Commit | Line | Data |
---|---|---|
8cae2567 MW |
1 | ### -*-autotest-*- |
2 | ### | |
3 | ### Test script for key-management | |
4 | ### | |
5 | ### (c) 2008 Straylight/Edgeware | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This file is part of Trivial IP Encryption (TrIPE). | |
11 | ### | |
11ad66c2 MW |
12 | ### TrIPE is free software: you can redistribute it and/or modify it under |
13 | ### the terms of the GNU General Public License as published by the Free | |
14 | ### Software Foundation; either version 3 of the License, or (at your | |
15 | ### option) any later version. | |
8cae2567 | 16 | ### |
11ad66c2 MW |
17 | ### TrIPE is distributed in the hope that it will be useful, but WITHOUT |
18 | ### ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
19 | ### FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | |
20 | ### for more details. | |
8cae2567 MW |
21 | ### |
22 | ### You should have received a copy of the GNU General Public License | |
11ad66c2 | 23 | ### along with TrIPE. If not, see <https://www.gnu.org/licenses/>. |
8cae2567 MW |
24 | |
25 | AT_SETUP([key management]) | |
26 | AT_KEYWORDS([keys python]) | |
27 | ||
28 | ###-------------------------------------------------------------------------- | |
29 | ### Make sure that this has a chance of working. | |
30 | ||
31 | AT_CHECK([ | |
32 | case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in | |
33 | "") ;; | |
34 | *) exit 77 ;; | |
35 | esac | |
36 | ]) | |
37 | ||
38 | AT_TESTED([curl key catsign rsync]) | |
39 | ||
40 | ###-------------------------------------------------------------------------- | |
41 | ### Create the initial environment. | |
42 | ||
43 | work=$(pwd) | |
44 | mkdir alice bob stage dist | |
45 | ||
46 | cd "$work"/alice | |
47 | ||
48 | cat <<EOF >tripe-keys.master | |
49 | ## Distribution parameters. | |
50 | base-url = file://$work/dist/ | |
51 | base-dir = $work/stage/ | |
52 | upload-hook = rsync -aI --delete $work/stage/ $work/dist/ | |
53 | ||
54 | ## Cryptographic parameters. | |
55 | kx = ec | |
56 | kx-expire = now + 1 year | |
57 | sig-fresh = 1 month ago | |
58 | sig-expire now + 1 year | |
59 | master-keygen-flags = | |
60 | ||
61 | ## Master key integrity. | |
62 | master-sequence = @MASTER-SEQUENCE@ | |
63 | hk-master = @HK-MASTER@ | |
64 | EOF | |
65 | ||
66 | ###-------------------------------------------------------------------------- | |
67 | ### Simple key establishment. | |
68 | ||
69 | ## Alice sets up her repository and generates a key. | |
70 | AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore]) | |
71 | AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore]) | |
72 | AT_CHECK([test -r peer-alice.pub]) | |
73 | cp peer-alice.pub repos/ | |
74 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
75 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
76 | ||
77 | ## Bob fetches a copy and generates his own key. | |
78 | cd "$work"/bob | |
79 | AT_CHECK([test -r "$work"/dist/tripe-keys.conf]) | |
80 | cp "$work"/dist/tripe-keys.conf . | |
81 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
82 | AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore]) | |
83 | AT_CHECK([test -r peer-bob.pub]) | |
84 | ||
85 | ## Alice collects Bob's key and installs it. | |
86 | cd "$work/alice" | |
87 | cp "$work"/bob/peer-bob.pub repos/ | |
88 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
89 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
90 | ||
91 | ## Bob fetches the new update and checks that his key's there. | |
92 | cd "$work"/bob | |
93 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
94 | AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub]) | |
95 | ||
96 | ###-------------------------------------------------------------------------- | |
97 | ### Alice rolls over her master key. | |
98 | ||
99 | ## Alice generates a new master key and publishes it. | |
100 | cd "$work"/alice | |
101 | AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore]) | |
102 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
103 | ||
104 | cd "$work"/dist | |
105 | AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1]) | |
106 | ||
107 | ## Bob fetches a new copy. He gets warned that something unusual has | |
108 | ## happened. | |
109 | cd "$work"/bob | |
110 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore], | |
111 | [tripe-keys: configuration file changed: recommend running another update | |
112 | ]) | |
113 | ||
114 | ## Alice can now destroy her old master key. | |
115 | cd "$work"/alice | |
116 | AT_CHECK([key -kmaster delete master-0]) | |
117 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
118 | ||
119 | ## This is OK because Bob has rolled over to the new key. | |
120 | cd "$work"/bob | |
121 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
122 | ||
123 | ###-------------------------------------------------------------------------- | |
124 | ### Check good behaviour on signature verification failures. | |
125 | ||
126 | ## Corrupt the distribution tarball. | |
127 | cd "$work"/dist | |
128 | mkdir tmp | |
129 | cd tmp | |
130 | tar xfz ../tripe-keys.tar.gz | |
131 | touch repos/bogus-file | |
132 | tar cfz ../tripe-keys.tar.gz * | |
133 | ||
134 | ## Bob tries fetching again. The update will notice the problem; none of his | |
135 | ## files will change. | |
136 | cd "$work"/bob | |
137 | md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5 | |
138 | AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore]) | |
139 | AT_CHECK([md5sum -c old-state.md5],, [ignore]) | |
140 | ||
141 | ###----- That's all, folks -------------------------------------------------- | |
142 | ||
143 | AT_CLEANUP |