[thirdparty/openssl.git] / test / recipes / 80-test_cms.t

#! /usr/bin/perl

use strict;
use warnings;

use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text/;
use OpenSSL::Test qw/:DEFAULT top_dir top_file/;

setup("test_cms");

my $smdir    = top_dir("test", "smime-certs");
my $smcont   = top_file("test", "smcont.txt");
my $no_ec    = run(app(["openssl", "no-ec"], stdout => undef));
my $no_ec2m  = run(app(["openssl", "no-ec2m"], stdout => undef));
my $no_ecdh  = run(app(["openssl", "no-ecdh"], stdout => undef));

plan tests => 4;

my @smime_pkcs7_tests = (

    [ "signed content DER format, RSA key",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	"-certfile", catfile($smdir, "smroot.pem"),
	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed detached content DER format, RSA key",
      [ "-sign", "-in", $smcont, "-outform", "DER",
	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	"-content", $smcont ]
    ],

    [ "signed content test streaming BER format, RSA",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	"-stream",
	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content DER format, DSA key",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed detached content DER format, DSA key",
      [ "-sign", "-in", $smcont, "-outform", "DER",
	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	"-content", $smcont ]
    ],

    [ "signed detached content DER format, add RSA signer",
      [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
      [ "-verify", "-in", "test2.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	"-content", $smcont ]
    ],

    [ "signed content test streaming BER format, DSA key",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	"-stream",
	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
      [ "-sign", "-in", $smcont, "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
      [ "-sign", "-in", $smcont,
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, 3 recipients",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	catfile($smdir, "smrsa1.pem"),
	catfile($smdir, "smrsa2.pem"),
	catfile($smdir, "smrsa3.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	catfile($smdir, "smrsa1.pem"),
	catfile($smdir, "smrsa2.pem"),
	catfile($smdir, "smrsa3.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	catfile($smdir, "smrsa1.pem"),
	catfile($smdir, "smrsa2.pem"),
	catfile($smdir, "smrsa3.pem") ],
      [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
      [ "-encrypt", "-in", $smcont,
	"-aes256", "-stream", "-out", "test.cms",
	catfile($smdir, "smrsa1.pem"),
	catfile($smdir, "smrsa2.pem"),
	catfile($smdir, "smrsa3.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

);

my @smime_cms_tests = (

    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "DER",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"),
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-signer", catfile($smdir, "smdsa1.pem"),
	"-signer", catfile($smdir, "smdsa2.pem"),
	"-stream", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "PEM",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content MIME format, RSA key, signed receipt request",
      [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
	"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
	"-out", "test.cms" ],
      [ "-verify", "-in", "test.cms",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed receipt MIME format, RSA key",
      [ "-sign_receipt", "-in", "test.cms",
	"-signer", catfile($smdir, "smrsa2.pem"),
	"-out", "test2.cms" ],
      [ "-verify_receipt", "test2.cms", "-in", "test.cms",
	"-CAfile", catfile($smdir, "smroot.pem") ]
    ],

    [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms", "-keyid",
	catfile($smdir, "smrsa1.pem"),
	catfile($smdir, "smrsa2.pem"),
	catfile($smdir, "smrsa3.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming PEM format, KEK",
      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
	"-stream", "-out", "test.cms",
	"-secretkey", "000102030405060708090A0B0C0D0E0F",
	"-secretkeyid", "C0FEE0" ],
      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
	"-secretkey", "000102030405060708090A0B0C0D0E0F",
	"-secretkeyid", "C0FEE0" ]
    ],

    [ "enveloped content test streaming PEM format, KEK, key only",
      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
	"-stream", "-out", "test.cms",
	"-secretkey", "000102030405060708090A0B0C0D0E0F",
	"-secretkeyid", "C0FEE0" ],
      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
	"-secretkey", "000102030405060708090A0B0C0D0E0F" ]
    ],

    [ "data content test streaming PEM format",
      [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
	"-stream", "-out", "test.cms" ],
      [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
    ],

    [ "encrypted content test streaming PEM format, 128 bit RC2 key",
      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
	"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
	"-stream", "-out", "test.cms" ],
      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
    ],

    [ "encrypted content test streaming PEM format, 40 bit RC2 key",
      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
	"-rc2", "-secretkey", "0001020304",
	"-stream", "-out", "test.cms" ],
      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
	"-secretkey", "0001020304", "-out", "smtst.txt" ]
    ],

