]>
Commit | Line | Data |
---|---|---|
7d7e640e DSH |
1 | # test/cms-test.pl |
2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 | # project. | |
4 | # | |
5 | # ==================================================================== | |
c24e2f18 | 6 | # Copyright (c) 2008-2018 The OpenSSL Project. All rights reserved. |
7d7e640e DSH |
7 | # |
8 | # Redistribution and use in source and binary forms, with or without | |
9 | # modification, are permitted provided that the following conditions | |
10 | # are met: | |
11 | # | |
12 | # 1. Redistributions of source code must retain the above copyright | |
13 | # notice, this list of conditions and the following disclaimer. | |
14 | # | |
15 | # 2. Redistributions in binary form must reproduce the above copyright | |
16 | # notice, this list of conditions and the following disclaimer in | |
17 | # the documentation and/or other materials provided with the | |
18 | # distribution. | |
19 | # | |
20 | # 3. All advertising materials mentioning features or use of this | |
21 | # software must display the following acknowledgment: | |
22 | # "This product includes software developed by the OpenSSL Project | |
23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | # | |
25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | # endorse or promote products derived from this software without | |
27 | # prior written permission. For written permission, please contact | |
28 | # licensing@OpenSSL.org. | |
29 | # | |
30 | # 5. Products derived from this software may not be called "OpenSSL" | |
31 | # nor may "OpenSSL" appear in their names without prior written | |
32 | # permission of the OpenSSL Project. | |
33 | # | |
34 | # 6. Redistributions of any form whatsoever must retain the following | |
35 | # acknowledgment: | |
36 | # "This product includes software developed by the OpenSSL Project | |
37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | # | |
39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | # ==================================================================== | |
52 | ||
53 | # CMS, PKCS7 consistency test script. Run extensive tests on | |
54 | # OpenSSL PKCS#7 and CMS implementations. | |
55 | ||
f5cbf8fb | 56 | my $ossl_path; |
bf5adc9b RL |
57 | my $redir = " 2> cms.err > cms.out"; |
58 | # Make VMS work | |
01d2e27a RL |
59 | if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { |
60 | $ossl_path = "pipe mcr OSSLX:openssl"; | |
ca422f35 | 61 | $null_path = "NL:"; |
1d5668c2 RL |
62 | # On VMS, the lowest 3 bits of the exit code indicates severity |
63 | # 1 is success (perl translates it to 0 for $?), 2 is error | |
64 | # (perl doesn't translate it) | |
65 | $failure_code = 512; # 2 << 8 = 512 | |
bf5adc9b | 66 | } |
369b0abd | 67 | # Make MSYS work |
bf5adc9b | 68 | elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { |
369b0abd | 69 | $ossl_path = "cmd /c ..\\apps\\openssl"; |
79e02857 | 70 | $null_path = "NUL"; |
1d5668c2 | 71 | $failure_code = 256; |
d497b536 | 72 | } |
369b0abd | 73 | elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { |
f5cbf8fb | 74 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; |
ca422f35 | 75 | $null_path = "/dev/null"; |
1d5668c2 | 76 | $failure_code = 256; |
f5cbf8fb DSH |
77 | } |
78 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | |
79 | $ossl_path = "..\\out32dll\\openssl.exe"; | |
79e02857 | 80 | $null_path = "NUL"; |
1d5668c2 | 81 | $failure_code = 256; |
f5cbf8fb DSH |
82 | } |
83 | elsif ( -f "..\\out32\\openssl.exe" ) { | |
84 | $ossl_path = "..\\out32\\openssl.exe"; | |
79e02857 | 85 | $null_path = "NUL"; |
1d5668c2 | 86 | $failure_code = 256; |
f5cbf8fb DSH |
87 | } |
88 | else { | |
89 | die "Can't find OpenSSL executable"; | |
90 | } | |
91 | ||
92 | my $pk7cmd = "$ossl_path smime "; | |
93 | my $cmscmd = "$ossl_path cms "; | |
94 | my $smdir = "smime-certs"; | |
95 | my $halt_err = 1; | |
7d7e640e DSH |
96 | |
97 | my $badcmd = 0; | |
2fc368c1 | 98 | my $no_ec; |
