From 4b3327e70e1e97550a65a5d4aa26e017770e2214 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 14 Feb 2020 08:34:40 +0100 Subject: [PATCH] TEST: Modify test/recipes/80-test_cms.t to leave artifacts behind Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11080) --- test/recipes/80-test_cms.t | 731 ++++++++++++++++++++----------------- 1 file changed, 391 insertions(+), 340 deletions(-) diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 868affc545..ee227f3cdb 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -32,150 +32,170 @@ plan tests => 6; my @smime_pkcs7_tests = ( [ "signed content DER format, RSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed detached content DER format, RSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed content test streaming BER format, RSA", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-stream", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content DER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed detached content DER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed detached content DER format, add RSA signer (with DSA existing)", - [ "-resign", "-inform", "DER", "-in", "test.cms", "-outform", "DER", - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test2.cms" ], - [ "-verify", "-in", "test2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt", - "-content", $smcont ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd1}", "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER", + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}2.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt", + "-content", $smcont ], + \&final_compare ], [ "signed content test streaming BER format, DSA key", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-stream", - "-signer", catfile($smdir, "smdsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes", - [ "-sign", "-in", $smcont, "-outform", "DER", "-noattr", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-noattr", "-nodetach", "-stream", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content S/MIME format, RSA key SHA1", - [ "-sign", "-in", $smcont, "-md", "sha1", - "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-md", "sha1", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients", - [ "-encrypt", "-in", $smcont, - "-aes256", "-stream", "-out", "test.cms", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-aes256", "-stream", "-out", "{output}.cms", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], ); @@ -183,125 +203,154 @@ my @smime_pkcs7_tests = ( my @smime_cms_tests = ( [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid", - [ "-sign", "-in", $smcont, "-outform", "DER", "-nodetach", "-keyid", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "DER", + "-nodetach", "-keyid", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), - "-signer", catfile($smdir, "smrsa2.pem"), - "-signer", catfile($smdir, "smdsa1.pem"), - "-signer", catfile($smdir, "smdsa2.pem"), - "-stream", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-signer", catfile($smdir, "smrsa2.pem"), + "-signer", catfile($smdir, "smdsa1.pem"), + "-signer", catfile($smdir, "smdsa2.pem"), + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content MIME format, RSA key, signed receipt request", - [ "-sign", "-in", $smcont, "-signer", catfile($smdir, "smrsa1.pem"), "-nodetach", - "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed receipt MIME format, RSA key", - [ "-sign_receipt", "-in", "test.cms", - "-signer", catfile($smdir, "smrsa2.pem"), - "-out", "test2.cms" ], - [ "-verify_receipt", "test2.cms", "-in", "test.cms", - "-CAfile", catfile($smdir, "smroot.pem") ] + [ "{cmd1}", "-sign", "-in", $smcont, "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-receipt_request_to", "test\@openssl.org", "-receipt_request_all", + "-out", "{output}.cms" ], + [ "{cmd1}", "-sign_receipt", "-in", "{output}.cms", + "-signer", catfile($smdir, "smrsa2.pem"), "-out", "{output}2.cms" ], + [ "{cmd2}", "-verify_receipt", "{output}2.cms", "-in", "{output}.cms", + "-CAfile", catfile($smdir, "smroot.pem") ] ], [ "signed content DER format, RSA key, CAdES-BES compatible", - [ "-sign", "-cades", "-in", $smcont, "-outform", "DER", "-nodetach", + [ "{cmd1}", "-sign", "-cades", "-in", $smcont, "-outform", "DER", + "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content DER format, RSA key, SHA256 md, CAdES-BES compatible", - [ "-sign", "-cades", "-md", "sha256", "-in", $smcont, "-outform", - "DER", "-nodetach", "-certfile", catfile($smdir, "smroot.pem"), - "-signer", catfile($smdir, "smrsa1.pem"), "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-cades", "-md", "sha256", "-in", $smcont, + "-outform", "DER", "-nodetach", + "-certfile", catfile($smdir, "smroot.pem"), + "-signer", catfile($smdir, "smrsa1.pem"), "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, 3 recipients, keyid", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", "-keyid", - catfile($smdir, "smrsa1.pem"), - catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", "-keyid", + catfile($smdir, "smrsa1.pem"), + catfile($smdir, "smrsa2.pem"), + catfile($smdir, "smrsa3.