1#! /usr/bin/env perl
2# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
3#
4# Licensed under the OpenSSL license (the "License").  You may not use
5# this file except in compliance with the License.  You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9
10use strict;
11use warnings;
12
13use POSIX;
14use File::Spec::Functions qw/catfile/;
15use File::Compare qw/compare_text/;
16use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/;
17use OpenSSL::Test::Utils;
18
19setup("test_cms");
20
21plan skip_all => "CMS is not supported by this OpenSSL build"
22    if disabled("cms");
23
24my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
25my $smdir    = srctop_dir("test", "smime-certs");
26my $smcont   = srctop_file("test", "smcont.txt");
27my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
28    = disabled qw/des dh dsa ec ec2m rc2 zlib/;
29
30plan tests => 7;
31
32my @smime_pkcs7_tests = (
33
34    [ "signed content DER format, RSA key",
35      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
36	"-certfile", catfile($smdir, "smroot.pem"),
37	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
38      [ "-verify", "-in", "test.cms", "-inform", "DER",
39	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
40    ],
41
42    [ "signed detached content DER format, RSA key",
43      [ "-sign", "-in", $smcont, "-outform", "DER",
44	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
45      [ "-verify", "-in", "test.cms", "-inform", "DER",
46	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
47	"-content", $smcont ]
48    ],
49
50    [ "signed content test streaming BER format, RSA",
51      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
52	"-stream",
53	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
54      [ "-verify", "-in", "test.cms", "-inform", "DER",
55	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
56    ],
57
58    [ "signed content DER format, DSA key",
59      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
60	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
61      [ "-verify", "-in", "test.cms", "-inform", "DER",
62	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
63    ],
64
65    [ "signed detached content DER format, DSA key",
66      [ "-sign", "-in", $smcont, "-outform", "DER",
67	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
68      [ "-verify", "-in", "test.cms", "-inform", "DER",
69	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
70	"-content", $smcont ]
71    ],
72
73    [ "signed detached content DER format, add RSA signer (with DSA existing)",
74      [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
75	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
76      [ "-verify", "-in", "test2.cms", "-inform", "DER",
77	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
78	"-content", $smcont ]
79    ],
80
81    [ "signed content test streaming BER format, DSA key",
82      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
83	"-stream",
84	"-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
85      [ "-verify", "-in", "test.cms", "-inform", "DER",
86	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
87    ],
88
89    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
90      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
91	"-signer", catfile($smdir, "smrsa1.pem"),
92	"-signer", catfile($smdir, "smrsa2.pem"),
93	"-signer", catfile($smdir, "smdsa1.pem"),
94	"-signer", catfile($smdir, "smdsa2.pem"),
95	"-stream", "-out", "test.cms" ],
96      [ "-verify", "-in", "test.cms", "-inform", "DER",
97	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
98    ],
99
100    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
101      [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
102	"-signer", catfile($smdir, "smrsa1.pem"),
103	"-signer", catfile($smdir, "smrsa2.pem"),
104	"-signer", catfile($smdir, "smdsa1.pem"),
105	"-signer", catfile($smdir, "smdsa2.pem"),
106	"-stream", "-out", "test.cms" ],
107      [ "-verify", "-in", "test.cms", "-inform", "DER",
108	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
109    ],
110
111    [ "signed content S/MIME format, RSA key SHA1",
112      [ "-sign", "-in", $smcont, "-md", "sha1",
113	"-certfile", catfile($smdir, "smroot.pem"),
114	"-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
115      [ "-verify", "-in", "test.cms",
116	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
117    ],
118
119    [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
120      [ "-sign", "-in", $smcont, "-nodetach",
121	"-signer", catfile($smdir, "smrsa1.pem"),
122	"-signer", catfile($smdir, "smrsa2.pem"),
123	"-signer", catfile($smdir, "smdsa1.pem"),
124	"-signer", catfile($smdir, "smdsa2.pem"),
125	"-stream", "-out", "test.cms" ],
126      [ "-verify", "-in", "test.cms",
