1c19800e8SDoug Rabson#!/bin/sh 2c19800e8SDoug Rabson# 3*ae771770SStanislav Sedov# Copyright (c) 2005 Kungliga Tekniska Högskolan 4c19800e8SDoug Rabson# (Royal Institute of Technology, Stockholm, Sweden). 5c19800e8SDoug Rabson# All rights reserved. 6c19800e8SDoug Rabson# 7c19800e8SDoug Rabson# Redistribution and use in source and binary forms, with or without 8c19800e8SDoug Rabson# modification, are permitted provided that the following conditions 9c19800e8SDoug Rabson# are met: 10c19800e8SDoug Rabson# 11c19800e8SDoug Rabson# 1. Redistributions of source code must retain the above copyright 12c19800e8SDoug Rabson# notice, this list of conditions and the following disclaimer. 13c19800e8SDoug Rabson# 14c19800e8SDoug Rabson# 2. Redistributions in binary form must reproduce the above copyright 15c19800e8SDoug Rabson# notice, this list of conditions and the following disclaimer in the 16c19800e8SDoug Rabson# documentation and/or other materials provided with the distribution. 17c19800e8SDoug Rabson# 18c19800e8SDoug Rabson# 3. Neither the name of the Institute nor the names of its contributors 19c19800e8SDoug Rabson# may be used to endorse or promote products derived from this software 20c19800e8SDoug Rabson# without specific prior written permission. 21c19800e8SDoug Rabson# 22c19800e8SDoug Rabson# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23c19800e8SDoug Rabson# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24c19800e8SDoug Rabson# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25c19800e8SDoug Rabson# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26c19800e8SDoug Rabson# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27c19800e8SDoug Rabson# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28c19800e8SDoug Rabson# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29c19800e8SDoug Rabson# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30c19800e8SDoug Rabson# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31c19800e8SDoug Rabson# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32c19800e8SDoug Rabson# SUCH DAMAGE. 33c19800e8SDoug Rabson# 34*ae771770SStanislav Sedov# $Id$ 35c19800e8SDoug Rabson# 36c19800e8SDoug Rabson 37c19800e8SDoug Rabsonsrcdir="@srcdir@" 38c19800e8SDoug Rabsonobjdir="@objdir@" 39c19800e8SDoug Rabson 40c19800e8SDoug Rabsonstat="--statistic-file=${objdir}/statfile" 41c19800e8SDoug Rabson 42c19800e8SDoug Rabsonhxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43c19800e8SDoug Rabson 44c19800e8SDoug Rabsonif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45c19800e8SDoug Rabson exit 77 46c19800e8SDoug Rabsonfi 47c19800e8SDoug Rabsonif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48c19800e8SDoug Rabson exit 77 49c19800e8SDoug Rabsonfi 50c19800e8SDoug Rabson 51*ae771770SStanislav Sedovif ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then 52*ae771770SStanislav Sedov echo "not testing ECDSA since hcrypto doesnt support ECDSA" 53*ae771770SStanislav Sedovelse 54*ae771770SStanislav Sedov echo "create signed data (ec)" 55*ae771770SStanislav Sedov ${hxtool} cms-create-sd \ 56*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \ 57*ae771770SStanislav Sedov "$srcdir/test_chain.in" \ 58*ae771770SStanislav Sedov sd.data > /dev/null || exit 1 59*ae771770SStanislav Sedov 60*ae771770SStanislav Sedov echo "verify signed data (ec)" 61*ae771770SStanislav Sedov ${hxtool} cms-verify-sd \ 62*ae771770SStanislav Sedov --missing-revoke \ 63*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \ 64*ae771770SStanislav Sedov sd.data sd.data.out > /dev/null || exit 1 65*ae771770SStanislav Sedov cmp "$srcdir/test_chain.in" sd.data.out || exit 1 66*ae771770SStanislav Sedovfi 67*ae771770SStanislav Sedov 68c19800e8SDoug Rabsonecho "create signed data" 69c19800e8SDoug Rabson${hxtool} cms-create-sd \ 70c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 71c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 72c19800e8SDoug Rabson sd.data > /dev/null || exit 1 73c19800e8SDoug Rabson 74c19800e8SDoug Rabsonecho "verify signed data" 75c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 76c19800e8SDoug Rabson --missing-revoke \ 77c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 78c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 79c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 80c19800e8SDoug Rabson 81*ae771770SStanislav Sedovecho "create signed data (no signer)" 82*ae771770SStanislav Sedov${hxtool} cms-create-sd \ 83*ae771770SStanislav Sedov --no-signer \ 84*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 