linux: add proc_boot_id()
A new helper for the util.linux module which exposes the linux boot-id. For security reasons, the boot-id is never exposed directly, but instead only exposed through an application-id combined with the boot-id via HMAC-SHA256. Note that a raw kernel boot-id is always considered confidential, since we never want an outside entity to deduce any information when they see a boot-id used in protocol A and one in protocol B. It should not be possible to tell whether both are from the same user and boot or not. Hence, both should use their own boot-id namespace.
This commit is contained in:
David Rheinsberg
Christian Kellner
parent
aefaf21411
commit
ebbedd1e89
2 changed files with 56 additions and 0 deletions
|
|
@ -165,3 +165,21 @@ def test_fcntl_flock():
|
|||
|
||||
# Cleanup
|
||||
os.close(fd2)
|
||||
|
||||
|
||||
def test_proc_boot_id():
|
||||
#
|
||||
# Test the `proc_boot_id()` function which reads the current boot-id
|
||||
# from the kernel. Make sure it is a valid UUID and also consistent on
|
||||
# repeated queries.
|
||||
#
|
||||
|
||||
bootid = linux.proc_boot_id("test")
|
||||
assert len(bootid.hex) == 32
|
||||
assert bootid.version == 4
|
||||
|
||||
bootid2 = linux.proc_boot_id("test")
|
||||
assert bootid.int == bootid2.int
|
||||
|
||||
bootid3 = linux.proc_boot_id("foobar")
|
||||
assert bootid.int != bootid3.int
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue