tTEST: kdf=null, passwd added - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 42f239a8d6f00010d3d6223babb99a1bbe2b0dd1
(DIR) parent 48f8bf28fc70007c919011834d4c194c1c617d90
(HTM) Author: boyska <piuttosto@logorroici.org>
Date: Sat, 8 Sep 2012 14:00:32 +0200
TEST: kdf=null, passwd added
some cleanup: first usage of try-always block, which makes cleanup actions
much cleaner
Diffstat:
A src/test/kdf_null.test.sh | 9 +++++++++
A src/test/passwd.test.sh | 27 +++++++++++++++++++++++++++
M src/test/simple.test.sh | 3 ++-
M src/test/testall.sh | 40 ++++++++++++++++++++++---------
M src/tomb | 56 +++++++++++++++++++------------
5 files changed, 102 insertions(+), 33 deletions(-)
---
(DIR) diff --git a/src/test/kdf_null.test.sh b/src/test/kdf_null.test.sh
t@@ -0,0 +1,9 @@
+rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
+sudo -k
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 --kdf null >&4 2>&4 || echo "error creating (with --kdf null): $?" >&3
+egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (--kdf=null), shouldn't" >&3
+sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3
+rm /tmp/kdf.tomb{,.key} -f || echo error removing previous files >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/kdf -s 10 >&4 2>&4 || echo "error creating (without --kdf): $?" >&3
+egrep '^_KDF_' /tmp/kdf.tomb.key >&4 2>&4 && echo "error tomb kdf header present (no --kdf), shouldn't" >&3
+sanity_tomb /tmp/kdf.tomb || echo error sanity checks: $? >&3
(DIR) diff --git a/src/test/passwd.test.sh b/src/test/passwd.test.sh
t@@ -0,0 +1,27 @@
+rm /tmp/asd.tomb{,.key} -f || exit 1
+{
+sudo -k
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
+sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
+#checking wrong&correct password
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing1 $? >&3
+#now changing password
+../tomb --no-color --unsecure-dev-mode --tomb-old-pwd f00za --tomb-pwd n3w passwd /tmp/asd.tomb.key >&4 2>&4 || echo error changing password: $? >&3
+#checking it all
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful after passwd >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 && echo error: open with old password is successful >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd n3w open /tmp/asd.tomb >&4 2>&4 || echo error opening after new password: $? >&3
+
+../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
+../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
+mountpoint=`../tomb --no-color list --get-mountpoint asd`
+df $mountpoint >&4 || echo error df: $? >&3
+
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing2: $? >&3
+} always {
+ rm /tmp/asd.tomb{,.key} -f
+}
+
+
(DIR) diff --git a/src/test/simple.test.sh b/src/test/simple.test.sh
t@@ -2,7 +2,8 @@ rm /tmp/asd.tomb{,.key} -f || exit 1
sudo -k
../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
-../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error creating: $? >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
+../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
mountpoint=`../tomb --no-color list --get-mountpoint asd`
(DIR) diff --git a/src/test/testall.sh b/src/test/testall.sh
t@@ -1,14 +1,7 @@
#!/usr/bin/env zsh
-source utils.sh
-if [[ -z $sudo_pwd ]]; then
- echo "WARNING: sudo_pwd is probably needed by some test"
-fi
-rm /tmp/tomb_test_errorlog -f &> /dev/null
-has_err=0
-autoload colors
-colors
-for t in *.test.sh; do
+test_file() {
+ t=$1
echo -n "$fg[yellow]$t start test... $fg[default]"
sudo_pwd=$sudo_pwd source $t 3> /tmp/tomb_test_errorlog 4> /tmp/tomb_test_fulllog
ret=$?
t@@ -22,9 +15,34 @@ for t in *.test.sh; do
echo "\n--- Full log (for $t) ---\n"
< /tmp/tomb_test_fulllog
rm /tmp/tomb_test_fulllog
- has_err=1
+ return 1
fi
-done
+ return 0
+}
+
+source utils.sh
+if [[ -z $sudo_pwd ]]; then
+ echo "WARNING: sudo_pwd is probably needed by some test"
+fi
+rm /tmp/tomb_test_errorlog -f &> /dev/null
+has_err=0
+autoload colors
+colors
+if [[ $# == 0 ]]; then
+ for t in *.test.sh; do
+ test_file $t
+ if [[ $? != 0 ]]; then
+ has_err=$?
+ fi
+ done
+else
+ for t in "$@"; do
+ test_file $t
+ if [[ $? != 0 ]]; then
+ has_err=$?
+ fi
+ done
+fi
exit $has_err
(DIR) diff --git a/src/tomb b/src/tomb
t@@ -1042,6 +1042,9 @@ mount_tomb() {
local ret=$?
unset tombpass
if [[ $ret != 0 ]]; then
+ if [[ $c = 3 ]] || option_is_set --tomb-pwd; then
+ die "Wrong password: aborting"
+ fi
continue
fi
t@@ -1292,35 +1295,46 @@ change_passwd() {
local tmpnewkey lukskey c tombpass tombpasstmp
- tmpnewkey=`safe_filename tomb`
- lukskey=`safe_filename tomb`
+ tmpnewkey=`safe_filename tombnew`
+ lukskey=`safe_filename tombluks`
_success "Changing password for $keyfile"
keyname=`basename $keyfile`
- while true; do
- tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
- if [[ $? == 1 ]]; then
- die "User aborted"
- fi
- if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
- break
+ if ! option_is_set --tomb-old-pwd; then
+ while true; do
+ tombpass=`exec_as_user ${TOMBEXEC} askpass "Type old password for ${keyname}" "Change tomb key password"`
+ if [[ $? == 1 ]]; then
+ die "User aborted"
+ fi
+ if get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
+ break
+ fi
+ done
+ else
+ tombpass=`option_value --tomb-old-pwd`
+ if ! get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; then
+ die "Invalid old password"
fi
- done
+ fi
- gen_key $lukskey > $tmpnewkey
+ {
+ gen_key $lukskey > ${tmpnewkey}
- if ! is_valid_key $tmpnewkey; then
+ if ! is_valid_key $tmpnewkey; then
+ die "Error: the newly generated keyfile does not seem valid"
+ else
+ # copy the new key as the original keyfile name
+ cp "${tmpnewkey}" "${keyfile}"
+ _success "Your passphrase was successfully updated."
+ fi
+ } always {
+ _verbose "cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
- die "Error: the newly generated keyfile does not seem valid"
- fi
-
- # copy the new key as the original keyfile name
- cp "${tmpnewkey}" "${keyfile}"
- _success "Your passphrase was successfully updated."
+ }
- return 0
+ return $?
}
# }}}
t@@ -1745,7 +1759,7 @@ main() {
subcommands_opts[open]="f n -nohook=n k: -key=k U: -uid=U G: -gid=G o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
subcommands_opts[mount]=${subcommands_opts[open]}
subcommands_opts[create]="f s: -size=s -force k: -key=k U: -uid=U G: -gid=G -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
- subcommands_opts[passwd]="f -ignore-swap -kdf: "
+ subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
subcommands_opts[close]="-sudo-pwd: U: -uid=U G: -gid=G"
subcommands_opts[help]=""
subcommands_opts[slam]=""
t@@ -1836,7 +1850,7 @@ main() {
autoload colors; colors
fi
if ! option_is_set --unsecure-dev-mode; then
- for opt in --sudo-pwd --tomb-pwd --use-urandom; do
+ for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
if option_is_set $opt; then
die "You specified option $opt, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" 127
fi