diff options
Diffstat (limited to 'tests/cert-tests')
| -rw-r--r-- | tests/cert-tests/Makefile.am | 19 | ||||
| -rw-r--r-- | tests/cert-tests/data/gost-cert-nogost.pem | 45 | ||||
| -rw-r--r-- | tests/cert-tests/data/gost-cert.pem | 20 | ||||
| -rw-r--r-- | tests/cert-tests/data/gost01.p12 | bin | 0 -> 1047 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/gost12-2.p12 | bin | 0 -> 1454 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/gost12.p12 | bin | 0 -> 1454 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/gost94-cert.pem | 33 | ||||
| -rw-r--r-- | tests/cert-tests/data/rfc4490.p7b | bin | 0 -> 300 bytes | |||
| -rw-r--r-- | tests/cert-tests/data/rfc4490.p7b.out | 14 | ||||
| -rwxr-xr-x | tests/cert-tests/gost | 103 | ||||
| -rwxr-xr-x | tests/cert-tests/pem-decoding | 27 | ||||
| -rwxr-xr-x | tests/cert-tests/pkcs12-gost | 86 | ||||
| -rwxr-xr-x | tests/cert-tests/pkcs7 | 30 |
13 files changed, 370 insertions, 7 deletions
diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 150681e325..ff38b23bc4 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -43,7 +43,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/template-krb5name.pem data/template-krb5name-full.pem data/template-test-ecc.key \ data/template-rsa-sha3-256.pem data/template-rsa-sha3-512.pem data/template-rsa-sha3-224.pem \ data/template-rsa-sha3-384.pem data/long-oids.pem \ - data/name-constraints-ip2.pem data/chain-md5.pem data/gost-cert.pem \ + data/name-constraints-ip2.pem data/chain-md5.pem \ + data/gost-cert.pem data/gost-cert-nogost.pem data/gost94-cert.pem \ templates/template-tlsfeature.tmpl data/userid.pem data/cert-with-crl.p12 \ data/template-tlsfeature.pem data/template-tlsfeature.csr \ templates/template-tlsfeature-crq.tmpl templates/arb-extensions.tmpl data/arb-extensions.pem \ @@ -89,7 +90,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \ data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \ data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \ - data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt + data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \ + data/rfc4490.p7b data/rfc4490.p7b.out data/gost01.p12 data/gost12.p12 data/gost12-2.p12 dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ @@ -118,6 +120,13 @@ if ENABLE_DANE dist_check_SCRIPTS += dane endif +if ENABLE_GOST +dist_check_SCRIPTS += gost +if !WINDOWS +dist_check_SCRIPTS += pkcs12-gost +endif +endif + dist_check_SCRIPTS += certtool-rsa-pss certtool-eddsa TESTS = $(dist_check_SCRIPTS) @@ -141,5 +150,11 @@ if WINDOWS TESTS_ENVIRONMENT += WINDOWS=1 endif +if ENABLE_GOST +TESTS_ENVIRONMENT += ENABLE_GOST=1 +else +TESTS_ENVIRONMENT += ENABLE_GOST=0 +endif + distclean-local: rm -rf tmp-* *.tmp diff --git a/tests/cert-tests/data/gost-cert-nogost.pem b/tests/cert-tests/data/gost-cert-nogost.pem new file mode 100644 index 0000000000..bf280349fd --- /dev/null +++ b/tests/cert-tests/data/gost-cert-nogost.pem @@ -0,0 +1,45 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 011f + Issuer: CN=SuperPlat CA 01,OU=SuperPlat CA,O=SuperPlat,L=Moscow,ST=Russia,C=RU + Validity: + Not Before: Fri Aug 17 06:47:36 UTC 2012 + Not After: Sat Aug 17 06:47:36 UTC 2013 + Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU + Subject Public Key Algorithm: GOST R 34.10-2001 + Extensions: + Basic Constraints (not critical): + Certificate Authority (CA): FALSE + Unknown extension 