From c60fb20676ad9420e14e5d3377267c2bc620e6ea Mon Sep 17 00:00:00 2001
From: Vitaly Chikunov <vt@altlinux.org>
Date: Wed, 13 Nov 2019 23:08:33 +0300
Subject: [PATCH] tcl_tests: Fix and extend ca test

- Add more curves to test.
- Properly handle R 1323565.1.023-2018 (5.2.1.2) - absence of
  digestParamSet for some curves.
---
 tcl_tests/ca.try       | 18 +++++++++++++-----
 tcl_tests/ossltest.tcl | 19 ++++++++++++++++---
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/tcl_tests/ca.try b/tcl_tests/ca.try
index 6d76283..c5693bb 100644
--- a/tcl_tests/ca.try
+++ b/tcl_tests/ca.try
@@ -11,14 +11,22 @@ if {[info exists env(ALG_LIST)]} {
 } else {
 	switch -exact [engine_name] {
 		"ccore" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
-		"open" {set alg_pair_list {gost2001:A {gost2001:B} gost2012_256:A {gost2012_256:C} gost2012_512:B {gost2012_256:B gost2012_512:A}}}
+		"open" {
+			set alg_pair_list {
+				gost2001:A {gost2001:B}
+				gost2012_256:A {gost2012_256:B gost2012_512:B}
+				gost2012_256:TCA {gost2012_256:A gost2012_512:A}
+				gost2012_512:A {gost2012_256:A gost2012_256:TCA gost2012_512:A gost2012_512:C}
+				gost2012_512:C {gost2012_256:B gost2012_256:TCB gost2012_512:B gost2012_512:C}
+			}
+		}
 	}
 }
 
 foreach {ca_alg alg_list} $alg_pair_list {
 	set ca_alg_fn [string map {":" "_"} $ca_alg]
 
-test "Creating CA" { 
+test "Creating CA ($ca_alg)" {
 	makeCA ${testname}CA-$ca_alg_fn $ca_alg
 } 0 1
 
@@ -29,7 +37,7 @@ foreach alg $alg_list {
 	set userdir U_ca_${alg_fn}_for_${ca_alg_fn}
 
 #Depends on previous
-test "Creating user request" {
+test "Creating user request ($alg)" {
 	makeUser $userdir $alg
 } 0 1
 
@@ -110,12 +118,12 @@ test "Verifying revoked certificate" {
 test "Create a PKCS#7 structure from a certificate and CRL" {
 	openssl "crl2pkcs7 -in test.crl -certfile $userdir/cert.pem -out $userdir/p7.pem"
 	extract_oids $userdir/p7.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 test "Creates a PKCS#7 structure without CRL" {
 	openssl "crl2pkcs7 -nocrl -certfile $userdir/cert.pem -certfile $::test::ca/cacert.pem -out $userdir/p7_nocrl.pem"
 	extract_oids $userdir/p7_nocrl.pem PEM
-} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg]]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg]] [hash_with_sign_long_name $ca_alg]]
+} 0 [mkObjList [hash_with_sign_long_name $ca_alg] [alg_long_name $alg] [pubkey_long_name $alg] [param_hash_long_name [param_hash $alg] $alg]  [hash_with_sign_long_name $ca_alg] [hash_with_sign_long_name $ca_alg] [alg_long_name $ca_alg] [pubkey_long_name $ca_alg] [param_hash_long_name [param_hash $ca_alg] $ca_alg] [hash_with_sign_long_name $ca_alg]]
 
 }
 
diff --git a/tcl_tests/ossltest.tcl b/tcl_tests/ossltest.tcl
index fbd126a..a6f0283 100644
--- a/tcl_tests/ossltest.tcl
+++ b/tcl_tests/ossltest.tcl
@@ -543,7 +543,16 @@ proc param_pubkey {alg} {
 }
 
 
-proc param_hash_long_name {hash_alg} {
+proc param_hash_long_name {hash_alg {pk_alg {}}} {
+    # R 1323565.1.023-2018 (5.2.1.2) not recommends or forbids encoding
+    # hash oid into TC26 (2012) parameters in AlgorithmIdentifier, so
+    # this is removed.
+    # Note:
+    # Commit d47b346 reverts this behavior for 512-bit 0,A,B parameters
+    switch -glob $pk_alg {
+	gost2012_256:TC* {return}
+	gost2012_512:C {return}
+    }
     switch -glob $hash_alg {
         *hash_94 {return "id-GostR3411-94-CryptoProParamSet"}
         hash_12_256 {return "GOST R 34.11-2012 with 256 bit hash"}
@@ -569,17 +578,21 @@ proc pubkey_long_name {alg} {
 		gost2012_256:C {return "id-GostR3410-2001-CryptoPro-C-ParamSet"}
 		gost2012_256:XA {return "id-GostR3410-2001-CryptoPro-XchA-ParamSet"}
 		gost2012_256:XB {return "id-GostR3410-2001-CryptoPro-XchB-ParamSet"}
+		gost2012_256:TCA {return "GOST R 34.10-2012 (256 bit) ParamSet A"}
+		gost2012_256:TCB {return "GOST R 34.10-2012 (256 bit) ParamSet B"}
+		gost2012_256:TCC {return "GOST R 34.10-2012 (256 bit) ParamSet C"}
+		gost2012_256:TCD {return "GOST R 34.10-2012 (256 bit) ParamSet D"}
 		#gost2012_512:0 {return param_pubkey12_512_0}
 		gost2012_512:A {return 	"GOST R 34.10-2012 (512 bit) ParamSet A"}
 		gost2012_512:B {return 	"GOST R 34.10-2012 (512 bit) ParamSet B"}
+		gost2012_512:C {return  "GOST R 34.10-2012 (512 bit) ParamSet C"}
 	}
 }
 
-
-
 proc mkObjList {args} {
 	set out ""
 	foreach name $args {
+		if {$name eq {}} continue
 		append out " OBJECT            :$name\n"
 	}
 	return $out
-- 
2.39.2