gnupg/checks/checkit

#!/bin/bash
#  Script for G10 testing
#---------------------------------------------------------

#--------------------------------
#------ constants ---------------
#--------------------------------

usrname1="one"
usrpass1="def"
usrname2="two"
usrpass2=""
plain_files="plain-1 plain-2"
data_files=""
exp_files=""


#--------------------------------
#------ utility functions -------
#--------------------------------

fatal () {
    echo "$pgmname: fatal:" $* >&2
    exit 1;
}

error () {
    echo "$pgmname:" $* >&2
    exit 1
}

info () {
    echo "$pgmname:" $* >&2
}

chdir () {
    cd $1 || fatal "cannot cd to $1"
}

cleanup () {
    rm $data_files x y z 2>/dev/null
    echo "#empty" >./options
}


run_g10 () {
    if ! eval ../g10/gpg --homedir . $* ; then
	echo "(../g10/gpg --homedir . $*) failed" >&2
	exit 1
    fi
}

run_g10maint () {
    if ! eval ../g10/gpgm --homedir . $* ; then
	echo "(../g10/gpgm --homedir . $*) failed" >&2
	exit 1
    fi
}

#--------------------------------
#-------- main program ----------
#--------------------------------

set -e
pgmname=$(basename $0)
trap cleanup SIGHUP SIGINT SIGQUIT


# some checks
for i in $plain_files plain-3o.asc ; do
    [ -f $i ] || fatal "$i: missing"
done
for i in $exp_files; do
    [ -f $i ] || fatal "$i: script missing"
done
# create the keyrings

cat <<EOF  >./options
no-greeting
no-secmem-warning
batch
EOF

# print the G10 version
run_g10 --version

info Unpacking some material
run_g10maint --yes --dearmor -o pubring.gpg pubring.asc
run_g10maint --yes --dearmor -o secring.gpg secring.asc
run_g10maint --yes --dearmor -o gnupg.sig gnupg.asc
run_g10maint --yes --dearmor -o plain-3 plain-3o.asc
plain_files="$plain_files plain-3"
# make sure all files are created
echo "$usrpass1" | run_g10 --no-operation

info Checking decryption
for i in $plain_files ; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -o y --yes $i.asc
    cmp $i y || error "$i: mismatch"
done

info Checking cleartext signatures
# There is a minor glitch, which appends a lf to the cleartext.
# I do not consider that a bug, but I have to use the head .. mimic.
# It is not clear what should happen to leading LFs, we must
# change the defintion of cleartext, so that only 1 empty line
# must follow the headers, but some specs say: any number of empty lines ..
# clean-sat removes leading LFs
# I know that this does not work for random data files (due to large lines
# or what ever) - I hope we can live with it.
for i in $plain_files; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -sat -o x --yes $i
    run_g10 -o y --yes x
    ../tools/clean-sat < $i > z
    head -c $[ $(cat y | wc -c) - 1 ] y | diff - z || error "$i: mismatch"
done

info Creating some random data files
for i in 500 9000 32000 80000; do
    head -c $i /dev/urandom >data-$i
    data_files="$data_files data-$i"
done

info Checking armored signatures
for i in $plain_files $data_files ; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -sa -o x --yes $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done

info Checking signatures
for i in $plain_files $data_files; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -s -o x --yes $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done


info Checking armored encryption
for i in $plain_files $data_files ; do
    run_g10 -ea -o x --yes -r "$usrname2" $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done

info Checking armored encryption with a pipe
for i in $plain_files $data_files ; do
    run_g10 -ea --yes -r "$usrname2" < $i | tee x \
    | run_g10 -o y --yes
    cmp $i y || error "$i: mismatch"
    run_g10 --yes < x > y
    cmp $i y || error "$i: mismatch"
done

info Checking encryption
for i in $plain_files $data_files ; do
    run_g10 -e -o x --yes -r "$usrname2" $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done

info Checking encryption with a pipe
for i in $plain_files $data_files ; do
    run_g10 -e --yes -r "$usrname2" < $i \
    | run_g10 --yes > y
    cmp $i y || error "$i: mismatch"
done


info Checking signing and encryption
for i in $plain_files $data_files ; do
    echo "$usrpass1" \
    | run_g10 --passphrase-fd 0 -se -o x --yes -r "$usrname2" $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done

info Checking armored signing and encryption
for i in $plain_files $data_files ; do
    echo "$usrpass1" \
    | run_g10 --passphrase-fd 0 -sae -o x --yes -r "$usrname2" $i
    run_g10 -o y --yes x
    cmp $i y || error "$i: mismatch"
done


info Checking armored detached signatures
for i in $plain_files $data_files ; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -sab -o x --yes $i
    run_g10 -o /dev/null --yes x  <$i || error "$i: bad signature"
done

info Checking detached signatures
for i in $plain_files $data_files ; do
    echo "$usrpass1" | run_g10 --passphrase-fd 0 -sb -o x --yes $i
    run_g10 -o /dev/null --yes x  <$i || error "$i: bad signature"
done


info Checking detached signatures of multiple files
i="$plain_files $data_files"
echo "$usrpass1" | run_g10 --passphrase-fd 0 -sb -o x --yes $i
cat $i | run_g10 -o /dev/null --yes x || error "$i: bad signature"

info Checking armored detached signatures of multiple files
i="$plain_files $data_files"
echo "$usrpass1" | run_g10 --passphrase-fd 0 -sab -o x --yes $i
cat $i | run_g10 -o /dev/null --yes x || error "$i: bad signature"


info "All tests passed."
exit 0