cms-examples.pl 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409
  1. # test/cms-examples.pl
  2. # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  3. # project.
  4. #
  5. # ====================================================================
  6. # Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  7. #
  8. # Redistribution and use in source and binary forms, with or without
  9. # modification, are permitted provided that the following conditions
  10. # are met:
  11. #
  12. # 1. Redistributions of source code must retain the above copyright
  13. # notice, this list of conditions and the following disclaimer.
  14. #
  15. # 2. Redistributions in binary form must reproduce the above copyright
  16. # notice, this list of conditions and the following disclaimer in
  17. # the documentation and/or other materials provided with the
  18. # distribution.
  19. #
  20. # 3. All advertising materials mentioning features or use of this
  21. # software must display the following acknowledgment:
  22. # "This product includes software developed by the OpenSSL Project
  23. # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. #
  25. # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. # endorse or promote products derived from this software without
  27. # prior written permission. For written permission, please contact
  28. # licensing@OpenSSL.org.
  29. #
  30. # 5. Products derived from this software may not be called "OpenSSL"
  31. # nor may "OpenSSL" appear in their names without prior written
  32. # permission of the OpenSSL Project.
  33. #
  34. # 6. Redistributions of any form whatsoever must retain the following
  35. # acknowledgment:
  36. # "This product includes software developed by the OpenSSL Project
  37. # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. #
  39. # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. # OF THE POSSIBILITY OF SUCH DAMAGE.
  51. # ====================================================================
  52. # Perl script to run tests against S/MIME examples in RFC4134
  53. # Assumes RFC is in current directory and called "rfc4134.txt"
  54. use MIME::Base64;
  55. my $badttest = 0;
  56. my $verbose = 1;
  57. my $cmscmd;
  58. my $exdir = "./";
  59. my $exfile = "./rfc4134.txt";
  60. if (-f "../apps/openssl")
  61. {
  62. $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
  63. }
  64. elsif (-f "..\\out32dll\\openssl.exe")
  65. {
  66. $cmscmd = "..\\out32dll\\openssl.exe cms";
  67. }
  68. elsif (-f "..\\out32\\openssl.exe")
  69. {
  70. $cmscmd = "..\\out32\\openssl.exe cms";
  71. }
  72. my @test_list = (
  73. [ "3.1.bin" => "dataout" ],
  74. [ "3.2.bin" => "encode, dataout" ],
  75. [ "4.1.bin" => "encode, verifyder, cont, dss" ],
  76. [ "4.2.bin" => "encode, verifyder, cont, rsa" ],
  77. [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
  78. [ "4.4.bin" => "encode, verifyder, cont, dss" ],
  79. [ "4.5.bin" => "verifyder, cont, rsa" ],
  80. [ "4.6.bin" => "encode, verifyder, cont, dss" ],
  81. [ "4.7.bin" => "encode, verifyder, cont, dss" ],
  82. [ "4.8.eml" => "verifymime, dss" ],
  83. [ "4.9.eml" => "verifymime, dss" ],
  84. [ "4.10.bin" => "encode, verifyder, cont, dss" ],
  85. [ "4.11.bin" => "encode, certsout" ],
  86. [ "5.1.bin" => "encode, envelopeder, cont" ],
  87. [ "5.2.bin" => "encode, envelopeder, cont" ],
  88. [ "5.3.eml" => "envelopemime, cont" ],
  89. [ "6.0.bin" => "encode, digest, cont" ],
  90. [ "7.1.bin" => "encode, encrypted, cont" ],
  91. [ "7.2.bin" => "encode, encrypted, cont" ]
  92. );
  93. # Extract examples from RFC4134 text.
  94. # Base64 decode all examples, certificates and
  95. # private keys are converted to PEM format.
