mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-29 08:14:08 +00:00
5158c380fe
this change uses an hidden global variable within tomb to store the decrypted key material, avoiding using one tempfile in RAM, avoiding running the decryption more than once (which means sanity for KDF usage) and overall simplifying the code also avoiding duplicates.
271 lines
6.9 KiB
Bash
Executable File
271 lines
6.9 KiB
Bash
Executable File
#!/usr/bin/zsh
|
|
#
|
|
# Iterates through various tests on the tomb script
|
|
|
|
T="../../tomb"
|
|
source ${T} source
|
|
dummypass=test
|
|
dummypassnew=changetest
|
|
|
|
notice() { print; yes "${@}"; print; }
|
|
error() { _warning " ${@}"; }
|
|
tt() {
|
|
start_loops=(`sudo losetup -a |cut -d: -f1`)
|
|
start_temps=(`find /dev/shm -name 'tomb*'`)
|
|
${T} -D ${=@}
|
|
res=$?
|
|
loops=(`sudo losetup -a |cut -d: -f1`)
|
|
temps=(`find /dev/shm -name 'tomb*'`)
|
|
|
|
{ test "${#start_loops}" = "${#loops}" } || {
|
|
error "loop device usage change to ${#loops}" }
|
|
{ test "${#start_temps}" = "${#temps}" } || {
|
|
error "temp files usage change to ${#temps}" }
|
|
print " Tomb command returns $res"
|
|
return $res
|
|
}
|
|
|
|
# check for auxiliary programs
|
|
KDF=1
|
|
STEGHIDE=1
|
|
RESIZER=1
|
|
command -v steghide > /dev/null || STEGHIDE=0
|
|
command -v e2fsck resize2fs > /dev/null || RESIZER=0
|
|
command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0
|
|
command -v qrencode > /dev/null || QRENCODE=0
|
|
|
|
|
|
typeset -A results
|
|
tests=(dig forge lock badpass open close passwd chksum bind setkey)
|
|
{ test $RESIZER = 1 } && { tests+=(resize) }
|
|
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
|
|
{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl) }
|
|
{ test $QRENCODE = 1 } && { tests+=(qrenc) }
|
|
|
|
sudo rm -f /tmp/test.tomb{,.key}
|
|
|
|
|
|
startloops=(`sudo losetup -a |cut -d: -f1`)
|
|
|
|
|
|
|
|
|
|
notice "Testing creation: dig"
|
|
|
|
tt dig -s 20 /tmp/test.tomb
|
|
|
|
{ test $? = 0 } && { results+=(dig SUCCESS) }
|
|
|
|
notice "Testing creation: forge"
|
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge /tmp/test.tomb.key
|
|
|
|
{ test $? = 0 } && {
|
|
results+=(forge SUCCESS)
|
|
#
|
|
say "Dump of clear key contents to examine them:"
|
|
print ${dummypass} \
|
|
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \
|
|
| hexdump -C
|
|
echo --
|
|
}
|
|
|
|
notice "Testing creation: lock"
|
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} lock /tmp/test.tomb -k /tmp/test.tomb.key
|
|
|
|
{ test $? = 0 } && { results+=(lock SUCCESS) }
|
|
|
|
|
|
|
|
notice "Testing open with wrong password"
|
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd wrongpassword open /tmp/test.tomb
|
|
|
|
{ test $? = 0 } || { results+=(badpass SUCCESS) }
|
|
|
|
|
|
|
|
notice "Testing open with good password"
|
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
|
|
|
|
{ test $? = 0 } && { results+=(open SUCCESS) }
|
|
|
|
tt close test
|
|
|
|
|
|
|
|
notice "Testing changing tomb password"
|
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} passwd /tmp/test.tomb
|
|
|
|
{ test $? = 0 } && { results+=(passwd SUCCESS) }
|
|
|
|
|
|
|
|
notice "Generating content for file integrity test"
|
|
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
|
|
|
${T} dig -s 10 /media/test.tomb/datacheck.raw
|
|
|
|
crc="sha256 /media/test.tomb/datacheck.raw"
|
|
echo "$crc" > /media/test.tomb/datacheck.sha
|
|
|
|
tt --unsecure-dev-mode close test
|
|
|
|
{ test $? = 0 } && { results+=(close SUCCESS) }
|
|
|
|
|
|
{ test $RESIZER = 1 } && {
|
|
notice "Testing resize to 30 MiB"
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypassnew} -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30
|
|
|
|
{ test $? = 0 } && { results+=(resize SUCCESS) }
|
|
|
|
}
|
|
|
|
notice "Testing contents integrity"
