diff options
Diffstat (limited to 'src')
| -rwxr-xr-x | src/regress/usr.bin/openssl/appstest.sh | 85 |
1 files changed, 53 insertions, 32 deletions
diff --git a/src/regress/usr.bin/openssl/appstest.sh b/src/regress/usr.bin/openssl/appstest.sh index db5cfe2bde..f7ad3686cb 100755 --- a/src/regress/usr.bin/openssl/appstest.sh +++ b/src/regress/usr.bin/openssl/appstest.sh | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | # | 2 | # |
| 3 | # $OpenBSD: appstest.sh,v 1.49 2021/04/27 10:13:04 inoguchi Exp $ | 3 | # $OpenBSD: appstest.sh,v 1.50 2021/05/12 10:39:13 inoguchi Exp $ |
| 4 | # | 4 | # |
| 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> | 5 | # Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org> |
| 6 | # | 6 | # |
| @@ -1099,22 +1099,42 @@ function test_cms { | |||
| 1099 | # --- CMS operations --- | 1099 | # --- CMS operations --- |
| 1100 | section_message "CMS operations" | 1100 | section_message "CMS operations" |
| 1101 | 1101 | ||
| 1102 | cms_txt=$user1_dir/cms.txt | 1102 | if [ $ecdsa_tests = 1 ] ; then |
| 1103 | cms_sig=$user1_dir/cms.sig | 1103 | echo "Using ECDSA certificate" |
| 1104 | cms_enc=$user1_dir/cms.enc | 1104 | type=ecdsa |
| 1105 | cms_dec=$user1_dir/cms.dec | 1105 | cl_cert=$cl_ecdsa_cert |
| 1106 | cms_sgr=$user1_dir/cms.sgr | 1106 | cl_key=$cl_ecdsa_key |
| 1107 | cms_ver=$user1_dir/cms.ver | 1107 | sv_cert=$sv_ecdsa_cert |
| 1108 | cms_out=$user1_dir/cms.out | 1108 | sv_key=$sv_ecdsa_key |
| 1109 | cms_dct=$user1_dir/cms.dct | 1109 | sign_keyopt= |
| 1110 | cms_dot=$user1_dir/cms.dot | 1110 | enc_keyopt= |
| 1111 | cms_dgc=$user1_dir/cms.dgc | 1111 | else |
| 1112 | cms_dgv=$user1_dir/cms.dgv | 1112 | echo "Using RSA certificate" |
| 1113 | cms_ede=$user1_dir/cms.ede | 1113 | type=rsa |
| 1114 | cms_edd=$user1_dir/cms.edd | 1114 | cl_cert=$cl_rsa_cert |
| 1115 | cms_srp=$user1_dir/cms.srp | 1115 | cl_key="$cl_rsa_key -passin pass:$cl_rsa_pass" |
| 1116 | cms_pwe=$user1_dir/cms.pwe | 1116 | sv_cert=$sv_rsa_cert |
| 1117 | cms_pwd=$user1_dir/cms.pwd | 1117 | sv_key="$sv_rsa_key -passin pass:$sv_rsa_pass" |
| 1118 | sign_keyopt="-keyopt rsa_padding_mode:pss" | ||
| 1119 | enc_keyopt="-keyopt rsa_padding_mode:oaep" | ||
| 1120 | fi | ||
| 1121 | |||
| 1122 | cms_txt=$user1_dir/cms_$type.txt | ||
| 1123 | cms_sig=$user1_dir/cms_$type.sig | ||
| 1124 | cms_enc=$user1_dir/cms_$type.enc | ||
| 1125 | cms_dec=$user1_dir/cms_$type.dec | ||
| 1126 | cms_sgr=$user1_dir/cms_$type.sgr | ||
| 1127 | cms_ver=$user1_dir/cms_$type.ver | ||
| 1128 | cms_out=$user1_dir/cms_$type.out | ||
| 1129 | cms_dct=$user1_dir/cms_$type.dct | ||
| 1130 | cms_dot=$user1_dir/cms_$type.dot | ||
| 1131 | cms_dgc=$user1_dir/cms_$type.dgc | ||
| 1132 | cms_dgv=$user1_dir/cms_$type.dgv | ||
| 1133 | cms_ede=$user1_dir/cms_$type.ede | ||
| 1134 | cms_edd=$user1_dir/cms_$type.edd | ||
| 1135 | cms_srp=$user1_dir/cms_$type.srp | ||
| 1136 | cms_pwe=$user1_dir/cms_$type.pwe | ||
| 1137 | cms_pwd=$user1_dir/cms_$type.pwd | ||
| 1118 | 1138 | ||
| 1119 | cat << __EOF__ > $cms_txt | 1139 | cat << __EOF__ > $cms_txt |
| 1120 | Hello Bob, | 1140 | Hello Bob, |
| @@ -1127,9 +1147,8 @@ __EOF__ | |||
| 1127 | 1147 | ||
| 1128 | $openssl_bin cms -sign -in $cms_txt -text \ | 1148 | $openssl_bin cms -sign -in $cms_txt -text \ |
