changed debian/source/format to native

This commit is contained in:
rtlhq 2022-11-29 19:12:40 +08:00
parent eca5ce12a0
commit f29bcb80a1
6 changed files with 1525 additions and 284 deletions

View File

@ -1 +1 @@
3.0 (quilt)
3.0 (native)

View File

@ -124,15 +124,6 @@ execDSigTest $res_success \
# aleksey-xmldsig-01
#
##########################################################################
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/signature-two-keynames" \
"sha1 rsa-sha1" \
"rsa x509" \
"$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
"$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018" \
"$priv_key_option:key2 $topfolder/keys/rsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2018"
execDSigTest $res_success \
"" \
"aleksey-xmldsig-01/enveloping-dsa-x509chain" \
@ -534,143 +525,6 @@ execDSigTest $res_success \
"$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
" "
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
"base64 sha1 dsa-sha1" \
"dsa" \
" $url_map_xml_stylesheet_b64_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_b64_2005" \
" $url_map_xml_stylesheet_b64_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-external-dsa" \
"sha1 dsa-sha1" \
"dsa" \
"$url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
" $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-keyname" \
"sha1 dsa-sha1" \
"dsa x509" \
"--pubkey-cert-$cert_format:Lugh $topfolder/merlin-xmldsig-twenty-three/certs/lugh-cert.$cert_format $url_map_xml_stylesheet_2005" \
"$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005" \
"$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-crt" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-sn" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/badb.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-is" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/macha.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-x509-ski" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format --untrusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/nemain.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005"\
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmldsig-twenty-three/signature" \
"base64 xpath xslt enveloped-signature c14n-with-comments sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/merlin.$cert_format --verification-time 2005-01-01+10:00:00 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
"$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret123 $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005" \
"--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format $url_map_xml_stylesheet_2005 $url_map_xml_stylesheet_b64_2005"
##########################################################################
#
# merlin-xmlenc-five
#
# While the main operation is signature (and this is why we have these
# tests here instead of testEnc.sh), these tests check the encryption
# key transport/wrapper algorightms
#
##########################################################################
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
"ripemd160 hmac-ripemd160 kw-tripledes" \
"hmac des" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
"--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
"sha256 hmac-sha256 kw-aes128" \
"hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
"sha384 hmac-sha384 kw-aes192" \
"hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
"sha512 hmac-sha512 kw-aes256" \
"hmac aes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
"sha1 hmac-sha256 rsa-1_5" \
"hmac rsa" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret $url_map_xml_stylesheet_2005"
execDSigTest $res_success \
"" \
"merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
"sha1 hmac-sha256 rsa-oaep-mgf1p" \
"hmac rsa" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret $url_map_xml_stylesheet_2005"
##########################################################################
#
# merlin-exc-c14n-one
@ -730,20 +584,6 @@ execDSigTest $res_success \
#
##########################################################################
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-big" \
"base64 xslt xpath sha1 rsa-sha1" \
"rsa x509" \
"--pubkey-cert-$cert_format certs/rsa-cert.$cert_format $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-detached" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-enveloped" \
@ -758,13 +598,6 @@ execDSigTest $res_success \
"dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-dsa-manifest" \
"sha1 dsa-sha1" \
"dsa x509" \
"--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-md5-c14n-enveloping" \
@ -772,27 +605,6 @@ execDSigTest $res_success \
"hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-40-c14n-comments-detached" \
"c14n-with-comments sha1 hmac-sha1" \
"hmac" \
"--hmackey certs/hmackey.bin $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
"exc-c14n-with-comments sha1 hmac-sha1" \
"hmac" \
"--hmackey certs/hmackey.bin $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-exclusive-c14n-comments-detached" \
"exc-c14n-with-comments sha1 hmac-sha1" \
"hmac" \
"--hmackey certs/hmackey.bin $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-hmac-sha1-exclusive-c14n-enveloped" \
@ -800,41 +612,6 @@ execDSigTest $res_success \
"hmac" \
"--hmackey certs/hmackey.bin"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-b64-transform" \
"base64 sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xpath-transform" \
"xpath sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform-retrieval-method" \
"xslt sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform" \
"xslt sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-enveloped" \
@ -849,48 +626,6 @@ execDSigTest $res_success \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert-chain" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-cert" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-issuer-serial" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-ski" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest-x509-data-subject-name" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-manifest" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
execDSigTest $res_success \
"phaos-xmldsig-three" \
"signature-rsa-xpath-transform-enveloped" \
@ -904,7 +639,7 @@ execDSigTest $res_success \
# test dynamic signature
#
##########################################################################
if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "dsig-dynamic" ]; then
if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "dsig-dynamic" -a "$crypto" = 'openssl' ]; then
echo "Dynamic signature template"
printf " Create new signature "
echo "$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
@ -935,13 +670,6 @@ execDSigTest $res_success \
##########################################################################
##########################################################################
echo "--------- Negative Testing ----------"
execDSigTest $res_fail \
"" \
"merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
"sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
execDSigTest $res_fail \
"" \
"aleksey-xmldsig-01/enveloping-expired-cert" \
@ -956,13 +684,6 @@ execDSigTest $res_fail \
"hmac" \
"--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-detached-xslt-transform-bad-retrieval-method" \
"xslt sha1 rsa-sha1" \
"rsa x509" \
"--trusted-$cert_format certs/rsa-ca-cert.$cert_format $url_map_rfc3161"
execDSigTest $res_fail \
"phaos-xmldsig-three" \
"signature-rsa-enveloped-bad-digest-val" \

