1*ebfedea0SLionel Sambuc#!/bin/sh 2*ebfedea0SLionel Sambuc# 3*ebfedea0SLionel Sambuc# Copyright (c) 2005 Kungliga Tekniska Högskolan 4*ebfedea0SLionel Sambuc# (Royal Institute of Technology, Stockholm, Sweden). 5*ebfedea0SLionel Sambuc# All rights reserved. 6*ebfedea0SLionel Sambuc# 7*ebfedea0SLionel Sambuc# Redistribution and use in source and binary forms, with or without 8*ebfedea0SLionel Sambuc# modification, are permitted provided that the following conditions 9*ebfedea0SLionel Sambuc# are met: 10*ebfedea0SLionel Sambuc# 11*ebfedea0SLionel Sambuc# 1. Redistributions of source code must retain the above copyright 12*ebfedea0SLionel Sambuc# notice, this list of conditions and the following disclaimer. 13*ebfedea0SLionel Sambuc# 14*ebfedea0SLionel Sambuc# 2. Redistributions in binary form must reproduce the above copyright 15*ebfedea0SLionel Sambuc# notice, this list of conditions and the following disclaimer in the 16*ebfedea0SLionel Sambuc# documentation and/or other materials provided with the distribution. 17*ebfedea0SLionel Sambuc# 18*ebfedea0SLionel Sambuc# 3. Neither the name of the Institute nor the names of its contributors 19*ebfedea0SLionel Sambuc# may be used to endorse or promote products derived from this software 20*ebfedea0SLionel Sambuc# without specific prior written permission. 21*ebfedea0SLionel Sambuc# 22*ebfedea0SLionel Sambuc# THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 23*ebfedea0SLionel Sambuc# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24*ebfedea0SLionel Sambuc# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25*ebfedea0SLionel Sambuc# ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 26*ebfedea0SLionel Sambuc# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27*ebfedea0SLionel Sambuc# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28*ebfedea0SLionel Sambuc# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29*ebfedea0SLionel Sambuc# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30*ebfedea0SLionel Sambuc# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31*ebfedea0SLionel Sambuc# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32*ebfedea0SLionel Sambuc# SUCH DAMAGE. 33*ebfedea0SLionel Sambuc# 34*ebfedea0SLionel Sambuc# Id 35*ebfedea0SLionel Sambuc# 36*ebfedea0SLionel Sambuc 37*ebfedea0SLionel Sambucsrcdir="@srcdir@" 38*ebfedea0SLionel Sambucobjdir="@objdir@" 39*ebfedea0SLionel Sambuc 40*ebfedea0SLionel Sambucstat="--statistic-file=${objdir}/statfile" 41*ebfedea0SLionel Sambuc 42*ebfedea0SLionel Sambuchxtool="${TESTS_ENVIRONMENT} ./hxtool ${stat}" 43*ebfedea0SLionel Sambuc 44*ebfedea0SLionel Sambucif ${hxtool} info | grep 'rsa: hcrypto null RSA' > /dev/null ; then 45*ebfedea0SLionel Sambuc exit 77 46*ebfedea0SLionel Sambucfi 47*ebfedea0SLionel Sambucif ${hxtool} info | grep 'rand: not available' > /dev/null ; then 48*ebfedea0SLionel Sambuc exit 77 49*ebfedea0SLionel Sambucfi 50*ebfedea0SLionel Sambuc 51*ebfedea0SLionel Sambucif ${hxtool} info | grep 'ecdsa: hcrypto null' > /dev/null ; then 52*ebfedea0SLionel Sambuc echo "not testing ECDSA since hcrypto doesnt support ECDSA" 53*ebfedea0SLionel Sambucelse 54*ebfedea0SLionel Sambuc echo "create signed data (ec)" 55*ebfedea0SLionel Sambuc ${hxtool} cms-create-sd \ 56*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/secp160r2TestClient.pem \ 57*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 58*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 59*ebfedea0SLionel Sambuc 60*ebfedea0SLionel Sambuc echo "verify signed data (ec)" 61*ebfedea0SLionel Sambuc ${hxtool} cms-verify-sd \ 62*ebfedea0SLionel Sambuc --missing-revoke \ 63*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/secp160r1TestCA.cert.pem \ 64*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 65*ebfedea0SLionel Sambuc cmp "$srcdir/test_chain.in" sd.data.out || exit 1 66*ebfedea0SLionel Sambucfi 67*ebfedea0SLionel Sambuc 68*ebfedea0SLionel Sambucecho "create signed data" 69*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 70*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 71*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 72*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 73*ebfedea0SLionel Sambuc 74*ebfedea0SLionel Sambucecho "verify signed data" 75*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 76*ebfedea0SLionel Sambuc --missing-revoke \ 77*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 78*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 79*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 80*ebfedea0SLionel Sambuc 81*ebfedea0SLionel Sambucecho "create signed data (no signer)" 82*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 83*ebfedea0SLionel Sambuc --no-signer \ 84*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 85*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 86*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 87*ebfedea0SLionel Sambuc 88*ebfedea0SLionel Sambucecho "verify signed data (no signer)" 89*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 90*ebfedea0SLionel Sambuc --missing-revoke \ 91*ebfedea0SLionel Sambuc --no-signer-allowed \ 92*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 93*ebfedea0SLionel Sambuc sd.data sd.data.out > signer.tmp || exit 1 94*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 95*ebfedea0SLionel Sambucgrep "unsigned" signer.tmp > /dev/null || exit 1 96*ebfedea0SLionel Sambuc 97*ebfedea0SLionel Sambucecho "verify signed data (no signer) (test failure)" 98*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 99*ebfedea0SLionel Sambuc --missing-revoke \ 100*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 101*ebfedea0SLionel Sambuc sd.data sd.data.out 2> signer.tmp && exit 1 102*ebfedea0SLionel Sambucgrep "No signers where found" signer.tmp > /dev/null || exit 1 103*ebfedea0SLionel Sambuc 104*ebfedea0SLionel Sambucecho "create signed data (id-by-name)" 105*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 106*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 107*ebfedea0SLionel Sambuc --id-by-name \ 108*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 109*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 110*ebfedea0SLionel Sambuc 111*ebfedea0SLionel Sambucecho "verify signed data" 112*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 113*ebfedea0SLionel Sambuc --missing-revoke \ 114*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 115*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 116*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 117*ebfedea0SLionel Sambuc 118*ebfedea0SLionel Sambucecho "verify signed data (EE cert as anchor)" 119*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 120*ebfedea0SLionel Sambuc --missing-revoke \ 121*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/test.crt \ 122*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 123*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 124*ebfedea0SLionel Sambuc 125*ebfedea0SLionel Sambucecho "create signed data (password)" 126*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 127*ebfedea0SLionel Sambuc --pass=PASS:foobar \ 128*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 129*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 130*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 131*ebfedea0SLionel Sambuc 132*ebfedea0SLionel Sambucecho "verify signed data" 133*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 134*ebfedea0SLionel Sambuc --missing-revoke \ 135*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 136*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 137*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 138*ebfedea0SLionel Sambuc 139*ebfedea0SLionel Sambucecho "create signed data (combined)" 140*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 141*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.combined.crt \ 142*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 143*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 144*ebfedea0SLionel Sambuc 145*ebfedea0SLionel Sambucecho "verify signed data" 146*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 147*ebfedea0SLionel Sambuc --missing-revoke \ 148*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 149*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 150*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 151*ebfedea0SLionel Sambuc 152*ebfedea0SLionel Sambucecho "create signed data (content info)" 153*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 154*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 155*ebfedea0SLionel Sambuc --content-info \ 156*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 157*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 158*ebfedea0SLionel Sambuc 159*ebfedea0SLionel Sambucecho "verify signed data (content info)" 160*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 161*ebfedea0SLionel Sambuc --missing-revoke \ 162*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 163*ebfedea0SLionel Sambuc --content-info \ 164*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 165*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 166*ebfedea0SLionel Sambuc 167*ebfedea0SLionel Sambucecho "create signed data (content type)" 168*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 169*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 170*ebfedea0SLionel Sambuc --content-type=1.1.1.1 \ 171*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 