mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-16 19:40:57 +01:00
607 lines
15 KiB
Bash
607 lines
15 KiB
Bash
# -*-sh-*-
|
|
#
|
|
# This file is part of Pretty Curved Privacy (pcp1).
|
|
#
|
|
# Copyright (C) 2013-2015 T.v.Dein.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# You can contact me by mail: <tlinden AT cpan DOT org>.
|
|
#
|
|
|
|
pcp=../pcp
|
|
vault=v1
|
|
passwd=ech9xeiT%CuxuH1ch-is2ies1R
|
|
md5msg=66b8c4ca9e5d2a7e3c0559c3cdea3d50
|
|
mangle=./mangle
|
|
verbose=1
|
|
blake2=5baec1cad5bf54287028749d83f2bf3e3ed09f0ee38a233f35dbda1361c6a67fd824e17c86ee3a85181038eb44836c17c42e6beff17fdf997075417914056992
|
|
blake2auth=d7fff04bd63004f7a2ba914d9b2ccff22827230d3c546d97ebaa29cbe9fb2380b7948bc799486d512b4355c24f0cce423e746419098d4455af91898c4a06a5df
|
|
key=9U3Dk2s
|
|
|
|
. ./keys.cfg
|
|
|
|
|
|
check_dependencies_pcp () {
|
|
cmd="ls $pcp"
|
|
expect="/pcp/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_streams_8 () {
|
|
md5=`./md5 ../../COPYING`
|
|
cmd="./pipetest 8 e < ../../COPYING | ./pipetest 8 d | ./md5"
|
|
expect="/$md5/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_streams_16 () {
|
|
md5=`./md5 ../../COPYING`
|
|
cmd="./pipetest 16 e < ../../COPYING | ./pipetest 16 d | ./md5"
|
|
expect="/$md5/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_streams_32 () {
|
|
md5=`./md5 ../../COPYING`
|
|
cmd="./pipetest 32 e < ../../COPYING | ./pipetest 32 d | ./md5"
|
|
expect="/$md5/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_streams_64 () {
|
|
md5=`./md5 ../../COPYING`
|
|
cmd="./pipetest 64 e < ../../COPYING | ./pipetest 64 d | ./md5"
|
|
expect="/$md5/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_z85_1_compliant () {
|
|
cmd="./decodertest 1"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_z85_2_compliant_no_newlines () {
|
|
cmd="./decodertest 2"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_z85_3_compliant_no_begin_header () {
|
|
cmd="./decodertest 3"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_z85_4_uncompliant_empty_comment () {
|
|
cmd="./decodertest 4"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_z85_5_uncompliant_missing_char () {
|
|
cmd="./decodertest 5"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_show_help () {
|
|
cmd="$pcp -h"
|
|
expect="/export/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_fail_without_vault () {
|
|
rm -f $vault
|
|
cmd="$pcp -V $vault -l"
|
|
expect="/doesn.t contain any keys so far/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_generate_secret_key () {
|
|
cmd="$pcp -V $vault -k -x $passwd"
|
|
input=$(cat <<'EOF'
|
|
Dexter Morgan
|
|
dxmorg@florida.cops.gov
|
|
EOF
|
|
)
|
|
expect="/Generated new secret key/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_fail_entropy_generate_secret_key () {
|
|
cmd="$pcp -V $vault -k -x password"
|
|
input=$(cat <<'EOF'
|
|
Dexter Morgan
|
|
dxmorg@florida.cops.gov
|
|
no
|
|
EOF
|
|
)
|
|
expect="/weak passphrase/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_vault_contains_secret () {
|
|
cmd="$pcp -V $vault -l"
|
|
expect="/Dexter Morgan/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_secret_key_info () {
|
|
cmd="$pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -t -i"
|
|
expect="/Serial Number/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_export_public_key () {
|
|
cmd="$pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -z -i "
|
|
expect="/PUBLIC KEY/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_export_public_key_tofile () {
|
|
cmd="$pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -O testkey-self -i "
|
|
expectfile="testkey-self"
|
|
expect=""
|
|
check "$cmd" "$expect" "$input" "$expectfile"
|
|
}
|
|
|
|
check_export_public_key_filecontent () {
|
|
cmd="strings testkey-self"
|
|
expect="Dexter"
|
|
check "$cmd" "$expect" "$input" ""
|
|
}
|
|
|
|
check_import_public_key () {
|
|
