2013-06-12 11:12:33 +02:00
|
|
|
#!/usr/bin/zsh
|
|
|
|
#
|
|
|
|
# Iterates through various tests on the tomb script
|
|
|
|
|
|
|
|
T="../../tomb"
|
|
|
|
source ${T} source
|
2013-06-12 13:41:12 +02:00
|
|
|
dummypass=test
|
2014-06-08 20:31:42 +02:00
|
|
|
dummypassnew=changetest
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
notice() { print; yes "${@}"; print; }
|
|
|
|
error() { _warning " ${@}"; }
|
|
|
|
tt() {
|
|
|
|
start_loops=(`sudo losetup -a |cut -d: -f1`)
|
2013-06-12 13:36:50 +02:00
|
|
|
start_temps=(`find /dev/shm -name 'tomb*'`)
|
2013-06-20 10:26:12 +02:00
|
|
|
${T} -D ${=@}
|
2013-06-12 11:12:33 +02:00
|
|
|
res=$?
|
|
|
|
loops=(`sudo losetup -a |cut -d: -f1`)
|
2013-06-12 13:36:50 +02:00
|
|
|
temps=(`find /dev/shm -name 'tomb*'`)
|
|
|
|
|
|
|
|
{ test "${#start_loops}" = "${#loops}" } || {
|
|
|
|
error "loop device usage change to ${#loops}" }
|
|
|
|
{ test "${#start_temps}" = "${#temps}" } || {
|
|
|
|
error "temp files usage change to ${#temps}" }
|
2013-06-12 11:12:33 +02:00
|
|
|
print " Tomb command returns $res"
|
|
|
|
return $res
|
|
|
|
}
|
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
# check for auxiliary programs
|
|
|
|
KDF=1
|
|
|
|
STEGHIDE=1
|
|
|
|
RESIZER=1
|
|
|
|
command -v steghide > /dev/null || STEGHIDE=0
|
|
|
|
command -v e2fsck resize2fs > /dev/null || RESIZER=0
|
|
|
|
command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0
|
2014-06-08 20:31:42 +02:00
|
|
|
command -v qrencode > /dev/null || QRENCODE=0
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
|
2013-06-12 11:12:33 +02:00
|
|
|
typeset -A results
|
2014-06-08 20:31:42 +02:00
|
|
|
tests=(dig forge lock badpass open close passwd chksum bind setkey)
|
2013-06-12 13:36:50 +02:00
|
|
|
{ test $RESIZER = 1 } && { tests+=(resize) }
|
|
|
|
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
|
|
|
|
{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen) }
|
2014-06-08 20:31:42 +02:00
|
|
|
{ test $QRENCODE = 1 } && { tests+=(qrenc) }
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
sudo rm -f /tmp/test.tomb{,.key}
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
|
|
|
|
startloops=(`sudo losetup -a |cut -d: -f1`)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-06-20 10:26:12 +02:00
|
|
|
notice "Testing creation: dig"
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
tt dig -s 20 /tmp/test.tomb
|
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(dig SUCCESS) }
|
|
|
|
|
2013-06-20 10:26:12 +02:00
|
|
|
notice "Testing creation: forge"
|
|
|
|
|
2013-06-12 13:41:12 +02:00
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge /tmp/test.tomb.key
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2013-06-20 12:46:20 +02:00
|
|
|
{ test $? = 0 } && {
|
|
|
|
results+=(forge SUCCESS)
|
|
|
|
#
|
|
|
|
say "Dump of clear key contents to examine them:"
|
|
|
|
print ${dummypass} \
|
|
|
|
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \
|
|
|
|
| hexdump -C
|
|
|
|
echo --
|
|
|
|
}
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2013-06-20 10:26:12 +02:00
|
|
|
notice "Testing creation: lock"
|
|
|
|
|
2013-06-12 13:41:12 +02:00
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} lock /tmp/test.tomb -k /tmp/test.tomb.key
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(lock SUCCESS) }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
notice "Testing open with wrong password"
|
|
|
|
|
2014-04-02 14:31:36 +02:00
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd wrongpassword open /tmp/test.tomb
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } || { results+=(badpass SUCCESS) }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
notice "Testing open with good password"
|
|
|
|
|
2014-04-02 14:31:36 +02:00
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(open SUCCESS) }
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt close test
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
notice "Testing changing tomb password"
|
|
|
|
|
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} passwd /tmp/test.tomb
|
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(passwd SUCCESS) }
|
|
|
|
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
|
|
|
|
notice "Generating content for file integrity test"
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
|
|
|
|
2013-06-12 11:12:33 +02:00
|
|
|
${T} dig -s 10 /media/test.tomb/datacheck.raw
|
|
|
|
|
|
|
|
crc="sha256 /media/test.tomb/datacheck.raw"
|
|
|
|
echo "$crc" > /media/test.tomb/datacheck.sha
|
|
|
|
|
|
|
|
tt --unsecure-dev-mode close test
|
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(close SUCCESS) }
