mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 12:00:56 +01:00
607 lines
16 KiB
HTML
607 lines
16 KiB
HTML
# -*-html-*-
|
|
#
|
|
# This file is part of Pretty Curved Privacy (pcp1).
|
|
#
|
|
# Copyright (C) 2013 T.Linden.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# You can contact me by mail: <tlinden AT cpan DOT org>.
|
|
#
|
|
|
|
pcp = ../src/pcp1
|
|
vault = v1
|
|
passwd = ech9xeiT%CuxuH1ch-is2ies1R
|
|
md5msg = 66b8c4ca9e5d2a7e3c0559c3cdea3d50
|
|
mangle = ./mangle
|
|
verbose = 1
|
|
include keys.cfg
|
|
|
|
<test check-dependencies>
|
|
<test check-dependencies-pcp>
|
|
cmd = ls $pcp
|
|
expect = /pcp/
|
|
</test>
|
|
</test>
|
|
|
|
|
|
<test check-streams>
|
|
<test check-streams-8>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 8 e < ../COPYING | ./pipetest 8 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-16>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 16 e < ../COPYING | ./pipetest 16 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-32>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 32 e < ../COPYING | ./pipetest 32 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-64>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 64 e < ../COPYING | ./pipetest 64 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
</test>
|
|
|
|
<test check-z85>
|
|
<test check-z85-1-compliant>
|
|
cmd = ./decodertest 1
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-2-compliant-no-newlines>
|
|
cmd = ./decodertest 2
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-3-compliant-no-begin-header>
|
|
cmd = ./decodertest 3
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-4-uncompliant-empty-comment>
|
|
cmd = ./decodertest 4
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-5-uncompliant-missing-char>
|
|
cmd = ./decodertest 5
|
|
expect = /ok/
|
|
</test>
|
|
</test>
|
|
|
|
<test check-show-help>
|
|
cmd = $pcp -h
|
|
expect = /export/
|
|
</test>
|
|
|
|
<test check-if-fail-without-vault>
|
|
prepare = rm -f $vault
|
|
cmd = $pcp -V $vault -l
|
|
expect = /doesn't contain any keys so far/
|
|
</test>
|
|
|
|
<test check-generate-secret-key>
|
|
cmd = $pcp -V $vault -k -x $passwd
|
|
input = <<EOF
|
|
Dexter Morgan
|
|
dxmorg@florida.cops.gov
|
|
EOF
|
|
expect = /Generated new secret key/
|
|
</test>
|
|
|
|
<test check-fail-entropy-generate-secret-key>
|
|
cmd = $pcp -V $vault -k -x password
|
|
input = <<EOF
|
|
Dexter Morgan
|
|
dxmorg@florida.cops.gov
|
|
no
|
|
EOF
|
|
expect = /weak passphrase/
|
|
</test>
|
|
|
|
|
|
|
|
<test check-if-vault-contains-secret>
|
|
cmd = $pcp -V $vault -l
|
|
expect = /Dexter Morgan/
|
|
</test>
|
|
|
|
<test check-secret-key-info>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -t -i
|
|
expect = /Serial Number/
|
|
</test>
|
|
|
|
<test check-export-public-key>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -z -i
|
|
expect = /PUBLIC KEY/
|
|
</test>
|
|
|
|
<test check-export-public-key-tofile>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -O testkey-self -i
|
|
expect-file = testkey-self
|
|
</test>
|
|
|
|
<test check-export-public-key-filecontent>
|
|
cmd = true # file is already there
|
|
expect-file-contains = testkey-self Dexter
|
|
</test>
|
|
|
|
<test check-import-public-key>
|
|
cmd = $pcp -V $vault -K -I bart.pub
|
|
expect = /key $bartid added/
|
|
</test>
|
|
|
|
<test check-imported-public-key-info>
|
|
cmd = $pcp -V $vault -t -i $bartid
|
|
expect = /Serial Number: $bartserial/
|
|
</test>
|
|
|
|
<test check-if-delete-public-key-works>
|
|
cmd = $pcp -V $vault -R -i $bartid
|
|
expect = /Public key deleted/
|
|
</test>
|
|
|
|
<test check-if-vault-still-valid>
|
|
cmd = $pcp -V $vault -t
|
|
expect = /Vault version: 00000002/
|
|
</test>
|
|
|
|
<test check-if-deleted-public-key-is-away>
|
|
cmd = $pcp -V $vault -t
|
|
expect = /Public keys: 0/
|
|
</test>
|
|
|
|
|
|
#
|
|
# test file determination
|
|
/* doesnt work currently, disabled.
