Public_Skunkworks/singe
Public_Skunkworks/singe
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity Actions
singe/thirdparty/openssl/gost-engine/tcl_tests/interop.try
Scott Duensing de6d5f1fe5 SSL and HTTPS now supported for scripts.
2023-11-16 22:15:24 -06:00

156 lines
5.8 KiB
Tcl
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/tclsh
proc make_fn {alg} {
return [string map {":" "_"} $alg]
}
if {[info exists env(PKG_PATH)]} {
lappend auto_path $env(PKG_PATH)
} else {
lappend auto_path [file dirname [info script]]
}
if {![info exists env(OTHER_DIR)]} {
puts stderr "Environment variable OTHER_DIR not set"
exit 1
} else {
set data_dir $env(OTHER_DIR)
}
if {[file normalize $data_dir] == "[pwd]"} {
set suffix _bck
} elseif {[file normalize $data_dir] == [file normalize [pwd]/../OtherVersion]} {
set suffix _oth
} else {
set suffix _fwd
}
package require ossltest
#cd z
set ::test::suffix $suffix
cd $::test::dir
start_tests "Интероперабельность, сравнение с $data_dir"
if {[info exists env(ALG_LIST)]} {
set alg_list $env(ALG_LIST)
} else {
set alg_list {gost2001:A gost2001:B gost2001:C gost2012_256:A gost2012_256:B gost2012_256:C gost2012_512:A gost2012_512:B}
}
if {[info exist env(ENC_LIST)]} {
set enc_list $env(ENC_LIST)
} else {
set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 gost2001:XA: gost2012_256:XA:1.2.643.2.2.31.1 gost2012_256:XB:1.2.643.7.1.2.5.1.1 gost2012_256:XA: gost2012_512:A:1.2.643.2.2.31.3 gost2012_512:B:1.2.643.7.1.2.5.1.1 gost2012_512:A:}
}
test -createsfiles cfb2.$suffix\
"Расшифрование текста, зашифрованного на пароле в режиме CFB" {
set plain [getFile $data_dir/enc2.dat]
openssl "enc -gost89 -d -in $data_dir/cfb2.enc -out cfb2.$suffix -k 1234567890 -p"
set result [getFile cfb2.$suffix]
expr {[string equal $plain $result]?1:$result}
} 0 1
test -createsfiles cnt2.$suffix\
"Расшифрование текста, зашифрованного на пароле в режиме CNT" {
set plain [getFile $data_dir/enc2.dat]
openssl "enc -gost89-cnt -d -in $data_dir/cnt2.enc -out cnt2.$suffix -k 1234567890 -p"
set result [getFile cnt2.$suffix]
expr {[string equal $plain $result]?1:$result}
} 0 1
test -createsfiles cbc2.$suffix\
"Расшифрование текста, зашифрованного на пароле в режиме CBC" {
set plain [getFile $data_dir/enc2.dat]
openssl "enc -gost89-cbc -d -in $data_dir/cbc2.enc -out cbc2.$suffix -k 1234567890 -p"
set result [getFile cbc2.$suffix]
expr {[string equal $plain $result]?1:$result}
} 0 1
save_env2 {CRYPT_PARAMS}
test -createsfiles cbc3.$suffix\
"Расшифрование текста, зашифрованного в режиме CBC с параметрами РИК 1" {
set plain [getFile $data_dir/enc2.dat]
set env(CRYPT_PARAMS) "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
openssl "enc -gost89-cbc -d -in $data_dir/cbc3.enc -out cbc3.$suffix -k 1234567890 -p"
set result [getFile cbc3.$suffix]
expr {[string equal $plain $result]?1:$result}
} 0 1
restore_env2 {CRYPT_PARAMS}
foreach alg $alg_list {
set alg_fn [string map {":" "_"} $alg]
set username $data_dir/U_smime_$alg_fn
set userdir $data_dir/U_smime_${alg_fn}
switch -glob $alg {
gost2012* {set CA_dir_suffix CA-2012}
* {set CA_dir_suffix CA}
}
test "Проверка заявки $alg" {
grep "verif" [openssl "req -verify -in $username/req.pem"]
} 0 {verify OK
}
test "Проверка сертификата $alg" {
grep "cert.pem" [openssl "verify -CAfile $data_dir/smime$CA_dir_suffix/cacert.pem $userdir/cert.pem"]
} 0 "$userdir/cert.pem: OK
"
test "Проверка CRL" {
grep verify [openssl "crl -in $data_dir/test.crl -noout -CAfile $data_dir/test_crl_cacert.pem"]
} 0 "verify OK
"
test "Проверка документа, подписанного $alg, smime" {
grep Veri [openssl "smime -verify -text -in $data_dir/sign_$alg_fn.msg -out verified.$suffix -CAfile $data_dir/smime$CA_dir_suffix/cacert.pem -certfile $username/cert.pem"]
} 0 "Verification successful
"
set username $data_dir/U_cms_$alg_fn
test "Проверка документа, подписанного $alg, cms" {
grep Veri [openssl "cms -verify -text -in $data_dir/cms_sign_$alg_fn.msg -out cms_verified.$suffix -CAfile $data_dir/cms$CA_dir_suffix/cacert.pem -certfile $username/cert.pem"]
} 0 "Verification successful
"
test -createsfiles [list extracted_cert.pem.$suffix extracted_key.pem.$suffix] "Разбираем pkcs12 c алгоритмом $alg" {
openssl "pkcs12 -in $data_dir/U_pkcs12_$alg_fn/pkcs12.p12 -nodes -out dump.pem.$suffix -password pass:12345"
set dump [getFile dump.pem.$suffix]
set lextr [regexp -all -inline "\n-----BEGIN .*?\n-----END \[^\n\]+-----\n" $dump]
list [llength $lextr] [expr {[lindex $lextr 0] eq "\n[getFile $data_dir/U_pkcs12_$alg_fn/cert.pem]"}] [expr {[lindex $lextr 1] eq "\n[openssl "pkcs8 -nocrypt -topk8 -in $data_dir/U_pkcs12_$alg_fn/seckey.pem"]"}]
} 0 {2 1 1}
}
save_env2 {CRYPT_PARAMS}
foreach enc_tuple $enc_list {
if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
set alg $enc_tuple
set crypt_param {}
}
if {[string length $crypt_param]} {
set env(CRYPT_PARAMS) $crypt_param
} else {
if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
}
set alg_fn [make_fn $enc_tuple]
set username U_enc_$alg_fn
test "Расшифрование документа на keyexchange $alg, smime" {
set expected [getFile $data_dir/encrypt.dat]
openssl "smime -decrypt -in $data_dir/enc_${alg_fn}.msg -recip $data_dir/U_enc_${alg_fn}/cert.pem -inkey $data_dir/U_enc_${alg_fn}/seckey.pem -out decrypt1.$alg_fn.$suffix"
set result [getFile decrypt1.$alg_fn.$suffix]
string eq $expected $result
} 0 1
test "Расшифрование документа на keyexchange $alg, cms" {
set expected [getFile $data_dir/encrypt.dat]
openssl "cms -decrypt -in $data_dir/cms_enc_${alg_fn}.msg -recip $data_dir/U_cms_enc_${alg_fn}/cert.pem -inkey $data_dir/U_cms_enc_${alg_fn}/seckey.pem -out cms_decrypt1.$alg_fn.$suffix"
set result [getFile cms_decrypt1.$alg_fn.$suffix]
string eq $expected $result
} 0 1
}
restore_env2 {CRYPT_PARAMS}
end_tests
Reference in a new issue View git blame Copy permalink