def test_backup_passphrase(self): """Verify that a backup passphrase can be created for a device""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) escrow_dir = tempfile.mkdtemp(prefix='libblockdev_test_escrow') self.addCleanup(shutil.rmtree, escrow_dir) backup_passphrase = BlockDev.crypto_generate_backup_passphrase() with open(self.public_cert, 'rb') as cert_file: succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), escrow_dir, backup_passphrase) self.assertTrue(succ) # Find the backup passphrase escrow_backup_passphrase = "%s/%s-escrow-backup-passphrase" % ( escrow_dir, BlockDev.crypto_luks_uuid(self.loop_dev)) self.assertTrue(os.path.isfile(escrow_backup_passphrase)) # Check that the encrypted file contains what we put in env = {k: v for k, v in os.environ.items()} env.update({"LC_ALL": "C"}) passphrase = subprocess.check_output([ 'volume_key', '--secrets', '-d', self.nss_dir, escrow_backup_passphrase ], env=env) passphrase = passphrase.strip().split()[1].decode('ascii') self.assertEqual(passphrase, backup_passphrase) # Check that the backup passphrase works succ = BlockDev.crypto_luks_open(self.loop_dev, 'libblockdevTestLUKS', backup_passphrase, None) self.assertTrue(succ)
def test_generate_backup_passhprase(self): """Verify that backup passphrase generation works as expected""" exp = r"^([0-9A-Za-z./]{5}-){3}[0-9A-Za-z./]{5}$" for _i in range(100): bp = BlockDev.crypto_generate_backup_passphrase() six.assertRegex(self, bp, exp)
def test_backup_passphrase(self): """Verify that a backup passphrase can be created for a device""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) escrow_dir = tempfile.mkdtemp(prefix='libblockdev_test_escrow') self.addCleanup(shutil.rmtree, escrow_dir) backup_passphrase = BlockDev.crypto_generate_backup_passphrase() with open(self.public_cert, 'rb') as cert_file: succ = BlockDev.crypto_escrow_device(self.loop_dev, PASSWD, cert_file.read(), escrow_dir, backup_passphrase) self.assertTrue(succ) # Find the backup passphrase escrow_backup_passphrase = "%s/%s-escrow-backup-passphrase" % (escrow_dir, BlockDev.crypto_luks_uuid(self.loop_dev)) self.assertTrue(os.path.isfile(escrow_backup_passphrase)) # Check that the encrypted file contains what we put in env = os.environ env.update({"LC_ALL": "C"}) passphrase = subprocess.check_output( ['volume_key', '--secrets', '-d', self.nss_dir, escrow_backup_passphrase], env=env) passphrase = passphrase.strip().split()[1].decode('ascii') self.assertEqual(passphrase, backup_passphrase) # Check that the backup passphrase works succ = BlockDev.crypto_luks_open(self.loop_dev, 'libblockdevTestLUKS', backup_passphrase, None) self.assertTrue(succ)
def test_generate_backup_passhprase(self): """Verify that backup passphrase generation works as expected""" exp = r"([0-9A-Za-z./]{5}-)*[0-9A-Za-z./]{0,4}" bp = BlockDev.crypto_generate_backup_passphrase() self.assertRegexpMatches(bp, exp)