def _luks_open_close(self, create_fn): """Verify that opening/closing LUKS device works""" succ = create_fn(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open("/non/existing/device", "libblockdevTestLUKS", PASSWD, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, None, False) with six.assertRaisesRegex(self, GLib.GError, r"Incorrect passphrase"): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", "wrong-passhprase", None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, "wrong-keyfile", False) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_close("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, self.keyfile, False) self.assertTrue(succ) # use just the LUKS device name succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_open_rw(self, create_fn): """Verify that a LUKS device can be activated as RW as well as RO""" succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # tests that we can write something to the raw LUKS device succ = BlockDev.utils_exec_and_report_error([ "dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1" ]) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ) # now try the same with LUKS device opened as RO succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, True) self.assertTrue(succ) # tests that we can write something to the raw LUKS device with self.assertRaises(GLib.GError): BlockDev.utils_exec_and_report_error([ "dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1" ]) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_open_close(self): """Verify that opening/closing LUKS device works""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, self.keyfile, 0) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open("/non/existing/device", "libblockdevTestLUKS", PASSWD, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", "wrong-passhprase", None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, "wrong-keyfile", False) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_close("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, self.keyfile, False) self.assertTrue(succ) # use just the LUKS device name succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_open_rw(self): """Verify that a LUKS device can be activated as RW as well as RO""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # tests that we can write something to the raw LUKS device succ = BlockDev.utils_exec_and_report_error(["dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1"]) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ) # now try the same with LUKS device opened as RO succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, True) self.assertTrue(succ) # tests that we can write something to the raw LUKS device with self.assertRaises(GLib.GError): BlockDev.utils_exec_and_report_error(["dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1"]) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks2_integrity(self): """Verify that we can get create a LUKS 2 device with integrity""" if not BlockDev.utils_have_kernel_module("dm-integrity"): self.skipTest('dm-integrity kernel module not available, skipping.') extra = BlockDev.CryptoLUKSExtra() extra.integrity = "hmac(sha256)" succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 512, PASSWD, None, 0, BlockDev.CryptoLUKSVersion.LUKS2, extra) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) info = BlockDev.crypto_integrity_info("libblockdevTestLUKS") self.assertIsNotNone(info) self.assertEqual(info.algorithm, "hmac(sha256)") # get integrity device dm name _ret, int_name, _err = run_command('ls /sys/block/%s/holders/' % self.loop_dev.split("/")[-1]) self.assertTrue(int_name) # true == not empty tag_size = read_file("/sys/block/%s/integrity/tag_size" % int_name) self.assertEqual(info.tag_size, int(tag_size)) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks2_format(self): """Verify that we can get information about a LUKS 2 device""" extra = BlockDev.CryptoLUKSExtra() extra.sector_size = 4096 succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 256, PASSWD, None, 0, BlockDev.CryptoLUKSVersion.LUKS2, extra) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) info = BlockDev.crypto_luks_info("libblockdevTestLUKS") self.assertIsNotNone(info) self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS2) self.assertEqual(info.cipher, "aes") self.assertEqual(info.mode, "cbc-essiv:sha256") self.assertEqual(info.backing_device, self.loop_dev) self.assertEqual(info.sector_size, 4096) _ret, uuid, _err = run_command("blkid -p -ovalue -sUUID %s" % self.loop_dev) self.assertEqual(info.uuid, uuid) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_header_backup_restore(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) backup_file = os.path.join(self.backup_dir, "luks-header.txt") succ = BlockDev.crypto_luks_header_backup(self.loop_dev, backup_file) self.assertTrue(succ) self.assertTrue(os.path.isfile(backup_file)) # now