summaryrefslogtreecommitdiff
path: root/src/lib/libssl/test/cms-test.pl
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/test/cms-test.pl')
-rw-r--r--src/lib/libssl/test/cms-test.pl453
1 files changed, 453 insertions, 0 deletions
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
new file mode 100644
index 0000000000..a84e089ddc
--- /dev/null
+++ b/src/lib/libssl/test/cms-test.pl
@@ -0,0 +1,453 @@
1# test/cms-test.pl
2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3# project.
4#
5# ====================================================================
6# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7#
8# Redistribution and use in source and binary forms, with or without
9# modification, are permitted provided that the following conditions
10# are met:
11#
12# 1. Redistributions of source code must retain the above copyright
13# notice, this list of conditions and the following disclaimer.
14#
15# 2. Redistributions in binary form must reproduce the above copyright
16# notice, this list of conditions and the following disclaimer in
17# the documentation and/or other materials provided with the
18# distribution.
19#
20# 3. All advertising materials mentioning features or use of this
21# software must display the following acknowledgment:
22# "This product includes software developed by the OpenSSL Project
23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24#
25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26# endorse or promote products derived from this software without
27# prior written permission. For written permission, please contact
28# licensing@OpenSSL.org.
29#
30# 5. Products derived from this software may not be called "OpenSSL"
31# nor may "OpenSSL" appear in their names without prior written
32# permission of the OpenSSL Project.
33#
34# 6. Redistributions of any form whatsoever must retain the following
35# acknowledgment:
36# "This product includes software developed by the OpenSSL Project
37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38#
39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50# OF THE POSSIBILITY OF SUCH DAMAGE.
51# ====================================================================
52
53# CMS, PKCS7 consistency test script. Run extensive tests on
54# OpenSSL PKCS#7 and CMS implementations.
55
56my $ossl_path;
57
58if ( -f "../apps/openssl" ) {
59 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
60}
61elsif ( -f "..\\out32dll\\openssl.exe" ) {
62 $ossl_path = "..\\out32dll\\openssl.exe";
63}
64elsif ( -f "..\\out32\\openssl.exe" ) {
65 $ossl_path = "..\\out32\\openssl.exe";
66}
67else {
68 die "Can't find OpenSSL executable";
69}
70
71my $pk7cmd = "$ossl_path smime ";
72my $cmscmd = "$ossl_path cms ";
73my $smdir = "smime-certs";
74my $halt_err = 1;
75
76my $badcmd = 0;
77my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
78
79my @smime_pkcs7_tests = (
80
81 [
82 "signed content DER format, RSA key",
83 "-sign -in smcont.txt -outform DER -nodetach"
84 . " -certfile $smdir/smroot.pem"
85 . " -signer $smdir/smrsa1.pem -out test.cms",
86 "-verify -in test.cms -inform DER "
87 . " -CAfile $smdir/smroot.pem -out smtst.txt"
88 ],
89
90 [
91 "signed detached content DER format, RSA key",
92 "-sign -in smcont.txt -outform DER"
93 . " -signer $smdir/smrsa1.pem -out test.cms",
94 "-verify -in test.cms -inform DER "
95 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
96 ],
97
98 [
99 "signed content test streaming BER format, RSA",
100 "-sign -in smcont.txt -outform DER -nodetach"
101 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
102 "-verify -in test.cms -inform DER "
103 . " -CAfile $smdir/smroot.pem -out smtst.txt"
104 ],
105
106 [
107 "signed content DER format, DSA key",
108 "-sign -in smcont.txt -outform DER -nodetach"
109 . " -signer $smdir/smdsa1.pem -out test.cms",
110 "-verify -in test.cms -inform DER "
111 . " -CAfile $smdir/smroot.pem -out smtst.txt"
112 ],
113
114 [
115 "signed detached content DER format, DSA key",
116 "-sign -in smcont.txt -outform DER"
117 . " -signer $smdir/smdsa1.pem -out test.cms",
118 "-verify -in test.cms -inform DER "
119 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
120 ],
121
122 [
123 "signed detached content DER format, add RSA signer",
124 "-resign -inform DER -in test.cms -outform DER"
125 . " -signer $smdir/smrsa1.pem -out test2.cms",
126 "-verify -in test2.cms -inform DER "
127 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
128 ],
129
130 [
131 "signed content test streaming BER format, DSA key",
132 "-sign -in smcont.txt -outform DER -nodetach"
