2 # -*- coding: cp1251 -*-
3 lappend auto_path [file dirname [info script]]
4 package require ossltest
7 set testname [file rootname [file tail $::argv0]]
9 start_tests "Тесты на cms -encrypt с участием эталонных серверов (шифрование на эталонниках)"
11 return [string map {":" "_"} $alg]
17 lappend result [subst $str]
22 if {![file exist encrypt.dat]} {
23 makeFile encrypt.dat [string repeat "Test data to encrypt.\n" 100]
26 #if {![info exist env(/NO_RSA)]} {
27 #test "Creating RSA CA" {
28 # makeCA ${testname}CA-RSA rsa:512
32 #set ::test::ca cmsencCA-RSA
34 #foreach user {U_cms_enc_rsa_1 U_cms_enc_rsa_2} {
35 #test "Make registered user $user" {
36 # makeRegisteredUser $user rsa:512 CAname ${testname}CA-RSA
40 #set hosts tls-ref-cp21
41 #foreach hstname $hosts {
43 #test -createsfiles cms_enc_rsa.msg "RSA User 1 encrypts message for RSA user 2" {
44 # openssl "cms -encrypt -in encrypt.dat -des -out cms_enc_rsa.msg U_cms_enc_rsa_2/cert.pem"
45 # file isfile cms_enc_rsa.msg
48 #test "RSA User 1 cannot decrypt message for RSA user 2" {
49 # grep "Error" [openssl_remote "cms_enc_rsa.msg U_cms_enc_rsa_1" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -recip TESTPATH/U_cms_enc_rsa_1/cert.pem -inkey TESTPATH/U_cms_enc_rsa_1/seckey.pem" "rsa"]
50 #} 1 {Error decrypting CMS}
52 #test -skip {![file exists cms_decrypt.rsa]} "RSA User 2 (with cert) can decrypt message for RSA user 2" {
53 # set expected [getFile encrypt.dat]
54 # openssl_remote "U_cms_enc_rsa_2" "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -recip TESTPATH/U_cms_enc_rsa_2/cert.pem -inkey TESTPATH/U_cms_enc_rsa_1/seckey.pem -out TESTPATH/cms_decrypt.rsa" "rsa"
55 # set result [getFile cms_decrypt.rsa]
56 # string eq $expected $result
59 #test -skip{![file exists cms_decrypt_nocert.rsa]} "RSA User 2 (without cert) can decrypt message for RSA user 2" {
60 # set expected [getFile encrypt.dat]
61 # openssl_remote "$hstname" "cms -decrypt -in TESTPATH/cms_enc_rsa.msg -inkey TESTPATH/U_cms_enc_rsa_2/seckey.pem -out TESTPATH/cms_decrypt_nocert.rsa" "rsa"
62 # set result [getFile cms_decrypt_nocert.rsa]
63 # string eq $expected $result
67 #test "Creating CA 2001" {
68 # makeCA ${testname}CA gost2001:A
71 #test "Creating CA 2012" {
76 set hosts [list tls-ref-cp21 tls-ref-cp20]
77 foreach hstname $hosts {
79 if {[info exist env(ENC_LIST)]} {
80 set enc_list $env(ENC_LIST)
82 switch -exact [engine_name] {
83 "ccore" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 }}
84 "open" {set enc_list {gost2001:XA:1.2.643.2.2.31.3 gost2001:XB:1.2.643.2.2.31.4 }}
88 save_env2 {OPENSSL_CONF CRYPT_PARAMS}
89 makeFile cmsenc1.cnf [regsub -all "\n\\s*CRYPT_PARAMS\\s*=\[\^\n]*" [getConfig] ""]
90 set ::env(OPENSSL_CONF) [file join [pwd] cmsenc1.cnf]
92 foreach enc_tuple $enc_list {
93 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
97 set alg_fn [make_fn $enc_tuple]
98 set username U_cms_enc_$alg_fn
100 gost2012* {set ::test::ca cmsencCA-2012}
101 * {set ::test::ca cmsencCA}
104 if {[string length $crypt_param]} {
105 set env(CRYPT_PARAMS) $crypt_param