|
|
<test check-determine-pub>
|
|
cmd = $pcp -t -I unknown1
|
|
expect = /Niemand/
|
|
</test>
|
|
|
|
<test check-determine-sec>
|
|
cmd = $pcp -t -I unknown2
|
|
expect = /secret key/
|
|
</test>
|
|
*/
|
|
<test check-determine-empty-vault>
|
|
cmd = $pcp -t -I unknown3
|
|
expect = /empty/
|
|
</test>
|
|
/*
|
|
temporarily disabled
|
|
<test check-determine-encrypted-file>
|
|
cmd = $pcp -t -I unknown4
|
|
expect = /encrypted/
|
|
</test>
|
|
*/
|
|
|
|
#
|
|
# encryption tests
|
|
<test check-crypto-alicia-2-bobby>
|
|
# alicias part
|
|
prepare = echo ${md5msg} > testmessage
|
|
<test check-crypto-alicia-import-secret>
|
|
cmd = $pcp -V va -K -I key-alicia-sec -x a
|
|
expect = /${idalicia}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-import-bobbys-key>
|
|
cmd = $pcp -V va -K -I key-bobby-pub
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypt>
|
|
cmd = $pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a
|
|
expect = /${idbobby} - Bobby/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypt-anonymous>
|
|
cmd = $pcp -V va -e -A -i ${idbobby} -I testmessage -O testencryptedanon -x a
|
|
expect = /${idbobby} - Bobby/
|
|
</test>
|
|
|
|
# bobbys part
|
|
<test check-crypto-bobby-import-secret>
|
|
cmd = $pcp -V vb -K -I key-bobby-sec -x b
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-crypto-bobby-decrypt-anonymous>
|
|
# decrypt anon, without knowing alicias key
|
|
cmd = $pcp -V vb -d -O testdecryptedanon -I testencryptedanon -x b
|
|
expect = /successfully/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-import-alicias-key>
|
|
cmd = $pcp -V vb -K -I key-alicia-pub
|
|
expect = /${idalicia}/
|
|
</test>
|
|
|
|
<test check-crypto-bobby-decrypt>
|
|
cmd = $pcp -V vb -d -O testdecrypted -I testencrypted -x b
|
|
expect = /successfully/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypted-file>
|
|
cmd = cat testdecrypted
|
|
expect = /${md5msg}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypt-self>
|
|
cmd = $pcp -V va -e -M -I testmessage -O testencryptedself -x a
|
|
expect = /Alicia/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-deencrypt-self>
|
|
cmd = $pcp -V va -d -I testencryptedself -O testdecrypted -x a
|
|
expect = /successfully/
|
|
</test>
|
|
</test>
|
|
|
|
#
|
|
# symetric encryption test
|
|
# FIXME: we currently use -V ve, but this one has to work without a vault
|
|
<test check-sym-encrypt>
|
|
cmd = echo HELLOWORLD | $pcp -V ve -e -O testsymencrypted -x a
|
|
expect = /symetrically/
|
|
</test>
|
|
<test check-sym-decrypt>
|
|
cmd = $pcp -V ve -d -I testsymencrypted -x a
|
|
expect = /HELLO/
|
|
</test>
|
|
|
|
#
|
|
# check usage of unencrypted secret key
|
|
<test vcl>
|
|
prepare = rm -f vb2 vcl
|
|
<test check-vcl-crypto-unencrypted-secret>
|
|
cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x "n/a"
|
|
expect = /added to/
|
|
</test>
|
|
|
|
<test check-vcl-prepare-import-bpub>
|
|
cmd = $pcp -V vcl -I key-bobby-pub -K
|
|
expect = /added/
|
|
</test>
|
|
|
|
<test check-vcl-export-unencrypted-pubkey>
|
|
cmd = $pcp -V vcl -p -O testkeyvcl
|
|
expect = /exported/
