7 use File::Spec::Functions qw/catfile/;
8 use File::Compare qw/compare_text/;
10 use OpenSSL::Test qw/:DEFAULT top_dir top_file/;
14 my $smdir = top_dir("test", "smime-certs");
15 my $smcont = top_file("test", "smcont.txt");
16 my $no_ec = run(app(["openssl", "no-ec"], stdout => undef));
17 my $no_ec2m = run(app(["openssl", "no-ec2m"], stdout => undef));
18 my $no_ecdh = run(app(["openssl", "no-ecdh"], stdout => undef));
22 my @smime_pkcs7_tests = (
24 [ "signed content DER format, RSA key",
25 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
26 "-certfile", catfile($smdir, "smroot.pem"),
27 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
28 [ "-verify", "-in", "test.cms", "-inform", "DER",
29 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
32 [ "signed detached content DER format, RSA key",
33 [ "-sign", "-in", $smcont, "-outform", "DER",
34 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
35 [ "-verify", "-in", "test.cms", "-inform", "DER",
36 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
40 [ "signed content test streaming BER format, RSA",
41 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
43 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
44 [ "-verify", "-in", "test.cms", "-inform", "DER",
45 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
48 [ "signed content DER format, DSA key",
49 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
50 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
51 [ "-verify", "-in", "test.cms", "-inform", "DER",
52 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
55 [ "signed detached content DER format, DSA key",
56 [ "-sign", "-in", $smcont, "-outform", "DER",
57 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
58 [ "-verify", "-in", "test.cms", "-inform", "DER",
59 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
63 [ "signed detached content DER format, add RSA signer",
64 [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
65 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
66 [ "-verify", "-in", "test2.cms", "-inform", "DER",
67 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
71 [ "signed content test streaming BER format, DSA key",
72 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
74 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
75 [ "-verify", "-in", "test.cms", "-inform", "DER",
76 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
79 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
80 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
81 "-signer", catfile($smdir, "smrsa1.pem"),
82 "-signer", catfile($smdir, "smrsa2.pem"),
83 "-signer", catfile($smdir, "smdsa1.pem"),
84 "-signer", catfile($smdir, "smdsa2.pem"),
85 "-stream", "-out", "test.cms" ],
86 [ "-verify", "-in", "test.cms", "-inform", "DER",
87 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
90 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
91 [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
92 "-signer", catfile($smdir, "smrsa1.pem"),
93 "-signer", catfile($smdir, "smrsa2.pem"),
94 "-signer", catfile($smdir, "smdsa1.pem"),
95 "-signer", catfile($smdir, "smdsa2.pem"),
96 "-stream", "-out", "test.cms" ],
97 [ "-verify", "-in", "test.cms", "-inform", "DER",
98 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
101 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
102 [ "-sign", "-in", $smcont, "-nodetach",
103 "-signer", catfile($smdir, "smrsa1.pem"),
104 "-signer", catfile($smdir, "smrsa2.pem"),
105 "-signer", catfile($smdir, "smdsa1.pem"),
106 "-signer", catfile($smdir, "smdsa2.pem"),
107 "-stream", "-out", "test.cms" ],
108 [ "-verify", "-in", "test.cms",
109 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
112 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
113 [ "-sign", "-in", $smcont,
114 "-signer", catfile($smdir, "smrsa1.pem"),
115 "-signer", catfile($smdir, "smrsa2.pem"),
116 "-signer", catfile($smdir, "smdsa1.pem"),
117 "-signer", catfile($smdir, "smdsa2.pem"),
118 "-stream", "-out", "test.cms" ],
119 [ "-verify", "-in", "test.cms",
120 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
123 [ "enveloped content test streaming S/MIME format, 3 recipients",
124 [ "-encrypt", "-in", $smcont,
125 "-stream", "-out", "test.cms",
126 catfile($smdir, "smrsa1.pem"),
127 catfile($smdir, "smrsa2.pem"),
128 catfile($smdir, "smrsa3.pem") ],
129 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
130 "-in", "test.cms", "-out", "smtst.txt" ]
133 [ "enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
134 [ "-encrypt", "-in", $smcont,
135 "-stream", "-out", "test.cms",
136 catfile($smdir, "smrsa1.pem"),
137 catfile($smdir, "smrsa2.pem"),
138 catfile($smdir, "smrsa3.pem") ],
139 [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
140 "-in", "test.cms", "-out", "smtst.txt" ]
143 [ "enveloped content test streaming S/MIME format, 3 recipients, key only used",
144 [ "-encrypt", "-in", $smcont,
145 "-stream", "-out", "test.cms",
146 catfile($smdir, "smrsa1.pem"),
147 catfile($smdir, "smrsa2.pem"),
148 catfile($smdir, "smrsa3.pem") ],
149 [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
150 "-in", "test.cms", "-out", "smtst.txt" ]
