X-Git-Url: http://wagner.pp.ru/gitweb/?a=blobdiff_plain;f=tcl_tests%2Fwcli.try;fp=tcl_tests%2Fwcli.try;h=35ed5780fea719e1821fd3327002a3acf5f1af26;hb=3b8ddfe2f303b8931842e52bdb5c07c97042f651;hp=0000000000000000000000000000000000000000;hpb=e09d5a86fe1cb876b3c7cf5eb0d890f557b466d0;p=openssl-gost%2Fengine.git

diff --git a/tcl_tests/wcli.try b/tcl_tests/wcli.try
new file mode 100644
index 0000000..35ed578
--- /dev/null
+++ b/tcl_tests/wcli.try
@@ -0,0 +1,150 @@
+#!/usr/bin/tclsh
+# -*- coding: cp1251 -*-
+lappend auto_path [file dirname [info script]]
+package require ossltest
+
+#ÐÐµÑÐ²ÑÐ¹ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑ Ð·Ð°Ð´Ð°ÐµÑ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·ÑÐµÐ¼ÑÐ¹ ÑÐ°Ð¹ÑÐµÑÑÑÑÑ.
+#ÐÐ°ÑÐ¸Ð°Ð½Ñ p0 Ð½Ðµ Ð¿ÑÐµÐ´Ð½Ð°Ð·Ð½Ð°ÑÐµÐ½Ð° Ð´Ð»Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ñ Ð² Ð°Ð²ÑÐ¾Ð¼Ð°ÑÐ¸ÑÐµÑÐºÐ¸Ñ ÑÐµÑÑÐ°Ñ, ÑÐ°Ðº ÐºÐ°Ðº
+#Ð¼Ñ Ð½Ðµ Ð¼Ð¾Ð¶ÐµÐ¼ Ð¿ÑÐ¾Ð³ÑÐ°Ð¼Ð¼Ð½Ð¾ Ð¾ÑÐµÐ½Ð¸ÑÑ ÐºÐ¾ÑÑÐµÐºÑÐ½Ð¾ÑÑÑ ÑÐµÐ·ÑÐ»ÑÑÐ°ÑÐ°. ÐÑÐ¸ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°Ð½Ð¸Ð¸
+#ÑÑÐ¾Ð³Ð¾ Ð²Ð°ÑÐ¸Ð°Ð½ÑÐ° ÑÐµÑÑÑ Ð±ÑÐ´ÑÑ Ð³Ð°ÑÐ°Ð½ÑÐ¸ÑÐ¾Ð²Ð°Ð½Ð½Ð¾ ÑÐµÐ¹Ð»Ð¸ÑÑÑÑ, Ð¿Ð¾ÑÑÐ¾Ð¼Ñ Ð¸ÑÐ¿Ð¾Ð»ÑÐ·Ð¾Ð²Ð°ÑÑ 
+#ÐµÐ³Ð¾ ÑÐ»ÐµÐ´ÑÐµÑ ÑÐ¾Ð»ÑÐºÐ¾ Ð´Ð»Ñ ÑÑÑÐ½Ð¾Ð³Ð¾ Ð·Ð°Ð¿ÑÑÐºÐ° Ð¸ Ð²Ð½Ð¸Ð¼Ð°ÑÐµÐ»ÑÐ½Ð¾ ÑÐ¸ÑÐ°ÑÑ Ð»Ð¾Ð³Ð¸.