2.16.840.1.113730.1.13 (not critical): + ASCII: ..OpenSSL Generated Certificate + Hexdump: 161d4f70656e53534c2047656e657261746564204365727469666963617465 + Subject Key Identifier (not critical): + 43fe227895724f4e3a74f264e4fd0b800c082e03 + Authority Key Identifier (not critical): + 9875a3b785c1641b23344d9bfbae0c2a256b44eb + Signature Algorithm: GOSTR341001 + Signature: + 8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35 + 61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35 + b2:43:1d:ed:b5:15:45:c7:10:38:41:28:68:29:62:20 + e6:92:8a:64:34:87:b8:b9:9f:ab:c8:04:6d:26:55:99 +Other Information: + Fingerprint: + sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771 + sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a + +-----BEGIN CERTIFICATE----- +MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN +BgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlTdXBlclBs +YXQxFTATBgNVBAsMDFN1cGVyUGxhdCBDQTEYMBYGA1UEAwwPU3VwZXJQbGF0IENB +IDAxMB4XDTEyMDgxNzA2NDczNloXDTEzMDgxNzA2NDczNlowfDELMAkGA1UEBhMC +UlUxDzANBgNVBAgMBlJ1c3NpYTEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlT +dXBlclBsYXQxHDAaBgNVBAsME1N1cGVyUGxhdCBUZXJtaW5hbHMxGTAXBgNVBAMM +EFN1cGVyVGVybTAwMDAwMDEwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIe +AQNDAARA69rbaWL2GSV1NVaWMSrWRX8d/frrwbVjJerPQKjyNeDYZxgSjTTp3dck +6fQLx2OjQsu6n+vdyBPQex/iwbJBV6N7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFEP+ +IniVck9OOnTyZOT9C4AMCC4DMB8GA1UdIwQYMBaAFJh1o7eFwWQbIzRNm/uuDCol +a0TrMAoGBiqFAwICAwUAA0EAjzck/b7wN9nzGlwxXjPvNWGTBwM9TegsGzmibNQv +hTWyQx3ttRVFxxA4QShoKWIg5pKKZDSHuLmfq8gEbSZVmQ== +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/gost-cert.pem b/tests/cert-tests/data/gost-cert.pem index edcdb9e8a6..1501f83c4c 100644 --- a/tests/cert-tests/data/gost-cert.pem +++ b/tests/cert-tests/data/gost-cert.pem @@ -6,7 +6,18 @@ X.509 Certificate Information: Not Before: Fri Aug 17 06:47:36 UTC 2012 Not After: Sat Aug 17 06:47:36 UTC 2013 Subject: CN=SuperTerm0000001,OU=SuperPlat Terminals,O=SuperPlat,L=Moscow,ST=Russia,C=RU - Subject Public Key Algorithm: 1.2.643.2.2.19 + Subject Public Key Algorithm: GOST R 34.10-2001 + Algorithm Security Level: High (256 bits) + Curve: CryptoPro-A + Digest: GOSTR341194 + ParamSet: CryptoPro-A + X: + 00:e0:35:f2:a8:40:cf:ea:25:63:b5:c1:eb:fa:fd:1d + 7f:45:d6:2a:31:96:56:35:75:25:19:f6:62:69:db:da + eb + Y: + 57:41:b2:c1:e2:1f:7b:d0:13:c8:dd:eb:9f:ba:cb:42 + a3:63:c7:0b:f4:e9:24:d7:dd:e9:34:8d:12:18:67:d8 Extensions: Basic Constraints (not critical): Certificate Authority (CA): FALSE @@ -17,7 +28,7 @@ X.509 Certificate Information: 43fe227895724f4e3a74f264e4fd0b800c082e03 Authority Key Identifier (not critical): 9875a3b785c1641b23344d9bfbae0c2a256b44eb - Signature Algorithm: 1.2.643.2.2.3 + Signature Algorithm: GOSTR341001 Signature: 8f:37:24:fd:be:f0:37:d9:f3:1a:5c:31:5e:33:ef:35 61:93:07:03:3d:4d:e8:2c:1b:39:a2:6c:d4:2f:85:35 @@ -27,6 +38,11 @@ Other Information: Fingerprint: sha1:621f34c4fdd7e93f9b8f18224ba0bcd1c63a4771 sha256:ac6ecf4e7a876edf3e61f538d6061353c2015bfbdf60370492f7404d7f09e13a + Public Key ID: + sha1:43757042dae9e9f5fa92cc2d2cbf4950f28a7bd0 + sha256:cee4a59e7803bafb101af8e39e5355d7895e3b85e7616fe624d48f2c51e8bdbf + Public Key PIN: + pin-sha256:zuSlnngDuvsQGvjjnlNV14leO4XnYW/mJNSPLFHovb8= -----BEGIN CERTIFICATE----- MIICXjCCAgugAwIBAgICAR8wCgYGKoUDAgIDBQAwdDELMAkGA1UEBhMCUlUxDzAN diff --git