]> git.ipfire.org Git - thirdparty/openssl.git/blob - test/recipes/80-test_cms.t
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
make no-dh work
[thirdparty/openssl.git] / test / recipes / 80-test_cms.t
1 #! /usr/bin/perl
2
3 use strict;
4 use warnings;
5
6 use POSIX;
7 use File::Spec::Functions qw/catfile/;
8 use File::Compare qw/compare_text/;
9 use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
10 use OpenSSL::Test::Utils;
11
12 setup("test_cms");
13
14 my $smdir = top_dir("test", "smime-certs");
15 my $smcont = top_file("test", "smcont.txt");
16 my ($no_dh, $no_ec, $no_ec2m, $no_zlib) = disabled qw/dh ec ec2m zlib/;
17
18 plan tests => 4;
19
20 my @smime_pkcs7_tests = (
21
22 [ "signed content DER format, RSA key",
23 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
24 "-certfile", catfile($smdir, "smroot.pem"),
25 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
26 [ "-verify", "-in", "test.cms", "-inform", "DER",
27 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
28 ],
29
30 [ "signed detached content DER format, RSA key",
31 [ "-sign", "-in", $smcont, "-outform", "DER",
32 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
33 [ "-verify", "-in", "test.cms", "-inform", "DER",
34 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
35 "-content", $smcont ]
36 ],
37
38 [ "signed content test streaming BER format, RSA",
39 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
40 "-stream",
41 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
42 [ "-verify", "-in", "test.cms", "-inform", "DER",
43 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
44 ],
45
46 [ "signed content DER format, DSA key",
47 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
48 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
49 [ "-verify", "-in", "test.cms", "-inform", "DER",
50 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
51 ],
52
53 [ "signed detached content DER format, DSA key",
54 [ "-sign", "-in", $smcont, "-outform", "DER",
55 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
56 [ "-verify", "-in", "test.cms", "-inform", "DER",
57 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
58 "-content", $smcont ]
59 ],
60
61 [ "signed detached content DER format, add RSA signer",
62 [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
63 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
64 [ "-verify", "-in", "test2.cms", "-inform", "DER",
65 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
66 "-content", $smcont ]
67 ],
68
69 [ "signed content test streaming BER format, DSA key",
70 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
71 "-stream",
72 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
73 [ "-verify", "-in", "test.cms", "-inform", "DER",
74 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
75 ],
76
77 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
78 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
79 "-signer", catfile($smdir, "smrsa1.pem"),
80 "-signer", catfile($smdir, "smrsa2.pem"),
81 "-signer", catfile($smdir, "smdsa1.pem"),
82 "-signer", catfile($smdir, "smdsa2.pem"),
83 "-stream", "-out", "test.cms" ],
84 [ "-verify", "-in", "test.cms", "-inform", "DER",
85 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
86 ],
87
88 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
89 [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
90 "-signer", catfile($smdir, "smrsa1.pem"),
91 "-signer", catfile($smdir, "smrsa2.pem"),
92 "-signer", catfile($smdir, "smdsa1.pem"),
93 "-signer", catfile($smdir, "smdsa2.pem"),
94 "-stream", "-out", "test.cms" ],
95 [ "-verify", "-in", "test.cms", "-inform", "DER",
96 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
97 ],
98
99 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
100 [ "-sign", "-in", $smcont, "-nodetach",
101 "-signer", catfile($smdir, "smrsa1.pem"),
102 "-signer", catfile($smdir, "smrsa2.pem"),
103 "-signer", catfile($smdir, "smdsa1.pem"),
104 "-signer", catfile($smdir, "smdsa2.pem"),
105 "-stream", "-out", "test.cms" ],
106 [ "-verify", "-in", "test.cms",
107 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
108 ],
109
110 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
