summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2018-09-13 10:14:21 +0000
committerintrigeri <intrigeri@boum.org>2018-09-13 15:42:48 +0000
commit3f46bf693304214134162ba9edb28a0c6060a30b (patch)
tree5e04e0387a4b062a96bb583930155aca160ef8ed
parent3dec4ee699ba065c3a9e79873fb0de07fff01aa3 (diff)
VeraCrypt test suite (USB drive): implement unlocking with Unlock VeraCrypt Volumes (refs: #15238).
-rw-r--r--features/images/NautilusFocusedEjectButton.pngbin0 -> 1093 bytes
-rw-r--r--features/images/SecretFileOnVeraCryptVolume.pngbin0 -> 9421 bytes
-rw-r--r--features/images/UnlockVeraCryptVolumesUnlockButton.pngbin0 -> 4106 bytes
-rw-r--r--features/images/VeraCryptUnlockDialog.pngbin0 -> 7024 bytes
-rw-r--r--features/images/VeraCryptUnlockDialogHiddenVolumeLabel.pngbin0 -> 5517 bytes
-rw-r--r--features/step_definitions/veracrypt.rb80
-rw-r--r--features/veracrypt.feature24
7 files changed, 72 insertions, 32 deletions
diff --git a/features/images/NautilusFocusedEjectButton.png b/features/images/NautilusFocusedEjectButton.png
new file mode 100644
index 0000000..9895624
--- /dev/null
+++ b/features/images/NautilusFocusedEjectButton.png
Binary files differ
diff --git a/features/images/SecretFileOnVeraCryptVolume.png b/features/images/SecretFileOnVeraCryptVolume.png
new file mode 100644
index 0000000..e31eb51
--- /dev/null
+++ b/features/images/SecretFileOnVeraCryptVolume.png
Binary files differ
diff --git a/features/images/UnlockVeraCryptVolumesUnlockButton.png b/features/images/UnlockVeraCryptVolumesUnlockButton.png
new file mode 100644
index 0000000..161c668
--- /dev/null
+++ b/features/images/UnlockVeraCryptVolumesUnlockButton.png
Binary files differ
diff --git a/features/images/VeraCryptUnlockDialog.png b/features/images/VeraCryptUnlockDialog.png
new file mode 100644
index 0000000..edc9e6a
--- /dev/null
+++ b/features/images/VeraCryptUnlockDialog.png
Binary files differ
diff --git a/features/images/VeraCryptUnlockDialogHiddenVolumeLabel.png b/features/images/VeraCryptUnlockDialogHiddenVolumeLabel.png
new file mode 100644
index 0000000..8032bf4
--- /dev/null
+++ b/features/images/VeraCryptUnlockDialogHiddenVolumeLabel.png
Binary files differ
diff --git a/features/step_definitions/veracrypt.rb b/features/step_definitions/veracrypt.rb
index c853543..23b9d37 100644
--- a/features/step_definitions/veracrypt.rb
+++ b/features/step_definitions/veracrypt.rb
@@ -2,8 +2,12 @@ require 'expect'
require 'pty'
require 'tempfile'
-@veracrypt_passphrase = 'asdf'
-@veracrypt_hidden_passphrase = 'fdsa'
+$veracrypt_passphrase = 'asdf'
+$veracrypt_hidden_passphrase = 'fdsa'
+
+def veracrypt_volume_size_in_GNOME(is_hidden)
+ is_hidden ? '52 MB' : '105 MB'
+end
def create_veracrypt_keyfile(name)
keyfile = Tempfile.new("#{name}.keyfile", $config["TMPDIR"])
@@ -21,26 +25,28 @@ def reply_prompt(r_f, w_f, prompt_re, answer)
end
Given(/^USB drive "([^"]+)" has a (.+) VeraCrypt volume( with a keyfile)?$/) do |name, type, with_keyfile|
+ @veracrypt_is_hidden = (type == 'hidden')
+ @veracrypt_needs_keyfile = with_keyfile
step "I temporarily create a 100 MiB raw disk named \"#{name}\""
disk_path = $vm.storage.disk_path(name)
keyfile = create_veracrypt_keyfile(name)
fatal_system "losetup -f '#{disk_path}'"
loop_dev = `losetup -j '#{disk_path}'`.split(':').first
- tcplay_create_cmd = "tcplay --create --device='#{loop_dev}'"
+ tcplay_create_cmd = "tcplay --create --device='#{loop_dev}'" \
+ " --weak-keys --insecure-erase"
- tcplay_create_cmd += " --hidden" if type == 'hidden'
- tcplay_create_cmd += " --keyfile='#{keyfile}'" if with_keyfile
+ tcplay_create_cmd += " --hidden" if @veracrypt_is_hidden
+ tcplay_create_cmd += " --keyfile='#{keyfile}'" if @veracrypt_needs_keyfile