172*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 173*ebfedea0SLionel Sambuc 174*ebfedea0SLionel Sambucecho "verify signed data (content type)" 175*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 176*ebfedea0SLionel Sambuc --missing-revoke \ 177*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 178*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 179*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 180*ebfedea0SLionel Sambuc 181*ebfedea0SLionel Sambucecho "create signed data (pem)" 182*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 183*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 184*ebfedea0SLionel Sambuc --pem \ 185*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 186*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 187*ebfedea0SLionel Sambuc 188*ebfedea0SLionel Sambucecho "verify signed data (pem)" 189*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 190*ebfedea0SLionel Sambuc --missing-revoke \ 191*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 192*ebfedea0SLionel Sambuc --pem \ 193*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 194*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 195*ebfedea0SLionel Sambuc 196*ebfedea0SLionel Sambucecho "create signed data (pem, detached)" 197*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 198*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 199*ebfedea0SLionel Sambuc --detached-signature \ 200*ebfedea0SLionel Sambuc --pem \ 201*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 202*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 203*ebfedea0SLionel Sambuc 204*ebfedea0SLionel Sambucecho "verify signed data (pem, detached)" 205*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 206*ebfedea0SLionel Sambuc --missing-revoke \ 207*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 208*ebfedea0SLionel Sambuc --pem \ 209*ebfedea0SLionel Sambuc --signed-content="$srcdir/test_chain.in" \ 210*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 211*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 212*ebfedea0SLionel Sambuc 213*ebfedea0SLionel Sambucecho "create signed data (p12)" 214*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 215*ebfedea0SLionel Sambuc --pass=PASS:foobar \ 216*ebfedea0SLionel Sambuc --certificate=PKCS12:$srcdir/data/test.p12 \ 217*ebfedea0SLionel Sambuc --signer=friendlyname-test \ 218*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 219*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 220*ebfedea0SLionel Sambuc 221*ebfedea0SLionel Sambucecho "verify signed data" 222*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 223*ebfedea0SLionel Sambuc --missing-revoke \ 224*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 225*ebfedea0SLionel Sambuc --content-info \ 226*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-data" sd.data.out > /dev/null || exit 1 227*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" sd.data.out || exit 1 228*ebfedea0SLionel Sambuc 229*ebfedea0SLionel Sambucecho "verify signed data (no attr)" 230*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 231*ebfedea0SLionel Sambuc --missing-revoke \ 232*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 233*ebfedea0SLionel Sambuc --content-info \ 234*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-data-noattr" sd.data.out > /dev/null || exit 1 235*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" sd.data.out || exit 1 236*ebfedea0SLionel Sambuc 237*ebfedea0SLionel Sambucecho "verify failure signed data (no attr, no certs)" 238*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 239*ebfedea0SLionel Sambuc --missing-revoke \ 240*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 241*ebfedea0SLionel Sambuc --content-info \ 242*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-data-noattr-nocerts" \ 243*ebfedea0SLionel Sambuc sd.data.out > /dev/null 2>/dev/null && exit 1 244*ebfedea0SLionel Sambuc 245*ebfedea0SLionel Sambucecho "verify signed data (no attr, no certs)" 246*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 247*ebfedea0SLionel Sambuc --missing-revoke \ 248*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 249*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt \ 250*ebfedea0SLionel Sambuc --content-info \ 251*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-data-noattr-nocerts" \ 252*ebfedea0SLionel Sambuc sd.data.out > /dev/null || exit 1 253*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" sd.data.out || exit 1 254*ebfedea0SLionel Sambuc 255*ebfedea0SLionel Sambucecho "verify signed data - sha1" 256*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 257*ebfedea0SLionel Sambuc --missing-revoke \ 258*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 259*ebfedea0SLionel Sambuc --content-info \ 260*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-sha-1" sd.data.out > /dev/null || exit 1 261*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" sd.data.out || exit 1 262*ebfedea0SLionel Sambuc 263*ebfedea0SLionel Sambucecho "verify signed data - sha256" 264*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 265*ebfedea0SLionel Sambuc --missing-revoke \ 266*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 267*ebfedea0SLionel Sambuc --content-info \ 268*ebfedea0SLionel Sambuc "$srcdir/data/test-signed-sha-256" sd.data.out > /dev/null || exit 1 269*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" sd.data.out || exit 1 270*ebfedea0SLionel Sambuc 271*ebfedea0SLionel Sambuc#echo "verify signed data - sha512" 272*ebfedea0SLionel Sambuc#${hxtool} cms-verify-sd \ 273*ebfedea0SLionel Sambuc# --missing-revoke \ 274*ebfedea0SLionel Sambuc# --anchors=FILE:$srcdir/data/ca.crt \ 275*ebfedea0SLionel Sambuc# --content-info \ 276*ebfedea0SLionel Sambuc# "$srcdir/data/test-signed-sha-512" sd.data.out > /dev/null || exit 1 277*ebfedea0SLionel Sambuc#cmp "$srcdir/data/static-file" sd.data.out || exit 1 278*ebfedea0SLionel Sambuc 279*ebfedea0SLionel Sambuc 280*ebfedea0SLionel Sambucecho "create signed data (subcert, no certs)" 281*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 282*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 283*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 284*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 285*ebfedea0SLionel Sambuc 286*ebfedea0SLionel Sambucecho "verify failure signed data" 287*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 288*ebfedea0SLionel Sambuc --missing-revoke \ 289*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 290*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 2> /dev/null && exit 1 291*ebfedea0SLionel Sambuc 292*ebfedea0SLionel Sambucecho "verify success signed data" 293*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 294*ebfedea0SLionel Sambuc --missing-revoke \ 295*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-ca.crt \ 296*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 297*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 298*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 299*ebfedea0SLionel Sambuc 300*ebfedea0SLionel Sambucecho "create signed data (subcert, certs)" 301*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 302*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 303*ebfedea0SLionel Sambuc --pool=FILE:$srcdir/data/sub-ca.crt \ 304*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 305*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 306*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 307*ebfedea0SLionel Sambuc 308*ebfedea0SLionel Sambucecho "verify success signed data" 309*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 310*ebfedea0SLionel Sambuc --missing-revoke \ 311*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 312*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 313*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 314*ebfedea0SLionel Sambuc 315*ebfedea0SLionel Sambucecho "create signed data (subcert, certs, no-root)" 316*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 317*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 318*ebfedea0SLionel Sambuc --pool=FILE:$srcdir/data/sub-ca.crt \ 319*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 320*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 321*ebfedea0SLionel Sambuc 322*ebfedea0SLionel Sambucecho "verify success signed data" 323*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 324*ebfedea0SLionel Sambuc --missing-revoke \ 325*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 326*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 327*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 328*ebfedea0SLionel Sambuc 329*ebfedea0SLionel Sambucecho "create signed data (subcert, no-subca, no-root)" 330*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 331*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 332*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 333*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 334*ebfedea0SLionel Sambuc 335*ebfedea0SLionel Sambucecho "verify failure signed data" 336*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 337*ebfedea0SLionel Sambuc --missing-revoke \ 338*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 339*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 340*ebfedea0SLionel Sambuc 341*ebfedea0SLionel Sambucecho "create signed data (sd cert)" 