    [ "encrypted content test streaming PEM format, triple DES key",
      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
	"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
	"-stream", "-out", "test.cms" ],
      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
	"-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
	"-out", "smtst.txt" ]
    ],

    [ "encrypted content test streaming PEM format, 128 bit AES key",
      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
	"-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
	"-stream", "-out", "test.cms" ],
      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
    ],

);

my @smime_cms_comp_tests = (

    [ "compressed content test streaming PEM format",
      [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
	"-stream", "-out", "test.cms" ],
      [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
    ]

);

my @smime_cms_param_tests = (
    [ "signed content test streaming PEM format, RSA keys, PSS signature",
      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
	"-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "PEM",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
	"-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "PEM",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
	"-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
      [ "-verify", "-in", "test.cms", "-inform", "PEM",
	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, OAEP default parameters",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, OAEP SHA256",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
	"-keyopt", "rsa_oaep_md:sha256" ],
      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, ECDH",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smec1.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
      [ "-encrypt", "-keyid", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smec1.pem") ],
      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smec2.pem"), "-aes128",
	"-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
      [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ],

    [ "enveloped content test streaming S/MIME format, X9.42 DH",
      [ "-encrypt", "-in", $smcont,
	"-stream", "-out", "test.cms",
	"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
      [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
	"-in", "test.cms", "-out", "smtst.txt" ]
    ]
    );

subtest "CMS => PKCS#7 compatibility tests\n" => sub {
    plan tests => scalar @smime_pkcs7_tests;

    foreach (@smime_pkcs7_tests) {
      SKIP: {
	  my $skip_reason = check_availability($$_[0]);
	  skip $skip_reason, 1 if $skip_reason;

	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
	     && run(app(["openssl", "smime", @{$$_[2]}]))
	     && compare_text($smcont, "smtst.txt") == 0,
	     $$_[0]);
	}
    }
};
subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
    plan tests => scalar @smime_pkcs7_tests;

    foreach (@smime_pkcs7_tests) {
      SKIP: {
	  my $skip_reason = check_availability($$_[0]);
	  skip $skip_reason, 1 if $skip_reason;

	  ok(run(app(["openssl", "smime", @{$$_[1]}]))
	     && run(app(["openssl", "cms", @{$$_[2]}]))
	     && compare_text($smcont, "smtst.txt") == 0,
	     $$_[0]);
	}
    }
};

subtest "CMS <=> CMS consistency tests\n" => sub {
    plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);

    foreach (@smime_pkcs7_tests) {
      SKIP: {
	  my $skip_reason = check_availability($$_[0]);
	  skip $skip_reason, 1 if $skip_reason;

	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
	     && run(app(["openssl", "cms", @{$$_[2]}]))
	     && compare_text($smcont, "smtst.txt") == 0,
	     $$_[0]);
	}
    }
    foreach (@smime_cms_tests) {
      SKIP: {
	  my $skip_reason = check_availability($$_[0]);
	  skip $skip_reason, 1 if $skip_reason;

	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
	     && run(app(["openssl", "cms", @{$$_[2]}]))
	     && compare_text($smcont, "smtst.txt") == 0,
	     $$_[0]);
	}
    }
};

subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
    plan tests =>
	(scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);

    foreach (@smime_cms_param_tests) {
      SKIP: {
	  my $skip_reason = check_availability($$_[0]);
	  skip $skip_reason, 1 if $skip_reason;

	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
	     && run(app(["openssl", "cms", @{$$_[2]}]))
	     && compare_text($smcont, "smtst.txt") == 0,
	     $$_[0]);
	}
    }

