From a428db8febd22593b0b2d5b14e98f126bd736652 Mon Sep 17 00:00:00 2001 From: Sudhi Herle Date: Sun, 5 Jun 2022 13:47:07 -0700 Subject: [PATCH] Added ssh tests --- tests.sh | 40 ++++++++++++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/tests.sh b/tests.sh index 7e71705..4184a46 100755 --- a/tests.sh +++ b/tests.sh @@ -7,13 +7,18 @@ arch=`./build --print-arch` bin=./bin/$arch/sigtool Z=`basename $0` +# workdir +tmpdir=/tmp/sigtool$$ + die() { echo "$Z: $@" 1>&2 + echo "$Z: Test output in $tmpdir .." 1>&2 exit 1 } -[ -x $bin ] || ./build || die "Can't build sigtool for $arch" +mkdir -p $tmpdir || die "can't mkdir $tmpdir" +[ -x $bin ] || ./build || die "Can't build sigtool for $arch" # env name for reading the password passenv=FOO @@ -21,9 +26,6 @@ passenv=FOO # this is the password for SKs FOO=bar -# basename of keyfile -tmpdir=/tmp/sigtool$$ -mkdir -p $tmpdir || die "can't mkdir $tmpdir" #trap "rm -rf $tmpdir" EXIT @@ -41,11 +43,35 @@ decout=$tmpdir/$Z.dec # exit on any failure set -e +# Now try with ssh ed25519 keys +keygen=`which ssh-keygen` +[ -z "$keygen" ] && die "can't find ssh-keygen" + +ssk1=$tmpdir/ssk1 +spk1=$ssk1.pub + +ssk2=$tmpdir/ssk2 +spk2=$ssk2.pub + +# first generate two ssh keys +$keygen -q -C 'ssk1@foo' -t ed25519 -f $ssk1 -N "" +$keygen -q -C 'ssk2@foo' -t ed25519 -f $ssk2 -N "" + +$bin s --no-password $ssk1 -o $sig $0 || die "can't sign with $ssk1" +$bin v -q $spk1 $sig $0 || die "can't verify with $spk2" + +$bin e --no-password -o $encout $spk2 $0 || die "can't encrypt to $spk2 with $ssk1" +$bin d --no-password -o $decout $ssk2 $encout || die "can't decrypt with $ssk2" + +# cleanup state +rm -f $sig $encout $decout + + # generate keys $bin g -E FOO $bn || die "can't gen keypair $pk, $sk" $bin g -E FOO $bn && die "overwrote prev keypair" $bin g -E FOO --overwrite $bn || die "can't force gen keypair $pk, $sk" -$bin g -E FOO $bn2 || die "can't force gen keypair $pk2, $sk2" +$bin g -E FOO $bn2 || die "can't force gen keypair $pk2, $sk2" # sign and verify $bin s -E FOO $sk $0 -o $sig || die "can't sign $0" @@ -62,6 +88,8 @@ $bin e -E FOO --overwrite -o $encout -s $sk $pk2 $0 || die "can't sender-en $bin d -E FOO --overwrite -o $decout -v $pk $sk2 $encout || die "can't decrypt with $sk2" cmp -s $decout $0 || die "decrypted file mismatch with $0" - +# Only delete if everything worked +echo "$Z: All tests pass!" +rm -rf $tmpdir # vim: tw=100 sw=4 ts=4 expandtab