#!/usr/bin/zsh # # Iterates through various tests on the tomb script T="../../tomb" source ${T} source dummypass=test notice() { print; yes "${@}"; print; } error() { _warning " ${@}"; } tt() { start_loops=(`sudo losetup -a |cut -d: -f1`) start_temps=(`find /dev/shm -name 'tomb*'`) ${T} -D ${=@} res=$? loops=(`sudo losetup -a |cut -d: -f1`) temps=(`find /dev/shm -name 'tomb*'`) { test "${#start_loops}" = "${#loops}" } || { error "loop device usage change to ${#loops}" } { test "${#start_temps}" = "${#temps}" } || { error "temp files usage change to ${#temps}" } print " Tomb command returns $res" return $res } # check for auxiliary programs KDF=1 STEGHIDE=1 RESIZER=1 command -v steghide > /dev/null || STEGHIDE=0 command -v e2fsck resize2fs > /dev/null || RESIZER=0 command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0 typeset -A results tests=(dig forge lock badpass open close chksum bind) { test $RESIZER = 1 } && { tests+=(resize) } { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) } { test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen) } sudo rm -f /tmp/test.tomb{,.key} startloops=(`sudo losetup -a |cut -d: -f1`) notice "Testing creation: dig" tt dig -s 20 /tmp/test.tomb { test $? = 0 } && { results+=(dig SUCCESS) } notice "Testing creation: forge" tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge /tmp/test.tomb.key { test $? = 0 } && { results+=(forge SUCCESS) # say "Dump of clear key contents to examine them:" print ${dummypass} \ | gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \ | hexdump -C echo -- } notice "Testing creation: lock" tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} lock /tmp/test.tomb -k /tmp/test.tomb.key { test $? = 0 } && { results+=(lock SUCCESS) } notice "Testing open with wrong password" tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd wrongpassword open /tmp/test.tomb { test $? = 0 } || { results+=(badpass SUCCESS) } notice "Testing open with good password" tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb { test $? = 0 } && { results+=(open SUCCESS) } notice "Generating content for file integrity test" ${T} dig -s 10 /media/test.tomb/datacheck.raw crc="sha256 /media/test.tomb/datacheck.raw" echo "$crc" > /media/test.tomb/datacheck.sha tt --unsecure-dev-mode close test { test $? = 0 } && { results+=(close SUCCESS) } { test $RESIZER = 1 } && { notice "Testing resize to 30 MiB" tt --unsecure-dev-mode --tomb-pwd ${dummypass} -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30 { test $? = 0 } && { results+=(resize SUCCESS) } } notice "Testing contents integrity" ${T} -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb crc2="sha256 /media/test.tomb/datacheck.raw" { test "$crc" = "$crc2" } && { results+=(chksum SUCCESS) } notice "Testing bind hooks" rnd=$RANDOM echo $rnd > /media/test.tomb/test-$rnd echo "test-$rnd test-$rnd" > /media/test.tomb/bind-hooks touch $HOME/test-$rnd tt close test tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb rnd2=`cat $HOME/test-$rnd` if [ "$rnd" = "$rnd2" ]; then notice "Bind hook on file matches" results+=(bind SUCCESS) tt list test else error "Bind hook on file reports incongruence" fi tt close test { test $KDF = 1 } && { notice "Testing KDF key" sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb tt --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge /tmp/test.tomb.kdf { test $? = 0 } && { results+=(kdforge SUCCESS) } tt --unsecure-dev-mode --tomb-pwd ${dummypass} --kdf 1 passwd /tmp/test.tomb.kdf { test $? = 0 } && { results+=(kdfpass SUCCESS) } ${T} dig -s 10 /tmp/kdf.tomb tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf { test $? = 0 } && { results+=(kdflock SUCCESS) } tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/kdf.tomb -k /tmp/test.tomb.kdf { test $? = 0 } && { results+=(kdfopen SUCCESS) } ${T} close kdf } { test $STEGHIDE = 1 } && { notice "Testing steganographic hiding of keys" cp -f arditi.jpg /tmp/tomb.jpg sudo rm -f /tmp/test.steg.key tt --unsecure-dev-mode --tomb-pwd ${dummypass} bury -k /tmp/test.tomb.key /tmp/tomb.jpg { test $? = 0 } && { results+=(stgin SUCCESS) } tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume -k /tmp/test.steg.key /tmp/tomb.jpg { test $? = 0 } && { results+=(stgout SUCCESS) } tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/test.steg.key /tmp/test.tomb { test $? = 0 } && { results+=(stgopen SUCCESS) } ${T} close test } # rm /tmp/test.tomb{,.key} -f || exit 1 endloops=(`sudo losetup -a |cut -d: -f1`) notice "Test results summary" print "${#startloops} loop devices busy at start" for t in $tests; do echo "$t\t${results[$t]:-FAIL}" done print "${#endloops} loop devices busy at end" print "Done. You can remove temporary leftovers from /tmp :" for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done return 0