a/tests/cert-tests/data/gost01.p12 b/tests/cert-tests/data/gost01.p12 Binary files differnew file mode 100644 index 0000000000..1420fbc69a --- /dev/null +++ b/tests/cert-tests/data/gost01.p12 diff --git a/tests/cert-tests/data/gost12-2.p12 b/tests/cert-tests/data/gost12-2.p12 Binary files differnew file mode 100644 index 0000000000..d7b7a6249c --- /dev/null +++ b/tests/cert-tests/data/gost12-2.p12 diff --git a/tests/cert-tests/data/gost12.p12 b/tests/cert-tests/data/gost12.p12 Binary files differnew file mode 100644 index 0000000000..d7b7a6249c --- /dev/null +++ b/tests/cert-tests/data/gost12.p12 diff --git a/tests/cert-tests/data/gost94-cert.pem b/tests/cert-tests/data/gost94-cert.pem new file mode 100644 index 0000000000..f4d63fb9d1 --- /dev/null +++ b/tests/cert-tests/data/gost94-cert.pem @@ -0,0 +1,33 @@ +X.509 Certificate Information: + Version: 1 + Serial Number (hex): 230ee360469524cec70be494182e7eeb + Issuer: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example + Validity: + Not Before: Tue Aug 16 12:32:50 UTC 2005 + Not After: Sun Aug 16 12:32:50 UTC 2015 + Subject: EMAIL=GostR3410-94@example.com,C=RU,O=CryptoPro,CN=GostR3410-94 example + Subject Public Key Algorithm: 1.2.643.2.2.20 + Signature Algorithm: 1.2.643.2.2.4 + Signature: + 11:c7:08:7e:12:dc:02:f1:02:23:29:47:76:8f:47:2a + 81:83:50:e3:07:cc:f2:e4:31:23:89:42:c8:73:e1:de + 22:f7:85:f3:55:bd:94:ec:46:91:9c:67:ac:58:d7:05 + 2a:a7:8c:b7:85:2a:01:75:85:f7:d7:38:03:fb:cd:43 +Other Information: + Fingerprint: + sha1:d43782a1f943a966f4ea1ac96bd048fe68d4d951 + sha256:19260c765a2c820be3612dc0431c045d37570f8e4de58ba218f10a8eeb0d42d7 + +-----BEGIN CERTIFICATE----- +MIICCzCCAboCECMO42BGlSTOxwvklBgufuswCAYGKoUDAgIEMGkxHTAbBgNVBAMM +FEdvc3RSMzQxMC05NCBleGFtcGxlMRIwEAYDVQQKDAlDcnlwdG9Qcm8xCzAJBgNV +BAYTAlJVMScwJQYJKoZIhvcNAQkBFhhHb3N0UjM0MTAtOTRAZXhhbXBsZS5jb20w +HhcNMDUwODE2MTIzMjUwWhcNMTUwODE2MTIzMjUwWjBpMR0wGwYDVQQDDBRHb3N0 +UjM0MTAtOTQgZXhhbXBsZTESMBAGA1UECgwJQ3J5cHRvUHJvMQswCQYDVQQGEwJS +VTEnMCUGCSqGSIb3DQEJARYYR29zdFIzNDEwLTk0QGV4YW1wbGUuY29tMIGlMBwG +BiqFAwICFDASBgcqhQMCAiACBgcqhQMCAh4BA4GEAASBgLuEZuF5nls02CyAfxOo +GWZxV/6MVCUhR28wCyd3RpjG+0dVvrey85NsObVCNyaE4g0QiiQOHwxCTSs7ESuo +v2Y5MlyUi8Go/htjEvYJJYfMdRv05YmKCYJo01x3pg+2kBATjeM+fJyR1qwNCCw+ +eMG1wra3Gqgqi0WBkzIydvp7MAgGBiqFAwICBANBABHHCH4S3ALxAiMpR3aPRyqB +g1DjB8zy5DEjiULIc+HeIveF81W9lOxGkZxnrFjXBSqnjLeFKgF1hffXOAP7zUM= +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b Binary files differnew file mode 100644 index 0000000000..c6979804b8 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out new file mode 100644 index 0000000000..8237d70359 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b.out @@ -0,0 +1,14 @@ +Signers: + Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example + Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21 + Signature Algorithm: GOSTR341001 + +-----BEGIN PKCS7----- +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +-----END PKCS7----- diff --git a/tests/cert-tests/gost b/tests/cert-tests/gost new file mode 100755 index 0000000000..885c2fa5c7 --- /dev/null +++ b/tests/cert-tests/gost @@ -0,0 +1,103 @@ +#!/bin/sh + +# Copyright (C) 2016-2017 Free Software Foundation, Inc. +# +# Author: Dmitry Eremin-Solenikov +# +# This file is part of GnuTLS. +# +# The GnuTLS is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public License +# as published by the Free Software Foundation; either version 2.1 of +# the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/> + +#set -e + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" +TMPFILE=gost.