debug_log "tcplay create command: #{tcplay_create_cmd}"
PTY.spawn(tcplay_create_cmd) do |r_f, w_f, pid|
begin
w_f.sync = true
- reply_prompt(r_f, w_f, /^Passphrase:\s/, @veracrypt_passphrase)
- reply_prompt(r_f, w_f, /^Repeat passphrase:\s/, @veracrypt_passphrase)
- if type == 'hidden'
+ reply_prompt(r_f, w_f, /^Passphrase:\s/, $veracrypt_passphrase)
+ reply_prompt(r_f, w_f, /^Repeat passphrase:\s/, $veracrypt_passphrase)
+ if @veracrypt_is_hidden
reply_prompt(r_f, w_f, /^Passphrase for hidden volume:\s/,
- @veracrypt_hidden_passphrase)
+ $veracrypt_hidden_passphrase)
reply_prompt(r_f, w_f, /^Repeat passphrase:\s/,
- @veracrypt_hidden_passphrase)
+ $veracrypt_hidden_passphrase)
reply_prompt(r_f, w_f, /^Size of hidden volume.*:\s/, '50M')
end
reply_prompt(r_f, w_f, /^\s*Are you sure you want to proceed/, 'y')
@@ -52,13 +58,13 @@ Given(/^USB drive "([^"]+)" has a (.+) VeraCrypt volume( with a keyfile)?$/) do
$?.exitstatus == 0 or raise "#{tcplay_create_cmd} exited with #{$?.exitstatus}"
end
tcplay_map_cmd = "tcplay --map='#{name}' --device='#{loop_dev}'"
- tcplay_map_cmd += " --keyfile='#{keyfile}'" if with_keyfile
- debug_log "tcplay create command: #{tcplay_map_cmd}"
+ tcplay_map_cmd += " --keyfile='#{keyfile}'" if @veracrypt_needs_keyfile
+ debug_log "tcplay map command: #{tcplay_map_cmd}"
PTY.spawn(tcplay_map_cmd) do |r_f, w_f, pid|
begin
w_f.sync = true
reply_prompt(r_f, w_f, /^Passphrase:\s/,
- type == 'hidden' ? @veracrypt_hidden_passphrase : @veracrypt_passphrase)
+ @veracrypt_is_hidden ? $veracrypt_hidden_passphrase : $veracrypt_passphrase)
r_f.expect(/^All ok!/)
rescue Errno::EIO
ensure
@@ -79,21 +85,55 @@ Given(/^USB drive "([^"]+)" has a (.+) VeraCrypt volume( with a keyfile)?$/) do
end
When(/^I unlock and mount the VeraCrypt volume on drive "([^"]+)" with Unlock VeraCrypt Volumes$/) do |name|
- pending # express the regexp above with the code you wish you had
+ @veracrypt_tool = 'Unlock VeraCrypt Volumes'
+ step 'I start "Unlock VeraCrypt Volumes" via GNOME Activities Overview'
+ @screen.wait_and_click('UnlockVeraCryptVolumesUnlockButton.png', 10)
+ @screen.wait('VeraCryptUnlockDialog.png', 10)
+ @screen.type(
+ @veracrypt_is_hidden ? $veracrypt_hidden_passphrase : $veracrypt_passphrase
+ )
+ @screen.click('VeraCryptUnlockDialogHiddenVolumeLabel.png') if @veracrypt_is_hidden
+ @screen.type(Sikuli::Key.ENTER)
+ @screen.waitVanish('VeraCryptUnlockDialog.png', 10)
+ try_for(30) do
+ $vm.execute_successfully('ls /media/amnesia/*/SecretFile')
+ end
end
When(/^I unlock and mount the VeraCrypt volume on drive "([^"]+)" with GNOME Disks$/) do |name|
+ @veracrypt_tool = 'GNOME Disks'
pending # express the regexp above with the code you wish you had
end
-When(/^I open the USB drive "([^"]+)" in GNOME Files$/) do |name|
- pending # express the regexp above with the code you wish you had
+When(/^I open the VeraCrypt volume "([^"]+)" in GNOME Files$/) do |name|
+ step "all notifications have disappeared"
+ case @veracrypt_tool
+ when 'Unlock VeraCrypt Volumes'
+ # XXX: isn't this supposed to happen automatically? (#15951)
+ $vm.spawn('nautilus /media/amnesia/*', user: LIVE_USER)
+ when 'GNOME Disks'
+ pending
+ else
+ raise "Unsupported tool: '#{@veracrypt_tool}'"
+ end
+ Dogtail::Application.new('nautilus').window(
+ veracrypt_volume_size_in_GNOME(@veracrypt_is_hidden) + ' Volume'
+ )
end
-When(/^I lock USB drive "([^"]+)"$/) do |name|
- pending # express the regexp above with the code you wish you had
+When(/^I lock the currently opened VeraCrypt volume$/) do
+ # Sometimes the eject button is not updated fast enough and is still
+ # about the drive that contains the VeraCrypt volume, which cannot
+ # be ejected as it's still in use.
