diff options
Diffstat (limited to 'src/lib/libssl/test/cms-test.pl')
-rw-r--r-- | src/lib/libssl/test/cms-test.pl | 453 |
1 files changed, 453 insertions, 0 deletions
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl new file mode 100644 index 0000000000..a84e089ddc --- /dev/null +++ b/src/lib/libssl/test/cms-test.pl | |||
@@ -0,0 +1,453 @@ | |||
1 | # test/cms-test.pl | ||
2 | # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
3 | # project. | ||
4 | # | ||
5 | # ==================================================================== | ||
6 | # Copyright (c) 2008 The OpenSSL Project. All rights reserved. | ||
7 | # | ||
8 | # Redistribution and use in source and binary forms, with or without | ||
9 | # modification, are permitted provided that the following conditions | ||
10 | # are met: | ||
11 | # | ||
12 | # 1. Redistributions of source code must retain the above copyright | ||
13 | # notice, this list of conditions and the following disclaimer. | ||
14 | # | ||
15 | # 2. Redistributions in binary form must reproduce the above copyright | ||
16 | # notice, this list of conditions and the following disclaimer in | ||
17 | # the documentation and/or other materials provided with the | ||
18 | # distribution. | ||
19 | # | ||
20 | # 3. All advertising materials mentioning features or use of this | ||
21 | # software must display the following acknowledgment: | ||
22 | # "This product includes software developed by the OpenSSL Project | ||
23 | # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
24 | # | ||
25 | # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
26 | # endorse or promote products derived from this software without | ||
27 | # prior written permission. For written permission, please contact | ||
28 | # licensing@OpenSSL.org. | ||
29 | # | ||
30 | # 5. Products derived from this software may not be called "OpenSSL" | ||
31 | # nor may "OpenSSL" appear in their names without prior written | ||
32 | # permission of the OpenSSL Project. | ||
33 | # | ||
34 | # 6. Redistributions of any form whatsoever must retain the following | ||
35 | # acknowledgment: | ||
36 | # "This product includes software developed by the OpenSSL Project | ||
37 | # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
38 | # | ||
39 | # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
40 | # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
41 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
42 | # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
43 | # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
44 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
45 | # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
46 | # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
47 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
48 | # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
49 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
50 | # OF THE POSSIBILITY OF SUCH DAMAGE. | ||
51 | # ==================================================================== | ||
52 | |||
53 | # CMS, PKCS7 consistency test script. Run extensive tests on | ||
54 | # OpenSSL PKCS#7 and CMS implementations. | ||
55 | |||
56 | my $ossl_path; | ||
57 | |||
58 | if ( -f "../apps/openssl" ) { | ||
59 | $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; | ||
60 | } | ||
61 | elsif ( -f "..\\out32dll\\openssl.exe" ) { | ||
62 | $ossl_path = "..\\out32dll\\openssl.exe"; | ||
63 | } | ||
64 | elsif ( -f "..\\out32\\openssl.exe" ) { | ||
65 | $ossl_path = "..\\out32\\openssl.exe"; | ||
66 | } | ||
67 | else { | ||
68 | die "Can't find OpenSSL executable"; | ||
69 | } | ||
70 | |||
71 | my $pk7cmd = "$ossl_path smime "; | ||
72 | my $cmscmd = "$ossl_path cms "; | ||
73 | my $smdir = "smime-certs"; | ||
74 | my $halt_err = 1; | ||
75 | |||
76 | my $badcmd = 0; | ||
77 | my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; | ||
78 | |||
79 | my @smime_pkcs7_tests = ( | ||
80 | |||
81 | [ | ||
82 | "signed content DER format, RSA key", | ||
83 | "-sign -in smcont.txt -outform DER -nodetach" | ||
84 | . " -certfile $smdir/smroot.pem" | ||
85 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
86 | "-verify -in test.cms -inform DER " | ||
87 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
88 | ], | ||
89 | |||
90 | [ | ||
91 | "signed detached content DER format, RSA key", | ||