5a4a9499 | 99 | my $no_ec2m; |
a38ae11c | 100 | my $no_ecdh; |
2e86f0d8 | 101 | my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; |
7d7e640e | 102 | |
ad251083 RL |
103 | system ("$ossl_path no-cms > $null_path"); |
104 | if ($? == 0) | |
105 | { | |
106 | print STDERR "CMS disabled. skipping...\n"; | |
107 | exit 0; | |
108 | } | |
109 | ||
ca422f35 | 110 | system ("$ossl_path no-ec > $null_path"); |
2fc368c1 DSH |
111 | if ($? == 0) |
112 | { | |
113 | $no_ec = 1; | |
114 | } | |
1d5668c2 | 115 | elsif ($? == $failure_code) |
2fc368c1 DSH |
116 | { |
117 | $no_ec = 0; | |
118 | } | |
119 | else | |
120 | { | |
121 | die "Error checking for EC support\n"; | |
122 | } | |
5a4a9499 | 123 | |
cfb5d6c1 | 124 | system ("$ossl_path no-ec2m > $null_path"); |
5a4a9499 MC |
125 | if ($? == 0) |
126 | { | |
127 | $no_ec2m = 1; | |
128 | } | |
1d5668c2 | 129 | elsif ($? == $failure_code) |
5a4a9499 MC |
130 | { |
131 | $no_ec2m = 0; | |
132 | } | |
133 | else | |
134 | { | |
135 | die "Error checking for EC2M support\n"; | |
136 | } | |
a38ae11c | 137 | |
784f155e | 138 | system ("$ossl_path no-ec > $null_path"); |
a38ae11c MC |
139 | if ($? == 0) |
140 | { | |
141 | $no_ecdh = 1; | |
142 | } | |
1d5668c2 | 143 | elsif ($? == $failure_code) |
a38ae11c MC |
144 | { |
145 | $no_ecdh = 0; | |
146 | } | |
147 | else | |
148 | { | |
149 | die "Error checking for ECDH support\n"; | |
150 | } | |
5a4a9499 | 151 | |
7d7e640e DSH |
152 | my @smime_pkcs7_tests = ( |
153 | ||
154 | [ | |
155 | "signed content DER format, RSA key", | |
bf5adc9b | 156 | "-sign -in smcont.txt -outform \"DER\" -nodetach" |
e6ef05d5 | 157 | . " -certfile $smdir/smroot.pem" |
7d7e640e | 158 | . " -signer $smdir/smrsa1.pem -out test.cms", |
bf5adc9b RL |
159 | "-verify -in test.cms -inform \"DER\" " |
160 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
161 | ], |
162 | ||
163 | [ | |
164 | "signed detached content DER format, RSA key", | |
bf5adc9b | 165 | "-sign -in smcont.txt -outform \"DER\"" |
7d7e640e | 166 | . " -signer $smdir/smrsa1.pem -out test.cms", |
bf5adc9b RL |
167 | "-verify -in test.cms -inform \"DER\" " |
168 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | |
7d7e640e DSH |
169 | ], |
170 | ||
171 | [ | |
172 | "signed content test streaming BER format, RSA", | |
bf5adc9b | 173 | "-sign -in smcont.txt -outform \"DER\" -nodetach" |
7d7e640e | 174 | . " -stream -signer $smdir/smrsa1.pem -out test.cms", |
bf5adc9b RL |
175 | "-verify -in test.cms -inform \"DER\" " |
176 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
177 | ], |
178 | ||
179 | [ | |
180 | "signed content DER format, DSA key", | |
bf5adc9b | 181 | "-sign -in smcont.txt -outform \"DER\" -nodetach" |
7d7e640e | 182 | . " -signer $smdir/smdsa1.pem -out test.cms", |
bf5adc9b RL |
183 | "-verify -in test.cms -inform \"DER\" " |
184 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
185 | ], |
186 | ||
187 | [ | |
188 | "signed detached content DER format, DSA key", | |
bf5adc9b | 189 | "-sign -in smcont.txt -outform \"DER\"" |
7d7e640e | 190 | . " -signer $smdir/smdsa1.pem -out test.cms", |
bf5adc9b RL |
191 | "-verify -in test.cms -inform \"DER\" " |
192 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | |
7d7e640e DSH |
193 | ], |
194 | ||
195 | [ | |
196 | "signed detached content DER format, add RSA signer", | |
bf5adc9b | 197 | "-resign -inform \"DER\" -in test.cms -outform \"DER\"" |
7d7e640e | 198 | . " -signer $smdir/smrsa1.pem -out test2.cms", |
bf5adc9b RL |
199 | "-verify -in test2.cms -inform \"DER\" " |
200 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" | |
7d7e640e DSH |
201 | ], |
202 | ||
203 | [ | |
204 | "signed content test streaming BER format, DSA key", | |
bf5adc9b | 205 | "-sign -in smcont.txt -outform \"DER\" -nodetach" |
7d7e640e | 206 | . " -stream -signer $smdir/smdsa1.pem -out test.cms", |
bf5adc9b RL |
207 | "-verify -in test.cms -inform \"DER\" " |
208 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
209 | ], |
210 | ||
211 | [ | |
212 | "signed content test streaming BER format, 2 DSA and 2 RSA keys", | |
bf5adc9b | 213 | "-sign -in smcont.txt -outform \"DER\" -nodetach" |
7d7e640e DSH |
214 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" |
215 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
216 | . " -stream -out test.cms", | |
bf5adc9b RL |
217 | "-verify -in test.cms -inform \"DER\" " |
218 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
219 | ], |
220 | ||
221 | [ | |
222 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", | |
bf5adc9b | 223 | "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" |
7d7e640e DSH |
224 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" |
225 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
226 | . " -stream -out test.cms", | |
bf5adc9b RL |
227 | "-verify -in test.cms -inform \"DER\" " |
228 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
229 | ], |
230 | ||
231 | [ | |
232 | "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", | |
233 | "-sign -in smcont.txt -nodetach" | |
234 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | |
235 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
236 | . " -stream -out test.cms", | |
bf5adc9b | 237 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" |
7d7e640e DSH |
238 | ], |
239 | ||
240 | [ | |
241 | "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", | |
242 | "-sign -in smcont.txt" | |
243 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | |
244 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
245 | . " -stream -out test.cms", | |
bf5adc9b | 246 | "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" |
7d7e640e DSH |
247 | ], |
248 | ||
249 | [ | |
250 | "enveloped content test streaming S/MIME format, 3 recipients", | |
251 | "-encrypt -in smcont.txt" | |
252 | . " -stream -out test.cms" | |
253 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | |
254 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | |
255 | ], | |
256 | ||
257 | [ | |
258 | "enveloped content test streaming S/MIME format, 3 recipients, 3rd used", | |
259 | "-encrypt -in smcont.txt" | |
260 | . " -stream -out test.cms" | |
261 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | |
262 | "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" | |
263 | ], | |
264 | ||
265 | [ | |
266 | "enveloped content test streaming S/MIME format, 3 recipients, key only used", | |
267 | "-encrypt -in smcont.txt" | |
268 | . " -stream -out test.cms" | |
269 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | |
270 | "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" | |
271 | ], | |
272 | ||
273 | [ | |
274 | "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", | |
275 | "-encrypt -in smcont.txt" | |
276 | . " -aes256 -stream -out test.cms" | |
277 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | |
278 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | |
279 | ], | |
280 | ||
281 | ); | |
282 | ||
283 | my @smime_cms_tests = ( | |
284 | ||
285 | [ | |
286 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", | |
bf5adc9b | 287 | "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" |
7d7e640e DSH |
288 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" |
289 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
290 | . " -stream -out test.cms", | |
bf5adc9b RL |
291 | "-verify -in test.cms -inform \"DER\" " |
292 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
7d7e640e DSH |
293 | ], |
294 | ||
295 | [ | |
296 | "signed content test streaming PEM format, 2 DSA and 2 RSA keys", | |
297 | "-sign -in smcont.txt -outform PEM -nodetach" | |
298 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | |
299 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | |
300 | . " -stream -out test.cms", | |
301 | "-verify -in test.cms -inform PEM " | |
bf5adc9b | 302 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" |
7d7e640e DSH |
303 | ], |
304 | ||
4a6bb116 DSH |
305 | [ |
