def testCryptoOpen(self):
_LOOP_DEV0 = self._loopMap[self._LOOP_DEVICES[0]]
_LOOP_DEV1 = self._loopMap[self._LOOP_DEVICES[1]]
_name0 = self._names[self._LOOP_DEVICES[0]]
_name1 = self._names[self._LOOP_DEVICES[1]]
##
## luks_format
##
# pass
self.assertEqual(
crypto.luks_format(_LOOP_DEV0,
passphrase="secret",
cipher="aes-cbc-essiv:sha256",
key_size=256), None)
self.assertEqual(
crypto.luks_format(_LOOP_DEV1,
passphrase="hidden",
cipher="aes-cbc-essiv:sha256",
key_size=256), None)
##
## luks_open
##
# pass
self.assertEqual(
crypto.luks_open(_LOOP_DEV0, _name0, passphrase="secret"), None)
self.assertEqual(
crypto.luks_open(_LOOP_DEV1, _name1, passphrase="hidden"), None)
##
## luks_status
##
# pass
self.assertEqual(crypto.luks_status(_name0), 2)
self.assertEqual(crypto.luks_status(_name1), 2)
##
## luks_uuid
##
# pass
uuid = crypto.luks_uuid(_LOOP_DEV0)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV0), uuid)
uuid = crypto.luks_uuid(_LOOP_DEV1)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV1), uuid)
##
## luks_close
##
# pass
self.assertEqual(crypto.luks_close(_name0), None)
self.assertEqual(crypto.luks_close(_name1), None)
# already closed
self.assertRaisesRegexp(IOError, "Device cannot be opened",
crypto.luks_close, "crypted")
self.assertRaisesRegexp(IOError, "Device cannot be opened",
crypto.luks_close, "encrypted")
def testCryptoOpen(self):
_LOOP_DEV0 = self._loopMap[self._LOOP_DEVICES[0]]
_LOOP_DEV1 = self._loopMap[self._LOOP_DEVICES[1]]
_name0 = self._names[self._LOOP_DEVICES[0]]
_name1 = self._names[self._LOOP_DEVICES[1]]
##
## luks_format
##
# pass
self.assertEqual(crypto.luks_format(_LOOP_DEV0, passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256), None)
self.assertEqual(crypto.luks_format(_LOOP_DEV1, passphrase="hidden", cipher="aes-cbc-essiv:sha256", key_size=256), None)
##
## luks_open
##
# pass
self.assertEqual(crypto.luks_open(_LOOP_DEV0, _name0, passphrase="secret"), None)
self.assertEqual(crypto.luks_open(_LOOP_DEV1, _name1, passphrase="hidden"), None)
##
## luks_status
##
# pass
self.assertEqual(crypto.luks_status(_name0), 2)
self.assertEqual(crypto.luks_status(_name1), 2)
##
## luks_uuid
##
# pass
uuid = crypto.luks_uuid(_LOOP_DEV0)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV0), uuid)
uuid = crypto.luks_uuid(_LOOP_DEV1)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV1), uuid)
##
## luks_close
##
# pass
self.assertEqual(crypto.luks_close(_name0), None)
self.assertEqual(crypto.luks_close(_name1), None)
# already closed
self.assertRaisesRegexp(IOError,
"Device cannot be opened",
crypto.luks_close,
"crypted")
self.assertRaisesRegexp(IOError,
"Device cannot be opened",
crypto.luks_close,
"encrypted")
def testCryptoMisc(self):
_LOOP_DEV0 = self.loopDevices[0]
_LOOP_DEV1 = self.loopDevices[1]
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), -22)
with self.assertRaisesRegexp(IOError, "Device cannot be opened"):
crypto.is_luks("/not/existing/device")
##
## luks_format
##
# pass
self.assertEqual(crypto.luks_format(_LOOP_DEV0, passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256), None)
self.assertEqual(crypto.is_luks(_LOOP_DEV0), 0)
# make a key file
handle, keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "nobodyknows")
os.close(handle)
# format with key file
with self.assertRaisesRegexp(ValueError, "requires passphrase"):
crypto.luks_format(_LOOP_DEV1, key_file=keyfile)
# fail
with self.assertRaisesRegexp(IOError, "Device cannot be opened"):
crypto.luks_format("/not/existing/device", passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256)
