1 1.1 christos #! /usr/bin/env perl 2 1.1 christos # Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1 christos # Licensed under the OpenSSL license (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos 10 1.1 christos use strict; 11 1.1 christos use warnings; 12 1.1 christos 13 1.1 christos use POSIX; 14 1.1 christos use File::Spec::Functions qw/catfile/; 15 1.1 christos use File::Compare qw/compare_text/; 16 1.1 christos use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/; 17 1.1 christos use OpenSSL::Test::Utils; 18 1.1 christos 19 1.1 christos setup("test_cms"); 20 1.1 christos 21 1.1 christos plan skip_all => "CMS is not supported by this OpenSSL build" 22 1.1 christos if disabled("cms"); 23 1.1 christos 24 1.1 christos my $datadir = srctop_dir("test", "recipes", "80-test_cms_data"); 25 1.1 christos my $smdir = srctop_dir("test", "smime-certs"); 26 1.1 christos my $smcont = srctop_file("test", "smcont.txt"); 27 1.1 christos my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) 28 1.1 christos = disabled qw/des dh dsa ec ec2m rc2 zlib/; 29 1.1 christos 30 1.1 christos plan tests => 7; 31 1.1 christos 32 1.1 christos my @smime_pkcs7_tests = ( 33 1.1 christos 34 1.1 christos [ "signed content DER format, RSA key", 35 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 36 1.1 christos "-certfile", catfile($smdir, "smroot.pem"), 37 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 38 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 39 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 40 1.1 christos ], 41 1.1 christos 42 1.1 christos [ "signed detached content DER format, RSA key", 43 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", 44 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 45 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 46 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 47 1.1 christos "-content", $smcont ] 48 1.1 christos ], 49 1.1 christos 50 1.1 christos [ "signed content test streaming BER format, RSA", 51 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 52 1.1 christos "-stream", 53 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 54 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 55 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 56 1.1 christos ], 57 1.1 christos 58 1.1 christos [ "signed content DER format, DSA key", 59 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 60 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 61 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 62 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 63 1.1 christos ], 64 1.1 christos 65 1.1 christos [ "signed detached content DER format, DSA key", 66 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", 67 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 68 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 69 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 70 1.1 christos "-content", $smcont ] 71 1.1 christos ], 72 1.1 christos 73 1.1 christos [ "signed detached content DER format, add RSA signer (with DSA existing)", 74 1.1 christos [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER", 75 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ], 76 1.1 christos [ "-verify", "-in", "test2.cms", "-inform", "DER", 77 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", 78 1.1 christos "-content", $smcont ] 79 1.1 christos ], 80 1.1 christos 81 1.1 christos [ "signed content test streaming BER format, DSA key", 82 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 83 1.1 christos "-stream", 84 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], 85 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 86 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 87 1.1 christos ], 88 1.1 christos 89 1.1 christos [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", 90 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", 91 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 92 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 93 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 94 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 95 1.1 christos "-stream", "-out", "test.cms" ], 96 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 97 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 98 1.1 christos ], 99 1.1 christos 100 1.1 christos [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", 101 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", 102 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 103 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 104 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 