test_cms.in revision 178825
1178825Sdfr#!/bin/sh 2178825Sdfr# 3178825Sdfr# Copyright (c) 2005 Kungliga Tekniska H�gskolan 4178825Sdfr# (Royal Institute of Technology, Stockholm, Sweden). 5178825Sdfr# All rights reserved. 6178825Sdfr# 7178825Sdfr# Redistribution and use in source and binary forms, with or without 8178825Sdfr# modification, are permitted provided that the following conditions 9178825Sdfr# are met: 10178825Sdfr# 11178825Sdfr# 1. Redistributions of source code must retain the above copyright 12178825Sdfr# notice, this list of conditions and the following disclaimer. 13178825Sdfr# 14178825Sdfr# 2. Redistributions in binary form must reproduce the above copyright 15178825Sdfr# notice, this list of conditions and the following disclaimer in the 16178825Sdfr# documentation and/or other materials provided with the distribution. 17178825Sdfr# 18178825Sdfr# 3. Neither the name of the Institute nor the names of its contributors 19178825Sdfr# may be used to endorse or promote products derived from this software 20178825Sdfr# without specific prior written permission. 21178825Sdfr# 22178825Sdfr# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23178825Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24178825Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25178825Sdfr# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26178825Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27178825Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28178825Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29178825Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30178825Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31178825Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32178825Sdfr# SUCH DAMAGE. 33178825Sdfr# 34178825Sdfr# $Id: test_cms.in 21311 2007-06-25 18:26:37Z lha $ 35178825Sdfr# 36178825Sdfr 37178825Sdfrsrcdir="@srcdir@" 38178825Sdfrobjdir="@objdir@" 39178825Sdfr 40178825Sdfrstat="--statistic-file=${objdir}/statfile" 41178825Sdfr 42178825Sdfrhxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43178825Sdfr 44178825Sdfrif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45178825Sdfr exit 77 46178825Sdfrfi 47178825Sdfrif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48178825Sdfr exit 77 49178825Sdfrfi 50178825Sdfr 51178825Sdfrecho "create signed data" 52178825Sdfr${hxtool} cms-create-sd \ 53178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 54178825Sdfr "$srcdir/test_chain.in" \ 55178825Sdfr sd.data > /dev/null || exit 1 56178825Sdfr 57178825Sdfrecho "verify signed data" 58178825Sdfr${hxtool} cms-verify-sd \ 59178825Sdfr --missing-revoke \ 60178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 61178825Sdfr sd.data sd.data.out > /dev/null || exit 1 62178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 63178825Sdfr 64178825Sdfrecho "create signed data (id-by-name)" 65178825Sdfr${hxtool} cms-create-sd \ 66178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 67178825Sdfr --id-by-name \ 68178825Sdfr "$srcdir/test_chain.in" \ 69178825Sdfr sd.data > /dev/null || exit 1 70178825Sdfr 71178825Sdfrecho "verify signed data" 72178825Sdfr${hxtool} cms-verify-sd \ 73178825Sdfr --missing-revoke \ 74178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 75178825Sdfr sd.data sd.data.out > /dev/null || exit 1 76178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 77178825Sdfr 78178825Sdfrecho "verify signed data (EE cert as anchor)" 79178825Sdfr${hxtool} cms-verify-sd \ 80178825Sdfr --missing-revoke \ 81178825Sdfr --anchors=FILE:$srcdir/data/test.crt \ 82178825Sdfr sd.data sd.data.out > /dev/null || exit 1 83178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 84178825Sdfr 85178825Sdfrecho "create signed data (password)" 86178825Sdfr${hxtool} cms-create-sd \ 87178825Sdfr --pass=PASS:foobar \ 88178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 89178825Sdfr "$srcdir/test_chain.in" \ 90178825Sdfr sd.data > /dev/null || exit 1 91178825Sdfr 92178825Sdfrecho "verify signed data" 93178825Sdfr${hxtool} cms-verify-sd \ 94178825Sdfr --missing-revoke \ 