Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-25 03:09:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
5158c380fe
Tomb/extras/test/runtests
Jaromil 5158c380fe refactoring of the way password and keys are handled internally 
this change uses an hidden global variable within tomb to store the
decrypted key material, avoiding using one tempfile in RAM, avoiding
running the decryption more than once (which means sanity for KDF
usage) and overall simplifying the code also avoiding duplicates.
2014-08-06 07:43:25 +02:00

271 lines
6.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/zsh
#
# Iterates through various tests on the tomb script
T="../../tomb"
source ${T} source
dummypass=test
dummypassnew=changetest
notice() { print; yes "${@}"; print; }
error() { _warning " ${@}"; }
tt() {
start_loops=(`sudo losetup -a |cut -d: -f1`)
start_temps=(`find /dev/shm -name 'tomb*'`)
${T} -D ${=@}
res=$?
loops=(`sudo losetup -a |cut -d: -f1`)
temps=(`find /dev/shm -name 'tomb*'`)
{ test "${#start_loops}" = "${#loops}" } || {
error "loop device usage change to ${#loops}" }
{ test "${#start_temps}" = "${#temps}" } || {
error "temp files usage change to ${#temps}" }
print " Tomb command returns $res"
return $res
}
# check for auxiliary programs
KDF=1
STEGHIDE=1
RESIZER=1
command -v steghide > /dev/null || STEGHIDE=0
command -v e2fsck resize2fs > /dev/null || RESIZER=0
command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0
command -v qrencode > /dev/null || QRENCODE=0
typeset -A results
tests=(dig forge lock badpass open close passwd chksum bind setkey)
{ test $RESIZER = 1 } && { tests+=(resize) }
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl) }
{ test $QRENCODE = 1 } && { tests+=(qrenc) }
sudo rm -f /tmp/test.tomb{,.key}
startloops=(`sudo losetup -a |cut -d: -f1`)
notice "Testing creation: dig"
tt dig -s 20 /tmp/test.tomb
{ test $? = 0 } && { results+=(dig SUCCESS) }
notice "Testing creation: forge"
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge /tmp/test.tomb.key
{ test $? = 0 } && {
results+=(forge SUCCESS)
#
say "Dump of clear key contents to examine them:"
print ${dummypass} \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \
| hexdump -C
echo --
}
notice "Testing creation: lock"
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} lock /tmp/test.tomb -k /tmp/test.tomb.key
{ test $? = 0 } && { results+=(lock SUCCESS) }
notice "Testing open with wrong password"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd wrongpassword open /tmp/test.tomb
{ test $? = 0 } || { results+=(badpass SUCCESS) }
notice "Testing open with good password"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
{ test $? = 0 } && { results+=(open SUCCESS) }
tt close test
notice "Testing changing tomb password"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} passwd /tmp/test.tomb
{ test $? = 0 } && { results+=(passwd SUCCESS) }
notice "Generating content for file integrity test"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
${T} dig -s 10 /media/test.tomb/datacheck.raw
crc="sha256 /media/test.tomb/datacheck.raw"
echo "$crc" > /media/test.tomb/datacheck.sha
tt --unsecure-dev-mode close test
{ test $? = 0 } && { results+=(close SUCCESS) }
{ test $RESIZER = 1 } && {
notice "Testing resize to 30 MiB"
tt --unsecure-dev-mode --tomb-pwd ${dummypassnew} -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30
{ test $? = 0 } && { results+=(resize SUCCESS) }
}
notice "Testing contents integrity"
${T} -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
{ test $? = 0 } && {
crc2="sha256 /media/test.tomb/datacheck.raw"
{ test "$crc" = "$crc2" } && { results+=(chksum SUCCESS) }
}
notice "Testing bind hooks"
rnd=$RANDOM
echo $rnd > /media/test.tomb/test-$rnd
echo "test-$rnd test-$rnd" > /media/test.tomb/bind-hooks
touch $HOME/test-$rnd
tt close test
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
rnd2=`cat $HOME/test-$rnd`
if [ "$rnd" = "$rnd2" ]; then
notice "Bind hook on file matches"
results+=(bind SUCCESS)
tt list test
else
error "Bind hook on file reports incongruence"
fi
tt close test
notice "Testing set key"
sudo rm -f /tmp/test.tomb.new.key
tt -k /tmp/test.tomb.new.key --force --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge
tt -k /tmp/test.tomb.new.key --unsecure-dev-mode --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypassnew} setkey /tmp/test.tomb.key /tmp/test.tomb
if [ $? = 0 ]; then
notice "Setkey succesfully swapped tomb key"
results+=(setkey SUCCESS)
mv /tmp/test.tomb.new.key /tmp/test.tomb.key
fi
{ test $KDF = 1 } && {
notice "Testing KDF key"
sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb
tt --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdforge SUCCESS) }
tt --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} --kdf 1 passwd -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdfpass SUCCESS) }
${T} dig -s 10 /tmp/kdf.tomb
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdflock SUCCESS) }
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 open /tmp/kdf.tomb -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdfopen SUCCESS) }
${T} close kdf
}
{ test $STEGHIDE = 1 } && {
notice "Testing steganographic hiding of keys"
cp -f arditi.jpg /tmp/tomb.jpg
sudo rm -f /tmp/test.steg.key
tt --unsecure-dev-mode --tomb-pwd ${dummypass} bury -k /tmp/test.tomb.key /tmp/tomb.jpg
{ test $? = 0 } && { results+=(stgin SUCCESS) }
rm -f /tmp/test.steg.key
tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume -k /tmp/test.steg.key /tmp/tomb.jpg
{ test $? = 0 } && { results+=(stgout SUCCESS) }
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/test.steg.key /tmp/test.tomb
{ test $? = 0 } && { results+=(stgopen SUCCESS) }
${T} close test
# test piping keys using -k -
tkey=`tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume /tmp/tomb.jpg`
print "$tkey" | tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k - /tmp/test.tomb
{ test $? = 0 } && { results+=(stgpipe SUCCESS) }
${T} close test
notice "test using open -k image.jpeg"
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/tomb.jpg /tmp/test.tomb
{ test $? = 0 } && { results+=(stgimpl SUCCESS) }
${T} close test
}
{ test $QRENCODE = 1 } && {
notice "test rendering a QR printable key backup"
tt engrave -k /tmp/test.tomb.key
{ test $? = 0 } && { results+=(qrenc SUCCESS) }
}
# rm /tmp/test.tomb{,.key} -f || exit 1
endloops=(`sudo losetup -a |cut -d: -f1`)
notice "Test results summary"
print "${#startloops} loop devices busy at start"
for t in $tests; do
echo "$t\t${results[$t]:-FAIL}"
done
print "${#endloops} loop devices busy at end"
print "Done. You can remove temporary leftovers from /tmp :"
for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done
return 0
Reference in New Issue View Git Blame Copy Permalink