153 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
154 [ "-encrypt", "-in", $smcont,
155 "-aes256", "-stream", "-out", "test.cms",
156 catfile($smdir, "smrsa1.pem"),
157 catfile($smdir, "smrsa2.pem"),
158 catfile($smdir, "smrsa3.pem") ],
159 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
160 "-in", "test.cms", "-out", "smtst.txt" ]
165 my @smime_cms_tests = (
167 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
168 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
169 "-signer", catfile($smdir, "smrsa1.pem"),
170 "-signer", catfile($smdir, "smrsa2.pem"),
171 "-signer", catfile($smdir, "smdsa1.pem"),
172 "-signer", catfile($smdir, "smdsa2.pem"),
173 "-stream", "-out", "test.cms" ],
174 [ "-verify", "-in", "test.cms", "-inform", "DER",
175 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
178 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
179 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
180 "-signer", catfile($smdir, "smrsa1.pem"),
181 "-signer", catfile($smdir, "smrsa2.pem"),
182 "-signer", catfile($smdir, "smdsa1.pem"),
183 "-signer", catfile($smdir, "smdsa2.pem"),
184 "-stream", "-out", "test.cms" ],
185 [ "-verify", "-in", "test.cms", "-inform", "PEM",
186 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
189 [ "signed content MIME format, RSA key, signed receipt request",
190 [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
191 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
192 "-out", "test.cms" ],
193 [ "-verify", "-in", "test.cms",
194 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
197 [ "signed receipt MIME format, RSA key",
198 [ "-sign_receipt", "-in", "test.cms",
199 "-signer", catfile($smdir, "smrsa2.pem"),
200 "-out", "test2.cms" ],
201 [ "-verify_receipt", "test2.cms", "-in", "test.cms",
202 "-CAfile", catfile($smdir, "smroot.pem") ]
205 [ "enveloped content test streaming S/MIME format, 3 recipients, keyid",
206 [ "-encrypt", "-in", $smcont,
207 "-stream", "-out", "test.cms", "-keyid",
208 catfile($smdir, "smrsa1.pem"),
209 catfile($smdir, "smrsa2.pem"),
210 catfile($smdir, "smrsa3.pem") ],
211 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
212 "-in", "test.cms", "-out", "smtst.txt" ]
215 [ "enveloped content test streaming PEM format, KEK",
216 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
217 "-stream", "-out", "test.cms",
218 "-secretkey", "000102030405060708090A0B0C0D0E0F",
219 "-secretkeyid", "C0FEE0" ],
220 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
221 "-secretkey", "000102030405060708090A0B0C0D0E0F",
222 "-secretkeyid", "C0FEE0" ]
225 [ "enveloped content test streaming PEM format, KEK, key only",
226 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
227 "-stream", "-out", "test.cms",
228 "-secretkey", "000102030405060708090A0B0C0D0E0F",
229 "-secretkeyid", "C0FEE0" ],
230 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
231 "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
234 [ "data content test streaming PEM format",
235 [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
236 "-stream", "-out", "test.cms" ],
237 [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
240 [ "encrypted content test streaming PEM format, 128 bit RC2 key",
241 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
242 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
243 "-stream", "-out", "test.cms" ],
244 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
245 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
248 [ "encrypted content test streaming PEM format, 40 bit RC2 key",
249 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
250 "-rc2", "-secretkey", "0001020304",
251 "-stream", "-out", "test.cms" ],
252 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
253 "-secretkey", "0001020304", "-out", "smtst.txt" ]
256 [ "encrypted content test streaming PEM format, triple DES key",
257 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
258 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
259 "-stream", "-out", "test.cms" ],
260 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
261 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
262 "-out", "smtst.txt" ]
265 [ "encrypted content test streaming PEM format, 128 bit AES key",
266 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
267 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
268 "-stream", "-out", "test.cms" ],
269 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
270 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
275 my @smime_cms_comp_tests = (
277 [ "compressed content test streaming PEM format",
278 [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
279 "-stream", "-out", "test.cms" ],
280 [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
285 my @smime_cms_param_tests = (
286 [ "signed content test streaming PEM format, RSA keys, PSS signature",
287 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
288 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
289 "-out", "test.cms" ],
290 [ "-verify", "-in", "test.cms", "-inform", "PEM",
291 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
294 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
295 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