92 | "-sign -in smcont.txt -outform DER" | ||
93 | . " -signer $smdir/smrsa1.pem -out test.cms", | ||
94 | "-verify -in test.cms -inform DER " | ||
95 | . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
96 | ], | ||
97 | |||
98 | [ | ||
99 | "signed content test streaming BER format, RSA", | ||
100 | "-sign -in smcont.txt -outform DER -nodetach" | ||
101 | . " -stream -signer $smdir/smrsa1.pem -out test.cms", | ||
102 | "-verify -in test.cms -inform DER " | ||
103 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
104 | ], | ||
105 | |||
106 | [ | ||
107 | "signed content DER format, DSA key", | ||
108 | "-sign -in smcont.txt -outform DER -nodetach" | ||
109 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
110 | "-verify -in test.cms -inform DER " | ||
111 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
112 | ], | ||
113 | |||
114 | [ | ||
115 | "signed detached content DER format, DSA key", | ||
116 | "-sign -in smcont.txt -outform DER" | ||
117 | . " -signer $smdir/smdsa1.pem -out test.cms", | ||
118 | "-verify -in test.cms -inform DER " | ||
119 | . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
120 | ], | ||
121 | |||
122 | [ | ||
123 | "signed detached content DER format, add RSA signer", | ||
124 | "-resign -inform DER -in test.cms -outform DER" | ||
125 | . " -signer $smdir/smrsa1.pem -out test2.cms", | ||
126 | "-verify -in test2.cms -inform DER " | ||
127 | . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" | ||
128 | ], | ||
129 | |||
130 | [ | ||
131 | "signed content test streaming BER format, DSA key", | ||
132 | "-sign -in smcont.txt -outform DER -nodetach" | ||
133 | . " -stream -signer $smdir/smdsa1.pem -out test.cms", | ||
134 | "-verify -in test.cms -inform DER " | ||
135 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
136 | ], | ||
137 | |||
138 | [ | ||
139 | "signed content test streaming BER format, 2 DSA and 2 RSA keys", | ||
140 | "-sign -in smcont.txt -outform DER -nodetach" | ||
141 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
142 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
143 | . " -stream -out test.cms", | ||
144 | "-verify -in test.cms -inform DER " | ||
145 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
146 | ], | ||
147 | |||
148 | [ | ||
149 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", | ||
150 | "-sign -in smcont.txt -outform DER -noattr -nodetach" | ||
151 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
152 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
153 | . " -stream -out test.cms", | ||
154 | "-verify -in test.cms -inform DER " | ||
155 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
156 | ], | ||
157 | |||
158 | [ | ||
159 | "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", | ||
160 | "-sign -in smcont.txt -nodetach" | ||
161 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
162 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
163 | . " -stream -out test.cms", | ||
164 | "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
165 | ], | ||
166 | |||
167 | [ | ||
168 | "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", | ||
169 | "-sign -in smcont.txt" | ||
170 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
171 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
172 | . " -stream -out test.cms", | ||
173 | "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
174 | ], | ||
175 | |||
176 | [ | ||
177 | "enveloped content test streaming S/MIME format, 3 recipients", | ||
178 | "-encrypt -in smcont.txt" | ||
179 | . " -stream -out test.cms" | ||
180 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
181 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
182 | ], | ||
183 | |||
184 | [ | ||
185 | "enveloped content test streaming S/MIME format, 3 recipients, 3rd used", | ||
186 | "-encrypt -in smcont.txt" | ||
187 | . " -stream -out test.cms" | ||
188 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
189 | "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
190 | ], | ||
191 | |||
192 | [ | ||
193 | "enveloped content test streaming S/MIME format, 3 recipients, key only used", | ||
194 | "-encrypt -in smcont.txt" | ||
195 | . " -stream -out test.cms" | ||
196 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
197 | "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" | ||
198 | ], | ||
199 | |||
200 | [ | ||
