tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE

commit 8d0c8e51e840744e02b8303599f85b6f4e6e0e7e
parent 8e9fc7e8030a8bf9305f7ca92e18fb3bb41c90ef
Author: Jaromil <jaromil@dyne.org>
Date:   Wed, 12 Jun 2013 13:36:50 +0200

Brand new test suite

this test suite can be called by 'make test' and checks basic functions
plus KDF, STEGHIDE and RESIZE. It works creating files in /tmp/*tomb*

Diffstat:
Dextras/test/kdf.test.sh | 13-------------
Dextras/test/kdf_null.test.sh | 9---------
Dextras/test/passwd.test.sh | 27---------------------------
Mextras/test/runtests | 92+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
Dextras/test/testall.sh | 48------------------------------------------------
Dextras/test/utils.sh | 17-----------------
6 files changed, 83 insertions(+), 123 deletions(-)

diff --git a/extras/test/kdf.test.sh b/extras/test/kdf.test.sh @@ -1,13 +0,0 @@ -rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3 -sudo -k -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 --kdf pbkdf2 >&4 2>&4 || echo error creating: $? >&3 -egrep '^_KDF_pbkdf2sha1_' /tmp/kdf.tomb.key >&4 2>&4 || echo error tomb kdf header >&3 -sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/kdf.tomb >&4 2>&4 || echo error creating: $? >&3 -../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3 -../tomb --no-color list --get-mountpoint kdf >&4 || echo error listing specific: $? >&3 -mountpoint=`../tomb --no-color list --get-mountpoint kdf` -df $mountpoint >&4 || echo error df: $? >&3 - -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close kdf >&4 2>&4 || echo error closing: $? >&3 - diff --git a/extras/test/kdf_null.test.sh b/extras/test/kdf_null.test.sh @@ -1,9 +0,0 @@ -rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3 -sudo -k -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 --kdf null >&4 2>&4 || echo "error creating (with --kdf null): $?" >&3 -egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (--kdf=null), shouldn't" >&3 -sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3 -rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 >&4 2>&4 || echo "error creating (without --kdf): $?" >&3 -egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (no --kdf), shouldn't" >&3 -sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3 diff --git a/extras/test/passwd.test.sh b/extras/test/passwd.test.sh @@ -1,27 +0,0 @@ -rm /tmp/asd.tomb{,.key} -f || exit 1 -{ -sudo -k -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3 -sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3 -#checking wrong&correct password -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing1 $? >&3 -#now changing password -../tomb --no-color --unsecure-dev-mode --tomb-old-pwd f00za --tomb-pwd n3w passwd /tmp/asd.tomb.key >&4 2>&4 || echo error changing password: $? >&3 -#checking it all -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful after passwd >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 && echo error: open with old password is successful >&3 -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd n3w open /tmp/asd.tomb >&4 2>&4 || echo error opening after new password: $? >&3 - -../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3 -../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3 -mountpoint=`../tomb --no-color list --get-mountpoint asd` -df $mountpoint >&4 || echo error df: $? >&3 - -../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing2: $? >&3 -} always { - rm /tmp/asd.tomb{,.key} -f -} - - diff --git a/extras/test/runtests b/extras/test/runtests @@ -9,19 +9,37 @@ notice() { print; yes "${@}"; print; } error() { _warning " ${@}"; } tt() { start_loops=(`sudo losetup -a |cut -d: -f1`) + start_temps=(`find /dev/shm -name 'tomb*'`) ${T} ${=@} res=$? loops=(`sudo losetup -a |cut -d: -f1`) - { test "${#start_loops}" = "${#loops}" } || { error "loop device limit change to ${#loops}" } + temps=(`find /dev/shm -name 'tomb*'`) + + { test "${#start_loops}" = "${#loops}" } || { + error "loop device usage change to ${#loops}" } + { test "${#start_temps}" = "${#temps}" } || { + error "temp files usage change to ${#temps}" } print " Tomb command returns $res" return $res } +# check for auxiliary programs +KDF=1 +STEGHIDE=1 +RESIZER=1 +command -v steghide > /dev/null || STEGHIDE=0 +command -v e2fsck resize2fs > /dev/null || RESIZER=0 +command -v tomb-kdb-pbkdf2 > /dev/null || KDF=0 + + typeset -A results -tests=(dig forge lock badpass open close resize chksum bind) +tests=(dig forge lock badpass open close chksum bind) +{ test $RESIZER = 1 } && { tests+=(resize) } +{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) } +{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen) } +sudo rm -f /tmp/test.tomb{,.key} -rm /tmp/test.tomb{,.key} -f || exit 1 startloops=(`sudo losetup -a |cut -d: -f1`) @@ -72,12 +90,16 @@ tt --unsecure-dev-mode close test { test $? = 0 } && { results+=(close SUCCESS) } +{ test $RESIZER = 1 } && { + notice "Testing resize to 30 MiB" + + tt --unsecure-dev-mode --tomb-pwd f00za -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30 + + { test $? = 0 } && { results+=(resize SUCCESS) } -notice "Testing resize to 30 MiB" - -tt --unsecure-dev-mode --tomb-pwd f00za -k /tmp/test.tomb.key resize /tmp/test.tomb -s 30 +} -{ test $? = 0 } && { results+=(resize SUCCESS) } +notice "Testing contents integrity" ${T} --unsecure-dev-mode --tomb-pwd f00za open /tmp/test.tomb @@ -108,8 +130,58 @@ rm /media/test.tomb/bind-hooks rm /media/test.tomb/test-$rnd tt close test -# rm /tmp/test.tomb{,.key} -f || exit 1 +{ test $KDF = 1 } && { + + notice "Testing KDF key" + sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb + + tt --unsecure-dev-mode --tomb-pwd f00za --use-urandom --kdf 1 forge /tmp/test.tomb.kdf + + { test $? = 0 } && { results+=(kdforge SUCCESS) } + + tt --unsecure-dev-mode --tomb-pwd f00za --kdf 1 passwd /tmp/test.tomb.kdf + + { test $? = 0 } && { results+=(kdfpass SUCCESS) } + + ${T} dig -s 10 /tmp/kdf.tomb + + tt --ignore-swap --unsecure-dev-mode --tomb-pwd f00za lock /tmp/kdf.tomb -k /tmp/test.tomb.kdf + + { test $? = 0 } && { results+=(kdflock SUCCESS) } + + tt --ignore-swap --unsecure-dev-mode --tomb-pwd f00za open /tmp/kdf.tomb -k /tmp/test.tomb.kdf + + { test $? = 0 } && { results+=(kdfopen SUCCESS) } + + ${T} close kdf + +} + +{ test $STEGHIDE = 1 } && { + + notice "Testing steganographic hiding of keys" + + cp -f arditi.jpg /tmp/tomb.jpg + sudo rm -f /tmp/test.steg.key + + tt --unsecure-dev-mode --tomb-pwd f00za bury -k /tmp/test.tomb.key /tmp/tomb.jpg + + { test $? = 0 } && { results+=(stgin SUCCESS) } + + tt --unsecure-dev-mode --tomb-pwd f00za exhume -k /tmp/test.steg.key /tmp/tomb.jpg + + { test $? = 0 } && { results+=(stgout SUCCESS) } + + tt --unsecure-dev-mode --tomb-pwd f00za open -k /tmp/test.steg.key /tmp/test.tomb + + { test $? = 0 } && { results+=(stgopen SUCCESS) } + + ${T} close test +} + +# rm /tmp/test.tomb{,.key} -f || exit 1 + endloops=(`sudo losetup -a |cut -d: -f1`) notice "Test results summary" @@ -121,4 +193,6 @@ for t in $tests; do done print "${#endloops} loop devices busy at end" - +print "Done. You can remove temporary leftovers from /tmp :" +for i in `find /tmp -name '*tomb*' 2>/dev/null`; do ls -lh $i; done +return 0 diff --git a/extras/test/testall.sh b/extras/test/testall.sh @@ -1,48 +0,0 @@ -#!/usr/bin/env zsh - -test_file() { - t=$1 - echo -n "$fg[yellow]$t start test... $fg[default]" - sudo_pwd=$sudo_pwd source $t 3> /tmp/tomb_test_errorlog 4> /tmp/tomb_test_fulllog - ret=$? - if [[ `stat -c '%s' /tmp/tomb_test_errorlog` == 0 ]]; then - echo "$fg[green] OK$fg[default]" - else - echo "$fg[red] ERRORS$fg[default]" - < /tmp/tomb_test_errorlog - rm /tmp/tomb_test_errorlog -#TODO: make it optional! -echo "\n--- Full log (for $t) ---\n" - < /tmp/tomb_test_fulllog - rm /tmp/tomb_test_fulllog - return 1 - fi - return 0 -} - -source utils.sh -if [[ -z $sudo_pwd ]]; then - echo "WARNING: sudo_pwd is probably needed by some test" -fi -rm /tmp/tomb_test_errorlog -f &> /dev/null -has_err=0 -autoload colors -colors -if [[ $# == 0 ]]; then - for t in *.test.sh; do - test_file $t - if [[ $? != 0 ]]; then - has_err=$? - fi - done -else - for t in "$@"; do - test_file $t - if [[ $? != 0 ]]; then - has_err=$? - fi - done -fi -exit $has_err - - diff --git a/extras/test/utils.sh b/extras/test/utils.sh @@ -1,17 +0,0 @@ -sanity_tomb() { - tombsize=`stat $1 -c '%s'` - if [[ $tombsize -ge 12000000 ]] || [[ $tombsize -le 9000000 ]]; then - echo "Error: tomb size is wrong: $tombsize" - return 1 - fi - keysize=`stat ${1}.key -c '%s'` - if [[ $keysize -le 400 ]]; then - echo "Error: key size is wrong: $keysize" - return 2 - fi - keytype=`file =(egrep -v '^_' ${1}.key) -bi` - if ! [[ $keytype =~ application/pgp ]]; then - echo "Wrong type for keyfile" - return 3 - fi -}