#!/usr/bin/env bash # Tests to ensure that the monkeysphere is working # Authors: # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Jameson Rollins <jrollins@fifthhorseman.net> # Micah Anderson <micah@riseup.net> # # Copyright: 2008-2009 # License: GPL v3 or later # these tests should all be able to run as a non-privileged user. # all subcommands in this script should complete without failure: set -e # piped commands should return the code of the first non-zero return set -o pipefail # make sure the TESTDIR is an absolute path, not a relative one. export TESTDIR=$(cd $(dirname "$0") && pwd) source "$TESTDIR"/common perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test. On debian-derived systems, you can set this up with: apt-get install libcrypt-openssl-rsa-perl" ; exit 1; } perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test. On debian-derived systems, you can set this up with: apt-get install libdigest-sha1-perl" ; exit 1; } ###################################################################### ### SETUP VARIABLES ## set up some variables to ensure that we're operating strictly in ## the tests, not system-wide: mkdir -p "$TESTDIR"/tmp TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") mkdir "$TEMPDIR"/bin ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans # Use the local copy of executables first, instead of system ones. # This should help us test without installing. export PATH="$TEMPDIR"/bin:"$PATH" ## setup trap trap failed_cleanup EXIT ###################################################################### ### TEST KEYTRANS echo "##################################################" echo "### generating openpgp key..." export GNUPGHOME="$TEMPDIR" chmod 700 "$TEMPDIR" # create the key with the same preferences that monkeysphere uses. cat > "$TEMPDIR"/gpg.conf <<EOF default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES cert-digest-algo SHA256 list-options show-uid-validity,show-unusable-uids EOF # generate a key gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF Key-Type: RSA Key-Length: 1024 Key-Usage: sign Name-Real: testtest Expire-Date: 0 %commit %echo done EOF echo "##################################################" echo "### retrieving key timestamp..." timestamp=$(gpg --list-key --with-colons --fixed-list-mode | \ grep ^pub: | cut -d: -f6) echo "##################################################" echo "### exporting key to ssh file..." gpg --export-secret-key | openpgp2ssh > \ "$TEMPDIR"/test.pem gpg --export-secret-key > "$TEMPDIR"/secret.key PEM2OPENPGP_USAGE_FLAGS=sign,certify \ PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \ < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key echo "##################################################" echo "### reconvert key, and compare to key in gpg keyring..." diff -u \ <(gpg --list-packets < "$TEMPDIR"/secret.key) \ <(gpg --list-packets < "$TEMPDIR"/converted.secret.key) diff -u \ <(hd "$TEMPDIR"/secret.key) \ <(hd "$TEMPDIR"/converted.secret.key) KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:) KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) echo "conversions look good!" echo "Now working with key $KEYID at time $timestamp" gpg --check-trustdb gpg --list-keys echo "##################################################" echo "### test User ID addition..." < "$TEMPDIR"/secring.gpg \ PEM2OPENPGP_TIMESTAMP="$timestamp" \ PEM2OPENPGP_USAGE_FLAGS=sign,certify \ keytrans adduserid "$KEYID" "monkeymonkey" | gpg --import gpg --check-trustdb gpg --list-keys cat >"$TEMPDIR"/expectedout <<EOF pub:u:1024:1:$KEYID:$timestamp:::u:::scSC: uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: EOF diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) echo "##################################################" echo "### test User ID revocation ... " revtime=$(($timestamp + 1)) < "$TEMPDIR"/secring.gpg \ PEM2OPENPGP_TIMESTAMP="$revtime" \ keytrans revokeuserid "$KEYID" "testtest" | gpg --import gpg --check-trustdb gpg --list-keys cat >"$TEMPDIR"/expectedout <<EOF pub:u:1024:1:$KEYID:$timestamp:::u:::scSC: uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: rev:!::1:$KEYID:$revtime::::monkeymonkey:30x: EOF diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) echo "##################################################" echo "### test working with two primary keys ... " ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \ PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \ < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs) NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40) < "$TEMPDIR"/newkey.gpg gpg --import < "$TEMPDIR"/secring.gpg \ PEM2OPENPGP_TIMESTAMP="$timestamp" \ keytrans adduserid "$KEYID" "baz" | gpg --import gpg --check-sigs --with-colons --fixed-list-mode cat >"$TEMPDIR"/expectedout <<EOF pub:u:1024:1:$KEYID:$timestamp:::u:::scSC: uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: rev:!::1:$KEYID:$revtime::::monkeymonkey:30x: uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz: sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA: uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar: sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x: EOF echo "test: diff expected gpg list output" diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) cat >"$TEMPDIR"/expectedout <<EOF $KEYFPR $NEWKEYFPR EOF echo "test: diff expected keytrans listfpr output" if ! diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs) ; then # test reverse order echo "test: diff test again with permuted order" cat >"$TEMPDIR"/expectedout <<EOF $NEWKEYFPR $KEYFPR EOF diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs) fi ## FIXME: addtest: not testing subkeys at the moment. trap - EXIT echo "##################################################" echo " Monkeysphere keytrans test completed successfully!" echo "##################################################" cleanup