mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 03:50:57 +01:00
e033df7156
now we padd with zeroes as usual but append 4 bytes to the raw input, the last one indicates the pad count. It's always present, even if no padding occurred (the pad blob will then read 0000). This fixes the issue of earlier versions where trailing zeroes in the original input (between block boundaries) have been removed. Since we now add the pad counter, we know how many zeroes to remove. If the original chunk already ended with zeroes they will left untouched. Re-created all test keys/data to match the change. Also, the pcp_z85_encode() function now haves another flag doblock. If set to 1, the function does the 72 chars per line block creation itself, otherwise it just returns the z85 string without any newlines added. Required by pcpstream class.
580 lines
14 KiB
HTML
580 lines
14 KiB
HTML
# -*-html-*-
|
|
#
|
|
# This file is part of Pretty Curved Privacy (pcp1).
|
|
#
|
|
# Copyright (C) 2013 T.Linden.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# You can contact me by mail: <tlinden AT cpan DOT org>.
|
|
#
|
|
|
|
pcp = ../src/pcp1
|
|
vault = v1
|
|
passwd = xxx
|
|
md5msg = 66b8c4ca9e5d2a7e3c0559c3cdea3d50
|
|
mangle = ./mangle
|
|
verbose = 1
|
|
include keys.cfg
|
|
|
|
<test check-dependencies>
|
|
<test check-dependencies-pcp>
|
|
cmd = ls $pcp
|
|
expect = /pcp/
|
|
</test>
|
|
</test>
|
|
|
|
|
|
<test check-streams>
|
|
<test check-streams-8>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 8 e < ../COPYING | ./pipetest 8 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-16>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 16 e < ../COPYING | ./pipetest 16 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-32>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 32 e < ../COPYING | ./pipetest 32 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
<test check-streams-64>
|
|
md5 = `./md5 ../COPYING`
|
|
cmd = ./pipetest 64 e < ../COPYING | ./pipetest 64 d | ./md5
|
|
expect = /$md5/
|
|
</test>
|
|
</test>
|
|
|
|
<test check-z85>
|
|
<test check-z85-1-compliant>
|
|
cmd = ./decodertest 1
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-2-compliant-no-newlines>
|
|
cmd = ./decodertest 2
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-3-compliant-no-begin-header>
|
|
cmd = ./decodertest 3
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-4-uncompliant-empty-comment>
|
|
cmd = ./decodertest 4
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-z85-5-uncompliant-missing-char>
|
|
cmd = ./decodertest 5
|
|
expect = /ok/
|
|
</test>
|
|
</test>
|
|
|
|
<test check-show-help>
|
|
cmd = $pcp -h
|
|
expect = /export/
|
|
</test>
|
|
|
|
<test check-if-fail-without-vault>
|
|
prepare = rm -f $vault
|
|
cmd = $pcp -V $vault -l
|
|
expect = /doesn't contain any keys so far/
|
|
</test>
|
|
|
|
<test check-generate-secret-key>
|
|
cmd = $pcp -V $vault -k -x $passwd
|
|
input = <<EOF
|
|
Dexter Morgan
|
|
dxmorg@florida.cops.gov
|
|
EOF
|
|
expect = /Generated new secret key/
|
|
</test>
|
|
|
|
|
|
<test check-if-vault-contains-secret>
|
|
cmd = $pcp -V $vault -l
|
|
expect = /Dexter Morgan/
|
|
</test>
|
|
|
|
<test check-secret-key-info>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -t -i
|
|
expect = /Serial Number/
|
|
</test>
|
|
|
|
<test check-export-public-key>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -z -i
|
|
expect = /PUBLIC KEY/
|
|
</test>
|
|
|
|
<test check-export-public-key-tofile>
|
|
cmd = $pcp -V $vault -l | tail -1 | cut -d ' ' -f 1 | xargs $pcp -V $vault -p -x $passwd -O testkey-self -i
|
|
expect-file = testkey-self
|
|
</test>
|
|
|
|
<test check-export-public-key-filecontent>
|
|
cmd = /usr/bin/true # file is already there
|
|
expect-file-contains = testkey-self Dexter
|
|
</test>
|
|
|
|
<test check-import-public-key>
|
|
cmd = $pcp -V $vault -K -I bart.pub
|
|
expect = /key $bartid added/
|
|
</test>
|
|
|
|
<test check-imported-public-key-info>
|
|
cmd = $pcp -V $vault -t -i $bartid
|
|
expect = /Serial Number: $bartserial/
|
|
</test>
|
|
|
|
<test check-if-delete-public-key-works>
|
|
cmd = $pcp -V $vault -R -i $bartid
|
|
expect = /Public key deleted/
|
|
</test>
|
|
|
|
<test check-if-vault-still-valid>
|
|
cmd = $pcp -V $vault -t
|
|
expect = /Vault version: 00000002/
|
|
</test>
|
|
|
|
<test check-if-deleted-public-key-is-away>
|
|
cmd = $pcp -V $vault -t
|
|
expect = /Public keys: 0/
|
|
</test>
|
|
|
|
|
|
#
|
|
# test file determination
|
|
/* doesnt work currently, disabled.