85*ae771770SStanislav Sedov "$srcdir/test_chain.in" \ 86*ae771770SStanislav Sedov sd.data > /dev/null || exit 1 87*ae771770SStanislav Sedov 88*ae771770SStanislav Sedovecho "verify signed data (no signer)" 89*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 90*ae771770SStanislav Sedov --missing-revoke \ 91*ae771770SStanislav Sedov --no-signer-allowed \ 92*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 93*ae771770SStanislav Sedov sd.data sd.data.out > signer.tmp || exit 1 94*ae771770SStanislav Sedovcmp "$srcdir/test_chain.in" sd.data.out || exit 1 95*ae771770SStanislav Sedovgrep "unsigned" signer.tmp > /dev/null || exit 1 96*ae771770SStanislav Sedov 97*ae771770SStanislav Sedovecho "verify signed data (no signer) (test failure)" 98*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 99*ae771770SStanislav Sedov --missing-revoke \ 100*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 101*ae771770SStanislav Sedov sd.data sd.data.out 2> signer.tmp && exit 1 102*ae771770SStanislav Sedovgrep "No signers where found" signer.tmp > /dev/null || exit 1 103*ae771770SStanislav Sedov 104c19800e8SDoug Rabsonecho "create signed data (id-by-name)" 105c19800e8SDoug Rabson${hxtool} cms-create-sd \ 106c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 107c19800e8SDoug Rabson --id-by-name \ 108c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 109c19800e8SDoug Rabson sd.data > /dev/null || exit 1 110c19800e8SDoug Rabson 111c19800e8SDoug Rabsonecho "verify signed data" 112c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 113c19800e8SDoug Rabson --missing-revoke \ 114c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 115c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 116c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 117c19800e8SDoug Rabson 118c19800e8SDoug Rabsonecho "verify signed data (EE cert as anchor)" 119c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 120c19800e8SDoug Rabson --missing-revoke \ 121c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/test.crt \ 122c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 123c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 124c19800e8SDoug Rabson 125c19800e8SDoug Rabsonecho "create signed data (password)" 126c19800e8SDoug Rabson${hxtool} cms-create-sd \ 127c19800e8SDoug Rabson --pass=PASS:foobar \ 128c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 129c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 130c19800e8SDoug Rabson sd.data > /dev/null || exit 1 131c19800e8SDoug Rabson 132c19800e8SDoug Rabsonecho "verify signed data" 133c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 134c19800e8SDoug Rabson --missing-revoke \ 135c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 136c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 137c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 138c19800e8SDoug Rabson 139c19800e8SDoug Rabsonecho "create signed data (combined)" 140c19800e8SDoug Rabson${hxtool} cms-create-sd \ 141c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.combined.crt \ 142c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 143c19800e8SDoug Rabson sd.data > /dev/null || exit 1 144c19800e8SDoug Rabson 145c19800e8SDoug Rabsonecho "verify signed data" 146c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 147c19800e8SDoug Rabson --missing-revoke \ 148c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 149c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 150c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 151c19800e8SDoug Rabson 152c19800e8SDoug Rabsonecho "create signed data (content info)" 153c19800e8SDoug Rabson${hxtool} cms-create-sd \ 154c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 155c19800e8SDoug Rabson --content-info \ 156c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 157c19800e8SDoug Rabson sd.data > /dev/null || exit 1 158c19800e8SDoug Rabson 159c19800e8SDoug Rabsonecho "verify signed data (content info)" 160c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 161c19800e8SDoug Rabson --missing-revoke \ 162c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 163c19800e8SDoug Rabson --content-info \ 164c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 165c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 166c19800e8SDoug Rabson 167c19800e8SDoug Rabsonecho "create signed data (content type)" 168c19800e8SDoug Rabson${hxtool} cms-create-sd \ 169c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 170c19800e8SDoug Rabson --content-type=1.1.1.1 \ 171c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 172c19800e8SDoug Rabson sd.data > /dev/null || exit 1 173c19800e8SDoug Rabson 174c19800e8SDoug Rabsonecho "verify signed data (content type)" 175c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 176c19800e8SDoug Rabson --missing-revoke \ 177c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 178c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 179c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 180c19800e8SDoug Rabson 181c19800e8SDoug Rabsonecho "create signed data (pem)" 182c19800e8SDoug Rabson${hxtool} cms-create-sd \ 183c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 184c19800e8SDoug Rabson --pem \ 185c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 186c19800e8SDoug Rabson sd.data > /dev/null || exit 1 187c19800e8SDoug Rabson 188*ae771770SStanislav Sedovecho "verify signed data (pem)" 189*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 190*ae771770SStanislav Sedov --missing-revoke \ 191*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 192*ae771770SStanislav Sedov --pem \ 193*ae771770SStanislav Sedov sd.data sd.data.out > /dev/null 194*ae771770SStanislav Sedovcmp "$srcdir/test_chain.in" sd.data.out || exit 1 195*ae771770SStanislav Sedov 196c19800e8SDoug Rabsonecho "create signed data (pem, detached)" 197c19800e8SDoug Rabson${hxtool} cms-create-sd \ 198c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 199c19800e8SDoug Rabson --detached-signature \ 200c19800e8SDoug Rabson --pem \ 201c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 202c19800e8SDoug Rabson sd.data > /dev/null || exit 1 203c19800e8SDoug Rabson 204*ae771770SStanislav Sedovecho "verify signed data (pem, detached)" 205*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 206*ae771770SStanislav Sedov --missing-revoke \ 207*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 208*ae771770SStanislav Sedov --pem \ 209*ae771770SStanislav Sedov --signed-content="$srcdir/test_chain.in" \ 210*ae771770SStanislav Sedov sd.data sd.data.out > /dev/null 211*ae771770SStanislav Sedovcmp "$srcdir/test_chain.in" sd.data.out || exit 1 212*ae771770SStanislav Sedov 213c19800e8SDoug Rabsonecho "create signed data (p12)" 214c19800e8SDoug Rabson${hxtool} cms-create-sd \ 215c19800e8SDoug Rabson --pass=PASS:foobar \ 216c19800e8SDoug Rabson --certificate=PKCS12:$srcdir/data/test.p12 \ 217c19800e8SDoug Rabson --signer=friendlyname-test \ 218c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 219c19800e8SDoug Rabson sd.data > /dev/null || exit 1 220c19800e8SDoug Rabson 221c19800e8SDoug Rabsonecho "verify signed data" 222c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 223c19800e8SDoug Rabson --missing-revoke \ 224c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 225c19800e8SDoug Rabson --content-info \ 226c19800e8SDoug Rabson "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 227c19800e8SDoug Rabsoncmp "$srcdir/data/static-file" sd.data.out || exit 1 228c19800e8SDoug Rabson 229c19800e8SDoug Rabsonecho "verify signed data (no attr)" 230c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 231c19800e8SDoug Rabson --missing-revoke \ 232c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 233c19800e8SDoug Rabson --content-info \ 234c19800e8SDoug Rabson "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 235c19800e8SDoug Rabsoncmp "$srcdir/data/static-file" sd.data.out || exit 1 236c19800e8SDoug Rabson 237c19800e8SDoug Rabsonecho "verify failure signed data (no attr, no certs)" 238c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 239c19800e8SDoug Rabson --missing-revoke \ 240c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 241c19800e8SDoug Rabson --content-info \ 242c19800e8SDoug Rabson "$srcdir/data/test-signed-data-noattr-nocerts" \ 243c19800e8SDoug Rabson sd.data.out > /dev/null 2>/dev/null && exit 1 244c19800e8SDoug Rabson 245c19800e8SDoug Rabsonecho "verify signed data (no attr, no certs)" 246c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 247c19800e8SDoug Rabson --missing-revoke \ 248c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 249c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt \ 250c19800e8SDoug Rabson --content-info \ 251c19800e8SDoug Rabson "$srcdir/data/test-signed-data-noattr-nocerts" \ 252c19800e8SDoug Rabson sd.data.out > /dev/null || exit 1 253c19800e8SDoug Rabsoncmp "$srcdir/data/static-file" sd.data.out || exit 1 254c19800e8SDoug Rabson 255*ae771770SStanislav Sedovecho "verify signed data - sha1" 256*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 257*ae771770SStanislav Sedov --missing-revoke \ 258*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 259*ae771770SStanislav Sedov --content-info \ 260*ae771770SStanislav Sedov "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1 261*ae771770SStanislav Sedovcmp "$srcdir/data/static-file" sd.data.out || exit 1 262*ae771770SStanislav Sedov 263*ae771770SStanislav Sedovecho "verify signed data - sha256" 264*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 265*ae771770SStanislav Sedov --missing-revoke \ 266*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 267*ae771770SStanislav Sedov --content-info \ 268*ae771770SStanislav Sedov "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1 269*ae771770SStanislav Sedovcmp "$srcdir/data/static-file" sd.data.out || exit 1 270*ae771770SStanislav Sedov 271*ae771770SStanislav Sedov#echo "verify signed data - sha512" 272*ae771770SStanislav Sedov#${hxtool} cms-verify-sd \ 273*ae771770SStanislav Sedov# --missing-revoke \ 274*ae771770SStanislav Sedov# --anchors=FILE:$srcdir/data/ca.crt \ 275*ae771770SStanislav Sedov# --content-info \ 276*ae771770SStanislav Sedov# "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1 277*ae771770SStanislav Sedov#cmp "$srcdir/data/static-file" sd.data.out || exit 1 278*ae771770SStanislav Sedov 279*ae771770SStanislav Sedov 280c19800e8SDoug Rabsonecho "create signed data (subcert, no certs)" 281c19800e8SDoug Rabson${hxtool} cms-create-sd \ 282c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 283c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 284c19800e8SDoug Rabson sd.data > /dev/null || exit 1 285c19800e8SDoug Rabson 286c19800e8SDoug Rabsonecho "verify failure signed data" 287c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 288c19800e8SDoug Rabson --missing-revoke \ 289c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 290c19800e8SDoug Rabson sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 291c19800e8SDoug Rabson 292c19800e8SDoug Rabsonecho "verify success signed data" 293c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 294c19800e8SDoug Rabson --missing-revoke \ 295c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/sub-ca.crt \ 296c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 297c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 298c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 299c19800e8SDoug Rabson 300c19800e8SDoug Rabsonecho "create signed data (subcert, certs)" 301c19800e8SDoug Rabson${hxtool} cms-create-sd \ 302c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 303c19800e8SDoug Rabson --pool=FILE:$srcdir/data/sub-ca.crt \ 304c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 305c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 306c19800e8SDoug Rabson sd.data > /dev/null || exit 1 307c19800e8SDoug Rabson 308c19800e8SDoug Rabsonecho "verify success signed data" 309c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 310c19800e8SDoug Rabson --missing-revoke \ 311c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 312c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 313c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 314c19800e8SDoug Rabson 315c19800e8SDoug Rabsonecho "create signed data (subcert, certs, no-root)" 316c19800e8SDoug Rabson${hxtool} cms-create-sd \ 317c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 318c19800e8SDoug Rabson --pool=FILE:$srcdir/data/sub-ca.crt \ 319c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 320c19800e8SDoug Rabson sd.data > /dev/null || exit 1 321c19800e8SDoug Rabson 322c19800e8SDoug Rabsonecho "verify success signed data" 323c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 324c19800e8SDoug Rabson --missing-revoke \ 325c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 326c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 327c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 328c19800e8SDoug Rabson 329c19800e8SDoug Rabsonecho "create signed data (subcert, no-subca, no-root)" 330c19800e8SDoug Rabson${hxtool} cms-create-sd \ 331c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 332c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 333c19800e8SDoug Rabson sd.data > /dev/null || exit 1 334c19800e8SDoug Rabson 335c19800e8SDoug Rabsonecho "verify failure signed data" 336c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 337c19800e8SDoug Rabson --missing-revoke \ 338c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 339c19800e8SDoug Rabson sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 340c19800e8SDoug Rabson 341c19800e8SDoug Rabsonecho "create