+ sleep 3
+ @screen.click('NautilusFocusedEjectButton.png')
+ try_for(10) do
+ ! $vm.execute('ls /media/amnesia/*/SecretFile').success?
+ end
end
-Then(/^I am told I can unplug the USB drive$/) do
- pending # express the regexp above with the code you wish you had
+When(/^I am told the VeraCrypt volume has been unmounted$/) do
+ notification_text = "You can now unplug QEMU QEMU HARDDISK"
+ step "I see the \"#{notification_text}\"" \
+ + " notification after at most 30 seconds"
end
diff --git a/features/veracrypt.feature b/features/veracrypt.feature
index 73fb98b..a5023a8 100644
--- a/features/veracrypt.feature
+++ b/features/veracrypt.feature
@@ -11,36 +11,36 @@ Feature: Using VeraCrypt encrypted volumes
Given USB drive "vc-basic" has a basic VeraCrypt volume
When I plug USB drive "vc-basic"
And I unlock and mount the VeraCrypt volume on drive "vc-basic" with Unlock VeraCrypt Volumes
- And I open the USB drive "vc-basic" in GNOME Files
+ And I open the VeraCrypt volume "vc-basic" in GNOME Files
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
- When I lock USB drive "vc-basic"
- Then I am told I can unplug the USB drive
+ When I lock the currently opened VeraCrypt volume
+ Then I am told the VeraCrypt volume has been unmounted
Scenario: Use GNOME Disks to unlock a USB drive that has a basic VeraCrypt volume with a keyfile
Given USB drive "vc-basic-with-keyfile" has a basic VeraCrypt volume with a keyfile
When I plug USB drive "vc-basic-with-keyfile"
And I unlock and mount the VeraCrypt volume on drive "vc-basic-with-keyfile" with GNOME Disks
- And I open the USB drive "vc-basic-with-keyfile" in GNOME Files
+ And I open the VeraCrypt volume "vc-basic-with-keyfile" in GNOME Files
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
- When I lock USB drive "vc-basic-with-keyfile"
- Then I am told I can unplug the USB drive
+ When I lock the currently opened VeraCrypt volume
+ Then I am told the VeraCrypt volume has been unmounted
Scenario: Use Unlock VeraCrypt Volumes to unlock a USB drive that has a hidden VeraCrypt volume
Given USB drive "vc-hidden" has a hidden VeraCrypt volume
When I plug USB drive "vc-hidden"
And I unlock and mount the VeraCrypt volume on drive "vc-hidden" with Unlock VeraCrypt Volumes
- And I open the USB drive "vc-hidden" in GNOME Files
+ And I open the VeraCrypt volume "vc-hidden" in GNOME Files
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
- When I lock USB drive "vc-hidden"
- Then I am told I can unplug the USB drive
+ When I lock the currently opened VeraCrypt volume
+ Then I am told the VeraCrypt volume has been unmounted
Scenario: Use GNOME Disks to unlock a USB drive that has a hidden VeraCrypt volume
Given USB drive "vc-hidden" has a hidden VeraCrypt volume
When I plug USB drive "vc-hidden"
And I unlock and mount the VeraCrypt volume on drive "vc-hidden" with GNOME Disks
- And I open the USB drive "vc-hidden" in GNOME Files
+ And I open the VeraCrypt volume "vc-hidden" in GNOME Files
Then I see "SecretFileOnVeraCryptVolume.png" after at most 10 seconds
- When I lock USB drive "vc-hidden"
- Then I am told I can unplug the USB drive
+ When I lock the currently opened VeraCrypt volume
+ Then I am told the VeraCrypt volume has been unmounted
# XXX: Scenario Outline: Unlocking a VeraCrypt file container