1f59d82ffSelric#!/bin/sh 2f59d82ffSelric# 3f59d82ffSelric# Copyright (c) 2005 Kungliga Tekniska Högskolan 4f59d82ffSelric# (Royal Institute of Technology, Stockholm, Sweden). 5f59d82ffSelric# All rights reserved. 6f59d82ffSelric# 7f59d82ffSelric# Redistribution and use in source and binary forms, with or without 8f59d82ffSelric# modification, are permitted provided that the following conditions 9f59d82ffSelric# are met: 10f59d82ffSelric# 11f59d82ffSelric# 1. Redistributions of source code must retain the above copyright 12f59d82ffSelric# notice, this list of conditions and the following disclaimer. 13f59d82ffSelric# 14f59d82ffSelric# 2. Redistributions in binary form must reproduce the above copyright 15f59d82ffSelric# notice, this list of conditions and the following disclaimer in the 16f59d82ffSelric# documentation and/or other materials provided with the distribution. 17f59d82ffSelric# 18f59d82ffSelric# 3. Neither the name of the Institute nor the names of its contributors 19f59d82ffSelric# may be used to endorse or promote products derived from this software 20f59d82ffSelric# without specific prior written permission. 21f59d82ffSelric# 22f59d82ffSelric# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23f59d82ffSelric# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24f59d82ffSelric# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25f59d82ffSelric# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26f59d82ffSelric# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27f59d82ffSelric# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28f59d82ffSelric# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29f59d82ffSelric# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30f59d82ffSelric# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31f59d82ffSelric# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32f59d82ffSelric# SUCH DAMAGE. 33f59d82ffSelric# 34fcfd9267Selric# Id 35f59d82ffSelric# 36f59d82ffSelric 37f59d82ffSelricsrcdir="@srcdir@" 38f59d82ffSelricobjdir="@objdir@" 39f59d82ffSelric 40f59d82ffSelricstat="--statistic-file=${objdir}/statfile" 41f59d82ffSelric 42f59d82ffSelrichxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43f59d82ffSelric 44f59d82ffSelricif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45f59d82ffSelric exit 77 46f59d82ffSelricfi 47f59d82ffSelricif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48f59d82ffSelric exit 77 49f59d82ffSelricfi 50f59d82ffSelric 51f59d82ffSelricif ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then 52f59d82ffSelric echo "not testing ECDSA since hcrypto doesnt support ECDSA" 53f59d82ffSelricelse 54f59d82ffSelric echo "create signed data (ec)" 55f59d82ffSelric ${hxtool} cms-create-sd \ 56*e0895134Schristos --certificate=FILE:$srcdir/data/secp256r2TestClient.pem \ 57f59d82ffSelric "$srcdir/test_chain.in" \ 58f59d82ffSelric sd.data > /dev/null || exit 1 59f59d82ffSelric 60f59d82ffSelric echo "verify signed data (ec)" 61f59d82ffSelric ${hxtool} cms-verify-sd \ 62f59d82ffSelric --missing-revoke \ 63*e0895134Schristos --anchors=FILE:$srcdir/data/secp256r1TestCA.cert.pem \ 64f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 65f59d82ffSelric cmp "$srcdir/test_chain.in" sd.data.out || exit 1 66f59d82ffSelricfi 67f59d82ffSelric 68f59d82ffSelricecho "create signed data" 69f59d82ffSelric${hxtool} cms-create-sd \ 70f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 71f59d82ffSelric "$srcdir/test_chain.in" \ 72f59d82ffSelric sd.data > /dev/null || exit 1 73f59d82ffSelric 74f59d82ffSelricecho "verify signed data" 75f59d82ffSelric${hxtool} cms-verify-sd \ 76f59d82ffSelric --missing-revoke \ 77f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 78f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 79f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 80f59d82ffSelric 81f59d82ffSelricecho "create signed data (no signer)" 82f59d82ffSelric${hxtool} cms-create-sd \ 83f59d82ffSelric --no-signer \ 