X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;ds=sidebyside;f=tcl_tests%2Finterop.try;fp=tcl_tests%2Finterop.try;h=ffabc974fecd096000de44693b47da3627795247;hb=3b8ddfe2f303b8931842e52bdb5c07c97042f651;hp=0000000000000000000000000000000000000000;hpb=e09d5a86fe1cb876b3c7cf5eb0d890f557b466d0;p=openssl-gost%2Fengine.git

diff --git a/tcl_tests/interop.try b/tcl_tests/interop.try
new file mode 100644
index 0000000..ffabc97
--- /dev/null
+++ b/tcl_tests/interop.try
@@ -0,0 +1,156 @@
+#!/usr/bin/tclsh
+
+proc make_fn {alg} {
+	return [string map {":" "_"} $alg]
+}
+if {[info exists env(PKG_PATH)]} {
+	lappend auto_path $env(PKG_PATH)
+} else {	
+	lappend auto_path [file dirname [info script]]
+}
+if {![info exists env(OTHER_DIR)]} {
+   puts stderr "Environment variable OTHER_DIR not set"
+   exit 1
+} else {
+	set data_dir $env(OTHER_DIR)
+}	
+if {[file normalize $data_dir] == "[pwd]"} {
+	set suffix _bck 
+} elseif {[file normalize $data_dir] == [file normalize [pwd]/../OtherVersion]} {
+	set suffix _oth
+} else {
+	set suffix _fwd
+}	
+package require ossltest
+#cd z
+set ::test::suffix $suffix
+cd $::test::dir 
+start_tests "ÐÐ½ÑÐµÑÐ¾Ð¿ÐµÑÐ°Ð±ÐµÐ»ÑÐ½Ð¾ÑÑÑ, ÑÑÐ°Ð²Ð½ÐµÐ½Ð¸Ðµ Ñ $data_dir"
+
+if {[info exists env(ALG_LIST)]} {
+  set alg_list $env(ALG_LIST)
+} else {
+  set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}
+}
+if {[info exist env(ENC_LIST)]} {
+	set enc_list $env(ENC_LIST)
+} else {	
+	set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA:  gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}
+}
+
+test -createsfiles cfb2.$suffix\
+"Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ ÑÐµÐºÑÑÐ°, Ð·Ð°ÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð³Ð¾ Ð½Ð° Ð¿Ð°ÑÐ¾Ð»Ðµ Ð² ÑÐµÐ¶Ð¸Ð¼Ðµ CFB" {
+	set plain [getFile $data_dir/enc2.dat]
+	openssl "enc -gost89 -d -in $data_dir/cfb2.enc -out cfb2.$suffix -k 1234567890 -p"
+	set result [getFile cfb2.$suffix] 
+	expr  {[string equal $plain $result]?1:$result}
+} 0 1
+
+test -createsfiles cnt2.$suffix\
+"Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ ÑÐµÐºÑÑÐ°, Ð·Ð°ÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð³Ð¾ Ð½Ð° Ð¿Ð°ÑÐ¾Ð»Ðµ Ð² ÑÐµÐ¶Ð¸Ð¼Ðµ CNT" {
+	set plain [getFile $data_dir/enc2.dat]
+	openssl "enc -gost89-cnt -d -in $data_dir/cnt2.enc -out cnt2.$suffix -k 1234567890 -p"
+	set result [getFile cnt2.$suffix] 
+	expr  {[string equal $plain $result]?1:$result}
+} 0 1
+
+test -createsfiles cbc2.$suffix\
+"Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ ÑÐµÐºÑÑÐ°, Ð·Ð°ÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð³Ð¾ Ð½Ð° Ð¿Ð°ÑÐ¾Ð»Ðµ Ð² ÑÐµÐ¶Ð¸Ð¼Ðµ CBC" {
+	set plain [getFile $data_dir/enc2.dat]
+	openssl "enc -gost89-cbc -d -in $data_dir/cbc2.enc -out cbc2.$suffix -k 1234567890 -p"
+	set result [getFile cbc2.$suffix] 
+	expr  {[string equal $plain $result]?1:$result}
+} 0 1
+
+save_env2 {CRYPT_PARAMS}
+test -createsfiles cbc3.$suffix\
+"Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ ÑÐµÐºÑÑÐ°, Ð·Ð°ÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð½Ð¾Ð³Ð¾ Ð² ÑÐµÐ¶Ð¸Ð¼Ðµ CBC Ñ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÐ°Ð¼Ð¸ Ð ÐÐ 1" {
+	set plain [getFile $data_dir/enc2.dat]
+	set env(CRYPT_PARAMS) "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
+	openssl "enc -gost89-cbc -d -in $data_dir/cbc3.enc -out cbc3.$suffix -k 1234567890 -p"
+	set result [getFile cbc3.$suffix] 