111 [ "-sign", "-in", $smcont,
112 "-signer", catfile($smdir, "smrsa1.pem"),
113 "-signer", catfile($smdir, "smrsa2.pem"),
114 "-signer", catfile($smdir, "smdsa1.pem"),
115 "-signer", catfile($smdir, "smdsa2.pem"),
116 "-stream", "-out", "test.cms" ],
117 [ "-verify", "-in", "test.cms",
118 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
119 ],
120
121 [ "enveloped content test streaming S/MIME format, 3 recipients",
122 [ "-encrypt", "-in", $smcont,
123 "-stream", "-out", "test.cms",
124 catfile($smdir, "smrsa1.pem"),
125 catfile($smdir, "smrsa2.pem"),
126 catfile($smdir, "smrsa3.pem") ],
127 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
128 "-in", "test.cms", "-out", "smtst.txt" ]
129 ],
130
131 [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
132 [ "-encrypt", "-in", $smcont,
133 "-stream", "-out", "test.cms",
134 catfile($smdir, "smrsa1.pem"),
135 catfile($smdir, "smrsa2.pem"),
136 catfile($smdir, "smrsa3.pem") ],
137 [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
138 "-in", "test.cms", "-out", "smtst.txt" ]
139 ],
140
141 [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
142 [ "-encrypt", "-in", $smcont,
143 "-stream", "-out", "test.cms",
144 catfile($smdir, "smrsa1.pem"),
145 catfile($smdir, "smrsa2.pem"),
146 catfile($smdir, "smrsa3.pem") ],
147 [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
148 "-in", "test.cms", "-out", "smtst.txt" ]
149 ],
150
151 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
152 [ "-encrypt", "-in", $smcont,
153 "-aes256", "-stream", "-out", "test.cms",
154 catfile($smdir, "smrsa1.pem"),
155 catfile($smdir, "smrsa2.pem"),
156 catfile($smdir, "smrsa3.pem") ],
157 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
158 "-in", "test.cms", "-out", "smtst.txt" ]
159 ],
160
161 );
162
163 my @smime_cms_tests = (
164
165 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
166 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
167 "-signer", catfile($smdir, "smrsa1.pem"),
168 "-signer", catfile($smdir, "smrsa2.pem"),
169 "-signer", catfile($smdir, "smdsa1.pem"),
170 "-signer", catfile($smdir, "smdsa2.pem"),
171 "-stream", "-out", "test.cms" ],
172 [ "-verify", "-in", "test.cms", "-inform", "DER",
173 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
174 ],
175
176 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
177 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
178 "-signer", catfile($smdir, "smrsa1.pem"),
179 "-signer", catfile($smdir, "smrsa2.pem"),
180 "-signer", catfile($smdir, "smdsa1.pem"),
181 "-signer", catfile($smdir, "smdsa2.pem"),
182 "-stream", "-out", "test.cms" ],
183 [ "-verify", "-in", "test.cms", "-inform", "PEM",
184 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
185 ],
186
187 [ "signed content MIME format, RSA key, signed receipt request",
188 [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
189 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
190 "-out", "test.cms" ],
191 [ "-verify", "-in", "test.cms",
192 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
193 ],
194
195 [ "signed receipt MIME format, RSA key",
196 [ "-sign_receipt", "-in", "test.cms",
197 "-signer", catfile($smdir, "smrsa2.pem"),
198 "-out", "test2.cms" ],
199 [ "-verify_receipt", "test2.cms", "-in", "test.cms",
200 "-CAfile", catfile($smdir, "smroot.pem") ]
201 ],
202
203 [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
204 [ "-encrypt", "-in", $smcont,
205 "-stream", "-out", "test.cms", "-keyid",
206 catfile($smdir, "smrsa1.pem"),
207 catfile($smdir, "smrsa2.pem"),
208 catfile($smdir, "smrsa3.pem") ],
209 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
210 "-in", "test.cms", "-out", "smtst.txt" ]
211 ],
212
213 [ "enveloped content test streaming PEM format, KEK",
214 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
215 "-stream", "-out", "test.cms",
216 "-secretkey", "000102030405060708090A0B0C0D0E0F",
217 "-secretkeyid", "C0FEE0" ],
218 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
219 "-secretkey", "000102030405060708090A0B0C0D0E0F",
220 "-secretkeyid", "C0FEE0" ]
221 ],
222
223 [ "enveloped content test streaming PEM format, KEK, key only",
224 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
225 "-stream", "-out", "test.cms",
