3 # Copyright (c) 2005 Kungliga Tekniska Högskolan
4 # (Royal Institute of Technology, Stockholm, Sweden).
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # 3. Neither the name of the Institute nor the names of its contributors
19 # may be used to endorse or promote products derived from this software
20 # without specific prior written permission.
22 # THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
23 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 # ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
26 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 stat="--statistic-file=${objdir}/statfile"
42 hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}"
44 if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then
47 if ${hxtool} info | grep 'rand: not available' > /dev/null ; then
51 if ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then
52 echo "not testing ECDSA since hcrypto doesnt support ECDSA"
54 echo "create signed data (ec)"
55 ${hxtool} cms-create-sd \
56 --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \
57 "$srcdir/test_chain.in" \
58 sd.data > /dev/null || exit 1
60 echo "verify signed data (ec)"
61 ${hxtool} cms-verify-sd \
63 --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \
64 sd.data sd.data.out > /dev/null || exit 1
65 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
68 echo "create signed data"
69 ${hxtool} cms-create-sd \
70 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
71 "$srcdir/test_chain.in" \
72 sd.data > /dev/null || exit 1
74 echo "verify signed data"
75 ${hxtool} cms-verify-sd \
77 --anchors=FILE:$srcdir/data/ca.crt \
78 sd.data sd.data.out > /dev/null || exit 1
79 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
81 echo "create signed data (no signer)"
82 ${hxtool} cms-create-sd \
84 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
85 "$srcdir/test_chain.in" \
86 sd.data > /dev/null || exit 1
88 echo "verify signed data (no signer)"
89 ${hxtool} cms-verify-sd \
92 --anchors=FILE:$srcdir/data/ca.crt \
93 sd.data sd.data.out > signer.tmp || exit 1
94 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
95 grep "unsigned" signer.tmp > /dev/null || exit 1
97 echo "verify signed data (no signer) (test failure)"
98 ${hxtool} cms-verify-sd \
100 --anchors=FILE:$srcdir/data/ca.crt \
101 sd.data sd.data.out 2> signer.tmp && exit 1
102 grep "No signers where found" signer.tmp > /dev/null || exit 1
104 echo "create signed data (id-by-name)"
105 ${hxtool} cms-create-sd \
106 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
108 "$srcdir/test_chain.in" \
109 sd.data > /dev/null || exit 1
111 echo "verify signed data"
112 ${hxtool} cms-verify-sd \
114 --anchors=FILE:$srcdir/data/ca.crt \
115 sd.data sd.data.out > /dev/null || exit 1
116 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
118 echo "verify signed data (EE cert as anchor)"
119 ${hxtool} cms-verify-sd \
121 --anchors=FILE:$srcdir/data/test.crt \
122 sd.data sd.data.out > /dev/null || exit 1
123 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
125 echo "create signed data (password)"
126 ${hxtool} cms-create-sd \
128 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
129 "$srcdir/test_chain.in" \
130 sd.data > /dev/null || exit 1
132 echo "verify signed data"
133 ${hxtool} cms-verify-sd \
135 --anchors=FILE:$srcdir/data/ca.crt \
136 sd.data sd.data.out > /dev/null || exit 1
137 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
139 echo "create signed data (combined)"
140 ${hxtool} cms-create-sd \
141 --certificate=FILE:$srcdir/data/test.combined.crt \
142 "$srcdir/test_chain.in" \
143 sd.data > /dev/null || exit 1
145 echo "verify signed data"
146 ${hxtool} cms-verify-sd \
148 --anchors=FILE:$srcdir/data/ca.crt \
149 sd.data sd.data.out > /dev/null || exit 1
150 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
152 echo "create signed data (content info)"
153 ${hxtool} cms-create-sd \
154 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
156 "$srcdir/test_chain.in" \
157 sd.data > /dev/null || exit 1
159 echo "verify signed data (content info)"
160 ${hxtool} cms-verify-sd \
162 --anchors=FILE:$srcdir/data/ca.crt \
164 sd.data sd.data.out > /dev/null || exit 1
165 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
167 echo "create signed data (content type)"
168 ${hxtool} cms-create-sd \
169 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
170 --content-type=1.1.1.1 \
171 "$srcdir/test_chain.in" \
172 sd.data > /dev/null || exit 1
174 echo "verify signed data (content type)"
175 ${hxtool} cms-verify-sd \
177 --anchors=FILE:$srcdir/data/ca.crt \
178 sd.data sd.data.out > /dev/null || exit 1
179 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
181 echo "create signed data (pem)"
182 ${hxtool} cms-create-sd \
183 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
185 "$srcdir/test_chain.in" \
186 sd.data > /dev/null || exit 1
