7 use File::Spec::Functions qw/catfile/;
8 use File::Compare qw/compare_text/;
9 use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
10 use OpenSSL::Test::Utils;
14 my $smdir = srctop_dir("test", "smime-certs");
15 my $smcont = srctop_file("test", "smcont.txt");
16 my ($no_des, $no_dh, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
17 = disabled qw/des dh ec ec2m rc2 zlib/;
21 my @smime_pkcs7_tests = (
23 [ "signed content DER format, RSA key",
24 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
25 "-certfile", catfile($smdir, "smroot.pem"),
26 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
27 [ "-verify", "-in", "test.cms", "-inform", "DER",
28 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
31 [ "signed detached content DER format, RSA key",
32 [ "-sign", "-in", $smcont, "-outform", "DER",
33 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
34 [ "-verify", "-in", "test.cms", "-inform", "DER",
35 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
39 [ "signed content test streaming BER format, RSA",
40 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
42 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ],
43 [ "-verify", "-in", "test.cms", "-inform", "DER",
44 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
47 [ "signed content DER format, DSA key",
48 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
49 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
50 [ "-verify", "-in", "test.cms", "-inform", "DER",
51 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
54 [ "signed detached content DER format, DSA key",
55 [ "-sign", "-in", $smcont, "-outform", "DER",
56 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
57 [ "-verify", "-in", "test.cms", "-inform", "DER",
58 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
62 [ "signed detached content DER format, add RSA signer",
63 [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER",
64 "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ],
65 [ "-verify", "-in", "test2.cms", "-inform", "DER",
66 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt",
70 [ "signed content test streaming BER format, DSA key",
71 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
73 "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ],
74 [ "-verify", "-in", "test.cms", "-inform", "DER",
75 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
78 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
79 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
80 "-signer", catfile($smdir, "smrsa1.pem"),
81 "-signer", catfile($smdir, "smrsa2.pem"),
82 "-signer", catfile($smdir, "smdsa1.pem"),
83 "-signer", catfile($smdir, "smdsa2.pem"),
84 "-stream", "-out", "test.cms" ],
85 [ "-verify", "-in", "test.cms", "-inform", "DER",
86 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
89 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
90 [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach",
91 "-signer", catfile($smdir, "smrsa1.pem"),
92 "-signer", catfile($smdir, "smrsa2.pem"),
93 "-signer", catfile($smdir, "smdsa1.pem"),
94 "-signer", catfile($smdir, "smdsa2.pem"),
95 "-stream", "-out", "test.cms" ],
96 [ "-verify", "-in", "test.cms", "-inform", "DER",
97 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
100 [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
101 [ "-sign", "-in", $smcont, "-nodetach",
102 "-signer", catfile($smdir, "smrsa1.pem"),
103 "-signer", catfile($smdir, "smrsa2.pem"),
104 "-signer", catfile($smdir, "smdsa1.pem"),
105 "-signer", catfile($smdir, "smdsa2.pem"),
106 "-stream", "-out", "test.cms" ],
107 [ "-verify", "-in", "test.cms",
108 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
111 [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
112 [ "-sign", "-in", $smcont,
113 "-signer", catfile($smdir, "smrsa1.pem"),
114 "-signer", catfile($smdir, "smrsa2.pem"),
115 "-signer", catfile($smdir, "smdsa1.pem"),
116 "-signer", catfile($smdir, "smdsa2.pem"),
117 "-stream", "-out", "test.cms" ],
118 [ "-verify", "-in", "test.cms",
119 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
122 [ "enveloped content test streaming S/MIME format, DES, 3 recipients",
123 [ "-encrypt", "-in", $smcont,
124 "-stream", "-out", "test.cms",
125 catfile($smdir, "smrsa1.pem"),
126 catfile($smdir, "smrsa2.pem"),
127 catfile($smdir, "smrsa3.pem") ],
128 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
129 "-in", "test.cms", "-out", "smtst.txt" ]
132 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
133 [ "-encrypt", "-in", $smcont,
134 "-stream", "-out", "test.cms",
135 catfile($smdir, "smrsa1.pem"),
136 catfile($smdir, "smrsa2.pem"),
137 catfile($smdir, "smrsa3.pem") ],
138 [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"),
139 "-in", "test.cms", "-out", "smtst.txt" ]
142 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used",
143 [ "-encrypt", "-in", $smcont,
144 "-stream", "-out", "test.cms",
145 catfile($smdir, "smrsa1.pem"),
146 catfile($smdir, "smrsa2.pem"),
147 catfile($smdir, "smrsa3.pem") ],
148 [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"),
149 "-in", "test.cms", "-out", "smtst.txt" ]
152 [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
153 [ "-encrypt", "-in", $smcont,
154 "-aes256", "-stream", "-out", "test.cms",