226 "-secretkey", "000102030405060708090A0B0C0D0E0F",
227 "-secretkeyid", "C0FEE0" ],
228 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
229 "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
230 ],
231
232 [ "data content test streaming PEM format",
233 [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
234 "-stream", "-out", "test.cms" ],
235 [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
236 ],
237
238 [ "encrypted content test streaming PEM format, 128 bit RC2 key",
239 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
240 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
241 "-stream", "-out", "test.cms" ],
242 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
243 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
244 ],
245
246 [ "encrypted content test streaming PEM format, 40 bit RC2 key",
247 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
248 "-rc2", "-secretkey", "0001020304",
249 "-stream", "-out", "test.cms" ],
250 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
251 "-secretkey", "0001020304", "-out", "smtst.txt" ]
252 ],
253
254 [ "encrypted content test streaming PEM format, triple DES key",
255 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
256 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
257 "-stream", "-out", "test.cms" ],
258 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
259 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
260 "-out", "smtst.txt" ]
261 ],
262
263 [ "encrypted content test streaming PEM format, 128 bit AES key",
264 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
265 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
266 "-stream", "-out", "test.cms" ],
267 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
268 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
269 ],
270
271 );
272
273 my @smime_cms_comp_tests = (
274
275 [ "compressed content test streaming PEM format",
276 [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
277 "-stream", "-out", "test.cms" ],
278 [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
279 ]
280
281 );
282
283 my @smime_cms_param_tests = (
284 [ "signed content test streaming PEM format, RSA keys, PSS signature",
285 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
286 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
287 "-out", "test.cms" ],
288 [ "-verify", "-in", "test.cms", "-inform", "PEM",
289 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
290 ],
291
292 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
293 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
294 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
295 "-out", "test.cms" ],
296 [ "-verify", "-in", "test.cms", "-inform", "PEM",
297 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
298 ],
299
300 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
301 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
302 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
303 "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
304 [ "-verify", "-in", "test.cms", "-inform", "PEM",
305 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
306 ],
307
308 [ "enveloped content test streaming S/MIME format, OAEP default parameters",
309 [ "-encrypt", "-in", $smcont,
310 "-stream", "-out", "test.cms",
311 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
312 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
313 "-in", "test.cms", "-out", "smtst.txt" ]
314 ],
315
316 [ "enveloped content test streaming S/MIME format, OAEP SHA256",
317 [ "-encrypt", "-in", $smcont,
318 "-stream", "-out", "test.cms",
319 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
320 "-keyopt", "rsa_oaep_md:sha256" ],
321 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
322 "-in", "test.cms", "-out", "smtst.txt" ]
323 ],
324
325 [ "enveloped content test streaming S/MIME format, ECDH",
326 [ "-encrypt", "-in", $smcont,
327 "-stream", "-out", "test.cms",
328 "-recip", catfile($smdir, "smec1.pem") ],
329 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
330 "-in", "test.cms", "-out", "smtst.txt" ]
331 ],
332
333 [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
