diff options
Diffstat (limited to 'tcl_tests/cms2.try')
-rw-r--r-- | tcl_tests/cms2.try | 207 |
1 files changed, 207 insertions, 0 deletions
diff --git a/tcl_tests/cms2.try b/tcl_tests/cms2.try new file mode 100644 index 0000000..1233d55 --- /dev/null +++ b/tcl_tests/cms2.try @@ -0,0 +1,207 @@ +#!/usr/bin/tclsh +# -*- coding: cp1251 -*- +lappend auto_path [file dirname [info script]] +package require ossltest +cd $::test::dir +start_tests "Тесты на команду cms - вторая подпись" + +test "Creating CA" { + makeCA +} 0 1 + +makeFile cms_signed2.dat "Test data for 2 signatures" + + +foreach length {256 512} { + +test "Creating users $length" { + makeRegisteredUser U_cms_1_$length gost2012_$length:A CN USER1_$length emailAddress test@cryptocom.ru + makeRegisteredUser U_cms_2_$length gost2012_$length:A CN USER2_$length emailAddress test@cryptocom.ru +} 0 1 + +test -createsfiles cms_signed2_1_$length.asn "Signing in DER format with 1st signature" { + openssl "cms -sign -binary -outform der -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.asn" + file isfile cms_signed2_1_$length.asn +} 0 1 + +test -createsfiles cms_signed2_2_$length.asn "Signing in DER format with 2nd signature" { + openssl "cms -resign -binary -outform der -inform der -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.asn -out cms_signed2_2_$length.asn" + file isfile cms_signed2_2_$length.asn +} 0 1 + +test -createsfiles {was_signed.dat signer.certs} "Verifying signature in DER format" { + grep "Verif" [openssl "cms -verify -inform der -in cms_signed2_2_$length.asn -noverify -signer signer.certs -out was_signed.dat"] +} 0 {Verification successful +} + +test "Signed data is extracted correctly" { + string eq [getFile cms_signed2.dat] [getFile was_signed.dat] +} 0 1 + +### Test extracted sertificates + +test "Extracting signer certificates" { + set i 0 + set subjs {} + set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]] + foreach cert $certs { + makeFile cert[incr i].pem $cert + lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]] + } + lsort $subjs +} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru +} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru +}" + +test -createsfiles cms_signed2_1_$length\_op.msg "Signing opaque in S/MIME format with 1st signature" { + openssl "cms -sign -binary -inform der -nodetach -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_op.msg" + file isfile cms_signed2_1_$length\_op.msg +} 0 1 + +test -createsfiles cms_signed2_2_$length\_op.msg "Signing opaque in S/MIME format with 2nd signature" { + openssl "cms -resign -binary -nodetach -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_op.msg -out cms_signed2_2_$length\_op.msg" + file isfile cms_signed2_2_$length\_op.msg +} 0 1 + +test -createsfiles {was_signed.dat signer.certs} "Verifying opaque signature in S/MIME format" { + grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_op.msg -noverify -signer signer.certs -out was_signed.dat"] +} 0 {Verification successful +} + +test "Signed data is extracted correctly" { + string eq [getFile cms_signed2.dat] [getFile was_signed.dat] +} 0 1 + +### Test extracted sertificates + +test "Extracting signer certificates" { + set i 0 + set subjs {} + set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]] + foreach cert $certs { + makeFile cert[incr i].pem $cert + lappend subjs [grep subject [openssl "x509 -in cert$i.pem -subject -noout"]] + } + lsort $subjs +} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru +} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru +}" + +test -createsfiles cms_signed2_1_$length\_det.asn "Signing detached in DER format with 1st signature" { + openssl "cms -sign -binary -outform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length\_det.asn" + file isfile cms_signed2_1_$length\_det.asn +} 0 1 + +test -createsfiles cms_signed2_2_$length\_det.asn "Signing detached in DER format with 2nd signature" { + openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length\_det.asn -content cms_signed2.dat -inform der -outform der -out cms_signed2_2_$length\_det.asn" + file isfile cms_signed2_2_$length\_det.asn +} 0 1 + +test -createsfiles {was_signed.dat signer.certs} "Verifying detached signature in DER format" { + grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length\_det.asn -noverify -signer signer.certs -out was_signed.dat -content signed2.dat -inform der"] +} 0 {Verification