tests: expand pkcs7 test to also check GOST files

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

4 files changed, 45 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 14e30d893b..ab1e2e4545 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -90,7 +90,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/pkcs8-pbes1-des-md5.pem data/pkcs8-invalid8.der data/key-invalid1.der \
 	data/key-invalid4.der data/key-invalid5.der data/key-invalid6.der \
 	data data/pkcs8-invalid9.der data/key-invalid2.der data/pkcs8-invalid10.der \
-	data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt
+	data/key-invalid3.der data/pkcs8-eddsa.pem data/pkcs8-eddsa.pem.txt \
+	data/rfc4490.p7b data/rfc4490.p7b.out
 
 dist_check_SCRIPTS = pathlen aki invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
diff --git a/tests/cert-tests/data/rfc4490.p7b b/tests/cert-tests/data/rfc4490.p7b
new file mode 100644
index 0000000000..c6979804b8
--- /dev/null
+++ b/tests/cert-tests/data/rfc4490.p7b
diff --git a/tests/cert-tests/data/rfc4490.p7b.out b/tests/cert-tests/data/rfc4490.p7b.out
new file mode 100644
index 0000000000..8237d70359
--- /dev/null
+++ b/tests/cert-tests/data/rfc4490.p7b.out
@@ -0,0 +1,14 @@
+Signers:
+	Signer's issuer DN: EMAIL=GostR3410-2001@example.com,C=RU,O=CryptoPro,CN=GostR3410-2001 example
+	Signer's serial: 2bf5c61ec211bd17c7dcd46266b42e21
+	Signature Algorithm: GOSTR341001
+
+-----BEGIN PKCS7-----
+MIIBKAYJKoZIhvcNAQcCoIIBGTCCARUCAQExDDAKBgYqhQMCAgkFADAbBgkqhkiG
+9w0BBwGgDgQMc2FtcGxlIHRleHQKMYHkMIHhAgEBMIGBMG0xHzAdBgNVBAMMFkdv
+c3RSMzQxMC0yMDAxIGV4YW1wbGUxEjAQBgNVBAoMCUNyeXB0b1BybzELMAkGA1UE
+BhMCUlUxKTAnBgkqhkiG9w0BCQEWGkdvc3RSMzQxMC0yMDAxQGV4YW1wbGUuY29t
+AhAr9cYewhG9F8fc1GJmtC4hMAoGBiqFAwICCQUAMAoGBiqFAwICEwUABEDAw0LZ
+P4/+JRERiHe/icPbg0IE1iD5aCqZ9v4wO+T0yPjVtNr74caRZzQfvKZ6DRJ7/RAl
+xlHbjbL0jHF+7XKp
+-----END PKCS7-----
diff --git a/tests/cert-tests/pkcs7 b/tests/cert-tests/pkcs7
index 9f6d59b0c1..c9ce1e4d27 100755
--- a/tests/cert-tests/pkcs7
+++ b/tests/cert-tests/pkcs7
@@ -39,7 +39,14 @@ OUTFILE2=out2-pkcs7.$$.tmp
 
 check_for_datefudge
 
-for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b; do
+if test "${ENABLE_GOST}" = "1" && test "${GNUTLS_FORCE_FIPS_MODE}" != "1"
+then
+	GOST_P7B="rfc4490.p7b"
+else
+	GOST_P7B=""
+fi
+
+for FILE in single-ca.p7b full.p7b openssl.p7b openssl-keyid.p7b $GOST_P7B; do
 ${VALGRIND} "${CERTTOOL}" --inder --p7-info --infile "${srcdir}/data/${FILE}"|grep -v "Signing time" >"${OUTFILE}"
 rc=$?
 
@@ -283,6 +290,27 @@ if test "${rc}" != "0"; then
 	exit ${rc}
 fi
 
+if test "x$ENABLE_GOST" = "x1"  && test "x${GNUTLS_FORCE_FIPS_MODE}" != "x1"
+then
+	FILE="gost01-signing"
+	${VALGRIND} "${CERTTOOL}" --p7-sign --load-privkey  "${srcdir}/../../doc/credentials/x509/key-gost01.pem" --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+	rc=$?
+
+	if test "${rc}" != "0"; then
+		echo "${FILE}: PKCS7 struct signing failed"
+		exit ${rc}
+	fi
+
+	FILE="gost01-signing-verify"
+	${VALGRIND} "${CERTTOOL}" --p7-verify --load-certificate "${srcdir}/../../doc/credentials/x509/cert-gost01.pem" <"${OUTFILE}"
+	rc=$?
+
+	if test "${rc}" != "0"; then
+		echo "${FILE}: PKCS7 struct signing failed verification"
+		exit ${rc}
+	fi
+fi
+
 rm -f "${OUTFILE}"
 rm -f "${OUTFILE2}"