completely destroy the luks header ret, out, err = run_command("cryptsetup erase %s -q && wipefs -a %s" % (self.loop_dev, self.loop_dev)) if ret != 0: self.fail("Failed to erase LUKS header from %s:\n%s %s" % (self.loop_dev, out, err)) _ret, fstype, _err = run_command("blkid -p -ovalue -sTYPE %s" % self.loop_dev) self.assertFalse(fstype) # false == empty # header is destroyed, should not be possible to open with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) # and restore the header back succ = BlockDev.crypto_luks_header_restore(self.loop_dev, backup_file) self.assertTrue(succ) _ret, fstype, _err = run_command("blkid -p -ovalue -sTYPE %s" % self.loop_dev) self.assertEqual(fstype, "crypto_LUKS") # opening should now work succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_kill_slot(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) succ = BlockDev.crypto_luks_add_key(self.loop_dev, PASSWD, None, PASSWD2, None) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot("/non/existing/device", -1) # invalid slot with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot(self.loop_dev, -1) # unused slot with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot(self.loop_dev, 2) # destroy second keyslot succ = BlockDev.crypto_luks_kill_slot(self.loop_dev, 1) self.assertTrue(succ) # opening with the second passphrase should fail with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD2) # opening with passphrase should still work succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_format(self): """Verify that we can get information about a LUKS device""" succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) info = BlockDev.crypto_luks_info("libblockdevTestLUKS") self.assertIsNotNone(info) self.assertEqual(info.version, BlockDev.CryptoLUKSVersion.LUKS1) self.assertEqual(info.cipher, "aes") self.assertEqual(info.mode, "cbc-essiv:sha256") self.assertEqual(info.backing_device, self.loop_dev) _ret, uuid, _err = run_command("blkid -p -ovalue -sUUID %s" % self.loop_dev) self.assertEqual(info.uuid, uuid) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks2_integrity(self): """Verify that we can get create a LUKS 2 device with integrity""" extra = BlockDev.CryptoLUKSExtra() extra.integrity = "hmac(sha256)" succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 512, PASSWD, None, 0, BlockDev.CryptoLUKSVersion.LUKS2, extra) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) info = BlockDev.crypto_integrity_info("libblockdevTestLUKS") self.assertIsNotNone(info) self.assertEqual(info.algorithm, "hmac(sha256)") # get integrity device dm name _ret, int_name, _err = run_command('ls /sys/block/%s/holders/' % self.loop_dev.split("/")[-1]) self.assertTrue(int_name) # true == not empty tag_size = read_file("/sys/block/%s/integrity/tag_size" % int_name) self.assertEqual(info.tag_size, int(tag_size)) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks2_resize(self): """Verify that resizing LUKS 2 device works""" # the simple case with password succ = self._luks2_format(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # resize without passphrase should fail if key is saved in keyring if self._get_key_location("libblockdevTestLUKS") == "keyring": with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024) # resize to 512 KiB (1024 * 512B sectors) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024, PASSWD) self.assertTrue(succ) # resize back to full size (using the keyfile) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 0, None, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks2_resize(self): """Verify that resizing LUKS 2 device works""" # the simple case with password succ = self._luks2_format(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # resize without passphrase should fail with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024) # resize to 512 KiB (1024 * 512B sectors) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024, PASSWD) self.assertTrue(succ) # resize back to full size (using the keyfile) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 0, None, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_status(self): """Verify that LUKS device status reporting works""" with self.assertRaises(GLib.GError): BlockDev.crypto_luks_status("/non/existing/device") succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper path status = BlockDev.crypto_luks_status("/dev/mapper/libblockdevTestLUKS") self.assertEqual(status, "active") # use just the LUKS device name status = BlockDev.crypto_luks_status("libblockdevTestLUKS") self.assertEqual(status, "active") succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_status("libblockdevTestLUKS")
