crypt_test.go

Documentation: github.com/Microsoft/hcsshim/internal/guest/storage/crypt

     1  //go:build linux
     2  // +build linux
     3  
     4  package crypt
     5  
     6  import (
     7  	"context"
     8  	"testing"
     9  
    10  	"github.com/pkg/errors"
    11  )
    12  
    13  const tempDir = "/tmp/dir/"
    14  
    15  func osMkdirTempTest(dir string, pattern string) (string, error) {
    16  	return tempDir, nil
    17  }
    18  
    19  func clearCryptTestDependencies() {
    20  	_cryptsetupClose = nil
    21  	_cryptsetupFormat = nil
    22  	_cryptsetupOpen = nil
    23  	_generateKeyFile = nil
    24  	_osMkdirTemp = osMkdirTempTest
    25  	_osRemoveAll = nil
    26  	_zeroFirstBlock = nil
    27  }
    28  
    29  func Test_Encrypt_Generate_Key_Error(t *testing.T) {
    30  	clearCryptTestDependencies()
    31  
    32  	// Test what happens when key generation fails for any reason. Verify that
    33  	// the generated keyfile path has a number that matches the index value.
    34  
    35  	source := "/dev/sda"
    36  	keyfilePath := tempDir + "keyfile"
    37  	expectedErr := errors.New("expected error message")
    38  
    39  	_osRemoveAll = func(path string) error {
    40  		return nil
    41  	}
    42  	_generateKeyFile = func(path string, size int64) error {
    43  		if keyfilePath != path {
    44  			t.Errorf("expected path: %v, got: %v", keyfilePath, path)
    45  		}
    46  		return expectedErr
    47  	}
    48  
    49  	_, err := EncryptDevice(context.Background(), source, "dm-crypt-target")
    50  	if errors.Unwrap(err) != expectedErr {
    51  		t.Fatalf("expected err: '%v' got: '%v'", expectedErr, err)
    52  	}
    53  }
    54  
    55  func Test_Encrypt_Cryptsetup_Format_Error(t *testing.T) {
    56  	clearCryptTestDependencies()
    57  
    58  	// Test what happens when cryptsetup fails to format the device. Verify that
    59  	// the arguments passed to cryptsetup are the right ones.
    60  
    61  	_generateKeyFile = func(path string, size int64) error {
    62  		return nil
    63  	}
    64  	_osRemoveAll = func(path string) error {
    65  		return nil
    66  	}
    67  
    68  	expectedSource := "/dev/sda"
    69  	expectedKeyFilePath := tempDir + "keyfile"
    70  
    71  	expectedErr := errors.New("expected error message")
    72  	_cryptsetupFormat = func(source string, keyFilePath string) error {
    73  		if source != expectedSource {
    74  			t.Fatalf("expected source: '%s' got: '%s'", expectedSource, source)
    75  		}
    76  		if keyFilePath != expectedKeyFilePath {
    77  			t.Fatalf("expected keyfile path: '%s' got: '%s'", expectedKeyFilePath, keyFilePath)
    78  		}
    79  		return expectedErr
    80  	}
    81  
    82  	_, err := EncryptDevice(context.Background(), expectedSource, "dm-crypt-target")
    83  	if errors.Unwrap(err) != expectedErr {
    84  		t.Fatalf("expected err: '%v' got: '%v", expectedErr, err)
    85  	}
    86  }
    87  
    88  func Test_Encrypt_Cryptsetup_Open_Error(t *testing.T) {
    89  	clearCryptTestDependencies()
    90  
    91  	// Test what happens when cryptsetup fails to open the device. Verify that
    92  	// the arguments passed to cryptsetup are the right ones.
