github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/secboot/encrypt_sb_test.go

github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/secboot/encrypt_sb_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  // +build !nosecboot
     3  
     4  /*
     5   * Copyright (C) 2021 Canonical Ltd
     6   *
     7   * This program is free software: you can redistribute it and/or modify
     8   * it under the terms of the GNU General Public License version 3 as
     9   * published by the Free Software Foundation.
    10   *
    11   * This program is distributed in the hope that it will be useful,
    12   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14   * GNU General Public License for more details.
    15   *
    16   * You should have received a copy of the GNU General Public License
    17   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18   *
    19   */
    20  
    21  package secboot_test
    22  
    23  import (
    24  	"errors"
    25  
    26  	sb "github.com/snapcore/secboot"
    27  	. "gopkg.in/check.v1"
    28  
    29  	"github.com/snapcore/snapd/secboot"
    30  )
    31  
    32  func (s *encryptSuite) TestFormatEncryptedDevice(c *C) {
    33  	for _, tc := range []struct {
    34  		initErr error
    35  		err     string
    36  	}{
    37  		{initErr: nil, err: ""},
    38  		{initErr: errors.New("some error"), err: "some error"},
    39  	} {
    40  		// create empty key to prevent blocking on lack of system entropy
    41  		myKey := secboot.EncryptionKey{}
    42  		for i := range myKey {
    43  			myKey[i] = byte(i)
    44  		}
    45  
    46  		calls := 0
    47  		restore := secboot.MockSbInitializeLUKS2Container(func(devicePath, label string, key []byte,
    48  			opts *sb.InitializeLUKS2ContainerOptions) error {
    49  			calls++
    50  			c.Assert(devicePath, Equals, "/dev/node")
    51  			c.Assert(label, Equals, "my label")
    52  			c.Assert(key, DeepEquals, []byte(myKey))
    53  			c.Assert(opts, DeepEquals, &sb.InitializeLUKS2ContainerOptions{
    54  				MetadataKiBSize:     2048,
    55  				KeyslotsAreaKiBSize: 2560,
    56  			})
    57  			return tc.initErr
    58  		})
    59  		defer restore()
    60  
    61  		err := secboot.FormatEncryptedDevice(myKey, "my label", "/dev/node")
    62  		c.Assert(calls, Equals, 1)
    63  		if tc.err == "" {
    64  			c.Assert(err, IsNil)
    65  		} else {
    66  			c.Assert(err, ErrorMatches, tc.err)
    67  		}
    68  	}
    69  }
    70  
    71  func (s *encryptSuite) TestAddRecoveryKey(c *C) {
    72  	for _, tc := range []struct {
    73  		addErr error
    74  		err    string
    75  	}{
    76  		{addErr: nil, err: ""},
    77  		{addErr: errors.New("some error"), err: "some error"},
    78  	} {
    79  		// create empty key to prevent blocking on lack of system entropy
    80  		myKey := secboot.EncryptionKey{}
    81  		for i := range myKey {
    82  			myKey[i] = byte(i)
    83  		}
    84  
    85  		myRecoveryKey := secboot.RecoveryKey{15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0}
    86  
    87  		calls := 0
    88  		restore := secboot.MockSbAddRecoveryKeyToLUKS2Container(func(devicePath string, key []byte, recoveryKey sb.RecoveryKey) error {
    89  			calls++
    90  			c.Assert(devicePath, Equals, "/dev/node")
    91  			c.Assert(recoveryKey[:], DeepEquals, myRecoveryKey[:])
    92  			c.Assert(key, DeepEquals, []byte(myKey))
    93  			return tc.addErr
    94  		})
    95  		defer restore()
    96  
    97  		err := secboot.AddRecoveryKey(myKey, myRecoveryKey, "/dev/node")
    98  		c.Assert(calls, Equals, 1)
    99  		if tc.err == "" {
   100  			c.Assert(err, IsNil)
   101  		} else {
   102  			c.Assert(err, ErrorMatches, tc.err)
   103  		}
   104  	}
   105  }