188 echo "verify signed data (pem)"
189 ${hxtool} cms-verify-sd \
191 --anchors=FILE:$srcdir/data/ca.crt \
193 sd.data sd.data.out > /dev/null
194 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
196 echo "create signed data (pem, detached)"
197 ${hxtool} cms-create-sd \
198 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
199 --detached-signature \
201 "$srcdir/test_chain.in" \
202 sd.data > /dev/null || exit 1
204 echo "verify signed data (pem, detached)"
205 ${hxtool} cms-verify-sd \
207 --anchors=FILE:$srcdir/data/ca.crt \
209 --signed-content="$srcdir/test_chain.in" \
210 sd.data sd.data.out > /dev/null
211 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
213 echo "create signed data (p12)"
214 ${hxtool} cms-create-sd \
216 --certificate=PKCS12:$srcdir/data/test.p12 \
217 --signer=friendlyname-test \
218 "$srcdir/test_chain.in" \
219 sd.data > /dev/null || exit 1
221 echo "verify signed data"
222 ${hxtool} cms-verify-sd \
224 --anchors=FILE:$srcdir/data/ca.crt \
226 "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1
227 cmp "$srcdir/data/static-file" sd.data.out || exit 1
229 echo "verify signed data (no attr)"
230 ${hxtool} cms-verify-sd \
232 --anchors=FILE:$srcdir/data/ca.crt \
234 "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1
235 cmp "$srcdir/data/static-file" sd.data.out || exit 1
237 echo "verify failure signed data (no attr, no certs)"
238 ${hxtool} cms-verify-sd \
240 --anchors=FILE:$srcdir/data/ca.crt \
242 "$srcdir/data/test-signed-data-noattr-nocerts" \
243 sd.data.out > /dev/null 2>/dev/null && exit 1
245 echo "verify signed data (no attr, no certs)"
246 ${hxtool} cms-verify-sd \
248 --anchors=FILE:$srcdir/data/ca.crt \
249 --certificate=FILE:$srcdir/data/test.crt \
251 "$srcdir/data/test-signed-data-noattr-nocerts" \
252 sd.data.out > /dev/null || exit 1
253 cmp "$srcdir/data/static-file" sd.data.out || exit 1
255 echo "verify signed data - sha1"
256 ${hxtool} cms-verify-sd \
258 --anchors=FILE:$srcdir/data/ca.crt \
260 "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1
261 cmp "$srcdir/data/static-file" sd.data.out || exit 1
263 echo "verify signed data - sha256"
264 ${hxtool} cms-verify-sd \
266 --anchors=FILE:$srcdir/data/ca.crt \
268 "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1
269 cmp "$srcdir/data/static-file" sd.data.out || exit 1
271 #echo "verify signed data - sha512"
272 #${hxtool} cms-verify-sd \
274 # --anchors=FILE:$srcdir/data/ca.crt \
276 # "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1
277 #cmp "$srcdir/data/static-file" sd.data.out || exit 1
280 echo "create signed data (subcert, no certs)"
281 ${hxtool} cms-create-sd \
282 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
283 "$srcdir/test_chain.in" \
284 sd.data > /dev/null || exit 1
286 echo "verify failure signed data"
287 ${hxtool} cms-verify-sd \
289 --anchors=FILE:$srcdir/data/ca.crt \
290 sd.data sd.data.out > /dev/null 2> /dev/null && exit 1
292 echo "verify success signed data"
293 ${hxtool} cms-verify-sd \
295 --certificate=FILE:$srcdir/data/sub-ca.crt \
296 --anchors=FILE:$srcdir/data/ca.crt \
297 sd.data sd.data.out > /dev/null || exit 1
298 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
300 echo "create signed data (subcert, certs)"
301 ${hxtool} cms-create-sd \
302 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
303 --pool=FILE:$srcdir/data/sub-ca.crt \
304 --anchors=FILE:$srcdir/data/ca.crt \
305 "$srcdir/test_chain.in" \
306 sd.data > /dev/null || exit 1
308 echo "verify success signed data"
309 ${hxtool} cms-verify-sd \
311 --anchors=FILE:$srcdir/data/ca.crt \
312 sd.data sd.data.out > /dev/null || exit 1
313 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
315 echo "create signed data (subcert, certs, no-root)"
316 ${hxtool} cms-create-sd \
317 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
318 --pool=FILE:$srcdir/data/sub-ca.crt \
319 "$srcdir/test_chain.in" \
320 sd.data > /dev/null || exit 1
322 echo "verify success signed data"
323 ${hxtool} cms-verify-sd \
325 --anchors=FILE:$srcdir/data/ca.crt \
326 sd.data sd.data.out > /dev/null || exit 1
327 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
329 echo "create signed data (subcert, no-subca, no-root)"
330 ${hxtool} cms-create-sd \
331 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
332 "$srcdir/test_chain.in" \
333 sd.data > /dev/null || exit 1
335 echo "verify failure signed data"
336 ${hxtool} cms-verify-sd \
338 --anchors=FILE:$srcdir/data/ca.crt \
339 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
341 echo "create signed data (sd cert)"
342 ${hxtool} cms-create-sd \
343 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
344 "$srcdir/test_chain.in" \
345 sd.data > /dev/null || exit 1
347 echo "create signed data (ke cert)"
348 ${hxtool} cms-create-sd \
349 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
350 "$srcdir/test_chain.in" \
351 sd.data > /dev/null 2>/dev/null && exit 1
