diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-05-09 15:15:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-09 15:15:12 -0700 |
| commit | 338347ac4766f899fdc471d57f293798ff0e6c29 (patch) | |
| tree | 8f5c0969a49a396d60c33a324834d92d9911a240 /cli-tests/t_change_passphrase.sh | |
| parent | 1aef2541a434bd9e88ebd52be72f13d56c5ef748 (diff) | |
| parent | e68d65c440125ff1e47627abf1fc5a97f700d38d (diff) | |
Merge pull request #218 from ebiggers/cli-tests
Add tests for command-line interface
Add tests that directly test the fscrypt command-line tool.
See cli-tests/README.md for information about the test framework.
The following test scripts are included:
* t_change_passphrase
* t_encrypt_custom
* t_encrypt_login
* t_encrypt_raw_key
* t_encrypt
* t_lock
* t_not_enabled
* t_not_supported
* t_passphrase_hashing
* t_setup
* t_status
* t_unlock
* t_v1_policy_fs_keyring
* t_v1_policy
Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.
Diffstat (limited to 'cli-tests/t_change_passphrase.sh')
| -rwxr-xr-x | cli-tests/t_change_passphrase.sh | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/cli-tests/t_change_passphrase.sh b/cli-tests/t_change_passphrase.sh new file mode 100755 index 0000000..204512d --- /dev/null +++ b/cli-tests/t_change_passphrase.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# Test changing the passphrase of a custom_passphrase protector. + +cd "$(dirname "$0")" +. common.sh + +dir="$MNT/dir" + +_print_header "Create encrypted directory" +mkdir "$dir" +echo pass1 | fscrypt encrypt --quiet --name=prot --skip-unlock "$dir" + +_print_header "Try to unlock with wrong passphrase" +_expect_failure "echo pass2 | fscrypt unlock --quiet '$dir'" +_expect_failure "mkdir '$dir/subdir'" +protector=$(fscrypt status "$dir" | awk '/custom protector/{print $1}') + +_print_header "Change passphrase" +echo $'pass1\npass2' | \ + fscrypt metadata change-passphrase --protector="$MNT:$protector" --quiet + +_print_header "Try to unlock with old passphrase" +_expect_failure "echo pass1 | fscrypt unlock --quiet '$dir'" +_expect_failure "mkdir '$dir/subdir'" + +_print_header "Unlock with new passphrase" +echo pass2 | fscrypt unlock --quiet "$dir" +mkdir "$dir/subdir" +rmdir "$dir/subdir" + +_print_header "Try to change passphrase (interactively, mismatch)" +expect << EOF +spawn fscrypt metadata change-passphrase --protector=$MNT:$protector +expect "Enter old custom passphrase" +send "pass2\r" +expect "Enter new custom passphrase" +send "pass3\r" +expect "Confirm passphrase" +send "bad\r" +expect eof +EOF + +_print_header "Change passphrase (interactively)" +expect << EOF +spawn fscrypt metadata change-passphrase --protector=$MNT:$protector +expect "Enter old custom passphrase" +send "pass2\r" +expect "Enter new custom passphrase" +send "pass3\r" +expect "Confirm passphrase" +send "pass3\r" +expect eof +EOF + +_print_header "Lock, then unlock with new passphrase" +fscrypt lock "$dir" +_expect_failure "mkdir '$dir/subdir'" +echo pass3 | fscrypt unlock --quiet "$dir" +mkdir "$dir/subdir" |