diff --git a/CMakeLists.txt b/CMakeLists.txt index c9d09c81..31489667 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -657,10 +657,12 @@ if (CMAKE_C_COMPILER_ID MATCHES "MSVC") endif() -add_test(NAME gmssl_sm3 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm3.cmake") -add_test(NAME gmssl_sm2 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm2.cmake") -add_test(NAME gmssl_cert COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_cert.cmake") -add_test(NAME gmssl_tlcp COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_tlcp.cmake") +add_test(NAME sm3_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm3_commands.cmake") +add_test(NAME sm2_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm2_commands.cmake") +add_test(NAME cert_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/cert_commands.cmake") +add_test(NAME tlcp_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake") +add_test(NAME tls12_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake") +add_test(NAME tls13_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake") # Generate install package with cpack # cpack -G TGZ diff --git a/cmake/gmssl_cert.cmake b/cmake/cert_commands.cmake similarity index 65% rename from cmake/gmssl_cert.cmake rename to cmake/cert_commands.cmake index e7deca5d..25968071 100644 --- a/cmake/gmssl_cert.cmake +++ b/cmake/cert_commands.cmake @@ -1,47 +1,43 @@ - execute_process( COMMAND gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT ) if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - -if(NOT EXISTS sm2.pem) - message(FATAL_ERROR "Generated file does not exist") +if(NOT EXISTS rootcakey.pem) + message(FATAL_ERROR "generated file does not exist") endif() -if(NOT EXISTS sm2pub.pem) - message(FATAL_ERROR "Generated file does not exist") -endif() - - - execute_process( COMMAND gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass P@ssw0rd -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT ) if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - - +if(NOT EXISTS rootcacert.pem) + message(FATAL_ERROR "generated file does not exist") +endif() +file(READ rootcacert.pem FILE_CONTENT) +if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE-----") + message(FATAL_ERROR "generate file error") +endif() execute_process( COMMAND gmssl sm2keygen -pass P@ssw0rd -out cakey.pem RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT ) if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - +if(NOT EXISTS cakey.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass P@ssw0rd -out careq.pem @@ -51,8 +47,13 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - - +if(NOT EXISTS careq.pem) + message(FATAL_ERROR "generated file does not exist") +endif() +file(READ careq.pem FILE_CONTENT) +if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE REQUEST-----") + message(FATAL_ERROR "generate file error") +endif() execute_process( COMMAND gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass P@ssw0rd -out cacert.pem -ca @@ -62,11 +63,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - - -# gmssl sm2keygen -pass P@ssw0rd -out signkey.pem -# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem -# gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem +if(NOT EXISTS cacert.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl sm2keygen -pass P@ssw0rd -out signkey.pem @@ -76,6 +75,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +if(NOT EXISTS signkey.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem @@ -85,6 +87,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +if(NOT EXISTS signreq.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem @@ -94,12 +99,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - - -# gmssl sm2keygen -pass P@ssw0rd -out enckey.pem -# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem -# gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem - +if(NOT EXISTS signcert.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl sm2keygen -pass P@ssw0rd -out enckey.pem @@ -109,6 +111,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +if(NOT EXISTS enckey.