  SKIP: {
      skip("Zlib not supported: compression tests skipped",
	   scalar @smime_cms_comp_tests)
	  unless grep /ZLIB/, run(app(["openssl", "version", "-f"]),
				  capture => 1);

      foreach (@smime_cms_param_tests) {
	SKIP: {
	    my $skip_reason = check_availability($$_[0]);
	    skip $skip_reason, 1 if $skip_reason;

	    ok(run(app(["openssl", "cms", @{$$_[1]}]))
	       && run(app(["openssl", "cms", @{$$_[2]}]))
	       && compare_text($smcont, "smtst.txt") == 0,
	       $$_[0]);
	  }
      }
    }
};

unlink "test.cms";
unlink "test2.cms";
unlink "smtst.txt";

sub check_availability {
    my $tnam = shift;

    return "$tnam: skipped, EC disabled\n"
	if ($no_ec && $tnam =~ /ECDH/);
    return "$tnam: skipped, ECDH disabled\n"
	if ($no_ecdh && $tnam =~ /ECDH/);
    return "$tnam: skipped, EC2M disabled\n"
	if ($no_ec2m && $tnam =~ /K-283/);
    return "";
}
Commit	Line	Data
88b8a527 RL	1	#! /usr/bin/perl
	2
	3	use strict;
	4	use warnings;
	5
	6	use POSIX;
	7	use File::Spec::Functions qw/catfile/;
	8	use File::Compare qw/compare_text/;
88b8a527 RL	9	use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
	10
	11	setup("test_cms");
	12
	13	my $smdir = top_dir("test", "smime-certs");
	14	my $smcont = top_file("test", "smcont.txt");
	15	my $no_ec = run(app(["openssl", "no-ec"], stdout => undef));
	16	my $no_ec2m = run(app(["openssl", "no-ec2m"], stdout => undef));
	17	my $no_ecdh = run(app(["openssl", "no-ecdh"], stdout => undef));
	18
	19	plan tests => 4;
	20
	21	my @smime_pkcs7_tests = (
	22
	23	[ "signed content DER format, RSA key",
	24	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	25	"-certfile", catfile($smdir, "smroot.pem"),
	26	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
	27	[ "-verify", "-in", "test.cms", "-inform", "DER",
	28	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
	29	],
	30
	31	[ "signed detached content DER format, RSA key",
	32	[ "-sign", "-in", $smcont, "-outform", "DER",
	33	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
	34	[ "-verify", "-in", "test.cms", "-inform", "DER",
	35	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	36	"-content", $smcont ]
	37	],
	38
	39	[ "signed content test streaming BER format, RSA",
	40	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	41	"-stream",
	42	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
	43	[ "-verify", "-in", "test.cms", "-inform", "DER",
	44	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
	45	],
	46
	47	[ "signed content DER format, DSA key",
	48	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	49	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
	50	[ "-verify", "-in", "test.cms", "-inform", "DER",
	51	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
	52	],
	53
	54	[ "signed detached content DER format, DSA key",
	55	[ "-sign", "-in", $smcont, "-outform", "DER",
	56	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
	57	[ "-verify", "-in", "test.cms", "-inform", "DER",
	58	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	59	"-content", $smcont ]
	60	],
	61
	62	[ "signed detached content DER format, add RSA signer",
	63	[ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
	64	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
	65	[ "-verify", "-in", "test2.cms", "-inform", "DER",
	66	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
	67	"-content", $smcont ]
	68	],
	69
	70	[ "signed content test streaming BER format, DSA key",
	71	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
	72	"-stream",
73	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
74	[ "-verify", "-in", "test.cms", "-inform", "DER",
75	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
76	],
77
78	[ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
79	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
80	"-signer", catfile($smdir, "smrsa1.pem"),
81	"-signer", catfile($smdir, "smrsa2.pem"),
82	"-signer", catfile($smdir, "smdsa1.pem"),
83	"-signer", catfile($smdir, "smdsa2.pem"),
84	"-stream", "-out", "test.cms" ],
85	[ "-verify", "-in", "test.cms", "-inform", "DER",
86	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
87	],
88
89	[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
90	[ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
91	"-signer", catfile($smdir, "smrsa1.pem"),
92	"-signer", catfile($smdir, "smrsa2.pem"),
93	"-signer", catfile($smdir, "smdsa1.pem"),
94	"-signer", catfile($smdir, "smdsa2.pem"),