|
|
<test check-determine-pub>
|
|
cmd = $pcp -t -I unknown1
|
|
expect = /Niemand/
|
|
</test>
|
|
|
|
<test check-determine-sec>
|
|
cmd = $pcp -t -I unknown2
|
|
expect = /secret key/
|
|
</test>
|
|
*/
|
|
<test check-determine-empty-vault>
|
|
cmd = $pcp -t -I unknown3
|
|
expect = /empty/
|
|
</test>
|
|
/*
|
|
temporarily disabled
|
|
<test check-determine-encrypted-file>
|
|
cmd = $pcp -t -I unknown4
|
|
expect = /encrypted/
|
|
</test>
|
|
*/
|
|
#
|
|
# encryption tests
|
|
<test check-crypto-alicia-init>
|
|
# alicias part
|
|
prepare = echo ${md5msg} > testmessage
|
|
<test check-crypto-alicia-import-secret>
|
|
cmd = $pcp -V va -K -I key-alicia-sec -x a
|
|
expect = /${idalicia}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-import-bobbys-key>
|
|
cmd = $pcp -V va -K -I key-bobby-pub
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypt>
|
|
cmd = $pcp -V va -e -i ${idbobby} -I testmessage -O testencrypted -x a
|
|
expect = /for ${idbobby} successfully/
|
|
</test>
|
|
</test>
|
|
|
|
<test check-crypto-bobby-init>
|
|
# bobbys part
|
|
<test check-crypto-bobby-import-secret>
|
|
cmd = $pcp -V vb -K -I key-bobby-sec -x b
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-import-alicias-key>
|
|
cmd = $pcp -V vb -K -I key-alicia-pub
|
|
expect = /${idalicia}/
|
|
</test>
|
|
|
|
<test check-crypto-bobby-decrypt>
|
|
cmd = $pcp -V vb -d -O testdecrypted -I testencrypted -x b
|
|
expect = /successfully/
|
|
</test>
|
|
|
|
<test check-crypto-alicia-encrypted-file>
|
|
cmd = cat testdecrypted
|
|
expect = /${md5msg}/
|
|
</test>
|
|
</test>
|
|
|
|
#
|
|
# symetric encryption test
|
|
# FIXME: we currently use -V ve, but this one has to work without a vault
|
|
<test check-sym-encrypt>
|
|
cmd = echo HELLOWORLD | $pcp -V ve -e -O testsymencrypted -x a
|
|
expect = /symetrically/
|
|
</test>
|
|
<test check-sym-decrypt>
|
|
cmd = $pcp -V ve -d -I testsymencrypted -x a
|
|
expect = /HELLO/
|
|
</test>
|
|
|
|
#
|
|
# check usage of unencrypted secret key
|
|
<test vcl>
|
|
prepare = rm -f vb2 vcl
|
|
<test check-vcl-crypto-unencrypted-secret>
|
|
cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x "n/a"
|
|
expect = /added to/
|
|
</test>
|
|
|
|
<test check-vcl-crypto-unencrypted-secret-yaml>
|
|
cmd = $pcp -V vcl -y
|
|
expect = /encrypted: no/
|
|
</test>
|
|
|
|
<test check-vcl-prepare-import-bpub>
|
|
cmd = $pcp -V vcl -I key-bobby-pub -K
|
|
expect = /added/
|
|
</test>
|
|
|
|
<test check-vcl-export-unencrypted-pubkey>
|
|
cmd = $pcp -V vcl -p -O testkeyvcl
|
|
