1# test/cms-test.pl 2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3# project. 4# 5# ==================================================================== 6# Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7# 8# Redistribution and use in source and binary forms, with or without 9# modification, are permitted provided that the following conditions 10# are met: 11# 12# 1. Redistributions of source code must retain the above copyright 13# notice, this list of conditions and the following disclaimer. 14# 15# 2. Redistributions in binary form must reproduce the above copyright 16# notice, this list of conditions and the following disclaimer in 17# the documentation and/or other materials provided with the 18# distribution. 19# 20# 3. All advertising materials mentioning features or use of this 21# software must display the following acknowledgment: 22# "This product includes software developed by the OpenSSL Project 23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24# 25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26# endorse or promote products derived from this software without 27# prior written permission. For written permission, please contact 28# licensing@OpenSSL.org. 29# 30# 5. Products derived from this software may not be called "OpenSSL" 31# nor may "OpenSSL" appear in their names without prior written 32# permission of the OpenSSL Project. 33# 34# 6. Redistributions of any form whatsoever must retain the following 35# acknowledgment: 36# "This product includes software developed by the OpenSSL Project 37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38# 39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50# OF THE POSSIBILITY OF SUCH DAMAGE. 51# ==================================================================== 52 53# CMS, PKCS7 consistency test script. Run extensive tests on 54# OpenSSL PKCS#7 and CMS implementations. 55 56my $ossl_path; 57my $redir = " 2>cms.err 1>cms.out"; 58# Make MSYS work 59if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { 60 $ossl_path = "cmd /c ..\\apps\\openssl"; 61} 62elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { 63 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; 64} 65elsif ( -f "..\\out32dll\\openssl.exe" ) { 66 $ossl_path = "..\\out32dll\\openssl.exe"; 67} 68elsif ( -f "..\\out32\\openssl.exe" ) { 69 $ossl_path = "..\\out32\\openssl.exe"; 70} 71else { 72 die "Can't find OpenSSL executable"; 73} 74 75my $pk7cmd = "$ossl_path smime "; 76my $cmscmd = "$ossl_path cms "; 77my $smdir = "smime-certs"; 78my $halt_err = 1; 79 80my $badcmd = 0; 81my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; 82 83my @smime_pkcs7_tests = ( 84 85 [ 86 "signed content DER format, RSA key", 87 "-sign -in smcont.txt -outform DER -nodetach" 88 . " -certfile $smdir/smroot.pem" 89 . " -signer $smdir/smrsa1.pem -out test.cms", 90 "-verify -in test.cms -inform DER " 91 . " -CAfile $smdir/smroot.pem -out smtst.txt" 92 ], 93 94 [ 95 "signed detached content DER format, RSA key", 96 "-sign -in smcont.txt -outform DER" 97 . " -signer $smdir/smrsa1.pem -out test.cms", 98 "-verify -in test.cms -inform DER " 99 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 100 ], 101 102 [ 103 "signed content test streaming BER format, RSA", 104 "-sign -in smcont.txt -outform DER -nodetach" 105 . " -stream -signer $smdir/smrsa1.pem -out test.cms", 106 "-verify -in test.cms -inform DER " 107 . " -CAfile $smdir/smroot.pem -out smtst.txt" 108 ], 109 110 [ 111 "signed content DER format, DSA key", 112 "-sign -in smcont.txt -outform DER -nodetach" 113 . " -signer $smdir/smdsa1.pem -out test.cms", 114 "-verify -in test.cms -inform DER " 115 . " -CAfile $smdir/smroot.pem -out smtst.txt" 116 ], 117 118 [ 119 "signed detached content DER format, DSA key", 120 "-sign -in smcont.txt -outform DER" 121 . " -signer $smdir/smdsa1.pem -out test.cms", 122 "-verify -in test.cms -inform DER " 123 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 124 ], 125 126 [ 127 "signed detached content DER format, add RSA signer", 128 "-resign -inform DER -in test.cms -outform DER" 129 . " -signer $smdir/smrsa1.pem -out test2.cms", 130 "-verify -in test2.cms -inform DER " 131 . