7 use File::Spec::Functions qw/catfile/;
8 use File::Compare qw/compare_text/;
9 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
10 use OpenSSL::Test::Utils;
14 plan skip_all => "CMS is not supported by this OpenSSL build"
17 my $smdir = srctop_dir("test", "smime-certs");
18 my $smcont = srctop_file("test", "smcont.txt");
19 my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
20 = disabled qw/des dh dsa ec ec2m rc2 zlib/;
24 my @smime_pkcs7_tests = (
26 [ "signed content DER format, RSA key",
27 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
28 "-certfile", catfile($smdir, "smroot.pem"),
29 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
30 [ "-verify", "-in", "test.cms", "-inform", "DER",
31 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
34 [ "signed detached content DER format, RSA key",
35 [ "-sign", "-in", $smcont, "-outform", "DER",
36 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
37 [ "-verify", "-in", "test.cms", "-inform", "DER",
38 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
42 [ "signed content test streaming BER format, RSA",
43 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
45 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
46 [ "-verify", "-in", "test.cms", "-inform", "DER",
47 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
50 [ "signed content DER format, DSA key",
51 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
52 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
53 [ "-verify", "-in", "test.cms", "-inform", "DER",
54 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
57 [ "signed detached content DER format, DSA key",
58 [ "-sign", "-in", $smcont, "-outform", "DER",
59 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
60 [ "-verify", "-in", "test.cms", "-inform", "DER",
61 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
65 [ "signed detached content DER format, add RSA signer (with DSA existing)",
66 [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
67 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
68 [ "-verify", "-in", "test2.cms", "-inform", "DER",
69 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
73 [ "signed content test streaming BER format, DSA key",
74 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
76 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
77 [ "-verify", "-in", "test.cms", "-inform", "DER",
78 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
81 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
82 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
83 "-signer", catfile($smdir, "smrsa1.pem"),
84 "-signer", catfile($smdir, "smrsa2.pem"),
85 "-signer", catfile($smdir, "smdsa1.pem"),
86 "-signer", catfile($smdir, "smdsa2.pem"),
87 "-stream", "-out", "test.cms" ],
88 [ "-verify", "-in", "test.cms", "-inform", "DER",
89 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
92 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
93 [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
94 "-signer", catfile($smdir, "smrsa1.pem"),
95 "-signer", catfile($smdir, "smrsa2.pem"),
96 "-signer", catfile($smdir, "smdsa1.pem"),
97 "-signer", catfile($smdir, "smdsa2.pem"),
98 "-stream", "-out", "test.cms" ],
99 [ "-verify", "-in", "test.cms", "-inform", "DER",
100 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
103 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
104 [ "-sign", "-in", $smcont, "-nodetach",
105 "-signer", catfile($smdir, "smrsa1.pem"),
106 "-signer", catfile($smdir, "smrsa2.pem"),
107 "-signer", catfile($smdir, "smdsa1.pem"),
108 "-signer", catfile($smdir, "smdsa2.pem"),
109 "-stream", "-out", "test.cms" ],
110 [ "-verify", "-in", "test.cms",
111 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
114 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
115 [ "-sign", "-in", $smcont,
116 "-signer", catfile($smdir, "smrsa1.pem"),
117 "-signer", catfile($smdir, "smrsa2.pem"),
118 "-signer", catfile($smdir, "smdsa1.pem"),
119 "-signer", catfile($smdir, "smdsa2.pem"),
120 "-stream", "-out", "test.cms" ],
121 [ "-verify", "-in", "test.cms",
122 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
125 [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
126 [ "-encrypt", "-in", $smcont,
127 "-stream", "-out", "test.cms",
128 catfile($smdir, "smrsa1.pem"),
129 catfile($smdir, "smrsa2.pem"),
130 catfile($smdir, "smrsa3.pem") ],
131 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
132 "-in", "test.cms", "-out", "smtst.txt" ]
135 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
136 [ "-encrypt", "-in", $smcont,
137 "-stream", "-out", "test.cms",
138 catfile($smdir, "smrsa1.pem"),
139 catfile($smdir, "smrsa2.pem"),
140 catfile($smdir, "smrsa3.pem") ],
141 [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
142 "-in", "test.cms", "-out", "smtst.txt" ]
145 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
146 [ "-encrypt", "-in", $smcont,
147 "-stream", "-out", "test.cms",
148 catfile($smdir, "smrsa1.pem"),
149 catfile($smdir, "smrsa2.pem"),
150 catfile($smdir, "smrsa3.pem") ],
151 [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
152 "-in", "test.cms", "-out", "smtst.txt" ]
155 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
156 [ "-encrypt", "-in", $smcont,