95178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 96178825Sdfr sd.data sd.data.out > /dev/null || exit 1 97178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 98178825Sdfr 99178825Sdfrecho "create signed data (combined)" 100178825Sdfr${hxtool} cms-create-sd \ 101178825Sdfr --certificate=FILE:$srcdir/data/test.combined.crt \ 102178825Sdfr "$srcdir/test_chain.in" \ 103178825Sdfr sd.data > /dev/null || exit 1 104178825Sdfr 105178825Sdfrecho "verify signed data" 106178825Sdfr${hxtool} cms-verify-sd \ 107178825Sdfr --missing-revoke \ 108178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 109178825Sdfr sd.data sd.data.out > /dev/null || exit 1 110178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 111178825Sdfr 112178825Sdfrecho "create signed data (content info)" 113178825Sdfr${hxtool} cms-create-sd \ 114178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 115178825Sdfr --content-info \ 116178825Sdfr "$srcdir/test_chain.in" \ 117178825Sdfr sd.data > /dev/null || exit 1 118178825Sdfr 119178825Sdfrecho "verify signed data (content info)" 120178825Sdfr${hxtool} cms-verify-sd \ 121178825Sdfr --missing-revoke \ 122178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 123178825Sdfr --content-info \ 124178825Sdfr sd.data sd.data.out > /dev/null || exit 1 125178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 126178825Sdfr 127178825Sdfrecho "create signed data (content type)" 128178825Sdfr${hxtool} cms-create-sd \ 129178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 130178825Sdfr --content-type=1.1.1.1 \ 131178825Sdfr "$srcdir/test_chain.in" \ 132178825Sdfr sd.data > /dev/null || exit 1 133178825Sdfr 134178825Sdfrecho "verify signed data (content type)" 135178825Sdfr${hxtool} cms-verify-sd \ 136178825Sdfr --missing-revoke \ 137178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 138178825Sdfr sd.data sd.data.out > /dev/null || exit 1 139178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 140178825Sdfr 141178825Sdfrecho "create signed data (pem)" 142178825Sdfr${hxtool} cms-create-sd \ 143178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 144178825Sdfr --pem \ 145178825Sdfr "$srcdir/test_chain.in" \ 146178825Sdfr sd.data > /dev/null || exit 1 147178825Sdfr 148178825Sdfrecho "create signed data (pem, detached)" 149178825Sdfr${hxtool} cms-create-sd \ 150178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 151178825Sdfr --detached-signature \ 152178825Sdfr --pem \ 153178825Sdfr "$srcdir/test_chain.in" \ 154178825Sdfr sd.data > /dev/null || exit 1 155178825Sdfr 156178825Sdfrecho "create signed data (p12)" 157178825Sdfr${hxtool} cms-create-sd \ 158178825Sdfr --pass=PASS:foobar \ 159178825Sdfr --certificate=PKCS12:$srcdir/data/test.p12 \ 160178825Sdfr --signer=friendlyname-test \ 161178825Sdfr "$srcdir/test_chain.in" \ 162178825Sdfr sd.data > /dev/null || exit 1 163178825Sdfr 164178825Sdfrecho "verify signed data" 165178825Sdfr${hxtool} cms-verify-sd \ 166178825Sdfr --missing-revoke \ 167178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 168178825Sdfr --content-info \ 169178825Sdfr "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 170178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 171178825Sdfr 172178825Sdfrecho "verify signed data (no attr)" 173178825Sdfr${hxtool} cms-verify-sd \ 174178825Sdfr --missing-revoke \ 175178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 176178825Sdfr --content-info \ 177178825Sdfr "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 178178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 179178825Sdfr 180178825Sdfrecho "verify failure signed data (no attr, no certs)" 181178825Sdfr${hxtool} cms-verify-sd \ 182178825Sdfr --missing-revoke \ 183178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 184178825Sdfr --content-info \ 185178825Sdfr "$srcdir/data/test-signed-data-noattr-nocerts" \ 186178825Sdfr sd.data.out > /dev/null 2>/dev/null && exit 1 187178825Sdfr 188178825Sdfrecho "verify signed data (no attr, no certs)" 189178825Sdfr${hxtool} cms-verify-sd \ 190178825Sdfr --missing-revoke \ 