cert-tests/gost: add certificate with new GOSTParameters struct

Add certificate example using simplified (new) GOSTParameters structure.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 319acec39c0e9a9302402eb35739157488cc8cde..8944670dc4316dbf401c211abc287fa9e841fa05 100644 (file)
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -97,7 +97,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
        data/rfc4134-ca-rsa.pem data/rfc4134-4.5.p7b \
        data/key-gost01.p8 data/key-gost01-2.p8 data/key-gost01-2-enc.p8 \
        data/key-gost12-256.p8 data/key-gost12-256-2.p8 data/key-gost12-256-2-enc.p8 \
-       data/key-gost12-512.p8 data/grfc.crt
+       data/key-gost12-512.p8 data/grfc.crt data/gost-cert-ca.pem data/gost-cert-new.pem
 
 dist_check_SCRIPTS = pathlen aki invalid-sig email \
        pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \

diff --git a/tests/cert-tests/data/gost-cert-ca.pem b/tests/cert-tests/data/gost-cert-ca.pem
new file mode 100644 (file)
index 0000000..2816461
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert-ca.pem
@@ -0,0 +1,65 @@
+X.509 Certificate Information:
+       Version: 3
+       Serial Number (hex): 2b929d27439e7b085b2226481fe25b6a6bc7f7ee
+       Issuer: CN=Test CA
+       Validity:
+               Not Before: Mon Oct 07 18:51:37 UTC 2019
+               Not After: Fri Oct 02 18:51:42 UTC 2037
+       Subject: CN=Test CA
+       Subject Public Key Algorithm: GOST R 34.10-2012-512
+       Algorithm Security Level: Future (512 bits)
+               Curve:  TC26-512-A
+               Digest: STREEBOG-512
+               ParamSet: TC26-Z
+               X:
+                       b1:17:9e:1f:55:64:01:dd:03:09:12:17:8f:4a:38:e8
+                       21:37:b9:50:d8:ff:0a:59:89:a0:0e:af:a3:cb:dc:67
+                       f9:b8:4e:7f:b6:61:f0:7b:30:7b:39:53:f2:16:dd:ca
+                       87:9b:c9:c1:fe:76:72:a8:6c:8f:a9:2c:02:e7:6a:5c
+               Y:
+                       46:20:fd:e0:95:ae:b1:ba:82:c0:9f:d5:a2:3d:f7:af
+                       cc:79:84:e9:08:37:41:f0:84:d4:be:22:e1:0d:81:7b
+                       4b:c9:82:e6:8f:f9:4c:0f:dd:d6:a8:20:aa:d8:ad:c0
+                       49:3c:11:4c:0e:a6:8d:e5:7b:5c:28:f8:d5:6d:0c:0b
+       Extensions:
+               Basic Constraints (critical):
+                       Certificate Authority (CA): TRUE
+               Key Usage (critical):
+                       Digital signature.
+                       Certificate signing.
+                       CRL signing.
+               Subject Key Identifier (not critical):
+                       74cf59b3e174a809e4debf3b7ad63094343e5a4a
+       Signature Algorithm: GOSTR341012-512
+       Signature:
+               dc:07:df:59:f7:0c:84:1a:4d:88:3d:95:74:9e:60:d5
+               af:cf:23:7e:46:4b:1b:4f:be:f0:2c:da:8a:4b:eb:6c
+               f3:46:bc:62:02:55:f2:39:43:d5:9a:45:e7:f9:70:41
+               2c:1b:12:63:34:5a:19:20:65:31:29:33:b1:0c:f5:49
+               7d:12:67:a9:f8:e9:f3:fd:c5:2b:11:08:9f:b2:d7:0a
+               4f:3a:5c:a6:9d:30:7c:f0:7b:e7:2b:72:a7:e2:04:d2
+               9b:a7:f4:40:31:d2:ad:73:90:2d:60:80:2b:c3:da:c3
+               89:4d:dc:00:a9:01:5d:26:71:ff:1a:ac:80:3c:57:5b
+Other Information:
+       Fingerprint:
+               sha1:652264ab8efad9f4e17b41f84e52d5244c2752ab
+               sha256:47f73d42e8b14f5c940dbfaaa4f13a6f7e64c26d72c0aa094885c55eb53fb06e
+       Public Key ID:
+               sha1:74cf59b3e174a809e4debf3b7ad63094343e5a4a
+               sha256:df62d016d9bf5b4197e9fb6b18657a989597689c0fb7942a9c049cc0eef44def
+       Public Key PIN:
+               pin-sha256:32LQFtm/W0GX6ftrGGV6mJWXaJwPt5QqnAScwO70Te8=
+
+-----BEGIN CERTIFICATE-----
+MIIB6zCCAVegAwIBAgIUK5KdJ0OeewhbIiZIH+JbamvH9+4wCgYIKoUDBwEBAwMw
+EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcxODUxMzdaFw0zNzEwMDIxODUx
+NDJaMBIxEDAOBgNVBAMTB1Rlc3QgQ0EwgaAwFwYIKoUDBwEBAQIwCwYJKoUDBwEC
+AQIBA4GEAASBgFxq5wIsqY9sqHJ2/sHJm4fK3RbyUzl7MHvwYbZ/Trj5Z9zLo68O
+oIlZCv/YULk3Ieg4So8XEgkD3QFkVR+eF7ELDG3V+Chce+WNpg5METxJwK3YqiCo
+1t0PTPmP5oLJS3uBDeEivtSE8EE3COmEecyv9z2i1Z/AgrqxrpXg/SBGo0MwQTAP
+BgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHhgAwHQYDVR0OBBYEFHTPWbPh
+dKgJ5N6/O3rWMJQ0PlpKMAoGCCqFAwcBAQMDA4GBANwH31n3DIQaTYg9lXSeYNWv
+zyN+RksbT77wLNqKS+ts80a8YgJV8jlD1ZpF5/lwQSwbEmM0WhkgZTEpM7EM9Ul9
+Emep+Onz/cUrEQifstcKTzpcpp0wfPB75ytyp+IE0pun9EAx0q1zkC1ggCvD2sOJ
+TdwAqQFdJnH/GqyAPFdb
+-----END CERTIFICATE-----

