tcl_tests: Fix and extend ca test

- Add more curves to test.
- Properly handle R 1323565.1.023-2018 (5.2.1.2) - absence of
  digestParamSet for some curves.

diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try
index 6d76283a22888c99198f78bdecd55f2d7c20e246..c5693bbda54abfc1a08800f8e9dae58f69488c8c 100644 (file)
--- a/tcl_tests/ca.try
+++ b/tcl_tests/ca.try
@@ -11,14 +11,22 @@ if {[info exists env(ALG_LIST)]} {
 } else {
        switch -exact [engine_name] {
                "ccore" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
-               "open" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
+               "open" {
+                       set alg_pair_list {
+                               gost2001:A {gost2001:B}
+                               gost2012_256:A {gost2012_256:B gost2012_512:B}
+                               gost2012_256:TCA {gost2012_256:A gost2012_512:A}
+                               gost2012_512:A {gost2012_256:A gost2012_256:TCA gost2012_512:A gost2012_512:C}
+                               gost2012_512:C {gost2012_256:B gost2012_256:TCB gost2012_512:B gost2012_512:C}
+                       }
+               }
        }
 }
 
 foreach {ca_alg alg_list} $alg_pair_list {
        set ca_alg_fn [string map {":" "_"} $ca_alg]
 
-test "Creating CA" { 
+test "Creating CA ($ca_alg)" {
        makeCA ${testname}CA-$ca_alg_fn $ca_alg
 } 0 1
 
@@ -29,7 +37,7 @@ foreach alg $alg_list {
        set userdir U_ca_${alg_fn}_for_${ca_alg_fn}
 
 #Depends on previous
-test "Creating user request" {
+test "Creating user request ($alg)" {
        makeUser $userdir $alg
 } 0 1
 
@@ -110,12 +118,12 @@ test "Verifying revoked certificate" {
 test "Create a PKCS#7 structure from a certificate and CRL" {
        openssl "crl2pkcs7 -in test.crl -certfile $userdir/cert.pem -out $userdir/p7.pem"
        extract_oids $userdir/p7.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 test "Creates a PKCS#7 structure without CRL" {
        openssl "crl2pkcs7 -nocrl -certfile $userdir/cert.pem -certfile $::test::ca/cacert.pem -out $userdir/p7_nocrl.pem"
        extract_oids $userdir/p7_nocrl.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg]] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg] $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 }
 

diff --git a/tcl_tests/ossltest.tcl b/tcl_tests/ossltest.tcl
index fbd126ad6f0fda6107a060d19b4eab792394ded7..a6f02836c09b80284b48701c88947f63833a8927 100644 (file)
--- a/tcl_tests/ossltest.tcl
+++ b/tcl_tests/ossltest.tcl
@@ -543,7 +543,16 @@ proc param_pubkey {alg} {
 }
 
 
-proc param_hash_long_name {hash_alg} {
+proc param_hash_long_name {hash_alg {pk_alg {}}} {
+    # R 1323565.1.023-2018 (5.2.1.2) not recommends or forbids encoding
+    # hash oid into TC26 (2012) parameters in AlgorithmIdentifier, so
+    # this is removed.
+    # Note:
+    # Commit d47b346 reverts this behavior for 512-bit 0,A,B parameters
+    switch -glob $pk_alg {
+       gost2012_256:TC* {return}
+       gost2012_512:C {return}
+    }
     switch -glob $hash_alg {
         *hash_94 {return "id-GostR3411-94-CryptoProParamSet"}
         hash_12_256 {return "GOST R 34.11-2012 with 256 bit hash"}
@@ -569,17 +578,21 @@ proc pubkey_long_name {alg} {
                gost2012_256:C {return "id-GostR3410-2001-CryptoPro-C-ParamSet"}
                gost2012_256:XA {return "id-GostR3410-2001-CryptoPro-XchA-ParamSet"}
                gost2012_256:XB {return "id-GostR3410-2001-CryptoPro-XchB-ParamSet"}
+               gost2012_256:TCA {return "GOST R 34.10-2012 (256 bit) ParamSet A"}
+               gost2012_256:TCB {return "GOST R 34.10-2012 (256 bit) ParamSet B"}
+               gost2012_256:TCC {return "GOST R 34.10-2012 (256 bit) ParamSet C"}
+               gost2012_256:TCD {return "GOST R 34.10-2012 (256 bit) ParamSet D"}
                #gost2012_512:0 {return param_pubkey12_512_0}
                gost2012_512:A {return  "GOST R 34.10-2012 (512 bit) ParamSet A"}
                gost2012_512:B {return  "GOST R 34.10-2012 (512 bit) ParamSet B"}
+               gost2012_512:C {return  "GOST R 34.10-2012 (512 bit) ParamSet C"}
        }
 }
 
-
-
 proc mkObjList {args} {
        set out ""
        foreach name $args {
+               if {$name eq {}} continue
                append out " OBJECT            :$name\n"
        }
        return $out