  96. my ( $filename, $data );
  97. my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
  98. $data = "";
  99. open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
  100. while (<IN>) {
  101. next unless (/^\|/);
  102. s/^\|//;
  103. next if (/^\*/);
  104. if (/^>(.*)$/) {
  105. $filename = $1;
  106. next;
  107. }
  108. if (/^</) {
  109. $filename = "$exdir/$filename";
  110. if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
  111. $data = decode_base64($data);
  112. open OUT, ">$filename";
  113. binmode OUT;
  114. print OUT $data;
  115. close OUT;
  116. push @cleanup, $filename;
  117. }
  118. elsif ( $filename =~ /\.cer$/ ) {
  119. write_pem( $filename, "CERTIFICATE", $data );
  120. }
  121. elsif ( $filename =~ /\.pri$/ ) {
  122. write_pem( $filename, "PRIVATE KEY", $data );
  123. }
  124. $data = "";
  125. $filename = "";
  126. }
  127. else {
  128. $data .= $_;
  129. }
  130. }
  131. my $secretkey =
  132. "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
  133. foreach (@test_list) {
  134. my ( $file, $tlist ) = @$_;
  135. print "Example file $file:\n";
  136. if ( $tlist =~ /encode/ ) {
  137. run_reencode_test( $exdir, $file );
  138. }
  139. if ( $tlist =~ /certsout/ ) {
  140. run_certsout_test( $exdir, $file );
  141. }
  142. if ( $tlist =~ /dataout/ ) {
  143. run_dataout_test( $exdir, $file );
  144. }
  145. if ( $tlist =~ /verify/ ) {
  146. run_verify_test( $exdir, $tlist, $file );
  147. }
  148. if ( $tlist =~ /digest/ ) {
  149. run_digest_test( $exdir, $tlist, $file );
  150. }
  151. if ( $tlist =~ /encrypted/ ) {
  152. run_encrypted_test( $exdir, $tlist, $file, $secretkey );
  153. }
  154. if ( $tlist =~ /envelope/ ) {
  155. run_envelope_test( $exdir, $tlist, $file );
  156. }
  157. }
  158. foreach (@cleanup) {
  159. unlink $_;
  160. }
  161. if ($badtest) {
  162. print "\n$badtest TESTS FAILED!!\n";
  163. }
  164. else {
  165. print "\n***All tests successful***\n";
  166. }
  167. sub write_pem {
  168. my ( $filename, $str, $data ) = @_;
  169. $filename =~ s/\.[^.]*$/.pem/;
  170. push @cleanup, $filename;
  171. open OUT, ">$filename";
  172. print OUT "-----BEGIN $str-----\n";
  173. print OUT $data;
  174. print OUT "-----END $str-----\n";
  175. close OUT;
  176. }
  177. sub run_reencode_test {
  178. my ( $cmsdir, $tfile ) = @_;
  179. unlink "tmp.der";
  180. system( "$cmscmd -cmsout -inform DER -outform DER"
  181. . " -in $cmsdir/$tfile -out tmp.der" );
  182. if ($?) {
  183. print "\tReencode command FAILED!!\n";
  184. $badtest++;
  185. }
  186. elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
  187. print "\tReencode FAILED!!\n";
  188. $badtest++;
  189. }
  190. else {
  191. print "\tReencode passed\n" if $verbose;
  192. }
  193. }
  194. sub run_certsout_test {
  195. my ( $cmsdir, $tfile ) = @_;
  196. unlink "tmp.der";
  197. unlink "tmp.pem";
  198. system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
  199. . " -in $cmsdir/$tfile -out tmp.der" );
  200. if ($?) {
  201. print "\tCertificate output command FAILED!!\n";
  202. $badtest++;
  203. }
  204. else {
  205. print "\tCertificate output passed\n" if $verbose;
  206. }
  207. }
  208. sub run_dataout_test {
  209. my ( $cmsdir, $tfile ) = @_;
  210. unlink "tmp.txt";
  211. system(
  212. "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
  213. if ($?) {
  214. print "\tDataout command FAILED!!\n";
  215. $badtest++;
  216. }
  217. elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
  218. print "\tDataout compare FAILED!!\n";
  219. $badtest++;
  220. }
  221. else {
  222. print "\tDataout passed\n" if $verbose;