1024
tests/testDSig.sh.orig Executable file

File diff suppressed because it is too large Load Diff

View File

@ -445,7 +445,7 @@ done
# test dynamicencryption
#
##########################################################################
if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "enc-dynamic" ]; then
if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "enc-dynamic" -a $crypto = 'openssl']; then
echo "Dynamic encryption template"
printf " Encrypt template "
echo "$VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile

496
tests/testEnc.sh.orig Executable file
View File

@ -0,0 +1,496 @@
#!/bin/sh
#
# This script needs to be called from testrun.sh script
#
##########################################################################
##########################################################################
##########################################################################
if [ -z "$XMLSEC_TEST_REPRODUCIBLE" ]; then
echo "--- testEnc started for xmlsec-$crypto library ($timestamp)"
fi
echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
echo "--- LTDL_LIBRARY_PATH=$LTDL_LIBRARY_PATH"
if [ -z "$XMLSEC_TEST_REPRODUCIBLE" ]; then
echo "--- log file is $logfile"
fi
echo "--- testEnc started for xmlsec-$crypto library ($timestamp)" >> $logfile
echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
echo "--- LTDL_LIBRARY_PATH=$LTDL_LIBRARY_PATH" >> $logfile
##########################################################################
##########################################################################
##########################################################################
echo "--------- Positive Testing ----------"
##########################################################################
#
# aleksey-xmlenc-01
#
##########################################################################
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname" \
"tripledes-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname2" \
"tripledes-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname2.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-aes128cbc-keyname" \
"aes128-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes128cbc-keyname.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-aes192cbc-keyname" \
"aes192-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes192cbc-keyname.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \
"aes192-cbc" \
"--keys-file $topfolder/keys/keys.xml"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-aes256cbc-keyname" \
"aes256-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes256cbc-keyname.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname-content" \
"tripledes-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data --node-id Test" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname-element" \
"tripledes-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data --node-id Test" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-keyname-element-root" \
"tripledes-cbc" \
"--keys-file $topfolder/keys/keys.xml" \
"--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data --node-id Test" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-des3cbc-aes192-keyname" \
"tripledes-cbc kw-aes192" \
"--keys-file $topfolder/keys/keys.xml --enabled-key-data key-name,enc-key" \
"--keys-file $keysfile --session-key des-192 --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data" \
"--keys-file $keysfile"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-aes256-kt-rsa_oaep_sha1-params" \
"aes256-cbc rsa-oaep-mgf1p" \
"$priv_key_option:my-rsa-key $topfolder/keys/largersakey.$priv_key_format --pwd secret123" \
"$priv_key_option:my-rsa-key $topfolder/keys/largersakey.$priv_key_format --pwd secret123 --session-key aes-256 --enabled-key-data key-name --xml-data $topfolder/aleksey-xmlenc-01/enc-aes256-kt-rsa_oaep_sha1-params.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option:my-rsa-key $topfolder/keys/largersakey.$priv_key_format --pwd secret123"
# same test but decrypt using two different keys
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-two-recipients" \
"tripledes-cbc rsa-1_5" \
"$priv_key_option:pub1 $topfolder/keys/rsakey.$priv_key_format --pwd secret123" \
"--pubkey-cert-$cert_format:pub1 $topfolder/keys/rsacert.$cert_format --pubkey-cert-$cert_format:pub2 $topfolder/keys/largersacert.$cert_format --session-key des-192 --xml-data $topfolder/aleksey-xmlenc-01/enc-two-recipients.data" \
"$priv_key_option:pub1 $topfolder/keys/rsakey.$priv_key_format --pwd secret123"
