From 2959ec0ec47786956223715812f40eb9e7301786 Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 15 Jun 2023 15:44:55 -0400 Subject: [PATCH 1/3] test: To be able to run testLocalKeys alone add missing env variable Signed-off-by: Stefan Berger --- script/tests/test_encryption.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/script/tests/test_encryption.sh b/script/tests/test_encryption.sh index 2dd2a071..585b965d 100755 --- a/script/tests/test_encryption.sh +++ b/script/tests/test_encryption.sh @@ -676,6 +676,9 @@ testLocalKeys() { createJWEKeys setupPKCS11 + # Env. variable needed for encryption with SOFTHSM_KEY_PEM + export OCICRYPT_OAEP_HASHALG=sha1 + echo "Testing JWE and PKCS11 type of encryption with local unpack keys" # Remove original images From ec7231185e276feb10f5b4b974ade62a81d5e9ad Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 15 Jun 2023 11:00:18 -0400 Subject: [PATCH 2/3] test: Add comments to test case Signed-off-by: Stefan Berger --- script/tests/test_encryption.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/script/tests/test_encryption.sh b/script/tests/test_encryption.sh index 585b965d..1844bf5b 100755 --- a/script/tests/test_encryption.sh +++ b/script/tests/test_encryption.sh @@ -638,6 +638,9 @@ testJWE() { MSG=$($CTR container rm testcontainer1 2>&1) MSG=$($CTR snapshot rm testcontainer1 2>&1) + + # Create testcontainer1 from encrypted bash image ${BASH_ENC} + # Creating the container without providing (right) key must fail MSG=$(sudo $CTR container create ${BASH_ENC} testcontainer1 2>&1) if [ $? -eq 0 ]; then MSG=$($CTR container rm testcontainer1 2>&1) @@ -645,6 +648,8 @@ testJWE() { failExit 1 "Should not have been able to create a container from encrypted image without passing keys" fi MSG=$($CTR snapshot rm testcontainer1 2>&1) + + # creating the container when providing right key must work MSG=$(sudo bash -c "$CTR container create \ --key ${PRIVKEYJWK} \ ${BASH_ENC} testcontainer1 2>&1") @@ -652,6 +657,7 @@ testJWE() { MSG=$($CTR container rm testcontainer1 2>&1) MSG=$($CTR snapshot rm testcontainer1 2>&1) + # running the container without providing (right) key must fail MSG=$(sudo bash -c "$CTR run \ --rm \ ${BASH_ENC} testcontainer1 echo 'Hello world'" 2>&1) @@ -660,6 +666,8 @@ testJWE() { failExit 1 "Should not have been able to run a container from encrypted image without passing keys" fi MSG=$($CTR snapshot rm testcontainer1 2>&1) + + # Running the container when providing right key must work MSG=$(sudo bash -c "$CTR run \ --key ${PRIVKEYJWK} \ --rm \ From aa517cc77654cf517cc7bba5529b07da92f033dc Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Thu, 15 Jun 2023 19:07:11 -0400 Subject: [PATCH 3/3] test: Fix order of parameters and remove unnecessary key parameter Signed-off-by: Stefan Berger --- script/tests/test_encryption.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/tests/test_encryption.sh b/script/tests/test_encryption.sh index 1844bf5b..6c2f6205 100755 --- a/script/tests/test_encryption.sh +++ b/script/tests/test_encryption.sh @@ -733,7 +733,7 @@ testLocalKeys() { echo "Testing creation of container from encrypted image with local keys (JWE)" MSG=$($CTR container rm testcontainer1 2>&1) MSG=$($CTR snapshot rm testcontainer1 2>&1) - MSG=$(sudo $CTR container create ${ALPINE_ENC} --skip-decrypt-auth --key ${PRIVKEY2PEM} testcontainer1 2>&1) + MSG=$(sudo $CTR container create --skip-decrypt-auth ${ALPINE_ENC} testcontainer1 2>&1) failExit $? "Should have been able to create a container from encrypted image when local keys exists (JWE)\n${MSG}" MSG=$($CTR container rm testcontainer1 2>&1) @@ -749,7 +749,7 @@ testLocalKeys() { echo "Testing creation of container from encrypted image with local keys (PKCS11)" MSG=$($CTR container rm testcontainer1 2>&1) MSG=$($CTR snapshot rm testcontainer1 2>&1) - MSG=$(sudo $CTR container create ${ALPINE_ENC} --skip-decrypt-auth --key ${PRIVKEY2PEM} testcontainer1 2>&1) + MSG=$(sudo $CTR container create --skip-decrypt-auth ${ALPINE_ENC} testcontainer1 2>&1) failExit $? "Should have been able to create a container from encrypted image when local keys exists (PKCS11)\n${MSG}" MSG=$($CTR container rm testcontainer1 2>&1)