diff --git a/CMakeLists.txt b/CMakeLists.txt index eb2a1810..c9d09c81 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -657,9 +657,10 @@ if (CMAKE_C_COMPILER_ID MATCHES "MSVC") endif() -add_test(NAME gmssl_sm3 - COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm3.cmake") - +add_test(NAME gmssl_sm3 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm3.cmake") +add_test(NAME gmssl_sm2 COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_sm2.cmake") +add_test(NAME gmssl_cert COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_cert.cmake") +add_test(NAME gmssl_tlcp COMMAND ${CMAKE_COMMAND} -P "${CMAKE_SOURCE_DIR}/cmake/gmssl_tlcp.cmake") # Generate install package with cpack # cpack -G TGZ diff --git a/cmake/gmssl_cert.cmake b/cmake/gmssl_cert.cmake new file mode 100644 index 00000000..e7deca5d --- /dev/null +++ b/cmake/gmssl_cert.cmake @@ -0,0 +1,144 @@ + + +execute_process( + COMMAND gmssl sm2keygen -pass P@ssw0rd -out rootcakey.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +if(NOT EXISTS sm2.pem) + message(FATAL_ERROR "Generated file does not exist") +endif() + +if(NOT EXISTS sm2pub.pem) + message(FATAL_ERROR "Generated file does not exist") +endif() + + + +execute_process( + COMMAND gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass P@ssw0rd -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + + +execute_process( + COMMAND gmssl sm2keygen -pass P@ssw0rd -out cakey.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + +execute_process( + COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass P@ssw0rd -out careq.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + + +execute_process( + COMMAND gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass P@ssw0rd -out cacert.pem -ca + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + +# gmssl sm2keygen -pass P@ssw0rd -out signkey.pem +# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem +# gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem + +execute_process( + COMMAND gmssl sm2keygen -pass P@ssw0rd -out signkey.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +execute_process( + COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass P@ssw0rd -out signreq.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +execute_process( + COMMAND gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out signcert.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + +# gmssl sm2keygen -pass P@ssw0rd -out enckey.pem +# gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem +# gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem + + +execute_process( + COMMAND gmssl sm2keygen -pass P@ssw0rd -out enckey.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +execute_process( + COMMAND gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass P@ssw0rd -out encreq.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +execute_process( + COMMAND gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass P@ssw0rd -out enccert.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR +) +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + + +file(WRITE double_certs.pem "") +file(READ signcert.pem CERT_CONTENT) +file(APPEND double_certs.pem "${CERT_CONTENT}") +file(READ enccert.pem CERT_CONTENT) +file(APPEND double_certs.pem "${CERT_CONTENT}") +file(READ cacert.pem CERT_CONTENT) +file(APPEND double_certs.pem "${CERT_CONTENT}") + + + + + diff --git a/cmake/gmssl_sm2.cmake b/cmake/gmssl_sm2.cmake new file mode 100644 index 00000000..ae3e4661 --- /dev/null +++ b/cmake/gmssl_sm2.cmake @@ -0,0 +1,76 @@ +execute_process( + COMMAND gmssl sm2keygen -pass P@ssw0rd -out sm2.pem -pubout sm2pub.pem + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) + +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +if(NOT EXISTS sm2.pem) + message(FATAL_ERROR "Generated file does not exist") +endif() + +if(NOT EXISTS sm2pub.pem) + message(FATAL_ERROR "Generated file does not exist") +endif() + +# sign + +execute_process( + COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2sign -key sm2.pem -pass P@ssw0rd -out sm2.sig" + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) + +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +# verify + +execute_process( + COMMAND bash -c "echo -n 'message to be signed' | gmssl sm2verify -pubkey sm2pub.pem -sig sm2.sig" + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) + +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +#encrypt + +execute_process( + COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der" + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) + +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + +# decrypt + +execute_process( + COMMAND bash -c "echo 'Secret message' | gmssl sm2encrypt -pubkey sm2pub.pem -out sm2.der" + RESULT_VARIABLE TEST_RESULT + ERROR_VARIABLE TEST_STDERR + OUTPUT_VARIABLE TEST_OUTPUT +) + +if(NOT ${TEST_RESULT} EQUAL 0) + message(FATAL_ERROR "stderr: ${TEST_STDERR}") +endif() + + +if(NOT ${TEST_OUTPUT} STREQUAL "Secret message") + message(FATAL_ERROR "stdout: ${TEST_OUTPUT}") +endif() + diff --git a/cmake/gmssl_tlcp.cmake b/cmake/gmssl_tlcp.cmake new file mode 100644 index 00000000..10a56892 --- /dev/null +++ b/cmake/gmssl_tlcp.cmake @@ -0,0 +1,49 @@ + +# tlcp_server [-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file] +execute_process( + COMMAND bash -c "sudo nohup gmssl tlcp_server -port 4433 -cert double_certs.pem -key signkey.pem -pass P@ssw0rd -ex_key enckey.pem -ex_pass P@ssw0rd > server_output.log 2>&1 &" + WORKING_DIRECTORY ${CMAKE_BINARY_DIR} + RESULT_VARIABLE SERVER_RESULT + TIMEOUT 5 + COMMAND_ECHO STDOUT + OUTPUT_VARIABLE SERVER_OUTPUT + ERROR_VARIABLE SERVER_ERROR +) +message(STATUS "Server start output: ${SERVER_OUTPUT}") +message(STATUS "Server start error: ${SERVER_ERROR}") + +if(NOT ${SERVER_RESULT} EQUAL 0) + message(FATAL_ERROR "Server failed to start with result: ${SERVER_RESULT}") +endif() + +execute_process(COMMAND ${CMAKE_COMMAND} -E sleep 2) + + + + +execute_process( + COMMAND bash -c "gmssl tlcp_client -host localhost -port 4433 -cacert rootcacert.pem 2>&1 | tee client_output.log" + WORKING_DIRECTORY ${CMAKE_BINARY_DIR} + OUTPUT_VARIABLE CLIENT_OUTPUT + ERROR_VARIABLE CLIENT_ERROR + RESULT_VARIABLE CLIENT_RESULT + TIMEOUT 5 + COMMAND_ECHO STDOUT +) + +message(STATUS "Client connection output: ${CLIENT_OUTPUT}") +message(STATUS "Client connection error: ${CLIENT_ERROR}") + +file(READ "${CMAKE_BINARY_DIR}/client_output.log" CLIENT_LOG_CONTENT) +string(FIND "${CLIENT_LOG_CONTENT}" "Connection established" FOUND_INDEX) + +if(${FOUND_INDEX} EQUAL -1) + message(FATAL_ERROR "Client did not establish connection with server.") +else() + message(STATUS "Client successfully established connection with server.") +endif() + +execute_process( + COMMAND sudo pkill -f "${TOOL_COMMAND} tlcp_server" +) +