| 1129 | -out $cms_sig -outform smime \ | 1149 | -out $cms_sig -outform smime \ |
| 1130 | -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \ | 1150 | -signer $cl_cert -inkey $cl_key $sign_keyopt \ |
| 1131 | -keyopt rsa_padding_mode:pss \ | 1151 | -keyform pem -md sha256 \ |
| 1132 | -passin pass:$cl_rsa_pass -md sha256 \ | ||
| 1133 | -from user1@test-dummy.com -to server@test-dummy.com \ | 1152 | -from user1@test-dummy.com -to server@test-dummy.com \ |
| 1134 | -subject "test openssl cms" \ | 1153 | -subject "test openssl cms" \ |
| 1135 | -receipt_request_from server@test-dummy.com \ | 1154 | -receipt_request_from server@test-dummy.com \ |
| @@ -1140,22 +1159,21 @@ __EOF__ | |||
| 1140 | start_message "cms ... encrypt message" | 1159 | start_message "cms ... encrypt message" |
| 1141 | 1160 | ||
| 1142 | $openssl_bin cms -encrypt -aes256 -binary -in $cms_sig -inform smime \ | 1161 | $openssl_bin cms -encrypt -aes256 -binary -in $cms_sig -inform smime \ |
| 1143 | -recip $sv_rsa_cert -keyopt rsa_padding_mode:oaep \ | 1162 | -recip $sv_cert $enc_keyopt -out $cms_enc |
| 1144 | -out $cms_enc | ||
| 1145 | check_exit_status $? | 1163 | check_exit_status $? |
| 1146 | 1164 | ||
| 1147 | # decrypt | 1165 | # decrypt |
| 1148 | start_message "cms ... decrypt message" | 1166 | start_message "cms ... decrypt message" |
| 1149 | 1167 | ||
| 1150 | $openssl_bin cms -decrypt -in $cms_enc -out $cms_dec \ | 1168 | $openssl_bin cms -decrypt -in $cms_enc -out $cms_dec \ |
| 1151 | -recip $sv_rsa_cert -inkey $sv_rsa_key -passin pass:$sv_rsa_pass | 1169 | -recip $sv_cert -inkey $sv_key |
| 1152 | check_exit_status $? | 1170 | check_exit_status $? |
| 1153 | 1171 | ||
| 1154 | # verify | 1172 | # verify |
| 1155 | start_message "cms ... verify message" | 1173 | start_message "cms ... verify message" |
| 1156 | 1174 | ||
| 1157 | $openssl_bin cms -verify -in $cms_dec \ | 1175 | $openssl_bin cms -verify -in $cms_dec \ |
| 1158 | -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \ | 1176 | -CAfile $ca_cert -certfile $cl_cert -nointern \ |
| 1159 | -check_ss_sig -issuer_checks -policy_check -x509_strict \ | 1177 | -check_ss_sig -issuer_checks -policy_check -x509_strict \ |
| 1160 | -signer $cms_sgr -text -out $cms_ver -receipt_request_print \ | 1178 | -signer $cms_sgr -text -out $cms_ver -receipt_request_print \ |
| 1161 | > $cms_ver.log 2>&1 | 1179 | > $cms_ver.log 2>&1 |
| @@ -1222,15 +1240,14 @@ __EOF__ | |||
| 1222 | start_message "cms ... sign to receipt" | 1240 | start_message "cms ... sign to receipt" |
| 1223 | 1241 | ||
| 1224 | $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \ | 1242 | $openssl_bin cms -sign_receipt -in $cms_sig -out $cms_srp \ |
| 1225 | -signer $sv_rsa_cert -inkey $sv_rsa_key \ | 1243 | -signer $sv_cert -inkey $sv_key -md sha256 |
| 1226 | -passin pass:$sv_rsa_pass -md sha256 | ||
| 1227 | check_exit_status $? | 1244 | check_exit_status $? |
| 1228 | 1245 | ||
| 1229 | # verify_receipt | 1246 | # verify_receipt |
| 1230 | start_message "cms ... verify receipt" | 1247 | start_message "cms ... verify receipt" |
| 1231 | 1248 | ||
| 1232 | $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \ | 1249 | $openssl_bin cms -verify_receipt $cms_srp -rctform smime -in $cms_sig \ |
| 1233 | -CAfile $ca_cert -certfile $sv_rsa_cert | 1250 | -CAfile $ca_cert -certfile $sv_cert |
