Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2025-01-23 15:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove sphinx from tests and docs

Browse Source 
leftover strings are in translations, maybe take them off later
This commit is contained in:
Jaromil 2024-08-31 05:18:03 +02:00
parent afe0390d93
commit c1b5e1b310
8 changed files with 4 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/tomb.1
View File

@ -306,17 +306,6 @@ Select a different tool than sudo for privilege escalation.
Alternatives supported so far are: pkexec, doas, sup, sud. For any Alternatives supported so far are: pkexec, doas, sup, sud. For any
alternative to work the executable must be included in the current alternative to work the executable must be included in the current
PATH. PATH.
.B
.IP "--sphx-user \fI<username>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<username>\fR used to retrieve the
password from a sphinx oracle key reachable via TCP/IP.
.B
.IP "--sphx-host \fI<domain>\fR"
Activate the SPHINX feature for password-authenticated key agreement.
This option indicates the \fI<domain>\fR used to retrieve the password
from a sphinx oracle daemon reachable via TCP/IP. This is not the
network address of the daemon, which is configured in /etc/sphinx
.B .B
.IP "-h" .IP "-h"
@ -484,24 +473,6 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb
commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR, commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR,
\fIbury\fR, \fIexhume\fR and \fIresize\fR. \fIbury\fR, \fIexhume\fR and \fIresize\fR.
.SH SPHINX (PAKE)
Using the package libsphinx
.UR https://github.com/stef/libsphinx
.UE
and its python client/daemon implementation pwdsphinx
.UR https://github.com/stef/pwdsphinx
.UE
is possible to store and retrieve safely the password that locks the
tomb. Using this feature will make it impossible to retrieve the
password without the oracle sphinx server running and reachable. Each
key entry needs a username and a domain specified on creation and
a password that locks it.
SPHINX makes it impossible to maliciously retrieve the password
locking the tomb key without an attacker accessing both the
server, the sphinx password and the tomb key file.
.SH EXAMPLES .SH EXAMPLES
.IP \(bu .IP \(bu

12
extras/test/00_create.sh
View File

@ -15,18 +15,6 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' '
tt_lock --tomb-pwd $DUMMYPASS tt_lock --tomb-pwd $DUMMYPASS
' '
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' '
tt_dig -s 20 &&
tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \
| xxd &&
tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
if test_have_prereq DOAS; then if test_have_prereq DOAS; then
test_export "doas_test" test_export "doas_test"
test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' ' test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' '

8
extras/test/10_operations.sh
View File

@ -44,14 +44,6 @@ if test_have_prereq LSOF; then
' '
fi fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing open with good password (sphinx)' '
tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt_close
'
fi
if test_have_prereq DOAS; then if test_have_prereq DOAS; then
test_export "doas_test" # Using already generated tomb test_export "doas_test" # Using already generated tomb
test_expect_success 'Testing open with good password (using doas instead of sudo)' ' test_expect_success 'Testing open with good password (using doas instead of sudo)' '

15
extras/test/60_resize.sh
View File

@ -5,24 +5,17 @@ export test_description="Testing tomb resize feature"
source ./setup source ./setup
if test_have_prereq RESIZER; then if test_have_prereq RESIZER; then
test_export "test" # Using already generated tomb test_export "test" # Using already generated tomb
test_expect_success 'Testing resize to 30 MB tomb' ' test_expect_success 'Testing resize to 30 MB tomb' '
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS
' '
if test_have_prereq GPGRCPT; then if test_have_prereq GPGRCPT; then
test_export "recipient" # Using already generated tomb test_export "recipient" # Using already generated tomb
test_expect_success 'Testing resize to 30 MB tomb with GnuPG keys' ' test_expect_success 'Testing resize to 30 MB tomb with GnuPG keys' '
tt resize -s 30 $tomb -k $tomb_key -g -r $KEY2 tt resize -s 30 $tomb -k $tomb_key -g -r $KEY2
' '
fi fi
fi # RESIZER fi # RESIZER
if test_have_prereq RESIZER SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing resize to 30 MB tomb (sphinx)' '
tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
test_done test_done

12
extras/test/65_passwd.sh
View File

@ -21,16 +21,4 @@ test_expect_success 'Testing tomb with GnuPG keys: passwd' '
fi fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing changing tomb password with sphinx' '
tt passwd -f -k $tomb_key --unsafe \
--tomb-old-pwd $DUMMYPASS --tomb-pwd $DUMMYPASSNEW \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt passwd -f -k $tomb_key --unsafe \
--tomb-old-pwd $DUMMYPASSNEW --tomb-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST
'
fi
test_done test_done

19
extras/test/90_setkey.sh
View File

@ -28,23 +28,4 @@ test_expect_success 'Testing tomb with GnuPG keys: setkey' '
' '
fi fi
if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing set key (sphinx)' '
tt forge -f -k $tomb_key_new --tomb-pwd $DUMMYPASS \
--ignore-swap --unsafe --force \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt setkey -f -k $tomb_key_new $tomb_key $tomb \
--unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt open -f -k $tomb_key_new $tomb \
--unsafe --tomb-pwd $DUMMYPASS \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
print $DUMMYPASS \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key_new \
| xxd &&
tt_close
'
fi
test_done test_done

6
extras/test/setup
View File

@ -55,8 +55,6 @@ command -v lsof > /dev/null && test_set_prereq LSOF
command -v python3 > /dev/null && test_set_prereq PYTHON3 command -v python3 > /dev/null && test_set_prereq PYTHON3
command -v cloakify > /dev/null && test_set_prereq CLOAKIFY command -v cloakify > /dev/null && test_set_prereq CLOAKIFY
command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY
command -v sphinx > /dev/null && test_set_prereq SPHINX
command -v oracle > /dev/null && test_set_prereq ORACLE
command -v doas > /dev/null && test_set_prereq DOAS command -v doas > /dev/null && test_set_prereq DOAS
command -v argon2 > /dev/null && test_set_prereq ARGON2 command -v argon2 > /dev/null && test_set_prereq ARGON2
@ -80,10 +78,6 @@ fi
export DUMMYPASS=test export DUMMYPASS=test
export DUMMYPASSNEW=changetest export DUMMYPASSNEW=changetest
# Dummy host and username for sphinx
export DUMMYHOST=example.com
export DUMMYUSER=user
# Test helpers # Test helpers

15
extras/test/sphinx.cfg
View File

@ -1,15 +0,0 @@
[client]
verbose = False
address = 127.0.0.1
port = 2355
datadir = /tmp/.sphinx/
ssl_cert = /etc/sphinx/server.crt
[server]
verbose = False
address = 127.0.0.1
port = 2355
datadir = /tmp/.sphinx/
keydir = /tmp/.sphinx/
ssl_cert = /etc/sphinx/server.crt
ssl_key = /etc/sphinx/server.key