2 # -*- coding: cp1251 -*-
3 lappend auto_path [file dirname [info script]]
4 package require ossltest
6 set testname [file rootname [file tail $::argv0]]
8 start_tests "Тесты на smime -encrypt"
10 return [string map {":" "_"} $alg]
16 lappend result [subst $str]
20 if {![file exist encrypt.dat]} {
21 makeFile encrypt.dat [string repeat "Test data to encrypt.\n" 100]
24 if {![info exist env(NO_RSA)]} {
25 test "Creating RSA CA" {
26 makeCA ${testname}CA-RSA rsa:512
29 foreach user {U_enc_rsa_1 U_enc_rsa_2} {
30 test "Make registered user $user" {
31 makeRegisteredUser $user rsa:512 CAname ${testname}CA-RSA
36 test "RSA User 1 encrypts message for RSA user 2" {
37 openssl "smime -encrypt -in encrypt.dat -des -out enc_rsa.msg U_enc_rsa_2/cert.pem"
38 file isfile enc_rsa.msg
41 test "RSA User 1 cannot decrypt message for RSA user 2" {
42 grep "Error" [openssl "smime -decrypt -in enc_rsa.msg -recip U_enc_rsa_1/cert.pem -inkey U_enc_rsa_1/seckey.pem"]
43 } 1 {Error decrypting PKCS#7 structure}
45 test -createsfiles decrypt.rsa "RSA User 2 (with cert) can decrypt message for RSA user 2" {
46 set expected [getFile encrypt.dat]
47 openssl "smime -decrypt -in enc_rsa.msg -recip U_enc_rsa_2/cert.pem -inkey U_enc_rsa_2/seckey.pem -out decrypt.rsa"
48 set result [getFile decrypt.rsa]
49 string eq $expected $result
52 test -createsfiles decrypt_nocert.rsa "RSA User 2 (without cert) can decrypt message for RSA user 2" {
53 set expected [getFile encrypt.dat]
54 openssl "smime -decrypt -in enc_rsa.msg -inkey U_enc_rsa_2/seckey.pem -out decrypt_nocert.rsa"
55 set result [getFile decrypt_nocert.rsa]
56 string eq $expected $result
60 test "Creating CA 2001" {
61 makeCA ${testname}CA gost2001:A
64 test "Creating CA 2012" {
68 if {[info exist env(ENC_LIST)]} {
69 set enc_list $env(ENC_LIST)
71 switch -exact [engine_name] {
72 "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}}
73 "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}}
77 foreach enc_tuple $enc_list {
78 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
82 set alg_fn [make_fn $enc_tuple]
83 set username U_enc_$alg_fn
85 gost2012* {set ::test::ca ${testname}CA-2012}
86 * {set ::test::ca ${testname}CA}
89 test "Creating user $username with key $alg" {
90 makeRegisteredUser $username $alg
92 if {![file exists $username/req.pem]&&[file exists $username/cert.pem]} {
93 file delete $username/cert.pem
95 file exists $username/cert.pem
98 if {[string length $crypt_param]} {
99 set env(CRYPT_PARAMS) $crypt_param
101 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
104 test -createsfiles enc_$alg_fn.msg "Encrypting for $username" {
105 grep "rror" [openssl "smime -encrypt -in encrypt.dat -gost89 -out enc_$alg_fn.msg U_enc_$alg_fn/cert.pem"]
108 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
110 test -createsfiles enc_$alg_fn.pem "Extracting PKCS7 from encrypted structure for $username" {
111 openssl "smime -pk7out -out enc_$alg_fn.pem -in enc_$alg_fn.msg"
112 file isfile enc_$alg_fn.pem
115 test -skip {![file exists enc_$alg_fn.pem]} "Checking oids in pkcs7 structure for $username" {
116 extract_oids enc_$alg_fn.pem PEM
117 } 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] "GOST 28147-89" [encr_long_name $crypt_param]]
119 test -createsfiles decrypt.$alg_fn "Decrypting file encrypted for $username" {
120 set expected [getFile encrypt.dat]
121 openssl "smime -decrypt -in enc_$alg_fn.msg -recip U_enc_$alg_fn/cert.pem -inkey U_enc_$alg_fn/seckey.pem -out decrypt.$alg_fn"
122 set result [getFile decrypt.$alg_fn]
123 string eq $expected $result
126 if {[string length $crypt_param]} {
127 set env(CRYPT_PARAMS) $crypt_param
129 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
132 test -createsfiles enc_t_$alg_fn.msg "Encrypting for $username - text format" {
133 grep "rror" [openssl "smime -encrypt -text -in encrypt.dat -gost89 -out enc_t_$alg_fn.msg U_enc_$alg_fn/cert.pem"]
136 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
138 test -createsfiles decrypt_t.$alg_fn "Decrypting file text-encrypted for $username" {
139 set expected [getFile encrypt.dat]
140 openssl "smime -decrypt -text -in enc_t_$alg_fn.msg -recip U_enc_$alg_fn/cert.pem -inkey U_enc_$alg_fn/seckey.pem -out decrypt_t.$alg_fn"
141 set result [getFile decrypt_t.$alg_fn]
142 string eq $expected $result
145 test -createsfiles decrypt_t_nocert.$alg_fn "Decrypting file text-encrypted for $username without cert" {
146 set expected [getFile encrypt.dat]
147 openssl "smime -decrypt -text -in enc_t_$alg_fn.msg -inkey U_enc_$alg_fn/seckey.pem -out decrypt_t_nocert.$alg_fn"
148 set result [getFile decrypt_t_nocert.$alg_fn]
149 string eq $expected $result
153 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
155 # FIXME этот тест и парное расшифрование надо прогнать с разными параметрами шифрования
156 test -createfiles enc_4all "Encrypt for all" {
157 grep "rror" [openssl "smime -encrypt -in encrypt.dat -gost89 -out enc_4all.msg [map {U_enc_[make_fn $a]/cert.pem} $enc_list]"]
160 foreach enc_tuple $enc_list {
161 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
165 set alg_fn [make_fn $enc_tuple]
166 set username U_enc_$alg_fn
168 test -skip {![file exists enc_4all.msg]} -createsfiles decrypt_4all.$alg_fn "Decrypting gost-encrypted file, recipient $alg_fn" {
169 set expected [getFile encrypt.dat]
170 openssl "smime -decrypt -in enc_4all.msg -recip $username/cert.pem -inkey $username/seckey.pem -out decrypt_4all.$alg_fn"
171 set result [getFile decrypt_4all.$alg_fn]
172 string eq $expected $result
175 test -skip {![file exists enc_4all.msg]} -createsfiles decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" {
176 set expected [getFile encrypt.dat]
177 openssl "smime -decrypt -in enc_4all.msg -inkey $username/seckey.pem -out decrypt_4all_nocert.$alg_fn"
178 set result [getFile decrypt_4all_nocert.$alg_fn]
179 string eq $expected $result
183 restore_env2 {OPENSSL_CONF CRYPT_PARAMS}