| 1234 | check_exit_status $? | 1251 | check_exit_status $? |
| 1235 | 1252 | ||
| 1236 | # encrypt with pwri | 1253 | # encrypt with pwri |
| @@ -1255,6 +1272,11 @@ function test_smime { | |||
| 1255 | # --- S/MIME operations --- | 1272 | # --- S/MIME operations --- |
| 1256 | section_message "S/MIME operations" | 1273 | section_message "S/MIME operations" |
| 1257 | 1274 | ||
| 1275 | cl_cert=$cl_rsa_cert | ||
| 1276 | cl_key="$cl_rsa_key -passin pass:$cl_rsa_pass" | ||
| 1277 | sv_cert=$sv_rsa_cert | ||
| 1278 | sv_key="$sv_rsa_key -passin pass:$sv_rsa_pass" | ||
| 1279 | |||
| 1258 | smime_txt=$user1_dir/smime.txt | 1280 | smime_txt=$user1_dir/smime.txt |
| 1259 | smime_enc=$user1_dir/smime.enc | 1281 | smime_enc=$user1_dir/smime.enc |
| 1260 | smime_sig=$user1_dir/smime.sig | 1282 | smime_sig=$user1_dir/smime.sig |
| @@ -1273,7 +1295,7 @@ __EOF__ | |||
| 1273 | start_message "smime ... encrypt message" | 1295 | start_message "smime ... encrypt message" |
| 1274 | 1296 | ||
| 1275 | $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \ | 1297 | $openssl_bin smime -encrypt -aes256 -binary -in $smime_txt \ |
| 1276 | -out $smime_enc $sv_rsa_cert | 1298 | -out $smime_enc $sv_cert |
| 1277 | check_exit_status $? | 1299 | check_exit_status $? |
| 1278 | 1300 | ||
| 1279 | # sign | 1301 | # sign |
| @@ -1281,8 +1303,7 @@ __EOF__ | |||
| 1281 | 1303 | ||
| 1282 | $openssl_bin smime -sign -in $smime_enc -text -inform smime \ | 1304 | $openssl_bin smime -sign -in $smime_enc -text -inform smime \ |
| 1283 | -out $smime_sig -outform smime \ | 1305 | -out $smime_sig -outform smime \ |
| 1284 | -signer $cl_rsa_cert -inkey $cl_rsa_key -keyform pem \ | 1306 | -signer $cl_cert -inkey $cl_key -keyform pem -md sha256 \ |
| 1285 | -passin pass:$cl_rsa_pass -md sha256 \ | ||
| 1286 | -from user1@test-dummy.com -to server@test-dummy.com \ | 1307 | -from user1@test-dummy.com -to server@test-dummy.com \ |
| 1287 | -subject "test openssl smime" | 1308 | -subject "test openssl smime" |
| 1288 | check_exit_status $? | 1309 | check_exit_status $? |
| @@ -1297,7 +1318,7 @@ __EOF__ | |||
| 1297 | start_message "smime ... verify message" | 1318 | start_message "smime ... verify message" |
| 1298 | 1319 | ||
| 1299 | $openssl_bin smime -verify -in $smime_sig \ | 1320 | $openssl_bin smime -verify -in $smime_sig \ |
| 1300 | -CAfile $ca_cert -certfile $cl_rsa_cert -nointern \ | 1321 | -CAfile $ca_cert -certfile $cl_cert -nointern \ |
| 1301 | -check_ss_sig -issuer_checks -policy_check -x509_strict \ | 1322 | -check_ss_sig -issuer_checks -policy_check -x509_strict \ |
| 1302 | -signer $smime_sgr -text -out $smime_ver | 1323 | -signer $smime_sgr -text -out $smime_ver |
| 1303 | check_exit_status $? | 1324 | check_exit_status $? |
| @@ -1306,7 +1327,7 @@ __EOF__ | |||
| 1306 | start_message "smime ... decrypt message" | 1327 | start_message "smime ... decrypt message" |
| 1307 | 1328 | ||
| 1308 | $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \ | 1329 | $openssl_bin smime -decrypt -in $smime_ver -out $smime_dec \ |
| 1309 | -recip $sv_rsa_cert -inkey $sv_rsa_key -passin pass:$sv_rsa_pass | 1330 | -recip $sv_cert -inkey $sv_key |
| 1310 | check_exit_status $? | 1331 | check_exit_status $? |
| 1311 | 1332 | ||
| 1312 | diff $smime_dec $smime_txt | 1333 | diff $smime_dec $smime_txt |