+array set cipher_name {
+	p8k GOST2012-KUZNYECHIK-KUZNYECHIKOMAC 
+	p8m GOST2012-MAGMA-MAGMAOMAC 
+	p2 GOST2012-GOST8912-GOST8912
+	p1 GOST2001-GOST89-GOST89
+	p20 GOST2012-NULL-GOST12
+	p10 GOST2001-NULL-GOST94
+	p0 {}  
+}
+proc cipher_openssl {sn} {return $::cipher_name($sn)}
+proc cipher_command_line_option {sn} {
+	if {$sn == "p0"} {
+		return $::cipher_name($sn)
+	} else {
+		return "-cipher $::cipher_name($sn)"
+	}
+}
+	
+proc ciphers_usage {} {
+	global cipher_name
+	set res {}
+	foreach name [array names cipher_name] {
+		append res [format "\t%-3s - %s\n" $name $cipher_name($name)]
+	}
+	return $res
+}
+
+# ÐÑÐ¾ÑÐ¾Ð¹ Ð¿Ð°ÑÐ°Ð¼ÐµÑÑ Ð·Ð°Ð´Ð°ÐµÑ ÑÐµÑÐ²ÑÑÐºÑ Ð·Ð½Ð°ÑÐµÐ½Ð¸Ð¹:
+#- Ð°Ð»Ð³Ð¾ÑÐ¸ÑÐ¼ ÐºÐ»ÑÑÐ° ÑÐµÑÐ²ÐµÑÐ°
+#- Ð¿Ð°ÑÐ°Ð¼ÐµÑÑÑ ÐºÐ»ÑÑÐ° ÑÐµÑÐ²ÐµÑÐ°
+#- ÑÐ¿Ð¸ÑÐ¾Ðº Ð¸Ð¼ÐµÐ½ ÐºÐ»Ð¸ÐµÐ½ÑÑÐºÐ¸Ñ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ¾Ð²
+#- Ð°Ð»Ð³Ð¾ÑÐ¸ÑÐ¼ ÐºÐ»ÑÑÐ° Ð£Ð¦ 
+array set alg_name {
+	5xa {gost2012_512 A {Xchg512A Sign512A} gost2012_512}
+	2xa {gost2012_256 XA {Xchg256A Sign256A} gost2012_256} 
+	1xa {gost2001 XA {XchgA SignA} gost2001}
+}
+proc alg_alg {sn} {return [lindex $::alg_name($sn) 0]}
+proc alg_crtdir {sn} {return [format "srv_%s_%s" [lindex $::alg_name($sn) 0] [lindex $::alg_name($sn) 1]]}
+proc alg_openssl {sn} {return [format "%s:%s" [lindex $::alg_name($sn) 0] [lindex $::alg_name($sn) 1]]}
+proc alg_certid_list {sn} {return [lindex $::alg_name($sn) 2]}
+proc alg_ca {sn} {return [lindex $::alg_name($sn) 3]}
+proc algs_usage {} {
+	global alg_name
+	set res {}
+	foreach name [array names alg_name] {
+		append res [format "\t%-3s - %s:%s\n" $name [lindex $alg_name($name) 0] [lindex $alg_name($name) 1]]
+	}
+	return $res
+}
+
+if {$argc < 1 || ![regexp {^([^-]+)-([^-]+)-([^-]+)-(.+)$} [lindex $argv 0] -> cipher alg tls host]} {
+	puts stderr "Usage $argv0 cipher-alg-tlsver-hostname \[s_server-option\]"
+	puts stderr "cipher:\n[ciphers_usage]"
+	puts stderr "alg:\n[algs_usage]"
+	puts stderr "tlsver: -tls* s_server option"
+	exit 1
+}
+set test::suffix "-$cipher-$alg-$tls-$host[lindex $argv 1]" 
+if {![regexp @ $host]} {
+	set host build@$host
+}	
+
+set CAhost lynx.lan.cryptocom.ru
+set CAprefix /cgi-bin/autoca 
+set mydir [file normalize [file dirname [info script]]]
+
+cd $::test::dir
+set http_tcl http.[info hostname].[clock seconds].[pid].tcl
+
+start_tests "CSP ÐºÐ»Ð¸ÐµÐ½Ñ ($cipher, $alg, $host) [lindex $argv 1]" 
+
+test  "ÐÐµÐ»Ð°ÐµÐ¼ ÐºÐ¾Ð¿Ð¸Ñ http.tcl Ð½Ð° $host" {
+	save_env2 {LD_LIBRARY_PATH OPENSSL_CONF}
