Tomb/extras/test/runtests
2014-11-14 18:52:44 +01:00

342 lines
8.4 KiB
Bash
Executable File

#!/usr/bin/zsh
#
# Iterates through various tests on the tomb script
T="../../tomb"
source ${T} source
dummypass=test
dummypassnew=changetest
GLOBAL_RESULT=0
notice() { print; yes "${@}"; print; }
error() { _warning " ${@}"; }
tt() {
start_loops=(`sudo losetup -a |cut -d: -f1`)
start_temps=(`find /dev/shm -name 'tomb*'`)
${T} -D ${=@}
res=$?
loops=(`sudo losetup -a |cut -d: -f1`)
temps=(`find /dev/shm -name 'tomb*'`)
{ test "${#start_loops}" = "${#loops}" } || {
error "loop device usage change to ${#loops}" }
{ test "${#start_temps}" = "${#temps}" } || {
error "temp files usage change to ${#temps}" }
print " Tomb command returns $res"
return $res
}
# check for auxiliary programs
KDF=1
STEGHIDE=1
RESIZER=1
command -v steghide > /dev/null || STEGHIDE=0
command -v e2fsck resize2fs > /dev/null || RESIZER=0
command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0
command -v qrencode > /dev/null || QRENCODE=0
typeset -A results
tests=(dig forge lock badpass open close passwd chksum bind setkey)
{ test $RESIZER = 1 } && { tests+=(resize) }
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl) }
{ test $QRENCODE = 1 } && { tests+=(qrenc) }
notice "Loading test suite"
# functions that can be called singularly
test-tomb-create() {
notice "wiping all test.tomb* in /tmp"
sudo rm -f /tmp/test.tomb{,.key,.new.key}
notice "Testing creation: dig"
tt dig -s 20 /tmp/test.tomb
{ test $? = 0 } && { results+=(dig SUCCESS) }
notice "Testing creation: forge"
tt forge /tmp/test.tomb.key \
--ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom
{ test $? = 0 } && {
results+=(forge SUCCESS)
#
say "Dump of clear key contents to examine them:"
print ${dummypass} \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.key \
| hexdump -C
echo --
}
notice "Testing creation: lock"
tt lock /tmp/test.tomb -k /tmp/test.tomb.key \
--ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass}
{ test $? = 0 } && { results+=(lock SUCCESS) }
}
test-bind-hooks() {
notice "Testing bind hooks"
tt list test
[[ $? = 0 ]] || {
tt --ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypass} \
open /tmp/test.tomb -k /tmp/test.tomb.key }
rnd=$RANDOM
bindtest="dyne-tomb-bind-test-$rnd"
echo $rnd > /media/test.tomb/$bindtest
rm -f /media/test.tomb/bind-hooks
echo "$bindtest $bindtest" > /media/test.tomb/bind-hooks
touch $HOME/$bindtest
tt close test
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
rnd2=`cat $HOME/$bindtest`
if [ "$rnd" = "$rnd2" ]; then
notice "Bind hook on file matches"
results+=(bind SUCCESS)
tt list test
else
error "Bind hook on file reports incongruence"
fi
rm -f "/media/test.tomb/$bindtest"
tt close test
# Remove test file in HOME
rm -f "$HOME/$bindtest"
}
test-set-key() {
notice "Testing set key"
sudo rm -f /tmp/test.tomb.new.key
tt forge -k /tmp/test.tomb.new.key --force --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom
tt setkey -k /tmp/test.tomb.new.key --unsecure-dev-mode --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypass} /tmp/test.tomb.key /tmp/test.tomb
tt open -k /tmp/test.tomb.new.key --unsecure-dev-mode --tomb-pwd ${dummypass} /tmp/test.tomb
[[ $? = 0 ]] && {
notice "Setkey succesfully swapped tomb key"
results+=(setkey SUCCESS)
say "Dump of clear key contents to examine them:"
print ${dummypass} \
| gpg --batch --passphrase-fd 0 --no-tty --no-options -d /tmp/test.tomb.new.key \
| hexdump -C
echo --
mv /tmp/test.tomb.new.key /tmp/test.tomb.key
tt close test
}
}
startloops=(`sudo losetup -a |cut -d: -f1`)
[[ $1 = "source" ]] && { return 0 }
[[ $1 = "" ]] || {
tt ${=@}
return $?
