80-test_cms.t 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604
  1. #! /usr/bin/env perl
  2. # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the OpenSSL license (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. use strict;
  9. use warnings;
  10. use POSIX;
  11. use File::Spec::Functions qw/catfile/;
  12. use File::Compare qw/compare_text/;
  13. use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/;
  14. use OpenSSL::Test::Utils;
  15. setup("test_cms");
  16. plan skip_all => "CMS is not supported by this OpenSSL build"
  17. if disabled("cms");
  18. my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
  19. my $smdir = srctop_dir("test", "smime-certs");
  20. my $smcont = srctop_file("test", "smcont.txt");
  21. my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
  22. = disabled qw/des dh dsa ec ec2m rc2 zlib/;
  23. plan tests => 7;
  24. my @smime_pkcs7_tests = (
  25. [ "signed content DER format, RSA key",
  26. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  27. "-certfile", catfile($smdir, "smroot.pem"),
  28. "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  29. [ "-verify", "-in", "test.cms", "-inform", "DER",
  30. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  31. ],
  32. [ "signed detached content DER format, RSA key",
  33. [ "-sign", "-in", $smcont, "-outform", "DER",
  34. "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  35. [ "-verify", "-in", "test.cms", "-inform", "DER",
  36. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  37. "-content", $smcont ]
  38. ],
  39. [ "signed content test streaming BER format, RSA",
  40. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  41. "-stream",
  42. "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  43. [ "-verify", "-in", "test.cms", "-inform", "DER",
  44. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  45. ],
  46. [ "signed content DER format, DSA key",
  47. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  48. "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  49. [ "-verify", "-in", "test.cms", "-inform", "DER",
  50. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  51. ],
  52. [ "signed detached content DER format, DSA key",
  53. [ "-sign", "-in", $smcont, "-outform", "DER",
  54. "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  55. [ "-verify", "-in", "test.cms", "-inform", "DER",
  56. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  57. "-content", $smcont ]
  58. ],
  59. [ "signed detached content DER format, add RSA signer (with DSA existing)",
  60. [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
  61. "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
  62. [ "-verify", "-in", "test2.cms", "-inform", "DER",
  63. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
  64. "-content", $smcont ]
  65. ],
  66. [ "signed content test streaming BER format, DSA key",
  67. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  68. "-stream",
  69. "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
  70. [ "-verify", "-in", "test.cms", "-inform", "DER",
  71. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  72. ],
  73. [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
  74. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
  75. "-signer", catfile($smdir, "smrsa1.pem"),
  76. "-signer", catfile($smdir, "smrsa2.pem"),
  77. "-signer", catfile($smdir, "smdsa1.pem"),
  78. "-signer", catfile($smdir, "smdsa2.pem"),
  79. "-stream", "-out", "test.cms" ],
  80. [ "-verify", "-in", "test.cms", "-inform", "DER",
  81. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  82. ],
  83. [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
  84. [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
  85. "-signer", catfile($smdir, "smrsa1.pem"),
  86. "-signer", catfile($smdir, "smrsa2.pem"),
  87. "-signer", catfile($smdir, "smdsa1.pem"),
  88. "-signer", catfile($smdir, "smdsa2.pem"),
  89. "-stream", "-out", "test.cms" ],
  90. [ "-verify", "-in", "test.cms", "-inform", "DER",
  91. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  92. ],
  93. [ "signed content S/MIME format, RSA key SHA1",
  94. [ "-sign", "-in", $smcont, "-md", "sha1",
  95. "-certfile", catfile($smdir, "smroot.pem"),
  96. "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
  97. [ "-verify", "-in", "test.cms",
  98. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  99. ],
  100. [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
  101. [ "-sign", "-in", $smcont, "-nodetach",
  102. "-signer", catfile($smdir, "smrsa1.pem"),
  103. "-signer", catfile($smdir, "smrsa2.pem"),
  104. "-signer", catfile($smdir, "smdsa1.pem"),
  105. "-signer", catfile($smdir, "smdsa2.pem"),
  106. "-stream", "-out", "test.cms" ],
  107. [ "-verify", "-in", "test.cms",
  108. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  109. ],