+	catch {unset env(LD_LIBRARY_PATH)}
+	catch {unset env(OPENSSL_CONF)}
+	exec $env(CVS_RSH) $host "cat >$http_tcl" < $mydir/http.tcl
+	restore_env2 {LD_LIBRARY_PATH OPENSSL_CONF}
+	set copied 1
+} 0 1
+
+set crtdir [alg_crtdir $alg]
+
+test -platformex {![file exists $crtdir/cert.pem]} "ÐÐ¾Ð»ÑÑÐ°ÐµÐ¼ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°Ñ HTTPS-ÑÐµÑÐ²ÐµÑÐ°" {
+	if {![makeUser $crtdir [alg_openssl $alg] CN [info hostname]]} {
+		error "Request generation failed"
+	}
+	registerUserAtCA $crtdir $CAhost $CAprefix [alg_ca $alg]
+	file exists $crtdir/cert.pem
+} 0 1
+
+
+test -platformex {![file exists ca_[alg_ca $alg].pem]} "ÐÐ¾Ð»ÑÑÐ°ÐµÐ¼ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°Ñ CA" {
+	getCAcert $CAhost $CAprefix [alg_ca $alg]
+	file exists ca_[alg_ca $alg].pem
+} 0 1
+
+
+custom_client "$env(CVS_RSH) $host tclsh $http_tcl" \
+	{LD_LIBRARY_PATH OPENSSL_CONF}
+
+set server_args [concat [cipher_command_line_option $cipher] \
+	[list -bugs -msg -cert $crtdir/cert.pem -key $crtdir/seckey.pem	\
+	-CAfile ca_[alg_ca $alg].pem -www] -$tls [lindex $argv 1]]
+
+
+test -skip {![info exists copied]} "Ð¡ÐµÑÐ²ÐµÑ Ð½Ðµ ÑÑÐµÐ±ÑÐµÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ°" {
+	set list [client_server https://[info hostname]:4433 $server_args {}]
+	grep New, [lindex $list 0]
+} 0 "New, TLSv1/SSLv3, Cipher is [cipher_openssl $cipher]\n"
+
+
+test -skip {![info exists copied]} "Ð¡ÐµÑÐ²ÐµÑ ÑÑÐµÐ±ÑÐµÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°Ñ, ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°ÑÐ° Ð½ÐµÑ" {
+	set list [client_server \
+		[list https://[info hostname]:4433 no-such-cert-at-all] \
+		[concat $server_args {-Verify 2}] {}]
+	list [lindex $list 2] [lindex [split [lindex $list 1] " "] 0]
+} 0 [list 1 "0x80072f0c"]
+
+
+foreach alg_certid [alg_certid_list $alg] {
+	test -skip {![info exists copied]} \
+	"Ð¡ÐµÑÐ²ÐµÑ ÑÑÐµÐ±ÑÐµÑ ÑÐµÑÑÐ¸ÑÐ¸ÐºÐ°Ñ, ÐºÐ»Ð¸ÐµÐ½Ñ $alg_certid" {
+		set list [client_server \
+			[list https://[info hostname]:4433 $alg_certid] \
+		[	concat $server_args {-Verify 2}]  {}]
+		grep New, [lindex $list 0]
+	} 0 "New, TLSv1/SSLv3, Cipher is [cipher_openssl $cipher]\n"
+}
+
+test "Ð£Ð´Ð°Ð»ÑÐµÐ¼ ÐºÐ¾Ð¿Ð¸Ñ http.tcl Ð½Ð° $host" {
+	save_env2 {LD_LIBRARY_PATH OPENSSL_CONF}
+	catch {unset env(LD_LIBRARY_PATH)}
+	catch {unset env(OPENSSL_CONF)}
+	set rc [exec $env(CVS_RSH) $host rm -f $http_tcl]
+	restore_env2 {LD_LIBRARY_PATH OPENSSL_CONF}
+	set rc
+} 0 ""
+
+end_tests