105 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 106 1.1 christos "-stream", "-out", "test.cms" ], 107 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 108 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 109 1.1 christos ], 110 1.1 christos 111 1.1 christos [ "signed content S/MIME format, RSA key SHA1", 112 1.1 christos [ "-sign", "-in", $smcont, "-md", "sha1", 113 1.1 christos "-certfile", catfile($smdir, "smroot.pem"), 114 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], 115 1.1 christos [ "-verify", "-in", "test.cms", 116 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 117 1.1 christos ], 118 1.1 christos 119 1.1 christos [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", 120 1.1 christos [ "-sign", "-in", $smcont, "-nodetach", 121 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 122 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 123 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 124 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 125 1.1 christos "-stream", "-out", "test.cms" ], 126 1.1 christos [ "-verify", "-in", "test.cms", 127 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 128 1.1 christos ], 129 1.1 christos 130 1.1 christos [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", 131 1.1 christos [ "-sign", "-in", $smcont, 132 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 133 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 134 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 135 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 136 1.1 christos "-stream", "-out", "test.cms" ], 137 1.1 christos [ "-verify", "-in", "test.cms", 138 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 139 1.1 christos ], 140 1.1 christos 141 1.1 christos [ "enveloped content test streaming S/MIME format, DES, 3 recipients", 142 1.1 christos [ "-encrypt", "-in", $smcont, 143 1.1 christos "-stream", "-out", "test.cms", 144 1.1 christos catfile($smdir, "smrsa1.pem"), 145 1.1 christos catfile($smdir, "smrsa2.pem"), 146 1.1 christos catfile($smdir, "smrsa3.pem") ], 147 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 148 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 149 1.1 christos ], 150 1.1 christos 151 1.1 christos [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", 152 1.1 christos [ "-encrypt", "-in", $smcont, 153 1.1 christos "-stream", "-out", "test.cms", 154 1.1 christos catfile($smdir, "smrsa1.pem"), 155 1.1 christos catfile($smdir, "smrsa2.pem"), 156 1.1 christos catfile($smdir, "smrsa3.pem") ], 157 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), 158 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 159 1.1 christos ], 160 1.1 christos 161 1.1 christos [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", 162 1.1 christos [ "-encrypt", "-in", $smcont, 163 1.1 christos "-stream", "-out", "test.cms", 164 1.1 christos catfile($smdir, "smrsa1.pem"), 165 1.1 christos catfile($smdir, "smrsa2.pem"), 166 1.1 christos catfile($smdir, "smrsa3.pem") ], 167 1.1 christos [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), 168 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 169 1.1 christos ], 170 1.1 christos 171 1.1 christos [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", 172 1.1 christos [ "-encrypt", "-in", $smcont, 173 1.1 christos "-aes256", "-stream", "-out", "test.cms", 174 1.1 christos catfile($smdir, "smrsa1.pem"), 175 1.1 christos catfile($smdir, "smrsa2.pem"), 176 1.1 christos catfile($smdir, "smrsa3.pem") ], 177 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 178 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 179 1.1 christos ], 180 1.1 christos 181 1.1 christos ); 182 1.1 christos 183 1.1 christos my @smime_cms_tests = ( 184 1.1 christos 185 1.1 christos [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", 186 1.1 christos [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", 187 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 188 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 189 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 190 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 191 1.1 christos "-stream", "-out", "test.cms" ], 192 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "DER", 193 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 194 1.1 christos ], 195 1.1 christos 196 1.1 christos [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", 197 1.1 christos [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 198 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), 199 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 200 1.1 