3 # Note: some of this code is lifted from zero_length_keys.sh and
4 # test_keygen.sh, and could be unified.
9 # emulate realpath(), in case coreutils or equivalent is not installed.
17 base
="/$(basename "$f")"
19 dir
="$(cd "$dir" && pwd)"
23 if [ $# -eq 0 ] ||
[ ! -f "${1}" ] ||
[ ! -x "${1}" ]; then
24 if [ "$TESTING_TOR_BINARY" = "" ] ; then
25 echo "Usage: ${0} PATH_TO_TOR [case-number]"
30 UNAME_OS
=$
(uname
-s | cut
-d_ -f1)
31 if test "$UNAME_OS" = 'CYGWIN' || \
32 test "$UNAME_OS" = 'MSYS' || \
33 test "$UNAME_OS" = 'MINGW'; then
34 echo "This test is unreliable on Windows. See trac #26076. Skipping." >&2
43 TOR_BINARY
="${TESTING_TOR_BINARY:-./src/app/tor}"
46 TOR_BINARY
="$(abspath "$TOR_BINARY")"
48 echo "TOR BINARY IS ${TOR_BINARY}"
50 if "$TOR_BINARY" --list-modules |
grep -q "relay: no"; then
51 echo "This test requires the relay module. Skipping." >&2
75 dump
() { xxd
-p "$1" |
tr -d '\n '; }
76 die
() { echo "$1" >&2 ; exit 5; }
77 check_dir
() { [ -d "$1" ] || die
"$1 did not exist"; }
78 check_file
() { [ -e "$1" ] || die
"$1 did not exist"; }
79 check_no_file
() { if [ -e "$1" ]; then die
"$1 was not supposed to exist"; fi }
80 check_files_eq
() { cmp "$1" "$2" || die
"$1 and $2 did not match: $(dump "$1") vs $(dump "$2")"; }
81 check_keys_eq
() { check_files_eq
"${SRC}/keys/${1}" "${ME}/keys/${1}"; }
83 DATA_DIR=$(mktemp -d -t tor_key_expiration_tests.XXXXXX)
84 if [ -z "$DATA_DIR" ]; then
85 echo "Failure
: mktemp invocation returned empty string
" >&2
88 if [ ! -d "$DATA_DIR" ]; then
89 echo "Failure
: mktemp invocation result doesn
't point to directory" >&2
92 trap 'rm -rf "$DATA_DIR"' 0
94 # Use an absolute path for this or Tor will complain
95 DATA_DIR=$(cd "${DATA_DIR}" && pwd)
97 touch "${DATA_DIR}/empty_torrc"
98 touch "${DATA_DIR}/empty_defaults_torrc"
102 TOR="${TOR_BINARY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 --DataDirectory ${DATA_DIR} -f ${DATA_DIR}/empty_torrc --defaults-torrc ${DATA_DIR}/empty_defaults_torrc"
106 # Here we create a set of keys.
108 # Step 1: Start Tor with --list-fingerprint --quiet. Make sure everything is there.
110 ${TOR} ${SILENTLY} --list-fingerprint > /dev/null
112 check_dir "${DATA_DIR}/keys"
113 check_file "${DATA_DIR}/keys/ed25519_master_id_public_key"
114 check_file "${DATA_DIR}/keys/ed25519_master_id_secret_key"
115 check_file "${DATA_DIR}/keys/ed25519_signing_cert"
116 check_file "${DATA_DIR}/keys/ed25519_signing_secret_key"
117 check_file "${DATA_DIR}/keys/secret_id_key"
118 check_file "${DATA_DIR}/keys/secret_onion_key"
119 check_file "${DATA_DIR}/keys/secret_onion_key_ntor"
123 echo "=== Starting key expiration tests."
125 FN="${DATA_DIR}/stderr"
127 if [ "$CASE1" = 1 ]; then
128 echo "==== Case 1: Test --key-expiration without argument and ensure usage"
129 echo " instructions are printed."