95	"-stream", "-out", "test.cms" ],
96	[ "-verify", "-in", "test.cms", "-inform", "DER",
97	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
98	],
99
100	[ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
101	[ "-sign", "-in", $smcont, "-nodetach",
102	"-signer", catfile($smdir, "smrsa1.pem"),
103	"-signer", catfile($smdir, "smrsa2.pem"),
104	"-signer", catfile($smdir, "smdsa1.pem"),
105	"-signer", catfile($smdir, "smdsa2.pem"),
106	"-stream", "-out", "test.cms" ],
107	[ "-verify", "-in", "test.cms",
108	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
109	],
110
111	[ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
112	[ "-sign", "-in", $smcont,
113	"-signer", catfile($smdir, "smrsa1.pem"),
114	"-signer", catfile($smdir, "smrsa2.pem"),
115	"-signer", catfile($smdir, "smdsa1.pem"),
116	"-signer", catfile($smdir, "smdsa2.pem"),
117	"-stream", "-out", "test.cms" ],
118	[ "-verify", "-in", "test.cms",
119	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
120	],
121
122	[ "enveloped content test streaming S/MIME format, 3 recipients",
123	[ "-encrypt", "-in", $smcont,
124	"-stream", "-out", "test.cms",
125	catfile($smdir, "smrsa1.pem"),
126	catfile($smdir, "smrsa2.pem"),
127	catfile($smdir, "smrsa3.pem") ],
128	[ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
129	"-in", "test.cms", "-out", "smtst.txt" ]
130	],
131
132	[ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
133	[ "-encrypt", "-in", $smcont,
134	"-stream", "-out", "test.cms",
135	catfile($smdir, "smrsa1.pem"),
136	catfile($smdir, "smrsa2.pem"),
137	catfile($smdir, "smrsa3.pem") ],
138	[ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
139	"-in", "test.cms", "-out", "smtst.txt" ]
140	],
141
142	[ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
143	[ "-encrypt", "-in", $smcont,
144	"-stream", "-out", "test.cms",
145	catfile($smdir, "smrsa1.pem"),
146	catfile($smdir, "smrsa2.pem"),
147	catfile($smdir, "smrsa3.pem") ],
148	[ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
149	"-in", "test.cms", "-out", "smtst.txt" ]
150	],
151
152	[ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
153	[ "-encrypt", "-in", $smcont,
154	"-aes256", "-stream", "-out", "test.cms",
155	catfile($smdir, "smrsa1.pem"),
156	catfile($smdir, "smrsa2.pem"),
157	catfile($smdir, "smrsa3.pem") ],
158	[ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
159	"-in", "test.cms", "-out", "smtst.txt" ]
160	],
161
162	);
163
164	my @smime_cms_tests = (
165
166	[ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
167	[ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
168	"-signer", catfile($smdir, "smrsa1.pem"),
169	"-signer", catfile($smdir, "smrsa2.pem"),
170	"-signer", catfile($smdir, "smdsa1.pem"),
171	"-signer", catfile($smdir, "smdsa2.pem"),
172	"-stream", "-out", "test.cms" ],
173	[ "-verify", "-in", "test.cms", "-inform", "DER",
174	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
175	],
176
177	[ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
178	[ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
179	"-signer", catfile($smdir, "smrsa1.pem"),
180	"-signer", catfile($smdir, "smrsa2.pem"),
181	"-signer", catfile($smdir, "smdsa1.pem"),
182	"-signer", catfile($smdir, "smdsa2.pem"),
183	"-stream", "-out", "test.cms" ],
184	[ "-verify", "-in", "test.cms", "-inform", "PEM",
185	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
186	],
187
188	[ "signed content MIME format, RSA key, signed receipt request",
189	[ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
190	"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
191	"-out", "test.cms" ],
192	[ "-verify", "-in", "test.cms",
193	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
194	],
195
196	[ "signed receipt MIME format, RSA key",
197	[ "-sign_receipt", "-in", "test.cms",
198	"-signer", catfile($smdir, "smrsa2.pem"),
199	"-out", "test2.cms" ],
200	[ "-verify_receipt", "test2.cms", "-in", "test.cms",
201	"-CAfile", catfile($smdir, "smroot.pem") ]
202	],
203
204	[ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
205	[ "-encrypt", "-in", $smcont,
206	"-stream", "-out", "test.cms", "-keyid",
207	catfile($smdir, "smrsa1.pem"),
208	catfile($smdir, "smrsa2.pem"),
209	catfile($smdir, "smrsa3.pem") ],
210	[ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
211	"-in", "test.cms", "-out", "smtst.txt" ]
212	],
213
214	[ "enveloped content test streaming PEM format, KEK",
215	[ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