155 catfile($smdir, "smrsa1.pem"),
156 catfile($smdir, "smrsa2.pem"),
157 catfile($smdir, "smrsa3.pem") ],
158 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
159 "-in", "test.cms", "-out", "smtst.txt" ]
164 my @smime_cms_tests = (
166 [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
167 [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid",
168 "-signer", catfile($smdir, "smrsa1.pem"),
169 "-signer", catfile($smdir, "smrsa2.pem"),
170 "-signer", catfile($smdir, "smdsa1.pem"),
171 "-signer", catfile($smdir, "smdsa2.pem"),
172 "-stream", "-out", "test.cms" ],
173 [ "-verify", "-in", "test.cms", "-inform", "DER",
174 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
177 [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
178 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
179 "-signer", catfile($smdir, "smrsa1.pem"),
180 "-signer", catfile($smdir, "smrsa2.pem"),
181 "-signer", catfile($smdir, "smdsa1.pem"),
182 "-signer", catfile($smdir, "smdsa2.pem"),
183 "-stream", "-out", "test.cms" ],
184 [ "-verify", "-in", "test.cms", "-inform", "PEM",
185 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
188 [ "signed content MIME format, RSA key, signed receipt request",
189 [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach",
190 "-receipt_request_to", "test\@openssl.org", "-receipt_request_all",
191 "-out", "test.cms" ],
192 [ "-verify", "-in", "test.cms",
193 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
196 [ "signed receipt MIME format, RSA key",
197 [ "-sign_receipt", "-in", "test.cms",
198 "-signer", catfile($smdir, "smrsa2.pem"),
199 "-out", "test2.cms" ],
200 [ "-verify_receipt", "test2.cms", "-in", "test.cms",
201 "-CAfile", catfile($smdir, "smroot.pem") ]
204 [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid",
205 [ "-encrypt", "-in", $smcont,
206 "-stream", "-out", "test.cms", "-keyid",
207 catfile($smdir, "smrsa1.pem"),
208 catfile($smdir, "smrsa2.pem"),
209 catfile($smdir, "smrsa3.pem") ],
210 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
211 "-in", "test.cms", "-out", "smtst.txt" ]
214 [ "enveloped content test streaming PEM format, KEK",
215 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
216 "-stream", "-out", "test.cms",
217 "-secretkey", "000102030405060708090A0B0C0D0E0F",
218 "-secretkeyid", "C0FEE0" ],
219 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
220 "-secretkey", "000102030405060708090A0B0C0D0E0F",
221 "-secretkeyid", "C0FEE0" ]
224 [ "enveloped content test streaming PEM format, KEK, key only",
225 [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128",
226 "-stream", "-out", "test.cms",
227 "-secretkey", "000102030405060708090A0B0C0D0E0F",
228 "-secretkeyid", "C0FEE0" ],
229 [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM",
230 "-secretkey", "000102030405060708090A0B0C0D0E0F" ]
233 [ "data content test streaming PEM format",
234 [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach",
235 "-stream", "-out", "test.cms" ],
236 [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
239 [ "encrypted content test streaming PEM format, 128 bit RC2 key",
240 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
241 "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
242 "-stream", "-out", "test.cms" ],
243 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
244 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
247 [ "encrypted content test streaming PEM format, 40 bit RC2 key",
248 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
249 "-rc2", "-secretkey", "0001020304",
250 "-stream", "-out", "test.cms" ],
251 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
252 "-secretkey", "0001020304", "-out", "smtst.txt" ]
255 [ "encrypted content test streaming PEM format, triple DES key",
256 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
257 "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
258 "-stream", "-out", "test.cms" ],
259 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
260 "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
261 "-out", "smtst.txt" ]
264 [ "encrypted content test streaming PEM format, 128 bit AES key",
265 [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
266 "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F",
267 "-stream", "-out", "test.cms" ],
268 [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM",
269 "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ]
274 my @smime_cms_comp_tests = (
276 [ "compressed content test streaming PEM format",
277 [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach",
278 "-stream", "-out", "test.cms" ],
279 [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ]
284 my @smime_cms_param_tests = (
285 [ "signed content test streaming PEM format, RSA keys, PSS signature",
286 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
287 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
288 "-out", "test.cms" ],
289 [ "-verify", "-in", "test.cms", "-inform", "PEM",
290 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
293 [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes",
294 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr",
295 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
296 "-out", "test.cms" ],
297 [ "-verify", "-in", "test.cms", "-inform", "PEM",
