From c1b5e1b3100f1da042bf04de747544115912d569 Mon Sep 17 00:00:00 2001 From: Jaromil Date: Sat, 31 Aug 2024 05:18:03 +0200 Subject: [PATCH] remove sphinx from tests and docs leftover strings are in translations, maybe take them off later --- doc/tomb.1 | 29 ----------------------------- extras/test/00_create.sh | 12 ------------ extras/test/10_operations.sh | 8 -------- extras/test/60_resize.sh | 15 ++++----------- extras/test/65_passwd.sh | 12 ------------ extras/test/90_setkey.sh | 19 ------------------- extras/test/setup | 6 ------ extras/test/sphinx.cfg | 15 --------------- 8 files changed, 4 insertions(+), 112 deletions(-) delete mode 100644 extras/test/sphinx.cfg diff --git a/doc/tomb.1 b/doc/tomb.1 index fd86025f..f3c0ca72 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -306,17 +306,6 @@ Select a different tool than sudo for privilege escalation. Alternatives supported so far are: pkexec, doas, sup, sud. For any alternative to work the executable must be included in the current PATH. -.B -.IP "--sphx-user \fI\fR" -Activate the SPHINX feature for password-authenticated key agreement. -This option indicates the \fI\fR used to retrieve the -password from a sphinx oracle key reachable via TCP/IP. -.B -.IP "--sphx-host \fI\fR" -Activate the SPHINX feature for password-authenticated key agreement. -This option indicates the \fI\fR used to retrieve the password -from a sphinx oracle daemon reachable via TCP/IP. This is not the -network address of the daemon, which is configured in /etc/sphinx .B .IP "-h" @@ -484,24 +473,6 @@ its copies are destroyed. The \fI-r\fR option can be used in the tomb commands: \fIopen\fR, \fIforge\fR \fIsetkey\fR, \fIpasswd\fR, \fIbury\fR, \fIexhume\fR and \fIresize\fR. -.SH SPHINX (PAKE) - -Using the package libsphinx -.UR https://github.com/stef/libsphinx -.UE -and its python client/daemon implementation pwdsphinx -.UR https://github.com/stef/pwdsphinx -.UE -is possible to store and retrieve safely the password that locks the -tomb. Using this feature will make it impossible to retrieve the -password without the oracle sphinx server running and reachable. Each -key entry needs a username and a domain specified on creation and -a password that locks it. - -SPHINX makes it impossible to maliciously retrieve the password -locking the tomb key without an attacker accessing both the -server, the sphinx password and the tomb key file. - .SH EXAMPLES .IP \(bu diff --git a/extras/test/00_create.sh b/extras/test/00_create.sh index 1aae78f4..74351cf3 100644 --- a/extras/test/00_create.sh +++ b/extras/test/00_create.sh @@ -15,18 +15,6 @@ test_expect_success 'Testing tomb creation: dig, forge and lock' ' tt_lock --tomb-pwd $DUMMYPASS ' -if test_have_prereq SPHINX ORACLE; then - test_export "sphinx_test" - test_expect_success 'Testing tomb creation: dig, forge and lock (sphinx password handling)' ' - tt_dig -s 20 && - tt_forge --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - print $(echo $DUMMYPASS | sphinx get $DUMMYUSER $DUMMYHOST) \ - | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key \ - | xxd && - tt_lock --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST - ' -fi - if test_have_prereq DOAS; then test_export "doas_test" test_expect_success 'Testing tomb creation: dig, forge and lock (using doas instead of sudo)' ' diff --git a/extras/test/10_operations.sh b/extras/test/10_operations.sh index c9b1be93..53242319 100644 --- a/extras/test/10_operations.sh +++ b/extras/test/10_operations.sh @@ -44,14 +44,6 @@ if test_have_prereq LSOF; then ' fi -if test_have_prereq SPHINX ORACLE; then - test_export "sphinx_test" # Using already generated tomb - test_expect_success 'Testing open with good password (sphinx)' ' - tt_open --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - tt_close - ' -fi - if test_have_prereq DOAS; then test_export "doas_test" # Using already generated tomb test_expect_success 'Testing open with good password (using doas instead of sudo)' ' diff --git a/extras/test/60_resize.sh b/extras/test/60_resize.sh index 