cms-test.pl 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449
  1. # test/cms-test.pl
  2. # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  3. # project.
  4. #
  5. # ====================================================================
  6. # Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  7. #
  8. # Redistribution and use in source and binary forms, with or without
  9. # modification, are permitted provided that the following conditions
  10. # are met:
  11. #
  12. # 1. Redistributions of source code must retain the above copyright
  13. # notice, this list of conditions and the following disclaimer.
  14. #
  15. # 2. Redistributions in binary form must reproduce the above copyright
  16. # notice, this list of conditions and the following disclaimer in
  17. # the documentation and/or other materials provided with the
  18. # distribution.
  19. #
  20. # 3. All advertising materials mentioning features or use of this
  21. # software must display the following acknowledgment:
  22. # "This product includes software developed by the OpenSSL Project
  23. # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. #
  25. # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. # endorse or promote products derived from this software without
  27. # prior written permission. For written permission, please contact
  28. # licensing@OpenSSL.org.
  29. #
  30. # 5. Products derived from this software may not be called "OpenSSL"
  31. # nor may "OpenSSL" appear in their names without prior written
  32. # permission of the OpenSSL Project.
  33. #
  34. # 6. Redistributions of any form whatsoever must retain the following
  35. # acknowledgment:
  36. # "This product includes software developed by the OpenSSL Project
  37. # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. #
  39. # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. # OF THE POSSIBILITY OF SUCH DAMAGE.
  51. # ====================================================================
  52. # CMS, PKCS7 consistency test script. Run extensive tests on
  53. # OpenSSL PKCS#7 and CMS implementations.
  54. my $ossl_path;
  55. if ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
  56. $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
  57. }
  58. elsif ( -f "..\\out32dll\\openssl.exe" ) {
  59. $ossl_path = "..\\out32dll\\openssl.exe";
  60. }
  61. elsif ( -f "..\\out32\\openssl.exe" ) {
  62. $ossl_path = "..\\out32\\openssl.exe";
  63. }
  64. else {
  65. die "Can't find OpenSSL executable";
  66. }
  67. my $pk7cmd = "$ossl_path smime ";
  68. my $cmscmd = "$ossl_path cms ";
  69. my $smdir = "smime-certs";
  70. my $halt_err = 1;
  71. my $badcmd = 0;
  72. my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
  73. my @smime_pkcs7_tests = (
  74. [
  75. "signed content DER format, RSA key",
  76. "-sign -in smcont.txt -outform DER -nodetach"
  77. . " -certfile $smdir/smroot.pem"
  78. . " -signer $smdir/smrsa1.pem -out test.cms",
  79. "-verify -in test.cms -inform DER "
  80. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  81. ],
  82. [
  83. "signed detached content DER format, RSA key",
  84. "-sign -in smcont.txt -outform DER"
  85. . " -signer $smdir/smrsa1.pem -out test.cms",
  86. "-verify -in test.cms -inform DER "
  87. . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
  88. ],
  89. [
  90. "signed content test streaming BER format, RSA",
  91. "-sign -in smcont.txt -outform DER -nodetach"
  92. . " -stream -signer $smdir/smrsa1.pem -out test.cms",
  93. "-verify -in test.cms -inform DER "
  94. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  95. ],
  96. [
  97. "signed content DER format, DSA key",
  98. "-sign -in smcont.txt -outform DER -nodetach"
  99. . " -signer $smdir/smdsa1.pem -out test.cms",
  100. "-verify -in test.cms -inform DER "
  101. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  102. ],
  103. [
  104. "signed detached content DER format, DSA key",
  105. "-sign -in smcont.txt -outform DER"
  106. . " -signer $smdir/smdsa1.pem -out test.cms",
  107. "-verify -in test.cms -inform DER "
  108. . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
  109. ],
  110. [
  111. "signed detached content DER format, add RSA signer",
  112. "-resign -inform DER -in test.cms -outform DER"
  113. . " -signer $smdir/smrsa1.pem -out test2.cms",
  114. "-verify -in test2.cms -inform DER "
  115. . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
  116. ],
  117. [
  118. "signed content test streaming BER format, DSA key",
  119. "-sign -in smcont.txt -outform DER -nodetach"
  120. . " -stream -signer $smdir/smdsa1.pem -out test.cms",
  121. "-verify -in test.cms -inform DER "
  122. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  123. ],
  124. [
  125. "signed content test streaming BER format, 2 DSA and 2 RSA keys",