  223. }
  224. }
  225. sub run_verify_test {
  226. my ( $cmsdir, $tlist, $tfile ) = @_;
  227. unlink "tmp.txt";
  228. $form = "DER" if $tlist =~ /verifyder/;
  229. $form = "SMIME" if $tlist =~ /verifymime/;
  230. $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
  231. $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
  232. $cmd =
  233. "$cmscmd -verify -inform $form"
  234. . " -CAfile $cafile"
  235. . " -in $cmsdir/$tfile -out tmp.txt";
  236. $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
  237. system("$cmd 2>cms.err 1>cms.out");
  238. if ($?) {
  239. print "\tVerify command FAILED!!\n";
  240. $badtest++;
  241. }
  242. elsif ( $tlist =~ /cont/
  243. && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
  244. {
  245. print "\tVerify content compare FAILED!!\n";
  246. $badtest++;
  247. }
  248. else {
  249. print "\tVerify passed\n" if $verbose;
  250. }
  251. }
  252. sub run_envelope_test {
  253. my ( $cmsdir, $tlist, $tfile ) = @_;
  254. unlink "tmp.txt";
  255. $form = "DER" if $tlist =~ /envelopeder/;
  256. $form = "SMIME" if $tlist =~ /envelopemime/;
  257. $cmd =
  258. "$cmscmd -decrypt -inform $form"
  259. . " -recip $cmsdir/BobRSASignByCarl.pem"
  260. . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
  261. . " -in $cmsdir/$tfile -out tmp.txt";
  262. system("$cmd 2>cms.err 1>cms.out");
  263. if ($?) {
  264. print "\tDecrypt command FAILED!!\n";
  265. $badtest++;
  266. }
  267. elsif ( $tlist =~ /cont/
  268. && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
  269. {
  270. print "\tDecrypt content compare FAILED!!\n";
  271. $badtest++;
  272. }
  273. else {
  274. print "\tDecrypt passed\n" if $verbose;
  275. }
  276. }
  277. sub run_digest_test {
  278. my ( $cmsdir, $tlist, $tfile ) = @_;
  279. unlink "tmp.txt";
  280. my $cmd =
  281. "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
  282. system("$cmd 2>cms.err 1>cms.out");
  283. if ($?) {
  284. print "\tDigest verify command FAILED!!\n";
  285. $badtest++;
  286. }
  287. elsif ( $tlist =~ /cont/
  288. && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
  289. {
  290. print "\tDigest verify content compare FAILED!!\n";
  291. $badtest++;
  292. }
  293. else {
  294. print "\tDigest verify passed\n" if $verbose;
  295. }
  296. }
  297. sub run_encrypted_test {
  298. my ( $cmsdir, $tlist, $tfile, $key ) = @_;
  299. unlink "tmp.txt";
  300. system( "$cmscmd -EncryptedData_decrypt -inform DER"
  301. . " -secretkey $key"
  302. . " -in $cmsdir/$tfile -out tmp.txt" );
  303. if ($?) {
  304. print "\tEncrypted Data command FAILED!!\n";
  305. $badtest++;
  306. }
  307. elsif ( $tlist =~ /cont/
  308. && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
  309. {
  310. print "\tEncrypted Data content compare FAILED!!\n";
  311. $badtest++;
  312. }
  313. else {
  314. print "\tEncryptedData verify passed\n" if $verbose;
  315. }
  316. }
  317. sub cmp_files {
  318. my ( $f1, $f2 ) = @_;
  319. my ( $fp1, $fp2 );
  320. my ( $rd1, $rd2 );
  321. if ( !open( $fp1, "<$f1" ) ) {
  322. print STDERR "Can't Open file $f1\n";
  323. return 0;
  324. }
  325. if ( !open( $fp2, "<$f2" ) ) {
  326. print STDERR "Can't Open file $f2\n";
  327. return 0;
  328. }
  329. binmode $fp1;
  330. binmode $fp2;
  331. my $ret = 0;
  332. for ( ; ; ) {
  333. $n1 = sysread $fp1, $rd1, 4096;
  334. $n2 = sysread $fp2, $rd2, 4096;
  335. last if ( $n1 != $n2 );
  336. last if ( $rd1 ne $rd2 );
  337. if ( $n1 == 0 ) {
  338. $ret = 1;
  339. last;
  340. }
  341. }
  342. close $fp1;
  343. close $fp2;
  344. return $ret;
  345. }