Expand x509 sign/verify test with GOST algorithms

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

3 files changed, 106 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index c0beb5acda..437da63e6e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -159,7 +159,8 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
 	 client-sign-md5-rep tls12-invalid-key-exchanges session-rdn-read \
 	 tls13-cert-key-exchange x509-cert-callback-ocsp gnutls_ocsp_resp_list_import2 \
 	 server-sign-md5-rep privkey-keygen mini-tls-nonblock no-signal pkcs7-gen dtls-etm \
-	 x509sign-verify-rsa x509sign-verify-ecdsa mini-alignment oids atfork prf psk-file \
+	 x509sign-verify-rsa x509sign-verify-ecdsa x509sign-verify-gost \
+	 mini-alignment oids atfork prf psk-file \
 	 status-request status-request-ok status-request-missing sign-verify-ext \
 	 fallback-scsv pkcs8-key-decode urls dtls-rehandshake-cert \
 	 key-usage-rsa key-usage-ecdhe-rsa mini-session-verify-function auto-verify \
diff --git a/tests/x509sign-verify-common.h b/tests/x509sign-verify-common.h
index 9f87229403..d7f3b41cfa 100644
--- a/tests/x509sign-verify-common.h
+++ b/tests/x509sign-verify-common.h
@@ -21,6 +21,39 @@ const gnutls_datum_t sha256_data = {
 	32
 };
 
+/* gost r 34.11-94 hash of "hello" string */
+const gnutls_datum_t gostr94_data = {
+	(void *)
+	    "\x92\xea\x6d\xdb\xaf\x40\x02\x0d\xf3\x65"
+	    "\x1f\x27\x8f\xd7\x15\x12\x17\xa2\x4a\xa8"
+	    "\xd2\x2e\xbd\x25\x19\xcf\xd4\xd8\x9e\x64"
+	    "\x50\xea",
+	32
+};
+
+/* Streebog-256 hash of "hello" string */
+const gnutls_datum_t streebog256_data = {
+	(void *)
+	    "\x3f\xb0\x70\x0a\x41\xce\x6e\x41\x41\x3b"
+	    "\xa7\x64\xf9\x8b\xf2\x13\x5b\xa6\xde\xd5"
+	    "\x16\xbe\xa2\xfa\xe8\x42\x9c\xc5\xbd\xd4"
+	    "\x6d\x6d",
+	32
+};
+
+/* Streebog-512 hash of "hello" string */
+const gnutls_datum_t streebog512_data = {
+	(void *)
+	    "\x8d\xf4\x14\x26\x09\x66\xbe\xb7\xb3\x4d"
+	    "\x92\x07\x63\x07\x9e\x15\xdf\x1f\x63\x29"
+	    "\x7e\xb3\xdd\x43\x11\xe8\xb5\x85\xd4\xbf"
+	    "\x2f\x59\x23\x21\x4f\x1d\xfe\xd3\xfd\xee"
+	    "\x4a\xaf\x01\x83\x30\xa1\x2a\xcd\xe0\xef"
+	    "\xcc\x33\x8e\xb5\x29\x22\xf3\xe5\x71\x21"
+	    "\x2d\x42\xc8\xde",
+	64
+};
+
 const gnutls_datum_t invalid_hash_data = {
 	(void *)
 	    "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe"
@@ -78,6 +111,12 @@ void test_sig(gnutls_pk_algorithm_t pk, unsigned hash, unsigned bits)
 		vflags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1;
 	} else if (hash == GNUTLS_DIG_SHA256)
 		hash_data = &sha256_data;
+	else if (hash == GNUTLS_DIG_GOSTR_94)
+		hash_data = &gostr94_data;
+	else if (hash == GNUTLS_DIG_STREEBOG_256)
+		hash_data = &streebog256_data;
+	else if (hash == GNUTLS_DIG_STREEBOG_512)
+		hash_data = &streebog512_data;
 	else
 		abort();
 
diff --git a/tests/x509sign-verify-gost.c b/tests/x509sign-verify-gost.c
new file mode 100644
index 0000000000..9a5c2eca7e
--- /dev/null
+++ b/tests/x509sign-verify-gost.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2016-2017 Free Software Foundation, Inc.
+ *
+ * Author: Dmitry Eremin-Solenikov
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+/* Parts copied from GnuTLS example programs. */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifndef _WIN32
+# include <sys/types.h>
+# include <netinet/in.h>
+# include <sys/socket.h>
+# include <arpa/inet.h>
+# include <unistd.h>
+#endif
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+#include "utils.h"
+
+#include "x509sign-verify-common.h"
+
+void doit(void)
+{
+#ifndef ENABLE_GOST
+	exit(77);
+#else
+	global_init();
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(6);
+
+	test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA));
+	test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPA));
+	test_sig(GNUTLS_PK_GOST_01, GNUTLS_DIG_GOSTR_94, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA));
+	test_sig(GNUTLS_PK_GOST_12_256, GNUTLS_DIG_STREEBOG_256, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST256CPXA));
+	test_sig(GNUTLS_PK_GOST_12_512, GNUTLS_DIG_STREEBOG_512, GNUTLS_CURVE_TO_BITS(GNUTLS_ECC_CURVE_GOST512A));
+
+	gnutls_global_deinit();
+#endif
+}