1# test/cms-test.pl 2# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3# project. 4# 5# ==================================================================== 6# Copyright (c) 2008 The OpenSSL Project. All rights reserved. 7# 8# Redistribution and use in source and binary forms, with or without 9# modification, are permitted provided that the following conditions 10# are met: 11# 12# 1. Redistributions of source code must retain the above copyright 13# notice, this list of conditions and the following disclaimer. 14# 15# 2. Redistributions in binary form must reproduce the above copyright 16# notice, this list of conditions and the following disclaimer in 17# the documentation and/or other materials provided with the 18# distribution. 19# 20# 3. All advertising materials mentioning features or use of this 21# software must display the following acknowledgment: 22# "This product includes software developed by the OpenSSL Project 23# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24# 25# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26# endorse or promote products derived from this software without 27# prior written permission. For written permission, please contact 28# licensing@OpenSSL.org. 29# 30# 5. Products derived from this software may not be called "OpenSSL" 31# nor may "OpenSSL" appear in their names without prior written 32# permission of the OpenSSL Project. 33# 34# 6. Redistributions of any form whatsoever must retain the following 35# acknowledgment: 36# "This product includes software developed by the OpenSSL Project 37# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38# 39# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50# OF THE POSSIBILITY OF SUCH DAMAGE. 51# ==================================================================== 52 53# CMS, PKCS7 consistency test script. Run extensive tests on 54# OpenSSL PKCS#7 and CMS implementations. 55 56my $ossl_path; 57my $redir = " 2> cms.err > cms.out"; 58# Make VMS work 59if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { 60 $ossl_path = "pipe mcr OSSLX:openssl"; 61} 62# Make MSYS work 63elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { 64 $ossl_path = "cmd /c ..\\apps\\openssl"; 65} 66elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { 67 $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; 68} 69elsif ( -f "..\\out32dll\\openssl.exe" ) { 70 $ossl_path = "..\\out32dll\\openssl.exe"; 71} 72elsif ( -f "..\\out32\\openssl.exe" ) { 73 $ossl_path = "..\\out32\\openssl.exe"; 74} 75else { 76 die "Can't find OpenSSL executable"; 77} 78 79my $pk7cmd = "$ossl_path smime "; 80my $cmscmd = "$ossl_path cms "; 81my $smdir = "smime-certs"; 82my $halt_err = 1; 83 84my $badcmd = 0; 85my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; 86 87my @smime_pkcs7_tests = ( 88 89 [ 90 "signed content DER format, RSA key", 91 "-sign -in smcont.txt -outform \"DER\" -nodetach" 92 . " -certfile $smdir/smroot.pem" 93 . " -signer $smdir/smrsa1.pem -out test.cms", 94 "-verify -in test.cms -inform \"DER\" " 95 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 96 ], 97 98 [ 99 "signed detached content DER format, RSA key", 100 "-sign -in smcont.txt -outform \"DER\"" 101 . " -signer $smdir/smrsa1.pem -out test.cms", 102 "-verify -in test.cms -inform \"DER\" " 103 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" 104 ], 105 106 [ 107 "signed content test streaming BER format, RSA", 108 "-sign -in smcont.txt -outform \"DER\" -nodetach" 109 . " -stream -signer $smdir/smrsa1.pem -out test.cms", 110 "-verify -in test.cms -inform \"DER\" " 111 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 112 ], 113 114 [ 115 "signed content DER format, DSA key", 116 "-sign -in smcont.txt -outform \"DER\" -nodetach" 117 . " -signer $smdir/smdsa1.pem -out test.cms", 118 "-verify -in test.cms -inform \"DER\" " 119 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 120 ], 121 122 [ 123 "signed detached content DER format, DSA key", 124 "-sign -in smcont.txt -outform \"DER\"" 125 . " -signer $smdir/smdsa1.pem -out test.cms", 126 "-verify -in test.cms -inform \"DER\" " 127 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" 128 ], 129 130 [ 131 "signed detached content DER format, add RSA signer", 132 "-resign -inform \"DER\" -in test.cms -outform \"DER\"" 133 . " -signer $smdir/smrsa1.pem -out test2.cms", 134 "-verify -in test2.cms -inform \"DER\" " 135 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt" 136 ], 137 138 [ 139 "signed content test streaming BER format, DSA key", 140 "-sign -in smcont.txt -outform \"DER\" -nodetach" 141 . " -stream -signer $smdir/smdsa1.pem -out test.cms", 142 "-verify -in test.cms -inform \"DER\" " 