# no passhprase or key file
with self.assertRaisesRegexp(ValueError, "requires passphrase"):
crypto.luks_format(_LOOP_DEV1, cipher="aes-cbc-essiv:sha256", key_size=256)
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), 0) # 0 = is luks
self.assertEqual(crypto.is_luks(_LOOP_DEV1), -22)
##
## luks_add_key
##
# pass
self.assertEqual(crypto.luks_add_key(_LOOP_DEV0, new_passphrase="another-secret", passphrase="secret"), None)
# fail
with self.assertRaisesRegexp(CryptoError, "luks add key failed"):
crypto.luks_add_key(_LOOP_DEV0, new_passphrase="another-secret", passphrase="wrong-passphrase")
##
## luks_remove_key
##
# fail
with self.assertRaisesRegexp(CryptoError, "luks remove key failed"):
crypto.luks_remove_key(_LOOP_DEV0, del_passphrase="another-secret", passphrase="wrong-pasphrase")
# pass
self.assertEqual(crypto.luks_remove_key(_LOOP_DEV0, del_passphrase="another-secret", passphrase="secret"), None)
# fail
with self.assertRaisesRegexp(IOError, "Device cannot be opened"):
crypto.luks_open("/not/existing/device", "another-crypted", passphrase="secret")
# no passhprase or key file
with self.assertRaisesRegexp(ValueError, "luks_format requires passphrase"):
crypto.luks_open(_LOOP_DEV1, "another-crypted")
with self.assertRaisesRegexp(IOError, "Device cannot be opened"):
crypto.luks_status("another-crypted")
with self.assertRaisesRegexp(IOError, "Device cannot be opened"):
crypto.luks_close("wrong-name")
# cleanup
os.unlink(keyfile)
def testCrypto(self):
_LOOP_DEV0 = self._loopMap[self._LOOP_DEVICES[0]]
_LOOP_DEV1 = self._loopMap[self._LOOP_DEVICES[1]]
import blivet.devicelibs.crypto as crypto
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), -22)
self.assertEqual(crypto.is_luks("/not/existing/device"), -22)
##
## luks_format
##
# pass
self.assertEqual(crypto.luks_format(_LOOP_DEV0, passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256), None)
# make a key file
handle, keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "nobodyknows")
os.close(handle)
# format with key file
self.assertEqual(crypto.luks_format(_LOOP_DEV1, key_file=keyfile), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_format, "/not/existing/device", passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256)
# no passhprase or key file
self.assertRaises(ValueError, crypto.luks_format, _LOOP_DEV1, cipher="aes-cbc-essiv:sha256", key_size=256)
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), 0) # 0 = is luks
self.assertEqual(crypto.is_luks(_LOOP_DEV1), 0)
##
## luks_add_key
##
# pass
self.assertEqual(crypto.luks_add_key(_LOOP_DEV0, new_passphrase="another-secret", passphrase="secret"), None)
# make another key file
handle, new_keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "area51")
os.close(handle)
# add new key file
self.assertEqual(crypto.luks_add_key(_LOOP_DEV1, new_key_file=new_keyfile, key_file=keyfile), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_add_key, _LOOP_DEV0, new_passphrase="another-secret", passphrase="wrong-passphrase")
##
## luks_remove_key
##
# fail
self.assertRaises(RuntimeError, crypto.luks_remove_key, _LOOP_DEV0, del_passphrase="another-secret", passphrase="wrong-pasphrase")
# pass
self.assertEqual(crypto.luks_remove_key(_LOOP_DEV0, del_passphrase="another-secret", passphrase="secret"), None)
# remove key file
self.assertEqual(crypto.luks_remove_key(LOOP_DEV1, del_key_file=new_keyfile, key_file=keyfile), None)
##
## luks_open
##
# pass
self.assertEqual(crypto.luks_open(_LOOP_DEV0, "crypted", passphrase="secret"), None)