execEncTest $res_success \
"" \
"aleksey-xmlenc-01/enc-two-recipients" \
"tripledes-cbc rsa-1_5" \
"$priv_key_option:pub1 $topfolder/keys/largersakey.$priv_key_format --pwd secret123" \
"--pubkey-cert-$cert_format:pub1 $topfolder/keys/rsacert.$cert_format --pubkey-cert-$cert_format:pub2 $topfolder/keys/largersacert.$cert_format --session-key des-192 --xml-data $topfolder/aleksey-xmlenc-01/enc-two-recipients.data" \
"$priv_key_option:pub1 $topfolder/keys/largersakey.$priv_key_format --pwd secret123"
##########################################################################
#
# merlin-xmlenc-five
#
##########################################################################
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-data-aes128-cbc" \
"aes128-cbc" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes128-cbc.data" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-content-tripledes-cbc" \
"tripledes-cbc" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data --node-id Payment" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-content-aes256-cbc-prop" \
"aes256-cbc" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data --node-id Payment" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-element-aes192-cbc-ref" \
"aes192-cbc" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5" \
"aes128-cbc rsa-1_5" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data --node-id Purchase --pwd secret" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p" \
"tripledes-cbc rsa-oaep-mgf1p" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data --pwd secret" \
"$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes" \
"aes256-cbc kw-tripledes" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-256 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192" \
"aes128-cbc kw-aes192" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256" \
"aes192-cbc kw-aes256" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-192 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128" \
"tripledes-cbc kw-aes128" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
execEncTest $res_success \
"" \
"merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256" \
"aes256-cbc kw-aes256" \
"--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
#merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml
#merlin-xmlenc-five/decryption-transform-except.xml
#merlin-xmlenc-five/decryption-transform.xml
#merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
#merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml
#merlin-xmlenc-five/encsig-hmac-sha256-dh.xml
#merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml
##########################################################################
#
# 01-phaos-xmlenc-3
#
##########################################################################
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5" \
"tripledes-cbc rsa-1_5" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1" \
"tripledes-cbc rsa-oaep-mgf1p" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5" \
"aes128-cbc rsa-1_5" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1" \
"aes128-cbc rsa-oaep-mgf1p" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1" \
"aes192-cbc rsa-oaep-mgf1p" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5" \
"aes192-cbc rsa-1_5" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \
"aes256-cbc rsa-1_5" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1" \
"aes256-cbc rsa-oaep-mgf1p" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
"--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
"$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-3des-kw-3des" \
"tripledes-cbc kw-tripledes" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-content-aes128-kw-3des" \
"aes128-cbc kw-tripledes" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes128-kw-aes128" \
"aes128-cbc kw-aes128" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes128-kw-aes256" \
"aes128-cbc kw-aes256" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-content-3des-kw-aes192" \
"tripledes-cbc kw-aes192" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-content-aes192-kw-aes256" \
"aes192-cbc kw-aes256" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes192-kw-aes192" \
"aes192-cbc kw-aes192" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-element-aes256-kw-aes256" \
"aes256-cbc kw-aes256" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-text-3des-kw-aes256" \