201 | "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", | ||
202 | "-encrypt -in smcont.txt" | ||
203 | . " -aes256 -stream -out test.cms" | ||
204 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
205 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
206 | ], | ||
207 | |||
208 | ); | ||
209 | |||
210 | my @smime_cms_tests = ( | ||
211 | |||
212 | [ | ||
213 | "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", | ||
214 | "-sign -in smcont.txt -outform DER -nodetach -keyid" | ||
215 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
216 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
217 | . " -stream -out test.cms", | ||
218 | "-verify -in test.cms -inform DER " | ||
219 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
220 | ], | ||
221 | |||
222 | [ | ||
223 | "signed content test streaming PEM format, 2 DSA and 2 RSA keys", | ||
224 | "-sign -in smcont.txt -outform PEM -nodetach" | ||
225 | . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" | ||
226 | . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" | ||
227 | . " -stream -out test.cms", | ||
228 | "-verify -in test.cms -inform PEM " | ||
229 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
230 | ], | ||
231 | |||
232 | [ | ||
233 | "signed content MIME format, RSA key, signed receipt request", | ||
234 | "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" | ||
235 | . " -receipt_request_to test@openssl.org -receipt_request_all" | ||
236 | . " -out test.cms", | ||
237 | "-verify -in test.cms " | ||
238 | . " -CAfile $smdir/smroot.pem -out smtst.txt" | ||
239 | ], | ||
240 | |||
241 | [ | ||
242 | "signed receipt MIME format, RSA key", | ||
243 | "-sign_receipt -in test.cms" | ||
244 | . " -signer $smdir/smrsa2.pem" | ||
245 | . " -out test2.cms", | ||
246 | "-verify_receipt test2.cms -in test.cms" | ||
247 | . " -CAfile $smdir/smroot.pem" | ||
248 | ], | ||
249 | |||
250 | [ | ||
251 | "enveloped content test streaming S/MIME format, 3 recipients, keyid", | ||
252 | "-encrypt -in smcont.txt" | ||
253 | . " -stream -out test.cms -keyid" | ||
254 | . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", | ||
255 | "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" | ||
256 | ], | ||
257 | |||
258 | [ | ||
259 | "enveloped content test streaming PEM format, KEK", | ||
260 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
261 | . " -stream -out test.cms " | ||
262 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
263 | . " -secretkeyid C0FEE0", | ||
264 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
265 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
266 | . " -secretkeyid C0FEE0" | ||
267 | ], | ||
268 | |||
269 | [ | ||
270 | "enveloped content test streaming PEM format, KEK, key only", | ||
271 | "-encrypt -in smcont.txt -outform PEM -aes128" | ||
272 | . " -stream -out test.cms " | ||
273 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
274 | . " -secretkeyid C0FEE0", | ||
275 | "-decrypt -in test.cms -out smtst.txt -inform PEM" | ||
276 | . " -secretkey 000102030405060708090A0B0C0D0E0F " | ||
277 | ], | ||
278 | |||
279 | [ | ||
280 | "data content test streaming PEM format", | ||
281 | "-data_create -in smcont.txt -outform PEM -nodetach" | ||
282 | . " -stream -out test.cms", | ||
283 | "-data_out -in test.cms -inform PEM -out smtst.txt" | ||
284 | ], | ||
285 | |||
286 | [ | ||
287 | "encrypted content test streaming PEM format, 128 bit RC2 key", | ||
288 | "-EncryptedData_encrypt -in smcont.txt -outform PEM" | ||
289 | . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
290 | . " -stream -out test.cms", | ||
291 | "-EncryptedData_decrypt -in test.cms -inform PEM " | ||
292 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
293 | ], | ||
294 | |||
295 | [ | ||
296 | "encrypted content test streaming PEM format, 40 bit RC2 key", | ||
297 | "-EncryptedData_encrypt -in smcont.txt -outform PEM" | ||
298 | . " -rc2 -secretkey 0001020304" | ||
299 | . " -stream -out test.cms", | ||
300 | "-EncryptedData_decrypt -in test.cms -inform PEM " | ||
301 | . " -secretkey 0001020304 -out smtst.txt" | ||
302 | ], | ||
303 | |||
304 | [ | ||
305 | "encrypted content test streaming PEM format, triple DES key", | ||
306 | "-EncryptedData_encrypt -in smcont.txt -outform PEM" | ||
307 | . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
308 | . " -stream -out test.cms", | ||
