2 lappend auto_path [file dirname [info script]]
3 package require ossltest
6 set testname [file rootname [file tail $::argv0]]
8 start_tests "Тесты на cms -encrypt с участием эталонных серверов"
10 return [string map {":" "_"} $alg]
16 lappend result [subst $str]
21 if {![file exist encrypt.dat]} {
22 makeFile encrypt.dat [string repeat "Test data to encrypt.\n" 100]
25 #if {![info exist env(/NO_RSA)]} {
26 #test "Creating RSA CA" {
27 # makeCA ${testname}CA-RSA rsa:512
31 set ::test::ca cmsencCA-RSA
33 #foreach user {U_cms_enc_rsa_1 U_cms_enc_rsa_2} {
34 #test "Make registered user $user" {
35 # makeRegisteredUser $user rsa:512 CAname ${testname}CA-RSA
39 set hosts tls-ref-cp21
40 foreach hstname $hosts {
42 #test -createsfiles cms_enc_rsa.msg "RSA User 1 encrypts message for RSA user 2" {
43 # openssl "cms -encrypt -in encrypt.dat -des -out cms_enc_rsa.msg U_cms_enc_rsa_2/cert.pem"
44 # file isfile cms_enc_rsa.msg
47 test "RSA User 1 cannot decrypt message for RSA user 2" {
48 grep "Error" [openssl_remote "cms_enc_rsa.msg U_cms_enc_rsa_1" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -recip TESTPATH/U_cms_enc_rsa_1/cert.pem -inkey TESTPATH/U_cms_enc_rsa_1/seckey.pem" "rsa"]
49 } 1 {Error decrypting CMS}
51 test -skip {![file exists cms_decrypt.rsa]} "RSA User 2 (with cert) can decrypt message for RSA user 2" {
52 set expected [getFile encrypt.dat]
53 openssl_remote "U_cms_enc_rsa_2" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -recip TESTPATH/U_cms_enc_rsa_2/cert.pem -inkey TESTPATH/U_cms_enc_rsa_2/seckey.pem -out TESTPATH/cms_decrypt.rsa" "rsa"
54 set result [getFile cms_decrypt.rsa]
55 string eq $expected $result
58 test -skip{![file exists cms_decrypt_nocert.rsa]} "RSA User 2 (without cert) can decrypt message for RSA user 2" {
59 set expected [getFile encrypt.dat]
60 openssl_remote "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -inkey TESTPATH/U_cms_enc_rsa_2/seckey.pem -out TESTPATH/cms_decrypt_nocert.rsa" "rsa"
61 set result [getFile cms_decrypt_nocert.rsa]
62 string eq $expected $result
66 #test "Creating CA 2001" {
67 # makeCA ${testname}CA gost2001:A
70 #test "Creating CA 2012" {
75 set hosts [list tls-ref-cp21 tls-ref-cp20]
76 foreach hstname $hosts {
78 if {[info exist env(ENC_LIST)]} {
79 set enc_list $env(ENC_LIST)
81 switch -exact [engine_name] {
82 "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 }}
83 "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 }}
87 save_env2 {OPENSSL_CONF CRYPT_PARAMS}
88 makeFile cmsenc1.cnf [regsub -all "\n\\s*CRYPT_PARAMS\\s*=\[\^\n]*" [getConfig] ""]
89 set ::env(OPENSSL_CONF) [file join [pwd] cmsenc1.cnf]
91 foreach enc_tuple $enc_list {
92 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
96 set alg_fn [make_fn $enc_tuple]
97 set username U_cms_enc_$alg_fn
99 gost2012* {set ::test::ca cmsCA-2012}
100 * {set ::test::ca cmsCA}
103 #test "Creating user $username with key $alg" {
104 # makeRegisteredUser $username $alg
106 # if {![file exists $username/req.pem]&&[file exists $username/cert.pem]} {
107 # file delete $username/cert.pem
109 # file exists $username/cert.pem
112 if {[string length $crypt_param]} {
113 set env(CRYPT_PARAMS) $crypt_param
115 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
118 #test -createsfiles cms_enc_$alg_fn.msg "Encrypting for $username" {
119 # grep "rror" [openssl "cms -encrypt -in encrypt.dat -gost89 -out cms_enc_$alg_fn.msg U_cms_enc_$alg_fn/cert.pem"]
122 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
124 #test -createsfiles cms_enc_$alg_fn.pem "Extracting CMS from encrypted structure for $username" {
125 # openssl "cms -cmsout -out cms_enc_$alg_fn.pem -outform PEM -in cms_enc_$alg_fn.msg"
126 # file isfile cms_enc_$alg_fn.pem
129 #test -skip {![file exists cms_enc_$alg_fn.pem]} "Checking oids in pkcs7 structure for $username" {