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" 132 ], 133 134 [ 135 "signed content test streaming BER format, DSA key", 136 "-sign -in smcont.txt -outform DER -nodetach" 137 . " -stream -signer $smdir/smdsa1.pem -out test.cms", 138 "-verify -in test.cms -inform DER " 139 . " -CAfile $smdir/smroot.pem -out smtst.txt" 140 ], 141 142 [ 143 "signed content test streaming BER format, 2 DSA and 2 RSA keys", 144 "-sign -in smcont.txt -outform DER -nodetach" 145 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 146 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 147 . " -stream -out test.cms", 148 "-verify -in test.cms -inform DER " 149 . " -CAfile $smdir/smroot.pem -out smtst.txt" 150 ], 151 152 [ 153"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 154 "-sign -in smcont.txt -outform DER -noattr -nodetach" 155 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 156 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 157 . " -stream -out test.cms", 158 "-verify -in test.cms -inform DER " 159 . " -CAfile $smdir/smroot.pem -out smtst.txt" 160 ], 161 162 [ 163 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", 164 "-sign -in smcont.txt -nodetach" 165 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 166 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 167 . " -stream -out test.cms", 168 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 169 ], 170 171 [ 172"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", 173 "-sign -in smcont.txt" 174 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 175 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 176 . " -stream -out test.cms", 177 "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" 178 ], 179 180 [ 181 "enveloped content test streaming S/MIME format, 3 recipients", 182 "-encrypt -in smcont.txt" 183 . " -stream -out test.cms" 184 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 185 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 186 ], 187 188 [ 189"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", 190 "-encrypt -in smcont.txt" 191 . " -stream -out test.cms" 192 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 193 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" 194 ], 195 196 [ 197"enveloped content test streaming S/MIME format, 3 recipients, key only used", 198 "-encrypt -in smcont.txt" 199 . " -stream -out test.cms" 200 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 201 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" 202 ], 203 204 [ 205"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", 206 "-encrypt -in smcont.txt" 207 . " -aes256 -stream -out test.cms" 208 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 209 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 210 ], 211 212); 213 214my @smime_cms_tests = ( 215 216 [ 217 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 218 "-sign -in smcont.txt -outform DER -nodetach -keyid" 219 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 220 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 221 . " -stream -out test.cms", 222 "-verify -in test.cms -inform DER " 223 . " -CAfile $smdir/smroot.pem -out smtst.txt" 224 ], 225 226 [ 227 "signed content test streaming PEM format, 2 DSA and 2 RSA keys", 228 "-sign -in smcont.txt -outform PEM -nodetach" 229 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 230 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 231 . " -stream -out test.cms", 232 "-verify -in test.cms -inform PEM " 233 . " -CAfile $smdir/smroot.pem -out smtst.txt" 234 ], 235 236 [ 237 "signed content MIME format, RSA key, signed receipt request", 238 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" 239 . " -receipt_request_to test\@openssl.org -receipt_request_all" 240 . " -out test.cms", 241 "-verify -in test.cms " 242 . " -CAfile $smdir/smroot.pem -out smtst.txt" 243 ], 244 245 [ 246 "signed receipt MIME format, RSA key", 247 "-sign_receipt -in test.cms" 248 . " -signer $smdir/smrsa2.pem" 249 . " -out test2.cms", 250 "-verify_receipt test2.cms -in test.cms" 251 . " -CAfile $smdir/smroot.pem" 252 ], 253 254 [ 255 "enveloped content test streaming S/MIME format, 3 recipients, keyid", 256 "-encrypt -in smcont.txt" 257 . " -stream -out test.cms -keyid" 258 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 259 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 260 ], 261 262 [ 263 "enveloped content test streaming PEM format, KEK", 264 "-encrypt -in smcont.txt -outform PEM -aes128" 265 . " -stream -out test.cms " 266 . " -secretkey 000102030405060708090A0B0C0D0E0F " 267 . " -secretkeyid C0FEE0", 268 "-decrypt -in test.cms -out smtst.txt -inform PEM" 269 . " -secretkey 000102030405060708090A0B0C0D0E0F " 270 . " -secretkeyid C0FEE0" 271 ], 272 273 [ 274 "enveloped content test streaming PEM format, KEK, key only", 275 "-encrypt -in smcont.txt -outform PEM -aes128" 276 . " -stream -out test.cms " 277 . " -secretkey 000102030405060708090A0B0C0D0E0F " 278 . " -secretkeyid C0FEE0", 279 "-decrypt -in test.cms -out smtst.txt -inform PEM" 280 . " -secretkey 000102030405060708090A0B0C0D0E0F " 281 ], 282 283 [ 284 "data content test streaming PEM format", 285 "-data_create -in smcont.txt -outform PEM -nodetach" 286 . " -stream -out test.cms", 287 "-data_out -in test.cms -inform PEM -out smtst.txt" 288 ], 289 290 [ 291 "encrypted content test streaming PEM format, 128 bit RC2 key", 292 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 293 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" 294 . " -stream -out test.cms", 295 "-EncryptedData_decrypt -in test.cms -inform PEM " 296 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 297 ], 298 299 [ 300 "encrypted content test streaming PEM format, 40 bit RC2 key", 301 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 302 . " -rc2 -secretkey 0001020304" 303 . " -stream -out test.cms", 304 "-EncryptedData_decrypt -in test.cms -inform PEM " 305 . " -secretkey 0001020304 -out smtst.txt" 306 ], 307 308 [ 309 "encrypted content test streaming PEM format, triple DES key", 310 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 311 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 312 . " -stream -out test.cms", 313 "-EncryptedData_decrypt -in test.cms -inform PEM " 314 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 315 . " -out smtst.txt" 316 ], 317 318 [ 319 "encrypted content test streaming PEM format, 128 bit AES key", 320 "-EncryptedData_encrypt -in smcont.txt -outform PEM" 321 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" 322 . " -stream -out test.cms", 323 "-EncryptedData_decrypt -in test.cms -inform PEM " 324 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 325 ], 326 327); 328 329my @smime_cms_comp_tests = ( 330 331 [ 332 "compressed content test streaming PEM format", 333 "-compress -in smcont.txt -outform PEM -nodetach" 334 . " -stream -out test.cms", 335 "-uncompress -in test.cms -inform PEM -out smtst.txt" 336 ] 337 338); 339 340print "CMS => PKCS#7 compatibility tests\n"; 341 342run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); 343 344print "CMS <= PKCS#7 compatibility tests\n"; 345 346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); 347 348print "CMS <=> CMS consistency tests\n"; 349 350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); 351run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); 352 353if ( `$ossl_path version -f` =~ /ZLIB/ ) { 354 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); 355} 356else { 357 print "Zlib not supported: compression tests skipped\n"; 358} 359 360print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); 361 362if ($badcmd) { 363 print "$badcmd TESTS FAILED!!\n"; 364} 365else { 366 print "ALL TESTS SUCCESSFUL.\n"; 367} 368 369unlink "test.cms"; 370unlink "test2.cms"; 371unlink "smtst.txt"; 372unlink "cms.out"; 373unlink "cms.err"; 374 375sub run_smime_tests { 376 my ( $rv, $aref, $scmd, $vcmd ) = @_; 377 378 foreach $smtst (@$aref) { 379 my ( $tnam, $rscmd, $rvcmd ) = @$smtst; 380 if ($ossl8) 381 { 382 # Skip smime resign: 0.9.8 smime doesn't support -resign 383 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); 384 # Disable streaming: option not supported in 0.9.8 385 $tnam =~ s/streaming//; 386 $rscmd =~ s/-stream//; 387 $rvcmd =~ s/-stream//; 388 } 389 system("$scmd$rscmd$redir"); 390 if ($?) { 391 print "$tnam: generation error\n"; 392 $$rv++; 393 exit 1 if $halt_err; 394 next; 395 } 396 system("$vcmd$rvcmd$redir"); 397 if ($?) { 398 print "$tnam: verify error\n"; 399 $$rv++; 400 exit 1 if $halt_err; 401 next; 402 } 403 if (!cmp_files("smtst.txt", "smcont.txt")) { 404 print "$tnam: content verify error\n"; 405 $$rv++; 406 exit 1 if $halt_err; 407 next; 408 } 409 print "$tnam: OK\n"; 410 } 411} 412 413sub cmp_files { 414 use FileHandle; 415 my ( $f1, $f2 ) = @_; 416 my $fp1 = FileHandle->new(); 417 my $fp2 = FileHandle->new(); 418 419 my ( $rd1, $rd2 ); 420 421 if ( !open( $fp1, "<$f1" ) ) { 422 print STDERR "Can't Open file $f1\n"; 423 return 0; 424 } 425 426 if ( !open( $fp2, "<$f2" ) ) { 427 print STDERR "Can't Open file $f2\n"; 428 return 0; 429 } 430 431 binmode $fp1; 432 binmode $fp2; 433 434 my $ret = 0; 435 436 for ( ; ; ) { 437 $n1 = sysread $fp1, $rd1, 4096; 438 $n2 = sysread $fp2, $rd2, 4096; 439 last if ( $n1 != $n2 ); 440 last if ( $rd1 ne $rd2 ); 441 442 if ( $n1 == 0 ) { 443 $ret = 1; 444 last; 445 } 446 447 } 448 449 close $fp1; 450 close $fp2; 451 452 return $ret; 453 454} 455 456