From 9a422fd151ebadc5e20e394aaa6ef6b1ed62b688 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Sun, 24 Sep 2017 10:31:39 +0300 Subject: tests: expand pkcs7 test to also check GOST files Signed-off-by: Dmitry Eremin-Solenikov --- tests/cert-tests/Makefile.am | 3 ++- tests/cert-tests/data/rfc4490.p7b | Bin 0 -> 300 bytes tests/cert-tests/data/rfc4490.p7b.out | 14 ++++++++++++++ tests/cert-tests/pkcs7 | 30 +++++++++++++++++++++++++++++- 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 tests/cert-tests/data/rfc4490.p7b create mode 100644 tests/cert-tests/data/rfc4490.p7b.out diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 14e30d893b..ab1e2e4545 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -90,7 +90,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \ data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \ data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \ - data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt + data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \ + data/rfc4490.p7b data/rfc4490.p7b.out dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b new file mode 100644 index 0000000000..c6979804b8 Binary files /dev/null and b/tests/cert-tests/data/rfc4490.p7b differ diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out new file mode 100644 index 0000000000..8237d70359 --- /dev/null +++ b/tests/cert-tests/data/rfc4490.p7b.out @@ -0,0 +1,14 @@ +Signers: + Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example + Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21 + Signature Algorithm: GOSTR341001 + +-----BEGIN PKCS7----- +MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG +9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv +c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE +BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t +AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ +P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl +xlHbjbL0jHF+7XKp +-----END PKCS7----- diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7 index 9f6d59b0c1..c9ce1e4d27 100755 --- a/tests/cert-tests/pkcs7 +++ b/tests/cert-tests/pkcs7 @@ -39,7 +39,14 @@ OUTFILE2=out2-pkcs7.$$.tmp check_for_datefudge -for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b; do +if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1" +then + GOST_P7B="rfc4490.p7b" +else + GOST_P7B="" +fi + +for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}" rc=$? @@ -283,6 +290,27 @@ if test "${rc}" != "0"; then exit ${rc} fi +if test "x$ENABLE_GOST" = "x1" && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1" +then + FILE="gost01-signing" + ${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed" + exit ${rc} + fi + + FILE="gost01-signing-verify" + ${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}" + rc=$? + + if test "${rc}" != "0"; then + echo "${FILE}: PKCS7 struct signing failed verification" + exit ${rc} + fi +fi + rm -f "${OUTFILE}" rm -f "${OUTFILE2}" -- cgit v1.2.1