216	"-stream", "-out", "test.cms",
217	"-secretkey", "000102030405060708090A0B0C0D0E0F",
218	"-secretkeyid", "C0FEE0" ],
219	[ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
220	"-secretkey", "000102030405060708090A0B0C0D0E0F",
221	"-secretkeyid", "C0FEE0" ]
222	],
223
224	[ "enveloped content test streaming PEM format, KEK, key only",
225	[ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
226	"-stream", "-out", "test.cms",
227	"-secretkey", "000102030405060708090A0B0C0D0E0F",
228	"-secretkeyid", "C0FEE0" ],
229	[ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
230	"-secretkey", "000102030405060708090A0B0C0D0E0F" ]
231	],
232
233	[ "data content test streaming PEM format",
234	[ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
235	"-stream", "-out", "test.cms" ],
236	[ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
237	],
238
239	[ "encrypted content test streaming PEM format, 128 bit RC2 key",
240	[ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
241	"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
242	"-stream", "-out", "test.cms" ],
243	[ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
244	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
245	],
246
247	[ "encrypted content test streaming PEM format, 40 bit RC2 key",
248	[ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
249	"-rc2", "-secretkey", "0001020304",
250	"-stream", "-out", "test.cms" ],
251	[ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
252	"-secretkey", "0001020304", "-out", "smtst.txt" ]
253	],
254
255	[ "encrypted content test streaming PEM format, triple DES key",
256	[ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
257	"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
258	"-stream", "-out", "test.cms" ],
259	[ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
260	"-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
261	"-out", "smtst.txt" ]
262	],
263
264	[ "encrypted content test streaming PEM format, 128 bit AES key",
265	[ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
266	"-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
267	"-stream", "-out", "test.cms" ],
268	[ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
269	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
270	],
271
272	);
273
274	my @smime_cms_comp_tests = (
275
276	[ "compressed content test streaming PEM format",
277	[ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
278	"-stream", "-out", "test.cms" ],
279	[ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
280	]
281
282	);
283
284	my @smime_cms_param_tests = (
285	[ "signed content test streaming PEM format, RSA keys, PSS signature",
286	[ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
287	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
288	"-out", "test.cms" ],
289	[ "-verify", "-in", "test.cms", "-inform", "PEM",
290	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
291	],
292
293	[ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
294	[ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
295	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
296	"-out", "test.cms" ],
297	[ "-verify", "-in", "test.cms", "-inform", "PEM",
298	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
299	],
300
301	[ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
302	[ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
303	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
304	"-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
305	[ "-verify", "-in", "test.cms", "-inform", "PEM",
306	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
307	],
308
309	[ "enveloped content test streaming S/MIME format, OAEP default parameters",
310	[ "-encrypt", "-in", $smcont,
311	"-stream", "-out", "test.cms",
312	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
313	[ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
314	"-in", "test.cms", "-out", "smtst.txt" ]
315	],
316
317	[ "enveloped content test streaming S/MIME format, OAEP SHA256",
318	[ "-encrypt", "-in", $smcont,
319	"-stream", "-out", "test.cms",
320	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
321	"-keyopt", "rsa_oaep_md:sha256" ],
322	[ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
323	"-in", "test.cms", "-out", "smtst.txt" ]
324	],
325
326	[ "enveloped content test streaming S/MIME format, ECDH",
327	[ "-encrypt", "-in", $smcont,
328	"-stream", "-out", "test.cms",