157 "-aes256", "-stream", "-out", "test.cms",
158 catfile($smdir, "smrsa1.pem"),
159 catfile($smdir, "smrsa2.pem"),
160 catfile($smdir, "smrsa3.pem") ],
161 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
162 "-in", "test.cms", "-out", "smtst.txt" ]
167 my @smime_cms_tests = (
169 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
170 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
171 "-signer", catfile($smdir, "smrsa1.pem"),
172 "-signer", catfile($smdir, "smrsa2.pem"),
173 "-signer", catfile($smdir, "smdsa1.pem"),
174 "-signer", catfile($smdir, "smdsa2.pem"),
175 "-stream", "-out", "test.cms" ],
176 [ "-verify", "-in", "test.cms", "-inform", "DER",
177 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
180 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
181 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
182 "-signer", catfile($smdir, "smrsa1.pem"),
183 "-signer", catfile($smdir, "smrsa2.pem"),
184 "-signer", catfile($smdir, "smdsa1.pem"),
185 "-signer", catfile($smdir, "smdsa2.pem"),
186 "-stream", "-out", "test.cms" ],
187 [ "-verify", "-in", "test.cms", "-inform", "PEM",
188 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
191 [ "signed content MIME format, RSA key, signed receipt request",
192 [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
193 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
194 "-out", "test.cms" ],
195 [ "-verify", "-in", "test.cms",
196 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
199 [ "signed receipt MIME format, RSA key",
200 [ "-sign_receipt", "-in", "test.cms",
201 "-signer", catfile($smdir, "smrsa2.pem"),
202 "-out", "test2.cms" ],
203 [ "-verify_receipt", "test2.cms", "-in", "test.cms",
204 "-CAfile", catfile($smdir, "smroot.pem") ]
207 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
208 [ "-encrypt", "-in", $smcont,
209 "-stream", "-out", "test.cms", "-keyid",
210 catfile($smdir, "smrsa1.pem"),
211 catfile($smdir, "smrsa2.pem"),
212 catfile($smdir, "smrsa3.pem") ],
213 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
214 "-in", "test.cms", "-out", "smtst.txt" ]
217 [ "enveloped content test streaming PEM format, KEK",
218 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
219 "-stream", "-out", "test.cms",
220 "-secretkey", "000102030405060708090A0B0C0D0E0F",
221 "-secretkeyid", "C0FEE0" ],
222 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
223 "-secretkey", "000102030405060708090A0B0C0D0E0F",
224 "-secretkeyid", "C0FEE0" ]
227 [ "enveloped content test streaming PEM format, KEK, key only",
228 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
229 "-stream", "-out", "test.cms",
230 "-secretkey", "000102030405060708090A0B0C0D0E0F",
231 "-secretkeyid", "C0FEE0" ],
232 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
233 "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
236 [ "data content test streaming PEM format",
237 [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
238 "-stream", "-out", "test.cms" ],
239 [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
242 [ "encrypted content test streaming PEM format, 128 bit RC2 key",
243 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
244 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
245 "-stream", "-out", "test.cms" ],
246 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
247 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
250 [ "encrypted content test streaming PEM format, 40 bit RC2 key",
251 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
252 "-rc2", "-secretkey", "0001020304",
253 "-stream", "-out", "test.cms" ],
254 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
255 "-secretkey", "0001020304", "-out", "smtst.txt" ]
258 [ "encrypted content test streaming PEM format, triple DES key",
259 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
260 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
261 "-stream", "-out", "test.cms" ],
262 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
263 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
264 "-out", "smtst.txt" ]
267 [ "encrypted content test streaming PEM format, 128 bit AES key",
268 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
269 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
270 "-stream", "-out", "test.cms" ],
271 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
272 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
277 my @smime_cms_comp_tests = (
279 [ "compressed content test streaming PEM format",
280 [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
281 "-stream", "-out", "test.cms" ],
282 [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
287 my @smime_cms_param_tests = (
288 [ "signed content test streaming PEM format, RSA keys, PSS signature",
289 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
290 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
291 "-out", "test.cms" ],
292 [ "-verify", "-in", "test.cms", "-inform", "PEM",
293 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
296 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
297 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
298 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
299 "-out", "test.cms" ],
300 [ "-verify", "-in", "test.cms", "-inform", "PEM",
