src/test/test_key_expiration.sh

   1 #!/bin/sh
   2
   3 # Note: some of this code is lifted from zero_length_keys.sh and
   4 # test_keygen.sh, and could be unified.
   5
   6 umask 077
   7 set -e
   8
   9 # emulate realpath(), in case coreutils or equivalent is not installed.
  10 abspath() {
  11     f="$*"
  12     if [ -d "$f" ]; then
  13         dir="$f"
  14         base=""
  15     else
  16         dir="$(dirname "$f")"
  17         base="/$(basename "$f")"
  18     fi
  19     dir="$(cd "$dir" && pwd)"
  20     echo "$dir$base"
  21 }
  22
  23 if [ $# -eq 0 ] || [ ! -f "${1}" ] || [ ! -x "${1}" ]; then
  24   if [ "$TESTING_TOR_BINARY" = "" ] ; then
  25     echo "Usage: ${0} PATH_TO_TOR [case-number]"
  26     exit 1
  27   fi
  28 fi
  29
  30 UNAME_OS=$(uname -s | cut -d_ -f1)
  31 if test "$UNAME_OS" = 'CYGWIN' || \
  32    test "$UNAME_OS" = 'MSYS' || \
  33    test "$UNAME_OS" = 'MINGW'; then
  34   echo "This test is unreliable on Windows. See trac #26076. Skipping." >&2
  35   exit 77
  36 fi
  37
  38 # find the tor binary
  39 if [ $# -ge 1 ]; then
  40   TOR_BINARY="${1}"
  41   shift
  42 else
  43   TOR_BINARY="${TESTING_TOR_BINARY:-./src/app/tor}"
  44 fi
  45
  46 TOR_BINARY="$(abspath "$TOR_BINARY")"
  47
  48 echo "TOR BINARY IS ${TOR_BINARY}"
  49
  50 if "$TOR_BINARY" --list-modules | grep -q "relay: no"; then
  51   echo "This test requires the relay module. Skipping." >&2
  52   exit 77
  53 fi
  54
  55 if [ $# -ge 1 ]; then
  56   dflt=0
  57 else
  58   dflt=1
  59 fi
  60
  61 CASE1=$dflt
  62 CASE2=$dflt
  63 CASE3=$dflt
  64 CASE4=$dflt
  65 CASE5=$dflt
  66 CASE6=$dflt
  67 CASE7=$dflt
  68 CASE8=$dflt
  69
  70 if [ $# -ge 1 ]; then
  71   eval "CASE${1}"=1
  72 fi
  73
  74
  75 dump() { xxd -p "$1" | tr -d '\n '; }
  76 die() { echo "$1" >&2 ; exit 5; }
  77 check_dir() { [ -d "$1" ] || die "$1 did not exist"; }
  78 check_file() { [ -e "$1" ] || die "$1 did not exist"; }
  79 check_no_file() { if [ -e "$1" ]; then die "$1 was not supposed to exist"; fi }
  80 check_files_eq() { cmp "$1" "$2" || die "$1 and $2 did not match: $(dump "$1") vs $(dump "$2")"; }
  81 check_keys_eq() { check_files_eq "${SRC}/keys/${1}" "${ME}/keys/${1}"; }
  82
  83 DATA_DIR=$(mktemp -d -t tor_key_expiration_tests.XXXXXX)
  84 if [ -z "$DATA_DIR" ]; then
  85   echo "Failure: mktemp invocation returned empty string" >&2
  86   exit 3
  87 fi
  88 if [ ! -d "$DATA_DIR" ]; then
  89   echo "Failure: mktemp invocation result doesn't point to directory" >&2
  90   exit 3
  91 fi
  92 trap 'rm -rf "$DATA_DIR"' 0
  93
  94 # Use an absolute path for this or Tor will complain
  95 DATA_DIR=$(cd "${DATA_DIR}" && pwd)
  96
  97 touch "${DATA_DIR}/empty_torrc"
  98 touch "${DATA_DIR}/empty_defaults_torrc"
  99
 100 QUIETLY="--hush"
 101 SILENTLY="--quiet"
 102 TOR="${TOR_BINARY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 --DataDirectory ${DATA_DIR} -f ${DATA_DIR}/empty_torrc --defaults-torrc ${DATA_DIR}/empty_defaults_torrc"
 103
 104 ##### SETUP
 105 #
 106 # Here we create a set of keys.
 107
 108 # Step 1: Start Tor with --list-fingerprint --quiet.  Make sure everything is there.
 109 echo "Setup step #1"
 110 ${TOR} ${SILENTLY} --list-fingerprint > /dev/null
 111
 112 check_dir "${DATA_DIR}/keys"
 113 check_file "${DATA_DIR}/keys/ed25519_master_id_public_key"
 114 check_file "${DATA_DIR}/keys/ed25519_master_id_secret_key"
 115 check_file "${DATA_DIR}/keys/ed25519_signing_cert"
 116 check_file "${DATA_DIR}/keys/ed25519_signing_secret_key"
 117 check_file "${DATA_DIR}/keys/secret_id_key"
 118 check_file "${DATA_DIR}/keys/secret_onion_key"
 119 check_file "${DATA_DIR}/keys/secret_onion_key_ntor"
 120
 121 ##### TEST CASES
 122
 123 echo "=== Starting key expiration tests."
