mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-22 10:08:58 +00:00
remove sphinx from tests and docs
leftover strings are in translations, maybe take them off later
This commit is contained in:
parent
afe0390d93
commit
c1b5e1b310
29
doc/tomb.1
29
doc/tomb.1
@ -306,17 +306,6 @@ Select a different tool than sudo for privilege escalation.
|
||||
Alternatives supported so far are: pkexec, doas, sup, sud. For any
|
||||
alternative to work the executable must be included in the current
|
||||
PATH.
|
||||
.B
|
||||
.IP "--sphx-user \fI<username>\fR"
|
||||
Activate the SPHINX feature for password-authenticated key agreement.
|
||||
This option indicates the \fI<username>\fR used to retrieve the
|
||||
password from a sphinx oracle key reachable via TCP/IP.
|
||||
.B
|
||||
.IP "--sphx-host \fI<domain>\fR"
|
||||
Activate the SPHINX feature for password-authenticated key agreement.
|
||||
This option indicates the \fI<domain>\fR used to retrieve the password
|
||||
from a sphinx oracle daemon reachable via TCP/IP. This is not the
|
||||
network address of the daemon, which is configured in /etc/sphinx
|
||||
|
||||
.B
|
||||
.IP "-h"
|
||||
@ -484,24 +473,6 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
|
||||
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
|
||||
\fIbury\fR, \fIexhume\fR and \fIresize\fR.
|
||||
|
||||
.SH SPHINX (PAKE)
|
||||
|
||||
Using the package libsphinx
|
||||
.UR https://github.com/stef/libsphinx
|
||||
.UE
|
||||
and its python client/daemon implementation pwdsphinx
|
||||
.UR https://github.com/stef/pwdsphinx
|
||||
.UE
|
||||
is possible to store and retrieve safely the password that locks the
|
||||
tomb. Using this feature will make it impossible to retrieve the
|
||||
password without the oracle sphinx server running and reachable. Each
|
||||
key entry needs a username and a domain specified on creation and
|
||||
a password that locks it.
|
||||
|
||||
SPHINX makes it impossible to maliciously retrieve the password
|
||||
locking the tomb key without an attacker accessing both the
|
||||
server, the sphinx password and the tomb key file.
|
||||
|
||||
.SH EXAMPLES
|
||||
|
||||
.IP \(bu
|
||||
|
@ -15,18 +15,6 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
|
||||
tt_lock --tomb-pwd $DUMMYPASS
|
||||
'
|
||||
|
||||
if test_have_prereq SPHINX ORACLE; then
|
||||
test_export "sphinx_test"
|
||||
test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
|
||||
tt_dig -s 20 &&
|
||||
tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
|
||||
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
|
||||
| xxd &&
|
||||
tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
|
||||
'
|
||||
fi
|
||||
|
||||
if test_have_prereq DOAS; then
|
||||
test_export "doas_test"
|
||||
test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' '
|
||||
|
@ -44,14 +44,6 @@ if test_have_prereq LSOF; then
|
||||
'
|
||||
fi
|
||||
|
||||
if test_have_prereq SPHINX ORACLE; then
|
||||
test_export "sphinx_test" # Using already generated tomb
|
||||
test_expect_success 'Testing open with good password (sphinx)' '
|
||||
tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
tt_close
|
||||
'
|
||||
fi
|
||||
|
||||
if test_have_prereq DOAS; then
|
||||
test_export "doas_test" # Using already generated tomb
|
||||
test_expect_success 'Testing open with good password (using doas instead of sudo)' '
|
||||
|
@ -5,24 +5,17 @@ export test_description="Testing tomb resize feature"
|
||||
source ./setup
|
||||
|
||||
if test_have_prereq RESIZER; then
|
||||
test_export "test" # Using already generated tomb
|
||||
test_expect_success 'Testing resize to 30 MB tomb' '
|
||||
test_export "test" # Using already generated tomb
|
||||
test_expect_success 'Testing resize to 30 MB tomb' '
|
||||
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS
|
||||
'
|
||||
if test_have_prereq GPGRCPT; then
|
||||
if test_have_prereq GPGRCPT; then
|
||||
test_export "recipient" # Using already generated tomb
|
||||
test_expect_success 'Testing resize to 30 MB tomb with GnuPG keys' '
|
||||
tt resize -s 30 $tomb -k $tomb_key -g -r $KEY2
|
||||
'
|
||||
fi
|
||||
fi
|
||||
|
||||
fi # RESIZER
|
||||
|
||||
if test_have_prereq RESIZER SPHINX ORACLE; then
|
||||
test_export "sphinx_test" # Using already generated tomb
|
||||
test_expect_success 'Testing resize to 30 MB tomb (sphinx)' '
|
||||
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
|
||||
'
|
||||
fi
|
||||
|
||||
test_done
|
||||
|
@ -21,16 +21,4 @@ test_expect_success 'Testing tomb with GnuPG keys: passwd' '
|
||||
|
||||
fi
|
||||
|
||||
if test_have_prereq SPHINX ORACLE; then
|
||||
test_export "sphinx_test" # Using already generated tomb
|
||||
test_expect_success 'Testing changing tomb password with sphinx' '
|
||||
tt passwd -f -k $tomb_key --unsafe \
|
||||
--tomb-old-pwd $DUMMYPASS --tomb-pwd $DUMMYPASSNEW \
|
||||
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
tt passwd -f -k $tomb_key --unsafe \
|
||||
--tomb-old-pwd $DUMMYPASSNEW --tomb-pwd $DUMMYPASS \
|
||||
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
|
||||
'
|
||||
fi
|
||||
|
||||
test_done
|
||||
|
@ -28,23 +28,4 @@ test_expect_success 'Testing tomb with GnuPG keys: setkey' '
|
||||
'
|
||||
fi
|
||||
|
||||
if test_have_prereq SPHINX ORACLE; then
|
||||
test_export "sphinx_test" # Using already generated tomb
|
||||
test_expect_success 'Testing set key (sphinx)' '
|
||||
tt forge -f -k $tomb_key_new --tomb-pwd $DUMMYPASS \
|
||||
--ignore-swap --unsafe --force \
|
||||
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
tt setkey -f -k $tomb_key_new $tomb_key $tomb \
|
||||
--unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \
|
||||
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
tt open -f -k $tomb_key_new $tomb \
|
||||
--unsafe --tomb-pwd $DUMMYPASS \
|
||||
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
|
||||
print $DUMMYPASS \
|
||||
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key_new \
|
||||
| xxd &&
|
||||
tt_close
|
||||
'
|
||||
fi
|
||||
|
||||
test_done
|
||||
|
@ -55,8 +55,6 @@ command -v lsof > /dev/null && test_set_prereq LSOF
|
||||
command -v python3 > /dev/null && test_set_prereq PYTHON3
|
||||
command -v cloakify > /dev/null && test_set_prereq CLOAKIFY
|
||||
command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY
|
||||
command -v sphinx > /dev/null && test_set_prereq SPHINX
|
||||
command -v oracle > /dev/null && test_set_prereq ORACLE
|
||||
command -v doas > /dev/null && test_set_prereq DOAS
|
||||
command -v argon2 > /dev/null && test_set_prereq ARGON2
|
||||
|
||||
@ -80,10 +78,6 @@ fi
|
||||
export DUMMYPASS=test
|
||||
export DUMMYPASSNEW=changetest
|
||||
|
||||
# Dummy host and username for sphinx
|
||||
export DUMMYHOST=example.com
|
||||
export DUMMYUSER=user
|
||||
|
||||
|
||||
# Test helpers
|
||||
|
||||
|
@ -1,15 +0,0 @@
|
||||
[client]
|
||||
verbose = False
|
||||
address = 127.0.0.1
|
||||
port = 2355
|
||||
datadir = /tmp/.sphinx/
|
||||
ssl_cert = /etc/sphinx/server.crt
|
||||
|
||||
[server]
|
||||
verbose = False
|
||||
address = 127.0.0.1
|
||||
port = 2355
|
||||
datadir = /tmp/.sphinx/
|
||||
keydir = /tmp/.sphinx/
|
||||
ssl_cert = /etc/sphinx/server.crt
|
||||
ssl_key = /etc/sphinx/server.key
|
Loading…
Reference in New Issue
Block a user