Merge pull request #115 from stefanberger/stefanberger/test_fixes

Fix some issues in the test script
containerd · Jun 15, 2023 · 0512869 · 0512869
2 parents e750030 + aa517cc
commit 0512869
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/script/tests/test_encryption.sh b/script/tests/test_encryption.sh
@@ -651,20 +651,26 @@ testJWE() {
 
 	MSG=$($CTR container rm testcontainer1 2>&1)
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
+
+	# Create testcontainer1 from encrypted bash image ${BASH_ENC}
+	# Creating the container without providing (right) key must fail
 	MSG=$(sudo $CTR container create ${BASH_ENC} testcontainer1 2>&1)
 	if [ $? -eq 0 ]; then
 		MSG=$($CTR container rm testcontainer1 2>&1)
 		MSG=$($CTR snapshot rm testcontainer1 2>&1)
 		failExit 1 "Should not have been able to create a container from encrypted image without passing keys"
 	fi
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
+
+	# creating the container when providing right key must work
 	MSG=$(sudo bash -c "$CTR container create \
 		--key ${PRIVKEYJWK} \
 		${BASH_ENC} testcontainer1 2>&1")
 	failExit $? "Should have been able to create a container from encrypted image when passing keys\n${MSG}"
 	MSG=$($CTR container rm testcontainer1 2>&1)
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
 
+	# running the container without providing (right) key must fail
 	MSG=$(sudo bash -c "$CTR run \
 		--rm \
 		${BASH_ENC} testcontainer1 echo 'Hello world'" 2>&1)
@@ -673,6 +679,8 @@ testJWE() {
 		failExit 1 "Should not have been able to run a container from encrypted image without passing keys"
 	fi
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
+
+	# Running the container when providing right key must work
 	MSG=$(sudo bash -c "$CTR run \
 		--key ${PRIVKEYJWK} \
 		--rm \
@@ -689,6 +697,9 @@ testLocalKeys() {
 	createJWEKeys
 	setupPKCS11
 
+	# Env. variable needed for encryption with SOFTHSM_KEY_PEM
+	export OCICRYPT_OAEP_HASHALG=sha1
+
 	echo "Testing JWE and PKCS11 type of encryption with local unpack keys"
 
 	# Remove original images
@@ -735,7 +746,7 @@ testLocalKeys() {
 	echo "Testing creation of container from encrypted image with local keys (JWE)"
 	MSG=$($CTR container rm testcontainer1 2>&1)
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
-	MSG=$(sudo $CTR container create ${ALPINE_ENC} --skip-decrypt-auth --key ${PRIVKEY2PEM} testcontainer1 2>&1)
+	MSG=$(sudo $CTR container create --skip-decrypt-auth ${ALPINE_ENC} testcontainer1 2>&1)
 
 	failExit $? "Should have been able to create a container from encrypted image when local keys exists (JWE)\n${MSG}"
 	MSG=$($CTR container rm testcontainer1 2>&1)
@@ -751,7 +762,7 @@ testLocalKeys() {
 	echo "Testing creation of container from encrypted image with local keys (PKCS11)"
 	MSG=$($CTR container rm testcontainer1 2>&1)
 	MSG=$($CTR snapshot rm testcontainer1 2>&1)
-	MSG=$(sudo $CTR container create ${ALPINE_ENC} --skip-decrypt-auth --key ${PRIVKEY2PEM} testcontainer1 2>&1)
+	MSG=$(sudo $CTR container create --skip-decrypt-auth ${ALPINE_ENC} testcontainer1 2>&1)
 
 	failExit $? "Should have been able to create a container from encrypted image when local keys exists (PKCS11)\n${MSG}"
 	MSG=$($CTR container rm testcontainer1 2>&1)