Commit | Line | Data |
---|---|---|
8cae2567 MW |
1 | ### -*-autotest-*- |
2 | ### | |
3 | ### Test script for key-management | |
4 | ### | |
5 | ### (c) 2008 Straylight/Edgeware | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This file is part of Trivial IP Encryption (TrIPE). | |
11 | ### | |
12 | ### TrIPE is free software; you can redistribute it and/or modify | |
13 | ### it under the terms of the GNU General Public License as published by | |
14 | ### the Free Software Foundation; either version 2 of the License, or | |
15 | ### (at your option) any later version. | |
16 | ### | |
17 | ### TrIPE is distributed in the hope that it will be useful, | |
18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ### GNU General Public License for more details. | |
21 | ### | |
22 | ### You should have received a copy of the GNU General Public License | |
23 | ### along with TrIPE; if not, write to the Free Software Foundation, | |
24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | ||
26 | AT_SETUP([key management]) | |
27 | AT_KEYWORDS([keys python]) | |
28 | ||
29 | ###-------------------------------------------------------------------------- | |
30 | ### Make sure that this has a chance of working. | |
31 | ||
32 | AT_CHECK([ | |
33 | case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in | |
34 | "") ;; | |
35 | *) exit 77 ;; | |
36 | esac | |
37 | ]) | |
38 | ||
39 | AT_TESTED([curl key catsign rsync]) | |
40 | ||
41 | ###-------------------------------------------------------------------------- | |
42 | ### Create the initial environment. | |
43 | ||
44 | work=$(pwd) | |
45 | mkdir alice bob stage dist | |
46 | ||
47 | cd "$work"/alice | |
48 | ||
49 | cat <<EOF >tripe-keys.master | |
50 | ## Distribution parameters. | |
51 | base-url = file://$work/dist/ | |
52 | base-dir = $work/stage/ | |
53 | upload-hook = rsync -aI --delete $work/stage/ $work/dist/ | |
54 | ||
55 | ## Cryptographic parameters. | |
56 | kx = ec | |
57 | kx-expire = now + 1 year | |
58 | sig-fresh = 1 month ago | |
59 | sig-expire now + 1 year | |
60 | master-keygen-flags = | |
61 | ||
62 | ## Master key integrity. | |
63 | master-sequence = @MASTER-SEQUENCE@ | |
64 | hk-master = @HK-MASTER@ | |
65 | EOF | |
66 | ||
67 | ###-------------------------------------------------------------------------- | |
68 | ### Simple key establishment. | |
69 | ||
70 | ## Alice sets up her repository and generates a key. | |
71 | AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore]) | |
72 | AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore]) | |
73 | AT_CHECK([test -r peer-alice.pub]) | |
74 | cp peer-alice.pub repos/ | |
75 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
76 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
77 | ||
78 | ## Bob fetches a copy and generates his own key. | |
79 | cd "$work"/bob | |
80 | AT_CHECK([test -r "$work"/dist/tripe-keys.conf]) | |
81 | cp "$work"/dist/tripe-keys.conf . | |
82 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
83 | AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore]) | |
84 | AT_CHECK([test -r peer-bob.pub]) | |
85 | ||
86 | ## Alice collects Bob's key and installs it. | |
87 | cd "$work/alice" | |
88 | cp "$work"/bob/peer-bob.pub repos/ | |
89 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) | |
90 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
91 | ||
92 | ## Bob fetches the new update and checks that his key's there. | |
93 | cd "$work"/bob | |
94 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
95 | AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub]) | |
96 | ||
97 | ###-------------------------------------------------------------------------- | |
98 | ### Alice rolls over her master key. | |
99 | ||
100 | ## Alice generates a new master key and publishes it. | |
101 | cd "$work"/alice | |
102 | AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore]) | |
103 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
104 | ||
105 | cd "$work"/dist | |
106 | AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1]) | |
107 | ||
108 | ## Bob fetches a new copy. He gets warned that something unusual has | |
109 | ## happened. | |
110 | cd "$work"/bob | |
111 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore], | |
112 | [tripe-keys: configuration file changed: recommend running another update | |
113 | ]) | |
114 | ||
115 | ## Alice can now destroy her old master key. | |
116 | cd "$work"/alice | |
117 | AT_CHECK([key -kmaster delete master-0]) | |
118 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) | |
119 | ||
120 | ## This is OK because Bob has rolled over to the new key. | |
121 | cd "$work"/bob | |
122 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) | |
123 | ||
124 | ###-------------------------------------------------------------------------- | |
125 | ### Check good behaviour on signature verification failures. | |
126 | ||
127 | ## Corrupt the distribution tarball. | |
128 | cd "$work"/dist | |
129 | mkdir tmp | |
130 | cd tmp | |
131 | tar xfz ../tripe-keys.tar.gz | |
132 | touch repos/bogus-file | |
133 | tar cfz ../tripe-keys.tar.gz * | |
134 | ||
135 | ## Bob tries fetching again. The update will notice the problem; none of his | |
136 | ## files will change. | |
137 | cd "$work"/bob | |
138 | md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5 | |
139 | AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore]) | |
140 | AT_CHECK([md5sum -c old-state.md5],, [ignore]) | |
141 | ||
142 | ###----- That's all, folks -------------------------------------------------- | |
143 | ||
144 | AT_CLEANUP |