X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Frecipes%2F80-test_cms.t;h=fd66557616904d9a434b234a2dc0583951a1c4e5;hp=d0ee2da6c0404451f142d63b9cd853746eba186f;hb=cf6404b14198b96a882affe917bb337e2626136c;hpb=909f1a2e510bb2909dc78efead432460c6ab50d2 diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index d0ee2da6c0..fd66557616 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -21,160 +21,181 @@ setup("test_cms"); plan skip_all => "CMS is not supported by this OpenSSL build" if disabled("cms"); +my $datadir = srctop_dir("test", "recipes", "80-test_cms_data"); my $smdir = srctop_dir("test", "smime-certs"); my $smcont = srctop_file("test", "smcont.txt"); my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) = disabled qw/des dh dsa ec ec2m rc2 zlib/; -plan tests => 4; +plan tests => 7; my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed detached content DER format, RSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed content test streaming BER format, RSA", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-stream", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content DER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed detached content DER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed detached content DER format, add RSA signer (with DSA existing)", - [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ], - [ "-verify", "-in", "test2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed content test streaming BER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-stream", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content S/MIME format, RSA key SHA1", - [ "-sign", "-in", $smcont, "-md", "sha1", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - [ "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], ); @@ -182,109 +203,154 @@ my @smime_pkcs7_tests = ( my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content MIME format, RSA key, signed receipt request", - [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach", - "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed receipt MIME format, RSA key", - [ "-sign_receipt", "-in", "test.cms", - "-signer", catfile($smdir, "smrsa2.pem"), - "-out", "test2.cms" ], - [ "-verify_receipt", "test2.cms", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem") ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", + "-out", "{output}.cms" ], + [ "{cmd1}", "-sign_receipt", "-in", "{output}.cms", + "-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ], + [ "{cmd2}", "-verify_receipt", "{output}2.cms", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem") ] + ], + + [ "signed content DER format, RSA key, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER", + "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", + [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont, + "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", "-keyid", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", "-keyid", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming PEM format, KEK", - [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", - "-stream", "-out", "test.cms", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ], - [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + \&final_compare ], [ "enveloped content test streaming PEM format, KEK, key only", - [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", - "-stream", "-out", "test.cms", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ], - [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F" ], + \&final_compare ], [ "data content test streaming PEM format", - [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-stream", "-out", "test.cms" ], - [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + [ "{cmd1}", "-data_create", "-in", $smcont, "-outform", "PEM", + "-nodetach", "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-data_out", "-in", "{output}.cms", "-inform", "PEM", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 128 bit RC2 key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-rc2", "-secretkey", "0001020304", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "0001020304", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "0001020304", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "0001020304", "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, triple DES key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 128 bit AES key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-out", "{output}.txt" ], + \&final_compare ], ); @@ -292,202 +358,296 @@ my @smime_cms_tests = ( my @smime_cms_comp_tests = ( [ "compressed content test streaming PEM format", - [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-stream", "-out", "test.cms" ], - [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + [ "{cmd1}", "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-uncompress", "-in", "{output}.cms", "-inform", "PEM", + "-out", "{output}.txt" ], + \&final_compare ] ); my @smime_cms_param_tests = ( [ "signed content test streaming PEM format, RSA keys, PSS signature", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-noattr", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:oaep" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", - "-keyopt", "rsa_oaep_md:sha256" ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:oaep", + "-keyopt", "rsa_oaep_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, ECDH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smec1.pem"), - catfile($smdir, "smec3.pem") ], - [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smec1.pem"), + catfile($smdir, "smec3.pem") ], + [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", - [ "-encrypt", "-keyid", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-keyid", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem"), "-aes128", + "-keyopt", "ecdh_kdf_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec2.pem"), "-aes128", - "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], - [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec2.pem"), "-aes128", + "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec2.