|
|
|
|
${T} -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
|
|
|
{ test $? = 0 } && {
|
|
|
|
crc2="sha256 /media/test.tomb/datacheck.raw"
|
|
|
|
{ test "$crc" = "$crc2" } && { results+=(chksum SUCCESS) }
|
|
|
|
}
|
|
|
|
|
|
|
|
notice "Testing bind hooks"
|
|
|
|
rnd=$RANDOM
|
|
echo $rnd > /media/test.tomb/test-$rnd
|
|
echo "test-$rnd test-$rnd" > /media/test.tomb/bind-hooks
|
|
touch $HOME/test-$rnd
|
|
tt close test
|
|
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypassnew} open /tmp/test.tomb
|
|
rnd2=`cat $HOME/test-$rnd`
|
|
if [ "$rnd" = "$rnd2" ]; then
|
|
notice "Bind hook on file matches"
|
|
results+=(bind SUCCESS)
|
|
tt list test
|
|
else
|
|
error "Bind hook on file reports incongruence"
|
|
fi
|
|
tt close test
|
|
|
|
|
|
notice "Testing set key"
|
|
|
|
sudo rm -f /tmp/test.tomb.new.key
|
|
|
|
tt -k /tmp/test.tomb.new.key --force --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom forge
|
|
|
|
tt -k /tmp/test.tomb.new.key --unsecure-dev-mode --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypassnew} setkey /tmp/test.tomb.key /tmp/test.tomb
|
|
|
|
if [ $? = 0 ]; then
|
|
notice "Setkey succesfully swapped tomb key"
|
|
results+=(setkey SUCCESS)
|
|
mv /tmp/test.tomb.new.key /tmp/test.tomb.key
|
|
fi
|
|
|
|
|
|
|
|
{ test $KDF = 1 } && {
|
|
|
|
notice "Testing KDF key"
|
|
sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge -k /tmp/test.tomb.kdf
|
|
|
|
{ test $? = 0 } && { results+=(kdforge SUCCESS) }
|
|
|
|
tt --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} --kdf 1 passwd -k /tmp/test.tomb.kdf
|
|
|
|
{ test $? = 0 } && { results+=(kdfpass SUCCESS) }
|
|
|
|
${T} dig -s 10 /tmp/kdf.tomb
|
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf
|
|
|
|
{ test $? = 0 } && { results+=(kdflock SUCCESS) }
|
|
|
|
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1 open /tmp/kdf.tomb -k /tmp/test.tomb.kdf
|
|
|
|
{ test $? = 0 } && { results+=(kdfopen SUCCESS) }
|
|
|
|
${T} close kdf
|
|
|
|
}
|
|
|
|
{ test $STEGHIDE = 1 } && {
|
|
|
|
notice "Testing steganographic hiding of keys"
|
|
|
|
cp -f arditi.jpg /tmp/tomb.jpg
|
|
sudo rm -f /tmp/test.steg.key
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} bury -k /tmp/test.tomb.key /tmp/tomb.jpg
|
|
|
|
{ test $? = 0 } && { results+=(stgin SUCCESS) }
|
|
|
|
rm -f /tmp/test.steg.key
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume -k /tmp/test.steg.key /tmp/tomb.jpg
|
|
|
|
{ test $? = 0 } && { results+=(stgout SUCCESS) }
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/test.steg.key /tmp/test.tomb
|
|
|
|
{ test $? = 0 } && { results+=(stgopen SUCCESS) }
|
|
|
|
${T} close test
|
|
|
|
# test piping keys using -k -
|
|
tkey=`tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume /tmp/tomb.jpg`
|
|
print "$tkey" | tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k - /tmp/test.tomb
|
|
{ test $? = 0 } && { results+=(stgpipe SUCCESS) }
|
|
|
|
${T} close test
|
|
|
|
|
|
notice "test using open -k image.jpeg"
|
|
|
|
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/tomb.jpg /tmp/test.tomb
|
|
{ test $? = 0 } && { results+=(stgimpl SUCCESS) }
|
|
|
|
${T} close test
|
|
}
|
|
|
|
{ test $QRENCODE = 1 } && {
|
|
|
|
notice "test rendering a QR printable key backup"
|
|
|
|
tt engrave -k /tmp/test.tomb.key
|
|
|
|
{ test $? = 0 } && { results+=(qrenc SUCCESS) }
|
|
|
|
}
|
|
|
|
# rm /tmp/test.tomb{,.key} -f || exit 1
|
|
|
|
endloops=(`sudo losetup -a |cut -d: -f1`)
|
|
|
|
notice "Test results summary"
|
|
|
|
print "${#startloops} loop devices busy at start"
|
|
|
|
for t in $tests; do
|
|
echo "$t\t${results[$t]:-FAIL}"
|
|
done
|
|
|
|
print "${#endloops} loop devices busy at end"
|
|
print "Done. You can remove temporary leftovers from /tmp :"
|
|
for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done
|
|
return 0
|