def _luks_status(self, create_fn): """Verify that LUKS device status reporting works""" with self.assertRaises(GLib.GError): BlockDev.crypto_luks_status("/non/existing/device") succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper path status = BlockDev.crypto_luks_status("/dev/mapper/libblockdevTestLUKS") self.assertEqual(status, "active") # use just the LUKS device name status = BlockDev.crypto_luks_status("libblockdevTestLUKS") self.assertEqual(status, "active") succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_status("libblockdevTestLUKS")
def _luks_suspend_resume(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_suspend("/non/existing/device") # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_suspend("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) _ret, state, _err = run_command( "lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "suspended") with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, None) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", "wrong-passhprase", None) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, "wrong-keyfile") succ = BlockDev.crypto_luks_resume("libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) _ret, state, _err = run_command( "lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "running") # use just the LUKS device name succ = BlockDev.crypto_luks_suspend("libblockdevTestLUKS") self.assertTrue(succ) _ret, state, _err = run_command( "lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "suspended") succ = BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, self.keyfile) self.assertTrue(succ) _ret, state, _err = run_command( "lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "running") succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _clean_up(self): try: BlockDev.crypto_luks_close("libblockdevTestLUKS") except: pass succ = BlockDev.loop_teardown(self.loop_dev) if not succ: os.unlink(self.dev_file) raise RuntimeError("Failed to tear down loop device used for testing") os.unlink(self.dev_file) succ = BlockDev.loop_teardown(self.loop_dev2) if not succ: os.unlink(self.dev_file2) raise RuntimeError("Failed to tear down loop device used for testing") os.unlink(self.dev_file2) os.unlink(self.keyfile)
def _clean_up(self): try: BlockDev.crypto_luks_close("libblockdevTestLUKS") except: pass try: delete_lio_device(self.loop_dev) except RuntimeError: # just move on, we can do no better here pass os.unlink(self.dev_file) try: delete_lio_device(self.loop_dev2) except RuntimeError: # just move on, we can do no better here pass os.unlink(self.dev_file2) os.unlink(self.keyfile)
def _clean_up(self): try: BlockDev.crypto_luks_close("libblockdevTestLUKS") except: pass try: delete_lio_device(self.loop_dev) except RuntimeError: # just move on, we can do no better here pass os.unlink(self.dev_file) try: delete_lio_device(self.loop_dev2) except RuntimeError: # just move on, we can do no better here pass os.unlink(self.dev_file2) os.unlink(self.keyfile)
def test_luks_open_close(self): """Verify that opening/closing LUKS device works""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, self.keyfile, 0) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open("/non/existing/device", "libblockdevTestLUKS", PASSWD, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", "wrong-passhprase", None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, "wrong-keyfile", False) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_close("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, self.keyfile, False) self.assertTrue(succ) # use just the LUKS device name succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _clean_up(self): try: BlockDev.crypto_luks_close("libblockdevTestLUKS") except: pass succ = BlockDev.loop_teardown(self.loop_dev) if not succ: os.unlink(self.dev_file) raise RuntimeError( "Failed to tear down loop device used for testing") os.unlink(self.dev_file) succ = BlockDev.loop_teardown(self.loop_dev2) if not succ: os.unlink(self.dev_file2) raise RuntimeError( "Failed to tear down loop device used for testing") os.unlink(self.dev_file2) os.unlink(self.keyfile)
def _luks_open_close(self, create_fn): """Verify that opening/closing LUKS device works""" succ = create_fn(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open("/non/existing/device", "libblockdevTestLUKS", PASSWD, None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, None, False) with six.assertRaisesRegex(self, GLib.GError, r"Incorrect passphrase"): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", "wrong-passhprase", None, False) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, "wrong-keyfile", False) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_close("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", None, self.keyfile, False) self.assertTrue(succ) # use just the LUKS device name succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_open_rw(self): """Verify that opened LUKS device is usable (activated as RW)""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) # tests that we can write something to the raw LUKS device succ = BlockDev.utils_exec_and_report_error(["dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1"]) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_suspend_resume(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, self.keyfile) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_suspend("/non/existing/device") # use the full /dev/mapper/ path succ = BlockDev.crypto_luks_suspend("/dev/mapper/libblockdevTestLUKS") self.assertTrue(succ) _ret, state, _err = run_command("lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "suspended") with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, None) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", "wrong-passhprase", None) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, "wrong-keyfile") succ = BlockDev.crypto_luks_resume("libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) _ret, state, _err = run_command("lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "running") # use just the LUKS device name succ = BlockDev.crypto_luks_suspend("libblockdevTestLUKS") self.assertTrue(succ) _ret, state, _err = run_command("lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "suspended") succ = BlockDev.crypto_luks_resume("libblockdevTestLUKS", None, self.keyfile) self.assertTrue(succ) _ret, state, _err = run_command("lsblk -oSTATE -n /dev/mapper/libblockdevTestLUKS") self.assertEqual(state, "running") succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_resize(self): """Verify that resizing LUKS device works""" # the simple case with password succ = BlockDev.crypto_luks_format(self.loop_dev, "aes-cbc-essiv:sha256", 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # resize to 512 KiB (1024 * 512B sectors) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024) self.assertTrue(succ) # resize back to full size succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_open_rw(self): """Verify that opened LUKS device is usable (activated as RW)""" succ = BlockDev.crypto_luks_format(self.loop_dev, None, 0, PASSWD, None, 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) self.assertTrue(succ) # tests that we can write something to the raw LUKS device succ = BlockDev.utils_exec_and_report_error([ "dd", "if=/dev/zero", "of=/dev/mapper/libblockdevTestLUKS", "bs=1M", "count=1" ]) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_header_backup_restore(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) backup_file = os.path.join(self.backup_dir, "luks-header.txt") succ = BlockDev.crypto_luks_header_backup(self.loop_dev, backup_file) self.assertTrue(succ) self.assertTrue(os.path.isfile(backup_file)) # now completely destroy the luks header ret, out, err = run_command("cryptsetup erase %s -q && wipefs -a %s" % (self.loop_dev, self.loop_dev)) if ret != 0: self.fail("Failed to erase LUKS header from %s:\n%s %s" % (self.loop_dev, out, err)) _ret, fstype, _err = run_command("blkid -p -ovalue -sTYPE %s" % self.loop_dev) self.assertFalse(fstype) # false == empty # header is destroyed, should not be possible to open with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None) # and restore the header back succ = BlockDev.crypto_luks_header_restore(self.loop_dev, backup_file) self.assertTrue(succ) _ret, fstype, _err = run_command("blkid -p -ovalue -sTYPE %s" % self.loop_dev) self.assertEqual(fstype, "crypto_LUKS") # opening should now work succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def test_luks_resize(self): """Verify that resizing LUKS device works""" # the simple case with password succ = self._luks_format(self.loop_dev, PASSWD, None) self.assertTrue(succ) succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD, None, False) self.assertTrue(succ) # resize to 512 KiB (1024 * 512B sectors) succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 1024) self.assertTrue(succ) # resize back to full size succ = BlockDev.crypto_luks_resize("libblockdevTestLUKS", 0) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)
def _luks_kill_slot(self, create_fn): succ = create_fn(self.loop_dev, PASSWD, None) self.assertTrue(succ) succ = BlockDev.crypto_luks_add_key(self.loop_dev, PASSWD, None, PASSWD2, None) self.assertTrue(succ) with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot("/non/existing/device", -1) # invalid slot with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot(self.loop_dev, -1) # unused slot with self.assertRaises(GLib.GError): BlockDev.crypto_luks_kill_slot(self.loop_dev, 2) # destroy second keyslot succ = BlockDev.crypto_luks_kill_slot(self.loop_dev, 1) self.assertTrue(succ) # opening with the second passphrase should fail with self.assertRaises(GLib.GError): BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD2) # opening with passphrase should still work succ = BlockDev.crypto_luks_open(self.loop_dev, "libblockdevTestLUKS", PASSWD) self.assertTrue(succ) succ = BlockDev.crypto_luks_close("libblockdevTestLUKS") self.assertTrue(succ)