131 ${TOR} ${QUIETLY} --key-expiration 2>"$FN" || true
132 grep "No valid argument to --key-expiration found!" "$FN" >/dev/null || \
133 die "Tor didn't mention supported
--key-expiration arguments
"
135 echo "==== Case
1: ok
"
138 if [ "$CASE2" = 1 ]; then
139 echo "==== Case
2: Start Tor with
--key-expiration 'sign' and
make sure it
"
140 echo " prints an expiration using ISO8601
date format.
"
142 ${TOR} ${QUIETLY} --key-expiration sign 2>"$FN"
143 grep "signing-cert-expiry
: [0-9]\
{4\
}-[0-9]\
{2\
}-[0-9]\
{2\
} [0-9]\
{2\
}:[0-9]\
{2\
}:[0-9]\
{2\
}" "$FN" >/dev/null || \
144 die "Tor didn
't print an expiration"
146 echo "==== Case 2: ok"
149 if [ "$CASE3" = 1 ]; then
150 echo "==== Case 3: Start Tor with --key-expiration 'sign
', when there is no"
151 echo " signing key, and make sure that Tor generates a new key"
152 echo " and prints its certificate's expiration.
"
154 mv "${DATA_DIR}/keys
/ed25519_signing_cert
" \
155 "${DATA_DIR}/keys
/ed25519_signing_cert.bak
"
157 ${TOR} --key-expiration sign > "$FN" 2>&1
158 grep "It looks like I need to generate and sign a new medium-term signing key
" "$FN" >/dev/null || \
159 die "Tor didn
't create a new signing key"
160 check_file "${DATA_DIR}/keys/ed25519_signing_cert"
161 grep "signing-cert-expiry:" "$FN" >/dev/null || \
162 die "Tor didn't print an expiration
"
164 mv "${DATA_DIR}/keys
/ed25519_signing_cert.bak
" \
165 "${DATA_DIR}/keys
/ed25519_signing_cert
"
167 echo "==== Case
3: ok
"
170 if [ "$CASE4" = 1 ]; then
171 echo "==== Case
4: Start Tor with
--format iso8601 and
make sure it prints an
"
172 echo " error message due to missing
--key-expiration argument.
"
174 ${TOR} --format iso8601 > "$FN" 2>&1 || true
175 grep -- "--format specified without
--key-expiration!" "$FN" >/dev/null || \
176 die "Tor didn
't print a missing --key-expiration error message"
178 echo "==== Case 4: ok"
181 if [ "$CASE5" = 1 ]; then
182 echo "==== Case 5: Start Tor with --key-expiration 'sign
' --format '' and"
183 echo " make sure it prints an error message due to missing value."
185 ${TOR} --key-expiration sign --format > "$FN" 2>&1 || true
186 grep "Command-line option '--format' with no value. Failing." "$FN" >/dev/null || \
187 die "Tor didn't print a missing format value error message
"
189 echo "==== Case
5: ok
"
192 if [ "$CASE6" = 1 ]; then
193 echo "==== Case
6: Start Tor with
--key-expiration 'sign' --format 'invalid'"
194 echo " and
make sure it prints an error message due to invalid
"
197 ${TOR} --key-expiration sign --format invalid > "$FN" 2>&1 || true
198 grep "Invalid
--format value
" "$FN" >/dev/null || \
199 die "Tor didn
't print an invalid format value error message"
201 echo "==== Case 6: ok"
204 if [ "$CASE7" = 1 ]; then
205 echo "==== Case 7: Start Tor with --key-expiration 'sign
' --format 'iso8601
'"
206 echo " and make sure it prints an expiration using ISO8601 date"
209 ${TOR} ${QUIETLY} --key-expiration sign --format iso8601 2>"$FN"
210 grep "signing-cert-expiry: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}" "$FN" >/dev/null || \
211 die "Tor didn't print an expiration
"
213 echo "==== Case
7: ok
"
216 if [ "$CASE8" = 1 ]; then
217 echo "==== Case
8: Start Tor with
--key-expiration 'sign' --format 'timestamp'"
218 echo " and
make sure it prints an expiration using timestamp
date"
221 ${TOR} ${QUIETLY} --key-expiration sign --format timestamp 2>"$FN"
222 grep "signing-cert-expiry
: [0-9]\
{5,\
}" "$FN" >/dev/null || \
223 die "Tor didn
't print an expiration"
225 echo "==== Case 8: ok"