}
# isolated function (also called with source)
test-tomb-create
notice "Testing open with wrong password"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd wrongpassword open /tmp/test.tomb
{ test $? = 0 } || { results+=(badpass SUCCESS) }
notice "Testing open with good password"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
{ test $? = 0 } && { results+=(open SUCCESS) }
tt close test
{ test $? = 0 } && { results+=(close SUCCESS) }
notice "Testing changing tomb password"
tt passwd /tmp/test.tomb \
-k /tmp/test.tomb.key --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew}
tt passwd /tmp/test.tomb \
-k /tmp/test.tomb.key --unsecure-dev-mode --tomb-old-pwd ${dummypassnew} --tomb-pwd ${dummypass}
{ test $? = 0 } && { results+=(passwd SUCCESS) }
notice "Generating content for file integrity test"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
tt dig -s 10 /media/test.tomb/datacheck.raw
crc="sha256 /media/test.tomb/datacheck.raw"
echo "$crc" > /media/test.tomb/datacheck.sha
tt --unsecure-dev-mode close test
{ test $RESIZER = 1 } && {
notice "Testing resize to 30 MiB"
tt --unsecure-dev-mode --tomb-pwd ${dummypass} -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30
{ test $? = 0 } && { results+=(resize SUCCESS) }
}
notice "Testing contents integrity"
tt -k /tmp/test.tomb.key --unsecure-dev-mode --tomb-pwd ${dummypass} open /tmp/test.tomb
{ test $? = 0 } && {
crc2="sha256 /media/test.tomb/datacheck.raw"
{ test "$crc" = "$crc2" } && { results+=(chksum SUCCESS) }
tt close test
}
# isolated function
test-bind-hooks
# iso func
test-set-key
{ test $KDF = 1 } && {
notice "Testing KDF key"
sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb
tt --unsecure-dev-mode --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdforge SUCCESS) }
tt passwd --unsecure-dev-mode --tomb-old-pwd ${dummypass} --tomb-pwd ${dummypassnew} --kdf 1 -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdfpass SUCCESS) }
tt dig -s 10 /tmp/kdf.tomb
tt lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf \
--ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1
{ test $? = 0 } && { results+=(kdflock SUCCESS) }
tt open /tmp/kdf.tomb -k /tmp/test.tomb.kdf \
--ignore-swap --unsecure-dev-mode --tomb-pwd ${dummypassnew} --kdf 1
{ test $? = 0 } && { results+=(kdfopen SUCCESS) }
${T} close kdf
}
{ test $STEGHIDE = 1 } && {
notice "Testing steganographic hiding of keys"
cp -f arditi.jpg /tmp/tomb.jpg
sudo rm -f /tmp/test.steg.key
tt --unsecure-dev-mode --tomb-pwd ${dummypass} bury -k /tmp/test.tomb.key /tmp/tomb.jpg
{ test $? = 0 } && { results+=(stgin SUCCESS) }
rm -f /tmp/test.steg.key
tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume -k /tmp/test.steg.key /tmp/tomb.jpg
{ test $? = 0 } && { results+=(stgout SUCCESS) }
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/test.steg.key /tmp/test.tomb
{ test $? = 0 } && { results+=(stgopen SUCCESS) }
${T} close test
# test piping keys using -k -
tkey=`tt --unsecure-dev-mode --tomb-pwd ${dummypass} exhume /tmp/tomb.jpg`
print "$tkey" | tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k - /tmp/test.tomb
{ test $? = 0 } && { results+=(stgpipe SUCCESS) }
${T} close test
notice "test using open -k image.jpeg"
tt --unsecure-dev-mode --tomb-pwd ${dummypass} open -k /tmp/tomb.jpg /tmp/test.tomb
{ test $? = 0 } && { results+=(stgimpl SUCCESS) }
tt close test
}
{ test $QRENCODE = 1 } && {
notice "test rendering a QR printable key backup"
tt engrave -k /tmp/test.tomb.key
{ test $? = 0 } && { results+=(qrenc SUCCESS) }
}
# rm /tmp/test.tomb{,.key} -f || exit 1
endloops=(`sudo losetup -a |cut -d: -f1`)
notice "Test results summary"
print "${#startloops} loop devices busy at start"
for t in $tests; do
echo "$t\t${results[$t]:-FAIL}"
done
for r in ${(v)results}; do
[[ "$r" == "SUCCESS" ]] || GLOBAL_RESULT=1
done
print "${#endloops} loop devices busy at end"
print "Done. You can remove temporary leftovers from /tmp :"
for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done
return $GLOBAL_RESULT