|
|
</test>
|
|
|
|
<test check-vcl-import-bsecret>
|
|
cmd = $pcp -V vb2 -K -I key-bobby-sec -x b
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-vcl-import-unencrypted-pubkey>
|
|
cmd = $pcp -V vb2 -K -I testkeyvcl
|
|
expect = /added/
|
|
</test>
|
|
|
|
<test check-vcl-crypto-unencrypted-secret-message>
|
|
cmd = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby}
|
|
expect = /Bobby/
|
|
</test>
|
|
|
|
<test check-vcl-crypto-unencrypted-secret-read>
|
|
cmd = $pcp -V vb2 -d -I testencrypted -x b
|
|
expect = /HALLO/
|
|
</test>
|
|
</test>
|
|
|
|
#
|
|
# signature tests
|
|
<test check-sign-detached-to-bobby>
|
|
cmd = $pcp -V va -g -I README -f testsig -x a
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-detached-signature>
|
|
cmd = $pcp -V vb -c -f testsig -I README -i $idalicia
|
|
expect = /verified/
|
|
</test>
|
|
<test check-verify-detached-signature-self>
|
|
cmd = $pcp -V va -c -f testsig -I README
|
|
expect = /verified/
|
|
</test>
|
|
<test check-sign-armored-to-bobby>
|
|
prepare = rm -f testsig
|
|
cmd = $pcp -V va -g -I README -O testsig -x a -z
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-armored-signature>
|
|
cmd = $pcp -V vb -c -I testsig -i $idalicia -z
|
|
expect = /verified/
|
|
</test>
|
|
<test check-verify-armored-signature-self>
|
|
cmd = $pcp -V va -c -I testsig -z
|
|
expect = /verified/
|
|
</test>
|
|
<test check-sign-bin-to-bobby>
|
|
prepare = rm -f testsig
|
|
cmd = $pcp -V va -g -I README -O testsig -x a
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-bin-signature>
|
|
cmd = $pcp -V vb -c -I testsig -i $idalicia
|
|
expect = /verified/
|
|
</test>
|
|
<test check-verify-bin-signature-self>
|
|
cmd = $pcp -V va -c -I testsig
|
|
expect = /verified/
|
|
</test>
|
|
|
|
#
|
|
# sign+encrypt tests
|
|
<test check-sign-crypt-to-bobby>
|
|
cmd = $pcp -V va -g -e -I README -O testsig -r Bobby -x a
|
|
expect = /Encrypted/
|
|
</test>
|
|
<test check-verify-decrypt-from-alicia>
|
|
cmd = $pcp -V vb -c -d -I testsig -x b
|
|
expect = /Verified/s
|
|
</test>
|
|
<test check-verify-decrypt-from-alicia-determine>
|
|
cmd = $pcp -V vb -d -I testsig -x b
|
|
expect = /Verified/s
|
|
</test>
|
|
|
|
#
|
|
# raw C test with prepared keys, message and cipher
|
|
<test check-raw-decrypt>
|
|
cmd = ./statictest
|
|
expect = /ok/
|
|
</test>
|
|
|
|
|
|
#
|
|
# negative tests, check for error handling
|
|
<test check-if-catch-conflicting-params>
|
|
cmd = $pcp -V $vault -K -K
|
|
expect = /invalid combination of commandline parameters/
|
|
</test>
|
|
|
|
<test check-infile-error>
|
|
cmd = $pcp -V $vault -I nonexist -K
|
|
expect = /Could not open input file nonexist/
|
|
</test>
|
|
|
|
<test check-import-without-id-error>
|
|
cmd = $pcp -V $vault -R
|
|
expect = /You need to specify a key id/
|
|
</test>
|
|
|
|
<test check-catch-invalid-short-keyid>
|
|
cmd = $pcp -V $vault -R -i 0x1
|
|
expect = /is too short/
|
|
</test>
|
|
|
|
<test check-catch-invalid-long-keyid>
|
|
cmd = $pcp -V $vault -R -i 0x1111111111111111111111111
|
|
expect = /is too long/
|
|
</test>
|
|
|
|