+	expr  {[string equal $plain $result]?1:$result}
+} 0 1
+restore_env2 {CRYPT_PARAMS}
+
+
+foreach alg $alg_list {
+	set alg_fn [string map {":" "_"} $alg]
+	set username $data_dir/U_smime_$alg_fn
+	set userdir $data_dir/U_smime_${alg_fn}
+	switch -glob $alg {
+		gost2012* {set CA_dir_suffix CA-2012}
+		* {set CA_dir_suffix CA}
+	}
+
+
+test "ÐÑÐ¾Ð²ÐµÑÐºÐ° Ð·Ð°ÑÐ²ÐºÐ¸ $alg" {
+	grep "verif" [openssl "req -verify -in $username/req.pem"]
+} 0 {verify OK
+}
+
+test "ÐÑÐ¾Ð²ÐµÑÐºÐ° ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ° $alg" {
+	grep "cert.pem" [openssl "verify -CAfile $data_dir/smime$CA_dir_suffix/cacert.pem $userdir/cert.pem"]
+} 0 "$userdir/cert.pem: OK
+"
+
+test "ÐÑÐ¾Ð²ÐµÑÐºÐ° CRL" {
+	grep verify [openssl "crl -in $data_dir/test.crl -noout -CAfile $data_dir/test_crl_cacert.pem"]
+} 0 "verify OK
+"
+
+test "ÐÑÐ¾Ð²ÐµÑÐºÐ° Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ°, Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½Ð¾Ð³Ð¾ $alg, smime" {
+	grep Veri [openssl "smime -verify -text -in $data_dir/sign_$alg_fn.msg -out verified.$suffix -CAfile $data_dir/smime$CA_dir_suffix/cacert.pem -certfile $username/cert.pem"]
+} 0 "Verification successful
+"
+
+set username $data_dir/U_cms_$alg_fn
+test "ÐÑÐ¾Ð²ÐµÑÐºÐ° Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ°, Ð¿Ð¾Ð´Ð¿Ð¸ÑÐ°Ð½Ð½Ð¾Ð³Ð¾ $alg, cms" {
+	grep Veri [openssl "cms -verify -text -in $data_dir/cms_sign_$alg_fn.msg -out cms_verified.$suffix -CAfile $data_dir/cms$CA_dir_suffix/cacert.pem -certfile $username/cert.pem"]
+} 0 "Verification successful
+"
+
+test -createsfiles [list extracted_cert.pem.$suffix extracted_key.pem.$suffix] "Ð Ð°Ð·Ð±Ð¸ÑÐ°ÐµÐ¼ pkcs12 c Ð°Ð»Ð³Ð¾ÑÐ¸ÑÐ¼Ð¾Ð¼ $alg" {
+	openssl "pkcs12 -in $data_dir/U_pkcs12_$alg_fn/pkcs12.p12 -nodes -out dump.pem.$suffix -password pass:12345"
+	set dump [getFile dump.pem.$suffix]
+	set lextr [regexp -all -inline "\n-----BEGIN .*?\n-----END \[^\n\]+-----\n" $dump]
+	
+	list [llength $lextr] [expr {[lindex $lextr 0] eq "\n[getFile $data_dir/U_pkcs12_$alg_fn/cert.pem]"}] [expr {[lindex $lextr 1] eq "\n[openssl "pkcs8 -nocrypt -topk8 -in $data_dir/U_pkcs12_$alg_fn/seckey.pem"]"}]    
+	
+} 0 {2 1 1}
+
+
+} 
+
+save_env2 {CRYPT_PARAMS}
+foreach enc_tuple $enc_list {
+	if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
+		set alg $enc_tuple
+		set crypt_param {}
+	}
+	if {[string length $crypt_param]} {
+		set env(CRYPT_PARAMS) $crypt_param
+	} else {
+		if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
+	}
+	set alg_fn [make_fn $enc_tuple]
+	set username U_enc_$alg_fn
+
+test "Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ° Ð½Ð° keyexchange $alg, smime" {
+	set expected [getFile $data_dir/encrypt.dat]
+	openssl "smime -decrypt -in $data_dir/enc_${alg_fn}.msg -recip $data_dir/U_enc_${alg_fn}/cert.pem -inkey $data_dir/U_enc_${alg_fn}/seckey.pem -out decrypt1.$alg_fn.$suffix"
+	set result [getFile decrypt1.$alg_fn.$suffix]
+	string eq $expected $result
+} 0 1
+
+test "Ð Ð°ÑÑÐ¸ÑÑÐ¾Ð²Ð°Ð½Ð¸Ðµ Ð´Ð¾ÐºÑÐ¼ÐµÐ½ÑÐ° Ð½Ð° keyexchange $alg, cms" {
+	set expected [getFile $data_dir/encrypt.dat]
+	openssl "cms -decrypt -in $data_dir/cms_enc_${alg_fn}.msg -recip $data_dir/U_cms_enc_${alg_fn}/cert.pem -inkey $data_dir/U_cms_enc_${alg_fn}/seckey.pem -out cms_decrypt1.$alg_fn.$suffix"
+	set result [getFile cms_decrypt1.$alg_fn.$suffix]
+	string eq $expected $result
+} 0 1
+
+
+}
+restore_env2 {CRYPT_PARAMS}
+end_tests