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming PEM format, KEK", - [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", - "-stream", "-out", "test.cms", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ], - [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + \&final_compare ], [ "enveloped content test streaming PEM format, KEK, key only", - [ "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", - "-stream", "-out", "test.cms", - "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-secretkeyid", "C0FEE0" ], - [ "-decrypt", "-in", "test.cms", "-out", "smtst.txt", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, "-outform", "PEM", "-aes128", + "-stream", "-out", "{output}.cms", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-secretkeyid", "C0FEE0" ], + [ "{cmd2}", "-decrypt", "-in", "{output}.cms", "-out", "{output}.txt", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F" ], + \&final_compare ], [ "data content test streaming PEM format", - [ "-data_create", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-stream", "-out", "test.cms" ], - [ "-data_out", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + [ "{cmd1}", "-data_create", "-in", $smcont, "-outform", "PEM", + "-nodetach", "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-data_out", "-in", "{output}.cms", "-inform", "PEM", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 128 bit RC2 key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 40 bit RC2 key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-rc2", "-secretkey", "0001020304", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "0001020304", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-rc2", "-secretkey", "0001020304", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "0001020304", "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, triple DES key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", - "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617", + "-out", "{output}.txt" ], + \&final_compare ], [ "encrypted content test streaming PEM format, 128 bit AES key", - [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", - "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", - "-stream", "-out", "test.cms" ], - [ "-EncryptedData_decrypt", "-in", "test.cms", "-inform", "PEM", - "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", + "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms", + "-inform", "PEM", + "-secretkey", "000102030405060708090A0B0C0D0E0F", + "-out", "{output}.txt" ], + \&final_compare ], ); @@ -309,124 +358,149 @@ my @smime_cms_tests = ( my @smime_cms_comp_tests = ( [ "compressed content test streaming PEM format", - [ "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-stream", "-out", "test.cms" ], - [ "-uncompress", "-in", "test.cms", "-inform", "PEM", "-out", "smtst.txt" ] + [ "{cmd1}", "-compress", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-stream", "-out", "{output}.cms" ], + [ "{cmd2}", "-uncompress", "-in", "{output}.cms", "-inform", "PEM", + "-out", "{output}.txt" ], + \&final_compare ] ); my @smime_cms_param_tests = ( [ "signed content test streaming PEM format, RSA keys, PSS signature", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=max", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-keyopt", "rsa_pss_saltlen:max", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, no attributes", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", "-noattr", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-noattr", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "signed content test streaming PEM format, RSA keys, PSS signature, SHA384 MGF1", - [ "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", - "-signer", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:pss", - "-keyopt", "rsa_mgf1_md:sha384", "-out", "test.cms" ], - [ "-verify", "-in", "test.cms", "-inform", "PEM", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + [ "{cmd1}", "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_mgf1_md:sha384", + "-out", "{output}.cms" ], + [ "{cmd2}", "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep" ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:oaep" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, OAEP SHA256", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smrsa1.pem"), "-keyopt", "rsa_padding_mode:oaep", - "-keyopt", "rsa_oaep_md:sha256" ], - [ "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smrsa1.pem"), + "-keyopt", "rsa_padding_mode:oaep", + "-keyopt", "rsa_oaep_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smrsa1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, ECDH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, DES, ECDH, 2 recipients, key only used", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - catfile($smdir, "smec1.pem"), - catfile($smdir, "smec3.pem") ], - [ "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + catfile($smdir, "smec1.pem"), + catfile($smdir, "smec3.pem") ], + [ "{cmd2}", "-decrypt", "-inkey", catfile($smdir, "smec3.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, DES, key identifier", - [ "-encrypt", "-keyid", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem") ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-keyid", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem") ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, AES128, SHA256 KDF", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec1.pem"), "-aes128", "-keyopt", "ecdh_kdf_md:sha256" ], - [ "-decrypt", "-recip", catfile($smdir, "smec1.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec1.pem"), "-aes128", + "-keyopt", "ecdh_kdf_md:sha256" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec1.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, ECDH, K-283, cofactor DH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smec2.pem"), "-aes128", - "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], - [ "-decrypt", "-recip", catfile($smdir, "smec2.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smec2.pem"), "-aes128", + "-keyopt", "ecdh_kdf_md:sha256", "-keyopt", "ecdh_cofactor_mode:1" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smec2.