christos "-signer", catfile($smdir, "smdsa1.pem"), 201 1.1 christos "-signer", catfile($smdir, "smdsa2.pem"), 202 1.1 christos "-stream", "-out", "test.cms" ], 203 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "PEM", 204 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 205 1.1 christos ], 206 1.1 christos 207 1.1 christos [ "signed content MIME format, RSA key, signed receipt request", 208 1.1 christos [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach", 209 1.1 christos "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", 210 1.1 christos "-out", "test.cms" ], 211 1.1 christos [ "-verify", "-in", "test.cms", 212 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 213 1.1 christos ], 214 1.1 christos 215 1.1 christos [ "signed receipt MIME format, RSA key", 216 1.1 christos [ "-sign_receipt", "-in", "test.cms", 217 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), 218 1.1 christos "-out", "test2.cms" ], 219 1.1 christos [ "-verify_receipt", "test2.cms", "-in", "test.cms", 220 1.1 christos "-CAfile", catfile($smdir, "smroot.pem") ] 221 1.1 christos ], 222 1.1 christos 223 1.1 christos [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", 224 1.1 christos [ "-encrypt", "-in", $smcont, 225 1.1 christos "-stream", "-out", "test.cms", "-keyid", 226 1.1 christos catfile($smdir, "smrsa1.pem"), 227 1.1 christos catfile($smdir, "smrsa2.pem"), 228 1.1 christos catfile($smdir, "smrsa3.pem") ], 229 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 230 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 231 1.1 christos ], 232 1.1 christos 233 1.1 christos [ "enveloped content test streaming PEM format, KEK", 234 1.1 christos [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", 235 1.1 christos "-stream", "-out", "test.cms", 236 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F", 237 1.1 christos "-secretkeyid", "C0FEE0" ], 238 1.1 christos [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", 239 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F", 240 1.1 christos "-secretkeyid", "C0FEE0" ] 241 1.1 christos ], 242 1.1 christos 243 1.1 christos [ "enveloped content test streaming PEM format, KEK, key only", 244 1.1 christos [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", 245 1.1 christos "-stream", "-out", "test.cms", 246 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F", 247 1.1 christos "-secretkeyid", "C0FEE0" ], 248 1.1 christos [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", 249 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F" ] 250 1.1 christos ], 251 1.1 christos 252 1.1 christos [ "data content test streaming PEM format", 253 1.1 christos [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", 254 1.1 christos "-stream", "-out", "test.cms" ], 255 1.1 christos [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] 256 1.1 christos ], 257 1.1 christos 258 1.1 christos [ "encrypted content test streaming PEM format, 128 bit RC2 key", 259 1.1 christos [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 260 1.1 christos "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", 261 1.1 christos "-stream", "-out", "test.cms" ], 262 1.1 christos [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 263 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] 264 1.1 christos ], 265 1.1 christos 266 1.1 christos [ "encrypted content test streaming PEM format, 40 bit RC2 key", 267 1.1 christos [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 268 1.1 christos "-rc2", "-secretkey", "0001020304", 269 1.1 christos "-stream", "-out", "test.cms" ], 270 1.1 christos [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 271 1.1 christos "-secretkey", "0001020304", "-out", "smtst.txt" ] 272 1.1 christos ], 273 1.1 christos 274 1.1 christos [ "encrypted content test streaming PEM format, triple DES key", 275 1.1 christos [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 276 1.1 christos "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", 277 1.1 christos "-stream", "-out", "test.cms" ], 278 1.1 christos [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 279 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", 280 1.1 christos "-out", "smtst.txt" ] 281 1.1 christos ], 282 1.1 christos 283 1.1 christos [ "encrypted content test streaming PEM format, 128 bit AES key", 284 1.1 christos [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", 285 1.1 christos "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", 286 1.1 christos "-stream", "-out", "test.cms" ], 287 1.1 christos [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", 288 1.1 christos "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] 289 1.1 christos ], 290 1.1 christos 291 1.1 christos ); 292 1.1 christos 293 1.1 christos my @smime_cms_comp_tests = ( 294 1.1 christos 295 1.1 christos [ "compressed content test streaming PEM format", 296 1.1 christos [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", 297 1.1 christos "-stream", "-out", "test.cms" ], 298 1.1 christos [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] 299 1.1 christos ] 300 1.1 christos 301 1.1 christos ); 302 1.1 christos 303 1.1 christos my @smime_cms_param_tests = ( 304 1.1 christos [ "signed content test streaming PEM format, RSA keys, PSS signature", 305 1.1 christos [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 306 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 307 1.1 christos "-out", "test.cms" ], 308 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "PEM", 309 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 310 1.1 christos ], 311 1.1 christos 312 1.1 christos [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", 313 1.1 christos [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 314 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 315 1.1 christos "-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ], 316 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "PEM", 317 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 318 1.1 christos ], 319 1.1 christos 320 1.1 christos [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", 321 1.1 christos [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", 322 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 323 1.1 christos "-out", "test.cms" ], 324 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "PEM", 325 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 326 1.1 christos ], 327 1.1 christos 328 1.1 christos [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", 329 1.1 christos [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", 330 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", 331 1.1 christos "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ], 332 1.1 christos [ "-verify", "-in", "test.cms", "-inform", "PEM", 333 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 334 1.1 christos ], 335 1.1 christos 336 1.1 christos [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", 337 1.1 christos [ "-encrypt", "-in", $smcont, 338 1.1 christos "-stream", "-out", "test.cms", 339 1.1 christos "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], 340 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 341 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 342 1.1 christos ], 343 1.1 christos 344 1.1 christos [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", 345 1.1 christos [ "-encrypt", "-in", $smcont, 346 1.1 christos "-stream", "-out", "test.cms", 347 1.1 christos "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", 348 1.1 christos "-keyopt", "rsa_oaep_md:sha256" ], 349 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), 350 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 351 1.1 christos ], 352 1.1 christos 353 1.1 christos [ "enveloped content test streaming S/MIME format, DES, ECDH", 354 1.1 christos [ "-encrypt", "-in", $smcont, 355 1.1 christos "-stream", "-out", "test.cms", 356 1.1 christos "-recip", catfile($smdir, "smec1.pem") ], 357 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 358 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 359 1.1 christos ], 360 1.1 christos 361 1.1 christos [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", 362 1.1 christos [ "-encrypt", "-in", $smcont, 363 1.1 christos "-stream", "-out", "test.cms", 364 1.1 christos catfile($smdir, "smec1.pem"), 365 1.1 christos catfile($smdir, "smec3.pem") ], 366 1.1 christos [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), 367 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 368 1.1 christos ], 369 1.1 christos 370 1.1 christos [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", 371 1.1 christos [ "-encrypt", "-keyid", "-in", $smcont, 372 1.1 christos "-stream", "-out", "test.cms", 373 1.1 christos "-recip", catfile($smdir, "smec1.pem") ], 374 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 375 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 376 1.1 christos ], 377 1.1 christos 378 1.1 christos [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", 379 1.1 christos [ "-encrypt", "-in", $smcont, 380 1.1 christos "-stream", "-out", "test.cms", 381 1.1 christos "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], 382 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), 383 