diff --git a/tests/cert-tests/data/gost-cert-new.pem b/tests/cert-tests/data/gost-cert-new.pem
new file mode 100644 (file)
index 0000000..33fbb79
--- /dev/null
+++ b/tests/cert-tests/data/gost-cert-new.pem
@@ -0,0 +1,70 @@
+X.509 Certificate Information:
+       Version: 3
+       Serial Number (hex): 335ae5d57d3e9438e00c7a73e4cf38331345bfee
+       Issuer: CN=Test CA
+       Validity:
+               Not Before: Mon Oct 07 20:37:12 UTC 2019
+               Not After: Thu Oct 01 20:37:15 UTC 2037
+       Subject: CN=Test Server
+       Subject Public Key Algorithm: GOST R 34.10-2012-512
+       Algorithm Security Level: Future (512 bits)
+               Curve:  TC26-512-A
+               Digest: STREEBOG-512
+               ParamSet: TC26-Z
+               X:
+                       64:13:c4:c7:fc:9d:b1:20:7a:8a:f0:50:9e:c6:5f:72
+                       01:35:e0:fd:98:db:48:33:c0:96:a0:57:51:ea:09:c2
+                       14:f5:d1:90:d2:19:52:42:b9:b3:b1:cb:7d:94:b7:0b
+                       00:fa:4e:e0:bc:67:20:96:63:96:de:e8:89:66:f6:50
+               Y:
+                       6e:7b:a4:9f:0b:17:d1:ce:f9:ee:e2:e7:b4:4f:0e:ce
+                       6d:06:15:31:1f:05:69:da:bd:25:89:99:45:2a:32:d3
+                       55:81:e5:96:25:73:ab:6b:43:0c:84:70:9e:65:97:05
+                       1a:23:1f:a4:97:2e:0c:4f:15:cb:3a:1e:d2:95:46:4f
+       Extensions:
+               Basic Constraints (critical):
+                       Certificate Authority (CA): FALSE
+               Subject Alternative Name (not critical):
+                       DNSname: localhost
+               Key Purpose (not critical):
+                       TLS WWW Server.
+               Key Usage (critical):
+                       Digital signature.
+               Subject Key Identifier (not critical):
+                       04e41e66a4bf78e63e28bb34eed6956a20d47616
+               Authority Key Identifier (not critical):
+                       74cf59b3e174a809e4debf3b7ad63094343e5a4a
+       Signature Algorithm: GOSTR341012-512
+       Signature:
+               d2:3b:41:c0:58:3d:4b:4f:91:ca:e3:68:37:34:c7:bf
+               bd:4b:af:6d:40:ec:53:6f:73:a2:f2:ef:ad:bb:c2:c2
+               10:7e:39:a7:75:e3:1a:23:9c:b1:2e:ca:8e:04:34:22
+               94:0b:24:dc:d0:c8:a1:ec:3a:23:59:bb:0f:f4:87:e9
+               24:64:34:42:4e:8f:76:e8:c2:d4:b2:b7:4c:7d:b5:51
+               41:65:4d:6e:f3:29:89:8f:aa:76:b0:bc:a7:7d:56:21
+               88:46:b1:42:83:9a:7d:2c:45:c0:1c:bc:6a:0e:43:3d
+               09:6a:0e:3d:11:10:ce:ee:4c:3d:cc:d6:81:42:08:b9
+Other Information:
+       Fingerprint:
+               sha1:087e529deb0bc108e536c79fbaf6d9a67655caac
+               sha256:3ec70a1ba9610ef92429681a82f3d8da299dce0a54b9ecbabbe618de4bd79d3e
+       Public Key ID:
+               sha1:04e41e66a4bf78e63e28bb34eed6956a20d47616
+               sha256:59e05ec4906a8985d1f207a549c5eaa46258c086ab5c7759737686122e65674b
+       Public Key PIN:
+               pin-sha256:WeBexJBqiYXR8gelScXqpGJYwIarXHdZc3aGEi5lZ0s=
+
+-----BEGIN CERTIFICATE-----
+MIICOjCCAaagAwIBAgIUM1rl1X0+lDjgDHpz5M84MxNFv+4wCgYIKoUDBwEBAwMw
+EjEQMA4GA1UEAxMHVGVzdCBDQTAeFw0xOTEwMDcyMDM3MTJaFw0zNzEwMDEyMDM3
+MTVaMBYxFDASBgNVBAMTC1Rlc3QgU2VydmVyMIGgMBcGCCqFAwcBAQECMAsGCSqF
+AwcBAgECAQOBhAAEgYBQ9maJ6N6WY5YgZ7zgTvoAC7eUfcuxs7lCUhnSkNH1FMIJ
+6lFXoJbAM0jbmP3gNQFyX8aeUPCKeiCxnfzHxBNkT0aV0h46yxVPDC6XpB8jGgWX
+ZZ5whAxDa6tzJZblgVXTMipFmYklvdppBR8xFQZtzg5PtOfi7vnO0RcLn6R7bqOB
+jTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDATBgNVHSUE
+DDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB4AAMB0GA1UdDgQWBBQE5B5mpL94
+5j4ouzTu1pVqINR2FjAfBgNVHSMEGDAWgBR0z1mz4XSoCeTevzt61jCUND5aSjAK
+BggqhQMHAQEDAwOBgQDSO0HAWD1LT5HK42g3NMe/vUuvbUDsU29zovLvrbvCwhB+
+Oad14xojnLEuyo4ENCKUCyTc0Mih7DojWbsP9IfpJGQ0Qk6PdujC1LK3TH21UUFl
+TW7zKYmPqnawvKd9ViGIRrFCg5p9LEXAHLxqDkM9CWoOPREQzu5MPczWgUIIuQ==
+-----END CERTIFICATE-----