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ], [ "enveloped content test streaming S/MIME format, X9.42 DH", - [ "-encrypt", "-in", $smcont, - "-stream", "-out", "test.cms", - "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], - [ "-decrypt", "-recip", catfile($smdir, "smdh.pem"), - "-in", "test.cms", "-out", "smtst.txt" ] + [ "{cmd1}", "-encrypt", "-in", $smcont, + "-stream", "-out", "{output}.cms", + "-recip", catfile($smdir, "smdh.pem"), "-aes128" ], + [ "{cmd2}", "-decrypt", "-recip", catfile($smdir, "smdh.pem"), + "-in", "{output}.cms", "-out", "{output}.txt" ], + \&final_compare ] ); my @contenttype_cms_test = ( [ "signed content test - check that content type is added to additional signerinfo, RSA keys", - [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER", + [ "{cmd1}", "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, + "-outform", "DER", "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256", - "-out", "test.cms" ], - [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER", + "-out", "{output}.cms" ], + [ "{cmd1}", "-resign", "-binary", "-nodetach", "-in", "{output}.cms", + "-inform", "DER", "-outform", "DER", "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256", - "-out", "test2.cms" ], - [ "-verify", "-in", "test2.cms", "-inform", "DER", - "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ] + "-out", "{output}2.cms" ], + sub { my %opts = @_; contentType_matches("$opts{output}2.cms") == 2; }, + [ "{cmd2}", "-verify", "-in", "{output}2.cms", "-inform", "DER", + "-CAfile", catfile($smdir, "smroot.pem"), "-out", "{output}.txt" ] ], ); @@ -437,96 +511,85 @@ my @incorrect_attribute_cms_test = ( "ct_multiple_attr.cms" ); -subtest "CMS => PKCS#7 compatibility tests\n" => sub { - plan tests => scalar @smime_pkcs7_tests; +# Runs a standard loop on the input array +sub runner_loop { + my %opts = ( @_ ); + my $cnt1 = 0; - foreach (@smime_pkcs7_tests) { + foreach (@{$opts{tests}}) { + $cnt1++; + $opts{output} = "$opts{prefix}-$cnt1"; SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "smime", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } + my $skip_reason = check_availability($$_[0]); + skip $skip_reason, 1 if $skip_reason; + my $ok = 1; + 1 while unlink "$opts{output}.txt"; + + foreach (@$_[1..$#$_]) { + if (ref $_ eq 'CODE') { + $ok &&= $_->(%opts); + } else { + my @cmd = map { + my $x = $_; + while ($x =~ /\{([^\}]+)\}/) { + $x = $`.$opts{$1}.$' if exists $opts{$1}; + } + $x; + } @$_; + + diag "CMD: openssl", join(" ", @cmd); + $ok &&= run(app(["openssl", @cmd])); + $opts{input} = $opts{output}; + } + } + + ok($ok, $$_[0]); + } } +} + +sub final_compare { + my %opts = @_; + + diag "Comparing $smcont with $opts{output}.txt"; + return compare_text($smcont, "$opts{output}.txt") == 0; +} + +subtest "CMS => PKCS#7 compatibility tests\n" => sub { + plan tests => scalar @smime_pkcs7_tests; + + runner_loop(prefix => 'cms2pkcs7', cmd1 => 'cms', cmd2 => 'smime', + tests => [ @smime_pkcs7_tests ]); }; subtest "CMS <= PKCS#7 compatibility tests\n" => sub { plan tests => scalar @smime_pkcs7_tests; - foreach (@smime_pkcs7_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "smime", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + runner_loop(prefix => 'pkcs72cms', cmd1 => 'smime', cmd2 => 'cms', + tests => [ @smime_pkcs7_tests ]); }; subtest "CMS <=> CMS consistency tests\n" => sub { plan tests => (scalar @smime_pkcs7_tests) + (scalar @smime_cms_tests); - foreach (@smime_pkcs7_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } - foreach (@smime_cms_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + runner_loop(prefix => 'cms2cms-1', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_pkcs7_tests ]); + runner_loop(prefix => 'cms2cms-2', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_tests ]); }; subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { plan tests => - (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); - - foreach (@smime_cms_param_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + (scalar @smime_cms_param_tests) + (scalar @smime_cms_comp_tests); + runner_loop(prefix => 'cms2cms-mod', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_param_tests ]); SKIP: { skip("Zlib not supported: compression tests skipped", - scalar @smime_cms_comp_tests) - if $no_zlib; - - foreach (@smime_cms_comp_tests) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && compare_text($smcont, "smtst.txt") == 0, - $$_[0]); - } - } + scalar @smime_cms_comp_tests) + if $no_zlib; + + runner_loop(prefix => 'cms2cms-comp', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @smime_cms_comp_tests ]); } }; @@ -547,39 +610,27 @@ sub contentType_matches { } subtest "CMS Check the content type attribute is added for additional signers\n" => sub { - plan tests => - (scalar @contenttype_cms_test); + plan tests => (scalar @contenttype_cms_test); - foreach (@contenttype_cms_test) { - SKIP: { - my $skip_reason = check_availability($$_[0]); - skip $skip_reason, 1 if $skip_reason; - - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) - && contentType_matches("test2.cms") == 2 - && run(app(["openssl", "cms", @{$$_[3]}])), - $$_[0]); - } - } + runner_loop(prefix => 'cms2cms-added', cmd1 => 'cms', cmd2 => 'cms', + tests => [ @contenttype_cms_test ]); }; subtest "CMS Check that bad attributes fail when verifying signers\n" => sub { plan tests => (scalar @incorrect_attribute_cms_test); + my $cnt = 0; foreach my $name (@incorrect_attribute_cms_test) { + my $out = "incorrect-$cnt.txt"; + ok(!run(app(["openssl", "cms", "-verify", "-in", catfile($datadir, $name), "-inform", "DER", "-CAfile", - catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])), + catfile($smdir, "smroot.pem"), "-out", $out ])), $name); } }; -unlink "test.cms"; -unlink "test2.cms"; -unlink "smtst.txt"; - sub check_availability { my $tnam = shift; -- GitLab