191178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 192178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 193178825Sdfr --content-info \ 194178825Sdfr "$srcdir/data/test-signed-data-noattr-nocerts" \ 195178825Sdfr sd.data.out > /dev/null || exit 1 196178825Sdfrcmp "$srcdir/data/static-file" sd.data.out || exit 1 197178825Sdfr 198178825Sdfrecho "create signed data (subcert, no certs)" 199178825Sdfr${hxtool} cms-create-sd \ 200178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 201178825Sdfr "$srcdir/test_chain.in" \ 202178825Sdfr sd.data > /dev/null || exit 1 203178825Sdfr 204178825Sdfrecho "verify failure signed data" 205178825Sdfr${hxtool} cms-verify-sd \ 206178825Sdfr --missing-revoke \ 207178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 208178825Sdfr sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 209178825Sdfr 210178825Sdfrecho "verify success signed data" 211178825Sdfr${hxtool} cms-verify-sd \ 212178825Sdfr --missing-revoke \ 213178825Sdfr --certificate=FILE:$srcdir/data/sub-ca.crt \ 214178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 215178825Sdfr sd.data sd.data.out > /dev/null || exit 1 216178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 217178825Sdfr 218178825Sdfrecho "create signed data (subcert, certs)" 219178825Sdfr${hxtool} cms-create-sd \ 220178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 221178825Sdfr --pool=FILE:$srcdir/data/sub-ca.crt \ 222178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 223178825Sdfr "$srcdir/test_chain.in" \ 224178825Sdfr sd.data > /dev/null || exit 1 225178825Sdfr 226178825Sdfrecho "verify success signed data" 227178825Sdfr${hxtool} cms-verify-sd \ 228178825Sdfr --missing-revoke \ 229178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 230178825Sdfr sd.data sd.data.out > /dev/null || exit 1 231178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 232178825Sdfr 233178825Sdfrecho "create signed data (subcert, certs, no-root)" 234178825Sdfr${hxtool} cms-create-sd \ 235178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 236178825Sdfr --pool=FILE:$srcdir/data/sub-ca.crt \ 237178825Sdfr "$srcdir/test_chain.in" \ 238178825Sdfr sd.data > /dev/null || exit 1 239178825Sdfr 240178825Sdfrecho "verify success signed data" 241178825Sdfr${hxtool} cms-verify-sd \ 242178825Sdfr --missing-revoke \ 243178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 244178825Sdfr sd.data sd.data.out > /dev/null || exit 1 245178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 246178825Sdfr 247178825Sdfrecho "create signed data (subcert, no-subca, no-root)" 248178825Sdfr${hxtool} cms-create-sd \ 249178825Sdfr --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 250178825Sdfr "$srcdir/test_chain.in" \ 251178825Sdfr sd.data > /dev/null || exit 1 252178825Sdfr 253178825Sdfrecho "verify failure signed data" 254178825Sdfr${hxtool} cms-verify-sd \ 255178825Sdfr --missing-revoke \ 256178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 257178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 258178825Sdfr 259178825Sdfrecho "create signed data (sd cert)" 260178825Sdfr${hxtool} cms-create-sd \ 261178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 262178825Sdfr "$srcdir/test_chain.in" \ 263178825Sdfr sd.data > /dev/null || exit 1 264178825Sdfr 265178825Sdfrecho "create signed data (ke cert)" 266178825Sdfr${hxtool} cms-create-sd \ 267178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 268178825Sdfr "$srcdir/test_chain.in" \ 269178825Sdfr sd.data > /dev/null 2>/dev/null && exit 1 270178825Sdfr 271178825Sdfrecho "create signed data (sd + ke certs)" 272178825Sdfr${hxtool} cms-create-sd \ 273178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 274178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 275178825Sdfr "$srcdir/test_chain.in" \ 276178825Sdfr sd.data > /dev/null || exit 1 277178825Sdfr 278178825Sdfrecho "create signed data (ke + sd certs)" 279178825Sdfr${hxtool} cms-create-sd \ 280178825Sdfr --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 281178825Sdfr --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 