2
# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5
# ====================================================================
6
# Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8
# Redistribution and use in source and binary forms, with or without
9
# modification, are permitted provided that the following conditions
12
# 1. Redistributions of source code must retain the above copyright
13
# notice, this list of conditions and the following disclaimer.
15
# 2. Redistributions in binary form must reproduce the above copyright
16
# notice, this list of conditions and the following disclaimer in
17
# the documentation and/or other materials provided with the
20
# 3. All advertising materials mentioning features or use of this
21
# software must display the following acknowledgment:
22
# "This product includes software developed by the OpenSSL Project
23
# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25
# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
# endorse or promote products derived from this software without
27
# prior written permission. For written permission, please contact
28
# licensing@OpenSSL.org.
30
# 5. Products derived from this software may not be called "OpenSSL"
31
# nor may "OpenSSL" appear in their names without prior written
32
# permission of the OpenSSL Project.
34
# 6. Redistributions of any form whatsoever must retain the following
36
# "This product includes software developed by the OpenSSL Project
37
# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39
# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
# OF THE POSSIBILITY OF SUCH DAMAGE.
51
# ====================================================================
53
# CMS, PKCS7 consistency test script. Run extensive tests on
54
# OpenSSL PKCS#7 and CMS implementations.
58
if ( -f "../apps/openssl" ) {
59
$ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
61
elsif ( -f "..\\out32dll\\openssl.exe" ) {
62
$ossl_path = "..\\out32dll\\openssl.exe";
64
elsif ( -f "..\\out32\\openssl.exe" ) {
65
$ossl_path = "..\\out32\\openssl.exe";
68
die "Can't find OpenSSL executable";
71
my $pk7cmd = "$ossl_path smime ";
72
my $cmscmd = "$ossl_path cms ";
73
my $smdir = "smime-certs";
77
my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
79
my @smime_pkcs7_tests = (
82
"signed content DER format, RSA key",
83
"-sign -in smcont.txt -outform DER -nodetach"
84
. " -certfile $smdir/smroot.pem"
85
. " -signer $smdir/smrsa1.pem -out test.cms",
86
"-verify -in test.cms -inform DER "
87
. " -CAfile $smdir/smroot.pem -out smtst.txt"
91
"signed detached content DER format, RSA key",
92
"-sign -in smcont.txt -outform DER"
93
. " -signer $smdir/smrsa1.pem -out test.cms",
94
"-verify -in test.cms -inform DER "
95
. " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
99
"signed content test streaming BER format, RSA",
100
"-sign -in smcont.txt -outform DER -nodetach"
101
. " -stream -signer $smdir/smrsa1.pem -out test.cms",
102
"-verify -in test.cms -inform DER "
103
. " -CAfile $smdir/smroot.pem -out smtst.txt"
107
"signed content DER format, DSA key",
108
"-sign -in smcont.txt -outform DER -nodetach"
109
. " -signer $smdir/smdsa1.pem -out test.cms",
110
"-verify -in test.cms -inform DER "
111
. " -CAfile $smdir/smroot.pem -out smtst.txt"
115
"signed detached content DER format, DSA key",
116
"-sign -in smcont.txt -outform DER"
117
. " -signer $smdir/smdsa1.pem -out test.cms",
118
"-verify -in test.cms -inform DER "
119
. " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
123
"signed detached content DER format, add RSA signer",
124
"-resign -inform DER -in test.cms -outform DER"
125
. " -signer $smdir/smrsa1.pem -out test2.cms",
126
"-verify -in test2.cms -inform DER "
127
. " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
131
"signed content test streaming BER format, DSA key",
132
"-sign -in smcont.txt -outform DER -nodetach"
133
. " -stream -signer $smdir/smdsa1.pem -out test.cms",
134
"-verify -in test.cms -inform DER "
135
. " -CAfile $smdir/smroot.pem -out smtst.txt"
139
"signed content test streaming BER format, 2 DSA and 2 RSA keys",
140
"-sign -in smcont.txt -outform DER -nodetach"
141
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
142
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
143
. " -stream -out test.cms",
144
"-verify -in test.cms -inform DER "
145
. " -CAfile $smdir/smroot.pem -out smtst.txt"
149
"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
150
"-sign -in smcont.txt -outform DER -noattr -nodetach"
151
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
152
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
153
. " -stream -out test.cms",
154
"-verify -in test.cms -inform DER "
155
. " -CAfile $smdir/smroot.pem -out smtst.txt"
159
"signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
160
"-sign -in smcont.txt -nodetach"
161
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
162
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
163
. " -stream -out test.cms",
164
"-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
168
"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
169
"-sign -in smcont.txt"
170
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
171
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
172
. " -stream -out test.cms",
173
"-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
177
"enveloped content test streaming S/MIME format, 3 recipients",
178
"-encrypt -in smcont.txt"
179
. " -stream -out test.cms"
180
. " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
181
"-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
185
"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
186
"-encrypt -in smcont.txt"
187
. " -stream -out test.cms"
188
. " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
189
"-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
193
"enveloped content test streaming S/MIME format, 3 recipients, key only used",
194
"-encrypt -in smcont.txt"
195
. " -stream -out test.cms"
196
. " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
