Cradicle Explorer
HardenedBSD-pkg
/ tests / frontend / key.sh
key.sh
 1  #! /usr/bin/env atf-sh
 2  
 3  . $(atf_get_srcdir)/test_environment.sh
 4  
 5  tests_init \
 6  	key_create \
 7  	key_pubout \
 8  	key_sign
 9  
10  key_create_head() {
11  	atf_set "require.progs" "openssl"
12  }
13  key_create_body() {
14  	echo "secure msg" > msg
15  
16  	atf_check -o save:repo.pub -e ignore -x pkg key --create -t rsa \
17  	    repo.key
18  
19  	# Group permissions are OK, but let's strive for limited to the user.
20  	# This doesn't use stat(1) to side-step the differences between
21  	# platforms in how to request specific fields; the ls(1) mode
22  	# representation is usually consistent enough.
23  	atf_check -o match:'-{6}$' -x 'ls -l repo.key | cut -c1-10'
24  	# Should have also output the corresponding pub key.
25  	atf_check test -s repo.pub
26  
27  	# Make sure it's functional.
28  	atf_check -o save:msg.sign openssl dgst -sign repo.key -sha256 \
29  	    -binary msg
30  	atf_check -o ignore openssl dgst -sha256 -verify repo.pub \
31  	    -signature msg.sign msg
32  
33  	for signer in ecc ecdsa eddsa; do
34  		rm -f repo.key repo.pub
35  		atf_check -o save:repo.pub -e ignore -x pkg key --create \
36  		    -t "$signer" repo.key
37  
38  		atf_check -o match:'-{6}$' -x 'ls -l repo.key | cut -c1-10'
39  		atf_check test -s repo.pub
40  	done
41  }
42  
43  key_pubout_head() {
44  	atf_set "require.progs" "openssl"
45  }
46  key_pubout_body() {
47  	echo "secure msg" > msg
48  
49  	atf_check -o ignore -e ignore -x pkg key --create -t rsa repo
50  	# Oops, we lost the public key.
51  	rm repo.pub
52  	atf_check test ! -f repo.pub
53  	atf_check -o save:repo.pub pkg key --public -t rsa repo
54  
55  	# Make sure it's functional.
56  	atf_check -o save:msg.sign openssl dgst -sign repo -sha256 -binary msg
57  	atf_check -o ignore openssl dgst -sha256 -verify repo.pub -signature msg.sign msg
58  }
59  
60  key_sign_head() {
61  	atf_set "require.progs" "openssl"
62  }
63  key_sign_body() {
64  	echo "secure msg" > msg
65  
66  	for signer in rsa ecdsa; do
67  		rm -f repo.key repo.pub msg.sig
68  
69  		# Generate a key with pkg
70  		atf_check -o save:repo.pub -e ignore \
71  		    pkg key --create -t "$signer" repo.key
72  		
73  		atf_check -o save:msg.sig \
74  		    pkg key --sign -t "$signer" repo.key < msg
75  
76  		if [ $signer = ecdsa ]; then
77  			keyform="-keyform DER"
78  		else
79  			keyform=""
80  		fi
81  
82  		atf_check -o ignore openssl dgst -sha256 $keyform -verify repo.pub \
83  		    -signature msg.sig msg
84  	done
85  }