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, X9.42 DH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], - [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ] ); -subtest "CMS => PKCS#7 compatibility tests\n" => sub { - plan tests => scalar @smime_pkcs7_tests; +my @contenttype_cms_test = ( + [ "signed content test - check that content type is added to additional signerinfo, RSA keys", + [ "{cmd1}", "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, + "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256", + "-out", "{output}.cms" ], + [ "{cmd1}", "-resign", "-binary", "-nodetach", "-in", "{output}.cms", + "-inform", "DER", "-outform", "DER", + "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256", + "-out", "{output}2.cms" ], + sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; }, + [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ] + ], +); - foreach (@smime_pkcs7_tests) { +my @incorrect_attribute_cms_test = ( + "bad_signtime_attr.cms", + "no_ct_attr.cms", + "no_md_attr.cms", + "ct_multiple_attr.cms" +); + +# Runs a standard loop on the input array +sub runner_loop { + my %opts = ( @_ ); + my $cnt1 = 0; + + foreach (@{$opts{tests}}) { + $cnt1++; + $opts{output} = "$opts{prefix}-$cnt1"; SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "smime", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + my $ok = 1; + 1 while unlink "$opts{output}.txt"; + + foreach (@$_[1..$#$_]) { + if (ref $_ eq 'CODE') { + $ok &&= $_->(%opts); + } else { + my @cmd = map { + my $x = $_; + while ($x =~ /\{([^\}]+)\}/) { + $x = $`.$opts{$1}.$' if exists $opts{$1}; + } + $x; + } @$_; + + diag "CMD: openssl", join(" ", @cmd); + $ok &&= run(app(["openssl", @cmd])); + $opts{input} = $opts{output}; + } + } + + ok($ok, $$_[0]); + } } +} + +sub final_compare { + my %opts = @_; + + diag "Comparing $smcont with $opts{output}.txt"; + return compare_text($smcont, "$opts{output}.txt") == 0; +} + +subtest "CMS => PKCS#7 compatibility tests\n" => sub { + plan tests => scalar @smime_pkcs7_tests; + + runner_loop(prefix => 'cms2pkcs7', cmd1 => 'cms', cmd2 => 'smime', + tests => [ @smime_pkcs7_tests ]); }; subtest "CMS <= PKCS#7 compatibility tests\n" => sub { plan tests => scalar @smime_pkcs7_tests; - foreach (@smime_pkcs7_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "smime", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + runner_loop(prefix => 'pkcs72cms', cmd1 => 'smime', cmd2 => 'cms', + tests => [ @smime_pkcs7_tests ]); }; subtest "CMS <=> CMS consistency tests\n" => sub { plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests); - foreach (@smime_pkcs7_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } - foreach (@smime_cms_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + runner_loop(prefix => 'cms2cms-1', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_pkcs7_tests ]); + runner_loop(prefix => 'cms2cms-2', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_tests ]); }; subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { plan tests => - (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); - - foreach (@smime_cms_param_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); + runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_param_tests ]); SKIP: { skip("Zlib not supported: compression tests skipped", - scalar @smime_cms_comp_tests) - if $no_zlib; - - foreach (@smime_cms_comp_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + scalar @smime_cms_comp_tests) + if $no_zlib; + + runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_comp_tests ]); + } +}; + +# Returns the number of matches of a Content Type Attribute in a binary file. +sub contentType_matches { + # Read in a binary file + my ($in) = @_; + open (HEX_IN, "$in") or die("open failed for $in : $!"); + binmode(HEX_IN); + local $/; + my $str = ; + + # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data) + my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs; + + close(HEX_IN); + return scalar(@c); +} + +subtest "CMS Check the content type attribute is added for additional signers\n" => sub { + plan tests => (scalar @contenttype_cms_test); + + runner_loop(prefix => 'cms2cms-added', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @contenttype_cms_test ]); +}; + +subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { + plan tests => + (scalar @incorrect_attribute_cms_test); + + my $cnt = 0; + foreach my $name (@incorrect_attribute_cms_test) { + my $out = "incorrect-$cnt.txt"; + + ok(!run(app(["openssl", "cms", "-verify", "-in", + catfile($datadir, $name), "-inform", "DER", "-CAfile", + catfile($smdir, "smroot.pem"), "-out", $out ])), + $name); } }; -unlink "test.cms"; -unlink "test2.cms"; -unlink "smtst.txt"; +subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { + plan tests => 1; + + SKIP: { + skip "EC isn't supported in this build", 1 + if disabled("ec"); + + my $out = "smtst.txt"; + + ok(run(app(["openssl", "cms", "-decrypt", + "-inkey", catfile($smdir, "smec3.pem"), + "-in", catfile($datadir, "ciphertext_from_1_1_1.cms"), + "-out", $out ])) + && compare_text($smcont, $out) == 0, + "Decrypt message from OpenSSL 1.1.1"); + } +}; sub check_availability { my $tnam = shift;