diff options
Diffstat (limited to 'openssl/test/cms-examples.pl')
-rw-r--r-- | openssl/test/cms-examples.pl | 409 |
1 files changed, 409 insertions, 0 deletions
diff --git a/openssl/test/cms-examples.pl b/openssl/test/cms-examples.pl new file mode 100644 index 000000000..2e95b48ba --- /dev/null +++ b/openssl/test/cms-examples.pl @@ -0,0 +1,409 @@ +# test/cms-examples.pl +# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +# project. +# +# ==================================================================== +# Copyright (c) 2008 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +# Perl script to run tests against S/MIME examples in RFC4134 +# Assumes RFC is in current directory and called "rfc4134.txt" + +use MIME::Base64; + +my $badttest = 0; +my $verbose = 1; + +my $cmscmd; +my $exdir = "./"; +my $exfile = "./rfc4134.txt"; + +if (-f "../apps/openssl") + { + $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms"; + } +elsif (-f "..\\out32dll\\openssl.exe") + { + $cmscmd = "..\\out32dll\\openssl.exe cms"; + } +elsif (-f "..\\out32\\openssl.exe") + { + $cmscmd = "..\\out32\\openssl.exe cms"; + } + +my @test_list = ( + [ "3.1.bin" => "dataout" ], + [ "3.2.bin" => "encode, dataout" ], + [ "4.1.bin" => "encode, verifyder, cont, dss" ], + [ "4.2.bin" => "encode, verifyder, cont, rsa" ], + [ "4.3.bin" => "encode, verifyder, cont_extern, dss" ], + [ "4.4.bin" => "encode, verifyder, cont, dss" ], + [ "4.5.bin" => "verifyder, cont, rsa" ], + [ "4.6.bin" => "encode, verifyder, cont, dss" ], + [ "4.7.bin" => "encode, verifyder, cont, dss" ], + [ "4.8.eml" => "verifymime, dss" ], + [ "4.9.eml" => "verifymime, dss" ], + [ "4.10.bin" => "encode, verifyder, cont, dss" ], + [ "4.11.bin" => "encode, certsout" ], + [ "5.1.bin" => "encode, envelopeder, cont" ], + [ "5.2.bin" => "encode, envelopeder, cont" ], + [ "5.3.eml" => "envelopemime, cont" ], + [ "6.0.bin" => "encode, digest, cont" ], + [ "7.1.bin" => "encode, encrypted, cont" ], + [ "7.2.bin" => "encode, encrypted, cont" ] +); + +# Extract examples from RFC4134 text. +# Base64 decode all examples, certificates and +# private keys are converted to PEM format. + +my ( $filename, $data ); + +my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" ); + +$data = ""; + +open( IN, $exfile ) || die "Can't Open RFC examples file $exfile"; + +while (<IN>) { + next unless (/^\|/); + s/^\|//; + next if (/^\*/); + if (/^>(.*)$/) { + $filename = $1; + next; + } + if (/^</) { + $filename = "$exdir/$filename"; + if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) { + $data = decode_base64($data); + open OUT, ">$filename"; + binmode OUT; + print OUT $data; + close OUT; + push @cleanup, $filename; + } + elsif ( $filename =~ /\.cer$/ ) { + write_pem( $filename, "CERTIFICATE", $data ); + } + elsif ( $filename =~ /\.pri$/ ) { + write_pem( $filename, "PRIVATE KEY", $data ); + } + $data = ""; + $filename = ""; + } + else { + $data .= $_; + } + +} + +my $secretkey = + "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32"; + +foreach (@test_list) { + my ( $file, $tlist ) = @$_; + print "Example file $file:\n"; + if ( $tlist =~ /encode/ ) { + run_reencode_test( $exdir, $file ); + } + if ( $tlist =~ /certsout/ ) { + run_certsout_test( $exdir, $file ); + } + if ( $tlist =~ /dataout/ ) { + run_dataout_test( $exdir, $file ); + } + if ( $tlist =~ /verify/ ) { + run_verify_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /digest/ ) { + run_digest_test( $exdir, $tlist, $file ); + } + if ( $tlist =~ /encrypted/ ) { + run_encrypted_test( $exdir, $tlist, $file, $secretkey ); + } + if ( $tlist =~ /envelope/ ) { + run_envelope_test( $exdir, $tlist, $file ); + } + +} + +foreach (@cleanup) { + unlink $_; +} + +if ($badtest) { + print "\n$badtest TESTS FAILED!!\n"; +} +else { + print "\n***All tests successful***\n"; +} + +sub write_pem { + my ( $filename, $str, $data ) = @_; + + $filename =~ s/\.