X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fcms-test.pl;h=3ccece3f6748f51944a8584495393cbeae03460f;hp=de8908fb7f415eb8c3b4741a965564e024adf044;hb=51cb950904ea4261cd9e90f0a5099e339ea43241;hpb=7d7e640e0b786b048b9cfc58657cacdfe92232a0 diff --git a/test/cms-test.pl b/test/cms-test.pl index de8908fb7f..3ccece3f67 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -53,93 +53,114 @@ # CMS, PKCS7 consistency test script. Run extensive tests on # OpenSSL PKCS#7 and CMS implementations. +my $ossl_path; +my $redir = " 2> cms.err > cms.out"; +# Make VMS work +if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { + $ossl_path = "pipe mcr OSSLX:openssl"; +} +# Make MSYS work +elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { + $ossl_path = "cmd /c ..\\apps\\openssl"; +} +elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { + $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; +} +elsif ( -f "..\\out32dll\\openssl.exe" ) { + $ossl_path = "..\\out32dll\\openssl.exe"; +} +elsif ( -f "..\\out32\\openssl.exe" ) { + $ossl_path = "..\\out32\\openssl.exe"; +} +else { + die "Can't find OpenSSL executable"; +} -my $ossl_path = "../apps/openssl"; -my $cmd = "$ossl_path cms "; -my $cmd2 = "$ossl_path smime "; -my $smdir = "smime-certs"; +my $pk7cmd = "$ossl_path smime "; +my $cmscmd = "$ossl_path cms "; +my $smdir = "smime-certs"; +my $halt_err = 1; my $badcmd = 0; +my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" + . " -certfile $smdir/smroot.pem" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, RSA key", - - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, RSA", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smrsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content DER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed detached content DER format, DSA key", - - "-sign -in smcont.txt -outform DER" + "-sign -in smcont.txt -outform \"DER\"" . " -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed detached content DER format, add RSA signer", - - "-resign -inform DER -in test.cms -outform DER" + "-resign -inform \"DER\" -in test.cms -outform \"DER\"" . " -signer $smdir/smrsa1.pem -out test2.cms", - "-verify -in test2.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt" + "-verify -in test2.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" ], [ "signed content test streaming BER format, DSA key", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -stream -signer $smdir/smdsa1.pem -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - "-sign -in smcont.txt -outform DER -nodetach" + "-sign -in smcont.txt -outform \"DER\" -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - "-sign -in smcont.txt -outform DER -noattr -nodetach" + "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -148,8 +169,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -158,8 +178,7 @@ my @smime_pkcs7_tests = ( . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -200,12 +219,12 @@ my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - "-sign -in smcont.txt -outform DER -nodetach -keyid" + "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", - "-verify -in test.cms -inform DER " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + "-verify -in test.cms -inform \"DER\" " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" ], [ @@ -215,7 +234,54 @@ my @smime_cms_tests = ( . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" . " -stream -out test.cms", "-verify -in test.cms -inform PEM " - . " -CAfile $smdir/smroot.pem -out smtst.txt" + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content MIME format, RSA key, signed receipt request", + "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" + . " -receipt_request_to test\@openssl.org -receipt_request_all" + . " -out test.cms", + "-verify -in test.cms " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed receipt MIME format, RSA key", + "-sign_receipt -in test.cms" + . " -signer $smdir/smrsa2.pem" + . " -out test2.cms", + "-verify_receipt test2.cms -in test.cms" + . " \"-CAfile\" $smdir/smroot.pem" + ], + + [ + "enveloped content test streaming S/MIME format, 3 recipients, keyid", + "-encrypt -in smcont.txt" + . " -stream -out test.cms -keyid" + . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ + "enveloped content test streaming PEM format, KEK", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0" + ], + + [ + "enveloped content test streaming PEM format, KEK, key only", + "-encrypt -in smcont.txt -outform PEM -aes128" + . " -stream -out test.cms " + . " -secretkey 000102030405060708090A0B0C0D0E0F " + . " -secretkeyid C0FEE0", + "-decrypt -in test.cms -out smtst.txt -inform PEM" + . " -secretkey 000102030405060708090A0B0C0D0E0F " ], [ @@ -227,38 +293,38 @@ my @smime_cms_tests = ( [ "encrypted content test streaming PEM format, 128 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -rc2 -secretkey 0001020304" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 0001020304 -out smtst.txt" ], [ "encrypted content test streaming PEM format, triple DES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" . " -out smtst.txt" ], [ "encrypted content test streaming PEM format, 128 bit AES key", - "-EncryptedData_encrypt -in smcont.txt -outform PEM" + "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" . " -stream -out test.cms", - "-EncryptedData_decrypt -in test.cms -inform PEM " + "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" ], @@ -275,26 +341,77 @@ my @smime_cms_comp_tests = ( ); +my @smime_cms_param_tests = ( + [ + "signed content test streaming PEM format, RSA keys, PSS signature", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", + "-sign -in smcont.txt -outform PEM -nodetach -noattr" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ + "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", + "-sign -in smcont.txt -outform PEM -nodetach" + . " -signer $smdir/smrsa1.pem -keyopt rsa_padding_mode:pss" + . " -keyopt rsa_mgf1_md:sha384 -out test.cms", + "-verify -in test.cms -inform PEM " + . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP default parameters", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ], + + [ +"enveloped content test streaming S/MIME format, OAEP SHA256", + "-encrypt -in smcont.txt" + . " -stream -out test.cms" + . " -recip $smdir/smrsa1.pem -keyopt rsa_padding_mode:oaep" + . " -keyopt rsa_oaep_md:sha256", + "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" + ] +); + print "CMS => PKCS#7 compatibility tests\n"; -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmd, $cmd2 ); +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); print "CMS <= PKCS#7 compatibility tests\n"; -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmd2, $cmd ); +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); print "CMS <=> CMS consistency tests\n"; -run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmd, $cmd ); -run_smime_tests( \$badcmd, \@smime_cms_tests, $cmd, $cmd ); +run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); +run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); + +print "CMS <=> CMS consistency tests, modified key parameters\n"; +run_smime_tests( \$badcmd, \@smime_cms_param_tests, $cmscmd, $cmscmd ); if ( `$ossl_path version -f` =~ /ZLIB/ ) { - run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmd, $cmd ); + run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); } else { print "Zlib not supported: compression tests skipped\n"; } +print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); + if ($badcmd) { print "$badcmd TESTS FAILED!!\n"; } @@ -302,24 +419,90 @@ else { print "ALL TESTS SUCCESSFUL.\n"; } +unlink "test.cms"; +unlink "test2.cms"; +unlink "smtst.txt"; +unlink "cms.out"; +unlink "cms.err"; + sub run_smime_tests { my ( $rv, $aref, $scmd, $vcmd ) = @_; foreach $smtst (@$aref) { my ( $tnam, $rscmd, $rvcmd ) = @$smtst; - system( $scmd . $rscmd ); + if ($ossl8) + { + # Skip smime resign: 0.9.8 smime doesn't support -resign + next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); + # Disable streaming: option not supported in 0.9.8 + $tnam =~ s/streaming//; + $rscmd =~ s/-stream//; + $rvcmd =~ s/-stream//; + } + system("$scmd$rscmd$redir"); if ($?) { print "$tnam: generation error\n"; $$rv++; + exit 1 if $halt_err; next; } - system( $vcmd . $rvcmd ); + system("$vcmd$rvcmd$redir"); if ($?) { print "$tnam: verify error\n"; $$rv++; + exit 1 if $halt_err; next; } + if (!cmp_files("smtst.txt", "smcont.txt")) { + print "$tnam: content verify error\n"; + $$rv++; + exit 1 if $halt_err; + next; + } print "$tnam: OK\n"; } } +sub cmp_files { + use FileHandle; + my ( $f1, $f2 ) = @_; + my $fp1 = FileHandle->new(); + my $fp2 = FileHandle->new(); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} +