expect = /exported/
|
|
</test>
|
|
|
|
<test check-vcl-import-bsecret>
|
|
cmd = $pcp -V vb2 -K -I key-bobby-sec -x b
|
|
expect = /${idbobby}/
|
|
</test>
|
|
|
|
<test check-vcl-import-unencrypted-pubkey>
|
|
cmd = $pcp -V vb2 -K -I testkeyvcl
|
|
expect = /added/
|
|
</test>
|
|
|
|
<test check-vcl-crypto-unencrypted-secret-message>
|
|
cmd = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby}
|
|
expect = /success/
|
|
</test>
|
|
|
|
<test check-vcl-crypto-unencrypted-secret-read>
|
|
cmd = $pcp -V vb2 -d -I testencrypted -x b
|
|
expect = /HALLO/
|
|
</test>
|
|
</test>
|
|
|
|
#
|
|
# signature tests
|
|
<test check-sign-detached-to-bobby>
|
|
cmd = $pcp -V va -g -I README -f testsig -x a
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-detached-signature>
|
|
cmd = $pcp -V vb -c -f testsig -I README -i $idalicia
|
|
expect = /verified/
|
|
</test>
|
|
<test check-sign-armored-to-bobby>
|
|
prepare = rm -f testsig
|
|
cmd = $pcp -V va -g -I README -O testsig -x a -z
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-armored-signature>
|
|
cmd = $pcp -V vb -c -I testsig -i $idalicia -z
|
|
expect = /verified/
|
|
</test>
|
|
<test check-sign-bin-to-bobby>
|
|
prepare = rm -f testsig
|
|
cmd = $pcp -V va -g -I README -O testsig -x a
|
|
expect-file testsig
|
|
</test>
|
|
<test check-verify-bin-signature>
|
|
cmd = $pcp -V vb -c -I testsig -i $idalicia
|
|
expect = /verified/
|
|
</test>
|
|
|
|
#
|
|
# sign+encrypt tests
|
|
<test check-sign-crypt-to-bobby>
|
|
cmd = $pcp -V va -g -e -I README -O testsig -r Bobby -x a
|
|
expect = /Encrypted/
|
|
</test>
|
|
<test check-verify-decrypt-from-alicia>
|
|
cmd = $pcp -V vb -c -d -I testsig -x b
|
|
expect = /Verified/s
|
|
</test>
|
|
<test check-verify-decrypt-from-alicia-determine>
|
|
cmd = $pcp -V vb -d -I testsig -x b
|
|
expect = /Verified/s
|
|
</test>
|
|
|
|
#
|
|
# yaml export test
|
|
<test check-export-yaml>
|
|
cmd = $pcp -V va -y | perl -Ilib -MYAML -MData::Dumper -e "print Dumper(Load(join('',<>)))"
|
|
expect = /VAR1/
|
|
</test>
|
|
|
|
#
|
|
# raw C test with prepared keys, message and cipher
|
|
<test check-raw-decrypt>
|
|
cmd = ./statictest
|
|
expect = /ok/
|
|
</test>
|
|
|
|
|
|
#
|
|
# negative tests, check for error handling
|
|
<test check-if-catch-conflicting-params>
|
|
cmd = $pcp -V $vault -K -K
|
|
expect = /invalid combination of commandline parameters/
|
|
</test>
|
|
|
|
<test check-infile-error>
|
|
cmd = $pcp -V $vault -I nonexist -K
|
|
expect = /Could not open input file nonexist/
|
|
</test>
|
|
|
|
