You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 lines
3.2 KiB
76 lines
3.2 KiB
11 months ago
|
#!/bin/bash
|
||
|
|
||
|
# set +e
|
||
|
set -x
|
||
|
|
||
|
echo "Тест что gost engine подключен к openssl"
|
||
|
|
||
|
source library/sh_lib.sh
|
||
|
|
||
|
check=0
|
||
|
|
||
|
######################################
|
||
|
echo "1. Reset policy to default"
|
||
|
/usr/bin/update-crypto-policies --set DEFAULT
|
||
|
echo "---------------------------------------"
|
||
|
|
||
|
######################################
|
||
|
echo "Test 2. Files test"
|
||
|
|
||
|
# cat /etc/crypto-policies/back-ends/opensslcnf.config | grep gost
|
||
|
# данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
|
||
|
cat /etc/crypto-policies/back-ends/opensslcnf.config | /bin/grep gost
|
||
|
check=$(not_eq_is_success ${check} 0)
|
||
|
|
||
|
# файл /etc/crypto-policies/back-ends/auth.config - пустой
|
||
|
# файл /etc/crypto-policies/back-ends/auth.config - симлинк на пустой файл
|
||
|
ls -l /etc/crypto-policies/back-ends/auth.config
|
||
|
filename="/etc/crypto-policies/back-ends/auth.config"
|
||
|
filesize=$(stat -Lc%s ${filename})
|
||
|
if [ $filesize -eq 0 ]; then
|
||
|
echo "File ${filename} length == 0 -- OK"
|
||
|
else
|
||
|
echo "File ${filename} length == ${filesize} -- Error, should be empty"
|
||
|
let check+=1
|
||
|
fi
|
||
|
|
||
|
# cat /etc/pam.d/password-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
|
||
|
cat /etc/pam.d/password-auth | /bin/grep gost
|
||
|
check=$(not_eq_is_success ${check} 0)
|
||
|
|
||
|
# cat /etc/pam.d/system-auth | grep gost данная команда должна возвращать пустое значение и результат выполнения echo $? = 1
|
||
|
cat /etc/pam.d/system-auth | /bin/grep gost
|
||
|
check=$(not_eq_is_success ${check} 0)
|
||
|
echo "---------------------------------------"
|
||
|
|
||
|
######################################
|
||
|
echo "Test 3. Set GOST policy"
|
||
|
/usr/bin/update-crypto-policies --set DEFAULT:GOST
|
||
|
check=$(eq_is_success ${check} 0)
|
||
|
echo "---------------------------------------"
|
||
|
|
||
|
######################################
|
||
|
echo "Test 4. Test openssl"
|
||
|
openssl_expected_output="TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
|
||
|
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD
|
||
|
TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD
|
||
|
TLS_AES_128_CCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESCCM(128) Mac=AEAD
|
||
|
LEGACY-GOST2012-GOST8912-GOST8912 TLSv1 Kx=GOST Au=GOST12 Enc=GOST89(256) Mac=GOST89
|
||
|
IANA-GOST2012-GOST8912-GOST8912 TLSv1 Kx=GOST Au=GOST12 Enc=GOST89(256) Mac=GOST89
|
||
|
GOST2001-GOST89-GOST89 TLSv1 Kx=GOST Au=GOST01 Enc=GOST89(256) Mac=GOST89
|
||
|
GOST2012-NULL-GOST12 TLSv1 Kx=GOST Au=GOST12 Enc=None Mac=GOST2012
|
||
|
GOST2001-NULL-GOST94 TLSv1 Kx=GOST Au=GOST01 Enc=None Mac=GOST94"
|
||
|
openssl_out=$(/usr/bin/openssl ciphers -v 'kGOST')
|
||
|
echo "openssl out:"
|
||
|
echo "${openssl_out}"
|
||
|
if [[ $openssl_out == $openssl_expected_output ]]; then
|
||
|
echo "openssl out is valid"
|
||
|
else
|
||
|
echo "ERROR: openssl out is invalid"
|
||
|
let check+=1
|
||
|
fi
|
||
|
echo "---------------------------------------"
|
||
|
|
||
|
check_test_status ${check} "$0"
|
||
|
exit ${check}
|