127	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
128    ],
129
130    [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
131      [ "-sign", "-in", $smcont,
132	"-signer", catfile($smdir, "smrsa1.pem"),
133	"-signer", catfile($smdir, "smrsa2.pem"),
134	"-signer", catfile($smdir, "smdsa1.pem"),
135	"-signer", catfile($smdir, "smdsa2.pem"),
136	"-stream", "-out", "test.cms" ],
137      [ "-verify", "-in", "test.cms",
138	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
139    ],
140
141    [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
142      [ "-encrypt", "-in", $smcont,
143	"-stream", "-out", "test.cms",
144	catfile($smdir, "smrsa1.pem"),
145	catfile($smdir, "smrsa2.pem"),
146	catfile($smdir, "smrsa3.pem") ],
147      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
148	"-in", "test.cms", "-out", "smtst.txt" ]
149    ],
150
151    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
152      [ "-encrypt", "-in", $smcont,
153	"-stream", "-out", "test.cms",
154	catfile($smdir, "smrsa1.pem"),
155	catfile($smdir, "smrsa2.pem"),
156	catfile($smdir, "smrsa3.pem") ],
157      [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
158	"-in", "test.cms", "-out", "smtst.txt" ]
159    ],
160
161    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
162      [ "-encrypt", "-in", $smcont,
163	"-stream", "-out", "test.cms",
164	catfile($smdir, "smrsa1.pem"),
165	catfile($smdir, "smrsa2.pem"),
166	catfile($smdir, "smrsa3.pem") ],
167      [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
168	"-in", "test.cms", "-out", "smtst.txt" ]
169    ],
170
171    [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
172      [ "-encrypt", "-in", $smcont,
173	"-aes256", "-stream", "-out", "test.cms",
174	catfile($smdir, "smrsa1.pem"),
175	catfile($smdir, "smrsa2.pem"),
176	catfile($smdir, "smrsa3.pem") ],
177      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
178	"-in", "test.cms", "-out", "smtst.txt" ]
179    ],
180
181);
182
183my @smime_cms_tests = (
184
185    [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
186      [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
187	"-signer", catfile($smdir, "smrsa1.pem"),
188	"-signer", catfile($smdir, "smrsa2.pem"),
189	"-signer", catfile($smdir, "smdsa1.pem"),
190	"-signer", catfile($smdir, "smdsa2.pem"),
191	"-stream", "-out", "test.cms" ],
192      [ "-verify", "-in", "test.cms", "-inform", "DER",
193	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
194    ],
195
196    [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
197      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
198	"-signer", catfile($smdir, "smrsa1.pem"),
199	"-signer", catfile($smdir, "smrsa2.pem"),
200	"-signer", catfile($smdir, "smdsa1.pem"),
201	"-signer", catfile($smdir, "smdsa2.pem"),
202	"-stream", "-out", "test.cms" ],
203      [ "-verify", "-in", "test.cms", "-inform", "PEM",
204	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
205    ],
206
207    [ "signed content MIME format, RSA key, signed receipt request",
208      [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
209	"-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
210	"-out", "test.cms" ],
211      [ "-verify", "-in", "test.cms",
212	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
213    ],
214
215    [ "signed receipt MIME format, RSA key",
216      [ "-sign_receipt", "-in", "test.cms",
217	"-signer", catfile($smdir, "smrsa2.pem"),
218	"-out", "test2.cms" ],
219      [ "-verify_receipt", "test2.cms", "-in", "test.cms",
220	"-CAfile", catfile($smdir, "smroot.pem") ]
221    ],
222
223    [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
224      [ "-encrypt", "-in", $smcont,
225	"-stream", "-out", "test.cms", "-keyid",
226	catfile($smdir, "smrsa1.pem"),
227	catfile($smdir, "smrsa2.pem"),
228	catfile($smdir, "smrsa3.pem") ],
229      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
230	"-in", "test.cms", "-out", "smtst.txt" ]
231    ],
232
233    [ "enveloped content test streaming PEM format, KEK",
234      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
235	"-stream", "-out", "test.cms",
236	"-secretkey", "000102030405060708090A0B0C0D0E0F",
237	"-secretkeyid", "C0FEE0" ],
238      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
239	"-secretkey", "000102030405060708090A0B0C0D0E0F",
240	"-secretkeyid", "C0FEE0" ]
241    ],
242
243    [ "enveloped content test streaming PEM format, KEK, key only",
244      [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
245	"-stream", "-out", "test.cms",
246	"-secretkey", "000102030405060708090A0B0C0D0E0F",
247	"-secretkeyid", "C0FEE0" ],
248      [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
249	"-secretkey", "000102030405060708090A0B0C0D0E0F" ]
250    ],
251
252    [ "data content test streaming PEM format",
253      [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