84f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 85f59d82ffSelric "$srcdir/test_chain.in" \ 86f59d82ffSelric sd.data > /dev/null || exit 1 87f59d82ffSelric 88f59d82ffSelricecho "verify signed data (no signer)" 89f59d82ffSelric${hxtool} cms-verify-sd \ 90f59d82ffSelric --missing-revoke \ 91f59d82ffSelric --no-signer-allowed \ 92f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 93f59d82ffSelric sd.data sd.data.out > signer.tmp || exit 1 94f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 95f59d82ffSelricgrep "unsigned" signer.tmp > /dev/null || exit 1 96f59d82ffSelric 97f59d82ffSelricecho "verify signed data (no signer) (test failure)" 98f59d82ffSelric${hxtool} cms-verify-sd \ 99f59d82ffSelric --missing-revoke \ 100f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 101f59d82ffSelric sd.data sd.data.out 2> signer.tmp && exit 1 102f59d82ffSelricgrep "No signers where found" signer.tmp > /dev/null || exit 1 103f59d82ffSelric 104f59d82ffSelricecho "create signed data (id-by-name)" 105f59d82ffSelric${hxtool} cms-create-sd \ 106f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 107f59d82ffSelric --id-by-name \ 108f59d82ffSelric "$srcdir/test_chain.in" \ 109f59d82ffSelric sd.data > /dev/null || exit 1 110f59d82ffSelric 111f59d82ffSelricecho "verify signed data" 112f59d82ffSelric${hxtool} cms-verify-sd \ 113f59d82ffSelric --missing-revoke \ 114f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 115f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 116f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 117f59d82ffSelric 118f59d82ffSelricecho "verify signed data (EE cert as anchor)" 119f59d82ffSelric${hxtool} cms-verify-sd \ 120f59d82ffSelric --missing-revoke \ 121f59d82ffSelric --anchors=FILE:$srcdir/data/test.crt \ 122f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 123f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 124f59d82ffSelric 125f59d82ffSelricecho "create signed data (password)" 126f59d82ffSelric${hxtool} cms-create-sd \ 127f59d82ffSelric --pass=PASS:foobar \ 128f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 129f59d82ffSelric "$srcdir/test_chain.in" \ 130f59d82ffSelric sd.data > /dev/null || exit 1 131f59d82ffSelric 132f59d82ffSelricecho "verify signed data" 133f59d82ffSelric${hxtool} cms-verify-sd \ 134f59d82ffSelric --missing-revoke \ 135f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 136f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 137f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 138f59d82ffSelric 139f59d82ffSelricecho "create signed data (combined)" 140f59d82ffSelric${hxtool} cms-create-sd \ 141f59d82ffSelric --certificate=FILE:$srcdir/data/test.combined.crt \ 142f59d82ffSelric "$srcdir/test_chain.in" \ 143f59d82ffSelric sd.data > /dev/null || exit 1 144f59d82ffSelric 145f59d82ffSelricecho "verify signed data" 146f59d82ffSelric${hxtool} cms-verify-sd \ 147f59d82ffSelric --missing-revoke \ 148f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 149f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 150f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 151f59d82ffSelric 152f59d82ffSelricecho "create signed data (content info)" 153f59d82ffSelric${hxtool} cms-create-sd \ 154f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 155f59d82ffSelric --content-info \ 156f59d82ffSelric "$srcdir/test_chain.in" \ 157f59d82ffSelric sd.data > /dev/null || exit 1 158f59d82ffSelric 159f59d82ffSelricecho "verify signed data (content info)" 160f59d82ffSelric${hxtool} cms-verify-sd \ 161f59d82ffSelric --missing-revoke \ 162f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 163f59d82ffSelric --content-info \ 164f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 165f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 166f59d82ffSelric 167f59d82ffSelricecho "create signed data (content type)" 168f59d82ffSelric${hxtool} cms-create-sd \ 169f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 170f59d82ffSelric --content-type=1.1.1.1 \ 171f59d82ffSelric "$srcdir/test_chain.in" \ 172f59d82ffSelric sd.data > /dev/null || exit 1 173f59d82ffSelric 174f59d82ffSelricecho "verify signed data (content type)" 175f59d82ffSelric${hxtool} cms-verify-sd \ 176f59d82ffSelric --missing-revoke \ 177f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 178f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 179f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 180f59d82ffSelric 181f59d82ffSelricecho "create signed data (pem)" 182f59d82ffSelric${hxtool} cms-create-sd \ 183f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 184f59d82ffSelric --pem \ 185f59d82ffSelric "$srcdir/test_chain.in" \ 186f59d82ffSelric sd.data > /dev/null || exit 1 187f59d82ffSelric 188f59d82ffSelricecho "verify signed data (pem)" 189f59d82ffSelric${hxtool} cms-verify-sd \ 190f59d82ffSelric --missing-revoke \ 191f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 192f59d82ffSelric --pem \ 193f59d82ffSelric sd.data sd.data.out > /dev/null 194f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 195f59d82ffSelric 196f59d82ffSelricecho "create signed data (pem, detached)" 197f59d82ffSelric${hxtool} cms-create-sd \ 198f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 199f59d82ffSelric --detached-signature \ 200f59d82ffSelric --pem \ 201f59d82ffSelric "$srcdir/test_chain.in" \ 202f59d82ffSelric sd.data > /dev/null || exit 1 203f59d82ffSelric 204f59d82ffSelricecho "verify signed data (pem, detached)" 205f59d82ffSelric${hxtool} cms-verify-sd \ 206f59d82ffSelric --missing-revoke \ 207f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 208f59d82ffSelric --pem \ 209f59d82ffSelric --signed-content="$srcdir/test_chain.in" \ 210f59d82ffSelric sd.data sd.data.out > /dev/null 211f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 212f59d82ffSelric 213f59d82ffSelricecho "create signed data (p12)" 214f59d82ffSelric${hxtool} cms-create-sd \ 215f59d82ffSelric --pass=PASS:foobar \ 216f59d82ffSelric --certificate=PKCS12:$srcdir/data/test.p12 \ 217f59d82ffSelric --signer=friendlyname-test \ 218f59d82ffSelric "$srcdir/test_chain.in" \ 219f59d82ffSelric sd.data > /dev/null || exit 1 220f59d82ffSelric 221f59d82ffSelricecho "verify signed data" 222f59d82ffSelric${hxtool} cms-verify-sd \ 223f59d82ffSelric --missing-revoke \ 224f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 225f59d82ffSelric --content-info \ 226f59d82ffSelric "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 227f59d82ffSelriccmp "$srcdir/data/static-file" sd.data.out || exit 1 228f59d82ffSelric 229f59d82ffSelricecho "verify signed data (no attr)" 230f59d82ffSelric${hxtool} cms-verify-sd \ 231f59d82ffSelric --missing-revoke \ 232f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 233f59d82ffSelric --content-info \ 234f59d82ffSelric "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 235f59d82ffSelriccmp "$srcdir/data/static-file" sd.data.out || exit 1 236f59d82ffSelric 237f59d82ffSelricecho "verify failure signed data (no attr, no certs)" 238f59d82ffSelric${hxtool} cms-verify-sd \ 239f59d82ffSelric --missing-revoke \ 240f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 241f59d82ffSelric --content-info \ 242f59d82ffSelric "$srcdir/data/test-signed-data-noattr-nocerts" \ 243f59d82ffSelric sd.data.out > /dev/null 2>/dev/null && exit 1 244f59d82ffSelric 245f59d82ffSelricecho "verify signed data (no attr, no certs)" 246f59d82ffSelric${hxtool} cms-verify-sd \ 247f59d82ffSelric --missing-revoke \ 248f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 249f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt \ 250f59d82ffSelric --content-info \ 251f59d82ffSelric "$srcdir/data/test-signed-data-noattr-nocerts" \ 252f59d82ffSelric sd.data.out > /dev/null || exit 1 253f59d82ffSelriccmp "$srcdir/data/static-file" sd.data.out || exit 1 254f59d82ffSelric 255f59d82ffSelricecho "verify signed data - sha1" 256f59d82ffSelric${hxtool} cms-verify-sd \ 257f59d82ffSelric --missing-revoke \ 258f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 