1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
import baseclass
import unittest
import storage.devicelibs.crypto as crypto
import tempfile
import os
class CryptoTestCase(baseclass.DevicelibsTestCase):
def testCrypto(self):
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(self._LOOP_DEV0), -22)
self.assertEqual(crypto.is_luks("/not/existing/device"), -22)
##
## luks_format
##
# pass
self.assertEqual(crypto.luks_format(self._LOOP_DEV0, passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256), None)
# make a key file
handle, keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "nobodyknows")
os.close(handle)
# format with key file
self.assertEqual(crypto.luks_format(self._LOOP_DEV1, key_file=keyfile), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_format, "/not/existing/device", passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256)
# no passhprase or key file
self.assertRaises(ValueError, crypto.luks_format, self._LOOP_DEV1, cipher="aes-cbc-essiv:sha256", key_size=256)
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(self._LOOP_DEV0), 0) # 0 = is luks
self.assertEqual(crypto.is_luks(self._LOOP_DEV1), 0)
##
## luks_add_key
##
# pass
self.assertEqual(crypto.luks_add_key(self._LOOP_DEV0, new_passphrase="another-secret", passphrase="secret"), None)
# make another key file
handle, new_keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "area51")
os.close(handle)
# add new key file
self.assertEqual(crypto.luks_add_key(self._LOOP_DEV1, new_key_file=new_keyfile, key_file=keyfile), None)
# fail
self.assertRaises(RuntimeError, crypto.luks_add_key, self._LOOP_DEV0, new_passphrase="another-secret", passphrase="wrong-passphrase")
##
## luks_remove_key
##
# fail
self.assertRaises(RuntimeError, crypto.luks_remove_key, self._LOOP_DEV0, del_passphrase="another-secret", passphrase="wrong-pasphrase")
# pass
self.assertEqual(crypto.luks_remove_key(self._LOOP_DEV0, del_passphrase="another-secret", passphrase="secret"), None)
# remove key file
self.assertEqual(crypto.luks_remove_key(self._LOOP_DEV1, del_key_file=new_keyfile, key_file=keyfile), None)
##
## luks_open
##
# pass
self.assertEqual(crypto.luks_open(self._LOOP_DEV0, "crypted", passphrase="secret"), None)
self.assertEqual(crypto.luks_open(self._LOOP_DEV1, "encrypted", key_file=keyfile), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", passphrase="secret")
self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", key_file=keyfile)
# no passhprase or key file
self.assertRaises(ValueError, crypto.luks_open, self._LOOP_DEV1, "another-crypted")
##
## luks_status
##
# pass
self.assertEqual(crypto.luks_status("crypted"), True)
self.assertEqual(crypto.luks_status("encrypted"), True)
self.assertEqual(crypto.luks_status("another-crypted"), False)
##
## luks_uuid
##
# pass
uuid = crypto.luks_uuid(self._LOOP_DEV0)
self.assertEqual(crypto.luks_uuid(self._LOOP_DEV0), uuid)
uuid = crypto.luks_uuid(self._LOOP_DEV1)
self.assertEqual(crypto.luks_uuid(self._LOOP_DEV1), uuid)
##
## luks_close
##
# pass
self.assertEqual(crypto.luks_close("crypted"), None)
self.assertEqual(crypto.luks_close("encrypted"), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_close, "wrong-name")
# already closed
self.assertRaises(crypto.CryptoError, crypto.luks_close, "crypted")
self.assertRaises(crypto.CryptoError, crypto.luks_close, "encrypted")
# cleanup
os.unlink(keyfile)
os.unlink(new_keyfile)
def suite():
return unittest.TestLoader().loadTestsFromTestCase(CryptoTestCase)
if __name__ == "__main__":
unittest.main()
|