diff --git a/tests/cert-tests/gost b/tests/cert-tests/gost
index 28817af94239fc5ffd31e4c2de6bdaac4d1ea9cf..a29332cf137e3e12dab1db6147e63d99c0884aa8 100755 (executable)
--- a/tests/cert-tests/gost
+++ b/tests/cert-tests/gost
@@ -108,6 +108,34 @@ if ! cmp "${srcdir}"/data/grfc.crt $TMPFILE ; then
        exit 1
 fi
 
+"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-ca.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+       cat $TMPFILE
+       exit 1
+fi
+
+if ! cmp "${srcdir}"/data/gost-cert-ca.pem $TMPFILE ; then
+       cat $TMPFILE
+       exit 1
+fi
+
+"${CERTTOOL}" -i < "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+       cat $TMPFILE
+       exit 1
+fi
+
+if ! cmp "${srcdir}"/data/gost-cert-new.pem $TMPFILE ; then
+       cat $TMPFILE
+       exit 1
+fi
+
+"${CERTTOOL}" --verify --load-ca-certificate "${srcdir}"/data/gost-cert-ca.pem --infile "${srcdir}"/data/gost-cert-new.pem --outfile $TMPFILE
+if [ $? != 0 ]; then
+       cat $TMPFILE
+       exit 1
+fi
+
 rm -f $VERIFYOUT $TMPUSER $TMPCA $TMPSUBCA $TMPTEMPL $TMPFILE
 rm -f $TMPSUBCAKEY $TMPCAKEY $TMPKEY