2 # Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5 # ====================================================================
6 # Copyright (c) 2008 The OpenSSL Project. All rights reserved.
8 # Redistribution and use in source and binary forms, with or without
9 # modification, are permitted provided that the following conditions
12 # 1. Redistributions of source code must retain the above copyright
13 # notice, this list of conditions and the following disclaimer.
15 # 2. Redistributions in binary form must reproduce the above copyright
16 # notice, this list of conditions and the following disclaimer in
17 # the documentation and/or other materials provided with the
20 # 3. All advertising materials mentioning features or use of this
21 # software must display the following acknowledgment:
22 # "This product includes software developed by the OpenSSL Project
23 # for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 # endorse or promote products derived from this software without
27 # prior written permission. For written permission, please contact
28 # licensing@OpenSSL.org.
30 # 5. Products derived from this software may not be called "OpenSSL"
31 # nor may "OpenSSL" appear in their names without prior written
32 # permission of the OpenSSL Project.
34 # 6. Redistributions of any form whatsoever must retain the following
36 # "This product includes software developed by the OpenSSL Project
37 # for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 # OF THE POSSIBILITY OF SUCH DAMAGE.
51 # ====================================================================
53 # CMS, PKCS7 consistency test script. Run extensive tests on
54 # OpenSSL PKCS#7 and CMS implementations.
57 my $redir = " 2> cms.err > cms.out";
59 if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
60 $ossl_path = "pipe mcr OSSLX:openssl";
64 elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
65 $ossl_path = "cmd /c ..\\apps\\openssl";
66 $null_path = "/dev/null";
68 elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
69 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
70 $null_path = "/dev/null";
72 elsif ( -f "..\\out32dll\\openssl.exe" ) {
73 $ossl_path = "..\\out32dll\\openssl.exe";
74 $null_path = "/dev/null";
76 elsif ( -f "..\\out32\\openssl.exe" ) {
77 $ossl_path = "..\\out32\\openssl.exe";
78 $null_path = "/dev/null";
81 die "Can't find OpenSSL executable";
84 my $pk7cmd = "$ossl_path smime ";
85 my $cmscmd = "$ossl_path cms ";
86 my $smdir = "smime-certs";
91 my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
93 system ("$ossl_path no-ec > $null_path");
98 elsif ($^O eq "VMS" ? $? == 512 : $? == 256)
104 die "Error checking for EC support\n";
107 my @smime_pkcs7_tests = (
110 "signed content DER format, RSA key",
111 "-sign -in smcont.txt -outform \"DER\" -nodetach"
112 . " -certfile $smdir/smroot.pem"
113 . " -signer $smdir/smrsa1.pem -out test.cms",
114 "-verify -in test.cms -inform \"DER\" "
115 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
119 "signed detached content DER format, RSA key",
120 "-sign -in smcont.txt -outform \"DER\""
121 . " -signer $smdir/smrsa1.pem -out test.cms",
122 "-verify -in test.cms -inform \"DER\" "
123 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
127 "signed content test streaming BER format, RSA",
128 "-sign -in smcont.txt -outform \"DER\" -nodetach"
129 . " -stream -signer $smdir/smrsa1.pem -out test.cms",
130 "-verify -in test.cms -inform \"DER\" "
131 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
135 "signed content DER format, DSA key",
136 "-sign -in smcont.txt -outform \"DER\" -nodetach"
137 . " -signer $smdir/smdsa1.pem -out test.cms",
138 "-verify -in test.cms -inform \"DER\" "
139 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
143 "signed detached content DER format, DSA key",
144 "-sign -in smcont.txt -outform \"DER\""
145 . " -signer $smdir/smdsa1.pem -out test.cms",
146 "-verify -in test.cms -inform \"DER\" "
147 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
151 "signed detached content DER format, add RSA signer",
152 "-resign -inform \"DER\" -in test.cms -outform \"DER\""
153 . " -signer $smdir/smrsa1.pem -out test2.cms",
154 "-verify -in test2.cms -inform \"DER\" "
155 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
159 "signed content test streaming BER format, DSA key",
160 "-sign -in smcont.txt -outform \"DER\" -nodetach"
161 . " -stream -signer $smdir/smdsa1.pem -out test.cms",
162 "-verify -in test.cms -inform \"DER\" "
163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
167 "signed content test streaming BER format, 2 DSA and 2 RSA keys",
168 "-sign -in smcont.txt -outform \"DER\" -nodetach"
169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
171 . " -stream -out test.cms",
172 "-verify -in test.cms -inform \"DER\" "
173 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
177 "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
178 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
179 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
