sigtool/tests.sh

#! /usr/bin/env bash


# simple round-trip tests to verify the tool

arch=`./build --print-arch`
bin=./bin/$arch/sigtool
Z=`basename $0`

die() {
    echo "$Z: $@" 1>&2
    exit 1
}


[ -x $bin ] || ./build || die "Can't build sigtool for $arch"

# env name for reading the password
passenv=FOO

# this is the password for SKs
FOO=bar

# basename of keyfile
tmpdir=/tmp/sigtool$$
mkdir -p $tmpdir || die "can't mkdir $tmpdir"

#trap "rm -rf $tmpdir" EXIT

bn=$tmpdir/foo
pk=$bn.pub
sk=$bn.key
sig=$tmpdir/$Z.sig
bn2=$tmpdir/bar
pk2=$bn2.pub
sk2=$bn2.key

encout=$tmpdir/$Z.enc
decout=$tmpdir/$Z.dec

# exit on any failure
set -e

# generate keys
$bin g -E FOO $bn            || die "can't gen keypair $pk, $sk"
$bin g -E FOO $bn            && die "overwrote prev keypair"
$bin g -E FOO --overwrite $bn    || die "can't force gen keypair $pk, $sk"
$bin g -E FOO $bn2           || die "can't force gen keypair $pk2, $sk2"

# sign and verify
$bin s -E FOO $sk $0 -o $sig || die "can't sign $0"
$bin v -q $pk $sig $0        || die "can't verify signature of $0"
$bin v -q $pk2 $sig $0       && die "bad verification with wrong $pk2"

# encrypt/decrypt
$bin e -E FOO -o $encout $pk2 $0      || die "can't encrypt to $pk2"
$bin d -E FOO -o $decout $sk2 $encout || die "can't decrypt with $sk2"
cmp -s $decout $0                     || die "decrypted file mismatch with $0"

# now with sender verification
$bin e -E FOO --overwrite -o $encout -s $sk $pk2 $0      || die "can't sender-encrypt to $pk2"
$bin d -E FOO --overwrite -o $decout -v $pk $sk2 $encout || die "can't decrypt with $sk2"
cmp -s $decout $0                            || die "decrypted file mismatch with $0"


# vim: tw=100 sw=4 ts=4 expandtab
Refactored the core signing & encryption library, teach sigtool to use safe I/O. * Added new SafeFile (io.WriteCloser) class + methods to atomically write a file. * Teach core lib to use SafeFile for all file I/O * Teach sigtool to use SafeFile for all file I/O * Cleaned up the public interfaces of sign/ to be more coherent: - with uniform APIs for marshaling, unmarshaling, serialization. - removed KeyPair class/interface and stick to PrivateKey as the primary interface. * collected common rand utility functions into rand.go * Teach sigtool to NOT overwrite existing output files (keys, signatures etc.) * Teach sigtool to use a new --overwrite option for every command that creates files (generate, sign, encrypt, decrypt) * encrypt/decrypt will try to use the input file mode/perm where possible (unless input is stdin). * Added more tests 2022-04-29 21:36:39 +05:30			`#! /usr/bin/env bash`


			`# simple round-trip tests to verify the tool`

			arch=`./build --print-arch`
			`bin=./bin/$arch/sigtool`
			Z=`basename $0`

			`die() {`
			`echo "$Z: $@" 1>&2`
			`exit 1`
			`}`


			`[ -x $bin ] \|\| ./build \|\| die "Can't build sigtool for $arch"`

			`# env name for reading the password`
			`passenv=FOO`

			`# this is the password for SKs`
			`FOO=bar`

			`# basename of keyfile`
			`tmpdir=/tmp/sigtool$$`
			`mkdir -p $tmpdir \|\| die "can't mkdir $tmpdir"`

			`#trap "rm -rf $tmpdir" EXIT`

			`bn=$tmpdir/foo`
			`pk=$bn.pub`
			`sk=$bn.key`
			`sig=$tmpdir/$Z.sig`
			`bn2=$tmpdir/bar`
			`pk2=$bn2.pub`
			`sk2=$bn2.key`

			`encout=$tmpdir/$Z.enc`
			`decout=$tmpdir/$Z.dec`

			`# exit on any failure`
			`set -e`

			`# generate keys`
			`$bin g -E FOO $bn \|\| die "can't gen keypair $pk, $sk"`
			`$bin g -E FOO $bn && die "overwrote prev keypair"`
			`$bin g -E FOO --overwrite $bn \|\| die "can't force gen keypair $pk, $sk"`
			`$bin g -E FOO $bn2 \|\| die "can't force gen keypair $pk2, $sk2"`

			`# sign and verify`
			`$bin s -E FOO $sk $0 -o $sig \|\| die "can't sign $0"`
			`$bin v -q $pk $sig $0 \|\| die "can't verify signature of $0"`
			`$bin v -q $pk2 $sig $0 && die "bad verification with wrong $pk2"`

			`# encrypt/decrypt`
			`$bin e -E FOO -o $encout $pk2 $0 \|\| die "can't encrypt to $pk2"`
			`$bin d -E FOO -o $decout $sk2 $encout \|\| die "can't decrypt with $sk2"`
			`cmp -s $decout $0 \|\| die "decrypted file mismatch with $0"`

			`# now with sender verification`
			`$bin e -E FOO --overwrite -o $encout -s $sk $pk2 $0 \|\| die "can't sender-encrypt to $pk2"`
			`$bin d -E FOO --overwrite -o $decout -v $pk $sk2 $encout \|\| die "can't decrypt with $sk2"`
			`cmp -s $decout $0 \|\| die "decrypted file mismatch with $0"`



			`# vim: tw=100 sw=4 ts=4 expandtab`