306 | "signed content MIME format, RSA key, signed receipt request", | |
307 | "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" | |
d5d1c537 | 308 | . " -receipt_request_to test\@openssl.org -receipt_request_all" |
4a6bb116 DSH |
309 | . " -out test.cms", |
310 | "-verify -in test.cms " | |
bf5adc9b | 311 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" |
4a6bb116 DSH |
312 | ], |
313 | ||
314 | [ | |
315 | "signed receipt MIME format, RSA key", | |
316 | "-sign_receipt -in test.cms" | |
317 | . " -signer $smdir/smrsa2.pem" | |
318 | . " -out test2.cms", | |
319 | "-verify_receipt test2.cms -in test.cms" | |
bf5adc9b | 320 | . " \"-CAfile\" $smdir/smroot.pem" |
4a6bb116 DSH |
321 | ], |
322 | ||
52e9196d DSH |
323 | [ |
324 | "enveloped content test streaming S/MIME format, 3 recipients, keyid", | |
325 | "-encrypt -in smcont.txt" | |
326 | . " -stream -out test.cms -keyid" | |
327 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | |
328 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | |
329 | ], | |
330 | ||
eeb9cdfc DSH |
331 | [ |
332 | "enveloped content test streaming PEM format, KEK", | |
333 | "-encrypt -in smcont.txt -outform PEM -aes128" | |
334 | . " -stream -out test.cms " | |
335 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | |
336 | . " -secretkeyid C0FEE0", | |
337 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | |
338 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | |
339 | . " -secretkeyid C0FEE0" | |
340 | ], | |
341 | ||
342 | [ | |
343 | "enveloped content test streaming PEM format, KEK, key only", | |
344 | "-encrypt -in smcont.txt -outform PEM -aes128" | |
345 | . " -stream -out test.cms " | |
346 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | |
347 | . " -secretkeyid C0FEE0", | |
348 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | |
349 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | |
350 | ], | |
351 | ||
7d7e640e DSH |
352 | [ |
353 | "data content test streaming PEM format", | |
354 | "-data_create -in smcont.txt -outform PEM -nodetach" | |
355 | . " -stream -out test.cms", | |
356 | "-data_out -in test.cms -inform PEM -out smtst.txt" | |
357 | ], | |
358 | ||
359 | [ | |
360 | "encrypted content test streaming PEM format, 128 bit RC2 key", | |
bf5adc9b | 361 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" |
7d7e640e DSH |
362 | . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" |
363 | . " -stream -out test.cms", | |
bf5adc9b | 364 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " |
7d7e640e DSH |
365 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" |
366 | ], | |
367 | ||
368 | [ | |
369 | "encrypted content test streaming PEM format, 40 bit RC2 key", | |
bf5adc9b | 370 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" |
7d7e640e DSH |
371 | . " -rc2 -secretkey 0001020304" |
372 | . " -stream -out test.cms", | |
bf5adc9b | 373 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " |
7d7e640e DSH |
374 | . " -secretkey 0001020304 -out smtst.txt" |
375 | ], | |
376 | ||
377 | [ | |
378 | "encrypted content test streaming PEM format, triple DES key", | |
bf5adc9b | 379 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" |
7d7e640e DSH |
380 | . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" |
381 | . " -stream -out test.cms", | |
bf5adc9b | 382 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " |
7d7e640e DSH |
383 | . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" |
384 | . " -out smtst.txt" | |
385 | ], | |
386 | ||
387 | [ | |
388 | "encrypted content test streaming PEM format, 128 bit AES key", | |
bf5adc9b | 389 | "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" |
7d7e640e DSH |
390 | . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" |
391 | . " -stream -out test.cms", | |
bf5adc9b | 392 | "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " |
7d7e640e DSH |
393 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" |
394 | ], | |
395 | ||
396 | ); | |