3c430c19..baaff317 100644 --- a/extras/test/60_resize.sh +++ b/extras/test/60_resize.sh @@ -5,24 +5,17 @@ export test_description="Testing tomb resize feature" source ./setup if test_have_prereq RESIZER; then - test_export "test" # Using already generated tomb - test_expect_success 'Testing resize to 30 MB tomb' ' + test_export "test" # Using already generated tomb + test_expect_success 'Testing resize to 30 MB tomb' ' tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS ' -if test_have_prereq GPGRCPT; then + if test_have_prereq GPGRCPT; then test_export "recipient" # Using already generated tomb test_expect_success 'Testing resize to 30 MB tomb with GnuPG keys' ' tt resize -s 30 $tomb -k $tomb_key -g -r $KEY2 ' -fi + fi fi # RESIZER -if test_have_prereq RESIZER SPHINX ORACLE; then - test_export "sphinx_test" # Using already generated tomb - test_expect_success 'Testing resize to 30 MB tomb (sphinx)' ' - tt resize -s 30 $tomb -k $tomb_key --unsafe --tomb-pwd $DUMMYPASS --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST - ' -fi - test_done diff --git a/extras/test/65_passwd.sh b/extras/test/65_passwd.sh index dca1ce36..55f5c3b3 100644 --- a/extras/test/65_passwd.sh +++ b/extras/test/65_passwd.sh @@ -21,16 +21,4 @@ test_expect_success 'Testing tomb with GnuPG keys: passwd' ' fi -if test_have_prereq SPHINX ORACLE; then - test_export "sphinx_test" # Using already generated tomb - test_expect_success 'Testing changing tomb password with sphinx' ' - tt passwd -f -k $tomb_key --unsafe \ - --tomb-old-pwd $DUMMYPASS --tomb-pwd $DUMMYPASSNEW \ - --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - tt passwd -f -k $tomb_key --unsafe \ - --tomb-old-pwd $DUMMYPASSNEW --tomb-pwd $DUMMYPASS \ - --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST - ' -fi - test_done diff --git a/extras/test/90_setkey.sh b/extras/test/90_setkey.sh index b91d6288..2ccfafc3 100755 --- a/extras/test/90_setkey.sh +++ b/extras/test/90_setkey.sh @@ -28,23 +28,4 @@ test_expect_success 'Testing tomb with GnuPG keys: setkey' ' ' fi -if test_have_prereq SPHINX ORACLE; then - test_export "sphinx_test" # Using already generated tomb - test_expect_success 'Testing set key (sphinx)' ' - tt forge -f -k $tomb_key_new --tomb-pwd $DUMMYPASS \ - --ignore-swap --unsafe --force \ - --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - tt setkey -f -k $tomb_key_new $tomb_key $tomb \ - --unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \ - --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - tt open -f -k $tomb_key_new $tomb \ - --unsafe --tomb-pwd $DUMMYPASS \ - --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && - print $DUMMYPASS \ - | gpg --batch --passphrase-fd 0 --no-tty --no-options -d $tomb_key_new \ - | xxd && - tt_close - ' -fi - test_done diff --git a/extras/test/setup b/extras/test/setup index 74c8bc4e..b4705b50 100755 --- a/extras/test/setup +++ b/extras/test/setup @@ -55,8 +55,6 @@ command -v lsof > /dev/null && test_set_prereq LSOF command -v python3 > /dev/null && test_set_prereq PYTHON3 command -v cloakify > /dev/null && test_set_prereq CLOAKIFY command -v decloakify > /dev/null && test_set_prereq DECLOAKIFY -command -v sphinx > /dev/null && test_set_prereq SPHINX -command -v oracle > /dev/null && test_set_prereq ORACLE command -v doas > /dev/null && test_set_prereq DOAS command -v argon2 > /dev/null && test_set_prereq ARGON2 @@ -80,10 +78,6 @@ fi export DUMMYPASS=test export DUMMYPASSNEW=changetest -# Dummy host and username for sphinx -export DUMMYHOST=example.com -export DUMMYUSER=user - # Test helpers diff --git a/extras/test/sphinx.cfg b/extras/test/sphinx.cfg deleted file mode 100644 index 19437223..00000000 --- a/extras/test/sphinx.cfg +++ /dev/null @@ -1,15 +0,0 @@ -[client] -verbose = False -address = 127.0.0.1 -port = 2355 -datadir = /tmp/.sphinx/ -ssl_cert = /etc/sphinx/server.crt - -[server] -verbose = False -address = 127.0.0.1 -port = 2355 -datadir = /tmp/.sphinx/ -keydir = /tmp/.sphinx/ -ssl_cert = /etc/sphinx/server.crt -ssl_key = /etc/sphinx/server.key