<test check-import-without-id-error>
|
|
cmd = $pcp -V $vault -R
|
|
expect = /You need to specify a key id/
|
|
</test>
|
|
|
|
<test check-catch-invalid-short-keyid>
|
|
cmd = $pcp -V $vault -R -i 0x1
|
|
expect = /is too short/
|
|
</test>
|
|
|
|
<test check-catch-invalid-long-keyid>
|
|
cmd = $pcp -V $vault -R -i 0x1111111111111111111111111
|
|
expect = /is too long/
|
|
</test>
|
|
|
|
<test check-catch-invalid-long-keyid-without-0x>
|
|
cmd = $pcp -V $vault -R -i 11111111111111111
|
|
expect = /is too long/
|
|
</test>
|
|
|
|
<test check-catch-delete-nonexist>
|
|
cmd = $pcp -V $vault -R -i 0x0101010101010101
|
|
expect = /No key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-nonexistent-keyid>
|
|
cmd = $pcp -V $vault -s -i 0x0101010101010101
|
|
expect = /Could not find a secret key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-no-primary>
|
|
prepare = $pcp -V v2 -l # so we've got just an empty vault
|
|
cmd = $pcp -V v2 -s
|
|
expect = /no primary secret key in the vault/
|
|
</test>
|
|
|
|
<test check-if-export-secret-catch-outfile-error>
|
|
cmd = $pcp -V $vault -l | grep primary |cut -d ' ' -f 1 \
|
|
| xargs $pcp -V $vault -s -O nonexistentdir/keyfile -i
|
|
expect = /Could not create output file nonexistentdir/
|
|
</test>
|
|
|
|
|
|
<test check-if-export-public-catch-nonexistent-keyid>
|
|
cmd = $pcp -V $vault -p -i 0x0101010101010101
|
|
expect = /Could not find a key with id 0x010101/
|
|
</test>
|
|
|
|
<test check-if-export-public-catch-no-primary>
|
|
prepare = $pcp -V v3 -l # so we've got just an empty vault
|
|
cmd = $pcp -V v3 -p
|
|
expect = /no primary secret key in the vault/
|
|
</test>
|
|
|
|
<test check-if-export-public-catch-outfile-error>
|
|
prepare = $pcp -V $vault -K -I bart.pub
|
|
cmd = $pcp -V $vault -l | grep public | cut -d ' ' -f 1 \
|
|
| tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile
|
|
expect = /Could not create output file nonexistentdir/
|
|
</test>
|
|
|
|
<test check-if-catch-empty-input>
|
|
prepare = touch testfile-empty
|
|
cmd = $pcp -V $vault -K -I testfile-empty
|
|
expect = /file is empty/
|
|
</test>
|
|
|
|
<test check-if-catch-missing-newlines>
|
|
prepare = perl -e 'print "X" x 5000; print "\n"' > testfile-toolong
|
|
cmd = $pcp -V $vault -K -I testfile-toolong -x x
|
|
expect = /failed/
|
|
</test>
|
|
|
|
/*
|
|
* Currently disabled, because ZeroMQ's zmq_z85_decode() doesn't really
|
|
* catch invalid z85, it only checks the input length and not the actual
|
|
* encoding. Re-enable, once that bug is fixed.