254	"-stream", "-out", "test.cms" ],
255      [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
256    ],
257
258    [ "encrypted content test streaming PEM format, 128 bit RC2 key",
259      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
260	"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
261	"-stream", "-out", "test.cms" ],
262      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
263	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
264    ],
265
266    [ "encrypted content test streaming PEM format, 40 bit RC2 key",
267      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
268	"-rc2", "-secretkey", "0001020304",
269	"-stream", "-out", "test.cms" ],
270      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
271	"-secretkey", "0001020304", "-out", "smtst.txt" ]
272    ],
273
274    [ "encrypted content test streaming PEM format, triple DES key",
275      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
276	"-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
277	"-stream", "-out", "test.cms" ],
278      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
279	"-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
280	"-out", "smtst.txt" ]
281    ],
282
283    [ "encrypted content test streaming PEM format, 128 bit AES key",
284      [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
285	"-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
286	"-stream", "-out", "test.cms" ],
287      [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
288	"-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
289    ],
290
291);
292
293my @smime_cms_comp_tests = (
294
295    [ "compressed content test streaming PEM format",
296      [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
297	"-stream", "-out", "test.cms" ],
298      [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
299    ]
300
301);
302
303my @smime_cms_param_tests = (
304    [ "signed content test streaming PEM format, RSA keys, PSS signature",
305      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
306	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
307	"-out", "test.cms" ],
308      [ "-verify", "-in", "test.cms", "-inform", "PEM",
309	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
310    ],
311
312    [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max",
313      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
314	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
315	"-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ],
316      [ "-verify", "-in", "test.cms", "-inform", "PEM",
317	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
318    ],
319
320    [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
321      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
322	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
323	"-out", "test.cms" ],
324      [ "-verify", "-in", "test.cms", "-inform", "PEM",
325	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
326    ],
327
328    [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
329      [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
330	"-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
331	"-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
332      [ "-verify", "-in", "test.cms", "-inform", "PEM",
333	"-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
334    ],
335
336    [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
337      [ "-encrypt", "-in", $smcont,
338	"-stream", "-out", "test.cms",
339	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
340      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
341	"-in", "test.cms", "-out", "smtst.txt" ]
342    ],
343
344    [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
345      [ "-encrypt", "-in", $smcont,
346	"-stream", "-out", "test.cms",
347	"-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
348	"-keyopt", "rsa_oaep_md:sha256" ],
349      [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
350	"-in", "test.cms", "-out", "smtst.txt" ]
351    ],
352
353    [ "enveloped content test streaming S/MIME format, DES, ECDH",
354      [ "-encrypt", "-in", $smcont,
355	"-stream", "-out", "test.cms",
356	"-recip", catfile($smdir, "smec1.pem") ],
357      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
358	"-in", "test.cms", "-out", "smtst.txt" ]
359    ],
360
361    [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used",
362      [ "-encrypt", "-in", $smcont,
363	"-stream", "-out", "test.cms",
364	catfile($smdir, "smec1.pem"),
365	catfile($smdir, "smec3.pem") ],
366      [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"),
367	"-in", "test.cms", "-out", "smtst.txt" ]
368    ],
369
370    [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
371      [ "-encrypt", "-keyid", "-in", $smcont,
372	"-stream", "-out", "test.cms",
