You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
102 lines
4.1 KiB
102 lines
4.1 KiB
6 months ago
|
From c42a85ba710d4c0e60a97ecb6003825979351dab Mon Sep 17 00:00:00 2001
|
||
|
From: OMOJOLA JOSHUA DAMILOLA <omojolajoshua@gmail.com>
|
||
|
Date: Mon, 27 Mar 2023 15:24:03 +0000
|
||
|
Subject: [PATCH] added more test cases
|
||
|
|
||
|
(cherry picked from commit e2a4411a2b683e3e5b78c1d4931b5e1029d3ba6e)
|
||
|
|
||
|
Related: RHEL-16182
|
||
|
---
|
||
|
test/units/testsuite-70.sh | 78 ++++++++++++++++++++++++++++++++++++++
|
||
|
1 file changed, 78 insertions(+)
|
||
|
|
||
|
diff --git a/test/units/testsuite-70.sh b/test/units/testsuite-70.sh
|
||
|
index 2c405bccbb..19768ef7bf 100755
|
||
|
--- a/test/units/testsuite-70.sh
|
||
|
+++ b/test/units/testsuite-70.sh
|
||
|
@@ -191,6 +191,84 @@ systemd-creds encrypt /tmp/testdata /tmp/testdata.encrypted --with-key=tpm2
|
||
|
systemd-run -p PrivateDevices=yes -p LoadCredentialEncrypted=testdata.encrypted:/tmp/testdata.encrypted --pipe --wait systemd-creds cat testdata.encrypted | cmp - /tmp/testdata
|
||
|
rm /tmp/testdata
|
||
|
|
||
|
+# negative tests for cryptenroll
|
||
|
+
|
||
|
+# Prepare a new disk image
|
||
|
+img_2="/var/tmp/file_enroll.txt"
|
||
|
+truncate -s 20M $img_2
|
||
|
+echo -n password >/tmp/password
|
||
|
+cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom $img_2 /tmp/password
|
||
|
+
|
||
|
+#boolean_arguments
|
||
|
+ret="$(! systemd-cryptenroll --fido2-with-client-pin=false 2> >(grep "No block device node specified"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo 2> >(grep "Too many arguments"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --fido2-with-client-pin=1234 $img_2 2> >(grep "Failed to parse boolean argument"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+systemd-cryptenroll --fido2-with-client-pin=false $img_2
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --fido2-with-user-presence=1234 $img_2 2> >(grep "Failed to parse boolean argument"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+systemd-cryptenroll --fido2-with-user-presence=false $img_2
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --fido2-with-user-verification=1234 $img_2 2> >(grep "Failed to parse boolean argument"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --tpm2-with-pin=1234 $img_2 2> >(grep "Failed to parse boolean argument"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+systemd-cryptenroll --fido2-with-user-verification=false $img_2
|
||
|
+
|
||
|
+#arg_enroll_type
|
||
|
+ret="$(! systemd-cryptenroll --recovery-key --password $img_2 2> >(grep "Multiple operations specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --password --recovery-key $img_2 2> >(grep "Multiple operations specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --password --fido2-device=auto $img_2 2> >(grep "Multiple operations specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2 2> >(grep "Multiple operations specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --password --tpm2-device=auto $img_2 2> >(grep "Multiple operations specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+#arg_unlock_type
|
||
|
+ret="$(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2 2> >(grep "Multiple unlock methods specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2 2> >(grep "Multiple unlock methods specified at once"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+#fido2_cred_alg
|
||
|
+ret="$(! systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2 2> >(grep "Failed to parse COSE algorithm"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+#tpm2_errors
|
||
|
+ret="$(! systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2 2> >(grep "Failed to parse PCR number"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --tpm2-pcrs=key $img_2 2> >(grep "Failed to parse PCR number"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+#wipe_slots
|
||
|
+ret="$(! systemd-cryptenroll --wipe-slot $img_2 2> >(grep "Failed to parse slot index"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+ret="$(! systemd-cryptenroll --wipe-slot=10240000 $img_2 2> >(grep "Slot index"))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
+#fido2_multiple_auto
|
||
|
+ret="$(! systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2 2> >(grep "When both enrolling and unlocking with FIDO2 tokens, automatic discovery is unsupported. Please specify device paths for enrolling and unlocking respectively."))"
|
||
|
+test -n "${ret}"
|
||
|
+
|
||
|
echo OK >/testok
|
||
|
|
||
|
exit 0
|