X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fcms-test.pl;h=006733a6befeee223c0431c8a1f9a16417d0cd39;hp=b0e7b7f030d3c5ec23920db9a75b6162a67eda69;hb=2f32016bb99b1b5d7213392cb7c0d0c738e5e06f;hpb=f5cbf8fbe10ad934c2ef38f08f7f4c1da242d34f diff --git a/test/cms-test.pl b/test/cms-test.pl index b0e7b7f030..006733a6be 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -54,8 +54,16 @@ # OpenSSL PKCS#7 and CMS implementations. my $ossl_path; - -if ( -f "../apps/openssl" ) { +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { + $ossl_path = "pipe mcr OSSLX:openssl"; +} +# Make MSYS work +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; } elsif ( -f "..\\out32dll\\openssl.exe" ) { @@ -74,83 +82,100 @@ my $smdir = "smime-certs"; my $halt_err = 1; my $badcmd = 0; +my $no_ec; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; + +system ("$ossl_path no-ec >/dev/null"); +if ($? == 0) + { + $no_ec = 1; + } +elsif ($? == 256) + { + $no_ec = 0; + } +else + { + die "Error checking for EC support\n"; + } my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -certfile $smdir/smroot.pem" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, RSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content DER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, DSA key", - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed detached content DER format, add RSA signer", - "-resign -inform DER -in test.cms -outform DER" + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform DER -noattr -nodetach" + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -159,7 +184,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -168,7 +193,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -209,12 +234,12 @@ my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform DER -nodetach -keyid" + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -224,7 +249,54 @@ my @smime_cms_tests = ( . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", "-verify -in test.cms -inform PEM " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test\@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " \"-CAfile\" $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " ], [ @@ -236,38 +308,38 @@ my @smime_cms_tests = ( [ "encrypted content test streaming PEM format, 128 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 0001020304" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 0001020304 -out smtst.txt" ], [ "encrypted content test streaming PEM format, triple DES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -out smtst.txt" ], [ "encrypted content test streaming PEM format, 128 bit AES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], @@ -284,6 +356,85 @@ my @smime_cms_comp_tests = ( ); +my @smime_cms_param_tests = ( + [ + "signed content test streaming PEM format, RSA keys, PSS signature", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", + "-sign -in smcont.txt -outform PEM -nodetach -noattr" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -keyopt rsa_mgf1_md:sha384 -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP default parameters", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP SHA256", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep" + . " -keyopt rsa_oaep_md:sha256", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec1.pem -aes128 -keyopt ecdh_kdf_md:sha256", + "-decrypt -recip $smdir/smec1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smec2.pem -aes128" + . " -keyopt ecdh_kdf_md:sha256 -keyopt ecdh_cofactor_mode:1", + "-decrypt -recip $smdir/smec2.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, X9.42 DH", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smdh.pem -aes128", + "-decrypt -recip $smdir/smdh.pem -in test.cms -out smtst.txt" + ] +); + print "CMS => PKCS#7 compatibility tests\n"; run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); @@ -297,6 +448,9 @@ print "CMS <=> CMS consistency tests\n"; run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); +print "CMS <=> CMS consistency tests, modified key parameters\n"; +run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd ); + if ( `$ossl_path version -f` =~ /ZLIB/ ) { run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); } @@ -304,6 +458,8 @@ else { print "Zlib not supported: compression tests skipped\n"; } +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + if ($badcmd) { print "$badcmd TESTS FAILED!!\n"; } @@ -311,26 +467,95 @@ else { print "ALL TESTS SUCCESSFUL.\n"; } +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + sub run_smime_tests { my ( $rv, $aref, $scmd, $vcmd ) = @_; foreach $smtst (@$aref) { my ( $tnam, $rscmd, $rvcmd ) = @$smtst; - system( $scmd . $rscmd ); + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + if ($no_ec && $tnam =~ /ECDH/) + { + print "$tnam: skipped, EC disabled\n"; + next; + } + system("$scmd$rscmd$redir"); if ($?) { print "$tnam: generation error\n"; $$rv++; exit 1 if $halt_err; next; } - system( $vcmd . $rvcmd ); + system("$vcmd$rvcmd$redir"); if ($?) { print "$tnam: verify error\n"; $$rv++; exit 1 if $halt_err; next; } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } print "$tnam: OK\n"; } } +sub cmp_files { + use FileHandle; + my ( $f1, $f2 ) = @_; + my $fp1 = FileHandle->new(); + my $fp2 = FileHandle->new(); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} +