298 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
301 [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1",
302 [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
303 "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss",
304 "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ],
305 [ "-verify", "-in", "test.cms", "-inform", "PEM",
306 "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
309 [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters",
310 [ "-encrypt", "-in", $smcont,
311 "-stream", "-out", "test.cms",
312 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ],
313 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
314 "-in", "test.cms", "-out", "smtst.txt" ]
317 [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256",
318 [ "-encrypt", "-in", $smcont,
319 "-stream", "-out", "test.cms",
320 "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep",
321 "-keyopt", "rsa_oaep_md:sha256" ],
322 [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"),
323 "-in", "test.cms", "-out", "smtst.txt" ]
326 [ "enveloped content test streaming S/MIME format, DES, ECDH",
327 [ "-encrypt", "-in", $smcont,
328 "-stream", "-out", "test.cms",
329 "-recip", catfile($smdir, "smec1.pem") ],
330 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
331 "-in", "test.cms", "-out", "smtst.txt" ]
334 [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier",
335 [ "-encrypt", "-keyid", "-in", $smcont,
336 "-stream", "-out", "test.cms",
337 "-recip", catfile($smdir, "smec1.pem") ],
338 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
339 "-in", "test.cms", "-out", "smtst.txt" ]
342 [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF",
343 [ "-encrypt", "-in", $smcont,
344 "-stream", "-out", "test.cms",
345 "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ],
346 [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"),
347 "-in", "test.cms", "-out", "smtst.txt" ]
350 [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH",
351 [ "-encrypt", "-in", $smcont,
352 "-stream", "-out", "test.cms",
353 "-recip", catfile($smdir, "smec2.pem"), "-aes128",
354 "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ],
355 [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"),
356 "-in", "test.cms", "-out", "smtst.txt" ]
359 [ "enveloped content test streaming S/MIME format, X9.42 DH",
360 [ "-encrypt", "-in", $smcont,
361 "-stream", "-out", "test.cms",
362 "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
363 [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
364 "-in", "test.cms", "-out", "smtst.txt" ]
368 subtest "CMS => PKCS#7 compatibility tests\n" => sub {
369 plan tests => scalar @smime_pkcs7_tests;
371 foreach (@smime_pkcs7_tests) {
373 my $skip_reason = check_availability($$_[0]);
374 skip $skip_reason, 1 if $skip_reason;
376 ok(run(app(["openssl", "cms", @{$$_[1]}]))
377 && run(app(["openssl", "smime", @{$$_[2]}]))
378 && compare_text($smcont, "smtst.txt") == 0,
383 subtest "CMS <= PKCS#7 compatibility tests\n" => sub {
384 plan tests => scalar @smime_pkcs7_tests;
386 foreach (@smime_pkcs7_tests) {
388 my $skip_reason = check_availability($$_[0]);
389 skip $skip_reason, 1 if $skip_reason;
391 ok(run(app(["openssl", "smime", @{$$_[1]}]))
392 && run(app(["openssl", "cms", @{$$_[2]}]))
393 && compare_text($smcont, "smtst.txt") == 0,
399 subtest "CMS <=> CMS consistency tests\n" => sub {
400 plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests);
402 foreach (@smime_pkcs7_tests) {
404 my $skip_reason = check_availability($$_[0]);
405 skip $skip_reason, 1 if $skip_reason;
407 ok(run(app(["openssl", "cms", @{$$_[1]}]))
408 && run(app(["openssl", "cms", @{$$_[2]}]))
409 && compare_text($smcont, "smtst.txt") == 0,
413 foreach (@smime_cms_tests) {
415 my $skip_reason = check_availability($$_[0]);
416 skip $skip_reason, 1 if $skip_reason;
418 ok(run(app(["openssl", "cms", @{$$_[1]}]))
419 && run(app(["openssl", "cms", @{$$_[2]}]))
420 && compare_text($smcont, "smtst.txt") == 0,
426 subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
428 (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests);
430 foreach (@smime_cms_param_tests) {
432 my $skip_reason = check_availability($$_[0]);
433 skip $skip_reason, 1 if $skip_reason;
435 ok(run(app(["openssl", "cms", @{$$_[1]}]))
436 && run(app(["openssl", "cms", @{$$_[2]}]))
437 && compare_text($smcont, "smtst.txt") == 0,
443 skip("Zlib not supported: compression tests skipped",
444 scalar @smime_cms_comp_tests)
447 foreach (@smime_cms_comp_tests) {
449 my $skip_reason = check_availability($$_[0]);
450 skip $skip_reason, 1 if $skip_reason;
452 ok(run(app(["openssl", "cms", @{$$_[1]}]))
453 && run(app(["openssl", "cms", @{$$_[2]}]))
454 && compare_text($smcont, "smtst.txt") == 0,
465 sub check_availability {
468 return "$tnam: skipped, EC disabled\n"
469 if ($no_ec && $tnam =~ /ECDH/);
470 return "$tnam: skipped, ECDH disabled\n"
471 if ($no_ec && $tnam =~ /ECDH/);
472 return "$tnam: skipped, EC2M disabled\n"
473 if ($no_ec2m && $tnam =~ /K-283/);
474 return "$tnam: skipped, DH disabled\n"
475 if ($no_dh && $tnam =~ /X9\.42/);
476 return "$tnam: skipped, RC2 disabled\n"
477 if ($no_rc2 && $tnam =~ /RC2/);
478 return "$tnam: skipped, DES disabled\n"
479 if ($no_des && $tnam =~ /DES/);