cmd="$pcp -V $vault -K -I bart.pub"
|
|
expect="/key $bartid added/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_imported_public_key_info () {
|
|
cmd="$pcp -V $vault -t -i $bartid"
|
|
expect="/Serial Number: $bartserial/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_delete_public_key_works () {
|
|
cmd="$pcp -V $vault -R -i $bartid"
|
|
expect="/Public key deleted/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_vault_still_valid () {
|
|
cmd="$pcp -V $vault -t"
|
|
expect="/Vault version: 00000002/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_deleted_public_key_is_away () {
|
|
cmd="$pcp -V $vault -t"
|
|
expect="/Public keys: 0/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
|
|
#
|
|
# encryption tests
|
|
# alicias part
|
|
check_crypto_alicia_import_secret () {
|
|
cmd="$pcp -V va -K -I key-alicia-sec -x a"
|
|
expect="/${idalicia}/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_import_bobbys_key () {
|
|
cmd="$pcp -V va -K -I key-bobby-pub"
|
|
expect="/${idbobby}/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_encrypt () {
|
|
cmd="$pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a"
|
|
expect="/${idbobby} - Bobby/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_encrypt_anonymous () {
|
|
cmd="$pcp -V va -e -A -i ${idbobby} -I testmessage -O testencryptedanon -x a"
|
|
expect="/${idbobby} - Bobby/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
# bobbys part
|
|
check_crypto_bobby_import_secret () {
|
|
cmd="$pcp -V vb -K -I key-bobby-sec -x b"
|
|
expect="/${idbobby}/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_bobby_decrypt_anonymous () {
|
|
# decrypt anon, without knowing alicias key
|
|
cmd="$pcp -V vb -d -O testdecryptedanon -I testencryptedanon -x b"
|
|
expect="/successfully/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_import_alicias_key () {
|
|
cmd="$pcp -V vb -K -I key-alicia-pub"
|
|
expect="/${idalicia}/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_bobby_decrypt () {
|
|
cmd="$pcp -V vb -d -O testdecrypted -I testencrypted -x b"
|
|
expect="/successfully/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_encrypted_file () {
|
|
cmd="cat testdecrypted"
|
|
expect="/${md5msg}/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_encrypt_self () {
|
|
cmd="$pcp -V va -e -M -I testmessage -O testencryptedself -x a"
|
|
expect="/Alicia/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_crypto_alicia_deencrypt_self () {
|
|
cmd="$pcp -V va -d -I testencryptedself -O testdecrypted -x a"
|
|
expect="/successfully/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
#
|
|
# symetric encryption test
|
|
check_sym_encrypt () {
|
|
cmd="echo HELLOWORLD | $pcp -e -O testsymencrypted -x a"
|
|
expect="/symetrically/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_sym_decrypt () {
|
|
cmd="$pcp -d -I testsymencrypted -x a"
|
|
expect="/HELLO/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
|
|
#
|
|
# signature tests
|
|
check_sign_detached_to_bobby () {
|
|
cmd="$pcp -V va -g -I ../../COPYING -f testsig -x a"
|
|
expectfile="testsig"
|
|
expect=""
|
|
check "$cmd" "$expect" "$input" "$expectfile"
|
|
}
|
|
|
|
check_verify_detached_signature () {
|
|
cmd="$pcp -V vb -c -f testsig -I ../../COPYING -i $idalicia"
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_verify_detached_signature_self () {
|
|
cmd="$pcp -V va -c -f testsig -I ../../COPYING"
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_sign_armored_to_bobby () {
|
|
rm -f testsig
|
|
cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a -z"
|
|
expectfile="testsig"
|
|
expect=""
|
|
check "$cmd" "$expect" "$input" "$expectfile"
|
|
}
|
|
|
|
check_verify_armored_signature () {
|
|
cmd="$pcp -V vb -c -I testsig -i $idalicia -z"
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_verify_armored_signature_self () {
|
|
cmd="$pcp -V va -c -I testsig -z"
