1#!/bin/sh 2# 3# Copyright (c) 2005 Kungliga Tekniska H�gskolan 4# (Royal Institute of Technology, Stockholm, Sweden). 5# All rights reserved. 6# 7# Redistribution and use in source and binary forms, with or without 8# modification, are permitted provided that the following conditions 9# are met: 10# 11# 1. Redistributions of source code must retain the above copyright 12# notice, this list of conditions and the following disclaimer. 13# 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# 3. Neither the name of the Institute nor the names of its contributors 19# may be used to endorse or promote products derived from this software 20# without specific prior written permission. 21# 22# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32# SUCH DAMAGE. 33# 34# $Id: test_cms.in 21311 2007-06-25 18:26:37Z lha $ 35# 36 37srcdir="@srcdir@" 38objdir="@objdir@" 39 40stat="--statistic-file=${objdir}/statfile" 41 42hxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43 44if ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45 exit 77 46fi 47if ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48 exit 77 49fi 50 51echo "create signed data" 52${hxtool} cms-create-sd \ 53 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 54 "$srcdir/test_chain.in" \ 55 sd.data > /dev/null || exit 1 56 57echo "verify signed data" 58${hxtool} cms-verify-sd \ 59 --missing-revoke \ 60 --anchors=FILE:$srcdir/data/ca.crt \ 61 sd.data sd.data.out > /dev/null || exit 1 62cmp "$srcdir/test_chain.in" sd.data.out || exit 1 63 64echo "create signed data (id-by-name)" 65${hxtool} cms-create-sd \ 66 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 67 --id-by-name \ 68 "$srcdir/test_chain.in" \ 69 sd.data > /dev/null || exit 1 70 71echo "verify signed data" 72${hxtool} cms-verify-sd \ 73 --missing-revoke \ 74 --anchors=FILE:$srcdir/data/ca.crt \ 75 sd.data sd.data.out > /dev/null || exit 1 76cmp "$srcdir/test_chain.in" sd.data.out || exit 1 77 78echo "verify signed data (EE cert as anchor)" 79${hxtool} cms-verify-sd \ 80 --missing-revoke \ 81 --anchors=FILE:$srcdir/data/test.crt \ 82 sd.data sd.data.out > /dev/null || exit 1 83cmp "$srcdir/test_chain.in" sd.data.out || exit 1 84 85echo "create signed data (password)" 86${hxtool} cms-create-sd \ 87 --pass=PASS:foobar \ 88 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 89 "$srcdir/test_chain.in" \ 90 sd.data > /dev/null || exit 1 91 92echo "verify signed data" 93${hxtool} cms-verify-sd \ 94 --missing-revoke \ 95 --anchors=FILE:$srcdir/data/ca.crt \ 96 sd.data sd.data.out > /dev/null || exit 1 97cmp "$srcdir/test_chain.in" sd.data.out || exit 1 98 99echo "create signed data (combined)" 100${hxtool} cms-create-sd \ 101 --certificate=FILE:$srcdir/data/test.combined.crt \ 102 "$srcdir/test_chain.in" \ 103 sd.data > /dev/null || exit 1 104 105echo "verify signed data" 106${hxtool} cms-verify-sd \ 107 --missing-revoke \ 108 --anchors=FILE:$srcdir/data/ca.crt \ 109 sd.data sd.data.out > /dev/null || exit 1 110cmp "$srcdir/test_chain.in" sd.data.out || exit 1 111 112echo "create signed data (content info)" 113${hxtool} cms-create-sd \ 114 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 115 --content-info \ 116 "$srcdir/test_chain.in" \ 117 sd.data > /dev/null || exit 1 118 119echo "verify signed data (content info)" 120${hxtool} cms-verify-sd \ 121 --missing-revoke \ 122 --anchors=FILE:$srcdir/data/ca.crt \ 123 --content-info \ 124 sd.data sd.data.out > /dev/null || exit 1 125cmp "$srcdir/test_chain.in" sd.data.out || exit 1 126 127echo "create signed data (content type)" 128${hxtool} cms-create-sd \ 129 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 130 --content-type=1.1.1.1 \ 131 "$srcdir/test_chain.in" \ 132 sd.data > /dev/null || exit 1 133 134echo "verify signed data (content type)" 135${hxtool} cms-verify-sd \ 136 --missing-revoke \ 137 --anchors=FILE:$srcdir/data/ca.crt \ 138 sd.data sd.data.out > /dev/null || exit 1 139cmp "$srcdir/test_chain.in" sd.data.out || exit 1 140 141echo "create signed data (pem)" 142${hxtool} cms-create-sd \ 143 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 144 --pem \ 145 "$srcdir/test_chain.in" \ 146 sd.data > /dev/null || exit 1 147 148echo "create signed data (pem, detached)" 149${hxtool} cms-create-sd \ 150 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 151 --detached-signature \ 152 --pem \ 153 "$srcdir/test_chain.in" \ 154 sd.data > /dev/null || exit 1 155 156echo "create signed data (p12)" 157${hxtool} cms-create-sd \ 158 --pass=PASS:foobar \ 159 --certificate=PKCS12:$srcdir/data/test.p12 \ 160 --signer=friendlyname-test \ 161 "$srcdir/test_chain.in" \ 162 sd.data > /dev/null || exit 1 163 164echo "verify signed data" 165${hxtool} cms-verify-sd \ 166 --missing-revoke \ 167 --anchors=FILE:$srcdir/data/ca.crt \ 168 --content-info \ 169 "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 170cmp "$srcdir/data/static-file" sd.data.out || exit 1 171 172echo "verify signed data (no attr)" 173${hxtool} cms-verify-sd \ 174 --missing-revoke \ 175 --anchors=FILE:$srcdir/data/ca.crt \ 176 --content-info \ 177 "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 178cmp "$srcdir/data/static-file" sd.data.out || exit 1 179 180echo "verify failure signed data (no attr, no certs)" 181${hxtool} cms-verify-sd \ 182 --missing-revoke \ 183 --anchors=FILE:$srcdir/data/ca.crt \ 184 --content-info \ 185 "$srcdir/data/test-signed-data-noattr-nocerts" \ 186 sd.data.out > /dev/null 2>/dev/null && exit 1 187 188echo "verify signed data (no attr, no certs)" 189${hxtool} cms-verify-sd \ 190 --missing-revoke \ 191 --anchors=FILE:$srcdir/data/ca.crt \ 192 --certificate=FILE:$srcdir/data/test.crt \ 193 --content-info \ 194 "$srcdir/data/test-signed-data-noattr-nocerts" \ 195 sd.data.out > /dev/null || exit 1 196cmp "$srcdir/data/static-file" sd.data.out || exit 1 197 198echo "create signed data (subcert, no certs)" 199${hxtool} cms-create-sd \ 200 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 201 "$srcdir/test_chain.in" \ 202 sd.data > /dev/null || exit 1 203 204echo "verify failure signed data" 205${hxtool} cms-verify-sd \ 206 --missing-revoke \ 207 --anchors=FILE:$srcdir/data/ca.crt \ 208 sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 209 210echo "verify success signed data" 211${hxtool} cms-verify-sd \ 212 --missing-revoke \ 213 --certificate=FILE:$srcdir/data/sub-ca.crt \ 214 --anchors=FILE:$srcdir/data/ca.crt \ 215 sd.data sd.data.out > /dev/null || exit 1 216cmp "$srcdir/test_chain.in" sd.data.out || exit 1 217 218echo "create signed data (subcert, certs)" 219${hxtool} cms-create-sd \ 220 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 221 --pool=FILE:$srcdir/data/sub-ca.crt \ 222 --anchors=FILE:$srcdir/data/ca.crt \ 223 "$srcdir/test_chain.in" \ 224 sd.data > /dev/null || exit 1 225 226echo "verify success signed data" 227${hxtool} cms-verify-sd \ 228 --missing-revoke \ 229 --anchors=FILE:$srcdir/data/ca.crt \ 230 sd.data sd.data.out > /dev/null || exit 1 231cmp "$srcdir/test_chain.in" sd.data.out || exit 1 232 233echo "create signed data (subcert, certs, no-root)" 234${hxtool} cms-create-sd \ 235 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 236 --pool=FILE:$srcdir/data/sub-ca.crt \ 237 "$srcdir/test_chain.in" \ 238 sd.data > /dev/null || exit 1 239 240echo "verify success signed data" 241${hxtool} cms-verify-sd \ 242 --missing-revoke \ 243 --anchors=FILE:$srcdir/data/ca.crt \ 244 sd.data sd.data.out > /dev/null || exit 1 245cmp "$srcdir/test_chain.in" sd.data.out || exit 1 246 247echo "create signed data (subcert, no-subca, no-root)" 248${hxtool} cms-create-sd \ 249 --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 250 "$srcdir/test_chain.in" \ 251 sd.data > /dev/null || exit 1 252 253echo "verify failure signed data" 254${hxtool} cms-verify-sd \ 255 --missing-revoke \ 256 --anchors=FILE:$srcdir/data/ca.crt \ 257 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 258 259echo "create signed data (sd cert)" 260${hxtool} cms-create-sd \ 261 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 262 "$srcdir/test_chain.in" \ 263 sd.data > /dev/null || exit 1 264 265echo "create signed data (ke cert)" 266${hxtool} cms-create-sd \ 267 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 268 "$srcdir/test_chain.in" \ 269 sd.data > /dev/null 2>/dev/null && exit 1 270 271echo "create signed data (sd + ke certs)" 272${hxtool} cms-create-sd \ 273 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 274 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 275 "$srcdir/test_chain.in" \ 276 sd.data > /dev/null || exit 1 277 278echo "create signed data (ke + sd certs)" 279${hxtool} cms-create-sd \ 280 --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 281 --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 282 "$srcdir/test_chain.in" \ 283 sd.data > /dev/null || exit 1 284 285echo "create signed data (detached)" 286${hxtool} cms-create-sd \ 287 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 288 --detached-signature \ 289 "$srcdir/test_chain.in" \ 290 sd.data > /dev/null || exit 1 291 292echo "verify signed data (detached)" 293${hxtool} cms-verify-sd \ 294 --missing-revoke \ 295 --signed-content="$srcdir/test_chain.in" \ 296 --anchors=FILE:$srcdir/data/ca.crt \ 297 sd.data sd.data.out > /dev/null || exit 1 298cmp "$srcdir/test_chain.in" sd.data.out || exit 1 299 300echo "verify failure signed data (detached)" 301${hxtool} cms-verify-sd \ 302 --missing-revoke \ 303 --anchors=FILE:$srcdir/data/ca.crt \ 304 sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 305 306echo "create signed data (rsa)" 307${hxtool} cms-create-sd \ 308 --peer-alg=1.2.840.113549.1.1.1 \ 309 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 310 "$srcdir/test_chain.in" \ 311 sd.data > /dev/null || exit 1 312 313echo "verify signed data (rsa)" 314${hxtool} cms-verify-sd \ 315 --missing-revoke \ 316 --anchors=FILE:$srcdir/data/ca.crt \ 317 sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 318cmp "$srcdir/test_chain.in" sd.data.out || exit 1 319 320echo "envelope data (content-type)" 321${hxtool} cms-envelope \ 322 --certificate=FILE:$srcdir/data/test.crt \ 323 --content-type=1.1.1.1 \ 324 "$srcdir/data/static-file" \ 325 ev.data > /dev/null || exit 1 326 327echo "unenvelope data (content-type)" 328${hxtool} cms-unenvelope \ 329 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 330 ev.data ev.data.out \ 331 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 332cmp "$srcdir/data/static-file" ev.data.out || exit 1 333 334echo "envelope data (content-info)" 335${hxtool} cms-envelope \ 336 --certificate=FILE:$srcdir/data/test.crt \ 337 --content-info \ 338 "$srcdir/data/static-file" \ 339 ev.data > /dev/null || exit 1 340 341echo "unenvelope data (content-info)" 342${hxtool} cms-unenvelope \ 343 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 344 --content-info \ 345 ev.data ev.data.out \ 346 FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 347cmp "$srcdir/data/static-file" ev.data.out || exit 1 348 349for a in des-ede3 aes-128 aes-256; do 350 351 rm -f ev.data ev.data.out 352 echo "envelope data ($a)" 353 ${hxtool} cms-envelope \ 354 --encryption-type="$a-cbc" \ 355 --certificate=FILE:$srcdir/data/test.crt \ 356 "$srcdir/data/static-file" \ 357 ev.data || exit 1 358 359 echo "unenvelope data ($a)" 360 ${hxtool} cms-unenvelope \ 361 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 362 ev.data ev.data.out > /dev/null || exit 1 363 cmp "$srcdir/data/static-file" ev.data.out || exit 1 364done 365 366for a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 367 echo "static unenvelope data ($a)" 368 369 rm -f ev.data.out 370 ${hxtool} cms-unenvelope \ 371 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 372 --content-info \ 373 "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 374 cmp "$srcdir/data/static-file" ev.data.out || exit 1 375done 376 377exit 0 378