197
"-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
201
"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
202
"-encrypt -in smcont.txt"
203
. " -aes256 -stream -out test.cms"
204
. " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
205
"-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
210
my @smime_cms_tests = (
213
"signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
214
"-sign -in smcont.txt -outform DER -nodetach -keyid"
215
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
216
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
217
. " -stream -out test.cms",
218
"-verify -in test.cms -inform DER "
219
. " -CAfile $smdir/smroot.pem -out smtst.txt"
223
"signed content test streaming PEM format, 2 DSA and 2 RSA keys",
224
"-sign -in smcont.txt -outform PEM -nodetach"
225
. " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
226
. " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
227
. " -stream -out test.cms",
228
"-verify -in test.cms -inform PEM "
229
. " -CAfile $smdir/smroot.pem -out smtst.txt"
233
"signed content MIME format, RSA key, signed receipt request",
234
"-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
235
. " -receipt_request_to test@openssl.org -receipt_request_all"
237
"-verify -in test.cms "
238
. " -CAfile $smdir/smroot.pem -out smtst.txt"
242
"signed receipt MIME format, RSA key",
243
"-sign_receipt -in test.cms"
244
. " -signer $smdir/smrsa2.pem"
246
"-verify_receipt test2.cms -in test.cms"
247
. " -CAfile $smdir/smroot.pem"
251
"enveloped content test streaming S/MIME format, 3 recipients, keyid",
252
"-encrypt -in smcont.txt"
253
. " -stream -out test.cms -keyid"
254
. " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
255
"-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
259
"enveloped content test streaming PEM format, KEK",
260
"-encrypt -in smcont.txt -outform PEM -aes128"
261
. " -stream -out test.cms "
262
. " -secretkey 000102030405060708090A0B0C0D0E0F "
263
. " -secretkeyid C0FEE0",
264
"-decrypt -in test.cms -out smtst.txt -inform PEM"
265
. " -secretkey 000102030405060708090A0B0C0D0E0F "
266
. " -secretkeyid C0FEE0"
270
"enveloped content test streaming PEM format, KEK, key only",
271
"-encrypt -in smcont.txt -outform PEM -aes128"
272
. " -stream -out test.cms "
273
. " -secretkey 000102030405060708090A0B0C0D0E0F "
274
. " -secretkeyid C0FEE0",
275
"-decrypt -in test.cms -out smtst.txt -inform PEM"
276
. " -secretkey 000102030405060708090A0B0C0D0E0F "
280
"data content test streaming PEM format",
281
"-data_create -in smcont.txt -outform PEM -nodetach"
282
. " -stream -out test.cms",
283
"-data_out -in test.cms -inform PEM -out smtst.txt"
287
"encrypted content test streaming PEM format, 128 bit RC2 key",
288
"-EncryptedData_encrypt -in smcont.txt -outform PEM"
289
. " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
290
. " -stream -out test.cms",
291
"-EncryptedData_decrypt -in test.cms -inform PEM "
292
. " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
296
"encrypted content test streaming PEM format, 40 bit RC2 key",
297
"-EncryptedData_encrypt -in smcont.txt -outform PEM"
298
. " -rc2 -secretkey 0001020304"
299
. " -stream -out test.cms",
300
"-EncryptedData_decrypt -in test.cms -inform PEM "
301
. " -secretkey 0001020304 -out smtst.txt"
305
"encrypted content test streaming PEM format, triple DES key",
306
"-EncryptedData_encrypt -in smcont.txt -outform PEM"
307
. " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
308
. " -stream -out test.cms",
309
"-EncryptedData_decrypt -in test.cms -inform PEM "
310
. " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
315
"encrypted content test streaming PEM format, 128 bit AES key",
316
"-EncryptedData_encrypt -in smcont.txt -outform PEM"
317
. " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
318
. " -stream -out test.cms",
319
"-EncryptedData_decrypt -in test.cms -inform PEM "
320
. " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
325
my @smime_cms_comp_tests = (
328
"compressed content test streaming PEM format",
329
"-compress -in smcont.txt -outform PEM -nodetach"
330
. " -stream -out test.cms",
331
"-uncompress -in test.cms -inform PEM -out smtst.txt"
336
print "PKCS#7 <=> PKCS#7 consistency tests\n";
338
run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $pk7cmd );
340
print "CMS => PKCS#7 compatibility tests\n";
342
run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
344
print "CMS <= PKCS#7 compatibility tests\n";
346
run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
348
print "CMS <=> CMS consistency tests\n";
350
run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
351
run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
353
if ( `$ossl_path version -f` =~ /ZLIB/ ) {
354
run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
357
print "Zlib not supported: compression tests skipped\n";
360
print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
363
print "$badcmd TESTS FAILED!!\n";
366
print "ALL TESTS SUCCESSFUL.\n";
375
sub run_smime_tests {
376
my ( $rv, $aref, $scmd, $vcmd ) = @_;
378
foreach $smtst (@$aref) {
379
my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
382
# Skip smime resign: 0.9.8 smime doesn't support -resign
383
next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
384
# Disable streaming: option not supported in 0.9.8
385
$tnam =~ s/streaming//;
386
$rscmd =~ s/-stream//;
387
$rvcmd =~ s/-stream//;
389
system("$scmd$rscmd 2>cms.err 1>cms.out");
391
print "$tnam: generation error\n";
396
system("$vcmd$rvcmd 2>cms.err 1>cms.out");
398
print "$tnam: verify error\n";
403
if (!cmp_files("smtst.txt", "smcont.txt")) {
404
print "$tnam: content verify error\n";
414
my ( $f1, $f2 ) = @_;
419
if ( !open( $fp1, "<$f1" ) ) {
420
print STDERR "Can't Open file $f1\n";
424
if ( !open( $fp2, "<$f2" ) ) {
425
print STDERR "Can't Open file $f2\n";
435
$n1 = sysread $fp1, $rd1, 4096;
436
$n2 = sysread $fp2, $rd2, 4096;
437
last if ( $n1 != $n2 );
438
last if ( $rd1 ne $rd2 );