180 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
181 . " -stream -out test.cms",
182 "-verify -in test.cms -inform \"DER\" "
183 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
187 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
188 "-sign -in smcont.txt -nodetach"
189 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
190 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
191 . " -stream -out test.cms",
192 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
196 "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
197 "-sign -in smcont.txt"
198 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
199 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
200 . " -stream -out test.cms",
201 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
205 "enveloped content test streaming S/MIME format, 3 recipients",
206 "-encrypt -in smcont.txt"
207 . " -stream -out test.cms"
208 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
209 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
213 "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
214 "-encrypt -in smcont.txt"
215 . " -stream -out test.cms"
216 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
217 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
221 "enveloped content test streaming S/MIME format, 3 recipients, key only used",
222 "-encrypt -in smcont.txt"
223 . " -stream -out test.cms"
224 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
225 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
229 "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
230 "-encrypt -in smcont.txt"
231 . " -aes256 -stream -out test.cms"
232 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
233 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
238 my @smime_cms_tests = (
241 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
242 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
243 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
244 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
245 . " -stream -out test.cms",
246 "-verify -in test.cms -inform \"DER\" "
247 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
251 "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
252 "-sign -in smcont.txt -outform PEM -nodetach"
253 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
254 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
255 . " -stream -out test.cms",
256 "-verify -in test.cms -inform PEM "
257 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
261 "signed content MIME format, RSA key, signed receipt request",
262 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
263 . " -receipt_request_to test\@openssl.org -receipt_request_all"
265 "-verify -in test.cms "
266 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
270 "signed receipt MIME format, RSA key",
271 "-sign_receipt -in test.cms"
272 . " -signer $smdir/smrsa2.pem"
274 "-verify_receipt test2.cms -in test.cms"
275 . " \"-CAfile\" $smdir/smroot.pem"
279 "enveloped content test streaming S/MIME format, 3 recipients, keyid",
280 "-encrypt -in smcont.txt"
281 . " -stream -out test.cms -keyid"
282 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
283 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
287 "enveloped content test streaming PEM format, KEK",
288 "-encrypt -in smcont.txt -outform PEM -aes128"
289 . " -stream -out test.cms "
290 . " -secretkey 000102030405060708090A0B0C0D0E0F "
291 . " -secretkeyid C0FEE0",
292 "-decrypt -in test.cms -out smtst.txt -inform PEM"
293 . " -secretkey 000102030405060708090A0B0C0D0E0F "
294 . " -secretkeyid C0FEE0"
298 "enveloped content test streaming PEM format, KEK, key only",
299 "-encrypt -in smcont.txt -outform PEM -aes128"
300 . " -stream -out test.cms "
301 . " -secretkey 000102030405060708090A0B0C0D0E0F "
302 . " -secretkeyid C0FEE0",
303 "-decrypt -in test.cms -out smtst.txt -inform PEM"
304 . " -secretkey 000102030405060708090A0B0C0D0E0F "
308 "data content test streaming PEM format",
309 "-data_create -in smcont.txt -outform PEM -nodetach"
310 . " -stream -out test.cms",
311 "-data_out -in test.cms -inform PEM -out smtst.txt"
315 "encrypted content test streaming PEM format, 128 bit RC2 key",
316 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
317 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
318 . " -stream -out test.cms",
319 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
320 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
324 "encrypted content test streaming PEM format, 40 bit RC2 key",
325 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
326 . " -rc2 -secretkey 0001020304"
327 . " -stream -out test.cms",
328 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
329 . " -secretkey 0001020304 -out smtst.txt"
333 "encrypted content test streaming PEM format, triple DES key",
334 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
335 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
336 . " -stream -out test.cms",