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 384 1.1 christos ], 385 1.1 christos 386 1.1 christos [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", 387 1.1 christos [ "-encrypt", "-in", $smcont, 388 1.1 christos "-stream", "-out", "test.cms", 389 1.1 christos "-recip", catfile($smdir, "smec2.pem"), "-aes128", 390 1.1 christos "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], 391 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"), 392 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 393 1.1 christos ], 394 1.1 christos 395 1.1 christos [ "enveloped content test streaming S/MIME format, X9.42 DH", 396 1.1 christos [ "-encrypt", "-in", $smcont, 397 1.1 christos "-stream", "-out", "test.cms", 398 1.1 christos "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], 399 1.1 christos [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"), 400 1.1 christos "-in", "test.cms", "-out", "smtst.txt" ] 401 1.1 christos ] 402 1.1 christos ); 403 1.1 christos 404 1.1 christos my @contenttype_cms_test = ( 405 1.1 christos [ "signed content test - check that content type is added to additional signerinfo, RSA keys", 406 1.1 christos [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER", 407 1.1 christos "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256", 408 1.1 christos "-out", "test.cms" ], 409 1.1 christos [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER", 410 1.1 christos "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256", 411 1.1 christos "-out", "test2.cms" ], 412 1.1 christos [ "-verify", "-in", "test2.cms", "-inform", "DER", 413 1.1 christos "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] 414 1.1 christos ], 415 1.1 christos ); 416 1.1 christos 417 1.1 christos my @incorrect_attribute_cms_test = ( 418 1.1 christos "bad_signtime_attr.cms", 419 1.1 christos "no_ct_attr.cms", 420 1.1 christos "no_md_attr.cms", 421 1.1 christos "ct_multiple_attr.cms" 422 1.1 christos ); 423 1.1 christos 424 1.1 christos subtest "CMS => PKCS#7 compatibility tests\n" => sub { 425 1.1 christos plan tests => scalar @smime_pkcs7_tests; 426 1.1 christos 427 1.1 christos foreach (@smime_pkcs7_tests) { 428 1.1 christos SKIP: { 429 1.1 christos my $skip_reason = check_availability($$_[0]); 430 1.1 christos skip $skip_reason, 1 if $skip_reason; 431 1.1 christos 432 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 433 1.1 christos && run(app(["openssl", "smime", @{$$_[2]}])) 434 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 435 1.1 christos $$_[0]); 436 1.1 christos } 437 1.1 christos } 438 1.1 christos }; 439 1.1 christos subtest "CMS <= PKCS#7 compatibility tests\n" => sub { 440 1.1 christos plan tests => scalar @smime_pkcs7_tests; 441 1.1 christos 442 1.1 christos foreach (@smime_pkcs7_tests) { 443 1.1 christos SKIP: { 444 1.1 christos my $skip_reason = check_availability($$_[0]); 445 1.1 christos skip $skip_reason, 1 if $skip_reason; 446 1.1 christos 447 1.1 christos ok(run(app(["openssl", "smime", @{$$_[1]}])) 448 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 449 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 450 1.1 christos $$_[0]); 451 1.1 christos } 452 1.1 christos } 453 1.1 christos }; 454 1.1 christos 455 1.1 christos subtest "CMS <=> CMS consistency tests\n" => sub { 456 1.1 christos plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests); 457 1.1 christos 458 1.1 christos foreach (@smime_pkcs7_tests) { 459 1.1 christos SKIP: { 460 1.1 christos my $skip_reason = check_availability($$_[0]); 461 1.1 christos skip $skip_reason, 1 if $skip_reason; 462 1.1 christos 463 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 464 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 465 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 466 1.1 christos $$_[0]); 467 1.1 christos } 468 1.1 christos } 469 1.1 christos foreach (@smime_cms_tests) { 470 1.1 christos SKIP: { 471 1.1 christos my $skip_reason = check_availability($$_[0]); 472 1.1 christos skip $skip_reason, 1 if $skip_reason; 473 1.1 christos 474 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 475 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 476 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 477 1.1 christos $$_[0]); 478 1.1 christos } 479 1.1 christos } 480 1.1 christos }; 481 1.1 christos 482 1.1 christos subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { 483 1.1 christos plan tests => 484 1.1 christos (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); 485 1.1 christos 486 1.1 christos foreach (@smime_cms_param_tests) { 487 1.1 christos SKIP: { 488 1.1 christos my $skip_reason = check_availability($$_[0]); 489 1.1 christos skip $skip_reason, 1 if $skip_reason; 490 1.1 christos 491 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 492 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 493 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 494 1.1 christos $$_[0]); 495 1.1 christos } 496 1.1 christos } 497 1.1 christos 498 1.1 christos SKIP: { 499 1.1 christos skip("Zlib not supported: compression tests skipped", 500 1.1 christos scalar @smime_cms_comp_tests) 501 1.1 christos if $no_zlib; 502 1.1 christos 503 1.1 christos foreach (@smime_cms_comp_tests) { 504 1.1 christos SKIP: { 505 1.1 christos my $skip_reason = check_availability($$_[0]); 506 1.1 christos skip $skip_reason, 1 if $skip_reason; 507 1.1 christos 508 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 509 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 510 1.1 christos && compare_text($smcont, "smtst.txt") == 0, 511 1.1 christos $$_[0]); 512 1.1 christos } 513 1.1 christos } 514 1.1 christos } 515 1.1 christos }; 516 1.1 christos 517 1.1 christos # Returns the number of matches of a Content Type Attribute in a binary file. 518 1.1 christos sub contentType_matches { 519 1.1 christos # Read in a binary file 520 1.1 christos my ($in) = @_; 521 1.1 christos open (HEX_IN, "$in") or die("open failed for $in : $!"); 522 1.1 christos binmode(HEX_IN); 523 1.1 christos local $/; 524 1.1 christos my $str = <HEX_IN>; 525 1.1 christos 526 1.1 christos # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data) 527 1.1 christos my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs; 528 1.1 christos 529 1.1 christos close(HEX_IN); 530 1.1 christos return scalar(@c); 531 1.1 christos } 532 1.1 christos 533 1.1 christos subtest "CMS Check the content type attribute is added for additional signers\n" => sub { 534 1.1 christos plan tests => 535 1.1 christos (scalar @contenttype_cms_test); 536 1.1 christos 537 1.1 christos foreach (@contenttype_cms_test) { 538 1.1 christos SKIP: { 539 1.1 christos my $skip_reason = check_availability($$_[0]); 540 1.1 christos skip $skip_reason, 1 if $skip_reason; 541 1.1 christos 542 1.1 christos ok(run(app(["openssl", "cms", @{$$_[1]}])) 543 1.1 christos && run(app(["openssl", "cms", @{$$_[2]}])) 544 1.1 christos && contentType_matches("test2.cms") == 2 545 1.1 christos && run(app(["openssl", "cms", @{$$_[3]}])), 546 1.1 christos $$_[0]); 547 1.1 christos } 548 1.1 christos } 549 1.1 christos }; 550 1.1 christos 551 1.1 christos subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { 552 1.1 christos plan tests => 553 1.1 christos (scalar @incorrect_attribute_cms_test); 554 1.1 christos 555 1.1 christos foreach my $name (@incorrect_attribute_cms_test) { 556 1.1 christos ok(!run(app(["openssl", "cms", "-verify", "-in", 557 1.1 christos catfile($datadir, $name), "-inform", "DER", "-CAfile", 558 1.1 christos catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])), 559 1.1 christos $name); 560 1.1 christos } 561 1.1 christos }; 562 1.1 christos 563 1.1 christos unlink "test.cms"; 564 1.1 christos unlink "test2.cms"; 565 1.1 christos unlink "smtst.txt"; 566 1.1 christos 567 1.1 christos sub check_availability { 568 1.1 christos my $tnam = shift; 569 1.1 christos 570 1.1 christos return "$tnam: skipped, EC disabled\n" 571 1.1 christos if ($no_ec && $tnam =~ /ECDH/); 572 1.1 christos return "$tnam: skipped, ECDH disabled\n" 573 1.1 christos if ($no_ec && $tnam =~ /ECDH/); 574 1.1 christos return "$tnam: skipped, EC2M disabled\n" 575 1.1 christos if ($no_ec2m && $tnam =~ /K-283/); 576 1.1 christos return "$tnam: skipped, DH disabled\n" 577 1.1 christos if ($no_dh && $tnam =~ /X9\.42/); 578 1.1 christos return "$tnam: skipped, RC2 disabled\n" 579 1.1 christos if ($no_rc2 && $tnam =~ /RC2/); 580 1.1 christos return "$tnam: skipped, DES disabled\n" 581 1.1 christos if ($no_des && $tnam =~ /DES/); 582 1.1 christos return "$tnam: skipped, DSA disabled\n" 583 1.1 christos if ($no_dsa && $tnam =~ / DSA/); 584 1.1 christos 585 1.1 christos return ""; 586 1.1 christos } 587 1.1 christos 588 1.1 christos # Check that we get the expected failure return code 589 1.1 christos with({ exit_checker => sub { return shift == 6; } }, 590 1.1 christos sub { 591 1.1 christos ok(run(app(['openssl', 'cms', '-encrypt', 592 1.1 christos '-in', srctop_file("test", "smcont.txt"), 593 1.1 christos '-stream', '-recip', 594 1.1 christos srctop_file("test/smime-certs", "badrsa.pem"), 595 1.1 christos ])), 596 1.1 christos "Check failure during BIO setup with -stream is handled correctly"); 597 1.1 christos }); 598
Indexes created Sun Mar 01 05:31:48 UTC 2026