self.assertEqual(crypto.luks_open(_LOOP_DEV1, "encrypted", key_file=keyfile), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", passphrase="secret")
self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", key_file=keyfile)
# no passhprase or key file
self.assertRaises(ValueError, crypto.luks_open, _LOOP_DEV1, "another-crypted")
##
## luks_status
##
# pass
self.assertEqual(crypto.luks_status("crypted"), True)
self.assertEqual(crypto.luks_status("encrypted"), True)
self.assertEqual(crypto.luks_status("another-crypted"), False)
##
## luks_uuid
##
# pass
uuid = crypto.luks_uuid(_LOOP_DEV0)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV0), uuid)
uuid = crypto.luks_uuid(_LOOP_DEV1)
self.assertEqual(crypto.luks_uuid(_LOOP_DEV1), uuid)
##
## luks_close
##
# pass
self.assertEqual(crypto.luks_close("crypted"), None)
self.assertEqual(crypto.luks_close("encrypted"), None)
# fail
self.assertRaises(crypto.CryptoError, crypto.luks_close, "wrong-name")
# already closed
self.assertRaises(crypto.CryptoError, crypto.luks_close, "crypted")
self.assertRaises(crypto.CryptoError, crypto.luks_close, "encrypted")
# cleanup
os.unlink(keyfile)
os.unlink(new_keyfile)
def testCryptoMisc(self):
_LOOP_DEV0 = self._loopMap[self._LOOP_DEVICES[0]]
_LOOP_DEV1 = self._loopMap[self._LOOP_DEVICES[1]]
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), -22)
self.assertRaisesRegexp(IOError, "Device cannot be opened",
crypto.is_luks, "/not/existing/device")
##
## luks_format
##
# pass
self.assertEqual(
crypto.luks_format(_LOOP_DEV0,
passphrase="secret",
cipher="aes-cbc-essiv:sha256",
key_size=256), None)
self.assertEqual(crypto.is_luks(_LOOP_DEV0), 0)
# make a key file
handle, keyfile = tempfile.mkstemp(prefix="key", text=False)
os.write(handle, "nobodyknows")
os.close(handle)
# format with key file
self.assertRaisesRegexp(ValueError,
"requires passphrase",
crypto.luks_format,
_LOOP_DEV1,
key_file=keyfile)
# fail
self.assertRaisesRegexp(IOError,
"Device cannot be opened",
crypto.luks_format,
"/not/existing/device",
passphrase="secret",
cipher="aes-cbc-essiv:sha256",
key_size=256)
# no passhprase or key file
self.assertRaisesRegexp(ValueError,
"requires passphrase",
crypto.luks_format,
_LOOP_DEV1,
cipher="aes-cbc-essiv:sha256",
key_size=256)
##
## is_luks
##
# pass
self.assertEqual(crypto.is_luks(_LOOP_DEV0), 0) # 0 = is luks
self.assertEqual(crypto.is_luks(_LOOP_DEV1), -22)
##
## luks_add_key
##
# pass
self.assertEqual(
crypto.luks_add_key(_LOOP_DEV0,
new_passphrase="another-secret",
passphrase="secret"), None)
# fail
self.assertRaisesRegexp(CryptoError,
"luks add key failed",
crypto.luks_add_key,
_LOOP_DEV0,
new_passphrase="another-secret",
passphrase="wrong-passphrase")
##
## luks_remove_key
##
# fail
self.assertRaisesRegexp(CryptoError,
"luks remove key failed",
crypto.luks_remove_key,
_LOOP_DEV0,
del_passphrase="another-secret",
passphrase="wrong-pasphrase")
# pass
self.assertEqual(
crypto.luks_remove_key(_LOOP_DEV0,
del_passphrase="another-secret",
passphrase="secret"), None)
# fail
self.assertRaisesRegexp(IOError,
"Device cannot be opened",
crypto.luks_open,
"/not/existing/device",
"another-crypted",
passphrase="secret")
# no passhprase or key file
self.assertRaisesRegexp(ValueError, "luks_format requires passphrase",
crypto.luks_open, _LOOP_DEV1,
"another-crypted")
self.assertRaisesRegexp(IOError, "Device cannot be opened",
crypto.luks_status, "another-crypted")
self.assertRaisesRegexp(IOError, "Device cannot be opened",
crypto.luks_close, "wrong-name")
# cleanup
os.unlink(keyfile)
