| 1 | ### -*-autotest-*- |
| 2 | ### |
| 3 | ### Test script for key-management |
| 4 | ### |
| 5 | ### (c) 2008 Straylight/Edgeware |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This file is part of Trivial IP Encryption (TrIPE). |
| 11 | ### |
| 12 | ### TrIPE is free software; you can redistribute it and/or modify |
| 13 | ### it under the terms of the GNU General Public License as published by |
| 14 | ### the Free Software Foundation; either version 2 of the License, or |
| 15 | ### (at your option) any later version. |
| 16 | ### |
| 17 | ### TrIPE is distributed in the hope that it will be useful, |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | ### GNU General Public License for more details. |
| 21 | ### |
| 22 | ### You should have received a copy of the GNU General Public License |
| 23 | ### along with TrIPE; if not, write to the Free Software Foundation, |
| 24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | |
| 26 | AT_SETUP([key management]) |
| 27 | AT_KEYWORDS([keys python]) |
| 28 | |
| 29 | ###-------------------------------------------------------------------------- |
| 30 | ### Make sure that this has a chance of working. |
| 31 | |
| 32 | AT_CHECK([ |
| 33 | case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in |
| 34 | "") ;; |
| 35 | *) exit 77 ;; |
| 36 | esac |
| 37 | ]) |
| 38 | |
| 39 | AT_TESTED([curl key catsign rsync]) |
| 40 | |
| 41 | ###-------------------------------------------------------------------------- |
| 42 | ### Create the initial environment. |
| 43 | |
| 44 | work=$(pwd) |
| 45 | mkdir alice bob stage dist |
| 46 | |
| 47 | cd "$work"/alice |
| 48 | |
| 49 | cat <<EOF >tripe-keys.master |
| 50 | ## Distribution parameters. |
| 51 | base-url = file://$work/dist/ |
| 52 | base-dir = $work/stage/ |
| 53 | upload-hook = rsync -aI --delete $work/stage/ $work/dist/ |
| 54 | |
| 55 | ## Cryptographic parameters. |
| 56 | kx = ec |
| 57 | kx-expire = now + 1 year |
| 58 | sig-fresh = 1 month ago |
| 59 | sig-expire now + 1 year |
| 60 | master-keygen-flags = |
| 61 | |
| 62 | ## Master key integrity. |
| 63 | master-sequence = @MASTER-SEQUENCE@ |
| 64 | hk-master = @HK-MASTER@ |
| 65 | EOF |
| 66 | |
| 67 | ###-------------------------------------------------------------------------- |
| 68 | ### Simple key establishment. |
| 69 | |
| 70 | ## Alice sets up her repository and generates a key. |
| 71 | AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore]) |
| 72 | AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore]) |
| 73 | AT_CHECK([test -r peer-alice.pub]) |
| 74 | cp peer-alice.pub repos/ |
| 75 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) |
| 76 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) |
| 77 | |
| 78 | ## Bob fetches a copy and generates his own key. |
| 79 | cd "$work"/bob |
| 80 | AT_CHECK([test -r "$work"/dist/tripe-keys.conf]) |
| 81 | cp "$work"/dist/tripe-keys.conf . |
| 82 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) |
| 83 | AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore]) |
| 84 | AT_CHECK([test -r peer-bob.pub]) |
| 85 | |
| 86 | ## Alice collects Bob's key and installs it. |
| 87 | cd "$work/alice" |
| 88 | cp "$work"/bob/peer-bob.pub repos/ |
| 89 | AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore]) |
| 90 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) |
| 91 | |
| 92 | ## Bob fetches the new update and checks that his key's there. |
| 93 | cd "$work"/bob |
| 94 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) |
| 95 | AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub]) |
| 96 | |
| 97 | ###-------------------------------------------------------------------------- |
| 98 | ### Alice rolls over her master key. |
| 99 | |
| 100 | ## Alice generates a new master key and publishes it. |
| 101 | cd "$work"/alice |
| 102 | AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore]) |
| 103 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) |
| 104 | |
| 105 | cd "$work"/dist |
| 106 | AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1]) |
| 107 | |
| 108 | ## Bob fetches a new copy. He gets warned that something unusual has |
| 109 | ## happened. |
| 110 | cd "$work"/bob |
| 111 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore], |
| 112 | [tripe-keys: configuration file changed: recommend running another update |
| 113 | ]) |
| 114 | |
| 115 | ## Alice can now destroy her old master key. |
| 116 | cd "$work"/alice |
| 117 | AT_CHECK([key -kmaster delete master-0]) |
| 118 | AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore]) |
| 119 | |
| 120 | ## This is OK because Bob has rolled over to the new key. |
| 121 | cd "$work"/bob |
| 122 | AT_CHECK([BUILDDIR/tripe-keys update],, [ignore]) |
| 123 | |
| 124 | ###-------------------------------------------------------------------------- |
| 125 | ### Check good behaviour on signature verification failures. |
| 126 | |
| 127 | ## Corrupt the distribution tarball. |
| 128 | cd "$work"/dist |
| 129 | mkdir tmp |
| 130 | cd tmp |
| 131 | tar xfz ../tripe-keys.tar.gz |
| 132 | touch repos/bogus-file |
| 133 | tar cfz ../tripe-keys.tar.gz * |
| 134 | |
| 135 | ## Bob tries fetching again. The update will notice the problem; none of his |
| 136 | ## files will change. |
| 137 | cd "$work"/bob |
| 138 | md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5 |
| 139 | AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore]) |
| 140 | AT_CHECK([md5sum -c old-state.md5],, [ignore]) |
| 141 | |
| 142 | ###----- That's all, folks -------------------------------------------------- |
| 143 | |
| 144 | AT_CLEANUP |