"tripledes-cbc kw-aes256" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_success \
"" \
"01-phaos-xmlenc-3/enc-text-aes128-kw-aes192" \
"aes128-cbc kw-aes192" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
"--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
#01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml
#01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml
#01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml
#01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml
#01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml
#01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml
echo "--------- AES-GCM tests include both positive and negative tests ----------"
if [ -z "$XMLSEC_TEST_REPRODUCIBLE" ]; then
echo "--- detailed log is written to $logfile"
fi
##########################################################################
#
# AES-GCM
#
# IV length=96, AAD length=0 and tag length=128
##########################################################################
aesgcm_key_lengths="128 192 256"
aesgcm_plaintext_lengths="104 128 256 408"
aesgcm_vectors="01 02 03 04 05 06 07 08 09 10 11 12 13 14 15"
for aesgcm_k_l in $aesgcm_key_lengths ; do
for aesgcm_pt_l in $aesgcm_plaintext_lengths ; do
for aesgcm_v in $aesgcm_vectors ; do
base_test_name="nist-aesgcm/aes${aesgcm_k_l}/aes${aesgcm_k_l}-gcm-96-${aesgcm_pt_l}-0-128-${aesgcm_v}"
# If the corresponding *.data file is missing then we expect the test to fail
if [ -f "$topfolder/$base_test_name.xml" -a ! -f "$topfolder/$base_test_name.data" ] ; then
execEncTest "$res_fail" \
"" \
"$base_test_name" \
"aes${aesgcm_k_l}-gcm" \
"--keys-file $topfolder/nist-aesgcm/keys-aes${aesgcm_k_l}-gcm.xml" \
"" \
""
else
# generate binary file out of base64
DECODE="-d"
if [ "`uname`" = "Darwin" ]; then
DECODE="-D"
fi
cat "$topfolder/$base_test_name.data" | base64 $DECODE > $tmpfile.3
execEncTest "$res_success" \
"" \
"$base_test_name" \
"aes${aesgcm_k_l}-gcm" \
"--keys-file $topfolder/nist-aesgcm/keys-aes${aesgcm_k_l}-gcm.xml" \
"--keys-file $topfolder/nist-aesgcm/keys-aes${aesgcm_k_l}-gcm.xml --binary-data $tmpfile.3" \
"--keys-file $topfolder/nist-aesgcm/keys-aes${aesgcm_k_l}-gcm.xml" \
"base64"
fi
done
done
done
##########################################################################
#
# test dynamicencryption
#
##########################################################################
if [ -n "$XMLSEC_TEST_NAME" -a "$XMLSEC_TEST_NAME" = "enc-dynamic" ]; then
echo "Dynamic encryption template"
printf " Encrypt template "
echo "$VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
$VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile
printRes $res_success $?
printf " Decrypt document "
echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $keysfile $tmpfile" >> $logfile
$VALGRIND $xmlsec_app decrypt $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile
printRes $res_success $?
fi
##########################################################################
##########################################################################
##########################################################################
echo "--------- Negative Testing: Following tests MUST FAIL ----------"
if [ -z "$XMLSEC_TEST_REPRODUCIBLE" ]; then
echo "--- detailed log is written to $logfile"
fi
execEncTest $res_fail \
"" \
"01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des" \
"" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
execEncTest $res_fail \
"" \
"aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \
"" \
"--keys-file $topfolder/keys/keys.xml --enabled-cipher-reference-uris empty"
execEncTest $res_fail \
"" \
"01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \
"" \
"--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-retrieval-method-uris empty"
rm -rf $tmpfile
##########################################################################
##########################################################################
##########################################################################
echo "--- testEnc finished" >> $logfile
echo "--- testEnc finished"
if [ -z "$XMLSEC_TEST_REPRODUCIBLE" ]; then
echo "--- detailed log is written to $logfile"
fi

View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
OS_ARCH=`uname -o`
OS_KERNEL=`uname -s`
@ -472,7 +472,7 @@ execEncTest() {
rm -rf $tmpfile $tmpfile.2 tmpfile.3
# run tests
source "$testfile"
. "$testfile"
# print results
echo "--- TOTAL OK: $count_success; TOTAL FAILED: $count_fail; TOTAL SKIPPED: $count_skip" >> $logfile