successful +} + +test "Signed data is extracted correctly" { + string eq [getFile cms_signed2.dat] [getFile was_signed.dat] +} 0 1 + +### Test extracted sertificates + +test "Extracting signer certificates" { + set i 0 + set subjs {} + set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]] + foreach cert $certs { + makeFile cert_asn[incr i].pem $cert + lappend subjs [grep subject [openssl "x509 -in cert_asn$i.pem -subject -noout"]] + } + lsort $subjs +} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru +} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru +}" + +test -createsfiles cms_signed2_1_$length.msg "Signing in S/MIME format with 1st signature" { + openssl "cms -sign -binary -inform der -inkey U_cms_1_$length/seckey.pem -signer U_cms_1_$length/cert.pem -in cms_signed2.dat -out cms_signed2_1_$length.msg" + file isfile cms_signed2_1_$length.msg +} 0 1 + +test -createsfiles cms_signed2_2_$length.msg "Signing in S/MIME format with 2nd signature" { + grep "SMIME" [openssl "cms -resign -binary -inkey U_cms_2_$length/seckey.pem -signer U_cms_2_$length/cert.pem -in cms_signed2_1_$length.msg -inform smime -out cms_signed2_2_$length.msg"] +} 0 "" + +test -createsfiles {was_signed.dat signer.certs} "Verifying signature in S/MIME format" { + grep "Verif" [openssl "cms -verify -in cms_signed2_2_$length.msg -noverify -signer signer.certs -out was_signed.dat -inform smime"] +} 0 {Verification successful +} + +test "Signed data is extracted correctly" { + string eq [getFile cms_signed2.dat] [getFile was_signed.dat] +} 0 1 + +### Test extracted sertificates + +test "Extracting signer certificates" { + set i 0 + set subjs {} + set certs [regexp -all -inline -- {-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----} [getFile signer.certs]] + foreach cert $certs { + makeFile cert_cms[incr i].pem $cert + lappend subjs [grep subject [openssl "x509 -in cert_cms$i.pem -subject -noout"]] + } + lsort $subjs +} 0 "{subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER1_$length, emailAddress = test@cryptocom.ru +} {subject=C = RU, O = Cryptocom, OU = OpenSSL Team, CN = USER2_$length, emailAddress = test@cryptocom.ru +}" + +} + + +test "Resigning in DER format with a unsuitable key length 512" { + openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.asn" +} 1 "no matching digest" + +test "Resigning in DER format with a unsuitable key length 256" { + openssl "cms -resign -binary -inform der -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.asn" +} 1 "no matching digest" + +test "Resigning opaque in S/MIME format with a unsuitable key length 512" { + openssl "cms -resign -binary -nodetach -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_op.msg" +} 1 "no matching digest" + +test "Resigning opaque in S/MIME format with a unsuitable key length 256" { + openssl "cms -resign -binary -nodetach -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_op.msg" +} 1 "no matching digest" + +test "Resigning detached in DER format with a unsuitable key length 512" { + openssl "cms -resign -binary -inform der -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256_det.asn -content cms_signed2.dat" +} 1 "no matching digest" + +test "Resigning detached in DER format with a unsuitable key length 256" { + openssl "cms -resign -binary -inform der -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512_det.asn -content cms_signed2.dat" +} 1 "no matching digest" + +test "Resigning in S/MIME format with a unsuitable key length 512" { + openssl "cms -resign -binary -inkey U_cms_2_512/seckey.pem -signer U_cms_2_512/cert.pem -in cms_signed2_1_256.msg" +} 1 "no matching digest" + +test "Resigning in S/MIME format with a unsuitable key length 256" { + openssl "cms -resign -binary -inkey U_cms_2_256/seckey.pem -signer U_cms_2_256/cert.pem -in cms_signed2_1_512.msg" +} 1 "no matching digest" + + +end_tests + + + +#./load_engine cms -sign -binary -outform der -inform der -nodetach -inkey certs/fstek.key -signer certs/fstek.crt -out cms_signed2 -in cms_signed1 +#./load_engine cms -verify -inform der -in cms_signed2 -noverify +#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss +#cat sss +#history +#vim sss +#./load_engine x509 -in sss sss2 +#./load_engine x509 -in sss +#./load_engine x509 -in sss -subject -noout +#./load_engine x509 -in sss2 -subject -noout +#./load_engine cms -verify -inform der -in cms_signed2 -noverify -signer sss -out qqq |