vault: public TestCoreUnsealed, don't modify key in Unseal
/cc @armon - I do a key copy within Unseal now. It tripped me up for quite awhile that that method actually modifies the param in-place and I can't think of any scenario that is good for the user. Do you see any issues here?
This commit is contained in:
parent
b2af154fb4
commit
866b91d858
|
@ -305,9 +305,13 @@ func (c *Core) SecretProgress() int {
|
|||
return len(c.unlockParts)
|
||||
}
|
||||
|
||||
// Unseal is used to provide one of the key parts to
|
||||
// unseal the Vault.
|
||||
func (c *Core) Unseal(key []byte) (bool, error) {
|
||||
// Unseal is used to provide one of the key parts to unseal the Vault.
|
||||
func (c *Core) Unseal(keyRaw []byte) (bool, error) {
|
||||
// Copy the key since it is modified in-place and we don't want to
|
||||
// modify the parameter.
|
||||
key := make([]byte, len(keyRaw))
|
||||
copy(key, keyRaw)
|
||||
|
||||
// Verify the key length
|
||||
min, max := c.barrier.KeyLength()
|
||||
max += shamir.ShareOverhead
|
||||
|
|
|
@ -12,38 +12,6 @@ var (
|
|||
invalidKey = []byte("abcdefghijklmnopqrstuvwxyz")[:17]
|
||||
)
|
||||
|
||||
func testCore(t *testing.T) *Core {
|
||||
inm := physical.NewInmem()
|
||||
conf := &CoreConfig{Physical: inm}
|
||||
c, err := NewCore(conf)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func testUnsealedCore(t *testing.T) (*Core, []byte) {
|
||||
c := testCore(t)
|
||||
sealConf := &SealConfig{
|
||||
SecretShares: 1,
|
||||
SecretThreshold: 1,
|
||||
}
|
||||
res, err := c.Initialize(sealConf)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
master := make([]byte, len(res.SecretShares[0]))
|
||||
copy(master, res.SecretShares[0])
|
||||
unseal, err := c.Unseal(res.SecretShares[0])
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if !unseal {
|
||||
t.Fatalf("should be unsealed")
|
||||
}
|
||||
return c, master
|
||||
}
|
||||
|
||||
func TestCore_Init(t *testing.T) {
|
||||
inm := physical.NewInmem()
|
||||
conf := &CoreConfig{Physical: inm}
|
||||
|
@ -137,7 +105,7 @@ func TestCore_Init(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Init_MultiShare(t *testing.T) {
|
||||
c := testCore(t)
|
||||
c := TestCore(t)
|
||||
sealConf := &SealConfig{
|
||||
SecretShares: 5,
|
||||
SecretThreshold: 3,
|
||||
|
@ -162,7 +130,7 @@ func TestCore_Init_MultiShare(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Unseal_MultiShare(t *testing.T) {
|
||||
c := testCore(t)
|
||||
c := TestCore(t)
|
||||
|
||||
_, err := c.Unseal(invalidKey)
|
||||
if err != ErrNotInit {
|
||||
|
@ -247,7 +215,7 @@ func TestCore_Unseal_MultiShare(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Unseal_Single(t *testing.T) {
|
||||
c := testCore(t)
|
||||
c := TestCore(t)
|
||||
|
||||
_, err := c.Unseal(invalidKey)
|
||||
if err != ErrNotInit {
|
||||
|
@ -297,7 +265,7 @@ func TestCore_Unseal_Single(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Route_Sealed(t *testing.T) {
|
||||
c := testCore(t)
|
||||
c := TestCore(t)
|
||||
sealConf := &SealConfig{
|
||||
SecretShares: 1,
|
||||
SecretThreshold: 1,
|
||||
|
@ -335,7 +303,7 @@ func TestCore_Route_Sealed(t *testing.T) {
|
|||
|
||||
// Attempt to unseal after doing a first seal
|
||||
func TestCore_SealUnseal(t *testing.T) {
|
||||
c, key := testUnsealedCore(t)
|
||||
c, key := TestCoreUnsealed(t)
|
||||
if err := c.Seal(); err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
)
|
||||
|
||||
func TestCore_DefaultMountTable(t *testing.T) {
|
||||
c, key := testUnsealedCore(t)
|
||||
c, key := TestCoreUnsealed(t)
|
||||
verifyDefaultTable(t, c.mounts)
|
||||
|
||||
// Start a second core with same physical
|
||||
|
@ -30,7 +30,7 @@ func TestCore_DefaultMountTable(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Mount(t *testing.T) {
|
||||
c, key := testUnsealedCore(t)
|
||||
c, key := TestCoreUnsealed(t)
|
||||
me := &MountEntry{
|
||||
Path: "foo",
|
||||
Type: "generic",
|
||||
|
@ -65,7 +65,7 @@ func TestCore_Mount(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Unmount(t *testing.T) {
|
||||
c, key := testUnsealedCore(t)
|
||||
c, key := TestCoreUnsealed(t)
|
||||
err := c.Unmount("secret")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
|
@ -96,7 +96,7 @@ func TestCore_Unmount(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Remount(t *testing.T) {
|
||||
c, key := testUnsealedCore(t)
|
||||
c, key := TestCoreUnsealed(t)
|
||||
err := c.Remount("secret", "foo")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
|
@ -127,7 +127,7 @@ func TestCore_Remount(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCore_Remount_Protected(t *testing.T) {
|
||||
c, _ := testUnsealedCore(t)
|
||||
c, _ := TestCoreUnsealed(t)
|
||||
err := c.Remount("sys", "foo")
|
||||
if err.Error() != "cannot remount 'sys/'" {
|
||||
t.Fatalf("err: %v", err)
|
||||
|
|
|
@ -6,7 +6,7 @@ import (
|
|||
)
|
||||
|
||||
func testSystem(t *testing.T) *SystemBackend {
|
||||
c, _ := testUnsealedCore(t)
|
||||
c, _ := TestCoreUnsealed(t)
|
||||
return &SystemBackend{c}
|
||||
}
|
||||
|
||||
|
|
|
@ -24,7 +24,7 @@ func TestCore(t *testing.T) *Core {
|
|||
|
||||
// TestCoreInit initializes the core with a single key, and returns
|
||||
// the list of keys that must be used to unseal the core.
|
||||
func TestCoreInit(t *testing.T, core *Core) [][]byte {
|
||||
func TestCoreInit(t *testing.T, core *Core) []byte {
|
||||
result, err := core.Initialize(&SealConfig{
|
||||
SecretShares: 1,
|
||||
SecretThreshold: 1,
|
||||
|
@ -33,5 +33,25 @@ func TestCoreInit(t *testing.T, core *Core) [][]byte {
|
|||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
return result.SecretShares
|
||||
return result.SecretShares[0]
|
||||
}
|
||||
|
||||
// TestCoreUnsealed returns a pure in-memory core that is already
|
||||
// initialized and unsealed.
|
||||
func TestCoreUnsealed(t *testing.T) (*Core, []byte) {
|
||||
core := TestCore(t)
|
||||
key := TestCoreInit(t, core)
|
||||
if _, err := core.Unseal(key); err != nil {
|
||||
t.Fatalf("unseal err: %s", err)
|
||||
}
|
||||
|
||||
sealed, err := core.Sealed()
|
||||
if err != nil {
|
||||
t.Fatalf("err checking seal status: %s", err)
|
||||
}
|
||||
if sealed {
|
||||
t.Fatal("should not be sealed")
|
||||
}
|
||||
|
||||
return core, key
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue