1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/tests/smime/smime.sh Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,259 @@
1.4 +#! /bin/sh
1.5 +#
1.6 +# This Source Code Form is subject to the terms of the Mozilla Public
1.7 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.9 +
1.10 +########################################################################
1.11 +#
1.12 +# mozilla/security/nss/tests/smime/smime.sh
1.13 +#
1.14 +# Script to test NSS smime
1.15 +#
1.16 +# needs to work on all Unix and Windows platforms
1.17 +#
1.18 +# special strings
1.19 +# ---------------
1.20 +# FIXME ... known problems, search for this string
1.21 +# NOTE .... unexpected behavior
1.22 +#
1.23 +########################################################################
1.24 +
1.25 +############################## smime_init ##############################
1.26 +# local shell function to initialize this script
1.27 +########################################################################
1.28 +smime_init()
1.29 +{
1.30 + SCRIPTNAME=smime.sh # sourced - $0 would point to all.sh
1.31 +
1.32 + if [ -z "${CLEANUP}" ] ; then # if nobody else is responsible for
1.33 + CLEANUP="${SCRIPTNAME}" # cleaning this script will do it
1.34 + fi
1.35 +
1.36 + if [ -z "${INIT_SOURCED}" -o "${INIT_SOURCED}" != "TRUE" ]; then
1.37 + cd ../common
1.38 + . ./init.sh
1.39 + fi
1.40 + if [ ! -r $CERT_LOG_FILE ]; then # we need certificates here
1.41 + cd ../cert
1.42 + . ./cert.sh
1.43 + fi
1.44 + SCRIPTNAME=smime.sh
1.45 +
1.46 + if [ -z "$NSS_DISABLE_ECC" ] ; then
1.47 + html_head "S/MIME Tests with ECC"
1.48 + else
1.49 + html_head "S/MIME Tests"
1.50 + fi
1.51 +
1.52 + grep "SUCCESS: SMIME passed" $CERT_LOG_FILE >/dev/null || {
1.53 + Exit 11 "Fatal - S/MIME of cert.sh needs to pass first"
1.54 + }
1.55 +
1.56 + SMIMEDIR=${HOSTDIR}/smime
1.57 + R_SMIMEDIR=../smime
1.58 + mkdir -p ${SMIMEDIR}
1.59 + cd ${SMIMEDIR}
1.60 + cp ${QADIR}/smime/alice.txt ${SMIMEDIR}
1.61 +}
1.62 +
1.63 +smime_sign()
1.64 +{
1.65 + HASH_CMD="-H ${HASH}"
1.66 + SIG=sig.${HASH}
1.67 +
1.68 + echo "$SCRIPTNAME: Signing Detached Message {$HASH} ------------------"
1.69 + echo "cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}"
1.70 + ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.d${SIG}
1.71 + html_msg $? 0 "Create Detached Signature Alice (${HASH})" "."
1.72 +
1.73 + echo "cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
1.74 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.d${SIG} -c alice.txt -d ${P_R_BOBDIR}
1.75 + html_msg $? 0 "Verifying Alice's Detached Signature (${HASH})" "."
1.76 +
1.77 + echo "$SCRIPTNAME: Signing Attached Message (${HASH}) ------------------"
1.78 + echo "cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}"
1.79 + ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.${SIG}
1.80 + html_msg $? 0 "Create Attached Signature Alice (${HASH})" "."
1.81 +
1.82 + echo "cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}"
1.83 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.${SIG} -d ${P_R_BOBDIR} -o alice.data.${HASH}
1.84 + html_msg $? 0 "Decode Alice's Attached Signature (${HASH})" "."
1.85 +
1.86 + echo "diff alice.txt alice.data.${HASH}"
1.87 + diff alice.txt alice.data.${HASH}
1.88 + html_msg $? 0 "Compare Attached Signed Data and Original (${HASH})" "."
1.89 +
1.90 +# Test ECDSA signing for all hash algorithms.
1.91 + if [ -z "$NSS_DISABLE_ECC" ] ; then
1.92 + echo "$SCRIPTNAME: Signing Detached Message ECDSA w/ {$HASH} ------------------"
1.93 + echo "cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}"
1.94 + ${PROFTOOL} ${BINDIR}/cmsutil -S -T -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.d${SIG}
1.95 + html_msg $? 0 "Create Detached Signature Alice (ECDSA w/ ${HASH})" "."