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_sign_bin_to_bobby () {
|
|
rm -f testsig
|
|
cmd="$pcp -V va -g -I ../../COPYING -O testsig -x a"
|
|
expectfile="testsig"
|
|
expect=""
|
|
check "$cmd" "$expect" "$input" "$expectfile"
|
|
}
|
|
|
|
check_verify_bin_signature () {
|
|
cmd="$pcp -V vb -c -I testsig -i $idalicia"
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_verify_bin_signature_self () {
|
|
cmd="$pcp -V va -c -I testsig "
|
|
expect="/verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
#
|
|
# sign+encrypt tests
|
|
check_sign_crypt_to_bobby () {
|
|
cmd="$pcp -V va -g -e -I ../../COPYING -O testsig -r Bobby -x a"
|
|
expect="/Encrypted/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_verify_decrypt_from_alicia () {
|
|
cmd="$pcp -V vb -c -d -I testsig -x b"
|
|
expect="/Verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_verify_decrypt_from_alicia_determine () {
|
|
cmd="$pcp -V vb -d -I testsig -x b"
|
|
expect="/Verified/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
#
|
|
# raw C test with prepared keys, message and cipher
|
|
check_raw_decrypt () {
|
|
cmd="./statictest"
|
|
expect="/ok/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
|
|
#
|
|
# negative tests, check for error handling
|
|
check_if_catch_conflicting_params () {
|
|
cmd="$pcp -V $vault -K -K"
|
|
expect="/invalid combination of commandline parameters/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_infile_error () {
|
|
cmd="$pcp -V $vault -I nonexist -K"
|
|
expect="/Could not open input file nonexist/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_import_without_id_error () {
|
|
cmd="$pcp -V $vault -R"
|
|
expect="/You need to specify a key id/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_catch_invalid_short_keyid () {
|
|
cmd="$pcp -V $vault -R -i 0x1"
|
|
expect="/is too short/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_catch_invalid_long_keyid () {
|
|
cmd="$pcp -V $vault -R -i 0x1111111111111111111111111"
|
|
expect="/is too long/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_catch_invalid_long_keyid_without_0x () {
|
|
cmd="$pcp -V $vault -R -i 11111111111111111"
|
|
expect="/is too long/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_catch_delete_nonexist () {
|
|
cmd="$pcp -V $vault -R -i 0x0101010101010101"
|
|
expect="/No key with id 0x010101/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_export_secret_catch_nonexistent_keyid () {
|
|
cmd="$pcp -V $vault -s -i 0x0101010101010101"
|
|
expect="/Could not find a secret key with id 0x010101/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_export_secret_catch_no_primary () {
|
|
$pcp -V v2 -l # so we've got just an empty vault
|
|
cmd="$pcp -V v2 -s"
|
|
expect="/no primary secret key in the vault/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_export_secret_catch_outfile_error () {
|
|
cmd=" $pcp -V $vault -l | grep primary |cut -d ' ' -f 1 | xargs $pcp -V $vault -s -O nonexistentdir/keyfile -i"
|
|
expect="/Could not create output file nonexistentdir/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
|
|
check_if_export_public_catch_nonexistent_keyid () {
|
|
cmd="$pcp -V $vault -p -i 0x0101010101010101"
|
|
expect="/Could not find a key with id 0x010101/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_export_public_catch_no_primary () {
|
|
$pcp -V v3 -l # so we've got just an empty vault
|
|
cmd="$pcp -V v3 -p"
|
|
expect="/no primary secret key in the vault/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_export_public_catch_outfile_error () {
|
|
$pcp -V $vault -K -I bart.pub
|
|
cmd="$pcp -V $vault -l | grep public | cut -d ' ' -f 1 | tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile"
|
|
expect="/Could not create output file nonexistentdir/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_catch_empty_input () {
|
|
touch testfile-empty
|
|