353 echo "create signed data (sd + ke certs)"
354 ${hxtool} cms-create-sd \
355 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
356 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
357 "$srcdir/test_chain.in" \
358 sd.data > /dev/null || exit 1
360 echo "create signed data (ke + sd certs)"
361 ${hxtool} cms-create-sd \
362 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
363 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \
364 "$srcdir/test_chain.in" \
365 sd.data > /dev/null || exit 1
367 echo "create signed data (detached)"
368 ${hxtool} cms-create-sd \
369 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
370 --detached-signature \
371 "$srcdir/test_chain.in" \
372 sd.data > /dev/null || exit 1
374 echo "verify signed data (detached)"
375 ${hxtool} cms-verify-sd \
377 --signed-content="$srcdir/test_chain.in" \
378 --anchors=FILE:$srcdir/data/ca.crt \
379 sd.data sd.data.out > /dev/null || exit 1
380 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
382 echo "verify failure signed data (detached)"
383 ${hxtool} cms-verify-sd \
385 --anchors=FILE:$srcdir/data/ca.crt \
386 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1
388 echo "create signed data (rsa)"
389 ${hxtool} cms-create-sd \
390 --peer-alg=1.2.840.113549.1.1.1 \
391 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
392 "$srcdir/test_chain.in" \
393 sd.data > /dev/null || exit 1
395 echo "verify signed data (rsa)"
396 ${hxtool} cms-verify-sd \
398 --anchors=FILE:$srcdir/data/ca.crt \
399 sd.data sd.data.out > /dev/null 2>/dev/null || exit 1
400 cmp "$srcdir/test_chain.in" sd.data.out || exit 1
402 echo "create signed data (pem, detached)"
403 cp "$srcdir/test_chain.in" sd
405 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
406 --detached-signature \
408 sd > /dev/null || exit 1
410 echo "verify signed data (pem, detached)"
411 ${hxtool} cms-verify-sd \
413 --anchors=FILE:$srcdir/data/ca.crt \
417 echo "create signed data (no certs, detached sig)"
418 cp "$srcdir/test_chain.in" sd
420 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
421 --detached-signature \
422 --no-embedded-certs \
423 "$srcdir/data/static-file" \
424 sd > /dev/null || exit 1
426 echo "create signed data (leif only, detached sig)"
427 cp "$srcdir/test_chain.in" sd
429 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
430 --detached-signature \
432 "$srcdir/data/static-file" \
433 sd > /dev/null || exit 1
435 echo "create signed data (no certs, detached sig, 2 signers)"
436 cp "$srcdir/test_chain.in" sd
438 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
439 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
440 --detached-signature \
441 --no-embedded-certs \
442 "$srcdir/data/static-file" \
443 sd > /dev/null || exit 1
445 echo "create signed data (no certs, detached sig, 3 signers)"
446 cp "$srcdir/test_chain.in" sd
448 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
449 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \
450 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \
451 --detached-signature \
452 --no-embedded-certs \
453 "$srcdir/data/static-file" \
454 sd > /dev/null || exit 1
456 echo "envelope data (content-type)"
457 ${hxtool} cms-envelope \
458 --certificate=FILE:$srcdir/data/test.crt \
459 --content-type=1.1.1.1 \
460 "$srcdir/data/static-file" \
461 ev.data > /dev/null || exit 1
463 echo "unenvelope data (content-type)"
464 ${hxtool} cms-unenvelope \
465 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
466 ev.data ev.data.out \
467 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
468 cmp "$srcdir/data/static-file" ev.data.out || exit 1
470 echo "envelope data (content-info)"
471 ${hxtool} cms-envelope \
472 --certificate=FILE:$srcdir/data/test.crt \
474 "$srcdir/data/static-file" \
475 ev.data > /dev/null || exit 1
477 echo "unenvelope data (content-info)"
478 ${hxtool} cms-unenvelope \
479 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
481 ev.data ev.data.out \
482 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1
483 cmp "$srcdir/data/static-file" ev.data.out || exit 1
485 for a in des-ede3 aes-128 aes-256; do
487 rm -f ev.data ev.data.out
488 echo "envelope data ($a)"
489 ${hxtool} cms-envelope \
490 --encryption-type="$a-cbc" \
491 --certificate=FILE:$srcdir/data/test.crt \
492 "$srcdir/data/static-file" \
495 echo "unenvelope data ($a)"
496 ${hxtool} cms-unenvelope \
497 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
498 ev.data ev.data.out > /dev/null || exit 1
499 cmp "$srcdir/data/static-file" ev.data.out || exit 1
502 for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do
503 echo "static unenvelope data ($a)"
506 ${hxtool} cms-unenvelope \
507 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
510 "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1
511 cmp "$srcdir/data/static-file" ev.data.out || exit 1
projects / FreeBSD / releng / 10.2.git / blob