107 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
110 test -createsfiles cms_enc_sc_$alg_fn.msg "Encrypting for $username" {
111 file mkdir 1_$hstname/$alg_fn
112 set res [open 1_$hstname/$alg_fn/cms_enc_sc_$alg_fn.msg w]
113 puts $res [openssl_remote "encrypt.dat $username $::test::ca" "$hstname" "cms -encrypt -in TESTPATH/encrypt.dat -gost89 TESTPATH/$username/cert.pem" "$testname"]
117 #if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
119 test "Decrypting file encrypted for $username" {
120 set expected [getFile encrypt.dat]
121 set result [openssl "cms -decrypt -in 1_$hstname/$alg_fn/cms_enc_sc_$alg_fn.msg -recip $username/cert.pem -inkey $username/seckey.pem"]
122 string eq $expected $result
125 if {[string length $crypt_param]} {
126 set env(CRYPT_PARAMS) $crypt_param
128 if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
131 test -createsfiles cms_enc_t_$alg_fn.msg "Encrypting for $username - text format" {
132 file mkdir 2_$hstname/$alg_fn
133 set res [open 2_$hstname/$alg_fn/cms_enc_sc_t_$alg_fn.msg w]
134 puts $res [openssl_remote "encrypt.dat $username $::test::ca" "$hstname" "cms -encrypt -text -in TESTPATH/encrypt.dat -gost89 TESTPATH/$username/cert.pem" "$testname"]
138 #if {[info exists env(CRYPT_PARAMS)]} {unset env(CRYPT_PARAMS)}
142 test "Decrypting file text-encrypted for $username" {
143 set expected [getFile encrypt.dat]
144 set result [openssl "cms -decrypt -text -in 2_$hstname/$alg_fn/cms_enc_sc_t_$alg_fn.msg -recip $username/cert.pem -inkey $username/seckey.pem"]
145 string eq $expected $result
148 test "Decrypting file text-encrypted for $username without cert" {
149 set expected [getFile encrypt.dat]
150 set result [openssl "cms -decrypt -text -in 2_$hstname/$alg_fn/cms_enc_sc_t_$alg_fn.msg -inkey $username/seckey.pem"]
151 string eq $expected $result
156 foreach enc_tuple $enc_list {
157 if {![regexp {^([^:]*:[^:]*):(.*)$} $enc_tuple -> alg crypt_param]} {
161 set alg_fn [make_fn $enc_tuple]
162 set username U_cms_enc_$alg_fn
164 # Не мапится $a, потому отваливаются тесты. Выяснить, почему
165 test "Encrypt for all" {
166 file mkdir 3_$hstname/$alg_fn
167 set res [open 3_$hstname/$alg_fn/cms_enc_4all_old.msg w]
168 puts $res [openssl_remote "encrypt.dat $username $::test::ca" "$hstname" "cms -encrypt -in TESTPATH/encrypt.dat -gost89 [map {TESTPATH/U_cms_enc_[make_fn $a]/cert.pem} $enc_list]" "$testname"]
172 test -skip {![file exists cms_enc_4all_old.msg]} "Decrypting gost-encrypted file, recipient $alg_fn" {
173 set expected [getFile encrypt.dat]
174 set result [openssl "cms -decrypt -in 3_$hstname/$alg_fn/cms_enc_4all_old.msg -recip $username/cert.pem -inkey $username/seckey.pem"]
175 string eq $expected $result
178 test -skip {![file exists cms_enc_4all_old.msg]} -createsfiles cms_decrypt_4all_nocert.$alg_fn "Decrypting gost-encrypted file without cert, recipient $alg_fn" {
179 set expected [getFile encrypt.dat]
180 set result [openssl "cms -decrypt -in 3_$hstname/$alg_fn/cms_enc_4all_old.msg -inkey $username/seckey.pem"]
181 string eq $expected $result
186 restore_env2 {OPENSSL_CONF CRYPT_PARAMS}