<test check-catch-invalid-long-keyid-without-0x>
|
|
cmd = $pcp -V $vault -R -i 11111111111111111
|
|
expect = /is too long/
|
|
</test>
|
|
|
|
<test check-catch-delete-nonexist>
|
|
cmd = $pcp -V $vault -R -i 0x0101010101010101
|
|
expect = /No key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-nonexistent-keyid>
|
|
cmd = $pcp -V $vault -s -i 0x0101010101010101
|
|
expect = /Could not find a secret key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-no-primary>
|
|
prepare = $pcp -V v2 -l # so we've got just an empty vault
|
|
cmd = $pcp -V v2 -s
|
|
expect = /no primary secret key in the vault/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-outfile-error>
|
|
cmd = $pcp -V $vault -l | grep primary |cut -d ' ' -f 1 \
|
|
| xargs $pcp -V $vault -s -O nonexistentdir/keyfile -i
|
|
expect = /Could not create output file nonexistentdir/
|
|
</test>
|
|
|
|
|
|
<test check-if-export-public-catch-nonexistent-keyid>
|
|
cmd = $pcp -V $vault -p -i 0x0101010101010101
|
|
expect = /Could not find a key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-public-catch-no-primary>
|
|
prepare = $pcp -V v3 -l # so we've got just an empty vault
|
|
cmd = $pcp -V v3 -p
|
|
expect = /no primary secret key in the vault/
|
|
</test>
|
|
|
|
<test check-if-export-public-catch-outfile-error>
|
|
prepare = $pcp -V $vault -K -I bart.pub
|
|
cmd = $pcp -V $vault -l | grep public | cut -d ' ' -f 1 \
|
|
| tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile
|
|
expect = /Could not create output file nonexistentdir/
|
|
</test>
|
|
|
|
<test check-if-catch-empty-input>
|
|
prepare = touch testfile-empty
|
|
cmd = $pcp -V $vault -K -I testfile-empty
|
|
expect = /file is empty/
|
|
</test>
|
|
|
|
<test check-if-catch-missing-newlines>
|
|
prepare = perl -e 'print "X" x 5000; print "\n"' > testfile-toolong
|
|
cmd = $pcp -V $vault -K -I testfile-toolong -x x
|
|
expect = /failed/
|
|
</test>
|
|
|
|
/*
|
|
* Currently disabled, because ZeroMQ's zmq_z85_decode() doesn't really
|
|
* catch invalid z85, it only checks the input length and not the actual
|
|
* encoding. Re-enable, once that bug is fixed.
|
|
<test check-if-catch-invalid-z85>
|
|
prepare = ./jot 30 | while read ignore; do \
|
|
echo XXXXXXXXXXXXXXXXXX; done > testfile-noz85
|
|
cmd = $pcp -V $vault -K -I testfile-noz85
|
|
expect = /could not decode input/
|
|
</test>
|
|
*/
|
|
|
|
<test check-if-catch-nokey-behind-z85>
|
|
prepare = ./jot 30 | while read ignore; do echo XXXXX; done \
|
|
| $pcp -z > testfile-nokey
|
|
cmd = $pcp -V $vault -K -I testfile-nokey -x x
|
|
expect = /failed/
|
|
</test>
|
|
|
|
<test check-if-sanity-catch-keyexists>
|
|
cmd = $pcp -V $vault -K -I bart.pub
|
|
expect = /there already exists a key/
|
|
</test>
|
|
|
|
<test check-if-catch-nokeys>
|
|
prepare = $pcp -V v3 -l
|
|
cmd = $pcp -V v3 -l
|
|
expect = /contain any keys so far/
|
|
</test>
|
|
|
|
<test invalid>
|
|
prepare = ./invalidkeys
|
|
|
|
<test check-testkey-wrong-version>
|
|
cmd = $pcp -V $vault -K -I testkey-wrong-version -x xxx
|
|
expect = /unknown key version/
|
|
</test>
|
|
|
|
