xref: /minix3/external/bsd/bind/dist/bin/tests/system/pkcs11/setup.sh (revision 00b67f09dd46474d133c95011a48590a8e8f94c7) 
1*00b67f09SDavid van Moolenbroek#!/bin/sh
2*00b67f09SDavid van Moolenbroek#
3*00b67f09SDavid van Moolenbroek# Copyright (C) 2010, 2012-2014  Internet Systems Consortium, Inc. ("ISC")
4*00b67f09SDavid van Moolenbroek#
5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any
6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above
7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies.
8*00b67f09SDavid van Moolenbroek#
9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11*00b67f09SDavid van Moolenbroek# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE.
16*00b67f09SDavid van Moolenbroek
17*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=..
18*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh
19*00b67f09SDavid van Moolenbroek
20*00b67f09SDavid van Moolenbroekinfile=ns1/example.db.in
21*00b67f09SDavid van Moolenbroek
22*00b67f09SDavid van Moolenbroek/bin/echo -n ${HSMPIN:-1234}> pin
23*00b67f09SDavid van MoolenbroekPWD=`pwd`
24*00b67f09SDavid van Moolenbroek
25*00b67f09SDavid van Moolenbroeksupported=`cat supported`
26*00b67f09SDavid van Moolenbroek
27*00b67f09SDavid van Moolenbroekzone=rsa.example
28*00b67f09SDavid van Moolenbroekzonefile=ns1/rsa.example.db
29*00b67f09SDavid van Moolenbroekif [ "$supported" != "ecconly" ]; then
30*00b67f09SDavid van Moolenbroek    $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk1 -i 01
31*00b67f09SDavid van Moolenbroek    $PK11GEN -a RSA -b 1024 -l robie-rsa-zsk2 -i 02
32*00b67f09SDavid van Moolenbroek    $PK11GEN -a RSA -b 2048 -l robie-rsa-ksk
33*00b67f09SDavid van Moolenbroek
34*00b67f09SDavid van Moolenbroek    rsazsk1=`$KEYFRLAB -a RSASHA1 \
35*00b67f09SDavid van Moolenbroek            -l "object=robie-rsa-zsk1;pin-source=$PWD/pin" rsa.example`
36*00b67f09SDavid van Moolenbroek    rsazsk2=`$KEYFRLAB -a RSASHA1 \
37*00b67f09SDavid van Moolenbroek            -l "object=robie-rsa-zsk2;pin-source=$PWD/pin" rsa.example`
38*00b67f09SDavid van Moolenbroek    rsaksk=`$KEYFRLAB -a RSASHA1 -f ksk \
39*00b67f09SDavid van Moolenbroek            -l "object=robie-rsa-ksk;pin-source=$PWD/pin" rsa.example`
40*00b67f09SDavid van Moolenbroek
41*00b67f09SDavid van Moolenbroek    cat $infile $rsazsk1.key $rsaksk.key > $zonefile
42*00b67f09SDavid van Moolenbroek    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
43*00b67f09SDavid van Moolenbroek            > /dev/null 2> signer.err || cat signer.err
44*00b67f09SDavid van Moolenbroek    cp $rsazsk2.key ns1/rsa.key
45*00b67f09SDavid van Moolenbroek    mv Krsa* ns1
46*00b67f09SDavid van Moolenbroekelse
47*00b67f09SDavid van Moolenbroek    # RSA not available and will not be tested; make a placeholder
48*00b67f09SDavid van Moolenbroek    cp $infile ${zonefile}.signed
49*00b67f09SDavid van Moolenbroekfi
50*00b67f09SDavid van Moolenbroek
51*00b67f09SDavid van Moolenbroekzone=ecc.example
52*00b67f09SDavid van Moolenbroekzonefile=ns1/ecc.example.db
53*00b67f09SDavid van Moolenbroekif [ "$supported" != "rsaonly" ]; then
54*00b67f09SDavid van Moolenbroek    $PK11GEN -a ECC -b 256 -l robie-ecc-zsk1 -i 03
55*00b67f09SDavid van Moolenbroek    $PK11GEN -a ECC -b 256 -l robie-ecc-zsk2 -i 04
56*00b67f09SDavid van Moolenbroek    $PK11GEN -a ECC -b 384 -l robie-ecc-ksk
57*00b67f09SDavid van Moolenbroek
58*00b67f09SDavid van Moolenbroek    ecczsk1=`$KEYFRLAB -a ECDSAP256SHA256 \
59*00b67f09SDavid van Moolenbroek            -l "object=robie-ecc-zsk1;pin-source=$PWD/pin" ecc.example`
60*00b67f09SDavid van Moolenbroek    ecczsk2=`$KEYFRLAB -a ECDSAP256SHA256 \
61*00b67f09SDavid van Moolenbroek            -l "object=robie-ecc-zsk2;pin-source=$PWD/pin" ecc.example`
62*00b67f09SDavid van Moolenbroek    eccksk=`$KEYFRLAB -a ECDSAP384SHA384 -f ksk \
63*00b67f09SDavid van Moolenbroek            -l "object=robie-ecc-ksk;pin-source=$PWD/pin" ecc.example`
64*00b67f09SDavid van Moolenbroek
65*00b67f09SDavid van Moolenbroek    cat $infile $ecczsk1.key $eccksk.key > $zonefile
66*00b67f09SDavid van Moolenbroek    $SIGNER -a -P -g -r $RANDFILE -o $zone $zonefile \
67*00b67f09SDavid van Moolenbroek        > /dev/null 2> signer.err || cat signer.err
68*00b67f09SDavid van Moolenbroek    cp $ecczsk2.key ns1/ecc.key
69*00b67f09SDavid van Moolenbroek    mv Kecc* ns1
70*00b67f09SDavid van Moolenbroekelse
71*00b67f09SDavid van Moolenbroek    # ECC not available and will not be tested; make a placeholder
72*00b67f09SDavid van Moolenbroek    cp $infile ${zonefile}.signed
73*00b67f09SDavid van Moolenbroekfi
74*00b67f09SDavid van Moolenbroek
75*00b67f09SDavid van Moolenbroekrm -f signer.err
76