cmd="$pcp -V $vault -K -I testfile-empty"
|
|
expect="/file is empty/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_catch_missing_newlines () {
|
|
perl -e 'print "X" x 5000; print "\n"' > testfile-toolong
|
|
cmd="$pcp -V $vault -K -I testfile-toolong -x x"
|
|
expect="/failed/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_catch_nokey_behind_z85 () {
|
|
./jot 30 | while read ignore; do echo XXXXX; done | $pcp -z > testfile-nokey
|
|
cmd="$pcp -V $vault -K -I testfile-nokey -x x"
|
|
expect="/failed/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_sanity_catch_keyexists () {
|
|
cmd="$pcp -V $vault -K -I bart.pub"
|
|
expect="/there already exists a key/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_if_catch_nokeys () {
|
|
$pcp -V v3 -l
|
|
cmd="$pcp -V v3 -l"
|
|
expect="/contain any keys so far/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_testkey_wrong_version () {
|
|
cmd="$pcp -V $vault -K -I testkey-wrong-version -x xxx"
|
|
expect="/unknown key version/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_testkey_wrong_serial () {
|
|
cmd="$pcp -V $vault -K -I testkey-wrong-serial -x xxx"
|
|
expect="/invalid serial number/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_testkey_wrong_ctime () {
|
|
cmd="$pcp -V $vault -K -I testkey-invalid-ctime -x xxx"
|
|
expect="/invalid creation timestamp/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_vault_invalid_header () {
|
|
cmd="$pcp -V testvault-invalidheader -l"
|
|
expect="/Unexpected vault file format/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_vault_invalid_version () {
|
|
cmd="$pcp -V testvault-invalidversion -l"
|
|
expect="/Unexpected vault file format/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_vault_invalid_itemtype () {
|
|
cmd="$pcp -V testvault-invaliditemtype -l"
|
|
expect="/invalid key type/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_vault_invalid_keytype () {
|
|
cmd="$pcp -V testvault-invalidkeytype -l"
|
|
expect="/contain any keys so far./"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
|
|
#
|
|
# input handling tests
|
|
check_large_meta () {
|
|
cmd="(./jot 300 | while read m; do echo -n m; done; echo $passwd) | $pcp -V $vault -k -x $passwd"
|
|
expect="/Generated new secret key/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
#
|
|
# fuzz tests
|
|
check_fuzz_binary_pubkey () {
|
|
expect="!/added/"
|
|
cmd="echo no | $pcp -V vf -K -I testfuzzP.pub -x $passwd"
|
|
|
|
for N in `./jot 30`; do
|
|
cp testfuzzP.orig testfuzzP.pub
|
|
$mangle testfuzzP.pub
|
|
if ! diff testfuzzP.* > /dev/null 2>&1; then
|
|
check "$cmd" "$expect" "$input"
|
|
break
|
|
fi
|
|
done
|
|
}
|
|
|
|
check_fuzz_binary_seckey () {
|
|
cmd="echo no | $pcp -V vf -K -I testfuzzS.sec -x $passwd"
|
|
expect="!/added/"
|
|
for N in `./jot 30`; do
|
|
cp testfuzzS.orig testfuzzS.sec
|
|
$mangle testfuzzS.sec
|
|
if ! diff testfuzzS.* > /dev/null 2>&1; then
|
|
expect="!/added/"
|
|
check "$cmd" "$expect" "$input"
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
# checksum tests
|
|
check_checksum_copying () {
|
|
cmd="$pcp -C ../../COPYING"
|
|
expect="/$blake2/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_checksum_authenticated_copying () {
|
|
cmd="$pcp -x $key -C ../../COPYING"
|
|
expect="/$blake2auth/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_checksum_copying_stdin () {
|
|
cmd="$pcp -C < ../../COPYING"
|
|
expect="/$blake2/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
check_checksum_multiple () {
|
|
cmd="$pcp -C ../../COPYING ../../../COPYING"
|
|
expect="/../../COPYING/"
|
|
check "$cmd" "$expect" "$input"
|
|
}
|
|
|
|
prepare () {
|
|
# global preparations
|
|
rm -f v*
|
|
./invalidkeys
|
|
echo ${md5msg} > testmessage
|
|
(echo F; echo F) | $pcp -V vfz -k -x $passwd
|
|
$pcp -V vfz -p -O testfuzzP.orig -x $passwd
|
|
$pcp -V vfz -s -O testfuzzS.orig -x $passwd
|
|
}
|