vault: public TestCoreUnsealed, don't modify key in Unseal

/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
This commit is contained in:
Mitchell Hashimoto 2015-03-14 17:47:11 -07:00
parent b2af154fb4
commit 866b91d858
5 changed files with 40 additions and 48 deletions

View file

@ -305,9 +305,13 @@ func (c *Core) SecretProgress() int {
return len(c.unlockParts)
}
// Unseal is used to provide one of the key parts to
// unseal the Vault.
func (c *Core) Unseal(key []byte) (bool, error) {
// Unseal is used to provide one of the key parts to unseal the Vault.
func (c *Core) Unseal(keyRaw []byte) (bool, error) {
// Copy the key since it is modified in-place and we don't want to
// modify the parameter.
key := make([]byte, len(keyRaw))
copy(key, keyRaw)
// Verify the key length
min, max := c.barrier.KeyLength()
max += shamir.ShareOverhead

View file

@ -12,38 +12,6 @@ var (
invalidKey = []byte("abcdefghijklmnopqrstuvwxyz")[:17]
)
func testCore(t *testing.T) *Core {
inm := physical.NewInmem()
conf := &CoreConfig{Physical: inm}
c, err := NewCore(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
return c
}
func testUnsealedCore(t *testing.T) (*Core, []byte) {
c := testCore(t)
sealConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
master := make([]byte, len(res.SecretShares[0]))
copy(master, res.SecretShares[0])
unseal, err := c.Unseal(res.SecretShares[0])
if err != nil {
t.Fatalf("err: %v", err)
}
if !unseal {
t.Fatalf("should be unsealed")
}
return c, master
}
func TestCore_Init(t *testing.T) {
inm := physical.NewInmem()
conf := &CoreConfig{Physical: inm}
@ -137,7 +105,7 @@ func TestCore_Init(t *testing.T) {
}
func TestCore_Init_MultiShare(t *testing.T) {
c := testCore(t)
c := TestCore(t)
sealConf := &SealConfig{
SecretShares: 5,
SecretThreshold: 3,
@ -162,7 +130,7 @@ func TestCore_Init_MultiShare(t *testing.T) {
}
func TestCore_Unseal_MultiShare(t *testing.T) {
c := testCore(t)
c := TestCore(t)
_, err := c.Unseal(invalidKey)
if err != ErrNotInit {
@ -247,7 +215,7 @@ func TestCore_Unseal_MultiShare(t *testing.T) {
}
func TestCore_Unseal_Single(t *testing.T) {
c := testCore(t)
c := TestCore(t)
_, err := c.Unseal(invalidKey)
if err != ErrNotInit {
@ -297,7 +265,7 @@ func TestCore_Unseal_Single(t *testing.T) {
}
func TestCore_Route_Sealed(t *testing.T) {
c := testCore(t)
c := TestCore(t)
sealConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
@ -335,7 +303,7 @@ func TestCore_Route_Sealed(t *testing.T) {
// Attempt to unseal after doing a first seal
func TestCore_SealUnseal(t *testing.T) {
c, key := testUnsealedCore(t)
c, key := TestCoreUnsealed(t)
if err := c.Seal(); err != nil {
t.Fatalf("err: %v", err)
}

View file

@ -6,7 +6,7 @@ import (
)
func TestCore_DefaultMountTable(t *testing.T) {
c, key := testUnsealedCore(t)
c, key := TestCoreUnsealed(t)
verifyDefaultTable(t, c.mounts)
// Start a second core with same physical
@ -30,7 +30,7 @@ func TestCore_DefaultMountTable(t *testing.T) {
}
func TestCore_Mount(t *testing.T) {
c, key := testUnsealedCore(t)
c, key := TestCoreUnsealed(t)
me := &MountEntry{
Path: "foo",
Type: "generic",
@ -65,7 +65,7 @@ func TestCore_Mount(t *testing.T) {
}
func TestCore_Unmount(t *testing.T) {
c, key := testUnsealedCore(t)
c, key := TestCoreUnsealed(t)
err := c.Unmount("secret")
if err != nil {
t.Fatalf("err: %v", err)
@ -96,7 +96,7 @@ func TestCore_Unmount(t *testing.T) {
}
func TestCore_Remount(t *testing.T) {
c, key := testUnsealedCore(t)
c, key := TestCoreUnsealed(t)
err := c.Remount("secret", "foo")
if err != nil {
t.Fatalf("err: %v", err)
@ -127,7 +127,7 @@ func TestCore_Remount(t *testing.T) {
}
func TestCore_Remount_Protected(t *testing.T) {
c, _ := testUnsealedCore(t)
c, _ := TestCoreUnsealed(t)
err := c.Remount("sys", "foo")
if err.Error() != "cannot remount 'sys/'" {
t.Fatalf("err: %v", err)

View file

@ -6,7 +6,7 @@ import (
)
func testSystem(t *testing.T) *SystemBackend {
c, _ := testUnsealedCore(t)
c, _ := TestCoreUnsealed(t)
return &SystemBackend{c}
}

View file

@ -24,7 +24,7 @@ func TestCore(t *testing.T) *Core {
// TestCoreInit initializes the core with a single key, and returns
// the list of keys that must be used to unseal the core.
func TestCoreInit(t *testing.T, core *Core) [][]byte {
func TestCoreInit(t *testing.T, core *Core) []byte {
result, err := core.Initialize(&SealConfig{
SecretShares: 1,
SecretThreshold: 1,
@ -33,5 +33,25 @@ func TestCoreInit(t *testing.T, core *Core) [][]byte {
t.Fatalf("err: %s", err)
}
return result.SecretShares
return result.SecretShares[0]
}
// TestCoreUnsealed returns a pure in-memory core that is already
// initialized and unsealed.
func TestCoreUnsealed(t *testing.T) (*Core, []byte) {
core := TestCore(t)
key := TestCoreInit(t, core)
if _, err := core.Unseal(key); err != nil {
t.Fatalf("unseal err: %s", err)
}
sealed, err := core.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
return core, key
}