373	"-recip", catfile($smdir, "smec1.pem") ],
374      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
375	"-in", "test.cms", "-out", "smtst.txt" ]
376    ],
377
378    [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
379      [ "-encrypt", "-in", $smcont,
380	"-stream", "-out", "test.cms",
381	"-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
382      [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
383	"-in", "test.cms", "-out", "smtst.txt" ]
384    ],
385
386    [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
387      [ "-encrypt", "-in", $smcont,
388	"-stream", "-out", "test.cms",
389	"-recip", catfile($smdir, "smec2.pem"), "-aes128",
390	"-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
391      [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
392	"-in", "test.cms", "-out", "smtst.txt" ]
393    ],
394
395    [ "enveloped content test streaming S/MIME format, X9.42 DH",
396      [ "-encrypt", "-in", $smcont,
397	"-stream", "-out", "test.cms",
398	"-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
399      [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
400	"-in", "test.cms", "-out", "smtst.txt" ]
401    ]
402    );
403
404my @contenttype_cms_test = (
405    [ "signed content test - check that content type is added to additional signerinfo, RSA keys",
406      [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER",
407        "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
408        "-out", "test.cms" ],
409      [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER",
410        "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256",
411        "-out", "test2.cms" ],
412      [ "-verify", "-in", "test2.cms", "-inform", "DER",
413        "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
414    ],
415);
416
417my @incorrect_attribute_cms_test = (
418    "bad_signtime_attr.cms",
419    "no_ct_attr.cms",
420    "no_md_attr.cms",
421    "ct_multiple_attr.cms"
422);
423
424subtest "CMS => PKCS#7 compatibility tests\n" => sub {
425    plan tests => scalar @smime_pkcs7_tests;
426
427    foreach (@smime_pkcs7_tests) {
428      SKIP: {
429	  my $skip_reason = check_availability($$_[0]);
430	  skip $skip_reason, 1 if $skip_reason;
431
432	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
433	     && run(app(["openssl", "smime", @{$$_[2]}]))
434	     && compare_text($smcont, "smtst.txt") == 0,
435	     $$_[0]);
436	}
437    }
438};
439subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
440    plan tests => scalar @smime_pkcs7_tests;
441
442    foreach (@smime_pkcs7_tests) {
443      SKIP: {
444	  my $skip_reason = check_availability($$_[0]);
445	  skip $skip_reason, 1 if $skip_reason;
446
447	  ok(run(app(["openssl", "smime", @{$$_[1]}]))
448	     && run(app(["openssl", "cms", @{$$_[2]}]))
449	     && compare_text($smcont, "smtst.txt") == 0,
450	     $$_[0]);
451	}
452    }
453};
454
455subtest "CMS <=> CMS consistency tests\n" => sub {
456    plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
457
458    foreach (@smime_pkcs7_tests) {
459      SKIP: {
460	  my $skip_reason = check_availability($$_[0]);
461	  skip $skip_reason, 1 if $skip_reason;
462
463	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
464	     && run(app(["openssl", "cms", @{$$_[2]}]))
465	     && compare_text($smcont, "smtst.txt") == 0,
466	     $$_[0]);
467	}
468    }
469    foreach (@smime_cms_tests) {
470      SKIP: {
471	  my $skip_reason = check_availability($$_[0]);
472	  skip $skip_reason, 1 if $skip_reason;
473
474	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
475	     && run(app(["openssl", "cms", @{$$_[2]}]))
476	     && compare_text($smcont, "smtst.txt") == 0,
477	     $$_[0]);
478	}
479    }
480};
481
482subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
483    plan tests =>
484	(scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
485
486    foreach (@smime_cms_param_tests) {
487      SKIP: {
488	  my $skip_reason = check_availability($$_[0]);
489	  skip $skip_reason, 1 if $skip_reason;
490
491	  ok(run(app(["openssl", "cms", @{$$_[1]}]))
492	     && run(app(["openssl", "cms", @{$$_[2]}]))
493	     && compare_text($smcont, "smtst.txt") == 0,
494	     $$_[0]);
495	}
496    }
497
498  SKIP: {
499      skip("Zlib not supported: compression tests skipped",
500	   scalar @smime_cms_comp_tests)
501	  if $no_zlib;
502
503      foreach (@smime_cms_comp_tests) {
504	SKIP: {
505	    my $skip_reason = check_availability($$_[0]);
506	    skip $skip_reason, 1 if $skip_reason;
507
508	    ok(run(app(["openssl", "cms", @{$$_[1]}]))
509	       && run(app(["openssl", "cms", @{$$_[2]}]))
510	       && compare_text($smcont, "smtst.txt") == 0,
511	       $$_[0]);
512	  }
513      }
514    }
515};
516
517# Returns the number of matches of a Content Type Attribute in a binary file.
