~mdw / tripe / blame
| Commit | Line | Data |
|---|---|---|
| 8cae2567 MW |
1 | ### -*-autotest-*- |
| 2 | ### | |
| 3 | ### Test script for key-management | |
| 4 | ### | |
| 5 | ### (c) 2008 Straylight/Edgeware | |
| 6 | ### | |
| 7 | ||
| 8 | ###----- Licensing notice --------------------------------------------------- | |
| 9 | ### | |
| 10 | ### This file is part of Trivial IP Encryption (TrIPE). | |
| 11 | ### | |
| 12 | ### TrIPE is free software; you can redistribute it and/or modify | |
| 13 | ### it under the terms of the GNU General Public License as published by | |
| 14 | ### the Free Software Foundation; either version 2 of the License, or | |
| 15 | ### (at your option) any later version. | |
| 16 | ### | |
| 17 | ### TrIPE is distributed in the hope that it will be useful, | |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 20 | ### GNU General Public License for more details. | |
| 21 | ### | |
| 22 | ### You should have received a copy of the GNU General Public License | |
| 23 | ### along with TrIPE; if not, write to the Free Software Foundation, | |
| 24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 25 | ||
| 26 | AT_SETUP([key management]) | |
| 27 | AT_KEYWORDS([keys python]) | |
| 28 | ||
| 29 | ###-------------------------------------------------------------------------- | |
| 30 | ### Make sure that this has a chance of working. | |
| 31 | ||
| 32 | AT_CHECK([ | |
| 33 | case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in | |
| 34 | "") ;; | |
| 35 | *) exit 77 ;; | |
| 36 | esac | |
| 37 | ]) | |
| 38 | ||
| 39 | AT_TESTED([curl key catsign rsync]) | |
| 40 | ||
| 41 | ###-------------------------------------------------------------------------- | |
| 42 | ### Create the initial environment. | |
| 43 | ||
| 44 | work=$(pwd) | |
| 45 | mkdir alice bob stage dist | |
| 46 | ||
| 47 | cd "$work"/alice | |
| 48 | ||
| 49 | cat <<EOF >tripe-keys.master | |
| 50 | ## Distribution parameters. | |
| 51 | base-url = file://$work/dist/ | |
| 52 | base-dir = $work/stage/ | |
| 53 | upload-hook = rsync -aI --delete $work/stage/ $work/dist/ | |
| 54 | ||
| 55 | ## Cryptographic parameters. | |
| 56 | kx = ec | |
| 57 | kx-expire = now + 1 year | |
| 58 | sig-fresh = 1 month ago | |
| 59 | sig-expire now + 1 year | |
| 60 | master-keygen-flags = | |
| 61 | ||
| 62 | ## Master key integrity. | |
| 63 | master-sequence = @MASTER-SEQUENCE@ | |
| 64 | hk-master = @HK-MASTER@ | |
| 65 | EOF | |
| 66 | ||
| 67 | ###-------------------------------------------------------------------------- | |
| 68 | ### Simple key establishment. | |
| 69 | ||
| 70 | ## Alice sets up her repository and generates a key. | |
| 71 | AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore]) | |
| 72 | AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore]) | |
| 73 | AT_CHECK([test -r peer-alice.pub]) | |
| 74 | cp peer-alice.pub repos/ | |
| 75 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
| 76 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
| 77 | ||
| 78 | ## Bob fetches a copy and generates his own key. | |
| 79 | cd "$work"/bob | |
| 80 | AT_CHECK([test -r "$work"/dist/tripe-keys.conf]) | |
| 81 | cp "$work"/dist/tripe-keys.conf . | |
| 82 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
| 83 | AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore]) | |
| 84 | AT_CHECK([test -r peer-bob.pub]) | |
| 85 | ||
| 86 | ## Alice collects Bob's key and installs it. | |
| 87 | cd "$work/alice" | |
| 88 | cp "$work"/bob/peer-bob.pub repos/ | |
| 89 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
| 90 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
| 91 | ||
| 92 | ## Bob fetches the new update and checks that his key's there. | |
| 93 | cd "$work"/bob | |
| 94 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
| 95 | AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub]) | |
| 96 | ||
| 97 | ###-------------------------------------------------------------------------- | |
| 98 | ### Alice rolls over her master key. | |
| 99 | ||
| 100 | ## Alice generates a new master key and publishes it. | |
| 101 | cd "$work"/alice | |
| 102 | AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore]) | |
| 103 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
| 104 | ||
| 105 | cd "$work"/dist | |
| 106 | AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1]) | |
| 107 | ||
| 108 | ## Bob fetches a new copy. He gets warned that something unusual has | |
| 109 | ## happened. | |
| 110 | cd "$work"/bob | |
| 111 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore], | |
| 112 | [tripe-keys: configuration file changed: recommend running another update | |
| 113 | ]) | |
| 114 | ||
| 115 | ## Alice can now destroy her old master key. | |
| 116 | cd "$work"/alice | |
| 117 | AT_CHECK([key -kmaster delete master-0]) | |
| 118 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
| 119 | ||
| 120 | ## This is OK because Bob has rolled over to the new key. | |
| 121 | cd "$work"/bob | |
| 122 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
| 123 | ||
| 124 | ###-------------------------------------------------------------------------- | |
| 125 | ### Check good behaviour on signature verification failures. | |
| 126 | ||
| 127 | ## Corrupt the distribution tarball. | |
| 128 | cd "$work"/dist | |
| 129 | mkdir tmp | |
| 130 | cd tmp | |
| 131 | tar xfz ../tripe-keys.tar.gz | |
| 132 | touch repos/bogus-file | |
| 133 | tar cfz ../tripe-keys.tar.gz * | |
| 134 | ||
| 135 | ## Bob tries fetching again. The update will notice the problem; none of his | |
| 136 | ## files will change. | |
| 137 | cd "$work"/bob | |
| 138 | md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5 | |
| 139 | AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore]) | |
| 140 | AT_CHECK([md5sum -c old-state.md5],, [ignore]) | |
| 141 | ||
| 142 | ###----- That's all, folks -------------------------------------------------- | |
| 143 | ||
| 144 | AT_CLEANUP |