397 | ||
398 | my @smime_cms_comp_tests = ( | |
399 | ||
400 | [ | |
401 | "compressed content test streaming PEM format", | |
402 | "-compress -in smcont.txt -outform PEM -nodetach" | |
403 | . " -stream -out test.cms", | |
404 | "-uncompress -in test.cms -inform PEM -out smtst.txt" | |
405 | ] | |
406 | ||
407 | ); | |
408 | ||
ea6bf266 DSH |
409 | my @smime_cms_param_tests = ( |
410 | [ | |
411 | "signed content test streaming PEM format, RSA keys, PSS signature", | |
412 | "-sign -in smcont.txt -outform PEM -nodetach" | |
413 | . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" | |
414 | . " -out test.cms", | |
415 | "-verify -in test.cms -inform PEM " | |
416 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
417 | ], | |
418 | ||
419 | [ | |
420 | "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", | |
421 | "-sign -in smcont.txt -outform PEM -nodetach -noattr" | |
422 | . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" | |
423 | . " -out test.cms", | |
424 | "-verify -in test.cms -inform PEM " | |
425 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
426 | ], | |
427 | ||
428 | [ | |
429 | "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", | |
430 | "-sign -in smcont.txt -outform PEM -nodetach" | |
431 | . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" | |
432 | . " -keyopt rsa_mgf1_md:sha384 -out test.cms", | |
433 | "-verify -in test.cms -inform PEM " | |
434 | . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" | |
435 | ], | |
436 | ||
437 | [ | |
438 | "enveloped content test streaming S/MIME format, OAEP default parameters", | |
439 | "-encrypt -in smcont.txt" | |
440 | . " -stream -out test.cms" | |
441 | . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep", | |
442 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | |
443 | ], | |
444 | ||
445 | [ | |
446 | "enveloped content test streaming S/MIME format, OAEP SHA256", | |
447 | "-encrypt -in smcont.txt" | |
448 | . " -stream -out test.cms" | |
449 | . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep" | |
450 | . " -keyopt rsa_oaep_md:sha256", | |
451 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | |
d037e0d3 DSH |
452 | ], |
453 | ||
454 | [ | |
455 | "enveloped content test streaming S/MIME format, ECDH", | |
456 | "-encrypt -in smcont.txt" | |
457 | . " -stream -out test.cms" | |
458 | . " -recip $smdir/smec1.pem", | |
459 | "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" | |
460 | ], | |
461 | ||
784f155e DSH |
462 | [ |
463 | "enveloped content test streaming S/MIME format, ECDH, key identifier", | |
464 | "-encrypt -keyid -in smcont.txt" | |
465 | . " -stream -out test.cms" | |
466 | . " -recip $smdir/smec1.pem", | |
467 | "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" | |
468 | ], | |
469 | ||
d037e0d3 DSH |
470 | [ |
471 | "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", | |
472 | "-encrypt -in smcont.txt" | |
473 | . " -stream -out test.cms" | |
474 | . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256", | |
475 | "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" | |
476 | ], | |
477 | ||
478 | [ | |
479 | "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", | |
480 | "-encrypt -in smcont.txt" | |
481 | . " -stream -out test.cms" | |
482 | . " -recip $smdir/smec2.pem -aes128" | |
483 | . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1", | |
484 | "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt" | |
6ed3af7d DSH |
485 | ], |
486 | ||
487 | [ | |
488 | "enveloped content test streaming S/MIME format, X9.42 DH", | |
489 | "-encrypt -in smcont.txt" | |
490 | . " -stream -out test.cms" | |
491 | . " -recip $smdir/smdh.pem -aes128", | |
492 | "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt" | |
ea6bf266 DSH |
493 | ] |
494 | ); | |
495 | ||
7d7e640e DSH |
496 | print "CMS => PKCS#7 compatibility tests\n"; |
497 | ||
f5cbf8fb | 498 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); |
7d7e640e DSH |
499 | |
