" "$zone" + $KEYFRLAB -a "$alg" -l "pkcs11:object=$label;pin-source=$PWD/pin" "$@" "$zone" ) genzsk() ( - genpkcs "$@" - keyfrlab "$@" + genpkcs "$@" + keyfrlab "$@" ) genksk() ( - genpkcs "$@" - keyfrlab "$@" -f ksk + genpkcs "$@" + keyfrlab "$@" -f ksk ) algs= for algbits in rsasha256:2048 rsasha512:2048 ecdsap256sha256:256 ecdsap384sha384:384 ed25519:256 ed448:456; do - alg=$(echo "$algbits" | cut -f 1 -d :) - bits=$(echo "$algbits" | cut -f 2 -d :) - zone="$alg.example" - zonefile="ns1/$alg.example.db" - if $SHELL "$SYSTEMTESTTOP/testcrypto.sh" "$alg"; then - echo "$alg" >> supported - algs="$algs$alg " - - zsk1=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk1" "$zone") - zsk2=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk2" "$zone") - ksk1=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk1" "$zone") - ksk2=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk2" "$zone") - - cat "$infile" "$zsk1.key" "$ksk1.key" > "$zonefile" - $SIGNER -a -P -g -o "$zone" "$zonefile" > /dev/null - cp "$zsk2.key" "ns1/$alg.zsk" - cp "$ksk2.key" "ns1/$alg.ksk" - mv "K$alg"* ns1/ - - cat >> ns1/named.conf <<EOF + alg=$(echo "$algbits" | cut -f 1 -d :) + bits=$(echo "$algbits" | cut -f 2 -d :) + zone="$alg.example" + zonefile="ns1/$alg.example.db" + if $SHELL "$SYSTEMTESTTOP/testcrypto.sh" "$alg"; then + echo "$alg" >>supported + algs="$algs$alg " + + zsk1=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk1" "$zone") + zsk2=$(genzsk "$alg" "$bits" "pkcs11-$alg-zsk2" "$zone") + ksk1=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk1" "$zone") + ksk2=$(genksk "$alg" "$bits" "pkcs11-$alg-ksk2" "$zone") + + cat "$infile" "$zsk1.key" "$ksk1.key" >"$zonefile" + $SIGNER -a -P -g -o "$zone" "$zonefile" >/dev/null + cp "$zsk2.key" "ns1/$alg.zsk" + cp "$ksk2.key" "ns1/$alg.ksk" + mv "K$alg"* ns1/ + + cat >>ns1/named.conf <<EOF zone "$alg.example." { type primary; file "$alg.example.db.signed"; @@ -91,6 +91,6 @@ zone "$alg.example." { }; EOF - fi + fi done echo_i "Generated keys for Native PKCS#11: $algs" |