334 [ "-encrypt", "-keyid", "-in", $smcont,
335 "-stream", "-out", "test.cms",
336 "-recip", catfile($smdir, "smec1.pem") ],
337 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
338 "-in", "test.cms", "-out", "smtst.txt" ]
339 ],
340
341 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
342 [ "-encrypt", "-in", $smcont,
343 "-stream", "-out", "test.cms",
344 "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
345 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
346 "-in", "test.cms", "-out", "smtst.txt" ]
347 ],
348
349 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
350 [ "-encrypt", "-in", $smcont,
351 "-stream", "-out", "test.cms",
352 "-recip", catfile($smdir, "smec2.pem"), "-aes128",
353 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
354 [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
355 "-in", "test.cms", "-out", "smtst.txt" ]
356 ],
357
358 [ "enveloped content test streaming S/MIME format, X9.42 DH",
359 [ "-encrypt", "-in", $smcont,
360 "-stream", "-out", "test.cms",
361 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
362 [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
363 "-in", "test.cms", "-out", "smtst.txt" ]
364 ]
365 );
366
367 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
368 plan tests => scalar @smime_pkcs7_tests;
369
370 foreach (@smime_pkcs7_tests) {
371 SKIP: {
372 my $skip_reason = check_availability($$_[0]);
373 skip $skip_reason, 1 if $skip_reason;
374
375 ok(run(app(["openssl", "cms", @{$$_[1]}]))
376 && run(app(["openssl", "smime", @{$$_[2]}]))
377 && compare_text($smcont, "smtst.txt") == 0,
378 $$_[0]);
379 }
380 }
381 };
382 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
383 plan tests => scalar @smime_pkcs7_tests;
384
385 foreach (@smime_pkcs7_tests) {
386 SKIP: {
387 my $skip_reason = check_availability($$_[0]);
388 skip $skip_reason, 1 if $skip_reason;
389
390 ok(run(app(["openssl", "smime", @{$$_[1]}]))
391 && run(app(["openssl", "cms", @{$$_[2]}]))
392 && compare_text($smcont, "smtst.txt") == 0,
393 $$_[0]);
394 }
395 }
396 };
397
398 subtest "CMS <=> CMS consistency tests\n" => sub {
399 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
400
401 foreach (@smime_pkcs7_tests) {
402 SKIP: {
403 my $skip_reason = check_availability($$_[0]);
404 skip $skip_reason, 1 if $skip_reason;
405
406 ok(run(app(["openssl", "cms", @{$$_[1]}]))
407 && run(app(["openssl", "cms", @{$$_[2]}]))
408 && compare_text($smcont, "smtst.txt") == 0,
409 $$_[0]);
410 }
411 }
412 foreach (@smime_cms_tests) {
413 SKIP: {
414 my $skip_reason = check_availability($$_[0]);
415 skip $skip_reason, 1 if $skip_reason;
416
417 ok(run(app(["openssl", "cms", @{$$_[1]}]))
418 && run(app(["openssl", "cms", @{$$_[2]}]))
419 && compare_text($smcont, "smtst.txt") == 0,
420 $$_[0]);
421 }
422 }
423 };
424
425 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
426 plan tests =>
427 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
428
429 foreach (@smime_cms_param_tests) {
430 SKIP: {
431 my $skip_reason = check_availability($$_[0]);
432 skip $skip_reason, 1 if $skip_reason;
433
434 ok(run(app(["openssl", "cms", @{$$_[1]}]))
435 && run(app(["openssl", "cms", @{$$_[2]}]))
436 && compare_text($smcont, "smtst.txt") == 0,
437 $$_[0]);
438 }
439 }
440
441 SKIP: {
442 skip("Zlib not supported: compression tests skipped",
443 scalar @smime_cms_comp_tests)
444 if $no_zlib;
445
446 foreach (@smime_cms_comp_tests) {
447 SKIP: {
448 my $skip_reason = check_availability($$_[0]);
449 skip $skip_reason, 1 if $skip_reason;
450
451 ok(run(app(["openssl", "cms", @{$$_[1]}]))
452 && run(app(["openssl", "cms", @{$$_[2]}]))
453 && compare_text($smcont, "smtst.txt") == 0,
454 $$_[0]);
455 }
456 }
457 }
458 };
459
460 unlink "test.cms";
461 unlink "test2.cms";
462 unlink "smtst.txt";
463
464 sub check_availability {
465 my $tnam = shift;
466
467 return "$tnam: skipped, EC disabled\n"
468 if ($no_ec && $tnam =~ /ECDH/);
469 return "$tnam: skipped, ECDH disabled\n"
470 if ($no_ec && $tnam =~ /ECDH/);
471 return "$tnam: skipped, EC2M disabled\n"
472 if ($no_ec2m && $tnam =~ /K-283/);
473 return "$tnam: skipped, DH disabled\n"
474 if ($no_dh && $tnam =~ /X9\.42/);
475 return "";
476 }
A mirror of the official openssl repository