#!/bin/bash
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# File: ./tests/Sanity/basic-sanity/runtest.sh
# Author: Jan Blazek <jblazek@redhat.com>
# Jiri Kucera <jkucera@redhat.com>
# Brief: Basic sanity test for volume_key utility
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2017-2020 Red Hat, Inc.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 2 of
# the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see http://www.gnu.org/licenses/.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)"
# Include Beaker environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
# Include utils
. ${_TESTDIR}/../../utils/utils.sh || {
echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2
exit 1
}
# Include test settings:
. ${_TESTDIR}/../../settings/environment.sh || {
errmsg "${_TESTDIR}/../../settings/environment.sh cannot be included."
exit 1
}
PACKAGES="${PACKAGES:-volume_key}"
REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}"
_GNUPG_DIR="${HOME}/.gnupg"
_IMAGE="image"
_IMAGE_IMG="${_IMAGE}.img"
_PACKET="packet"
_NEW_PACKET="new-packet"
_PACKET_ASYM="packet-asym"
_NEW_PACKET_ASYM="new-packet-asym"
_ESCROW="escrow"
_ESCROW_KEY="${_ESCROW}.key"
_ESCROW_CERT="${_ESCROW}.cert"
_ESCROW_PEM="${_ESCROW}.pem"
_ESCROW_P12="${_ESCROW}.p12"
_NSSDB="nssdb"
_LUKS_PASS="lukspass"
_PACKET_PASS="packetpass"
_NEW_PACKET_PASS="newpacketpass"
_CERT_PASS="certpass"
_NEW_LUKS_PASS="newlukspass"
_NEW_LUKS_PASS_ASYM="newlukspass-asym"
_TEMP_DIR=""
_VOLUME=""
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Setup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Setup() {
LANG=C
LC_ALL=C
rlAssertRpm --all || return $?
if [[ -d "${_GNUPG_DIR}" ]]; then
rlFileBackup "${_GNUPG_DIR}" || return $?
AtCleanup rlFileRestore
else
AtCleanup Cleanup_RemoveGnuPG
fi
rlRun CreateTemporaryDirectory || return $?
_TEMP_DIR="${Result}"
AtCleanup Cleanup_RemoveTemporaryDirectory
PushDir "${_TEMP_DIR}" || return $?
AtCleanup PopDir
CreateEncryptedVolume \
--image "${_IMAGE_IMG}" \
--password "${_LUKS_PASS}" \
${USE_LOSETUP:+--with-losetup} \
|| return $?
_VOLUME="${Result}"
AtCleanup Cleanup_DestroyVolume
CreateCertificate --name "${_ESCROW}" || return $?
SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \
--cert-name "${_ESCROW}" --password "${_CERT_PASS}"
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Cleanup
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function Cleanup_RemoveGnuPG() {
RunCmd rm -rfv "${_GNUPG_DIR}"
}
function Cleanup_RemoveTemporaryDirectory() {
RunCmd rm -rfv "${_TEMP_DIR}"
}
function Cleanup_DestroyVolume() {
if [[ "${USE_LOSETUP:+yes}" == "yes" ]]; then
RunCmd losetup -d "${_VOLUME}"
fi
}
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~ Tests
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
function TestVolumeKeySave() {
RunCmdX 0 \
"volume_key --save ${_VOLUME} --output-format=passphrase -o ${_PACKET}" \
${SCRIPTDIR}/volume_key.exp -- \
--password1 "${_LUKS_PASS}" --password2 "${_PACKET_PASS}" \
${USING_PINENTRY:+--pinentry} -- \
--save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}"
}
AddTest TestVolumeKeySave "save"
function TestVolumeKeyRestore() {
ClearGpgAgentsCache
RunCmdX 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \
${SCRIPTDIR}/volume_key.exp -- \
--password1 "${_PACKET_PASS}" --password2 "${_NEW_LUKS_PASS}" \
${USING_PINENTRY:+--pinentry} -- \
--restore "${_VOLUME}" "${_PACKET}" \
|| return $?
RunCmdX 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \
${SCRIPTDIR}/cryptsetup.exp -- --password "${_NEW_LUKS_PASS}" -- \
luksOpen "${_VOLUME}" "${_IMAGE}" \
|| return $?
RunCmd ls -la /dev/mapper
rlAssertExists "/dev/mapper/${_IMAGE}"
RunCmd cryptsetup luksClose "${_IMAGE}"
}
AddTest TestVolumeKeyRestore "restore"
RunTest