|
|
<test check-if-catch-invalid-z85>
|
|
prepare = ./jot 30 | while read ignore; do \
|
|
echo XXXXXXXXXXXXXXXXXX; done > testfile-noz85
|
|
cmd = $pcp -V $vault -K -I testfile-noz85
|
|
expect = /could not decode input/
|
|
</test>
|
|
*/
|
|
|
|
<test check-if-catch-nokey-behind-z85>
|
|
prepare = ./jot 30 | while read ignore; do echo XXXXX; done \
|
|
| $pcp -z > testfile-nokey
|
|
cmd = $pcp -V $vault -K -I testfile-nokey -x x
|
|
expect = /failed/
|
|
</test>
|
|
|
|
<test check-if-sanity-catch-keyexists>
|
|
cmd = $pcp -V $vault -K -I bart.pub
|
|
expect = /there already exists a key/
|
|
</test>
|
|
|
|
<test check-if-catch-nokeys>
|
|
prepare = $pcp -V v3 -l
|
|
cmd = $pcp -V v3 -l
|
|
expect = /contain any keys so far/
|
|
</test>
|
|
|
|
<test invalid>
|
|
prepare = ./invalidkeys
|
|
|
|
<test check-testkey-wrong-version>
|
|
cmd = $pcp -V $vault -K -I testkey-wrong-version -x xxx
|
|
expect = /unknown key version/
|
|
</test>
|
|
|
|
<test check-testkey-wrong-serial>
|
|
cmd = $pcp -V $vault -K -I testkey-wrong-serial -x xxx
|
|
expect = /invalid serial number/
|
|
</test>
|
|
<test check-testkey-wrong-ctime>
|
|
cmd = $pcp -V $vault -K -I testkey-invalid-ctime -x xxx
|
|
expect = /invalid creation timestamp/
|
|
</test>
|
|
/*
|
|
<test check-testpubkey-wrong-type>
|
|
cmd = $pcp -V $vault -K -I testpubkey-wrong-type
|
|
expect = /key type is not PUBLIC/
|
|
</test>
|
|
|
|
<test check-testpubkey-wrong-version>
|
|
cmd = $pcp -V $vault -K -I testpubkey-wrong-version
|
|
expect = /unknown key version/
|
|
</test>
|
|
*/
|
|
</test>
|
|
|
|
<test check-vault-invalid-header>
|
|
prepare = ./invalidkeys
|
|
cmd = $pcp -V testvault-invalidheader -l
|
|
expect = /Unexpected vault file format/
|
|
</test>
|
|
|
|
<test check-vault-invalid-version>
|
|
cmd = $pcp -V testvault-invalidversion -l
|
|
expect = /Unexpected vault file format/
|
|
</test>
|
|
|
|
<test check-vault-invalid-itemtype>
|
|
cmd = $pcp -V testvault-invaliditemtype -l
|
|
expect = /invalid key type/
|
|
</test>
|
|
|
|
<test check-vault-invalid-keytype>
|
|
cmd = $pcp -V testvault-invalidkeytype -l
|
|
expect = /contain any keys so far./
|
|
</test>
|
|
|
|
|
|
|
|
|
|
#
|
|
# input handling tests
|
|
<test check-large-meta>
|
|
cmd = (./jot 300 | while read m; do echo -n m; done; echo xxx) \
|
|
| $pcp -V $vault -k -x $passwd
|
|
expect = /Generated new secret key/
|
|
</test>
|
|
|
|
#
|
|
# fuzz tests
|
|
<test check-fuzz>
|
|
prepare = (echo F; echo F) | $pcp -V vfz -k -x a; \
|
|
$pcp -V vfz -p -O testfuzzP.orig -x a; \
|
|
$pcp -V vfz -s -O testfuzzS.orig -x a;
|
|
<test check-fuzz-binary-pubkey>
|
|
loop = 30
|
|
prepare = while :; do \
|
|
cp testfuzzP.orig testfuzzP.pub; \
|
|
$mangle testfuzzP.pub; \
|
|
if ! diff testfuzzP.* > /dev/null 2>&1; then \
|
|
break; \
|
|
fi; \
|
|
done
|
|
cmd = echo no | $pcp -V vf -K -I testfuzzP.pub -x a
|
|
expect = !/added/
|
|
</test>
|
|
<test check-fuzz-binary-seckey>
|
|
loop = 30
|
|
prepare = while :; do \
|
|
cp testfuzzS.orig testfuzzS.sec; \
|
|
$mangle testfuzzS.sec; \
|
|
if ! diff testfuzzS.* > /dev/null 2>&1; then \
|
|
break; \
|
|
fi; \
|
|
done
|
|
cmd = echo no | $pcp -V vf -K -I testfuzzS.sec -x a
|
|
expect = !/added/
|
|
</test>
|
|
</test>
|
|
|
|
|
|
#
|
|
# test the c++ api
|
|
<test check-cpp-crypto>
|
|
cmd = ./cpptest 0
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-cpp-vault>
|
|
cmd = ./cpptest 1
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-cpp-import-pub>
|
|
cmd = ./cpptest 2
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-cpp-signature>
|
|
cmd = ./cpptest 3
|
|
expect = /ok/
|
|
</test>
|
|
|
|
<test check-buffer>
|
|
cmd = ./cpptest 4
|
|
expect = /ok/
|
|
</test>
|