133 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
134 "-verify -in test.cms -inform DER "
135 . " -CAfile $smdir/smroot.pem -out smtst.txt"
136 ],
137
138 [
139 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
140 "-sign -in smcont.txt -outform DER -nodetach"
141 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
142 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
143 . " -stream -out test.cms",
144 "-verify -in test.cms -inform DER "
145 . " -CAfile $smdir/smroot.pem -out smtst.txt"
146 ],
147
148 [
149"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
150 "-sign -in smcont.txt -outform DER -noattr -nodetach"
151 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
152 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
153 . " -stream -out test.cms",
154 "-verify -in test.cms -inform DER "
155 . " -CAfile $smdir/smroot.pem -out smtst.txt"
156 ],
157
158 [
159 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
160 "-sign -in smcont.txt -nodetach"
161 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
162 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
163 . " -stream -out test.cms",
164 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
165 ],
166
167 [
168"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
169 "-sign -in smcont.txt"
170 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
171 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
172 . " -stream -out test.cms",
173 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
174 ],
175
176 [
177 "enveloped content test streaming S/MIME format, 3 recipients",
178 "-encrypt -in smcont.txt"
179 . " -stream -out test.cms"
180 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
181 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
182 ],
183
184 [
185"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
186 "-encrypt -in smcont.txt"
187 . " -stream -out test.cms"
188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
190 ],
191
192 [
193"enveloped content test streaming S/MIME format, 3 recipients, key only used",
194 "-encrypt -in smcont.txt"
195 . " -stream -out test.cms"
196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
198 ],
199
200 [
201"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
202 "-encrypt -in smcont.txt"
203 . " -aes256 -stream -out test.cms"
204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
206 ],
207
208);
209
210my @smime_cms_tests = (
211
212 [
213 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
214 "-sign -in smcont.txt -outform DER -nodetach -keyid"
215 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
216 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
217 . " -stream -out test.cms",
218 "-verify -in test.cms -inform DER "
219 . " -CAfile $smdir/smroot.pem -out smtst.txt"
220 ],
221
222 [
223 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
224 "-sign -in smcont.txt -outform PEM -nodetach"
225 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
226 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
227 . " -stream -out test.cms",
228 "-verify -in test.cms -inform PEM "
229 . " -CAfile $smdir/smroot.pem -out smtst.txt"
230 ],
231
232 [
233 "signed content MIME format, RSA key, signed receipt request",
234 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
235 . " -receipt_request_to test@openssl.org -receipt_request_all"
236 . " -out test.cms",
237 "-verify -in test.cms "
238 . " -CAfile $smdir/smroot.pem -out smtst.txt"
239 ],
240
241 [
242 "signed receipt MIME format, RSA key",
243 "-sign_receipt -in test.cms"
244 . " -signer $smdir/smrsa2.pem"
245 . " -out test2.cms",
246 "-verify_receipt test2.cms -in test.cms"
247 . " -CAfile $smdir/smroot.pem"
248 ],
249
250 [
251 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
252 "-encrypt -in smcont.txt"
253 . " -stream -out test.cms -keyid"
254 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
255 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
256 ],
257
258 [
259 "enveloped content test streaming PEM format, KEK",
260 "-encrypt -in smcont.txt -outform PEM -aes128"
261 . " -stream -out test.cms "
262 . " -secretkey 000102030405060708090A0B0C0D0E0F "
263 . " -secretkeyid C0FEE0",
264 "-decrypt -in test.cms -out smtst.txt -inform PEM"
265 . " -secretkey 000102030405060708090A0B0C0D0E0F "
266 . " -secretkeyid C0FEE0"
267 ],
268
269 [
270 "enveloped content test streaming PEM format, KEK, key only",
271 "-encrypt -in smcont.txt -outform PEM -aes128"
272 . " -stream -out test.cms "
273 . " -secretkey 000102030405060708090A0B0C0D0E0F "