  126. "-sign -in smcont.txt -outform DER -nodetach"
  127. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  128. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  129. . " -stream -out test.cms",
  130. "-verify -in test.cms -inform DER "
  131. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  132. ],
  133. [
  134. "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
  135. "-sign -in smcont.txt -outform DER -noattr -nodetach"
  136. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  137. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  138. . " -stream -out test.cms",
  139. "-verify -in test.cms -inform DER "
  140. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  141. ],
  142. [
  143. "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
  144. "-sign -in smcont.txt -nodetach"
  145. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  146. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  147. . " -stream -out test.cms",
  148. "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
  149. ],
  150. [
  151. "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
  152. "-sign -in smcont.txt"
  153. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  154. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  155. . " -stream -out test.cms",
  156. "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
  157. ],
  158. [
  159. "enveloped content test streaming S/MIME format, 3 recipients",
  160. "-encrypt -in smcont.txt"
  161. . " -stream -out test.cms"
  162. . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
  163. "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
  164. ],
  165. [
  166. "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
  167. "-encrypt -in smcont.txt"
  168. . " -stream -out test.cms"
  169. . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
  170. "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
  171. ],
  172. [
  173. "enveloped content test streaming S/MIME format, 3 recipients, key only used",
  174. "-encrypt -in smcont.txt"
  175. . " -stream -out test.cms"
  176. . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
  177. "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
  178. ],
  179. [
  180. "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
  181. "-encrypt -in smcont.txt"
  182. . " -aes256 -stream -out test.cms"
  183. . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
  184. "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
  185. ],
  186. );
  187. my @smime_cms_tests = (
  188. [
  189. "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
  190. "-sign -in smcont.txt -outform DER -nodetach -keyid"
  191. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  192. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  193. . " -stream -out test.cms",
  194. "-verify -in test.cms -inform DER "
  195. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  196. ],
  197. [
  198. "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
  199. "-sign -in smcont.txt -outform PEM -nodetach"
  200. . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
  201. . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
  202. . " -stream -out test.cms",
  203. "-verify -in test.cms -inform PEM "
  204. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  205. ],
  206. [
  207. "signed content MIME format, RSA key, signed receipt request",
  208. "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
  209. . " -receipt_request_to test\@openssl.org -receipt_request_all"
  210. . " -out test.cms",
  211. "-verify -in test.cms "
  212. . " -CAfile $smdir/smroot.pem -out smtst.txt"
  213. ],
  214. [
  215. "signed receipt MIME format, RSA key",
  216. "-sign_receipt -in test.cms"
  217. . " -signer $smdir/smrsa2.pem"
  218. . " -out test2.cms",
  219. "-verify_receipt test2.cms -in test.cms"
  220. . " -CAfile $smdir/smroot.pem"
  221. ],
  222. [
  223. "enveloped content test streaming S/MIME format, 3 recipients, keyid",
  224. "-encrypt -in smcont.txt"
  225. . " -stream -out test.cms -keyid"
  226. . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
  227. "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
  228. ],
  229. [
  230. "enveloped content test streaming PEM format, KEK",
  231. "-encrypt -in smcont.txt -outform PEM -aes128"
  232. . " -stream -out test.cms "
  233. . " -secretkey 000102030405060708090A0B0C0D0E0F "
  234. . " -secretkeyid C0FEE0",
  235. "-decrypt -in test.cms -out smtst.txt -inform PEM"
  236. . " -secretkey 000102030405060708090A0B0C0D0E0F "
  237. . " -secretkeyid C0FEE0"
  238. ],
  239. [
  240. "enveloped content test streaming PEM format, KEK, key only",
  241. "-encrypt -in smcont.txt -outform PEM -aes128"
  242. . " -stream -out test.cms "