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem @@ -118,6 +123,9 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +if(NOT EXISTS encreq.pem) + message(FATAL_ERROR "generated file does not exist") +endif() execute_process( COMMAND gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem @@ -127,18 +135,21 @@ execute_process( if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +if(NOT EXISTS enccert.pem) + message(FATAL_ERROR "generated file does not exist") +endif() - - -file(WRITE double_certs.pem "") +file(WRITE tlcp_server_certs.pem "") file(READ signcert.pem CERT_CONTENT) -file(APPEND double_certs.pem "${CERT_CONTENT}") +file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}") file(READ enccert.pem CERT_CONTENT) -file(APPEND double_certs.pem "${CERT_CONTENT}") +file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}") file(READ cacert.pem CERT_CONTENT) -file(APPEND double_certs.pem "${CERT_CONTENT}") - - - +file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}") +file(WRITE tls_server_certs.pem "") +file(READ signcert.pem CERT_CONTENT) +file(APPEND tls_server_certs.pem "${CERT_CONTENT}") +file(READ cacert.pem CERT_CONTENT) +file(APPEND tls_server_certs.pem "${CERT_CONTENT}") diff --git a/cmake/gmssl_tlcp.cmake b/cmake/gmssl_tlcp.cmake deleted file mode 100644 index 10a56892..00000000 --- a/cmake/gmssl_tlcp.cmake +++ /dev/null @@ -1,49 +0,0 @@ - -# tlcp_server [-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file] -execute_process( - COMMAND bash -c "sudo nohup gmssl tlcp_server -port 4433 -cert double_certs.pem -key signkey.pem -pass P@ssw0rd -ex_key enckey.pem -ex_pass P@ssw0rd > server_output.log 2>&1 &" - WORKING_DIRECTORY ${CMAKE_BINARY_DIR} - RESULT_VARIABLE SERVER_RESULT - TIMEOUT 5 - COMMAND_ECHO STDOUT - OUTPUT_VARIABLE SERVER_OUTPUT - ERROR_VARIABLE SERVER_ERROR -) -message(STATUS "Server start output: ${SERVER_OUTPUT}") -message(STATUS "Server start error: ${SERVER_ERROR}") - -if(NOT ${SERVER_RESULT} EQUAL 0) - message(FATAL_ERROR "Server failed to start with result: ${SERVER_RESULT}") -endif() - -execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2) - - - - -execute_process( - COMMAND bash -c "gmssl tlcp_client -host localhost -port 4433 -cacert rootcacert.pem 2>&1 | tee client_output.log" - WORKING_DIRECTORY ${CMAKE_BINARY_DIR} - OUTPUT_VARIABLE CLIENT_OUTPUT - ERROR_VARIABLE CLIENT_ERROR - RESULT_VARIABLE CLIENT_RESULT - TIMEOUT 5 - COMMAND_ECHO STDOUT -) - -message(STATUS "Client connection output: ${CLIENT_OUTPUT}") -message(STATUS "Client connection error: ${CLIENT_ERROR}") - -file(READ "${CMAKE_BINARY_DIR}/client_output.log" CLIENT_LOG_CONTENT) -string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX) - -if(${FOUND_INDEX} EQUAL -1) - message(FATAL_ERROR "Client did not establish connection with server.") -else() - message(STATUS "Client successfully established connection with server.") -endif() - -execute_process( - COMMAND sudo pkill -f "${TOOL_COMMAND} tlcp_server" -) - diff --git a/cmake/gmssl_sm2.cmake b/cmake/sm2_commands.cmake similarity index 54% rename from cmake/gmssl_sm2.cmake rename to cmake/sm2_commands.cmake index ae3e4661..b263ffe9 100644 --- a/cmake/gmssl_sm2.cmake +++ b/cmake/sm2_commands.cmake @@ -2,75 +2,65 @@ execute_process( COMMAND gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT ) - if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - if(NOT EXISTS sm2.pem) - message(FATAL_ERROR "Generated file does not exist") + message(FATAL_ERROR "generated file does not exist") endif() - if(NOT EXISTS sm2pub.pem) - message(FATAL_ERROR "Generated file does not exist") + message(FATAL_ERROR "generated file does not exist") endif() -# sign +set(SECRET_MESSAGE "Secret message") +file(WRITE message.txt "${SECRET_MESSAGE}") execute_process( - COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2sign -key sm2.pem -pass P@ssw0rd -out sm2.sig" + COMMAND gmssl sm2sign -key sm2.pem -pass P@ssw0rd -in message.txt -out sm2.sig RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT ) - if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() -# verify execute_process( - COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig" + COMMAND gmssl sm2verify -pubkey sm2pub.pem -in message.txt -sig sm2.sig RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT + OUTPUT_VARIABLE TEST_STDOUT ) - if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() +string(FIND "${TEST_STDOUT}" "success" VERIFY_SUCCESS) +if(VERIFY_SUCCESS EQUAL -1) + message(FATAL_ERROR "verify failure") +endif() -#encrypt execute_process( - COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der" + COMMAND gmssl sm2encrypt -pubkey sm2pub.pem -in message.txt -out sm2.der RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT + OUTPUT_VARIABLE TEST_STDOUT ) - if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() -# decrypt - execute_process( - COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der" + COMMAND gmssl