aboutsummaryrefslogtreecommitdiff
path: root/tcl_tests/cms2.try
diff options
context:
space:
mode:
authorDmitry Belyavskiy <beldmit@gmail.com>2019-11-10 04:30:14 +0300
committerDmitry Belyavskiy <beldmit@users.noreply.github.com>2020-01-12 00:20:37 +0300
commit3b8ddfe2f303b8931842e52bdb5c07c97042f651 (patch)
treebfebf3f9306a4064f35a2510100623d8577e1dfb /tcl_tests/cms2.try
parente09d5a86fe1cb876b3c7cf5eb0d890f557b466d0 (diff)
downloadgost-engine-3b8ddfe2f303b8931842e52bdb5c07c97042f651.zip
gost-engine-3b8ddfe2f303b8931842e52bdb5c07c97042f651.tar.gz
gost-engine-3b8ddfe2f303b8931842e52bdb5c07c97042f651.tar.bz2
tcl_tests: Add TCL tests files
All source files are converted from cp1251 to utf-8.
Diffstat (limited to 'tcl_tests/cms2.try')
-rw-r--r--tcl_tests/cms2.try207
1 files changed, 207 insertions, 0 deletions
diff --git a/tcl_tests/cms2.try b/tcl_tests/cms2.try
new file mode 100644
index 0000000..1233d55
--- /dev/null
+++ b/tcl_tests/cms2.try
@@ -0,0 +1,207 @@
+#!/usr/bin/tclsh
+# -*- coding: cp1251 -*-
+lappend auto_path [file dirname [info script]]
+package require ossltest
+cd $::test::dir
+start_tests "Тесты на команду cms - вторая подпись"
+
+test "Creating CA" {
+ makeCA
+} 0 1
+
+makeFile cms_signed2.dat "Test data for 2 signatures"
+
+
+foreach length {256 512} {
+
+test "Creating users $length" {
+ makeRegisteredUser U_cms_1_$length gost2012_$length:A CN USER1_$length emailAddress test@cryptocom.ru
+ makeRegisteredUser U_cms_2_$length gost2012_$length:A CN USER2_$length emailAddress test@cryptocom.ru
+} 0 1
+
+test -createsfiles cms_signed2_1_$length.asn "Signing in DER format with 1st signature" {
+ openssl "cms -sign -binary -outform der -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.asn"
+ file isfile cms_signed2_1_$length.asn
+} 0 1
+
+test -createsfiles cms_signed2_2_$length.asn "Signing in DER format with 2nd signature" {
+ openssl "cms -resign -binary -outform der -inform der -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.asn -out cms_signed2_2_$length.asn"
+ file isfile cms_signed2_2_$length.asn
+} 0 1
+
+test -createsfiles {was_signed.dat signer.certs} "Verifying signature in DER format" {
+ grep "Verif" [openssl "cms -verify -inform der -in cms_signed2_2_$length.asn -noverify -signer signer.certs -out was_signed.dat"]
+} 0 {Verification successful
+}
+
+test "Signed data is extracted correctly" {
+ string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
+} 0 1
+
+### Test extracted sertificates
+
+test "Extracting signer certificates" {
+ set i 0
+ set subjs {}
+ set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
+ foreach cert $certs {
+ makeFile cert[incr i].pem $cert
+ lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
+ }
+ lsort $subjs
+} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
+} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
+}"
+
+test -createsfiles cms_signed2_1_$length\_op.msg "Signing opaque in S/MIME format with 1st signature" {
+ openssl "cms -sign -binary -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_op.msg"
+ file isfile cms_signed2_1_$length\_op.msg
+} 0 1
+
+test -createsfiles cms_signed2_2_$length\_op.msg "Signing opaque in S/MIME format with 2nd signature" {
+ openssl "cms -resign -binary -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_op.msg -out cms_signed2_2_$length\_op.msg"
+ file isfile cms_signed2_2_$length\_op.msg
+} 0 1
+
+test -createsfiles {was_signed.dat signer.certs} "Verifying opaque signature in S/MIME format" {
+ grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_op.msg -noverify -signer signer.certs -out was_signed.dat"]
+} 0 {Verification successful
+}
+
+test "Signed data is extracted correctly" {
+ string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
+} 0 1
+
+### Test extracted sertificates
+
+test "Extracting signer certificates" {
+ set i 0
+ set subjs {}
+ set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
+ foreach cert $certs {
+ makeFile cert[incr i].pem $cert
+ lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]]
+ }
+ lsort $subjs
+} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
+} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
+}"
+
+test -createsfiles cms_signed2_1_$length\_det.asn "Signing detached in DER format with 1st signature" {
+ openssl "cms -sign -binary -outform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_det.asn"
+ file isfile cms_signed2_1_$length\_det.asn
+} 0 1
+
+test -createsfiles cms_signed2_2_$length\_det.asn "Signing detached in DER format with 2nd signature" {
+ openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_det.asn -content cms_signed2.dat -inform der -outform der -out cms_signed2_2_$length\_det.asn"
+ file isfile cms_signed2_2_$length\_det.asn
+} 0 1
+
+test -createsfiles {was_signed.dat signer.certs} "Verifying detached signature in DER format" {
+ grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_det.asn -noverify -signer signer.certs -out was_signed.dat -content signed2.dat -inform der"]
+} 0 {Verification successful
+}
+
+test "Signed data is extracted correctly" {
+ string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
+} 0 1
+
+### Test extracted sertificates
+
+test "Extracting signer certificates" {
+ set i 0
+ set subjs {}
+ set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
+ foreach cert $certs {
+ makeFile cert_asn[incr i].pem $cert
+ lappend subjs [grep subject [openssl "x509 -in cert_asn$i.pem -subject -noout"]]
+ }
+ lsort $subjs
+} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
+} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
+}"
+
+test -createsfiles cms_signed2_1_$length.msg "Signing in S/MIME format with 1st signature" {
+ openssl "cms -sign -binary -inform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.msg"
+ file isfile cms_signed2_1_$length.msg
+} 0 1
+
+test -createsfiles cms_signed2_2_$length.msg "Signing in S/MIME format with 2nd signature" {
+ grep "SMIME" [openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.msg -inform smime -out cms_signed2_2_$length.msg"]
+} 0 ""
+
+test -createsfiles {was_signed.dat signer.certs} "Verifying signature in S/MIME format" {
+ grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length.msg -noverify -signer signer.certs -out was_signed.dat -inform smime"]
+} 0 {Verification successful
+}
+
+test "Signed data is extracted correctly" {
+ string eq [getFile cms_signed2.dat] [getFile was_signed.dat]
+} 0 1
+
+### Test extracted sertificates
+
+test "Extracting signer certificates" {
+ set i 0
+ set subjs {}
+ set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]]
+ foreach cert $certs {
+ makeFile cert_cms[incr i].pem $cert
+ lappend subjs [grep subject [openssl "x509 -in cert_cms$i.pem -subject -noout"]]
+ }
+ lsort $subjs
+} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru
+} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru
+}"
+
+}
+
+
+test "Resigning in DER format with a unsuitable key length 512" {
+ openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.asn"
+} 1 "no matching digest"
+
+test "Resigning in DER format with a unsuitable key length 256" {
+ openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.asn"
+} 1 "no matching digest"
+
+test "Resigning opaque in S/MIME format with a unsuitable key length 512" {
+ openssl "cms -resign -binary -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_op.msg"
+} 1 "no matching digest"
+
+test "Resigning opaque in S/MIME format with a unsuitable key length 256" {
+ openssl "cms -resign -binary -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_op.msg"
+} 1 "no matching digest"
+
+test "Resigning detached in DER format with a unsuitable key length 512" {
+ openssl "cms -resign -binary -inform der -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_det.asn -content cms_signed2.dat"
+} 1 "no matching digest"
+
+test "Resigning detached in DER format with a unsuitable key length 256" {
+ openssl "cms -resign -binary -inform der -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_det.asn -content cms_signed2.dat"
+} 1 "no matching digest"
+
+test "Resigning in S/MIME format with a unsuitable key length 512" {
+ openssl "cms -resign -binary -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.msg"
+} 1 "no matching digest"
+
+test "Resigning in S/MIME format with a unsuitable key length 256" {
+ openssl "cms -resign -binary -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.msg"
+} 1 "no matching digest"
+
+
+end_tests
+
+
+
+#./load_engine cms -sign -binary -outform der -inform der -nodetach -inkey certs/fstek.key -signer certs/fstek.crt -out cms_signed2 -in cms_signed1
+#./load_engine cms -verify -inform der -in cms_signed2 -noverify
+#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss
+#cat sss
+#history
+#vim sss
+#./load_engine x509 -in sss sss2
+#./load_engine x509 -in sss
+#./load_engine x509 -in sss -subject -noout
+#./load_engine x509 -in sss2 -subject -noout
+#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss -out qqq
generated by cgit v1.1 at 2024-07-17 01:14:13 +0000