301 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
304 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
305 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
306 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
307 "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
308 [ "-verify", "-in", "test.cms", "-inform", "PEM",
309 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
312 [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
313 [ "-encrypt", "-in", $smcont,
314 "-stream", "-out", "test.cms",
315 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
316 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
317 "-in", "test.cms", "-out", "smtst.txt" ]
320 [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
321 [ "-encrypt", "-in", $smcont,
322 "-stream", "-out", "test.cms",
323 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
324 "-keyopt", "rsa_oaep_md:sha256" ],
325 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
326 "-in", "test.cms", "-out", "smtst.txt" ]
329 [ "enveloped content test streaming S/MIME format, DES, ECDH",
330 [ "-encrypt", "-in", $smcont,
331 "-stream", "-out", "test.cms",
332 "-recip", catfile($smdir, "smec1.pem") ],
333 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
334 "-in", "test.cms", "-out", "smtst.txt" ]
337 [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
338 [ "-encrypt", "-keyid", "-in", $smcont,
339 "-stream", "-out", "test.cms",
340 "-recip", catfile($smdir, "smec1.pem") ],
341 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
342 "-in", "test.cms", "-out", "smtst.txt" ]
345 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
346 [ "-encrypt", "-in", $smcont,
347 "-stream", "-out", "test.cms",
348 "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
349 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
350 "-in", "test.cms", "-out", "smtst.txt" ]
353 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
354 [ "-encrypt", "-in", $smcont,
355 "-stream", "-out", "test.cms",
356 "-recip", catfile($smdir, "smec2.pem"), "-aes128",
357 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
358 [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
359 "-in", "test.cms", "-out", "smtst.txt" ]
362 [ "enveloped content test streaming S/MIME format, X9.42 DH",
363 [ "-encrypt", "-in", $smcont,
364 "-stream", "-out", "test.cms",
365 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
366 [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
367 "-in", "test.cms", "-out", "smtst.txt" ]
371 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
372 plan tests => scalar @smime_pkcs7_tests;
374 foreach (@smime_pkcs7_tests) {
376 my $skip_reason = check_availability($$_[0]);
377 skip $skip_reason, 1 if $skip_reason;
379 ok(run(app(["openssl", "cms", @{$$_[1]}]))
380 && run(app(["openssl", "smime", @{$$_[2]}]))
381 && compare_text($smcont, "smtst.txt") == 0,
386 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
387 plan tests => scalar @smime_pkcs7_tests;
389 foreach (@smime_pkcs7_tests) {
391 my $skip_reason = check_availability($$_[0]);
392 skip $skip_reason, 1 if $skip_reason;
394 ok(run(app(["openssl", "smime", @{$$_[1]}]))
395 && run(app(["openssl", "cms", @{$$_[2]}]))
396 && compare_text($smcont, "smtst.txt") == 0,
402 subtest "CMS <=> CMS consistency tests\n" => sub {
403 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
405 foreach (@smime_pkcs7_tests) {
407 my $skip_reason = check_availability($$_[0]);
408 skip $skip_reason, 1 if $skip_reason;
410 ok(run(app(["openssl", "cms", @{$$_[1]}]))
411 && run(app(["openssl", "cms", @{$$_[2]}]))
412 && compare_text($smcont, "smtst.txt") == 0,
416 foreach (@smime_cms_tests) {
418 my $skip_reason = check_availability($$_[0]);
419 skip $skip_reason, 1 if $skip_reason;
421 ok(run(app(["openssl", "cms", @{$$_[1]}]))
422 && run(app(["openssl", "cms", @{$$_[2]}]))
423 && compare_text($smcont, "smtst.txt") == 0,
429 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
431 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
433 foreach (@smime_cms_param_tests) {
435 my $skip_reason = check_availability($$_[0]);
436 skip $skip_reason, 1 if $skip_reason;
438 ok(run(app(["openssl", "cms", @{$$_[1]}]))
439 && run(app(["openssl", "cms", @{$$_[2]}]))
440 && compare_text($smcont, "smtst.txt") == 0,
446 skip("Zlib not supported: compression tests skipped",
447 scalar @smime_cms_comp_tests)
450 foreach (@smime_cms_comp_tests) {
452 my $skip_reason = check_availability($$_[0]);
453 skip $skip_reason, 1 if $skip_reason;
455 ok(run(app(["openssl", "cms", @{$$_[1]}]))
456 && run(app(["openssl", "cms", @{$$_[2]}]))
457 && compare_text($smcont, "smtst.txt") == 0,
468 sub check_availability {
471 return "$tnam: skipped, EC disabled\n"
472 if ($no_ec && $tnam =~ /ECDH/);
473 return "$tnam: skipped, ECDH disabled\n"
474 if ($no_ec && $tnam =~ /ECDH/);
475 return "$tnam: skipped, EC2M disabled\n"
476 if ($no_ec2m && $tnam =~ /K-283/);
477 return "$tnam: skipped, DH disabled\n"
478 if ($no_dh && $tnam =~ /X9\.42/);
479 return "$tnam: skipped, RC2 disabled\n"
480 if ($no_rc2 && $tnam =~ /RC2/);
481 return "$tnam: skipped, DES disabled\n"
482 if ($no_des && $tnam =~ /DES/);
483 return "$tnam: skipped, DSA disabled\n"
484 if ($no_dsa && $tnam =~ / DSA/);