} else {
switch -exact [engine_name] {
"ccore" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
- "open" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
+ "open" {
+ set alg_pair_list {
+ gost2001:A {gost2001:B}
+ gost2012_256:A {gost2012_256:B gost2012_512:B}
+ gost2012_256:TCA {gost2012_256:A gost2012_512:A}
+ gost2012_512:A {gost2012_256:A gost2012_256:TCA gost2012_512:A gost2012_512:C}
+ gost2012_512:C {gost2012_256:B gost2012_256:TCB gost2012_512:B gost2012_512:C}
+ }
+ }
}
}
foreach {ca_alg alg_list} $alg_pair_list {
set ca_alg_fn [string map {":" "_"} $ca_alg]
-test "Creating CA" {
+test "Creating CA ($ca_alg)" {
makeCA ${testname}CA-$ca_alg_fn $ca_alg
} 0 1
set userdir U_ca_${alg_fn}_for_${ca_alg_fn}
#Depends on previous
-test "Creating user request" {
+test "Creating user request ($alg)" {
makeUser $userdir $alg
} 0 1
"
test "Verifying CA certificate" {
- grep "(cacert.pem|error|OK)" [openssl "verify $::test::ca/cacert.pem"]
-} 1 "error $::test::ca/cacert.pem: verification failed
-STDERR CONTENTS:
-C = RU, L = Moscow, CN = Test CA $ca_alg, O = Cryptocom, OU = OpenSSL CA, emailAddress = openssl@cryptocom.ru
-error 18 at 0 depth lookup: self signed certificate"
-
-
+ grep "(cacert.pem|error|OK)" [openssl "verify -CAfile $::test::ca/cacert.pem $::test::ca/cacert.pem"]
+} 0 "$::test::ca/cacert.pem: OK
+"
test "Verifying certificate" {
grep "cert.pem" [openssl "verify -CAfile $::test::ca/cacert.pem $userdir/cert.pem"]
test "Create a PKCS#7 structure from a certificate and CRL" {
openssl "crl2pkcs7 -in test.crl -certfile $userdir/cert.pem -out $userdir/p7.pem"
extract_oids $userdir/p7.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
test "Creates a PKCS#7 structure without CRL" {
openssl "crl2pkcs7 -nocrl -certfile $userdir/cert.pem -certfile $::test::ca/cacert.pem -out $userdir/p7_nocrl.pem"
extract_oids $userdir/p7_nocrl.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg]] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg] $ca_alg] [hash_with_sign_long_name $ca_alg]]
}