  110. [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
  111. [ "-sign", "-in", $smcont,
  112. "-signer", catfile($smdir, "smrsa1.pem"),
  113. "-signer", catfile($smdir, "smrsa2.pem"),
  114. "-signer", catfile($smdir, "smdsa1.pem"),
  115. "-signer", catfile($smdir, "smdsa2.pem"),
  116. "-stream", "-out", "test.cms" ],
  117. [ "-verify", "-in", "test.cms",
  118. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  119. ],
  120. [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
  121. [ "-encrypt", "-in", $smcont,
  122. "-stream", "-out", "test.cms",
  123. catfile($smdir, "smrsa1.pem"),
  124. catfile($smdir, "smrsa2.pem"),
  125. catfile($smdir, "smrsa3.pem") ],
  126. [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
  127. "-in", "test.cms", "-out", "smtst.txt" ]
  128. ],
  129. [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
  130. [ "-encrypt", "-in", $smcont,
  131. "-stream", "-out", "test.cms",
  132. catfile($smdir, "smrsa1.pem"),
  133. catfile($smdir, "smrsa2.pem"),
  134. catfile($smdir, "smrsa3.pem") ],
  135. [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
  136. "-in", "test.cms", "-out", "smtst.txt" ]
  137. ],
  138. [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
  139. [ "-encrypt", "-in", $smcont,
  140. "-stream", "-out", "test.cms",
  141. catfile($smdir, "smrsa1.pem"),
  142. catfile($smdir, "smrsa2.pem"),
  143. catfile($smdir, "smrsa3.pem") ],
  144. [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
  145. "-in", "test.cms", "-out", "smtst.txt" ]
  146. ],
  147. [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
  148. [ "-encrypt", "-in", $smcont,
  149. "-aes256", "-stream", "-out", "test.cms",
  150. catfile($smdir, "smrsa1.pem"),
  151. catfile($smdir, "smrsa2.pem"),
  152. catfile($smdir, "smrsa3.pem") ],
  153. [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
  154. "-in", "test.cms", "-out", "smtst.txt" ]
  155. ],
  156. );
  157. my @smime_cms_tests = (
  158. [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
  159. [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
  160. "-signer", catfile($smdir, "smrsa1.pem"),
  161. "-signer", catfile($smdir, "smrsa2.pem"),
  162. "-signer", catfile($smdir, "smdsa1.pem"),
  163. "-signer", catfile($smdir, "smdsa2.pem"),
  164. "-stream", "-out", "test.cms" ],
  165. [ "-verify", "-in", "test.cms", "-inform", "DER",
  166. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  167. ],
  168. [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
  169. [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
  170. "-signer", catfile($smdir, "smrsa1.pem"),
  171. "-signer", catfile($smdir, "smrsa2.pem"),
  172. "-signer", catfile($smdir, "smdsa1.pem"),
  173. "-signer", catfile($smdir, "smdsa2.pem"),
  174. "-stream", "-out", "test.cms" ],
  175. [ "-verify", "-in", "test.cms", "-inform", "PEM",
  176. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  177. ],
  178. [ "signed content MIME format, RSA key, signed receipt request",
  179. [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
  180. "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
  181. "-out", "test.cms" ],
  182. [ "-verify", "-in", "test.cms",
  183. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  184. ],
  185. [ "signed receipt MIME format, RSA key",
  186. [ "-sign_receipt", "-in", "test.cms",
  187. "-signer", catfile($smdir, "smrsa2.pem"),
  188. "-out", "test2.cms" ],
  189. [ "-verify_receipt", "test2.cms", "-in", "test.cms",
  190. "-CAfile", catfile($smdir, "smroot.pem") ]
  191. ],
  192. [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
  193. [ "-encrypt", "-in", $smcont,
  194. "-stream", "-out", "test.cms", "-keyid",
  195. catfile($smdir, "smrsa1.pem"),
  196. catfile($smdir, "smrsa2.pem"),
  197. catfile($smdir, "smrsa3.pem") ],
  198. [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
  199. "-in", "test.cms", "-out", "smtst.txt" ]
  200. ],
  201. [ "enveloped content test streaming PEM format, KEK",
  202. [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
  203. "-stream", "-out", "test.cms",
  204. "-secretkey", "000102030405060708090A0B0C0D0E0F",
  205. "-secretkeyid", "C0FEE0" ],
  206. [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
  207. "-secretkey", "000102030405060708090A0B0C0D0E0F",
  208. "-secretkeyid", "C0FEE0" ]
  209. ],
  210. [ "enveloped content test streaming PEM format, KEK, key only",
  211. [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
  212. "-stream", "-out", "test.cms",
  213. "-secretkey", "000102030405060708090A0B0C0D0E0F",
  214. "-secretkeyid", "C0FEE0" ],
  215. [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
  216. "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
  217. ],
  218. [ "data content test streaming PEM format",
  219. [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
  220. "-stream", "-out", "test.cms" ],