342*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 343*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 344*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 345*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 346*ebfedea0SLionel Sambuc 347*ebfedea0SLionel Sambucecho "create signed data (ke cert)" 348*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 349*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 350*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 351*ebfedea0SLionel Sambuc sd.data > /dev/null 2>/dev/null && exit 1 352*ebfedea0SLionel Sambuc 353*ebfedea0SLionel Sambucecho "create signed data (sd + ke certs)" 354*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 355*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 356*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 357*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 358*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 359*ebfedea0SLionel Sambuc 360*ebfedea0SLionel Sambucecho "create signed data (ke + sd certs)" 361*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 362*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 363*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ke-only.crt,$srcdir/data/test-ke-only.key \ 364*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 365*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 366*ebfedea0SLionel Sambuc 367*ebfedea0SLionel Sambucecho "create signed data (detached)" 368*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 369*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 370*ebfedea0SLionel Sambuc --detached-signature \ 371*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 372*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 373*ebfedea0SLionel Sambuc 374*ebfedea0SLionel Sambucecho "verify signed data (detached)" 375*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 376*ebfedea0SLionel Sambuc --missing-revoke \ 377*ebfedea0SLionel Sambuc --signed-content="$srcdir/test_chain.in" \ 378*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 379*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null || exit 1 380*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 381*ebfedea0SLionel Sambuc 382*ebfedea0SLionel Sambucecho "verify failure signed data (detached)" 383*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 384*ebfedea0SLionel Sambuc --missing-revoke \ 385*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 386*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 2>/dev/null && exit 1 387*ebfedea0SLionel Sambuc 388*ebfedea0SLionel Sambucecho "create signed data (rsa)" 389*ebfedea0SLionel Sambuc${hxtool} cms-create-sd \ 390*ebfedea0SLionel Sambuc --peer-alg=1.2.840.113549.1.1.1 \ 391*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 392*ebfedea0SLionel Sambuc "$srcdir/test_chain.in" \ 393*ebfedea0SLionel Sambuc sd.data > /dev/null || exit 1 394*ebfedea0SLionel Sambuc 395*ebfedea0SLionel Sambucecho "verify signed data (rsa)" 396*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 397*ebfedea0SLionel Sambuc --missing-revoke \ 398*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 399*ebfedea0SLionel Sambuc sd.data sd.data.out > /dev/null 2>/dev/null || exit 1 400*ebfedea0SLionel Sambuccmp "$srcdir/test_chain.in" sd.data.out || exit 1 401*ebfedea0SLionel Sambuc 402*ebfedea0SLionel Sambucecho "create signed data (pem, detached)" 403*ebfedea0SLionel Sambuccp "$srcdir/test_chain.in" sd 404*ebfedea0SLionel Sambuc${hxtool} cms-sign \ 405*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 406*ebfedea0SLionel Sambuc --detached-signature \ 407*ebfedea0SLionel Sambuc --pem \ 408*ebfedea0SLionel Sambuc sd > /dev/null || exit 1 409*ebfedea0SLionel Sambuc 410*ebfedea0SLionel Sambucecho "verify signed data (pem, detached)" 411*ebfedea0SLionel Sambuc${hxtool} cms-verify-sd \ 412*ebfedea0SLionel Sambuc --missing-revoke \ 413*ebfedea0SLionel Sambuc --anchors=FILE:$srcdir/data/ca.crt \ 414*ebfedea0SLionel Sambuc --pem \ 415*ebfedea0SLionel Sambuc sd.pem > /dev/null 416*ebfedea0SLionel Sambuc 417*ebfedea0SLionel Sambucecho "create signed data (no certs, detached sig)" 418*ebfedea0SLionel Sambuccp "$srcdir/test_chain.in" sd 419*ebfedea0SLionel Sambuc${hxtool} cms-sign \ 420*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 421*ebfedea0SLionel Sambuc --detached-signature \ 422*ebfedea0SLionel Sambuc --no-embedded-certs \ 423*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 424*ebfedea0SLionel Sambuc sd > /dev/null || exit 1 425*ebfedea0SLionel Sambuc 426*ebfedea0SLionel Sambucecho "create signed data (leif only, detached sig)" 427*ebfedea0SLionel Sambuccp "$srcdir/test_chain.in" sd 428*ebfedea0SLionel Sambuc${hxtool} cms-sign \ 