diff options
| author | Richard Jones <rjones@redhat.com> | 2010-07-22 11:00:59 +0100 |
|---|---|---|
| committer | Richard Jones <rjones@redhat.com> | 2010-07-22 16:51:56 +0100 |
| commit | 945e569db64ab2608b21feba0aa94044c9835ac3 (patch) | |
| tree | 26f47a5537c954fd9bb69ff1311c56fa46c20fc1 /regressions | |
| parent | 2fd8c259d3daa88b0cdf98090bb57f3dbd178432 (diff) | |
| download | libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.tar.gz libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.tar.xz libguestfs-945e569db64ab2608b21feba0aa94044c9835ac3.zip | |
New APIs: Support for creating LUKS and managing keys.
This commit adds four APIs for creating new LUKS devices
and key management. These are:
luks_format Format a LUKS device with the default cipher.
luks_format_cipher Format with a chosen cipher.
luks_add_key Add another key to an existing device.
luks_kill_slot Delete a key from an existing device.
This enables all the significant functionality of the
cryptsetup luks* commands.
Note that you can obtain the UUID of a LUKS device already
by using vfs-uuid.
This also includes a regression test covering all the LUKS
functions.
Diffstat (limited to 'regressions')
| -rw-r--r-- | regressions/Makefile.am | 1 | ||||
| -rwxr-xr-x | regressions/test-luks.sh | 88 |
2 files changed, 89 insertions, 0 deletions
diff --git a/regressions/Makefile.am b/regressions/Makefile.am index ff003214..e0218bc1 100644 --- a/regressions/Makefile.am +++ b/regressions/Makefile.am @@ -34,6 +34,7 @@ TESTS = \ test-cancellation-download-librarycancels.sh \ test-cancellation-upload-daemoncancels.sh \ test-find0.sh \ + test-luks.sh \ test-lvm-filtering.sh \ test-lvm-mapping.pl \ test-noexec-stack.pl \ diff --git a/regressions/test-luks.sh b/regressions/test-luks.sh new file mode 100755 index 00000000..fe42d877 --- /dev/null +++ b/regressions/test-luks.sh @@ -0,0 +1,88 @@ +#!/bin/bash - +# libguestfs +# Copyright (C) 2010 Red Hat Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +# Test LUKS device creation, opening, key slots. + +set -e + +rm -f test1.img + +../fish/guestfish --keys-from-stdin <<EOF +sparse test1.img 1G +run +part-disk /dev/sda mbr + +# Create LUKS device with key "key0" in slot 0. +luks-format /dev/sda1 0 +key0 + +# Open the device. +luks-open /dev/sda1 lukstest +key0 + +# Put some LVM structures on the encrypted device. +pvcreate /dev/mapper/lukstest +vgcreate VG /dev/mapper/lukstest +lvcreate LV1 VG 64 +lvcreate LV2 VG 64 +vg-activate-all false + +# Close the device. +luks-close /dev/mapper/lukstest + +# Add keys in other slots. +luks-add-key /dev/sda1 1 +key0 +key1 +luks-add-key /dev/sda1 2 +key1 +key2 +luks-add-key /dev/sda1 3 +key2 +key3 + +# Check we can open the device with one of the new keys. +luks-open /dev/sda1 lukstest +key1 +luks-close /dev/mapper/lukstest +luks-open /dev/sda1 lukstest +key3 +luks-close /dev/mapper/lukstest + +# Remove a key. +luks-kill-slot /dev/sda1 1 +key0 + +# This is expected to fail. +-luks-open /dev/sda1 lukstest +key1 + +# Replace a key slot. +luks-kill-slot /dev/sda1 3 +key2 +luks-add-key /dev/sda1 3 +key2 +newkey3 + +luks-open /dev/sda1 lukstest +newkey3 +luks-close /dev/mapper/lukstest + +EOF + +rm -f test1.img |