1.96 +
1.97 + echo "cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR} "
1.98 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.d${SIG} -c alice.txt -d ${P_R_BOBDIR}
1.99 + html_msg $? 0 "Verifying Alice's Detached Signature (ECDSA w/ ${HASH})" "."
1.100 +
1.101 + echo "$SCRIPTNAME: Signing Attached Message (ECDSA w/ ${HASH}) ------------------"
1.102 + echo "cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}"
1.103 + ${PROFTOOL} ${BINDIR}/cmsutil -S -N Alice-ec ${HASH_CMD} -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice-ec.${SIG}
1.104 + html_msg $? 0 "Create Attached Signature Alice (ECDSA w/ ${HASH})" "."
1.105 +
1.106 + echo "cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}"
1.107 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice-ec.${SIG} -d ${P_R_BOBDIR} -o alice-ec.data.${HASH}
1.108 + html_msg $? 0 "Decode Alice's Attached Signature (ECDSA w/ ${HASH})" "."
1.109 +
1.110 + echo "diff alice.txt alice-ec.data.${HASH}"
1.111 + diff alice.txt alice-ec.data.${HASH}
1.112 + html_msg $? 0 "Compare Attached Signed Data and Original (ECDSA w/ ${HASH})" "."
1.113 + fi
1.114 +
1.115 +}
1.116 +
1.117 +
1.118 +
1.119 +smime_p7()
1.120 +{
1.121 + echo "$SCRIPTNAME: p7 util Data Tests ------------------------------"
1.122 + echo "p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice_p7.env"
1.123 + ${PROFTOOL} ${BINDIR}/p7env -d ${P_R_ALICEDIR} -r Alice -i alice.txt -o alice.env
1.124 + html_msg $? 0 "Creating envelope for user Alice" "."
1.125 +
1.126 + echo "p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data"
1.127 + ${PROFTOOL} ${BINDIR}/p7content -d ${P_R_ALICEDIR} -i alice.env -o alice_p7.data -p nss
1.128 + html_msg $? 0 "Verifying file delivered to user Alice" "."
1.129 +
1.130 + sed -e '3,8p' -n alice_p7.data > alice_p7.data.sed
1.131 +
1.132 + echo "diff alice.txt alice_p7.data.sed"
1.133 + diff alice.txt alice_p7.data.sed
1.134 + html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
1.135 +
1.136 + echo "p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e"
1.137 + ${PROFTOOL} ${BINDIR}/p7sign -d ${P_R_ALICEDIR} -k Alice -i alice.txt -o alice.sig -p nss -e
1.138 + html_msg $? 0 "Signing file for user Alice" "."
1.139 +
1.140 + echo "p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig"
1.141 + ${PROFTOOL} ${BINDIR}/p7verify -d ${P_R_ALICEDIR} -c alice.txt -s alice.sig
1.142 + html_msg $? 0 "Verifying file delivered to user Alice" "."
1.143 +}
1.144 +
1.145 +############################## smime_main ##############################
1.146 +# local shell function to test basic signed and enveloped messages
1.147 +# from 1 --> 2"
1.148 +########################################################################
1.149 +smime_main()
1.150 +{
1.151 +
1.152 + HASH=SHA1
1.153 + smime_sign
1.154 + HASH=SHA256
1.155 + smime_sign
1.156 + HASH=SHA384
1.157 + smime_sign
1.158 + HASH=SHA512
1.159 + smime_sign
1.160 +
1.161 + echo "$SCRIPTNAME: Enveloped Data Tests ------------------------------"
1.162 + echo "cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss \\"
1.163 + echo " -o alice.env"
1.164 + ${PROFTOOL} ${BINDIR}/cmsutil -E -r bob@bogus.com -i alice.txt -d ${P_R_ALICEDIR} -p nss -o alice.env
1.165 + html_msg $? 0 "Create Enveloped Data Alice" "."
1.166 +
1.167 + echo "cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1"
1.168 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.env -d ${P_R_BOBDIR} -p nss -o alice.data1
1.169 + html_msg $? 0 "Decode Enveloped Data Alice" "."
1.170 +
1.171 + echo "diff alice.txt alice.data1"
1.172 + diff alice.txt alice.data1
1.173 + html_msg $? 0 "Compare Decoded Enveloped Data and Original" "."
1.174 +
1.175 + # multiple recip
1.176 + echo "$SCRIPTNAME: Testing multiple recipients ------------------------------"
1.177 + echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \\"
1.178 + echo " -r bob@bogus.com,dave@bogus.com"
1.179 + ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o alicecc.env \
1.180 + -r bob@bogus.com,dave@bogus.com
1.181 + ret=$?
1.182 + html_msg $ret 0 "Create Multiple Recipients Enveloped Data Alice" "."
1.183 + if [ $ret != 0 ] ; then
1.184 + echo "certutil -L -d ${P_R_ALICEDIR}"
1.185 + ${BINDIR}/certutil -L -d ${P_R_ALICEDIR}
1.186 + echo "certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com"
1.187 + ${BINDIR}/certutil -L -d ${P_R_ALICEDIR} -n dave@bogus.com
1.188 + fi
1.189 +
1.190 + echo "$SCRIPTNAME: Testing multiple email addrs ------------------------------"
1.191 + echo "cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \\"
1.192 + echo " -r eve@bogus.net"
1.193 + ${PROFTOOL} ${BINDIR}/cmsutil -E -i alice.txt -d ${P_R_ALICEDIR} -o aliceve.env \
1.194 + -r eve@bogus.net
1.195 + ret=$?
1.196 + html_msg $ret 0 "Encrypt to a Multiple Email cert" "."
1.197 +
1.198 + echo "cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2"
1.199 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_BOBDIR} -p nss -o alice.data2
1.200 + html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Bob" "."
1.201 +
1.202 + echo "cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3"
1.203 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alicecc.env -d ${P_R_DAVEDIR} -p nss -o alice.data3
1.204 + html_msg $? 0 "Decode Multiple Recipients Enveloped Data Alice by Dave" "."
1.205 +
1.206 + echo "cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4"
1.207 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i aliceve.env -d ${P_R_EVEDIR} -p nss -o alice.data4
1.208 + html_msg $? 0 "Decrypt with a Multiple Email cert" "."
1.209 +
1.210 + diff alice.txt alice.data2
1.211 + html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Bob" "."
1.212 +
1.213 + diff alice.txt alice.data3
1.214 + html_msg $? 0 "Compare Decoded Mult. Recipients Enveloped Data Alice/Dave" "."
1.215 +
1.216 + diff alice.txt alice.data4
1.217 + html_msg $? 0 "Compare Decoded with Multiple Email cert" "."
1.218 +
1.219 + echo "$SCRIPTNAME: Sending CERTS-ONLY Message ------------------------------"
1.220 + echo "cmsutil -O -r \"Alice,bob@bogus.com,dave@bogus.com\" \\"
1.221 + echo " -d ${P_R_ALICEDIR} > co.der"
1.222 + ${PROFTOOL} ${BINDIR}/cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" -d ${P_R_ALICEDIR} > co.der
1.223 + html_msg $? 0 "Create Certs-Only Alice" "."
1.224 +
1.225 + echo "cmsutil -D -i co.der -d ${P_R_BOBDIR}"
1.226 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i co.der -d ${P_R_BOBDIR}
1.227 + html_msg $? 0 "Verify Certs-Only by CA" "."
1.228 +
1.229 + echo "$SCRIPTNAME: Encrypted-Data Message ---------------------------------"
1.230 + echo "cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \\"
1.231 + echo " -r \"bob@bogus.com\" > alice.enc"
1.232 + ${PROFTOOL} ${BINDIR}/cmsutil -C -i alice.txt -e alicehello.env -d ${P_R_ALICEDIR} \
1.233 + -r "bob@bogus.com" > alice.enc
1.234 + html_msg $? 0 "Create Encrypted-Data" "."
1.235 +
1.236 + echo "cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss \\"
1.237 + echo " -o alice.data2"
1.238 + ${PROFTOOL} ${BINDIR}/cmsutil -D -i alice.enc -d ${P_R_BOBDIR} -e alicehello.env -p nss -o alice.data2
1.239 + html_msg $? 0 "Decode Encrypted-Data" "."
1.240 +
1.241 + diff alice.txt alice.data2
1.242 + html_msg $? 0 "Compare Decoded and Original Data" "."
1.243 +}
1.244 +
1.245 +############################## smime_cleanup ###########################
1.246 +# local shell function to finish this script (no exit since it might be
1.247 +# sourced)
1.248 +########################################################################
1.249 +smime_cleanup()
1.250 +{
1.251 + html "</TABLE><BR>"
1.252 + cd ${QADIR}
1.253 + . common/cleanup.sh
1.254 +}
1.255 +
1.256 +################## main #################################################
1.257 +
1.258 +smime_init
1.259 +smime_main
1.260 +smime_p7
1.261 +smime_cleanup
1.262 +