429*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 430*ebfedea0SLionel Sambuc --detached-signature \ 431*ebfedea0SLionel Sambuc --embed-leaf-only \ 432*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 433*ebfedea0SLionel Sambuc sd > /dev/null || exit 1 434*ebfedea0SLionel Sambuc 435*ebfedea0SLionel Sambucecho "create signed data (no certs, detached sig, 2 signers)" 436*ebfedea0SLionel Sambuccp "$srcdir/test_chain.in" sd 437*ebfedea0SLionel Sambuc${hxtool} cms-sign \ 438*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 439*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 440*ebfedea0SLionel Sambuc --detached-signature \ 441*ebfedea0SLionel Sambuc --no-embedded-certs \ 442*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 443*ebfedea0SLionel Sambuc sd > /dev/null || exit 1 444*ebfedea0SLionel Sambuc 445*ebfedea0SLionel Sambucecho "create signed data (no certs, detached sig, 3 signers)" 446*ebfedea0SLionel Sambuccp "$srcdir/test_chain.in" sd 447*ebfedea0SLionel Sambuc${hxtool} cms-sign \ 448*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 449*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/sub-cert.crt,$srcdir/data/sub-cert.key \ 450*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test-ds-only.crt,$srcdir/data/test-ds-only.key \ 451*ebfedea0SLionel Sambuc --detached-signature \ 452*ebfedea0SLionel Sambuc --no-embedded-certs \ 453*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 454*ebfedea0SLionel Sambuc sd > /dev/null || exit 1 455*ebfedea0SLionel Sambuc 456*ebfedea0SLionel Sambucecho "envelope data (content-type)" 457*ebfedea0SLionel Sambuc${hxtool} cms-envelope \ 458*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt \ 459*ebfedea0SLionel Sambuc --content-type=1.1.1.1 \ 460*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 461*ebfedea0SLionel Sambuc ev.data > /dev/null || exit 1 462*ebfedea0SLionel Sambuc 463*ebfedea0SLionel Sambucecho "unenvelope data (content-type)" 464*ebfedea0SLionel Sambuc${hxtool} cms-unenvelope \ 465*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 466*ebfedea0SLionel Sambuc ev.data ev.data.out \ 467*ebfedea0SLionel Sambuc FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 468*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" ev.data.out || exit 1 469*ebfedea0SLionel Sambuc 470*ebfedea0SLionel Sambucecho "envelope data (content-info)" 471*ebfedea0SLionel Sambuc${hxtool} cms-envelope \ 472*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt \ 473*ebfedea0SLionel Sambuc --content-info \ 474*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 475*ebfedea0SLionel Sambuc ev.data > /dev/null || exit 1 476*ebfedea0SLionel Sambuc 477*ebfedea0SLionel Sambucecho "unenvelope data (content-info)" 478*ebfedea0SLionel Sambuc${hxtool} cms-unenvelope \ 479*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 480*ebfedea0SLionel Sambuc --content-info \ 481*ebfedea0SLionel Sambuc ev.data ev.data.out \ 482*ebfedea0SLionel Sambuc FILE:$srcdir/data/test.crt,$srcdir/data/test.key > /dev/null || exit 1 483*ebfedea0SLionel Sambuccmp "$srcdir/data/static-file" ev.data.out || exit 1 484*ebfedea0SLionel Sambuc 485*ebfedea0SLionel Sambucfor a in des-ede3 aes-128 aes-256; do 486*ebfedea0SLionel Sambuc 487*ebfedea0SLionel Sambuc rm -f ev.data ev.data.out 488*ebfedea0SLionel Sambuc echo "envelope data ($a)" 489*ebfedea0SLionel Sambuc ${hxtool} cms-envelope \ 490*ebfedea0SLionel Sambuc --encryption-type="$a-cbc" \ 491*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt \ 492*ebfedea0SLionel Sambuc "$srcdir/data/static-file" \ 493*ebfedea0SLionel Sambuc ev.data || exit 1 494*ebfedea0SLionel Sambuc 495*ebfedea0SLionel Sambuc echo "unenvelope data ($a)" 496*ebfedea0SLionel Sambuc ${hxtool} cms-unenvelope \ 497*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 498*ebfedea0SLionel Sambuc ev.data ev.data.out > /dev/null || exit 1 499*ebfedea0SLionel Sambuc cmp "$srcdir/data/static-file" ev.data.out || exit 1 500*ebfedea0SLionel Sambucdone 501*ebfedea0SLionel Sambuc 502*ebfedea0SLionel Sambucfor a in rc2-40 rc2-64 rc2-128 des-ede3 aes-128 aes-256; do 503*ebfedea0SLionel Sambuc echo "static unenvelope data ($a)" 504*ebfedea0SLionel Sambuc 505*ebfedea0SLionel Sambuc rm -f ev.data.out 506*ebfedea0SLionel Sambuc ${hxtool} cms-unenvelope \ 507*ebfedea0SLionel Sambuc --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 508*ebfedea0SLionel Sambuc --content-info \ 509*ebfedea0SLionel Sambuc --allow-weak \ 510*ebfedea0SLionel Sambuc "$srcdir/data/test-enveloped-$a" ev.data.out > /dev/null || exit 1 511*ebfedea0SLionel Sambuc cmp "$srcdir/data/static-file" ev.data.out || exit 1 512*ebfedea0SLionel Sambucdone 513*ebfedea0SLionel Sambuc 514*ebfedea0SLionel Sambucexit 0 515