From 71d5debb7ac3918ca9456c59951a1bbea0e6e094 Mon Sep 17 00:00:00 2001 From: Jordan Borean Date: Mon, 2 Dec 2019 15:26:45 +1000 Subject: [PATCH] Changes to work on PSCore Linux --- AnsibleVault/Private/New-PBKDF2Key.ps1 | 35 +++++++++++++++++++-- Tests/Add-Pkcs7Padding.Tests.ps1 | 4 +-- Tests/Convert-ByteToHex.Tests.ps1 | 4 +-- Tests/Convert-HexToByte.Tests.ps1 | 4 +-- Tests/Get-DecryptedAnsibleVault.Tests.ps1 | 38 +++++++---------------- Tests/Get-EncryptedAnsibleVault.Tests.ps1 | 8 ++--- Tests/Get-HMACValue.Tests.ps1 | 8 ++--- Tests/Get-VaultHeader.Tests.ps1 | 6 ++-- Tests/Invoke-AESCTRCycle.Tests.ps1 | 6 ++-- Tests/Invoke-Win32Api.Tests.ps1 | 12 ++++--- Tests/New-PBKDF2Key.Tests.ps1 | 33 ++++++++++++++++---- Tests/New-VaultKey.Tests.ps1 | 8 ++--- Tests/Remove-Pkcs7Padding.Tests.ps1 | 4 +-- Tests/Split-Byte.Tests.ps1 | 4 +-- deploy.psdeploy.ps1 | 3 +- 15 files changed, 109 insertions(+), 68 deletions(-) diff --git a/AnsibleVault/Private/New-PBKDF2Key.ps1 b/AnsibleVault/Private/New-PBKDF2Key.ps1 index 8729549..7a37e61 100644 --- a/AnsibleVault/Private/New-PBKDF2Key.ps1 +++ b/AnsibleVault/Private/New-PBKDF2Key.ps1 @@ -1,4 +1,4 @@ -# Copyright: (c) 2018, Jordan Borean (@jborean93) +# Copyright: (c) 2018, Jordan Borean (@jborean93) # MIT License (see LICENSE or https://opensource.org/licenses/MIT) Function New-PBKDF2Key { @@ -61,6 +61,37 @@ Function New-PBKDF2Key { [Parameter(Mandatory=$true)] [UInt64]$Iterations ) + # Rfc2898DeriveBytes only allowed a custom hash algorithm in 4.6 or newer. We check to see whether the enum is + # available and fallback to PInvoking. + try { + $null = [System.Security.Cryptography.HashAlgorithmName] + $use_dotnet = $true + } catch [System.Management.Automation.RuntimeException] { + $use_dotnet = $false + } + + if ($use_dotnet) { + $algo = [System.Security.Cryptography.HashAlgorithmName]$Algorithm + $pass_ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($Password) + try { + $pass_str = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($pass_ptr) + $provider = New-Object -TypeName System.Security.Cryptography.Rfc2898DeriveBytes -ArgumentList @( + $pass_str, + $Salt, + $Iterations, + $algo + ) + try { + return $provider.GetBytes($Length) + } finally { + $provider.Dispose() + } + } finally { + [System.Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($pass_ptr) + } + } + + # Rfc2898DeriveBytes not available on older platforms, rely on PInvoke for this step. $return_codes = @{ "3221225485" = "An invalid parameter was passed to a service or function (STATUS_INVALID_PARAMETER 0xC0000000D)" "3221225480" = "An invalid HANDLE was specified (STATUS_INVALID_HANDLE 0xC0000008)" @@ -128,4 +159,4 @@ Function New-PBKDF2Key { } return [byte[]]$key -} \ No newline at end of file +} diff --git a/Tests/Add-Pkcs7Padding.Tests.ps1 b/Tests/Add-Pkcs7Padding.Tests.ps1 index 860acc4..a91d2a8 100644 --- a/Tests/Add-Pkcs7Padding.Tests.ps1 +++ b/Tests/Add-Pkcs7Padding.Tests.ps1 @@ -5,8 +5,8 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Convert-ByteToHex.Tests.ps1 b/Tests/Convert-ByteToHex.Tests.ps1 index b84fe78..d3e14ec 100644 --- a/Tests/Convert-ByteToHex.Tests.ps1 +++ b/Tests/Convert-ByteToHex.Tests.ps1 @@ -5,8 +5,8 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Convert-HexToByte.Tests.ps1 b/Tests/Convert-HexToByte.Tests.ps1 index ab21e35..23e80c4 100644 --- a/Tests/Convert-HexToByte.Tests.ps1 +++ b/Tests/Convert-HexToByte.Tests.ps1 @@ -5,8 +5,8 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Get-DecryptedAnsibleVault.Tests.ps1 b/Tests/Get-DecryptedAnsibleVault.Tests.ps1 index 4bc3ba6..d488cc6 100644 --- a/Tests/Get-DecryptedAnsibleVault.Tests.ps1 +++ b/Tests/Get-DecryptedAnsibleVault.Tests.ps1 @@ -1,4 +1,4 @@ -[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "", Justification="Need to create secure string from samples in tests")] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "", Justification="Need to create secure string from samples in tests")] param() $verbose = @{} @@ -8,7 +8,7 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { @@ -17,39 +17,23 @@ Describe "$module_name PS$ps_version tests" { It "Can decrypt vault with password " -TestCases @( @{ Vault = "small_1.1"; VaultSecret = 'password' } @{ Vault = "large_1.1"; VaultSecret = 'Ye^wS##X9qAC4lHDY^ajMvZ*IZrv47Px^hv2#&a8#$KncjKK^T8eJGWcH&Q@yaj4J7rP%ktyMeYTx!ZU2Ce&GeT$$vmSWRq4fqvs' } - @{ - Vault = "unicode_1.1"; - # Due to unique encoding issues with the test and PowerShell - # we revert to storing the password as a byte array and setting - # that as the secure string at runtime - VaultSecret = [byte[]]@( - 195, 162, 194, 157, 197, 146, 195, 162, - 197, 190, 226, 128, 147, 195, 162, 197, - 190, 226, 128, 162, 195, 162, 197, 190, - 226, 128, 147, 195, 162, 197, 190, 226, - 128, 162, 195, 162, 197, 190, 226, 128, - 147, 195, 162, 194, 173, 226, 128, 162) - } + @{ Vault = "unicode_1.1"; VaultSecret = '❌➖➕➖➕➖⭕' } @{ Vault = "dev_1.2"; VaultSecret = 'WsT2Wf!MnHctYXIQbI%xr$L8aid@fLTS6tA*' } ) { param ($Vault, $VaultSecret) - if ($VaultSecret -is [byte[]]) { - $VaultSecret = [System.Text.Encoding]::UTF8.GetString($VaultSecret) - } - - $vault_contents = Get-Content -Path "$PSScriptRoot\Resources\$Vault.vault" -Raw - $expected = (Get-Content -Path "$PSScriptRoot\Resources\$Vault.yml" -Raw).Replace("`r`n", "`n") + $vault_contents = Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', "$($Vault).vault")) -Raw + $expected = (Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', "$($Vault).yml")) -Raw).Replace("`r`n", "`n") $password = ConvertTo-SecureString -String $VaultSecret -AsPlainText -Force $actual = Get-DecryptedAnsibleVault -Value $vault_contents -Password $password $actual | Should -Be $expected - $actual = Get-DecryptedAnsibleVault -Path "$PSScriptRoot\Resources\$Vault.vault" -Password $password + $actual = Get-DecryptedAnsibleVault -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', "$($Vault).vault")) -Password $password $actual | Should -Be $expected # repeat again and make sure omitting -Path is for the path to a vault file - $actual = Get-DecryptedAnsibleVault "$PSScriptRoot\Resources\$Vault.vault" -Password $password + $actual = Get-DecryptedAnsibleVault ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', "$($Vault).vault")) -Password $password $actual | Should -Be $expected $actual = $vault_contents | Get-DecryptedAnsibleVault -Password $password @@ -58,9 +42,9 @@ Describe "$module_name PS$ps_version tests" { It "Can decrypt vault file in pwd not absolute path" { $password = ConvertTo-SecureString -String "password" -AsPlainText -Force $previous_pwd = (Get-Location).Path - Set-Location -Path $PSScriptRoot\Resources + Set-Location -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources')) - $expected = (Get-Content -Path "$PSScriptRoot\Resources\small_1.1.yml" -Raw).Replace("`r`n", "`n") + $expected = (Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', 'small_1.1.yml')) -Raw).Replace("`r`n", "`n") $actual = Get-DecryptedAnsibleVault -Path "small_1.1.vault" -Password $password Set-Location -Path $previous_pwd $actual | Should -Be $expected @@ -78,7 +62,7 @@ Describe "$module_name PS$ps_version tests" { ) { param ($Version) - $vault_contents = Get-Content -Path "$PSScriptRoot\Resources\small_1.1.vault" -Raw + $vault_contents = Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', 'small_1.1.vault')) -Raw $vault_contents = "`$ANSIBLE_VAULT;$Version;AES256`n" + $vault_contents.Substring(31) $password = ConvertTo-SecureString -String "pass" -AsPlainText -Force @@ -87,7 +71,7 @@ Describe "$module_name PS$ps_version tests" { } It "Throw exception on invalid password" { - $vault_contents = Get-Content -Path "$PSScriptRoot\Resources\small_1.1.vault" -Raw + $vault_contents = Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', 'small_1.1.vault')) -Raw $password = ConvertTo-SecureString -String "invalid_pass" -AsPlainText -Force { Get-DecryptedAnsibleVault -Value $vault_contents -Password $password } | Should -Throw "HMAC verification failed, was the wrong password entered?" diff --git a/Tests/Get-EncryptedAnsibleVault.Tests.ps1 b/Tests/Get-EncryptedAnsibleVault.Tests.ps1 index 16dfd52..50e7927 100644 --- a/Tests/Get-EncryptedAnsibleVault.Tests.ps1 +++ b/Tests/Get-EncryptedAnsibleVault.Tests.ps1 @@ -8,7 +8,7 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { @@ -22,7 +22,7 @@ Describe "$module_name PS$ps_version tests" { ) { param ($Vault, $VaultSecret) - $path = "$PSScriptRoot\Resources\$Vault.yml" + $path = [System.IO.Path]::Combine($PSScriptRoot, 'Resources', "$($Vault).yml") $plaintext = (Get-Content -Path $path -Raw).Replace("`r`n", "`n") $password = ConvertTo-SecureString -String $VaultSecret -AsPlainText -Force @@ -85,13 +85,13 @@ Describe "$module_name PS$ps_version tests" { It "Can encrypt a vault file in the pwd" { $password = ConvertTo-SecureString -String "password" -AsPlainText -Force $previous_pwd = (Get-Location).Path - Set-Location -Path $PSScriptRoot\Resources + Set-Location -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources')) $actual = Get-EncryptedAnsibleVault -Path "small_1.1.yml" -Password $password Set-Location -Path $previous_pwd $actual | Should -BeLike '$ANSIBLE_VAULT;1.1;AES256*' $dec_actual = $actual | Get-DecryptedAnsibleVault -Password $password - $dec_actual | Should -Be (Get-Content -Path "$PSScriptRoot\Resources\small_1.1.yml" -Raw) + $dec_actual | Should -Be (Get-Content -Path ([System.IO.Path]::Combine($PSScriptRoot, 'Resources', 'small_1.1.yml')) -Raw) } } } diff --git a/Tests/Get-HMACValue.Tests.ps1 b/Tests/Get-HMACValue.Tests.ps1 index f3922d2..c4782e9 100644 --- a/Tests/Get-HMACValue.Tests.ps1 +++ b/Tests/Get-HMACValue.Tests.ps1 @@ -5,10 +5,10 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Convert-HexToByte.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Convert-ByteToHex.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Convert-HexToByte.ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Convert-ByteToHex.ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Get-VaultHeader.Tests.ps1 b/Tests/Get-VaultHeader.Tests.ps1 index bec2c5e..874d261 100644 --- a/Tests/Get-VaultHeader.Tests.ps1 +++ b/Tests/Get-VaultHeader.Tests.ps1 @@ -5,9 +5,9 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Convert-HexToByte.