296 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
297 "-out", "test.cms" ],
298 [ "-verify", "-in", "test.cms", "-inform", "PEM",
299 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
302 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
303 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
304 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
305 "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
306 [ "-verify", "-in", "test.cms", "-inform", "PEM",
307 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
310 [ "enveloped content test streaming S/MIME format, OAEP default parameters",
311 [ "-encrypt", "-in", $smcont,
312 "-stream", "-out", "test.cms",
313 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
314 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
315 "-in", "test.cms", "-out", "smtst.txt" ]
318 [ "enveloped content test streaming S/MIME format, OAEP SHA256",
319 [ "-encrypt", "-in", $smcont,
320 "-stream", "-out", "test.cms",
321 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
322 "-keyopt", "rsa_oaep_md:sha256" ],
323 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
324 "-in", "test.cms", "-out", "smtst.txt" ]
327 [ "enveloped content test streaming S/MIME format, ECDH",
328 [ "-encrypt", "-in", $smcont,
329 "-stream", "-out", "test.cms",
330 "-recip", catfile($smdir, "smec1.pem") ],
331 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
332 "-in", "test.cms", "-out", "smtst.txt" ]
335 [ "enveloped content test streaming S/MIME format, ECDH, key identifier",
336 [ "-encrypt", "-keyid", "-in", $smcont,
337 "-stream", "-out", "test.cms",
338 "-recip", catfile($smdir, "smec1.pem") ],
339 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
340 "-in", "test.cms", "-out", "smtst.txt" ]
343 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
344 [ "-encrypt", "-in", $smcont,
345 "-stream", "-out", "test.cms",
346 "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
347 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
348 "-in", "test.cms", "-out", "smtst.txt" ]
351 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
352 [ "-encrypt", "-in", $smcont,
353 "-stream", "-out", "test.cms",
354 "-recip", catfile($smdir, "smec2.pem"), "-aes128",
355 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
356 [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
357 "-in", "test.cms", "-out", "smtst.txt" ]
360 [ "enveloped content test streaming S/MIME format, X9.42 DH",
361 [ "-encrypt", "-in", $smcont,
362 "-stream", "-out", "test.cms",
363 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
364 [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
365 "-in", "test.cms", "-out", "smtst.txt" ]
369 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
370 plan tests => scalar @smime_pkcs7_tests;
372 foreach (@smime_pkcs7_tests) {
374 my $skip_reason = check_availability($$_[0]);
375 skip $skip_reason, 1 if $skip_reason;
377 ok(run(app(["openssl", "cms", @{$$_[1]}]))
378 && run(app(["openssl", "smime", @{$$_[2]}]))
379 && compare_text($smcont, "smtst.txt") == 0,
384 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
385 plan tests => scalar @smime_pkcs7_tests;
387 foreach (@smime_pkcs7_tests) {
389 my $skip_reason = check_availability($$_[0]);
390 skip $skip_reason, 1 if $skip_reason;
392 ok(run(app(["openssl", "smime", @{$$_[1]}]))
393 && run(app(["openssl", "cms", @{$$_[2]}]))
394 && compare_text($smcont, "smtst.txt") == 0,
400 subtest "CMS <=> CMS consistency tests\n" => sub {
401 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
403 foreach (@smime_pkcs7_tests) {
405 my $skip_reason = check_availability($$_[0]);
406 skip $skip_reason, 1 if $skip_reason;
408 ok(run(app(["openssl", "cms", @{$$_[1]}]))
409 && run(app(["openssl", "cms", @{$$_[2]}]))
410 && compare_text($smcont, "smtst.txt") == 0,
414 foreach (@smime_cms_tests) {
416 my $skip_reason = check_availability($$_[0]);
417 skip $skip_reason, 1 if $skip_reason;
419 ok(run(app(["openssl", "cms", @{$$_[1]}]))
420 && run(app(["openssl", "cms", @{$$_[2]}]))
421 && compare_text($smcont, "smtst.txt") == 0,
427 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
429 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
431 foreach (@smime_cms_param_tests) {
433 my $skip_reason = check_availability($$_[0]);
434 skip $skip_reason, 1 if $skip_reason;
436 ok(run(app(["openssl", "cms", @{$$_[1]}]))
437 && run(app(["openssl", "cms", @{$$_[2]}]))
438 && compare_text($smcont, "smtst.txt") == 0,
444 skip("Zlib not supported: compression tests skipped",
445 scalar @smime_cms_comp_tests)
446 unless grep /ZLIB/, run(app(["openssl", "version", "-f"]),
449 foreach (@smime_cms_param_tests) {
451 my $skip_reason = check_availability($$_[0]);
452 skip $skip_reason, 1 if $skip_reason;
454 ok(run(app(["openssl", "cms", @{$$_[1]}]))
455 && run(app(["openssl", "cms", @{$$_[2]}]))
456 && compare_text($smcont, "smtst.txt") == 0,
467 sub check_availability {
470 return "$tnam: skipped, EC disabled\n"
471 if ($no_ec && $tnam =~ /ECDH/);
472 return "$tnam: skipped, ECDH disabled\n"
473 if ($no_ecdh && $tnam =~ /ECDH/);
474 return "$tnam: skipped, EC2M disabled\n"
475 if ($no_ec2m && $tnam =~ /K-283/);