500 | print "CMS <= PKCS#7 compatibility tests\n"; | |
501 | ||
f5cbf8fb | 502 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); |
7d7e640e DSH |
503 | |
504 | print "CMS <=> CMS consistency tests\n"; | |
505 | ||
f5cbf8fb DSH |
506 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); |
507 | run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); | |
7d7e640e | 508 | |
ea6bf266 DSH |
509 | print "CMS <=> CMS consistency tests, modified key parameters\n"; |
510 | run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd ); | |
511 | ||
7d7e640e | 512 | if ( `$ossl_path version -f` =~ /ZLIB/ ) { |
f5cbf8fb | 513 | run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); |
7d7e640e DSH |
514 | } |
515 | else { | |
516 | print "Zlib not supported: compression tests skipped\n"; | |
517 | } | |
518 | ||
2e86f0d8 DSH |
519 | print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); |
520 | ||
7d7e640e DSH |
521 | if ($badcmd) { |
522 | print "$badcmd TESTS FAILED!!\n"; | |
523 | } | |
524 | else { | |
525 | print "ALL TESTS SUCCESSFUL.\n"; | |
526 | } | |
527 | ||
90ec4c0a DSH |
528 | unlink "test.cms"; |
529 | unlink "test2.cms"; | |
530 | unlink "smtst.txt"; | |
6bd05ad4 DSH |
531 | unlink "cms.out"; |
532 | unlink "cms.err"; | |
90ec4c0a | 533 | |
7d7e640e DSH |
534 | sub run_smime_tests { |
535 | my ( $rv, $aref, $scmd, $vcmd ) = @_; | |
536 | ||
537 | foreach $smtst (@$aref) { | |
538 | my ( $tnam, $rscmd, $rvcmd ) = @$smtst; | |
2e86f0d8 DSH |
539 | if ($ossl8) |
540 | { | |
541 | # Skip smime resign: 0.9.8 smime doesn't support -resign | |
542 | next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); | |
543 | # Disable streaming: option not supported in 0.9.8 | |
544 | $tnam =~ s/streaming//; | |
545 | $rscmd =~ s/-stream//; | |
546 | $rvcmd =~ s/-stream//; | |
547 | } | |
2fc368c1 DSH |
548 | if ($no_ec && $tnam =~ /ECDH/) |
549 | { | |
550 | print "$tnam: skipped, EC disabled\n"; | |
551 | next; | |
552 | } | |
a38ae11c MC |
553 | if ($no_ecdh && $tnam =~ /ECDH/) |
554 | { | |
555 | print "$tnam: skipped, ECDH disabled\n"; | |
556 | next; | |
557 | } | |
5a4a9499 MC |
558 | if ($no_ec2m && $tnam =~ /K-283/) |
559 | { | |
560 | print "$tnam: skipped, EC2M disabled\n"; | |
561 | next; | |
562 | } | |
369b0abd | 563 | system("$scmd$rscmd$redir"); |
7d7e640e DSH |
564 | if ($?) { |
565 | print "$tnam: generation error\n"; | |
566 | $$rv++; | |
f5cbf8fb | 567 | exit 1 if $halt_err; |
7d7e640e DSH |
568 | next; |
569 | } | |
369b0abd | 570 | system("$vcmd$rvcmd$redir"); |
7d7e640e DSH |
571 | if ($?) { |
572 | print "$tnam: verify error\n"; | |
573 | $$rv++; | |
f5cbf8fb | 574 | exit 1 if $halt_err; |
7d7e640e DSH |
575 | next; |
576 | } | |
90ec4c0a DSH |
577 | if (!cmp_files("smtst.txt", "smcont.txt")) { |
578 | print "$tnam: content verify error\n"; | |
579 | $$rv++; | |
580 | exit 1 if $halt_err; | |
581 | next; | |
582 | } | |
7d7e640e DSH |
583 | print "$tnam: OK\n"; |
584 | } | |
585 | } | |
586 | ||
90ec4c0a | 587 | sub cmp_files { |
188ab7df | 588 | use FileHandle; |
90ec4c0a | 589 | my ( $f1, $f2 ) = @_; |
188ab7df AP |
590 | my $fp1 = FileHandle->new(); |
591 | my $fp2 = FileHandle->new(); | |
90ec4c0a DSH |
592 | |
593 | my ( $rd1, $rd2 ); | |
594 | ||
595 | if ( !open( $fp1, "<$f1" ) ) { | |
596 | print STDERR "Can't Open file $f1\n"; | |
597 | return 0; | |
598 | } | |
599 | ||
600 | if ( !open( $fp2, "<$f2" ) ) { | |
601 | print STDERR "Can't Open file $f2\n"; | |
602 | return 0; | |
603 | } | |
604 | ||
605 | binmode $fp1; | |
606 | binmode $fp2; | |
607 | ||
608 | my $ret = 0; | |
609 | ||
610 | for ( ; ; ) { | |
611 | $n1 = sysread $fp1, $rd1, 4096; | |
612 | $n2 = sysread $fp2, $rd2, 4096; | |
613 | last if ( $n1 != $n2 ); | |
614 | last if ( $rd1 ne $rd2 ); | |
615 | ||
616 | if ( $n1 == 0 ) { | |
617 | $ret = 1; | |
618 | last; | |
619 | } | |
620 | ||
621 | } | |
622 | ||
623 | close $fp1; | |
624 | close $fp2; | |
625 | ||
626 | return $ret; | |
627 | ||
628 | } | |
629 |