259f59d82ffSelric --content-info \ 260f59d82ffSelric "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1 261f59d82ffSelriccmp "$srcdir/data/static-file" sd.data.out || exit 1 262f59d82ffSelric 263f59d82ffSelricecho "verify signed data - sha256" 264f59d82ffSelric${hxtool} cms-verify-sd \ 265f59d82ffSelric --missing-revoke \ 266f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 267f59d82ffSelric --content-info \ 268f59d82ffSelric "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1 269f59d82ffSelriccmp "$srcdir/data/static-file" sd.data.out || exit 1 270f59d82ffSelric 271f59d82ffSelric#echo "verify signed data - sha512" 272f59d82ffSelric#${hxtool} cms-verify-sd \ 273f59d82ffSelric# --missing-revoke \ 274f59d82ffSelric# --anchors=FILE:$srcdir/data/ca.crt \ 275f59d82ffSelric# --content-info \ 276f59d82ffSelric# "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1 277f59d82ffSelric#cmp "$srcdir/data/static-file" sd.data.out || exit 1 278f59d82ffSelric 279f59d82ffSelric 280f59d82ffSelricecho "create signed data (subcert, no certs)" 281f59d82ffSelric${hxtool} cms-create-sd \ 282f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 283f59d82ffSelric "$srcdir/test_chain.in" \ 284f59d82ffSelric sd.data > /dev/null || exit 1 285f59d82ffSelric 286f59d82ffSelricecho "verify failure signed data" 287f59d82ffSelric${hxtool} cms-verify-sd \ 288f59d82ffSelric --missing-revoke \ 289f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 290f59d82ffSelric sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 291f59d82ffSelric 292f59d82ffSelricecho "verify success signed data" 293f59d82ffSelric${hxtool} cms-verify-sd \ 294f59d82ffSelric --missing-revoke \ 295f59d82ffSelric --certificate=FILE:$srcdir/data/sub-ca.crt \ 296f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 297f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 298f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 299f59d82ffSelric 300f59d82ffSelricecho "create signed data (subcert, certs)" 301f59d82ffSelric${hxtool} cms-create-sd \ 302f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 303f59d82ffSelric --pool=FILE:$srcdir/data/sub-ca.crt \ 304f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 305f59d82ffSelric "$srcdir/test_chain.in" \ 306f59d82ffSelric sd.data > /dev/null || exit 1 307f59d82ffSelric 308f59d82ffSelricecho "verify success signed data" 309f59d82ffSelric${hxtool} cms-verify-sd \ 310f59d82ffSelric --missing-revoke \ 311f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 312f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 313f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 314f59d82ffSelric 315f59d82ffSelricecho "create signed data (subcert, certs, no-root)" 316f59d82ffSelric${hxtool} cms-create-sd \ 317f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 318f59d82ffSelric --pool=FILE:$srcdir/data/sub-ca.crt \ 319f59d82ffSelric "$srcdir/test_chain.in" \ 320f59d82ffSelric sd.data > /dev/null || exit 1 321f59d82ffSelric 322f59d82ffSelricecho "verify success signed data" 323f59d82ffSelric${hxtool} cms-verify-sd \ 324f59d82ffSelric --missing-revoke \ 325f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 326f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 327f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 328f59d82ffSelric 329f59d82ffSelricecho "create signed data (subcert, no-subca, no-root)" 330f59d82ffSelric${hxtool} cms-create-sd \ 331f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 332f59d82ffSelric "$srcdir/test_chain.in" \ 333f59d82ffSelric sd.data > /dev/null || exit 1 334f59d82ffSelric 335f59d82ffSelricecho "verify failure signed data" 336f59d82ffSelric${hxtool} cms-verify-sd \ 337f59d82ffSelric --missing-revoke \ 338f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 339f59d82ffSelric sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 340f59d82ffSelric 341f59d82ffSelricecho "create signed data (sd cert)" 342f59d82ffSelric${hxtool} cms-create-sd \ 343f59d82ffSelric --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 344f59d82ffSelric "$srcdir/test_chain.in" \ 345f59d82ffSelric sd.data > /dev/null || exit 1 346f59d82ffSelric 347f59d82ffSelricecho "create signed data (ke cert)" 348f59d82ffSelric${hxtool} cms-create-sd \ 349f59d82ffSelric --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 350f59d82ffSelric "$srcdir/test_chain.in" \ 351f59d82ffSelric sd.data > /dev/null 2>/dev/null && exit 1 352f59d82ffSelric 353f59d82ffSelricecho "create signed data (sd + ke certs)" 354f59d82ffSelric${hxtool} cms-create-sd \ 355f59d82ffSelric --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 356f59d82ffSelric --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 357f59d82ffSelric "$srcdir/test_chain.in" \ 358f59d82ffSelric sd.data > /dev/null || exit 1 359f59d82ffSelric 360f59d82ffSelricecho "create signed data (ke + sd certs)" 361f59d82ffSelric${hxtool} cms-create-sd \ 362f59d82ffSelric --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 363f59d82ffSelric --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 364f59d82ffSelric "$srcdir/test_chain.in" \ 365f59d82ffSelric sd.data > /dev/null || exit 1 366f59d82ffSelric 367f59d82ffSelricecho "create signed data (detached)" 368f59d82ffSelric${hxtool} cms-create-sd \ 369f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 370f59d82ffSelric --detached-signature \ 371f59d82ffSelric "$srcdir/test_chain.in" \ 372f59d82ffSelric sd.data > /dev/null || exit 1 373f59d82ffSelric 374f59d82ffSelricecho "verify signed data (detached)" 375f59d82ffSelric${hxtool} cms-verify-sd \ 376f59d82ffSelric --missing-revoke \ 377f59d82ffSelric --signed-content="$srcdir/test_chain.in" \ 378f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 379f59d82ffSelric sd.data sd.data.out > /dev/null || exit 1 380f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 381f59d82ffSelric 382f59d82ffSelricecho "verify failure signed data (detached)" 383f59d82ffSelric${hxtool} cms-verify-sd \ 384f59d82ffSelric --missing-revoke \ 385f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 386f59d82ffSelric sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 387f59d82ffSelric 388f59d82ffSelricecho "create signed data (rsa)" 389f59d82ffSelric${hxtool} cms-create-sd \ 390f59d82ffSelric --peer-alg=1.2.840.113549.1.1.1 \ 391f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 392f59d82ffSelric "$srcdir/test_chain.in" \ 393f59d82ffSelric sd.data > /dev/null || exit 1 394f59d82ffSelric 395f59d82ffSelricecho "verify signed data (rsa)" 396f59d82ffSelric${hxtool} cms-verify-sd \ 397f59d82ffSelric --missing-revoke \ 398f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 399f59d82ffSelric sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 400f59d82ffSelriccmp "$srcdir/test_chain.in" sd.data.out || exit 1 401f59d82ffSelric 402f59d82ffSelricecho "create signed data (pem, detached)" 403f59d82ffSelriccp "$srcdir/test_chain.in" sd 404f59d82ffSelric${hxtool} cms-sign \ 405f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 406f59d82ffSelric --detached-signature \ 407f59d82ffSelric --pem \ 408f59d82ffSelric sd > /dev/null || exit 1 409f59d82ffSelric 410f59d82ffSelricecho "verify signed data (pem, detached)" 411f59d82ffSelric${hxtool} cms-verify-sd \ 412f59d82ffSelric --missing-revoke \ 413f59d82ffSelric --anchors=FILE:$srcdir/data/ca.crt \ 414f59d82ffSelric --pem \ 415f59d82ffSelric sd.pem > /dev/null 416f59d82ffSelric 417f59d82ffSelricecho "create signed data (no certs, detached sig)" 418f59d82ffSelriccp "$srcdir/test_chain.in" sd 419f59d82ffSelric${hxtool} cms-sign \ 420f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 421f59d82ffSelric --detached-signature \ 422f59d82ffSelric --no-embedded-certs \ 423f59d82ffSelric "$srcdir/data/static-file" \ 424f59d82ffSelric sd > /dev/null || exit 1 425f59d82ffSelric 426f59d82ffSelricecho "create signed data (leif only, detached sig)" 427f59d82ffSelriccp "$srcdir/test_chain.in" sd 