Add TLS 1.2 TLS 1.3 tests

CMakeLists.txt

@@ -657,10 +657,12 @@ if (CMAKE_C_COMPILER_ID MATCHES "MSVC")
 endif()
 
 
-add_test(NAME gmssl_sm3 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm3.cmake")
+add_test(NAME sm3_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm3_commands.cmake")
-add_test(NAME gmssl_sm2 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm2.cmake")
+add_test(NAME sm2_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/sm2_commands.cmake")
-add_test(NAME gmssl_cert COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_cert.cmake")
+add_test(NAME cert_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/cert_commands.cmake")
-add_test(NAME gmssl_tlcp COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_tlcp.cmake")
+add_test(NAME tlcp_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
+add_test(NAME tls12_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
+add_test(NAME tls13_commands COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
 
 # Generate install package with cpack
 #	cpack -G TGZ

cmake/cert_commands.cmake

@@ -1,47 +1,43 @@
 
-
 execute_process(
 	COMMAND gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem
 	RESULT_VARIABLE TEST_RESULT
 	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
 )
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS rootcakey.pem)
-if(NOT EXISTS sm2.pem)
+	message(FATAL_ERROR "generated file does not exist")
-    message(FATAL_ERROR "Generated file does not exist")
 endif()
 
-if(NOT EXISTS sm2pub.pem)
-    message(FATAL_ERROR "Generated file does not exist")
-endif()
-
-
-
 execute_process(
 	COMMAND gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass P@ssw0rd -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
 	RESULT_VARIABLE TEST_RESULT
 	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
 )
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS rootcacert.pem)
-
+	message(FATAL_ERROR "generated file does not exist")
+endif()
+file(READ rootcacert.pem FILE_CONTENT)
+if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE-----")
+	message(FATAL_ERROR "generate file error")
+endif()
 
 execute_process(
 	COMMAND gmssl sm2keygen -pass P@ssw0rd -out cakey.pem
 	RESULT_VARIABLE TEST_RESULT
 	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
 )
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS cakey.pem)
+	message(FATAL_ERROR "generated file does not exist")
+endif()
 
 execute_process(
 	COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass P@ssw0rd -out careq.pem
@@ -51,8 +47,13 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS careq.pem)
-
+    message(FATAL_ERROR "generated file does not exist")
+endif()
+file(READ careq.pem FILE_CONTENT)
+if (NOT FILE_CONTENT MATCHES "^-----BEGIN CERTIFICATE REQUEST-----")
+	message(FATAL_ERROR "generate file error")
+endif()
 
 execute_process(
 	COMMAND gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass P@ssw0rd -out cacert.pem -ca
@@ -62,11 +63,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS cacert.pem)
-
+	message(FATAL_ERROR "generated file does not exist")
-# gmssl sm2keygen -pass P@ssw0rd -out signkey.pem
+endif()
-# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem
-# gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem
 
 execute_process(
 	COMMAND gmssl sm2keygen -pass P@ssw0rd -out signkey.pem
@@ -76,6 +75,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
+if(NOT EXISTS signkey.pem)
+	message(FATAL_ERROR "generated file does not exist")
+endif()
 
 execute_process(
 	COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem
@@ -85,6 +87,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
+if(NOT EXISTS signreq.pem)
+    message(FATAL_ERROR "generated file does not exist")
+endif()
 
 execute_process(
 	COMMAND gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem
@@ -94,12 +99,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
+if(NOT EXISTS signcert.pem)
-
+	message(FATAL_ERROR "generated file does not exist")
-# gmssl sm2keygen -pass P@ssw0rd -out enckey.pem
+endif()
-# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem
-# gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem
-
 
 execute_process(
 	COMMAND gmssl sm2keygen -pass P@ssw0rd -out enckey.pem
@@ -109,6 +111,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
+if(NOT EXISTS enckey.pem)
+    message(FATAL_ERROR "generated file does not exist")
+endif()
 
 execute_process(
 	COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem
@@ -118,6 +123,9 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
+if(NOT EXISTS encreq.pem)
+	message(FATAL_ERROR "generated file does not exist")
+endif()
 
 execute_process(
 	COMMAND gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem
@@ -127,18 +135,21 @@ execute_process(
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
+if(NOT EXISTS enccert.pem)
+	message(FATAL_ERROR "generated file does not exist")
+endif()
 
-
+file(WRITE tlcp_server_certs.pem "")
-
-file(WRITE double_certs.pem "")
 file(READ signcert.pem CERT_CONTENT)
-file(APPEND double_certs.pem "${CERT_CONTENT}")
+file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
 file(READ enccert.pem CERT_CONTENT)
-file(APPEND double_certs.pem "${CERT_CONTENT}")
+file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
 file(READ cacert.pem CERT_CONTENT)
-file(APPEND double_certs.pem "${CERT_CONTENT}")
+file(APPEND tlcp_server_certs.pem "${CERT_CONTENT}")
-
-
-
 