130 # extract_oids cms_enc_$alg_fn.pem PEM
131 #} 0 [mkObjList [alg_id $alg] [param_pubkey $alg] [param_hash $alg] crypt89_cc [param_encr $crypt_param]]
133 #test "Decrypting file encrypted for $username" {
134 # set expected [getFile encrypt.dat]
135 # openssl_remote "$username U_cms_enc_$alg_fn cms_enc_$alg_fn.msg" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_$alg_fn.msg -recip TESTPATH/U_cms_enc_$alg_fn/cert.pem -inkey TESTPATH/U_cms_enc_$alg_fn/seckey.pem -out TESTPATH/cms_decrypt.$alg_fn" "$testname"
136 # set result [getRemoteFile "$hstname" "TESTPATH/cms_decrypt.$alg_fn" "$testname"]
137 # string eq $expected $result
140 test "Decrypting file encrypted for $username" {
141 set expected [getFile encrypt.dat]
142 set result [openssl_remote "$username U_cms_enc_$alg_fn cms_enc_$alg_fn.msg" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_$alg_fn.msg -recip TESTPATH/U_cms_enc_$alg_fn/cert.pem -inkey TESTPATH/U_cms_enc_$alg_fn/seckey.pem" "$testname"]
143 string eq $expected $result
146 if {[string length $crypt_param]} {
147 set env(CRYPT_PARAMS) $crypt_param
149 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
152 #test -createsfiles cms_enc_t_$alg_fn.msg "Encrypting for $username - text format" {
153 # grep "rror" [openssl "cms -encrypt -text -in encrypt.dat -gost89 -out cms_enc_t_$alg_fn.msg U_cms_enc_$alg_fn/cert.pem"]
156 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
158 test -createsfiles cms_decrypt_t.$alg_fn "Decrypting file text-encrypted for $username" {
159 set expected [getFile encrypt.dat]
160 set result [openssl_remote "cms_enc_t_$alg_fn.msg U_cms_enc_$alg_fn" "$hstname" "cms -decrypt -text -in TESTPATH/cms_enc_t_$alg_fn.msg -recip TESTPATH/U_cms_enc_$alg_fn/cert.pem -inkey TESTPATH/U_cms_enc_$alg_fn/seckey.pem" "$testname"]
161 string eq $expected $result
164 test -createsfiles cms_decrypt_t_nocert.$alg_fn "Decrypting file text-encrypted for $username without cert" {
165 set expected [getFile encrypt.dat]
166 set result [openssl_remote "cms_enc_t_$alg_fn.msg U_cms_enc_$alg_fn" "$hstname" "cms -decrypt -text -in TESTPATH/cms_enc_t_$alg_fn.msg -inkey TESTPATH/U_cms_enc_$alg_fn/seckey.pem" "$testname"]
167 string eq $expected $result
173 #test -createfiles cms_enc_4all_old "Encrypt for all" {
174 # puts stdout $enc_list
175 # grep "rror" [openssl "cms -encrypt -in encrypt.dat -gost89 -out cms_enc_4all_old.msg [map {U_cms_enc_[make_fn $a]/cert.pem} $enc_list]"]
178 foreach enc_tuple $enc_list {
179 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
183 set alg_fn [make_fn $enc_tuple]
184 set username U_cms_enc_$alg_fn
186 if {[string length $crypt_param]} {
187 set env(CRYPT_PARAMS) $crypt_param
189 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
192 test -createfiles cms_enc_4all_old "Encrypt for all" {
193 grep "rror" [openssl "cms -encrypt -in encrypt.dat -gost89 -out cms_enc_4all_old.msg [map {U_cms_enc_[make_fn $a]/cert.pem} $enc_list]"]
196 test -skip {![file exists cms_enc_4all_old.msg]} "Decrypting gost-encrypted file, recipient $alg_fn" {
197 set expected [getFile encrypt.dat]
198 set result [openssl_remote "cms_enc_4all_old.msg $username" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_4all_old.msg -recip TESTPATH/$username/cert.pem -inkey TESTPATH/$username/seckey.pem" "$testname"]
199 string eq $expected $result
202 test -skip {![file exists cms_enc_4all_old.msg]} -createsfiles cms_decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" {
203 set expected [getFile encrypt.dat]
204 set result [openssl_remote "cms_enc_4all_old.msg $username" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_4all_old.msg -inkey TESTPATH/$username/seckey.pem" "$testname"]
205 string eq $expected $result
210 restore_env2 {OPENSSL_CONF CRYPT_PARAMS}
projects / openssl-gost / engine.git / blob