  243. . " -secretkey 000102030405060708090A0B0C0D0E0F "
  244. . " -secretkeyid C0FEE0",
  245. "-decrypt -in test.cms -out smtst.txt -inform PEM"
  246. . " -secretkey 000102030405060708090A0B0C0D0E0F "
  247. ],
  248. [
  249. "data content test streaming PEM format",
  250. "-data_create -in smcont.txt -outform PEM -nodetach"
  251. . " -stream -out test.cms",
  252. "-data_out -in test.cms -inform PEM -out smtst.txt"
  253. ],
  254. [
  255. "encrypted content test streaming PEM format, 128 bit RC2 key",
  256. "-EncryptedData_encrypt -in smcont.txt -outform PEM"
  257. . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
  258. . " -stream -out test.cms",
  259. "-EncryptedData_decrypt -in test.cms -inform PEM "
  260. . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
  261. ],
  262. [
  263. "encrypted content test streaming PEM format, 40 bit RC2 key",
  264. "-EncryptedData_encrypt -in smcont.txt -outform PEM"
  265. . " -rc2 -secretkey 0001020304"
  266. . " -stream -out test.cms",
  267. "-EncryptedData_decrypt -in test.cms -inform PEM "
  268. . " -secretkey 0001020304 -out smtst.txt"
  269. ],
  270. [
  271. "encrypted content test streaming PEM format, triple DES key",
  272. "-EncryptedData_encrypt -in smcont.txt -outform PEM"
  273. . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
  274. . " -stream -out test.cms",
  275. "-EncryptedData_decrypt -in test.cms -inform PEM "
  276. . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
  277. . " -out smtst.txt"
  278. ],
  279. [
  280. "encrypted content test streaming PEM format, 128 bit AES key",
  281. "-EncryptedData_encrypt -in smcont.txt -outform PEM"
  282. . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
  283. . " -stream -out test.cms",
  284. "-EncryptedData_decrypt -in test.cms -inform PEM "
  285. . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
  286. ],
  287. );
  288. my @smime_cms_comp_tests = (
  289. [
  290. "compressed content test streaming PEM format",
  291. "-compress -in smcont.txt -outform PEM -nodetach"
  292. . " -stream -out test.cms",
  293. "-uncompress -in test.cms -inform PEM -out smtst.txt"
  294. ]
  295. );
  296. print "CMS => PKCS#7 compatibility tests\n";
  297. run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
  298. print "CMS <= PKCS#7 compatibility tests\n";
  299. run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
  300. print "CMS <=> CMS consistency tests\n";
  301. run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
  302. run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
  303. if ( `$ossl_path version -f` =~ /ZLIB/ ) {
  304. run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
  305. }
  306. else {
  307. print "Zlib not supported: compression tests skipped\n";
  308. }
  309. print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
  310. if ($badcmd) {
  311. print "$badcmd TESTS FAILED!!\n";
  312. }
  313. else {
  314. print "ALL TESTS SUCCESSFUL.\n";
  315. }
  316. unlink "test.cms";
  317. unlink "test2.cms";
  318. unlink "smtst.txt";
  319. unlink "cms.out";
  320. unlink "cms.err";
  321. sub run_smime_tests {
  322. my ( $rv, $aref, $scmd, $vcmd ) = @_;
  323. foreach $smtst (@$aref) {
  324. my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
  325. if ($ossl8)
  326. {
  327. # Skip smime resign: 0.9.8 smime doesn't support -resign
  328. next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
  329. # Disable streaming: option not supported in 0.9.8
  330. $tnam =~ s/streaming//;
  331. $rscmd =~ s/-stream//;
  332. $rvcmd =~ s/-stream//;
  333. }
  334. system("$scmd$rscmd 2>cms.err 1>cms.out");
  335. if ($?) {
  336. print "$tnam: generation error\n";
  337. $$rv++;
  338. exit 1 if $halt_err;
  339. next;
  340. }
  341. system("$vcmd$rvcmd 2>cms.err 1>cms.out");
  342. if ($?) {
  343. print "$tnam: verify error\n";
  344. $$rv++;
  345. exit 1 if $halt_err;
  346. next;
  347. }
  348. if (!cmp_files("smtst.txt", "smcont.txt")) {
  349. print "$tnam: content verify error\n";
  350. $$rv++;
  351. exit 1 if $halt_err;
  352. next;
  353. }
  354. print "$tnam: OK\n";
  355. }
  356. }
  357. sub cmp_files {
  358. my ( $f1, $f2 ) = @_;
  359. my ( $fp1, $fp2 );
  360. my ( $rd1, $rd2 );
  361. if ( !open( $fp1, "<$f1" ) ) {
  362. print STDERR "Can't Open file $f1\n";
  363. return 0;
  364. }
  365. if ( !open( $fp2, "<$f2" ) ) {
  366. print STDERR "Can't Open file $f2\n";
  367. return 0;
  368. }
  369. binmode $fp1;
  370. binmode $fp2;
  371. my $ret = 0;
  372. for ( ; ; ) {
  373. $n1 = sysread $fp1, $rd1, 4096;
  374. $n2 = sysread $fp2, $rd2, 4096;
  375. last if ( $n1 != $n2 );
  376. last if ( $rd1 ne $rd2 );
  377. if ( $n1 == 0 ) {
  378. $ret = 1;
  379. last;
  380. }
  381. }
  382. close $fp1;
  383. close $fp2;
  384. return $ret;
  385. }