  221. [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
  222. ],
  223. [ "encrypted content test streaming PEM format, 128 bit RC2 key",
  224. [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
  225. "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
  226. "-stream", "-out", "test.cms" ],
  227. [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
  228. "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
  229. ],
  230. [ "encrypted content test streaming PEM format, 40 bit RC2 key",
  231. [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
  232. "-rc2", "-secretkey", "0001020304",
  233. "-stream", "-out", "test.cms" ],
  234. [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
  235. "-secretkey", "0001020304", "-out", "smtst.txt" ]
  236. ],
  237. [ "encrypted content test streaming PEM format, triple DES key",
  238. [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
  239. "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
  240. "-stream", "-out", "test.cms" ],
  241. [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
  242. "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
  243. "-out", "smtst.txt" ]
  244. ],
  245. [ "encrypted content test streaming PEM format, 128 bit AES key",
  246. [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
  247. "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
  248. "-stream", "-out", "test.cms" ],
  249. [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
  250. "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
  251. ],
  252. [ "encrypted content test streaming PEM format -noout, 128 bit AES key",
  253. [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
  254. "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
  255. "-stream", "-noout" ],
  256. [ "-help" ]
  257. ],
  258. );
  259. my @smime_cms_comp_tests = (
  260. [ "compressed content test streaming PEM format",
  261. [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
  262. "-stream", "-out", "test.cms" ],
  263. [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
  264. ]
  265. );
  266. my @smime_cms_param_tests = (
  267. [ "signed content test streaming PEM format, RSA keys, PSS signature",
  268. [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
  269. "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
  270. "-out", "test.cms" ],
  271. [ "-verify", "-in", "test.cms", "-inform", "PEM",
  272. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  273. ],
  274. [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max",
  275. [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
  276. "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
  277. "-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ],
  278. [ "-verify", "-in", "test.cms", "-inform", "PEM",
  279. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  280. ],
  281. [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
  282. [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
  283. "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
  284. "-out", "test.cms" ],
  285. [ "-verify", "-in", "test.cms", "-inform", "PEM",
  286. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  287. ],
  288. [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
  289. [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
  290. "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
  291. "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
  292. [ "-verify", "-in", "test.cms", "-inform", "PEM",
  293. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  294. ],
  295. [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
  296. [ "-encrypt", "-in", $smcont,
  297. "-stream", "-out", "test.cms",
  298. "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
  299. [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
  300. "-in", "test.cms", "-out", "smtst.txt" ]
  301. ],
  302. [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
  303. [ "-encrypt", "-in", $smcont,
  304. "-stream", "-out", "test.cms",
  305. "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
  306. "-keyopt", "rsa_oaep_md:sha256" ],
  307. [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
  308. "-in", "test.cms", "-out", "smtst.txt" ]
  309. ],
  310. [ "enveloped content test streaming S/MIME format, DES, ECDH",
  311. [ "-encrypt", "-in", $smcont,
  312. "-stream", "-out", "test.cms",
  313. "-recip", catfile($smdir, "smec1.pem") ],
  314. [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
  315. "-in", "test.cms", "-out", "smtst.txt" ]
  316. ],
  317. [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
  318. [ "-encrypt", "-in", $smcont,
  319. "-stream", "-out", "test.cms",
  320. catfile($smdir, "smec1.pem"),
  321. catfile($smdir, "smec3.pem") ],
  322. [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
  323. "-in", "test.cms", "-out", "smtst.txt" ]
  324. ],
