3 ### Test script for key-management
5 ### (c) 2008 Straylight/Edgeware
8 ###----- Licensing notice ---------------------------------------------------
10 ### This file is part of Trivial IP Encryption (TrIPE).
12 ### TrIPE is free software; you can redistribute it and/or modify
13 ### it under the terms of the GNU General Public License as published by
14 ### the Free Software Foundation; either version 2 of the License, or
15 ### (at your option) any later version.
17 ### TrIPE is distributed in the hope that it will be useful,
18 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
19 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 ### GNU General Public License for more details.
22 ### You should have received a copy of the GNU General Public License
23 ### along with TrIPE; if not, write to the Free Software Foundation,
24 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 AT_SETUP([key management])
27 AT_KEYWORDS([keys python])
29 ###--------------------------------------------------------------------------
30 ### Make sure that this has a chance of working.
33 case "$HAVE_PYTHON_TRUE$HAVE_PYCATACOMB_TRUE" in
39 AT_TESTED([curl key catsign rsync])
41 ###--------------------------------------------------------------------------
42 ### Create the initial environment.
45 mkdir alice bob stage dist
49 cat <<EOF >tripe-keys.master
50 ## Distribution parameters.
51 base-url = file://$work/dist/
52 base-dir = $work/stage/
53 upload-hook = rsync -aI --delete $work/stage/ $work/dist/
55 ## Cryptographic parameters.
57 kx-expire = now + 1 year
58 sig-fresh = 1 month ago
59 sig-expire now + 1 year
62 ## Master key integrity.
63 master-sequence = @MASTER-SEQUENCE@
64 hk-master = @HK-MASTER@
67 ###--------------------------------------------------------------------------
68 ### Simple key establishment.
70 ## Alice sets up her repository and generates a key.
71 AT_CHECK([BUILDDIR/tripe-keys setup && test -d repos],, [ignore])
72 AT_CHECK([BUILDDIR/tripe-keys generate alice],, [ignore])
73 AT_CHECK([test -r peer-alice.pub])
74 cp peer-alice.pub repos/
75 AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
76 AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
78 ## Bob fetches a copy and generates his own key.
80 AT_CHECK([test -r "$work"/dist/tripe-keys.conf])
81 cp "$work"/dist/tripe-keys.conf .
82 AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
83 AT_CHECK([BUILDDIR/tripe-keys generate bob],, [ignore])
84 AT_CHECK([test -r peer-bob.pub])
86 ## Alice collects Bob's key and installs it.
88 cp "$work"/bob/peer-bob.pub repos/
89 AT_CHECK([BUILDDIR/tripe-keys rebuild],, [ignore])
90 AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
92 ## Bob fetches the new update and checks that his key's there.
94 AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
95 AT_CHECK([cmp peer-bob.pub repos/peer-bob.pub])
97 ###--------------------------------------------------------------------------
98 ### Alice rolls over her master key.
100 ## Alice generates a new master key and publishes it.
102 AT_CHECK([BUILDDIR/tripe-keys newmaster],, [ignore])
103 AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
106 AT_CHECK([test -r tripe-keys.sig-0 && test -r tripe-keys.sig-1])
108 ## Bob fetches a new copy. He gets warned that something unusual has
111 AT_CHECK([BUILDDIR/tripe-keys update],, [ignore],
112 [tripe-keys: configuration file changed: recommend running another update
115 ## Alice can now destroy her old master key.
117 AT_CHECK([key -kmaster delete master-0])
118 AT_CHECK([BUILDDIR/tripe-keys upload],, [ignore])
120 ## This is OK because Bob has rolled over to the new key.
122 AT_CHECK([BUILDDIR/tripe-keys update],, [ignore])
124 ###--------------------------------------------------------------------------
125 ### Check good behaviour on signature verification failures.
127 ## Corrupt the distribution tarball.
131 tar xfz ../tripe-keys.tar.gz
132 touch repos/bogus-file
133 tar cfz ../tripe-keys.tar.gz *
135 ## Bob tries fetching again. The update will notice the problem; none of his
136 ## files will change.
138 md5sum repos/* keyring keyring.pub tripe-keys.conf >old-state.md5
139 AT_CHECK([BUILDDIR/tripe-keys update], [1], [ignore], [ignore])
140 AT_CHECK([md5sum -c old-state.md5],, [ignore])
142 ###----- That's all, folks --------------------------------------------------