329	"-recip", catfile($smdir, "smec1.pem") ],
330	[ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
331	"-in", "test.cms", "-out", "smtst.txt" ]
332	],
333
334	[ "enveloped content test streaming S/MIME format, ECDH, key identifier",
335	[ "-encrypt", "-keyid", "-in", $smcont,
336	"-stream", "-out", "test.cms",
337	"-recip", catfile($smdir, "smec1.pem") ],
338	[ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
339	"-in", "test.cms", "-out", "smtst.txt" ]
340	],
341
342	[ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
343	[ "-encrypt", "-in", $smcont,
344	"-stream", "-out", "test.cms",
345	"-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
346	[ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
347	"-in", "test.cms", "-out", "smtst.txt" ]
348	],
349
350	[ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
351	[ "-encrypt", "-in", $smcont,
352	"-stream", "-out", "test.cms",
353	"-recip", catfile($smdir, "smec2.pem"), "-aes128",
354	"-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
355	[ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
356	"-in", "test.cms", "-out", "smtst.txt" ]
357	],
358
359	[ "enveloped content test streaming S/MIME format, X9.42 DH",
360	[ "-encrypt", "-in", $smcont,
361	"-stream", "-out", "test.cms",
362	"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
363	[ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
364	"-in", "test.cms", "-out", "smtst.txt" ]
365	]
366	);
367
368	subtest "CMS => PKCS#7 compatibility tests\n" => sub {
369	plan tests => scalar @smime_pkcs7_tests;
370
371	foreach (@smime_pkcs7_tests) {
372	SKIP: {
373	my $skip_reason = check_availability($$_[0]);
374	skip $skip_reason, 1 if $skip_reason;
375
376	ok(run(app(["openssl", "cms", @{$$_[1]}]))
377	&& run(app(["openssl", "smime", @{$$_[2]}]))
378	&& compare_text($smcont, "smtst.txt") == 0,
379	$$_[0]);
380	}
381	}
382	};
383	subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
384	plan tests => scalar @smime_pkcs7_tests;
385
386	foreach (@smime_pkcs7_tests) {
387	SKIP: {
388	my $skip_reason = check_availability($$_[0]);
389	skip $skip_reason, 1 if $skip_reason;
390
391	ok(run(app(["openssl", "smime", @{$$_[1]}]))
392	&& run(app(["openssl", "cms", @{$$_[2]}]))
393	&& compare_text($smcont, "smtst.txt") == 0,
394	$$_[0]);
395	}
396	}
397	};
398
399	subtest "CMS <=> CMS consistency tests\n" => sub {
400	plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
401
402	foreach (@smime_pkcs7_tests) {
403	SKIP: {
404	my $skip_reason = check_availability($$_[0]);
405	skip $skip_reason, 1 if $skip_reason;
406
407	ok(run(app(["openssl", "cms", @{$$_[1]}]))
408	&& run(app(["openssl", "cms", @{$$_[2]}]))
409	&& compare_text($smcont, "smtst.txt") == 0,
410	$$_[0]);
411	}
412	}
413	foreach (@smime_cms_tests) {
414	SKIP: {
415	my $skip_reason = check_availability($$_[0]);
416	skip $skip_reason, 1 if $skip_reason;
417
418	ok(run(app(["openssl", "cms", @{$$_[1]}]))
419	&& run(app(["openssl", "cms", @{$$_[2]}]))
420	&& compare_text($smcont, "smtst.txt") == 0,
421	$$_[0]);
422	}
423	}
424	};
425
426	subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
427	plan tests =>
428	(scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
429
430	foreach (@smime_cms_param_tests) {
431	SKIP: {
432	my $skip_reason = check_availability($$_[0]);
433	skip $skip_reason, 1 if $skip_reason;
434
435	ok(run(app(["openssl", "cms", @{$$_[1]}]))
436	&& run(app(["openssl", "cms", @{$$_[2]}]))
437	&& compare_text($smcont, "smtst.txt") == 0,
438	$$_[0]);
439	}
440	}
441
442	SKIP: {
443	skip("Zlib not supported: compression tests skipped",
444	scalar @smime_cms_comp_tests)
445	unless grep /ZLIB/, run(app(["openssl", "version", "-f"]),
446	capture => 1);
447
448	foreach (@smime_cms_param_tests) {
449	SKIP: {
450	my $skip_reason = check_availability($$_[0]);
451	skip $skip_reason, 1 if $skip_reason;
452
453	ok(run(app(["openssl", "cms", @{$$_[1]}]))
454	&& run(app(["openssl", "cms", @{$$_[2]}]))
455	&& compare_text($smcont, "smtst.txt") == 0,
456	$$_[0]);
457	}
458	}
459	}
460	};
461
462	unlink "test.cms";
463	unlink "test2.cms";
464	unlink "smtst.txt";
465
466	sub check_availability {
467	my $tnam = shift;
468
469	return "$tnam: skipped, EC disabled\n"
470	if ($no_ec && $tnam =~ /ECDH/);
471	return "$tnam: skipped, ECDH disabled\n"
472	if ($no_ecdh && $tnam =~ /ECDH/);
473	return "$tnam: skipped, EC2M disabled\n"
474	if ($no_ec2m && $tnam =~ /K-283/);
475	return "";
476	}