  325. [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
  326. [ "-encrypt", "-keyid", "-in", $smcont,
  327. "-stream", "-out", "test.cms",
  328. "-recip", catfile($smdir, "smec1.pem") ],
  329. [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
  330. "-in", "test.cms", "-out", "smtst.txt" ]
  331. ],
  332. [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
  333. [ "-encrypt", "-in", $smcont,
  334. "-stream", "-out", "test.cms",
  335. "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
  336. [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
  337. "-in", "test.cms", "-out", "smtst.txt" ]
  338. ],
  339. [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
  340. [ "-encrypt", "-in", $smcont,
  341. "-stream", "-out", "test.cms",
  342. "-recip", catfile($smdir, "smec2.pem"), "-aes128",
  343. "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
  344. [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
  345. "-in", "test.cms", "-out", "smtst.txt" ]
  346. ],
  347. [ "enveloped content test streaming S/MIME format, X9.42 DH",
  348. [ "-encrypt", "-in", $smcont,
  349. "-stream", "-out", "test.cms",
  350. "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
  351. [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
  352. "-in", "test.cms", "-out", "smtst.txt" ]
  353. ]
  354. );
  355. my @contenttype_cms_test = (
  356. [ "signed content test - check that content type is added to additional signerinfo, RSA keys",
  357. [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER",
  358. "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
  359. "-out", "test.cms" ],
  360. [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER",
  361. "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256",
  362. "-out", "test2.cms" ],
  363. [ "-verify", "-in", "test2.cms", "-inform", "DER",
  364. "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
  365. ],
  366. );
  367. my @incorrect_attribute_cms_test = (
  368. "bad_signtime_attr.cms",
  369. "no_ct_attr.cms",
  370. "no_md_attr.cms",
  371. "ct_multiple_attr.cms"
  372. );
  373. subtest "CMS => PKCS#7 compatibility tests\n" => sub {
  374. plan tests => scalar @smime_pkcs7_tests;
  375. foreach (@smime_pkcs7_tests) {
  376. SKIP: {
  377. my $skip_reason = check_availability($$_[0]);
  378. skip $skip_reason, 1 if $skip_reason;
  379. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  380. && run(app(["openssl", "smime", @{$$_[2]}]))
  381. && compare_text($smcont, "smtst.txt") == 0,
  382. $$_[0]);
  383. }
  384. }
  385. };
  386. subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
  387. plan tests => scalar @smime_pkcs7_tests;
  388. foreach (@smime_pkcs7_tests) {
  389. SKIP: {
  390. my $skip_reason = check_availability($$_[0]);
  391. skip $skip_reason, 1 if $skip_reason;
  392. ok(run(app(["openssl", "smime", @{$$_[1]}]))
  393. && run(app(["openssl", "cms", @{$$_[2]}]))
  394. && compare_text($smcont, "smtst.txt") == 0,
  395. $$_[0]);
  396. }
  397. }
  398. };
  399. subtest "CMS <=> CMS consistency tests\n" => sub {
  400. plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
  401. foreach (@smime_pkcs7_tests) {
  402. SKIP: {
  403. my $skip_reason = check_availability($$_[0]);
  404. skip $skip_reason, 1 if $skip_reason;
  405. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  406. && run(app(["openssl", "cms", @{$$_[2]}]))
  407. && compare_text($smcont, "smtst.txt") == 0,
  408. $$_[0]);
  409. }
  410. }
  411. foreach (@smime_cms_tests) {
  412. SKIP: {
  413. my $skip_reason = check_availability($$_[0]);
  414. skip $skip_reason, 1 if $skip_reason;
  415. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  416. && run(app(["openssl", "cms", @{$$_[2]}]))
  417. && compare_text($smcont, "smtst.txt") == 0,
  418. $$_[0]);
  419. }
  420. }
  421. };
  422. subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
  423. plan tests =>
  424. (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
  425. foreach (@smime_cms_param_tests) {
  426. SKIP: {
  427. my $skip_reason = check_availability($$_[0]);
  428. skip $skip_reason, 1 if $skip_reason;
  429. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  430. && run(app(["openssl", "cms", @{$$_[2]}]))
  431. && compare_text($smcont, "smtst.txt") == 0,
  432. $$_[0]);
  433. }
  434. }
  435. SKIP: {
  436. skip("Zlib not supported: compression tests skipped",
  437. scalar @smime_cms_comp_tests)
  438. if $no_zlib;
  439. foreach (@smime_cms_comp_tests) {
  440. SKIP: {
  441. my $skip_reason = check_availability($$_[0]);
  442. skip $skip_reason, 1 if $skip_reason;
  443. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  444. && run(app(["openssl", "cms", @{$$_[2]}]))
  445. && compare_text($smcont, "smtst.txt") == 0,
  446. $$_[0]);
  447. }
  448. }
  449. }
  450. };
  451. # Returns the number of matches of a Content Type Attribute in a binary file.