|
|
|
|
|
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
{ test $RESIZER = 1 } && {
|
|
|
|
notice "Testing resize to 30 MiB"
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypassnew} -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(resize SUCCESS) }
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
}
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
notice "Testing contents integrity"
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
${T} -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
{ test $? = 0 } && {
|
|
|
|
|
|
|
|
crc2="sha256 /media/test.tomb/datacheck.raw"
|
|
|
|
|
|
|
|
{ test "$crc" = "$crc2" } && { results+=(chksum SUCCESS) }
|
2013-06-12 11:12:33 +02:00
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
}
|
2013-06-12 11:12:33 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
notice "Testing bind hooks"
|
|
|
|
|
|
|
|
rnd=$RANDOM
|
|
|
|
echo $rnd > /media/test.tomb/test-$rnd
|
|
|
|
echo "test-$rnd test-$rnd" > /media/test.tomb/bind-hooks
|
|
|
|
touch $HOME/test-$rnd
|
|
|
|
tt close test
|
2014-06-08 20:31:42 +02:00
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
2013-06-12 11:12:33 +02:00
|
|
|
rnd2=`cat $HOME/test-$rnd`
|
|
|
|
if [ "$rnd" = "$rnd2" ]; then
|
|
|
|
notice "Bind hook on file matches"
|
|
|
|
results+=(bind SUCCESS)
|
|
|
|
tt list test
|
|
|
|
else
|
|
|
|
error "Bind hook on file reports incongruence"
|
|
|
|
fi
|
|
|
|
tt close test
|
|
|
|
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
notice "Testing set key"
|
|
|
|
|
|
|
|
sudo rm -f /tmp/test.tomb.new.key
|
|
|
|
|
|
|
|
tt -k /tmp/test.tomb.new.key --force --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge
|
|
|
|
|
|
|
|
tt -k /tmp/test.tomb.new.key --unsecure-dev-mode --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypassnew} setkey /tmp/test.tomb.key /tmp/test.tomb
|
|
|
|
|
|
|
|
if [ $? = 0 ]; then
|
|
|
|
notice "Setkey succesfully swapped tomb key"
|
|
|
|
results+=(setkey SUCCESS)
|
|
|
|
mv /tmp/test.tomb.new.key /tmp/test.tomb.key
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
{ test $KDF = 1 } && {
|
|
|
|
|
|
|
|
notice "Testing KDF key"
|
|
|
|
sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge -k /tmp/test.tomb.kdf
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(kdforge SUCCESS) }
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} --kdf 1 passwd -k /tmp/test.tomb.kdf
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(kdfpass SUCCESS) }
|
|
|
|
|
|
|
|
${T} dig -s 10 /tmp/kdf.tomb
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(kdflock SUCCESS) }
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 open /tmp/kdf.tomb -k /tmp/test.tomb.kdf
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(kdfopen SUCCESS) }
|
|
|
|
|
|
|
|
${T} close kdf
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
{ test $STEGHIDE = 1 } && {
|
|
|
|
|
|
|
|
notice "Testing steganographic hiding of keys"
|
|
|
|
|
|
|
|
cp -f arditi.jpg /tmp/tomb.jpg
|
|
|
|
sudo rm -f /tmp/test.steg.key
|
|
|
|
|
2013-06-12 13:41:12 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} bury -k /tmp/test.tomb.key /tmp/tomb.jpg
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(stgin SUCCESS) }
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
rm -f /tmp/test.steg.key
|
|
|
|
|
2013-06-12 13:41:12 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume -k /tmp/test.steg.key /tmp/tomb.jpg
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(stgout SUCCESS) }
|
|
|
|
|
2013-06-12 13:41:12 +02:00
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/test.steg.key /tmp/test.tomb
|
2013-06-12 13:36:50 +02:00
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(stgopen SUCCESS) }
|
|
|
|
|
|
|
|
${T} close test
|
|
|
|
}
|
|
|
|
|
2014-06-08 20:31:42 +02:00
|
|
|
{ test $QRENCODE = 1 } && {
|
|
|
|
|
|
|
|
tt engrave -k /tmp/test.tomb.key
|
|
|
|
|
|
|
|
{ test $? = 0 } && { results+=(qrenc SUCCESS) }
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2013-06-12 13:36:50 +02:00
|
|
|
# rm /tmp/test.tomb{,.key} -f || exit 1
|
|
|
|
|
2013-06-12 11:12:33 +02:00
|
|
|
endloops=(`sudo losetup -a |cut -d: -f1`)
|
|
|
|
|
|
|
|
notice "Test results summary"
|
|
|
|
|
|
|
|
print "${#startloops} loop devices busy at start"
|
|
|
|
|
|
|
|
for t in $tests; do
|
|
|
|
echo "$t\t${results[$t]:-FAIL}"
|
|
|
|
done
|
|
|
|
|
|
|
|
print "${#endloops} loop devices busy at end"
|
2013-06-12 13:36:50 +02:00
|
|
|
print "Done. You can remove temporary leftovers from /tmp :"
|
|
|
|
for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done
|
|
|
|
return 0
|