diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2008-04-03 23:03:56 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2008-04-03 23:03:56 +0000 |
commit | 94b2c29f9d2a69320f1606a33794de4103b6decd (patch) | |
tree | 7e45ca7091a71f26b37d7563966a79c925a353b0 /test | |
parent | 090f931a350d662ea7e5ed2080ddfc7b1ae79462 (diff) |
Backport of CMS code to 0.9.8-stable branch. Disabled by default.
Diffstat (limited to 'test')
-rw-r--r-- | test/cms-examples.pl | 389 | ||||
-rw-r--r-- | test/cms-test.pl | 452 | ||||
-rw-r--r-- | test/smcont.txt | 1 |
3 files changed, 842 insertions, 0 deletions
diff --git a/test/cms-examples.pl b/test/cms-examples.pl new file mode 100644 index 0000000000..62290db275 --- /dev/null +++ b/test/cms-examples.pl @@ -0,0 +1,389 @@ +# test/cms-examples.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, content, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, content, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while (<IN>) { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^</) { + $filename = "$exdir/$filename"; + if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { + $data = decode_base64($data); + open OUT, ">$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/cms-test.pl b/test/cms-test.pl new file mode 100644 index 0000000000..7421f1c19d --- /dev/null +++ b/test/cms-test.pl @@ -0,0 +1,452 @@ +# test/cms-test.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# CMS, PKCS7 consistency test script. Run extensive tests on +# OpenSSL PKCS#7 and CMS implementations. + +my $ossl_path; + +if ( -f "../apps/openssl" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} + +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; + +my $badcmd = 0; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +my @smime_pkcs7_tests = ( + + [ + "signed content DER format, RSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, RSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, RSA", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smrsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content DER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed detached content DER format, DSA key", + "-sign -in smcont.txt -outform DER" + . " -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed detached content DER format, add RSA signer", + "-resign -inform DER -in test.cms -outform DER" + . " -signer $smdir/smrsa1.pem -out test2.cms", + "-verify -in test2.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + ], + + [ + "signed content test streaming BER format, DSA key", + "-sign -in smcont.txt -outform DER -nodetach" + . " -stream -signer $smdir/smdsa1.pem -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform DER -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", + "-sign -in smcont.txt -outform DER -noattr -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ +"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, 3 recipients, key only used", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", + "-encrypt -in smcont.txt" + . " -aes256 -stream -out test.cms" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + +); + +my @smime_cms_tests = ( + + [ + "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", + "-sign -in smcont.txt -outform DER -nodetach -keyid" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform DER " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, 2 DSA and 2 RSA keys", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" + . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" + . " -stream -out test.cms", + "-verify -in test.cms -inform PEM " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " -CAfile $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " -CAfile $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + ], + + [ + "data content test streaming PEM format", + "-data_create -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-data_out -in test.cms -inform PEM -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 40 bit RC2 key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -rc2 -secretkey 0001020304" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 0001020304 -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, triple DES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" + . " -out smtst.txt" + ], + + [ + "encrypted content test streaming PEM format, 128 bit AES key", + "-EncryptedData_encrypt -in smcont.txt -outform PEM" + . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" + . " -stream -out test.cms", + "-EncryptedData_decrypt -in test.cms -inform PEM " + . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" + ], + +); + +my @smime_cms_comp_tests = ( + + [ + "compressed content test streaming PEM format", + "-compress -in smcont.txt -outform PEM -nodetach" + . " -stream -out test.cms", + "-uncompress -in test.cms -inform PEM -out smtst.txt" + ] + +); + +print "PKCS#7 <=> PKCS#7 consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd ); + +print "CMS => PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); + +print "CMS <= PKCS#7 compatibility tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); + +print "CMS <=> CMS consistency tests\n"; + +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +if ( `$ossl_path version -f` =~ /ZLIB/ ) { + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); +} +else { + print "Zlib not supported: compression tests skipped\n"; +} + +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + +if ($badcmd) { + print "$badcmd TESTS FAILED!!\n"; +} +else { + print "ALL TESTS SUCCESSFUL.\n"; +} + +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + +sub run_smime_tests { + my ( $rv, $aref, $scmd, $vcmd ) = @_; + + foreach $smtst (@$aref) { + my ( $tnam, $rscmd, $rvcmd ) = @$smtst; + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + system("$scmd$rscmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: generation error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + system("$vcmd$rvcmd 2>cms.err 1>cms.out"); + if ($?) { + print "$tnam: verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } + print "$tnam: OK\n"; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + diff --git a/test/smcont.txt b/test/smcont.txt new file mode 100644 index 0000000000..e837c0b75b --- /dev/null +++ b/test/smcont.txt @@ -0,0 +1 @@ +Some test content for OpenSSL CMS
\ No newline at end of file |