$$.tmp +TMPCA=gost-ca.$$.tmp +TMPCAKEY=gost-ca-key.$$.tmp +TMPSUBCA=gost-subca.$$.tmp +TMPSUBCAKEY=gost-subca-key.$$.tmp +TMPKEY=gost-key.$$.tmp +TMPTEMPL=template.$$.tmp +TMPUSER=user.$$.tmp +VERIFYOUT=verify.$$.tmp + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if test "${GNUTLS_FORCE_FIPS_MODE}" = 1;then + echo "Cannot run in FIPS140-2 mode" + exit 77 +fi + +echo ca > $TMPTEMPL +echo "cn = GOST STREEBOG 256 CA" >> $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost12-512 --curve TC26-512-A > $TMPCAKEY 2>/dev/null +#"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-XchA > $TMPCAKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-self-signed --template $TMPTEMPL \ + --load-privkey $TMPCAKEY \ + --outfile $TMPCA \ + >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo ca > $TMPTEMPL +"${CERTTOOL}" --generate-privkey --key-type gost12-256 --curve CryptoPro-A > $TMPSUBCAKEY 2>/dev/null +echo "cn = GOST STREEBOG-256 Mid CA" >> $TMPTEMPL + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPCAKEY \ + --load-ca-certificate $TMPCA \ + --load-privkey $TMPSUBCAKEY \ + --outfile $TMPSUBCA \ + >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +echo "cn = End-user" > $TMPTEMPL + +"${CERTTOOL}" --generate-privkey --key-type gost01 --curve CryptoPro-XchA > $TMPKEY 2>/dev/null + +"${CERTTOOL}" -d 2 --generate-certificate --template $TMPTEMPL \ + --load-ca-privkey $TMPSUBCAKEY \ + --load-ca-certificate $TMPSUBCA \ + --load-privkey $TMPKEY \ + --outfile $TMPUSER >$TMPFILE 2>&1 + +if [ $? != 0 ]; then + cat $TMPFILE + exit 1 +fi + +cat $TMPUSER $TMPSUBCA $TMPCA > $TMPFILE +"${CERTTOOL}" --verify-chain <$TMPFILE > $VERIFYOUT + +if [ $? != 0 ]; then + cat $VERIFYOUT + exit 1 +fi + +rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE +rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY + +exit 0 diff --git a/tests/cert-tests/pem-decoding b/tests/cert-tests/pem-decoding index a31f412b48..0222ae72af 100755 --- a/tests/cert-tests/pem-decoding +++ b/tests/cert-tests/pem-decoding @@ -124,7 +124,13 @@ fi #check whether the cert with GOST parameters is decoded as expected -${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/gost-cert.pem" >${TMPFILE} +if test "${ENABLE_GOST}" = "1"; then + GOSTCERT="${srcdir}/data/gost-cert.pem" +else + GOSTCERT="${srcdir}/data/gost-cert-nogost.pem" +fi + +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${GOSTCERT}" >${TMPFILE} rc=$? if test "${rc}" != "0"; then @@ -132,7 +138,7 @@ if test "${rc}" != "0"; then exit ${rc} fi -${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/gost-cert.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost-cert.pem" +${DIFF} -u ${TMPFILE} "${GOSTCERT}" || ${DIFF} -u --strip-trailing-cr "${TMPFILE}" "${GOSTCERT}" rc=$? if test "${rc}" != "0"; then @@ -140,6 +146,23 @@ if test "${rc}" != "0"; then exit ${rc} fi +#check whether the cert with GOST 31.10/11-94 parameters is decoded as expected +${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/gost94-cert.pem" >${TMPFILE} +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 1" + exit ${rc} +fi + +${DIFF} -I 'Algorithm Security Level' ${TMPFILE} "${srcdir}/data/gost94-cert.pem" || ${DIFF} -I 'Algorithm Security Level' --strip-trailing-cr "${TMPFILE}" "${srcdir}/data/gost94-cert.pem" +rc=$? + +if test "${rc}" != "0"; then + echo "GOST94 cert decoding failed 2" + exit ${rc} +fi + ${VALGRIND} "${CERTTOOL}" --certificate-info --infile "${srcdir}/data/multi-value-dn.pem" >${TMPFILE} rc=$? diff --git a/tests/cert-tests/pkcs12-gost b/tests/cert-tests/pkcs12-gost new file mode 100755 index 0000000000..ee9318f750 --- /dev/null +++ b/tests/cert-tests/pkcs12-gost @@ -0,0 +1,86 @@ +#!