518sub contentType_matches {
519  # Read in a binary file
520  my ($in) = @_;
521  open (HEX_IN, "$in") or die("open failed for $in : $!");
522  binmode(HEX_IN);
523  local $/;
524  my $str = <HEX_IN>;
525
526  # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data)
527  my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs;
528
529  close(HEX_IN);
530  return scalar(@c);
531}
532
533subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
534    plan tests =>
535        (scalar @contenttype_cms_test);
536
537    foreach (@contenttype_cms_test) {
538      SKIP: {
539          my $skip_reason = check_availability($$_[0]);
540          skip $skip_reason, 1 if $skip_reason;
541
542          ok(run(app(["openssl", "cms", @{$$_[1]}]))
543             && run(app(["openssl", "cms", @{$$_[2]}]))
544             && contentType_matches("test2.cms") == 2
545             && run(app(["openssl", "cms", @{$$_[3]}])),
546             $$_[0]);
547        }
548    }
549};
550
551subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
552    plan tests =>
553        (scalar @incorrect_attribute_cms_test);
554
555    foreach my $name (@incorrect_attribute_cms_test) {
556        ok(!run(app(["openssl", "cms", "-verify", "-in",
557                     catfile($datadir, $name), "-inform", "DER", "-CAfile",
558                     catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])),
559            $name);
560    }
561};
562
563unlink "test.cms";
564unlink "test2.cms";
565unlink "smtst.txt";
566
567sub check_availability {
568    my $tnam = shift;
569
570    return "$tnam: skipped, EC disabled\n"
571        if ($no_ec && $tnam =~ /ECDH/);
572    return "$tnam: skipped, ECDH disabled\n"
573        if ($no_ec && $tnam =~ /ECDH/);
574    return "$tnam: skipped, EC2M disabled\n"
575        if ($no_ec2m && $tnam =~ /K-283/);
576    return "$tnam: skipped, DH disabled\n"
577        if ($no_dh && $tnam =~ /X9\.42/);
578    return "$tnam: skipped, RC2 disabled\n"
579        if ($no_rc2 && $tnam =~ /RC2/);
580    return "$tnam: skipped, DES disabled\n"
581        if ($no_des && $tnam =~ /DES/);
582    return "$tnam: skipped, DSA disabled\n"
583        if ($no_dsa && $tnam =~ / DSA/);
584
585    return "";
586}
587
588# Check that we get the expected failure return code
589with({ exit_checker => sub { return shift == 6; } },
590    sub {
591        ok(run(app(['openssl', 'cms', '-encrypt',
592                    '-in', srctop_file("test", "smcont.txt"),
593                    '-stream', '-recip',
594                    srctop_file("test/smime-certs", "badrsa.pem"),
595                   ])),
596            "Check failure during BIO setup with -stream is handled correctly");
597    });
598