337 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
338 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
343 "encrypted content test streaming PEM format, 128 bit AES key",
344 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
345 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
346 . " -stream -out test.cms",
347 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
348 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
353 my @smime_cms_comp_tests = (
356 "compressed content test streaming PEM format",
357 "-compress -in smcont.txt -outform PEM -nodetach"
358 . " -stream -out test.cms",
359 "-uncompress -in test.cms -inform PEM -out smtst.txt"
364 my @smime_cms_param_tests = (
366 "signed content test streaming PEM format, RSA keys, PSS signature",
367 "-sign -in smcont.txt -outform PEM -nodetach"
368 . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
370 "-verify -in test.cms -inform PEM "
371 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
375 "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
376 "-sign -in smcont.txt -outform PEM -nodetach -noattr"
377 . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
379 "-verify -in test.cms -inform PEM "
380 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
384 "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
385 "-sign -in smcont.txt -outform PEM -nodetach"
386 . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss"
387 . " -keyopt rsa_mgf1_md:sha384 -out test.cms",
388 "-verify -in test.cms -inform PEM "
389 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
393 "enveloped content test streaming S/MIME format, OAEP default parameters",
394 "-encrypt -in smcont.txt"
395 . " -stream -out test.cms"
396 . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep",
397 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
401 "enveloped content test streaming S/MIME format, OAEP SHA256",
402 "-encrypt -in smcont.txt"
403 . " -stream -out test.cms"
404 . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep"
405 . " -keyopt rsa_oaep_md:sha256",
406 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
410 "enveloped content test streaming S/MIME format, ECDH",
411 "-encrypt -in smcont.txt"
412 . " -stream -out test.cms"
413 . " -recip $smdir/smec1.pem",
414 "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
418 "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
419 "-encrypt -in smcont.txt"
420 . " -stream -out test.cms"
421 . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256",
422 "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt"
426 "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
427 "-encrypt -in smcont.txt"
428 . " -stream -out test.cms"
429 . " -recip $smdir/smec2.pem -aes128"
430 . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1",
431 "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt"
435 "enveloped content test streaming S/MIME format, X9.42 DH",
436 "-encrypt -in smcont.txt"
437 . " -stream -out test.cms"
438 . " -recip $smdir/smdh.pem -aes128",
439 "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt"
443 print "CMS => PKCS#7 compatibility tests\n";
445 run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
447 print "CMS <= PKCS#7 compatibility tests\n";
449 run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
451 print "CMS <=> CMS consistency tests\n";
453 run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
454 run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd );
456 print "CMS <=> CMS consistency tests, modified key parameters\n";
457 run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd );
459 if ( `$ossl_path version -f` =~ /ZLIB/ ) {
460 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
463 print "Zlib not supported: compression tests skipped\n";
466 print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
469 print "$badcmd TESTS FAILED!!\n";
472 print "ALL TESTS SUCCESSFUL.\n";
481 sub run_smime_tests {
482 my ( $rv, $aref, $scmd, $vcmd ) = @_;
484 foreach $smtst (@$aref) {
485 my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
488 # Skip smime resign: 0.9.8 smime doesn't support -resign
489 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
490 # Disable streaming: option not supported in 0.9.8
491 $tnam =~ s/streaming//;
492 $rscmd =~ s/-stream//;
493 $rvcmd =~ s/-stream//;
495 if ($no_ec && $tnam =~ /ECDH/)
497 print "$tnam: skipped, EC disabled\n";
500 system("$scmd$rscmd$redir");
502 print "$tnam: generation error\n";
507 system("$vcmd$rvcmd$redir");
509 print "$tnam: verify error\n";
514 if (!cmp_files("smtst.txt", "smcont.txt")) {
515 print "$tnam: content verify error\n";
526 my ( $f1, $f2 ) = @_;
527 my $fp1 = FileHandle->new();
528 my $fp2 = FileHandle->new();
532 if ( !open( $fp1, "<$f1" ) ) {
533 print STDERR "Can't Open file $f1\n";
537 if ( !open( $fp2, "<$f2" ) ) {
538 print STDERR "Can't Open file $f2\n";
548 $n1 = sysread $fp1, $rd1, 4096;
549 $n2 = sysread $fp2, $rd2, 4096;
550 last if ( $n1 != $n2 );
551 last if ( $rd1 ne $rd2 );