428f59d82ffSelric${hxtool} cms-sign \ 429f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 430f59d82ffSelric --detached-signature \ 431f59d82ffSelric --embed-leaf-only \ 432f59d82ffSelric "$srcdir/data/static-file" \ 433f59d82ffSelric sd > /dev/null || exit 1 434f59d82ffSelric 435f59d82ffSelricecho "create signed data (no certs, detached sig, 2 signers)" 436f59d82ffSelriccp "$srcdir/test_chain.in" sd 437f59d82ffSelric${hxtool} cms-sign \ 438f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 439f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 440f59d82ffSelric --detached-signature \ 441f59d82ffSelric --no-embedded-certs \ 442f59d82ffSelric "$srcdir/data/static-file" \ 443f59d82ffSelric sd > /dev/null || exit 1 444f59d82ffSelric 445f59d82ffSelricecho "create signed data (no certs, detached sig, 3 signers)" 446f59d82ffSelriccp "$srcdir/test_chain.in" sd 447f59d82ffSelric${hxtool} cms-sign \ 448f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 449f59d82ffSelric --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 450f59d82ffSelric --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 451f59d82ffSelric --detached-signature \ 452f59d82ffSelric --no-embedded-certs \ 453f59d82ffSelric "$srcdir/data/static-file" \ 454f59d82ffSelric sd > /dev/null || exit 1 455f59d82ffSelric 456f59d82ffSelricecho "envelope data (content-type)" 457f59d82ffSelric${hxtool} cms-envelope \ 458f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt \ 459f59d82ffSelric --content-type=1.1.1.1 \ 460f59d82ffSelric "$srcdir/data/static-file" \ 461f59d82ffSelric ev.data > /dev/null || exit 1 462f59d82ffSelric 463f59d82ffSelricecho "unenvelope data (content-type)" 464f59d82ffSelric${hxtool} cms-unenvelope \ 465f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 466f59d82ffSelric ev.data ev.data.out \ 467f59d82ffSelric FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 468f59d82ffSelriccmp "$srcdir/data/static-file" ev.data.out || exit 1 469f59d82ffSelric 470f59d82ffSelricecho "envelope data (content-info)" 471f59d82ffSelric${hxtool} cms-envelope \ 472f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt \ 473f59d82ffSelric --content-info \ 474f59d82ffSelric "$srcdir/data/static-file" \ 475f59d82ffSelric ev.data > /dev/null || exit 1 476f59d82ffSelric 477f59d82ffSelricecho "unenvelope data (content-info)" 478f59d82ffSelric${hxtool} cms-unenvelope \ 479f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 480f59d82ffSelric --content-info \ 481f59d82ffSelric ev.data ev.data.out \ 482f59d82ffSelric FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 483f59d82ffSelriccmp "$srcdir/data/static-file" ev.data.out || exit 1 484f59d82ffSelric 485f59d82ffSelricfor a in des-ede3 aes-128 aes-256; do 486f59d82ffSelric 487f59d82ffSelric rm -f ev.data ev.data.out 488f59d82ffSelric echo "envelope data ($a)" 489f59d82ffSelric ${hxtool} cms-envelope \ 490f59d82ffSelric --encryption-type="$a-cbc" \ 491f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt \ 492f59d82ffSelric "$srcdir/data/static-file" \ 493f59d82ffSelric ev.data || exit 1 494f59d82ffSelric 495f59d82ffSelric echo "unenvelope data ($a)" 496f59d82ffSelric ${hxtool} cms-unenvelope \ 497f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 498f59d82ffSelric ev.data ev.data.out > /dev/null || exit 1 499f59d82ffSelric cmp "$srcdir/data/static-file" ev.data.out || exit 1 500f59d82ffSelricdone 501f59d82ffSelric 502f59d82ffSelricfor a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 503f59d82ffSelric echo "static unenvelope data ($a)" 504f59d82ffSelric 505f59d82ffSelric rm -f ev.data.out 506f59d82ffSelric ${hxtool} cms-unenvelope \ 507f59d82ffSelric --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 508f59d82ffSelric --content-info \ 509f59d82ffSelric --allow-weak \ 510f59d82ffSelric "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 511f59d82ffSelric cmp "$srcdir/data/static-file" ev.data.out || exit 1 512f59d82ffSelricdone 513f59d82ffSelric 514f59d82ffSelricexit 0 515