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Convert-HexToByte.ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Invoke-AESCTRCycle.Tests.ps1 b/Tests/Invoke-AESCTRCycle.Tests.ps1 index fb50c52..d29a694 100644 --- a/Tests/Invoke-AESCTRCycle.Tests.ps1 +++ b/Tests/Invoke-AESCTRCycle.Tests.ps1 @@ -5,9 +5,9 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Convert-HexToByte.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Convert-HexToByte.ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Invoke-Win32Api.Tests.ps1 b/Tests/Invoke-Win32Api.Tests.ps1 index 90ed3ad..7bcf8af 100644 --- a/Tests/Invoke-Win32Api.Tests.ps1 +++ b/Tests/Invoke-Win32Api.Tests.ps1 @@ -3,10 +3,14 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $verbose.Add("Verbose", $true) } +# Tests won't run on Linux so skip +$is_windows = Get-Variable -Name IsWindows -ErrorAction SilentlyContinue +$skip = $null -ne $is_windows -and $is_windows.Value -eq $false + $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { @@ -16,7 +20,7 @@ Describe "$module_name PS$ps_version tests" { { Invoke-Win32Api -DllName a.dll -MethodName a -ReturnType bool -ParameterTypes @([int]) -Parameters @() } | Should -Throw "ParameterType Count 1 not equal to Parameter Count 0" } - It 'invoke API that returns a handle' { + It 'invoke API that returns a handle' -Skip:$skip { $test_file_path = "$PSScriptRoot\Resources\test-deleteme.txt" if (-not (Test-Path -Path $test_file_path)) { New-Item -Path $test_file_path -ItemType File > $null @@ -54,7 +58,7 @@ Describe "$module_name PS$ps_version tests" { } } - It 'invoke API with output strings' { + It 'invoke API with output strings' -Skip:$skip { $sid_string = "S-1-5-18" $sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $sid_string $sid_bytes = New-Object -TypeName byte[] -ArgumentList $sid.BinaryLength diff --git a/Tests/New-PBKDF2Key.Tests.ps1 b/Tests/New-PBKDF2Key.Tests.ps1 index 33f3451..a99e7bf 100644 --- a/Tests/New-PBKDF2Key.Tests.ps1 +++ b/Tests/New-PBKDF2Key.Tests.ps1 @@ -1,4 +1,5 @@ [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "", Justification="Need to create secure string from samples in tests")] +[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingEmptyCatchBlock", "", Justification="Need to detect the .NET version for Salt length skipping")] param() $verbose = @{} @@ -8,10 +9,10 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Convert-ByteToHex.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Invoke-Win32Api.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Convert-HexToByte.ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Invoke-Win32Api.ps1")) Describe "$module_name PS$ps_version tests" { @@ -120,6 +121,14 @@ Describe "$module_name PS$ps_version tests" { ){ param($Algorithm, $Secret, $Salt, $Iterations, $Length, $Expected) + try { + # .NET Fails if the Salt is less than 8 chars even though it is valid, just need to skip those tests + [System.Security.Cryptography.HashAlgorithmName] > $null + if ($Salt.Length -lt 8) { + return + } + } catch [System.Management.Automation.RuntimeException] {} + $sec_pass = ConvertTo-SecureString -String $Secret -AsPlainText -Force $salt_bytes = [System.Text.Encoding]::UTF8.GetBytes($Salt) $actual = New-PBKDF2Key -Algorithm $Algorithm ` @@ -133,12 +142,24 @@ Describe "$module_name PS$ps_version tests" { It 'fail with invalid algorithm' { $sec_pass = ConvertTo-SecureString -String "a" -AsPlainText -Force - { New-PBKDF2Key -Algorithm "fake" -Password $sec_pass -Salt ([byte[]]@(1)) -Length 1 -Iterations 0 } | Should -Throw "Failed to open algorithm provider with ID 'fake': The object was not found (STATUS_NOT_FOUND 0xC0000225)" + try { + [System.Security.Cryptography.HashAlgorithmName] > $null + $expected = "'fake' is not a known hash algorithm" + } catch [System.Management.Automation.RuntimeException] { + $expected = "Failed to open algorithm provider with ID 'fake': The object was not found (STATUS_NOT_FOUND 0xC0000225)" + } + { New-PBKDF2Key -Algorithm "fake" -Password $sec_pass -Salt ([byte[]]@(1, 2, 3, 4, 5, 6, 7, 8)) -Length 1 -Iterations 1 } | Should -Throw $expected } It 'failed to generate key with invalid parameters' { $sec_pass = ConvertTo-SecureString -String "a" -AsPlainText -Force - { New-PBKDF2Key -Algorithm SHA256 -Password $sec_pass -Salt ([byte[]]@(1)) -Length 0 -Iterations 0 } | Should -Throw "Failed to derive key: An invalid parameter was passed to a service or function (STATUS_INVALID_PARAMETER 0xC0000000D)" + try { + [System.Security.Cryptography.HashAlgorithmName] > $null + $expected = "Positive number required" + } catch [System.Management.Automation.RuntimeException] { + $expected = "Failed to derive key: An invalid parameter was passed to a service or function (STATUS_INVALID_PARAMETER 0xC0000000D)" + } + { New-PBKDF2Key -Algorithm SHA256 -Password $sec_pass -Salt ([byte[]]@(1, 2, 3, 4, 5, 6, 7, 8)) -Length 1 -Iterations 0 } | Should -Throw $expected } } } diff --git a/Tests/New-VaultKey.Tests.ps1 b/Tests/New-VaultKey.Tests.ps1 index 3f5820c..789dd00 100644 --- a/Tests/New-VaultKey.Tests.ps1 +++ b/Tests/New-VaultKey.Tests.ps1 @@ -8,10 +8,10 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\New-PBKDF2Key.ps1 -. $PSScriptRoot\..\AnsibleVault\Private\Invoke-Win32Api.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "New-PBKDF2Key.ps1")) +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "Invoke-Win32Api.ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Remove-Pkcs7Padding.Tests.ps1 b/Tests/Remove-Pkcs7Padding.Tests.ps1 index 645c299..1f0e828 100644 --- a/Tests/Remove-Pkcs7Padding.Tests.ps1 +++ b/Tests/Remove-Pkcs7Padding.Tests.ps1 @@ -5,8 +5,8 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/Tests/Split-Byte.Tests.ps1 b/Tests/Split-Byte.Tests.ps1 index d274efd..b43af5d 100644 --- a/Tests/Split-Byte.Tests.ps1 +++ b/Tests/Split-Byte.Tests.ps1 @@ -5,8 +5,8 @@ if ($env:APPVEYOR_REPO_BRANCH -and $env:APPVEYOR_REPO_BRANCH -notlike "master") $ps_version = $PSVersionTable.PSVersion.Major $module_name = $MyInvocation.MyCommand.Name.Replace(".Tests.ps1", "") -Import-Module -Name $PSScriptRoot\..\AnsibleVault -Force -. $PSScriptRoot\..\AnsibleVault\Private\$module_name.ps1 +Import-Module -Name ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault')) -Force +. ([System.IO.Path]::Combine($PSScriptRoot, '..', 'AnsibleVault', 'Private', "$($module_name).ps1")) Describe "$module_name PS$ps_version tests" { Context 'Strict mode' { diff --git a/deploy.psdeploy.ps1 b/deploy.psdeploy.ps1 index 7a6a2c3..aa2d74f 100644 --- a/deploy.psdeploy.ps1 +++ b/deploy.psdeploy.ps1 @@ -26,7 +26,8 @@ if( $env:BHPSModulePath -and $env:BHBuildSystem -ne 'Unknown' -and $env:BHBranchName -eq "master" -and - $tag_commit + $tag_commit -and + $PSVersionTable.PSVersion.Major -gt 5 ) { Deploy Module {