signed data (sd cert)" 342c19800e8SDoug Rabson${hxtool} cms-create-sd \ 343c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 344c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 345c19800e8SDoug Rabson sd.data > /dev/null || exit 1 346c19800e8SDoug Rabson 347c19800e8SDoug Rabsonecho "create signed data (ke cert)" 348c19800e8SDoug Rabson${hxtool} cms-create-sd \ 349c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 350c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 351c19800e8SDoug Rabson sd.data > /dev/null 2>/dev/null && exit 1 352c19800e8SDoug Rabson 353c19800e8SDoug Rabsonecho "create signed data (sd + ke certs)" 354c19800e8SDoug Rabson${hxtool} cms-create-sd \ 355c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 356c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 357c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 358c19800e8SDoug Rabson sd.data > /dev/null || exit 1 359c19800e8SDoug Rabson 360c19800e8SDoug Rabsonecho "create signed data (ke + sd certs)" 361c19800e8SDoug Rabson${hxtool} cms-create-sd \ 362c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 363c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 364c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 365c19800e8SDoug Rabson sd.data > /dev/null || exit 1 366c19800e8SDoug Rabson 367c19800e8SDoug Rabsonecho "create signed data (detached)" 368c19800e8SDoug Rabson${hxtool} cms-create-sd \ 369c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 370c19800e8SDoug Rabson --detached-signature \ 371c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 372c19800e8SDoug Rabson sd.data > /dev/null || exit 1 373c19800e8SDoug Rabson 374c19800e8SDoug Rabsonecho "verify signed data (detached)" 375c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 376c19800e8SDoug Rabson --missing-revoke \ 377c19800e8SDoug Rabson --signed-content="$srcdir/test_chain.in" \ 378c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 379c19800e8SDoug Rabson sd.data sd.data.out > /dev/null || exit 1 380c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 381c19800e8SDoug Rabson 382c19800e8SDoug Rabsonecho "verify failure signed data (detached)" 383c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 384c19800e8SDoug Rabson --missing-revoke \ 385c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 386c19800e8SDoug Rabson sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 387c19800e8SDoug Rabson 388c19800e8SDoug Rabsonecho "create signed data (rsa)" 389c19800e8SDoug Rabson${hxtool} cms-create-sd \ 390c19800e8SDoug Rabson --peer-alg=1.2.840.113549.1.1.1 \ 391c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 392c19800e8SDoug Rabson "$srcdir/test_chain.in" \ 393c19800e8SDoug Rabson sd.data > /dev/null || exit 1 394c19800e8SDoug Rabson 395c19800e8SDoug Rabsonecho "verify signed data (rsa)" 396c19800e8SDoug Rabson${hxtool} cms-verify-sd \ 397c19800e8SDoug Rabson --missing-revoke \ 398c19800e8SDoug Rabson --anchors=FILE:$srcdir/data/ca.crt \ 399c19800e8SDoug Rabson sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 400c19800e8SDoug Rabsoncmp "$srcdir/test_chain.in" sd.data.out || exit 1 401c19800e8SDoug Rabson 402*ae771770SStanislav Sedovecho "create signed data (pem, detached)" 403*ae771770SStanislav Sedovcp "$srcdir/test_chain.in" sd 404*ae771770SStanislav Sedov${hxtool} cms-sign \ 405*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 406*ae771770SStanislav Sedov --detached-signature \ 407*ae771770SStanislav Sedov --pem \ 408*ae771770SStanislav Sedov sd > /dev/null || exit 1 409*ae771770SStanislav Sedov 410*ae771770SStanislav Sedovecho "verify signed data (pem, detached)" 411*ae771770SStanislav Sedov${hxtool} cms-verify-sd \ 412*ae771770SStanislav Sedov --missing-revoke \ 413*ae771770SStanislav Sedov --anchors=FILE:$srcdir/data/ca.crt \ 414*ae771770SStanislav Sedov --pem \ 415*ae771770SStanislav Sedov sd.pem > /dev/null 416*ae771770SStanislav Sedov 417*ae771770SStanislav Sedovecho "create signed data (no certs, detached sig)" 418*ae771770SStanislav Sedovcp "$srcdir/test_chain.in" sd 419*ae771770SStanislav Sedov${hxtool} cms-sign \ 420*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 421*ae771770SStanislav Sedov --detached-signature \ 422*ae771770SStanislav Sedov --no-embedded-certs \ 423*ae771770SStanislav Sedov "$srcdir/data/static-file" \ 424*ae771770SStanislav Sedov sd > /dev/null || exit 1 425*ae771770SStanislav Sedov 426*ae771770SStanislav Sedovecho "create signed data (leif only, detached sig)" 427*ae771770SStanislav Sedovcp "$srcdir/test_chain.in" sd 