309 | "-EncryptedData_decrypt -in test.cms -inform PEM " | ||
310 | . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" | ||
311 | . " -out smtst.txt" | ||
312 | ], | ||
313 | |||
314 | [ | ||
315 | "encrypted content test streaming PEM format, 128 bit AES key", | ||
316 | "-EncryptedData_encrypt -in smcont.txt -outform PEM" | ||
317 | . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" | ||
318 | . " -stream -out test.cms", | ||
319 | "-EncryptedData_decrypt -in test.cms -inform PEM " | ||
320 | . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" | ||
321 | ], | ||
322 | |||
323 | ); | ||
324 | |||
325 | my @smime_cms_comp_tests = ( | ||
326 | |||
327 | [ | ||
328 | "compressed content test streaming PEM format", | ||
329 | "-compress -in smcont.txt -outform PEM -nodetach" | ||
330 | . " -stream -out test.cms", | ||
331 | "-uncompress -in test.cms -inform PEM -out smtst.txt" | ||
332 | ] | ||
333 | |||
334 | ); | ||
335 | |||
336 | print "PKCS#7 <=> PKCS#7 consistency tests\n"; | ||
337 | |||
338 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd ); | ||
339 | |||
340 | print "CMS => PKCS#7 compatibility tests\n"; | ||
341 | |||
342 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); | ||
343 | |||
344 | print "CMS <= PKCS#7 compatibility tests\n"; | ||
345 | |||
346 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); | ||
347 | |||
348 | print "CMS <=> CMS consistency tests\n"; | ||
349 | |||
350 | run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); | ||
351 | run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); | ||
352 | |||
353 | if ( `$ossl_path version -f` =~ /ZLIB/ ) { | ||
354 | run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); | ||
355 | } | ||
356 | else { | ||
357 | print "Zlib not supported: compression tests skipped\n"; | ||
358 | } | ||
359 | |||
360 | print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); | ||
361 | |||
362 | if ($badcmd) { | ||
363 | print "$badcmd TESTS FAILED!!\n"; | ||
364 | } | ||
365 | else { | ||
366 | print "ALL TESTS SUCCESSFUL.\n"; | ||
367 | } | ||
368 | |||
369 | unlink "test.cms"; | ||
370 | unlink "test2.cms"; | ||
371 | unlink "smtst.txt"; | ||
372 | unlink "cms.out"; | ||
373 | unlink "cms.err"; | ||
374 | |||
375 | sub run_smime_tests { | ||
376 | my ( $rv, $aref, $scmd, $vcmd ) = @_; | ||
377 | |||
378 | foreach $smtst (@$aref) { | ||
379 | my ( $tnam, $rscmd, $rvcmd ) = @$smtst; | ||
380 | if ($ossl8) | ||
381 | { | ||
382 | # Skip smime resign: 0.9.8 smime doesn't support -resign | ||
383 | next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); | ||
384 | # Disable streaming: option not supported in 0.9.8 | ||
385 | $tnam =~ s/streaming//; | ||
386 | $rscmd =~ s/-stream//; | ||
387 | $rvcmd =~ s/-stream//; | ||
388 | } | ||
389 | system("$scmd$rscmd 2>cms.err 1>cms.out"); | ||
390 | if ($?) { | ||
391 | print "$tnam: generation error\n"; | ||
392 | $$rv++; | ||
393 | exit 1 if $halt_err; | ||
394 | next; | ||
395 | } | ||
396 | system("$vcmd$rvcmd 2>cms.err 1>cms.out"); | ||
397 | if ($?) { | ||
398 | print "$tnam: verify error\n"; | ||
399 | $$rv++; | ||
400 | exit 1 if $halt_err; | ||
401 | next; | ||
402 | } | ||
403 | if (!cmp_files("smtst.txt", "smcont.txt")) { | ||
404 | print "$tnam: content verify error\n"; | ||
405 | $$rv++; | ||
406 | exit 1 if $halt_err; | ||
407 | next; | ||
408 | } | ||
409 | print "$tnam: OK\n"; | ||
410 | } | ||
411 | } | ||
412 | |||
413 | sub cmp_files { | ||
414 | my ( $f1, $f2 ) = @_; | ||
415 | my ( $fp1, $fp2 ); | ||
416 | |||
417 | my ( $rd1, $rd2 ); | ||
418 | |||
419 | if ( !open( $fp1, "<$f1" ) ) { | ||
420 | print STDERR "Can't Open file $f1\n"; | ||
421 | return 0; | ||
422 | } | ||
423 | |||
424 | if ( !open( $fp2, "<$f2" ) ) { | ||
425 | print STDERR "Can't Open file $f2\n"; | ||
426 | return 0; | ||
427 | } | ||
428 | |||
429 | binmode $fp1; | ||
430 | binmode $fp2; | ||
431 | |||
432 | my $ret = 0; | ||
433 | |||
434 | for ( ; ; ) { | ||
435 | $n1 = sysread $fp1, $rd1, 4096; | ||
436 | $n2 = sysread $fp2, $rd2, 4096; | ||
437 | last if ( $n1 != $n2 ); | ||
438 | last if ( $rd1 ne $rd2 ); | ||
439 | |||
440 | if ( $n1 == 0 ) { | ||
441 | $ret = 1; | ||
442 | last; | ||
443 | } | ||
444 | |||
445 | } | ||
446 | |||
447 | close $fp1; | ||
448 | close $fp2; | ||
449 | |||
450 | return $ret; | ||
451 | |||
452 | } | ||
453 | |||