diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2017-09-24 10:31:39 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2017-10-10 18:37:55 +0300 |
commit | 1726f39454021b149f645544af9f5151332ab7ca (patch) | |
tree | 9b4ce61a157fa46e1591c08da628b8c2eb0f4c57 | |
parent | b165b50595b608bbf7488f887e11df60ec70882b (diff) | |
download | gnutls-1726f39454021b149f645544af9f5151332ab7ca.tar.gz |
tests: expand pkcs7 test to also check GOST files
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | tests/cert-tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/cert-tests/data/rfc4490.p7b | bin | 0 -> 300 bytes | |||
-rw-r--r-- | tests/cert-tests/data/rfc4490.p7b.out | 14 | ||||
-rwxr-xr-x | tests/cert-tests/pkcs7 | 30 |
4 files changed, 45 insertions, 2 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 35fe6b702f..100ad85f3e 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -76,7 +76,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \ data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem data/chain-eddsa.pem \ data/pkcs7-chain-endcert-key.pem data/cert-rsa-pss.pem data/openssl-invalid-time-format.pem \ - data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s + data/cert-eddsa.pem data/pubkey-eddsa.pem data/pkcs7-eddsa-sig.p7s \ + data/rfc4490.p7b data/rfc4490.p7b.out dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b Binary files differnew file mode 100644 index 0000000000..c6979804b8 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out new file mode 100644 index 0000000000..8237d70359 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b.out @@ -0,0 +1,14 @@ +Signers: + Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example + Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21 + Signature Algorithm: GOSTR341001 + +-----BEGIN PKCS7----- +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +-----END PKCS7----- diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 9f6d59b0c1..3262277e69 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -39,7 +39,14 @@ OUTFILE2=out2-pkcs7.$$.tmp check_for_datefudge -for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b; do +if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1" +then + GOST_P7B="rfc4490.p7b" +else + GOST_P7B="" +fi + +for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? @@ -283,6 +290,27 @@ if test "${rc}" != "0"; then exit ${rc} fi +if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1" +then + FILE="gost01-signing" + ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} + fi + + FILE="gost01-signing-verify" + ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} + fi +fi + rm -f "${OUTFILE}" rm -f "${OUTFILE2}" |