428*ae771770SStanislav Sedov${hxtool} cms-sign \ 429*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 430*ae771770SStanislav Sedov --detached-signature \ 431*ae771770SStanislav Sedov --embed-leaf-only \ 432*ae771770SStanislav Sedov "$srcdir/data/static-file" \ 433*ae771770SStanislav Sedov sd > /dev/null || exit 1 434*ae771770SStanislav Sedov 435*ae771770SStanislav Sedovecho "create signed data (no certs, detached sig, 2 signers)" 436*ae771770SStanislav Sedovcp "$srcdir/test_chain.in" sd 437*ae771770SStanislav Sedov${hxtool} cms-sign \ 438*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 439*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 440*ae771770SStanislav Sedov --detached-signature \ 441*ae771770SStanislav Sedov --no-embedded-certs \ 442*ae771770SStanislav Sedov "$srcdir/data/static-file" \ 443*ae771770SStanislav Sedov sd > /dev/null || exit 1 444*ae771770SStanislav Sedov 445*ae771770SStanislav Sedovecho "create signed data (no certs, detached sig, 3 signers)" 446*ae771770SStanislav Sedovcp "$srcdir/test_chain.in" sd 447*ae771770SStanislav Sedov${hxtool} cms-sign \ 448*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 449*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 450*ae771770SStanislav Sedov --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 451*ae771770SStanislav Sedov --detached-signature \ 452*ae771770SStanislav Sedov --no-embedded-certs \ 453*ae771770SStanislav Sedov "$srcdir/data/static-file" \ 454*ae771770SStanislav Sedov sd > /dev/null || exit 1 455*ae771770SStanislav Sedov 456c19800e8SDoug Rabsonecho "envelope data (content-type)" 457c19800e8SDoug Rabson${hxtool} cms-envelope \ 458c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt \ 459c19800e8SDoug Rabson --content-type=1.1.1.1 \ 460c19800e8SDoug Rabson "$srcdir/data/static-file" \ 461c19800e8SDoug Rabson ev.data > /dev/null || exit 1 462c19800e8SDoug Rabson 463c19800e8SDoug Rabsonecho "unenvelope data (content-type)" 464c19800e8SDoug Rabson${hxtool} cms-unenvelope \ 465c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 466c19800e8SDoug Rabson ev.data ev.data.out \ 467c19800e8SDoug Rabson FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 468c19800e8SDoug Rabsoncmp "$srcdir/data/static-file" ev.data.out || exit 1 469c19800e8SDoug Rabson 470c19800e8SDoug Rabsonecho "envelope data (content-info)" 471c19800e8SDoug Rabson${hxtool} cms-envelope \ 472c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt \ 473c19800e8SDoug Rabson --content-info \ 474c19800e8SDoug Rabson "$srcdir/data/static-file" \ 475c19800e8SDoug Rabson ev.data > /dev/null || exit 1 476c19800e8SDoug Rabson 477c19800e8SDoug Rabsonecho "unenvelope data (content-info)" 478c19800e8SDoug Rabson${hxtool} cms-unenvelope \ 479c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 480c19800e8SDoug Rabson --content-info \ 481c19800e8SDoug Rabson ev.data ev.data.out \ 482c19800e8SDoug Rabson FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 483c19800e8SDoug Rabsoncmp "$srcdir/data/static-file" ev.data.out || exit 1 484c19800e8SDoug Rabson 485c19800e8SDoug Rabsonfor a in des-ede3 aes-128 aes-256; do 486c19800e8SDoug Rabson 487c19800e8SDoug Rabson rm -f ev.data ev.data.out 488c19800e8SDoug Rabson echo "envelope data ($a)" 489c19800e8SDoug Rabson ${hxtool} cms-envelope \ 490c19800e8SDoug Rabson --encryption-type="$a-cbc" \ 491c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt \ 492c19800e8SDoug Rabson "$srcdir/data/static-file" \ 493c19800e8SDoug Rabson ev.data || exit 1 494c19800e8SDoug Rabson 495c19800e8SDoug Rabson echo "unenvelope data ($a)" 496c19800e8SDoug Rabson ${hxtool} cms-unenvelope \ 497c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 498c19800e8SDoug Rabson ev.data ev.data.out > /dev/null || exit 1 499c19800e8SDoug Rabson cmp "$srcdir/data/static-file" ev.data.out || exit 1 500c19800e8SDoug Rabsondone 501c19800e8SDoug Rabson 502c19800e8SDoug Rabsonfor a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 503c19800e8SDoug Rabson echo "static unenvelope data ($a)" 504c19800e8SDoug Rabson 505c19800e8SDoug Rabson rm -f ev.data.out 506c19800e8SDoug Rabson ${hxtool} cms-unenvelope \ 507c19800e8SDoug Rabson --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 508c19800e8SDoug Rabson --content-info \ 509*ae771770SStanislav Sedov --allow-weak \ 510c19800e8SDoug Rabson "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 511c19800e8SDoug Rabson cmp "$srcdir/data/static-file" ev.data.out || exit 1 512c19800e8SDoug Rabsondone 513c19800e8SDoug Rabson 514c19800e8SDoug Rabsonexit 0 515