+file(WRITE tls_server_certs.pem "")
+file(READ signcert.pem CERT_CONTENT)
+file(APPEND tls_server_certs.pem "${CERT_CONTENT}")
+file(READ cacert.pem CERT_CONTENT)
+file(APPEND tls_server_certs.pem "${CERT_CONTENT}")
 

cmake/gmssl_tlcp.cmake

@@ -1,49 +0,0 @@
-
-# tlcp_server [-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file]
-execute_process(
-    COMMAND bash -c "sudo nohup gmssl tlcp_server -port 4433 -cert double_certs.pem -key signkey.pem -pass P@ssw0rd -ex_key enckey.pem -ex_pass P@ssw0rd > server_output.log 2>&1 &"
-    WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
-    RESULT_VARIABLE SERVER_RESULT
-    TIMEOUT 5
-    COMMAND_ECHO STDOUT
-    OUTPUT_VARIABLE SERVER_OUTPUT
-    ERROR_VARIABLE SERVER_ERROR
-)
-message(STATUS "Server start output: ${SERVER_OUTPUT}")
-message(STATUS "Server start error: ${SERVER_ERROR}")
-
-if(NOT ${SERVER_RESULT} EQUAL 0)
-    message(FATAL_ERROR "Server failed to start with result: ${SERVER_RESULT}")
-endif()
-
-execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2)
-
-
-
-
-execute_process(
-    COMMAND bash -c "gmssl tlcp_client -host localhost -port 4433 -cacert rootcacert.pem 2>&1 | tee client_output.log"
-    WORKING_DIRECTORY ${CMAKE_BINARY_DIR}
-    OUTPUT_VARIABLE CLIENT_OUTPUT
-    ERROR_VARIABLE CLIENT_ERROR
-    RESULT_VARIABLE CLIENT_RESULT
-    TIMEOUT 5
-    COMMAND_ECHO STDOUT
-)
-
-message(STATUS "Client connection output: ${CLIENT_OUTPUT}")
-message(STATUS "Client connection error: ${CLIENT_ERROR}")
-
-file(READ "${CMAKE_BINARY_DIR}/client_output.log" CLIENT_LOG_CONTENT)
-string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX)
-
-if(${FOUND_INDEX} EQUAL -1)
-    message(FATAL_ERROR "Client did not establish connection with server.")
-else()
-    message(STATUS "Client successfully established connection with server.")
-endif()
-
-execute_process(
-    COMMAND sudo pkill -f "${TOOL_COMMAND} tlcp_server"
-)
-

cmake/sm2_commands.cmake

@@ -2,75 +2,65 @@ execute_process(
 	COMMAND gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem
 	RESULT_VARIABLE TEST_RESULT
 	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
 )
-
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
-
 if(NOT EXISTS sm2.pem)
-    message(FATAL_ERROR "Generated file does not exist")
+	message(FATAL_ERROR "generated file does not exist")
 endif()
-
 if(NOT EXISTS sm2pub.pem)
-    message(FATAL_ERROR "Generated file does not exist")
+	message(FATAL_ERROR "generated file does not exist")
 endif()
 
-# sign
+set(SECRET_MESSAGE "Secret message")
+file(WRITE message.txt "${SECRET_MESSAGE}")
 
 execute_process(
-	COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2sign -key sm2.pem -pass P@ssw0rd -out sm2.sig"
+	COMMAND gmssl sm2sign -key sm2.pem -pass P@ssw0rd -in message.txt -out sm2.sig
 	RESULT_VARIABLE TEST_RESULT
 	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
 )
-
-if(NOT ${TEST_RESULT} EQUAL 0)
-	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
-endif()
-
-# verify
-
-execute_process(
-	COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig"
-	RESULT_VARIABLE TEST_RESULT
-	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
-)
-
-if(NOT ${TEST_RESULT} EQUAL 0)
-	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
-endif()
-
-#encrypt
-
-execute_process(
-	COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der"
-	RESULT_VARIABLE TEST_RESULT
-	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
-)
-
-if(NOT ${TEST_RESULT} EQUAL 0)
-	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
-endif()
-
-# decrypt
-
-execute_process(
-	COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der"
-	RESULT_VARIABLE TEST_RESULT
-	ERROR_VARIABLE TEST_STDERR
-	OUTPUT_VARIABLE TEST_OUTPUT
-)
-
 if(NOT ${TEST_RESULT} EQUAL 0)
 	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
 endif()
 
