X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tcl_tests%2Fcmsenc.try;fp=tcl_tests%2Fcmsenc.try;h=66082265dbfce5f546488e71cd7d518e6acb6999;hb=3b8ddfe2f303b8931842e52bdb5c07c97042f651;hp=0000000000000000000000000000000000000000;hpb=e09d5a86fe1cb876b3c7cf5eb0d890f557b466d0;p=openssl-gost%2Fengine.git diff --git a/tcl_tests/cmsenc.try b/tcl_tests/cmsenc.try new file mode 100644 index 0000000..6608226 --- /dev/null +++ b/tcl_tests/cmsenc.try @@ -0,0 +1,190 @@ +#!/usr/bin/tclsh +# -*- coding: cp1251 -*- +lappend auto_path [file dirname [info script]] +package require ossltest +cd $::test::dir +set testname [file rootname [file tail $::argv0]] + +start_tests "Тесты на cms -encrypt" +proc make_fn {alg} { + return [string map {":" "_"} $alg] +} + +proc map {str list} { + set result {} + foreach a $list { + lappend result [subst $str] + } + return $result +} + +if {![file exist encrypt.dat]} { + makeFile encrypt.dat [string repeat "Test data to encrypt.\n" 100] +} + +if {![info exist env(NO_RSA)]} { +test "Creating RSA CA" { + makeCA ${testname}CA-RSA rsa:512 +} 0 1 + +foreach user {U_cms_enc_rsa_1 U_cms_enc_rsa_2} { +test "Make registered user $user" { + makeRegisteredUser $user rsa:512 CAname ${testname}CA-RSA +} 0 1 +} + + +test -createsfiles cms_enc_rsa.msg "RSA User 1 encrypts message for RSA user 2" { + openssl "cms -encrypt -in encrypt.dat -des -out cms_enc_rsa.msg U_cms_enc_rsa_2/cert.pem" + file isfile cms_enc_rsa.msg +} 0 1 + +test "RSA User 1 cannot decrypt message for RSA user 2" { + grep "Error" [openssl "cms -decrypt -in cms_enc_rsa.msg -recip U_cms_enc_rsa_1/cert.pem -inkey U_cms_enc_rsa_1/seckey.pem"] +} 1 {Error decrypting CMS} + +test -createsfiles cms_decrypt.rsa "RSA User 2 (with cert) can decrypt message for RSA user 2" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -in cms_enc_rsa.msg -recip U_cms_enc_rsa_2/cert.pem -inkey U_cms_enc_rsa_2/seckey.pem -out cms_decrypt.rsa" + set result [getFile cms_decrypt.rsa] + string eq $expected $result +} 0 1 + +test -createsfiles cms_decrypt_nocert.rsa "RSA User 2 (without cert) can decrypt message for RSA user 2" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -in cms_enc_rsa.msg -inkey U_cms_enc_rsa_2/seckey.pem -out cms_decrypt_nocert.rsa" + set result [getFile cms_decrypt_nocert.rsa] + string eq $expected $result +} 0 1 +} + +test "Creating CA 2001" { + makeCA ${testname}CA gost2001:A +} 0 1 + +test "Creating CA 2012" { + makeCA +} 0 1 + +if {[info exist env(ENC_LIST)]} { + set enc_list $env(ENC_LIST) +} else { + switch -exact [engine_name] { + "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}} + "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}} + } +} + +save_env2 {OPENSSL_CONF CRYPT_PARAMS} +makeFile cmsenc1.cnf [regsub -all "\n\\s*CRYPT_PARAMS\\s*=\[\^\n]*" [getConfig] ""] +set ::env(OPENSSL_CONF) [file join [pwd] cmsenc1.cnf] + +foreach enc_tuple $enc_list { + if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { + set alg $enc_tuple + set crypt_param {} + } + set alg_fn [make_fn $enc_tuple] + set username U_cms_enc_$alg_fn + switch -glob $alg { + gost2012* {set ::test::ca ${testname}CA-2012} + * {set ::test::ca ${testname}CA} + } + +test "Creating user $username with key $alg" { + makeRegisteredUser $username $alg + + if {![file exists $username/req.pem]&&[file exists $username/cert.pem]} { + file delete $username/cert.pem + } + file exists $username/cert.pem +} 0 1 + +if {[string length $crypt_param]} { + set env(CRYPT_PARAMS) $crypt_param +} else { + if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)} +} + +test -createsfiles cms_enc_$alg_fn.msg "Encrypting for $username" { + grep "rror" [openssl "cms -encrypt -in encrypt.dat -gost89 -out cms_enc_$alg_fn.msg U_cms_enc_$alg_fn/cert.pem"] +} 0 "" + +if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)} + +test -createsfiles cms_enc_$alg_fn.pem "Extracting CMS from encrypted structure for $username" { + openssl "cms -cmsout -out cms_enc_$alg_fn.pem -outform PEM -in cms_enc_$alg_fn.msg" + file isfile cms_enc_$alg_fn.pem +} 0 1 + +test -skip {![file exists cms_enc_$alg_fn.pem]} "Checking oids in pkcs7 structure for $username" { + extract_oids cms_enc_$alg_fn.pem PEM +} 0 [mkObjList [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] "GOST 28147-89" [encr_long_name $crypt_param]] + +test -createsfiles cms_decrypt.$alg_fn "Decrypting file encrypted for $username" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -in cms_enc_$alg_fn.msg -recip U_cms_enc_$alg_fn/cert.pem -inkey U_cms_enc_$alg_fn/seckey.pem -out cms_decrypt.$alg_fn" + set result [getFile cms_decrypt.$alg_fn] + string eq $expected $result +} 0 1 + +if {[string length $crypt_param]} { + set env(CRYPT_PARAMS) $crypt_param +} else { + if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)} +} + +test -createsfiles cms_enc_t_$alg_fn.msg "Encrypting for $username - text format" { + grep "rror" [openssl "cms -encrypt -text -in encrypt.dat -gost89 -out cms_enc_t_$alg_fn.msg U_cms_enc_$alg_fn/cert.pem"] +} 0 "" + +if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)} + +test -createsfiles cms_decrypt_t.$alg_fn "Decrypting file text-encrypted for $username" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -text -in cms_enc_t_$alg_fn.msg -recip U_cms_enc_$alg_fn/cert.pem -inkey U_cms_enc_$alg_fn/seckey.pem -out cms_decrypt_t.$alg_fn" + set result [getFile cms_decrypt_t.$alg_fn] + string eq $expected $result +} 0 1 + +test -createsfiles cms_decrypt_t_nocert.$alg_fn "Decrypting file text-encrypted for $username without cert" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -text -in cms_enc_t_$alg_fn.msg -inkey U_cms_enc_$alg_fn/seckey.pem -out cms_decrypt_t_nocert.$alg_fn" + set result [getFile cms_decrypt_t_nocert.$alg_fn] + string eq $expected $result +} 0 1 + +} + + +test -createfiles cms_enc_4all "Encrypt for all" { + grep "rror" [openssl "cms -encrypt -in encrypt.dat -gost89 -out cms_enc_4all.msg [map {U_cms_enc_[make_fn $a]/cert.pem} $enc_list]"] +} 0 "" + +foreach enc_tuple $enc_list { + if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} { + set alg $enc_tuple + set crypt_param {} + } + set alg_fn [make_fn $enc_tuple] + set username U_cms_enc_$alg_fn + +test -skip {![file exists cms_enc_4all.msg]} -createsfiles cms_decrypt_4all.$alg_fn "Decrypting gost-encrypted file, recipient $alg_fn" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -in cms_enc_4all.msg -recip $username/cert.pem -inkey $username/seckey.pem -out cms_decrypt_4all.$alg_fn" + set result [getFile cms_decrypt_4all.$alg_fn] + string eq $expected $result +} 0 1 + +test -skip {![file exists cms_enc_4all.msg]} -createsfiles cms_decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" { + set expected [getFile encrypt.dat] + openssl "cms -decrypt -in cms_enc_4all.msg -inkey $username/seckey.pem -out cms_decrypt_4all_nocert.$alg_fn" + set result [getFile cms_decrypt_4all_nocert.$alg_fn] + string eq $expected $result +} 0 1 + +} + +restore_env2 {OPENSSL_CONF CRYPT_PARAMS} + +end_tests