chiark / gitweb /
Upgrade licence to GPLv3+.
[tripe] / keys / tests.at
CommitLineData
8cae2567
MW
1### -*-autotest-*-
2###
3### Test script for key-management
4###
5### (c) 2008 Straylight/Edgeware
6###
7
8###----- Licensing notice ---------------------------------------------------
9###
10### This file is part of Trivial IP Encryption (TrIPE).
11###
11ad66c2
MW
12### TrIPE is free software: you can redistribute it and/or modify it under
13### the terms of the GNU General Public License as published by the Free
14### Software Foundation; either version 3 of the License, or (at your
15### option) any later version.
8cae2567 16###
11ad66c2
MW
17### TrIPE is distributed in the hope that it will be useful, but WITHOUT
18### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
19### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20### for more details.
8cae2567
MW
21###
22### You should have received a copy of the GNU General Public License
11ad66c2 23### along with TrIPE. If not, see <https://www.gnu.org/licenses/>.
8cae2567
MW
24
25AT_SETUP([key management])
26AT_KEYWORDS([keys python])
27
28###--------------------------------------------------------------------------
29### Make sure that this has a chance of working.
30
31AT_CHECK([
32 case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in
33 "") ;;
34 *) exit 77 ;;
35 esac
36])
37
38AT_TESTED([curl key catsign rsync])
39
40###--------------------------------------------------------------------------
41### Create the initial environment.
42
43work=$(pwd)
44mkdir alice bob stage dist
45
46cd "$work"/alice
47
48cat <<EOF >tripe-keys.master
49## Distribution parameters.
50base-url = file://$work/dist/
51base-dir = $work/stage/
52upload-hook = rsync -aI --delete $work/stage/ $work/dist/
53
54## Cryptographic parameters.
55kx = ec
56kx-expire = now + 1 year
57sig-fresh = 1 month ago
58sig-expire now + 1 year
59master-keygen-flags =
60
61## Master key integrity.
62master-sequence = @MASTER-SEQUENCE@
63hk-master = @HK-MASTER@
64EOF
65
66###--------------------------------------------------------------------------
67### Simple key establishment.
68
69## Alice sets up her repository and generates a key.
70AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore])
71AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore])
72AT_CHECK([test -r peer-alice.pub])
73cp peer-alice.pub repos/
74AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
75AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
76
77## Bob fetches a copy and generates his own key.
78cd "$work"/bob
79AT_CHECK([test -r "$work"/dist/tripe-keys.conf])
80cp "$work"/dist/tripe-keys.conf .
81AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
82AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore])
83AT_CHECK([test -r peer-bob.pub])
84
85## Alice collects Bob's key and installs it.
86cd "$work/alice"
87cp "$work"/bob/peer-bob.pub repos/
88AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
89AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
90
91## Bob fetches the new update and checks that his key's there.
92cd "$work"/bob
93AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
94AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub])
95
96###--------------------------------------------------------------------------
97### Alice rolls over her master key.
98
99## Alice generates a new master key and publishes it.
100cd "$work"/alice
101AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore])
102AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
103
104cd "$work"/dist
105AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1])
106
107## Bob fetches a new copy. He gets warned that something unusual has
108## happened.
109cd "$work"/bob
110AT_CHECK([BUILDDIR/tripe-keys update],, [ignore],
111[tripe-keys: configuration file changed: recommend running another update
112])
113
114## Alice can now destroy her old master key.
115cd "$work"/alice
116AT_CHECK([key -kmaster delete master-0])
117AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
118
119## This is OK because Bob has rolled over to the new key.
120cd "$work"/bob
121AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
122
123###--------------------------------------------------------------------------
124### Check good behaviour on signature verification failures.
125
126## Corrupt the distribution tarball.
127cd "$work"/dist
128mkdir tmp
129cd tmp
130tar xfz ../tripe-keys.tar.gz
131touch repos/bogus-file
132tar cfz ../tripe-keys.tar.gz *
133
134## Bob tries fetching again. The update will notice the problem; none of his
135## files will change.
136cd "$work"/bob
137md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5
138AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore])
139AT_CHECK([md5sum -c old-state.md5],, [ignore])
140
141###----- That's all, folks --------------------------------------------------
142
143AT_CLEANUP