<test check-testkey-wrong-serial>
|
|
cmd = $pcp -V $vault -K -I testkey-wrong-serial -x xxx
|
|
expect = /invalid serial number/
|
|
</test>
|
|
<test check-testkey-wrong-ctime>
|
|
cmd = $pcp -V $vault -K -I testkey-invalid-ctime -x xxx
|
|
expect = /invalid creation timestamp/
|
|
</test>
|
|
/*
|
|
<test check-testpubkey-wrong-type>
|
|
cmd = $pcp -V $vault -K -I testpubkey-wrong-type
|
|
expect = /key type is not PUBLIC/
|
|
</test>
|
|
|
|
<test check-testpubkey-wrong-version>
|
|
cmd = $pcp -V $vault -K -I testpubkey-wrong-version
|
|
expect = /unknown key version/
|
|
</test>
|
|
*/
|
|
</test>
|
|
|
|
<test check-vault-invalid-header>
|
|
prepare = ./invalidkeys
|
|
cmd = $pcp -V testvault-invalidheader -l
|
|
expect = /Unexpected vault file format/
|
|
</test>
|
|
|
|
<test check-vault-invalid-version>
|
|
cmd = $pcp -V testvault-invalidversion -l
|
|
expect = /Unexpected vault file format/
|
|
</test>
|
|
|
|
<test check-vault-invalid-itemtype>
|
|
cmd = $pcp -V testvault-invaliditemtype -l
|
|
expect = /invalid key type/
|
|
</test>
|
|
|
|
<test check-vault-invalid-keytype>
|
|
cmd = $pcp -V testvault-invalidkeytype -l
|
|
expect = /contain any keys so far./
|
|
</test>
|
|
|
|
|
|
|
|
|
|
#
|
|
# input handling tests
|
|
<test check-large-meta>
|
|
cmd = (./jot 300 | while read m; do echo -n m; done; echo $passwd) \
|
|
| $pcp -V $vault -k -x $passwd
|
|
expect = /Generated new secret key/
|
|
</test>
|
|
|
|
#
|
|
# fuzz tests
|
|
<test check-fuzz>
|
|
prepare = (echo F; echo F) | $pcp -V vfz -k -x $passwd; \
|
|
$pcp -V vfz -p -O testfuzzP.orig -x $passwd; \
|
|
$pcp -V vfz -s -O testfuzzS.orig -x $passwd;
|
|
<test check-fuzz-binary-pubkey>
|
|
loop = 30
|
|
prepare = while :; do \
|
|
cp testfuzzP.orig testfuzzP.pub; \
|
|
$mangle testfuzzP.pub; \
|
|
if ! diff testfuzzP.* > /dev/null 2>&1; then \
|
|
break; \
|
|
fi; \
|
|
done
|
|
cmd = echo no | $pcp -V vf -K -I testfuzzP.pub -x $passwd
|
|
expect = !/added/
|
|
</test>
|
|
<test check-fuzz-binary-seckey>
|
|
loop = 30
|
|
prepare = while :; do \
|
|
cp testfuzzS.orig testfuzzS.sec; \
|
|
$mangle testfuzzS.sec; \
|
|
if ! diff testfuzzS.* > /dev/null 2>&1; then \
|
|
break; \
|
|
fi; \
|
|
done
|
|
cmd = echo no | $pcp -V vf -K -I testfuzzS.sec -x $passwd
|
|
expect = !/added/
|
|
</test>
|
|
</test>
|
|
|
|
|
|
# checksum tests
|
|
<test checksums>
|
|
blake2 = 5baec1cad5bf54287028749d83f2bf3e3ed09f0ee38a233f35dbda1361c6a67fd824e17c86ee3a85181038eb44836c17c42e6beff17fdf997075417914056992
|
|
blake2auth = d7fff04bd63004f7a2ba914d9b2ccff22827230d3c546d97ebaa29cbe9fb2380b7948bc799486d512b4355c24f0cce423e746419098d4455af91898c4a06a5df
|
|
key = 9U3Dk2s
|
|
<test check-checksum-copying>
|
|
cmd = $pcp -C ../COPYING
|
|
expect = /$blake2/
|
|
</test>
|
|
<test check-checksum-authenticated-copying>
|
|
cmd = $pcp -x $key -C ../COPYING
|
|
expect = /$blake2auth/
|
|
</test>
|
|
<test check-checksum-copying-stdin>
|
|
cmd = $pcp -C < ../COPYING
|
|
expect = /$blake2/
|
|
</test>
|
|
<test check-checksum-multiple>
|
|
cmd = $pcp -C ../COPYING ../README
|
|
expect = /README/
|
|
</test>
|
|
</test>
|