282178825Sdfr "$srcdir/test_chain.in" \ 283178825Sdfr sd.data > /dev/null || exit 1 284178825Sdfr 285178825Sdfrecho "create signed data (detached)" 286178825Sdfr${hxtool} cms-create-sd \ 287178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 288178825Sdfr --detached-signature \ 289178825Sdfr "$srcdir/test_chain.in" \ 290178825Sdfr sd.data > /dev/null || exit 1 291178825Sdfr 292178825Sdfrecho "verify signed data (detached)" 293178825Sdfr${hxtool} cms-verify-sd \ 294178825Sdfr --missing-revoke \ 295178825Sdfr --signed-content="$srcdir/test_chain.in" \ 296178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 297178825Sdfr sd.data sd.data.out > /dev/null || exit 1 298178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 299178825Sdfr 300178825Sdfrecho "verify failure signed data (detached)" 301178825Sdfr${hxtool} cms-verify-sd \ 302178825Sdfr --missing-revoke \ 303178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 304178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 305178825Sdfr 306178825Sdfrecho "create signed data (rsa)" 307178825Sdfr${hxtool} cms-create-sd \ 308178825Sdfr --peer-alg=1.2.840.113549.1.1.1 \ 309178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 310178825Sdfr "$srcdir/test_chain.in" \ 311178825Sdfr sd.data > /dev/null || exit 1 312178825Sdfr 313178825Sdfrecho "verify signed data (rsa)" 314178825Sdfr${hxtool} cms-verify-sd \ 315178825Sdfr --missing-revoke \ 316178825Sdfr --anchors=FILE:$srcdir/data/ca.crt \ 317178825Sdfr sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 318178825Sdfrcmp "$srcdir/test_chain.in" sd.data.out || exit 1 319178825Sdfr 320178825Sdfrecho "envelope data (content-type)" 321178825Sdfr${hxtool} cms-envelope \ 322178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 323178825Sdfr --content-type=1.1.1.1 \ 324178825Sdfr "$srcdir/data/static-file" \ 325178825Sdfr ev.data > /dev/null || exit 1 326178825Sdfr 327178825Sdfrecho "unenvelope data (content-type)" 328178825Sdfr${hxtool} cms-unenvelope \ 329178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 330178825Sdfr ev.data ev.data.out \ 331178825Sdfr FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 332178825Sdfrcmp "$srcdir/data/static-file" ev.data.out || exit 1 333178825Sdfr 334178825Sdfrecho "envelope data (content-info)" 335178825Sdfr${hxtool} cms-envelope \ 336178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 337178825Sdfr --content-info \ 338178825Sdfr "$srcdir/data/static-file" \ 339178825Sdfr ev.data > /dev/null || exit 1 340178825Sdfr 341178825Sdfrecho "unenvelope data (content-info)" 342178825Sdfr${hxtool} cms-unenvelope \ 343178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 344178825Sdfr --content-info \ 345178825Sdfr ev.data ev.data.out \ 346178825Sdfr FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 347178825Sdfrcmp "$srcdir/data/static-file" ev.data.out || exit 1 348178825Sdfr 349178825Sdfrfor a in des-ede3 aes-128 aes-256; do 350178825Sdfr 351178825Sdfr rm -f ev.data ev.data.out 352178825Sdfr echo "envelope data ($a)" 353178825Sdfr ${hxtool} cms-envelope \ 354178825Sdfr --encryption-type="$a-cbc" \ 355178825Sdfr --certificate=FILE:$srcdir/data/test.crt \ 356178825Sdfr "$srcdir/data/static-file" \ 357178825Sdfr ev.data || exit 1 358178825Sdfr 359178825Sdfr echo "unenvelope data ($a)" 360178825Sdfr ${hxtool} cms-unenvelope \ 361178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 362178825Sdfr ev.data ev.data.out > /dev/null || exit 1 363178825Sdfr cmp "$srcdir/data/static-file" ev.data.out || exit 1 364178825Sdfrdone 365178825Sdfr 366178825Sdfrfor a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 367178825Sdfr echo "static unenvelope data ($a)" 368178825Sdfr 369178825Sdfr rm -f ev.data.out 370178825Sdfr ${hxtool} cms-unenvelope \ 371178825Sdfr --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 372178825Sdfr --content-info \ 373178825Sdfr "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 374178825Sdfr cmp "$srcdir/data/static-file" ev.data.out || exit 1 375178825Sdfrdone 376178825Sdfr 377178825Sdfrexit 0 378