#include "tests.h"
#include "tmpfile-util.h"
#include "tpm2-util.h"
+#include "user-util.h"
TEST(read_credential_strings) {
_cleanup_free_ char *x = NULL, *y = NULL, *saved = NULL, *p = NULL;
assert_se(credential_glob_valid(buf));
}
-static void test_encrypt_decrypt_with(sd_id128_t mode) {
+static void test_encrypt_decrypt_with(sd_id128_t mode, uid_t uid) {
static const struct iovec plaintext = CONST_IOVEC_MAKE_STRING("this is a super secret string");
int r;
- log_notice("Running encryption/decryption test with mode " SD_ID128_FORMAT_STR ".", SD_ID128_FORMAT_VAL(mode));
+ if (uid_is_valid(uid))
+ log_notice("Running encryption/decryption test with mode " SD_ID128_FORMAT_STR " for UID " UID_FMT ".", SD_ID128_FORMAT_VAL(mode), uid);
+ else
+ log_notice("Running encryption/decryption test with mode " SD_ID128_FORMAT_STR ".", SD_ID128_FORMAT_VAL(mode));
_cleanup_(iovec_done) struct iovec encrypted = {};
r = encrypt_credential_and_warn(
/* tpm2_hash_pcr_mask= */ 0,
/* tpm2_pubkey_path= */ NULL,
/* tpm2_pubkey_pcr_mask= */ 0,
+ uid,
&plaintext,
CREDENTIAL_ALLOW_NULL,
&encrypted);
/* validate_timestamp= */ USEC_INFINITY,
/* tpm2_device= */ NULL,
/* tpm2_signature_path= */ NULL,
+ uid,
&encrypted,
CREDENTIAL_ALLOW_NULL,
&decrypted);
/* validate_timestamp= */ USEC_INFINITY,
/* tpm2_device= */ NULL,
/* tpm2_signature_path= */ NULL,
+ uid,
&encrypted,
CREDENTIAL_ALLOW_NULL,
&decrypted);
_cleanup_(rm_rf_physical_and_freep) char *d = NULL;
_cleanup_free_ char *j = NULL;
- test_encrypt_decrypt_with(CRED_AES256_GCM_BY_NULL);
+ log_set_max_level(LOG_DEBUG);
+
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_NULL, UID_INVALID);
assert_se(mkdtemp_malloc(NULL, &d) >= 0);
j = path_join(d, "secret");
assert_se(setenv("SYSTEMD_CREDENTIAL_SECRET", j, true) >= 0);
- test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST);
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST, UID_INVALID);
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST_SCOPED, 0);
if (try_tpm2()) {
- test_encrypt_decrypt_with(CRED_AES256_GCM_BY_TPM2_HMAC);
- test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC);
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_TPM2_HMAC, UID_INVALID);
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC, UID_INVALID);
+ test_encrypt_decrypt_with(CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED, 0);
}
if (ec)
static const sd_id128_t tags[] = {
CRED_AES256_GCM_BY_HOST,
+ CRED_AES256_GCM_BY_HOST_SCOPED,
CRED_AES256_GCM_BY_TPM2_HMAC,
CRED_AES256_GCM_BY_TPM2_HMAC_WITH_PK,
CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC,
+ CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_SCOPED,
CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK,
+ CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC_WITH_PK_SCOPED,
CRED_AES256_GCM_BY_NULL,
};