/bin/sh + +# Copyright (C) 2018 Dmitry Eremin-Solenikov +# Copyright (C) 2016 Red Hat, Inc. +# +# This file is part of GnuTLS. +# +# GnuTLS is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 3 of the License, or (at +# your option) any later version. +# +# GnuTLS is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GnuTLS; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# This test cannot run under windows because it passes UTF8 data on command +# line. This seems not to work under windows. + +srcdir="${srcdir:-.}" +CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}" + +if ! test -x "${CERTTOOL}"; then + exit 77 +fi + +if ! test -z "${VALGRIND}"; then + VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=1" +fi + +DIFF="${DIFF:-diff}" +DEBUG="" + +TMPFILE=pkcs12-gost.$$.tmp +TMPFILE_PEM=pkcs12-gost.$$.tmp.pem + +echo "Testing decoding of known keys" +echo "==============================" + +ret=0 +for p12 in "gost01.p12 Пароль%20для%20PFX" "gost12.p12 Пароль%20для%20PFX" "gost12-2.p12 Пароль%20для%20PFX" ; do + set -- ${p12} + file="$1" + passwd=$(echo $2|sed 's/%20/ /g') + + if test "x$DEBUG" != "x"; then + ${VALGRIND} "${CERTTOOL}" -d 99 --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" + else + ${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "${passwd}" \ + --infile "${srcdir}/data/${file}" >/dev/null + fi + rc=$? + if test ${rc} != 0; then + echo "PKCS12 FATAL ${p12}" + exit 1 + fi +done + + +echo "" +echo "Testing encoding/decoding" +echo "=========================" + +${VALGRIND} "${CERTTOOL}" --pkcs-cipher=gost28147-tc26z --hash streebog-256 --to-p12 --password "Пароль для PFX" --p12-name "my-key" --load-certificate "${srcdir}/../certs/cert-ecc256.pem" --load-privkey "${srcdir}/../certs/ecc256.pem" --load-ca-certificate "${srcdir}/../certs/ca-cert-ecc.pem" --outder --outfile $TMPFILE >/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL encoding" + exit 1 +fi + +${VALGRIND} "${CERTTOOL}" --p12-info --inder --password "Пароль для PFX" --infile $TMPFILE >${TMPFILE_PEM} 2>/dev/null +rc=$? +if test ${rc} != 0; then + echo "PKCS12 FATAL decrypting/decoding" + exit 1 +fi + +rm -f "$TMPFILE" "$TMPFILE_PEM" + +exit 0 diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 9f6d59b0c1..c9ce1e4d27 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -39,7 +39,14 @@ OUTFILE2=out2-pkcs7.$$.tmp check_for_datefudge -for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b; do +if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1" +then + GOST_P7B="rfc4490.p7b" +else + GOST_P7B="" +fi + +for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? @@ -283,6 +290,27 @@ if test "${rc}" != "0"; then exit ${rc} fi +if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1" +then + FILE="gost01-signing" + ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} + fi + + FILE="gost01-signing-verify" + ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} + fi +fi + rm -f "${OUTFILE}" rm -f "${OUTFILE2}" |