-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Add tests for all new functionality. That primarily includes v2 policy support in get_policy and set_policy; the new commands add_key, remove_key, and key_status; support for more encryption modes; and support for key sizes other than 64 bytes. - Update to Python 3, as Python 2 is no longer supported by python.org. - Change 'make test' to no longer require root. It now just accepts an empty directory on a filesystem that supports encryption. It no longer requires that it be a mountpoint, and it no longer unmount and remounts the filesystem. (Unmounting was used to test fully removing encryption keys for v1 policies, but that wasn't testing fscryptctl itself anyway, so having it in the fscryptctl test suite didn't add too much. And it's not needed for v2 policies.) - Change 'make test-setup' and 'make test-teardown' run sudo themselves, like they do in the Makefile for 'fscrypt', so that the user doesn't need to explicitly run them under 'sudo'. - Add 'make test-all' as shorthand for test-setup + test + test-teardown. - Support wrapping the fscryptctl binary with valgrind. - Bump the kernel requirement to run the tests up to 5.4 or later with support for the AES-128-CBC and Adiantum encryption modes enabled. We could skip tests that the kernel doesn't support, but that would take some extra work, and it's unclear that it would be worthwhile.
- Loading branch information
Showing
5 changed files
with
782 additions
and
225 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# | ||
# Copyright 2020 Google LLC | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not | ||
# use this file except in compliance with the License. You may obtain a copy of | ||
# the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
# License for the specific language governing permissions and limitations under | ||
# the License. | ||
# | ||
|
||
"""This program generates the key descriptors and key identifiers for the test | ||
keys in test.py.""" | ||
|
||
import hashlib | ||
import test | ||
|
||
# For HKDF-SHA512; see | ||
# https://www.pycryptodome.org/en/latest/src/protocol/kdf.html#hkdf | ||
import Crypto.Hash.SHA512 | ||
import Crypto.Protocol.KDF | ||
|
||
|
||
def compute_key_descriptor(raw): | ||
return hashlib.sha512(hashlib.sha512(raw).digest()).hexdigest()[:16] | ||
|
||
|
||
def compute_key_identifier(raw): | ||
return Crypto.Protocol.KDF.HKDF(raw, 16, "", Crypto.Hash.SHA512, | ||
context=b"fscrypt\0\1").hex() | ||
|
||
|
||
for key in test.TEST_KEYS: | ||
raw = key["raw"] | ||
descriptor = compute_key_descriptor(raw) | ||
identifier = compute_key_identifier(raw) | ||
if "descriptor" in key: | ||
assert descriptor == key["descriptor"] | ||
if "identifier" in key: | ||
assert identifier == key["identifier"] | ||
print("... = {") | ||
print(" raw: " + str(raw) + ",") | ||
print(' "descriptor": "' + descriptor + '",') | ||
print(' "identifier": "' + identifier + '",') | ||
print("}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.