 
-if(NOT ${TEST_OUTPUT} STREQUAL "Secret message")
+execute_process(
-	message(FATAL_ERROR "stdout: ${TEST_OUTPUT}")
+	COMMAND gmssl sm2verify -pubkey sm2pub.pem -in message.txt -sig sm2.sig
+	RESULT_VARIABLE TEST_RESULT
+	ERROR_VARIABLE TEST_STDERR
+	OUTPUT_VARIABLE TEST_STDOUT
+)
+if(NOT ${TEST_RESULT} EQUAL 0)
+	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
+endif()
+string(FIND "${TEST_STDOUT}" "success" VERIFY_SUCCESS)
+if(VERIFY_SUCCESS EQUAL -1)
+    message(FATAL_ERROR "verify failure")
+endif()
+
+
+execute_process(
+	COMMAND gmssl sm2encrypt -pubkey sm2pub.pem -in message.txt -out sm2.der
+	RESULT_VARIABLE TEST_RESULT
+	ERROR_VARIABLE TEST_STDERR
+	OUTPUT_VARIABLE TEST_STDOUT
+)
+if(NOT ${TEST_RESULT} EQUAL 0)
+	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
+endif()
+
+execute_process(
+	COMMAND gmssl sm2decrypt -key sm2.pem -pass P@ssw0rd -in sm2.der
+	RESULT_VARIABLE TEST_RESULT
+	ERROR_VARIABLE TEST_STDERR
+	OUTPUT_VARIABLE TEST_STDOUT
+)
+if(NOT ${TEST_RESULT} EQUAL 0)
+	message(FATAL_ERROR "stderr: ${TEST_STDERR}")
+endif()
+if(NOT "${TEST_STDOUT}" STREQUAL "${SECRET_MESSAGE}")
+	message(FATAL_ERROR "stdout: ${TEST_STDOUT}")
 endif()
 

cmake/tlcp_commands.cmake

@@ -0,0 +1,45 @@
+
+if(NOT EXISTS rootcacert.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS tlcp_server_certs.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS signkey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS enckey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+execute_process(
+	COMMAND bash -c "sudo nohup gmssl tlcp_server -port 4433 -cert tlcp_server_certs.pem -key signkey.pem -pass P@ssw0rd -ex_key enckey.pem -ex_pass P@ssw0rd > tlcp_server.log 2>&1 &"
+	RESULT_VARIABLE SERVER_RESULT
+	TIMEOUT 5
+)
+if(NOT ${SERVER_RESULT} EQUAL 0)
+	message(FATAL_ERROR "server failed to start")
+endif()
+
+execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2)
+
+execute_process(
+	COMMAND bash -c "gmssl tlcp_client -host localhost -port 4433 -cacert rootcacert.pem > tlcp_client.log 2>&1"
+	RESULT_VARIABLE CLIENT_RESULT
+	TIMEOUT 5
+)
+
+file(READ "tlcp_client.log" CLIENT_LOG_CONTENT)
+string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX)
+
+if(${FOUND_INDEX} EQUAL -1)
+	message(FATAL_ERROR "Client did not establish connection with server.")
+endif()
+
+execute_process(
+	COMMAND sudo pkill -f "gmssl"
+)
+

cmake/tls12_commands.cmake

@@ -0,0 +1,45 @@
+
+if(NOT EXISTS rootcacert.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS tls_server_certs.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS signkey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS enckey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+execute_process(
+	COMMAND bash -c "sudo nohup gmssl tls12_server -port 4333 -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd > tls12_server.log 2>&1 &"
+	RESULT_VARIABLE SERVER_RESULT
+	TIMEOUT 5
+)
+if(NOT ${SERVER_RESULT} EQUAL 0)
+	message(FATAL_ERROR "server failed to start")
+endif()
+
+execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2)
+
+execute_process(
+	COMMAND bash -c "gmssl tls12_client -host localhost -port 4333 -cacert rootcacert.pem > tls12_client.log 2>&1"
+	RESULT_VARIABLE CLIENT_RESULT
+	TIMEOUT 5
+)
+
+file(READ "tls12_client.log" CLIENT_LOG_CONTENT)
+string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX)
+
+if(${FOUND_INDEX} EQUAL -1)
+	message(FATAL_ERROR "Client did not establish connection with server.")
+endif()
+
+execute_process(
+	COMMAND sudo pkill -f "gmssl"
+)
+

cmake/tls13_commands.cmake

@@ -0,0 +1,45 @@
+
+if(NOT EXISTS rootcacert.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS tls_server_certs.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS signkey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+if(NOT EXISTS enckey.pem)
+	message(FATAL_ERROR "file does not exist")
+endif()
+
+execute_process(
+	COMMAND bash -c "sudo nohup gmssl tls13_server -port 4443 -cert tls_server_certs.pem -key signkey.pem -pass P@ssw0rd > tls13_server.log 2>&1 &"
+	RESULT_VARIABLE SERVER_RESULT
+	TIMEOUT 5
+)
+if(NOT ${SERVER_RESULT} EQUAL 0)
+	message(FATAL_ERROR "server failed to start")
+endif()
+
+execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2)
+
+execute_process(
+	COMMAND bash -c "gmssl tls13_client -host localhost -port 4443 -cacert rootcacert.pem > tls13_client.log 2>&1"
+	RESULT_VARIABLE CLIENT_RESULT
+	TIMEOUT 5
+)
+
+file(READ "tls13_client.log" CLIENT_LOG_CONTENT)
+string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX)
+
+if(${FOUND_INDEX} EQUAL -1)
+	message(FATAL_ERROR "Client did not establish connection with server.")
+endif()
+
+execute_process(
+	COMMAND sudo pkill -f "gmssl"
+)
+