143 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 144 ], 145 146 [ 147 "signed content test streaming BER format, 2 DSA and 2 RSA keys", 148 "-sign -in smcont.txt -outform \"DER\" -nodetach" 149 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 150 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 151 . " -stream -out test.cms", 152 "-verify -in test.cms -inform \"DER\" " 153 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 154 ], 155 156 [ 157"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 158 "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach" 159 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 160 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 161 . " -stream -out test.cms", 162 "-verify -in test.cms -inform \"DER\" " 163 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 164 ], 165 166 [ 167 "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", 168 "-sign -in smcont.txt -nodetach" 169 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 170 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 171 . " -stream -out test.cms", 172 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 173 ], 174 175 [ 176"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", 177 "-sign -in smcont.txt" 178 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 179 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 180 . " -stream -out test.cms", 181 "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 182 ], 183 184 [ 185 "enveloped content test streaming S/MIME format, 3 recipients", 186 "-encrypt -in smcont.txt" 187 . " -stream -out test.cms" 188 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 189 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 190 ], 191 192 [ 193"enveloped content test streaming S/MIME format, 3 recipients, 3rd used", 194 "-encrypt -in smcont.txt" 195 . " -stream -out test.cms" 196 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 197 "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt" 198 ], 199 200 [ 201"enveloped content test streaming S/MIME format, 3 recipients, key only used", 202 "-encrypt -in smcont.txt" 203 . " -stream -out test.cms" 204 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 205 "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt" 206 ], 207 208 [ 209"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", 210 "-encrypt -in smcont.txt" 211 . " -aes256 -stream -out test.cms" 212 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 213 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 214 ], 215 216); 217 218my @smime_cms_tests = ( 219 220 [ 221 "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 222 "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid" 223 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 224 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 225 . " -stream -out test.cms", 226 "-verify -in test.cms -inform \"DER\" " 227 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 228 ], 229 230 [ 231 "signed content test streaming PEM format, 2 DSA and 2 RSA keys", 232 "-sign -in smcont.txt -outform PEM -nodetach" 233 . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem" 234 . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem" 235 . " -stream -out test.cms", 236 "-verify -in test.cms -inform PEM " 237 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 238 ], 239 240 [ 241 "signed content MIME format, RSA key, signed receipt request", 242 "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach" 243 . " -receipt_request_to test\@openssl.org -receipt_request_all" 244 . " -out test.cms", 245 "-verify -in test.cms " 246 . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt" 247 ], 248 249 [ 250 "signed receipt MIME format, RSA key", 251 "-sign_receipt -in test.cms" 252 . " -signer $smdir/smrsa2.pem" 253 . " -out test2.cms", 254 "-verify_receipt test2.cms -in test.cms" 255 . " \"-CAfile\" $smdir/smroot.pem" 256 ], 257 258 [ 259 "enveloped content test streaming S/MIME format, 3 recipients, keyid", 260 "-encrypt -in smcont.txt" 261 . " -stream -out test.cms -keyid" 262 . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ", 263 "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt" 264 ], 265 266 [ 267 "enveloped content test streaming PEM format, KEK", 268 "-encrypt -in smcont.txt -outform PEM -aes128" 269 . " -stream -out test.cms " 270 . " -secretkey 000102030405060708090A0B0C0D0E0F " 271 . " -secretkeyid C0FEE0", 272 "-decrypt -in test.cms -out smtst.txt -inform PEM" 273 . " -secretkey 000102030405060708090A0B0C0D0E0F " 274 . " -secretkeyid C0FEE0" 275 ], 276 277 [ 278 "enveloped content test streaming PEM format, KEK, key only", 279 "-encrypt -in smcont.txt -outform PEM -aes128" 280 . " -stream -out test.cms " 281 . " -secretkey 000102030405060708090A0B0C0D0E0F " 282 . " -secretkeyid C0FEE0", 283 "-decrypt -in test.cms -out smtst.txt -inform PEM" 284 . " -secretkey 000102030405060708090A0B0C0D0E0F " 285 ], 286 287 [ 288 "data content test streaming PEM format", 289 "-data_create -in smcont.txt -outform PEM -nodetach" 290 . " -stream -out test.cms", 291 "-data_out -in test.cms -inform PEM -out smtst.txt" 292 ], 293 294 [ 295 "encrypted content test streaming PEM format, 128 bit RC2 key", 296 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" 297 . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F" 298 . " -stream -out test.cms", 299 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " 300 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 301 ], 302 303 [ 304 "encrypted content test streaming PEM format, 40 bit RC2 key", 305 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" 306 . " -rc2 -secretkey 0001020304" 307 . " -stream -out test.cms", 308 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " 309 . " -secretkey 0001020304 -out smtst.txt" 310 ], 311 312 [ 313 "encrypted content test streaming PEM format, triple DES key", 314 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" 315 . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 316 . " -stream -out test.cms", 317 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " 318 . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617" 319 . " -out smtst.txt" 320 ], 321 322 [ 323 "encrypted content test streaming PEM format, 128 bit AES key", 324 "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM" 325 . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F" 326 . " -stream -out test.cms", 327 "\"-EncryptedData_decrypt\" -in test.cms -inform PEM " 328 . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt" 329 ], 330 331); 332 333my @smime_cms_comp_tests = ( 334 335 [ 336 "compressed content test streaming PEM format", 337 "-compress -in smcont.txt -outform PEM -nodetach" 338 . " -stream -out test.cms", 339 "-uncompress -in test.cms -inform PEM -out smtst.txt" 340 ] 341 342); 343 344print "CMS => PKCS#7 compatibility tests\n"; 345 346run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd ); 347 348print "CMS <= PKCS#7 compatibility tests\n"; 349 350run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd ); 351 352print "CMS <=> CMS consistency tests\n"; 353 354run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd ); 355run_smime_tests( \$badcmd, \@smime_cms_tests, $cmscmd, $cmscmd ); 356 357if ( `$ossl_path version -f` =~ /ZLIB/ ) { 358 run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd ); 359} 360else { 361 print "Zlib not supported: compression tests skipped\n"; 362} 363 364print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8); 365 366if ($badcmd) { 367 print "$badcmd TESTS FAILED!!\n"; 368} 369else { 370 print "ALL TESTS SUCCESSFUL.\n"; 371} 372 373unlink "test.cms"; 374unlink "test2.cms"; 375unlink "smtst.txt"; 376unlink "cms.out"; 377unlink "cms.err"; 378 379sub run_smime_tests { 380 my ( $rv, $aref, $scmd, $vcmd ) = @_; 381 382 foreach $smtst (@$aref) { 383 my ( $tnam, $rscmd, $rvcmd ) = @$smtst; 384 if ($ossl8) 385 { 386 # Skip smime resign: 0.9.8 smime doesn't support -resign 387 next if ($scmd =~ /smime/ && $rscmd =~ /-resign/); 388 # Disable streaming: option not supported in 0.9.8 389 $tnam =~ s/streaming//; 390 $rscmd =~ s/-stream//; 391 $rvcmd =~ s/-stream//; 392 } 393 system("$scmd$rscmd$redir"); 394 if ($?) { 395 print "$tnam: generation error\n"; 396 $$rv++; 397 exit 1 if $halt_err; 398 next; 399 } 400 system("$vcmd$rvcmd$redir"); 401 if ($?) { 402 print "$tnam: verify error\n"; 403 $$rv++; 404 exit 1 if $halt_err; 405 next; 406 } 407 if (!cmp_files("smtst.txt", "smcont.txt")) { 408 print "$tnam: content verify error\n"; 409 $$rv++; 410 exit 1 if $halt_err; 411 next; 412 } 413 print "$tnam: OK\n"; 414 } 415} 416 417sub cmp_files { 418 use FileHandle; 419 my ( $f1, $f2 ) = @_; 420 my $fp1 = FileHandle->new(); 421 my $fp2 = FileHandle->new(); 422 423 my ( $rd1, $rd2 ); 424 425 if ( !open( $fp1, "<$f1" ) ) { 426 print STDERR "Can't Open file $f1\n"; 427 return 0; 428 } 429 430 if ( !open( $fp2, "<$f2" ) ) { 431 print STDERR "Can't Open file $f2\n"; 432 return 0; 433 } 434 435 binmode $fp1; 436 binmode $fp2; 437 438 my $ret = 0; 439 440 for ( ; ; ) { 441 $n1 = sysread $fp1, $rd1, 4096; 442 $n2 = sysread $fp2, $rd2, 4096; 443 last if ( $n1 != $n2 ); 444 last if ( $rd1 ne $rd2 ); 445 446 if ( $n1 == 0 ) { 447 $ret = 1; 448 last; 449 } 450 451 } 452 453 close $fp1; 454 close $fp2; 455 456 return $ret; 457 458} 459 460