Merge pull request #218 from ebiggers/cli-tests

Add tests for command-line interface Add tests that directly test the fscrypt command-line tool. See cli-tests/README.md for information about the test framework. The following test scripts are included: * t_change_passphrase * t_encrypt_custom * t_encrypt_login * t_encrypt_raw_key * t_encrypt * t_lock * t_not_enabled * t_not_supported * t_passphrase_hashing * t_setup * t_status * t_unlock * t_v1_policy_fs_keyring * t_v1_policy Unfortunately, we can't actually make Travis CI run these tests yet because they need kernel v5.4 or later, and Travis CI doesn't support an Ubuntu version that has that yet. But for now, they can be run manually using make cli-test.
author: Eric Biggers <ebiggers@google.com> 2020-05-09 15:15:12 -0700
committer: GitHub <noreply@github.com> 2020-05-09 15:15:12 -0700
commit: 338347ac4766f899fdc471d57f293798ff0e6c29 (patch)
tree: 8f5c0969a49a396d60c33a324834d92d9911a240 /cli-tests/t_encrypt_login.out
parent: 1aef2541a434bd9e88ebd52be72f13d56c5ef748 (diff)
parent: e68d65c440125ff1e47627abf1fc5a97f700d38d (diff)
1 files changed, 148 insertions, 0 deletions
diff --git a/cli-tests/t_encrypt_login.out b/cli-tests/t_encrypt_login.out
new file mode 100644
index 0000000..c6eb463
--- /dev/null
+++ b/cli-tests/t_encrypt_login.out
@@ -0,0 +1,148 @@
+
+# Encrypt with login protector
+See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
+ext4 filesystem "MNT" has 2 protectors and 1 policy
+
+PROTECTOR         LINKED                              DESCRIPTION
+desc1  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc2  No                                  custom protector "Recovery passphrase for dir"
+
+POLICY                            UNLOCKED  PROTECTORS
+desc3  Yes       desc1, desc2
+ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
+
+PROTECTOR         LINKED  DESCRIPTION
+desc1  No      login protector for fscrypt-test-user
+"MNT/dir" is encrypted with fscrypt.
+
+Policy:   desc3
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 2 protectors:
+PROTECTOR         LINKED                              DESCRIPTION
+desc1  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc2  No                                  custom protector "Recovery passphrase for dir"
+
+# => Lock, then unlock with login passphrase
+"MNT/dir" is now locked.
+
+# => Lock, then unlock with recovery passphrase
+"MNT/dir" is now locked.
+
+# Encrypt with login protector, interactively
+spawn fscrypt encrypt MNT/dir
+The following protector sources are available:
+1 - Your login passphrase (pam_passphrase)
+2 - A custom passphrase (custom_passphrase)
+3 - A raw 256-bit key (raw_key)
+Enter the source number for the new protector [2 - custom_passphrase]: 1
+Enter login passphrase for fscrypt-test-user: 
+Protector is on a different filesystem! Generate a recovery passphrase (recommended)? [Y/n] y
+See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
+"MNT/dir" is now encrypted, unlocked, and ready for use.
+ext4 filesystem "MNT" has 2 protectors and 1 policy
+
+PROTECTOR         LINKED                              DESCRIPTION
+desc10  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc11  No                                  custom protector "Recovery passphrase for dir"
+
+POLICY                            UNLOCKED  PROTECTORS
+desc12  Yes       desc10, desc11
+ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
+
+PROTECTOR         LINKED  DESCRIPTION
+desc10  No      login protector for fscrypt-test-user
+"MNT/dir" is encrypted with fscrypt.
+
+Policy:   desc12
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 2 protectors:
+PROTECTOR         LINKED                              DESCRIPTION
+desc10  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc11  No                                  custom protector "Recovery passphrase for dir"
+
+# Encrypt with login protector as root
+See "MNT/dir/fscrypt_recovery_readme.txt" for important recovery instructions!
+ext4 filesystem "MNT" has 2 protectors and 1 policy
+
+PROTECTOR         LINKED                              DESCRIPTION
+desc19  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc20  No                                  custom protector "Recovery passphrase for dir"
+
+POLICY                            UNLOCKED  PROTECTORS
+desc21  Yes       desc19, desc20
+ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
+
+PROTECTOR         LINKED  DESCRIPTION
+desc19  No      login protector for fscrypt-test-user
+"MNT/dir" is encrypted with fscrypt.
+
+Policy:   desc21
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 2 protectors:
+PROTECTOR         LINKED                              DESCRIPTION
+desc19  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+desc20  No                                  custom protector "Recovery passphrase for dir"
+
+# Encrypt with login protector with --no-recovery
+ext4 filesystem "MNT" has 1 protector and 1 policy
+
+PROTECTOR         LINKED                              DESCRIPTION
+desc28  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+
+POLICY                            UNLOCKED  PROTECTORS
+desc29  Yes       desc28
+ext4 filesystem "MNT_ROOT" has 1 protector and 0 policies
+
+PROTECTOR         LINKED  DESCRIPTION
+desc28  No      login protector for fscrypt-test-user
+"MNT/dir" is encrypted with fscrypt.
+
+Policy:   desc29
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 1 protector:
+PROTECTOR         LINKED                              DESCRIPTION
+desc28  Yes (MNT_ROOT)  login protector for fscrypt-test-user
+
+# Encrypt with login protector on root fs (shouldn't generate a recovery passphrase)
+"MNT_ROOT/dir" is encrypted with fscrypt.
+
+Policy:   desc34
+Options:  padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2 
+Unlocked: Yes
+
+Protected with 1 protector:
+PROTECTOR         LINKED  DESCRIPTION
+desc35  No      login protector for fscrypt-test-user
+ext4 filesystem "MNT_ROOT" has 1 protector and 1 policy
+
+PROTECTOR         LINKED  DESCRIPTION
+desc35  No      login protector for fscrypt-test-user
+
+POLICY                            UNLOCKED  PROTECTORS
+desc34  Yes       desc35
+
+# Try to give a login protector a name
+[ERROR] fscrypt encrypt: login protectors do not need a name
+ext4 filesystem "MNT" has 0 protectors and 0 policies
+
+ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
+
+[ERROR] fscrypt status: get encryption policy MNT/dir: file
+                        or directory not encrypted
+
+# Try to use the wrong login passphrase
+[ERROR] fscrypt encrypt: incorrect login passphrase
+ext4 filesystem "MNT" has 0 protectors and 0 policies
+
+ext4 filesystem "MNT_ROOT" has 0 protectors and 0 policies
+
+[ERROR] fscrypt status: get encryption policy MNT/dir: file
+                        or directory not encrypted
author	Eric Biggers <ebiggers@google.com>	2020-05-09 15:15:12 -0700
committer	GitHub <noreply@github.com>	2020-05-09 15:15:12 -0700
commit	338347ac4766f899fdc471d57f293798ff0e6c29 (patch)
tree	8f5c0969a49a396d60c33a324834d92d9911a240 /cli-tests/t_encrypt_login.out
parent	1aef2541a434bd9e88ebd52be72f13d56c5ef748 (diff)
parent	e68d65c440125ff1e47627abf1fc5a97f700d38d (diff)