  452. sub contentType_matches {
  453. # Read in a binary file
  454. my ($in) = @_;
  455. open (HEX_IN, "$in") or die("open failed for $in : $!");
  456. binmode(HEX_IN);
  457. local $/;
  458. my $str = <HEX_IN>;
  459. # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data)
  460. my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs;
  461. close(HEX_IN);
  462. return scalar(@c);
  463. }
  464. subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
  465. plan tests =>
  466. (scalar @contenttype_cms_test);
  467. foreach (@contenttype_cms_test) {
  468. SKIP: {
  469. my $skip_reason = check_availability($$_[0]);
  470. skip $skip_reason, 1 if $skip_reason;
  471. ok(run(app(["openssl", "cms", @{$$_[1]}]))
  472. && run(app(["openssl", "cms", @{$$_[2]}]))
  473. && contentType_matches("test2.cms") == 2
  474. && run(app(["openssl", "cms", @{$$_[3]}])),
  475. $$_[0]);
  476. }
  477. }
  478. };
  479. subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
  480. plan tests =>
  481. (scalar @incorrect_attribute_cms_test);
  482. foreach my $name (@incorrect_attribute_cms_test) {
  483. ok(!run(app(["openssl", "cms", "-verify", "-in",
  484. catfile($datadir, $name), "-inform", "DER", "-CAfile",
  485. catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])),
  486. $name);
  487. }
  488. };
  489. unlink "test.cms";
  490. unlink "test2.cms";
  491. unlink "smtst.txt";
  492. sub check_availability {
  493. my $tnam = shift;
  494. return "$tnam: skipped, EC disabled\n"
  495. if ($no_ec && $tnam =~ /ECDH/);
  496. return "$tnam: skipped, ECDH disabled\n"
  497. if ($no_ec && $tnam =~ /ECDH/);
  498. return "$tnam: skipped, EC2M disabled\n"
  499. if ($no_ec2m && $tnam =~ /K-283/);
  500. return "$tnam: skipped, DH disabled\n"
  501. if ($no_dh && $tnam =~ /X9\.42/);
  502. return "$tnam: skipped, RC2 disabled\n"
  503. if ($no_rc2 && $tnam =~ /RC2/);
  504. return "$tnam: skipped, DES disabled\n"
  505. if ($no_des && $tnam =~ /DES/);
  506. return "$tnam: skipped, DSA disabled\n"
  507. if ($no_dsa && $tnam =~ / DSA/);
  508. return "";
  509. }
  510. # Check that we get the expected failure return code
  511. with({ exit_checker => sub { return shift == 6; } },
  512. sub {
  513. ok(run(app(['openssl', 'cms', '-encrypt',
  514. '-in', srctop_file("test", "smcont.txt"),
  515. '-aes128', '-stream', '-recip',
  516. srctop_file("test/smime-certs", "badrsa.pem"),
  517. ])),
  518. "Check failure during BIO setup with -stream is handled correctly");
  519. });