274 . " -secretkeyid C0FEE0",
275 "-decrypt -in test.cms -out smtst.txt -inform PEM"
276 . " -secretkey 000102030405060708090A0B0C0D0E0F "
277 ],
278
279 [
280 "data content test streaming PEM format",
281 "-data_create -in smcont.txt -outform PEM -nodetach"
282 . " -stream -out test.cms",
283 "-data_out -in test.cms -inform PEM -out smtst.txt"
284 ],
285
286 [
287 "encrypted content test streaming PEM format, 128 bit RC2 key",
288 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
289 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
290 . " -stream -out test.cms",
291 "-EncryptedData_decrypt -in test.cms -inform PEM "
292 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
293 ],
294
295 [
296 "encrypted content test streaming PEM format, 40 bit RC2 key",
297 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
298 . " -rc2 -secretkey 0001020304"
299 . " -stream -out test.cms",
300 "-EncryptedData_decrypt -in test.cms -inform PEM "
301 . " -secretkey 0001020304 -out smtst.txt"
302 ],
303
304 [
305 "encrypted content test streaming PEM format, triple DES key",
306 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
307 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
308 . " -stream -out test.cms",
309 "-EncryptedData_decrypt -in test.cms -inform PEM "
310 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
311 . " -out smtst.txt"
312 ],
313
314 [
315 "encrypted content test streaming PEM format, 128 bit AES key",
316 "-EncryptedData_encrypt -in smcont.txt -outform PEM"
317 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
318 . " -stream -out test.cms",
319 "-EncryptedData_decrypt -in test.cms -inform PEM "
320 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
321 ],
322
323);
324
325my @smime_cms_comp_tests = (
326
327 [
328 "compressed content test streaming PEM format",
329 "-compress -in smcont.txt -outform PEM -nodetach"
330 . " -stream -out test.cms",
331 "-uncompress -in test.cms -inform PEM -out smtst.txt"
332 ]
333
334);
335
336print "PKCS#7 <=> PKCS#7 consistency tests\n";
337
338run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
339
340print "CMS => PKCS#7 compatibility tests\n";
341
342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
343
344print "CMS <= PKCS#7 compatibility tests\n";
345
346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
347
348print "CMS <=> CMS consistency tests\n";
349
350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
351run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
352
353if ( `$ossl_path version -f` =~ /ZLIB/ ) {
354 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
355}
356else {
357 print "Zlib not supported: compression tests skipped\n";
358}
359
360print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
361
362if ($badcmd) {
363 print "$badcmd TESTS FAILED!!\n";
364}
365else {
366 print "ALL TESTS SUCCESSFUL.\n";
367}
368
369unlink "test.cms";
370unlink "test2.cms";
371unlink "smtst.txt";
372unlink "cms.out";
373unlink "cms.err";
374
375sub run_smime_tests {
376 my ( $rv, $aref, $scmd, $vcmd ) = @_;
377
378 foreach $smtst (@$aref) {
379 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
380 if ($ossl8)
381 {
382 # Skip smime resign: 0.9.8 smime doesn't support -resign
383 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
384 # Disable streaming: option not supported in 0.9.8
385 $tnam =~ s/streaming//;
386 $rscmd =~ s/-stream//;
387 $rvcmd =~ s/-stream//;
388 }
389 system("$scmd$rscmd 2>cms.err 1>cms.out");
390 if ($?) {
391 print "$tnam: generation error\n";
392 $$rv++;
393 exit 1 if $halt_err;
394 next;
395 }
396 system("$vcmd$rvcmd 2>cms.err 1>cms.out");
397 if ($?) {
398 print "$tnam: verify error\n";
399 $$rv++;
400 exit 1 if $halt_err;
401 next;
402 }
403 if (!cmp_files("smtst.txt", "smcont.txt")) {
404 print "$tnam: content verify error\n";
405 $$rv++;
406 exit 1 if $halt_err;
407 next;
408 }
409 print "$tnam: OK\n";
410 }
411}
412
413sub cmp_files {
414 my ( $f1, $f2 ) = @_;
415 my ( $fp1, $fp2 );
416
417 my ( $rd1, $rd2 );
418
419 if ( !open( $fp1, "<$f1" ) ) {
420 print STDERR "Can't Open file $f1\n";
421 return 0;
422 }
423
424 if ( !open( $fp2, "<$f2" ) ) {
425 print STDERR "Can't Open file $f2\n";
426 return 0;
427 }
428
429 binmode $fp1;
430 binmode $fp2;
431
432 my $ret = 0;
433
434 for ( ; ; ) {
435 $n1 = sysread $fp1, $rd1, 4096;
436 $n2 = sysread $fp2, $rd2, 4096;
437 last if ( $n1 != $n2 );
438 last if ( $rd1 ne $rd2 );
439
440 if ( $n1 == 0 ) {
441 $ret = 1;
442 last;
443 }
444
445 }
446
447 close $fp1;
448 close $fp2;
449
450 return $ret;
451
452}
453