[^.]*$/.pem/; + + push @cleanup, $filename; + + open OUT, ">$filename"; + + print OUT "-----BEGIN $str-----\n"; + print OUT $data; + print OUT "-----END $str-----\n"; + + close OUT; +} + +sub run_reencode_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + + system( "$cmscmd -cmsout -inform DER -outform DER" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tReencode command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) { + print "\tReencode FAILED!!\n"; + $badtest++; + } + else { + print "\tReencode passed\n" if $verbose; + } +} + +sub run_certsout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.der"; + unlink "tmp.pem"; + + system( "$cmscmd -cmsout -inform DER -certsout tmp.pem" + . " -in $cmsdir/$tfile -out tmp.der" ); + + if ($?) { + print "\tCertificate output command FAILED!!\n"; + $badtest++; + } + else { + print "\tCertificate output passed\n" if $verbose; + } +} + +sub run_dataout_test { + my ( $cmsdir, $tfile ) = @_; + unlink "tmp.txt"; + + system( + "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tDataout command FAILED!!\n"; + $badtest++; + } + elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) { + print "\tDataout compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDataout passed\n" if $verbose; + } +} + +sub run_verify_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /verifyder/; + $form = "SMIME" if $tlist =~ /verifymime/; + $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/; + $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/; + + $cmd = + "$cmscmd -verify -inform $form" + . " -CAfile $cafile" + . " -in $cmsdir/$tfile -out tmp.txt"; + + $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tVerify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tVerify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tVerify passed\n" if $verbose; + } +} + +sub run_envelope_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + $form = "DER" if $tlist =~ /envelopeder/; + $form = "SMIME" if $tlist =~ /envelopemime/; + + $cmd = + "$cmscmd -decrypt -inform $form" + . " -recip $cmsdir/BobRSASignByCarl.pem" + . " -inkey $cmsdir/BobPrivRSAEncrypt.pem" + . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDecrypt command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDecrypt content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDecrypt passed\n" if $verbose; + } +} + +sub run_digest_test { + my ( $cmsdir, $tlist, $tfile ) = @_; + unlink "tmp.txt"; + + my $cmd = + "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt"; + + system("$cmd 2>cms.err 1>cms.out"); + + if ($?) { + print "\tDigest verify command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tDigest verify content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tDigest verify passed\n" if $verbose; + } +} + +sub run_encrypted_test { + my ( $cmsdir, $tlist, $tfile, $key ) = @_; + unlink "tmp.txt"; + + system( "$cmscmd -EncryptedData_decrypt -inform DER" + . " -secretkey $key" + . " -in $cmsdir/$tfile -out tmp.txt" ); + + if ($?) { + print "\tEncrypted Data command FAILED!!\n"; + $badtest++; + } + elsif ( $tlist =~ /cont/ + && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) + { + print "\tEncrypted Data content compare FAILED!!\n"; + $badtest++; + } + else { + print "\tEncryptedData verify passed\n" if $verbose; + } +} + +sub cmp_files { + my ( $f1, $f2 ) = @_; + my ( $fp1, $fp2 ); + + my ( $rd1, $rd2 ); + + if ( !open( $fp1, "<$f1" ) ) { + print STDERR "Can't Open file $f1\n"; + return 0; + } + + if ( !open( $fp2, "<$f2" ) ) { + print STDERR "Can't Open file $f2\n"; + return 0; + } + + binmode $fp1; + binmode $fp2; + + my $ret = 0; + + for ( ; ; ) { + $n1 = sysread $fp1, $rd1, 4096; + $n2 = sysread $fp2, $rd2, 4096; + last if ( $n1 != $n2 ); + last if ( $rd1 ne $rd2 ); + + if ( $n1 == 0 ) { + $ret = 1; + last; + } + + } + + close $fp1; + close $fp2; + + return $ret; + +} + |