 124
 125 FN="${DATA_DIR}/stderr"
 126
 127 if [ "$CASE1" = 1 ]; then
 128   echo "==== Case 1: Test --key-expiration without argument and ensure usage"
 129   echo "             instructions are printed."
 130
 131   ${TOR} ${QUIETLY} --key-expiration 2>"$FN" || true
 132   grep "No valid argument to --key-expiration found!" "$FN" >/dev/null || \
 133     die "Tor didn't mention supported --key-expiration arguments"
 134
 135   echo "==== Case 1: ok"
 136 fi
 137
 138 if [ "$CASE2" = 1 ]; then
 139   echo "==== Case 2: Start Tor with --key-expiration 'sign' and make sure it"
 140   echo "             prints an expiration using ISO8601 date format."
 141
 142   ${TOR} ${QUIETLY} --key-expiration sign 2>"$FN"
 143   grep "signing-cert-expiry: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}" "$FN" >/dev/null || \
 144     die "Tor didn't print an expiration"
 145
 146   echo "==== Case 2: ok"
 147 fi
 148
 149 if [ "$CASE3" = 1 ]; then
 150   echo "==== Case 3: Start Tor with --key-expiration 'sign', when there is no"
 151   echo "             signing key, and make sure that Tor generates a new key"
 152   echo "             and prints its certificate's expiration."
 153
 154   mv "${DATA_DIR}/keys/ed25519_signing_cert" \
 155      "${DATA_DIR}/keys/ed25519_signing_cert.bak"
 156
 157   ${TOR} --key-expiration sign > "$FN" 2>&1
 158   grep "It looks like I need to generate and sign a new medium-term signing key" "$FN" >/dev/null || \
 159     die "Tor didn't create a new signing key"
 160   check_file "${DATA_DIR}/keys/ed25519_signing_cert"
 161   grep "signing-cert-expiry:" "$FN" >/dev/null || \
 162     die "Tor didn't print an expiration"
 163
 164   mv "${DATA_DIR}/keys/ed25519_signing_cert.bak" \
 165      "${DATA_DIR}/keys/ed25519_signing_cert"
 166
 167   echo "==== Case 3: ok"
 168 fi
 169
 170 if [ "$CASE4" = 1 ]; then
 171   echo "==== Case 4: Start Tor with --format iso8601 and make sure it prints an"
 172   echo "             error message due to missing --key-expiration argument."
 173
 174   ${TOR} --format iso8601 > "$FN" 2>&1 || true
 175   grep -- "--format specified without --key-expiration!" "$FN" >/dev/null || \
 176     die "Tor didn't print a missing --key-expiration error message"
 177
 178   echo "==== Case 4: ok"
 179 fi
 180
 181 if [ "$CASE5" = 1 ]; then
 182   echo "==== Case 5: Start Tor with --key-expiration 'sign' --format '' and"
 183   echo "             make sure it prints an error message due to missing value."
 184
 185   ${TOR} --key-expiration sign --format > "$FN" 2>&1 || true
 186   grep "Command-line option '--format' with no value. Failing." "$FN" >/dev/null || \
 187     die "Tor didn't print a missing format value error message"
 188
 189   echo "==== Case 5: ok"
 190 fi
 191
 192 if [ "$CASE6" = 1 ]; then
 193   echo "==== Case 6: Start Tor with --key-expiration 'sign' --format 'invalid'"
 194   echo "             and make sure it prints an error message due to invalid"
 195   echo "             value."
 196
 197   ${TOR} --key-expiration sign --format invalid > "$FN" 2>&1 || true
 198   grep "Invalid --format value" "$FN" >/dev/null || \
 199     die "Tor didn't print an invalid format value error message"
 200
 201   echo "==== Case 6: ok"
 202 fi
 203
 204 if [ "$CASE7" = 1 ]; then
 205   echo "==== Case 7: Start Tor with --key-expiration 'sign' --format 'iso8601'"
 206   echo "             and make sure it prints an expiration using ISO8601 date"
 207   echo "             format."
 208
 209   ${TOR} ${QUIETLY} --key-expiration sign --format iso8601 2>"$FN"
 210   grep "signing-cert-expiry: [0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\}" "$FN" >/dev/null || \
 211     die "Tor didn't print an expiration"
 212
 213   echo "==== Case 7: ok"
 214 fi
 215
 216 if [ "$CASE8" = 1 ]; then
 217   echo "==== Case 8: Start Tor with --key-expiration 'sign' --format 'timestamp'"
 218   echo "             and make sure it prints an expiration using timestamp date"
 219   echo "             format."
 220
 221   ${TOR} ${QUIETLY} --key-expiration sign --format timestamp 2>"$FN"
 222   grep "signing-cert-expiry: [0-9]\{5,\}" "$FN" >/dev/null || \
 223     die "Tor didn't print an expiration"
 224
 225   echo "==== Case 8: ok"
 226 fi