git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
clevis
1
0
Fork 0
Files Pull Requests 0
Branch: master
Branches Tags
clevis
/
src
/
luks
/
tests
/
bind-luks2-ext-token

bind-luks2-ext-token 2.3 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. #!/bin/bash -ex
    2. 

  2. # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
    3. 

  3. #
    4. 

  4. # Copyright (c) 2022 Red Hat, Inc.
    5. 

  5. # Author: Sergio Arroutbi <sarroutb@redhat.com>
    6. 

  6. #
    7. 

  7. # This program is free software: you can redistribute it and/or modify
    8. 

  8. # it under the terms of the GNU General Public License as published by
    9. 

  9. # the Free Software Foundation, either version 3 of the License, or
    10. 

  10. # (at your option) any later version.
    11. 

  11. #
    12. 

  12. # This program is distributed in the hope that it will be useful,
    13. 

  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15. # GNU General Public License for more details.
    16. 

  16. #
    17. 

  17. # You should have received a copy of the GNU General Public License
    18. 

  18. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19. #
    20. 

  20. 

  21. TEST=$(basename "${0}")
    22. 

  22. . tests-common-functions
    23. 

  23. 

  24. on_exit() {
    25. 

  25.     [ -d "${TMP}" ] && rm -rf "${TMP}"
    26. 

  26. }
    27. 

  27. 

  28. create_existing_token_id_from_keyring() {
    29. 

  29.     local DEV="${1}"
    30. 

  30.     local KEYDESC="${2}"
    31. 

  31.     local TOKEN_ID="${3}"
    32. 

  32.     local PASS="${4}"
    33. 

  33.     if [[ -z "${DEV}" ]] || [[ -z "${KEYDESC}" ]] || [[ -z "${TOKEN_ID}" ]]; then
    34. 

  34.         return 1
    35. 

  35.     fi
    36. 

  36.     KEYRING_ID=$(keyctl add user "${KEYDESC}" "${PASS}" @s)
    37. 

  37.     keyctl print "${KEYRING_ID}" 2>/dev/null 1>/dev/null
    38. 

  38.     cryptsetup token add --token-id "${TOKEN_ID}" --key-description "${KEYDESC}" "${DEV}"
    39. 

  39. }
    40. 

  40. 

  41. if ! luks2_supported; then
    42. 

  42.     skip_test "${TEST}: LUKS2 is not supported."
    43. 

  43. fi
    44. 

  44. 

  45. if  ! luks2_existing_token_id_supported; then
    46. 

  46.     skip_test "${TEST}: Existing token ID not supported"
    47. 

  47. fi
    48. 

  48. 

  49. trap 'on_exit' EXIT
    50. 

  50. trap 'exit' ERR
    51. 

  51. 

  52. TMP="$(mktemp -d)"
    53. 

  53. 

  54. ADV="${TMP}/adv.jws"
    55. 

  55. tang_create_adv "${TMP}" "${ADV}"
    56. 

  56. CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
    57. 

  57. 

  58. EXISTING_TOKEN_ID=5
    59. 

  59. KEYDESC="testkey"
    60. 

  60. PASS="123exttokenid_"
    61. 

  61. DEV="${TMP}/luks2-device-ext-token"
    62. 

  62. new_device "luks2" "${DEV}" "${PASS}"
    63. 

  63. 

  64. create_existing_token_id_from_keyring "${DEV}" "${KEYDESC}" "${EXISTING_TOKEN_ID}" "${PASS}"
    65. 

  65. 

  66. if ! clevis luks bind -y -d "${DEV}" -e "${EXISTING_TOKEN_ID}" tang "${CFG}"; then
    67. 

  67.     error "${TEST}: Binding expected to succeed with existing token id:${EXISTING_TOKEN_ID}" >&2
    68. 

  68. fi
    69. 

  69. 

  70. KEYFILE="${TMP}/keyfile.txt"
    71. 

  71. touch "${KEYFILE}"
    72. 

  72. if clevis luks bind -y -d "${DEV}" -e "${EXISTING_TOKEN_ID}" -k "${KEYFILE}" tang "${CFG}"; then
    73. 

  73.     error "${TEST}: Using existing token id and keyfile should dump an error" >&2
    74. 

  74. fi
    75.