sm2decrypt -key sm2.pem -pass P@ssw0rd -in sm2.der RESULT_VARIABLE TEST_RESULT ERROR_VARIABLE TEST_STDERR - OUTPUT_VARIABLE TEST_OUTPUT + OUTPUT_VARIABLE TEST_STDOUT ) - if(NOT ${TEST_RESULT} EQUAL 0) message(FATAL_ERROR "stderr: ${TEST_STDERR}") endif() - - -if(NOT ${TEST_OUTPUT} STREQUAL "Secret message") - message(FATAL_ERROR "stdout: ${TEST_OUTPUT}") +if(NOT "${TEST_STDOUT}" STREQUAL "${SECRET_MESSAGE}") + message(FATAL_ERROR "stdout: ${TEST_STDOUT}") endif() diff --git a/cmake/gmssl_sm3.cmake b/cmake/sm3_commands.cmake similarity index 100% rename from cmake/gmssl_sm3.cmake rename to cmake/sm3_commands.cmake diff --git a/cmake/tlcp_commands.cmake b/cmake/tlcp_commands.cmake new file mode 100644 index 00000000..a4c9c3af --- /dev/null +++ b/cmake/tlcp_commands.cmake @@ -0,0 +1,45 @@ + +if(NOT EXISTS rootcacert.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS tlcp_server_certs.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS signkey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS enckey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +execute_process( + COMMAND bash -c "sudo nohup gmssl tlcp_server -port 4433 -cert tlcp_server_certs.pem -key signkey.pem -pass P@ssw0rd -ex_key enckey.pem -ex_pass P@ssw0rd > tlcp_server.log 2>&1 &" + RESULT_VARIABLE SERVER_RESULT + TIMEOUT 5 +) +if(NOT ${SERVER_RESULT} EQUAL 0) + message(FATAL_ERROR "server failed to start") +endif() + +execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2) + +execute_process( + COMMAND bash -c "gmssl tlcp_client -host localhost -port 4433 -cacert rootcacert.pem > tlcp_client.log 2>&1" + RESULT_VARIABLE CLIENT_RESULT + TIMEOUT 5 +) + +file(READ "tlcp_client.log" CLIENT_LOG_CONTENT) +string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX) + +if(${FOUND_INDEX} EQUAL -1) + message(FATAL_ERROR "Client did not establish connection with server.") +endif() + +execute_process( + COMMAND sudo pkill -f "gmssl" +) + diff --git a/cmake/tls12_commands.cmake b/cmake/tls12_commands.cmake new file mode 100644 index 00000000..9e09f94d --- /dev/null +++ b/cmake/tls12_commands.cmake @@ -0,0 +1,45 @@ + +if(NOT EXISTS rootcacert.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS tls_server_certs.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS signkey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS enckey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +execute_process( + COMMAND bash -c "sudo nohup gmssl tls12_server -port 4333 -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd > tls12_server.log 2>&1 &" + RESULT_VARIABLE SERVER_RESULT + TIMEOUT 5 +) +if(NOT ${SERVER_RESULT} EQUAL 0) + message(FATAL_ERROR "server failed to start") +endif() + +execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2) + +execute_process( + COMMAND bash -c "gmssl tls12_client -host localhost -port 4333 -cacert rootcacert.pem > tls12_client.log 2>&1" + RESULT_VARIABLE CLIENT_RESULT + TIMEOUT 5 +) + +file(READ "tls12_client.log" CLIENT_LOG_CONTENT) +string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX) + +if(${FOUND_INDEX} EQUAL -1) + message(FATAL_ERROR "Client did not establish connection with server.") +endif() + +execute_process( + COMMAND sudo pkill -f "gmssl" +) + diff --git a/cmake/tls13_commands.cmake b/cmake/tls13_commands.cmake new file mode 100644 index 00000000..28916b61 --- /dev/null +++ b/cmake/tls13_commands.cmake @@ -0,0 +1,45 @@ + +if(NOT EXISTS rootcacert.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS tls_server_certs.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS signkey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +if(NOT EXISTS enckey.pem) + message(FATAL_ERROR "file does not exist") +endif() + +execute_process( + COMMAND bash -c "sudo nohup gmssl tls13_server -port 4443 -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd > tls13_server.log 2>&1 &" + RESULT_VARIABLE SERVER_RESULT + TIMEOUT 5 +) +if(NOT ${SERVER_RESULT} EQUAL 0) + message(FATAL_ERROR "server failed to start") +endif() + +execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2) + +execute_process( + COMMAND bash -c "gmssl tls13_client -host localhost -port 4443 -cacert rootcacert.pem > tls13_client.log 2>&1" + RESULT_VARIABLE CLIENT_RESULT + TIMEOUT 5 +) + +file(READ "tls13_client.log" CLIENT_LOG_CONTENT) +string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX) + +if(${FOUND_INDEX} EQUAL -1) + message(FATAL_ERROR "Client did not establish connection with server.") +endif() + +execute_process( + COMMAND sudo pkill -f "gmssl" +) +