cryptsetup-nuke-keys icon indicating copy to clipboard operation
cryptsetup-nuke-keys copied to clipboard
verified publisher icon offensive-security

Add automated tests

Open jpouellet opened this issue 8 years ago • 0 comments

Example output:

% VERBOSE=1 BREAK=1 ./test.sh 
>>> Making a temporary "disk" for testing...
truncate -s 8M /tmp/tmp.gUz94xPebl/disk
>>> Creating some dummy secret data...
dd if=/dev/urandom of=/tmp/tmp.gUz94xPebl/secrets bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.00651684 s, 161 MB/s
>>> Initializing LUKS container...
cryptsetup luksFormat /tmp/tmp.gUz94xPebl/disk
>>> Trying to open with wrong passphrase...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
No key available with this passphrase.
>>> Opening with correct passphrase...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
>>> Writing secret data into LUKS container...
dd if=/tmp/tmp.gUz94xPebl/secrets of=/dev/mapper/luks-test-32391 conv=nocreat
2048+0 records in
2048+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.00794061 s, 132 MB/s
>>> Verifying secret data in LUKS container...
diff -u --label expected-secrets --label found-secrets /dev/fd/63 /dev/fd/62
>>> Closing LUKS container...
cryptsetup close luks-test-32391
>>> Making header backup...
cryptsetup luksHeaderBackup /tmp/tmp.gUz94xPebl/disk --header-backup-file /tmp/tmp.gUz94xPebl/header
>>> Adding nuke key...
cryptsetup --key-file /dev/fd/63 luksAddNuke /tmp/tmp.gUz94xPebl/disk
>>> Opening with correct passphrase...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
>>> Verifying secret data in LUKS container...
diff -u --label expected-secrets --label found-secrets /dev/fd/63 /dev/fd/62
>>> Closing LUKS container...
cryptsetup close luks-test-32391
./test.sh: line 174: verify_has_keys: command not found
>>> Opening with nuke passphrase...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
Failed to read from key storage.
No key available with this passphrase.
>>> Making sure there are no key slots...
cryptsetup luksDump disk
grep -xq Key Slot [0-9]*: ENABLED
Device disk doesn't exist or access denied.
>>> Opening with correct passphrase, expecting failure...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
No key available with this passphrase.
>>> Restoring header backup...
cryptsetup luksHeaderRestore /tmp/tmp.gUz94xPebl/disk --header-backup-file /tmp/tmp.gUz94xPebl/header
./test.sh: line 179: verify_has_keys: command not found
>>> Opening with correct passphrase...
cryptsetup luksOpen /tmp/tmp.gUz94xPebl/disk luks-test-32391
>>> Verifying secret data in LUKS container...
diff -u --label expected-secrets --label found-secrets /dev/fd/63 /dev/fd/62
>>> Closing LUKS container...
cryptsetup close luks-test-32391
ALL TESTS PASSED!

jpouellet avatar Nov 22 '17 12:11 jpouellet