    93  
    94  	_generateKeyFile = func(path string, size int64) error {
    95  		return nil
    96  	}
    97  	_osRemoveAll = func(path string) error {
    98  		return nil
    99  	}
   100  	_cryptsetupFormat = func(source string, keyFilePath string) error {
   101  		return nil
   102  	}
   103  
   104  	expectedSource := "/dev/sda"
   105  	dmCryptName := "dm-crypt-target"
   106  	expectedKeyFilePath := tempDir + "keyfile"
   107  
   108  	expectedErr := errors.New("expected error message")
   109  	_cryptsetupOpen = func(source string, deviceName string, keyFilePath string) error {
   110  		if source != expectedSource {
   111  			t.Fatalf("expected source: '%s' got: '%s'", expectedSource, source)
   112  		}
   113  		if deviceName != dmCryptName {
   114  			t.Fatalf("expected device name: '%s' got: '%s'", dmCryptName, deviceName)
   115  		}
   116  		if keyFilePath != expectedKeyFilePath {
   117  			t.Fatalf("expected keyfile path: '%s' got: '%s'", expectedKeyFilePath, keyFilePath)
   118  		}
   119  		return expectedErr
   120  	}
   121  
   122  	_, err := EncryptDevice(context.Background(), expectedSource, dmCryptName)
   123  	if errors.Unwrap(err) != expectedErr {
   124  		t.Fatalf("expected err: '%v' got: '%v'", expectedErr, err)
   125  	}
   126  }
   127  
   128  func Test_Encrypt_Mkfs_Error(t *testing.T) {
   129  	clearCryptTestDependencies()
   130  
   131  	// Test what happens when mkfs fails to format the unencrypted device.
   132  	// Verify that the arguments passed to it are the right ones.
   133  	_generateKeyFile = func(path string, size int64) error {
   134  		return nil
   135  	}
   136  	_osRemoveAll = func(path string) error {
   137  		return nil
   138  	}
   139  	_cryptsetupFormat = func(source string, keyFilePath string) error {
   140  		return nil
   141  	}
   142  	_cryptsetupOpen = func(source string, deviceName string, keyFilePath string) error {
   143  		return nil
   144  	}
   145  	_cryptsetupClose = func(deviceName string) error {
   146  		return nil
   147  	}
   148  	_zeroFirstBlock = func(_ string, _ int) error {
   149  		return nil
   150  	}
   151  
   152  	source := "/dev/sda"
   153  	formatTarget := "/dev/mapper/dm-crypt-name"
   154  
   155  	expectedErr := errors.New("expected error message")
   156  	_mkfsXfs = func(arg string) error {
   157  		if arg != formatTarget {
   158  			t.Fatalf("expected args: '%v' got: '%v'", formatTarget, arg)
   159  		}
   160  		return expectedErr
   161  	}
   162  
   163  	if _, err := EncryptDevice(context.Background(), source, "dm-crypt-name"); errors.Unwrap(err) != expectedErr {
   164  		t.Fatalf("expected err: '%v' got: '%v'", expectedErr, err)
   165  	}
   166  }
   167  
   168  func Test_Encrypt_Success(t *testing.T) {
   169  	clearCryptTestDependencies()
   170  
   171  	// Test what happens when everything goes right.
   172  	_generateKeyFile = func(path string, size int64) error {
   173  		return nil
   174  	}
   175  	_osRemoveAll = func(path string) error {
   176  		return nil
   177  	}
   178  	_cryptsetupFormat = func(source string, keyFilePath string) error {
   179  		return nil
   180  	}
   181  	_cryptsetupOpen = func(source string, deviceName string, keyFilePath string) error {
   182  		return nil
   183  	}
   184  	_zeroFirstBlock = func(_ string, _ int) error {
   185  		return nil
   186  	}
   187  	_mkfsXfs = func(arg string) error {
   188  		return nil
   189  	}
   190  
   191  	source := "/dev/sda"
   192  	dmCryptName := "dm-crypt-name"
   193  	deviceNamePath := "/dev/mapper/" + dmCryptName
   194  
   195  	encryptedSource, err := EncryptDevice(context.Background(), source, dmCryptName)
   196  	if err != nil {
   197  		t.Fatalf("unexpected err: '%v'", err)
   198  	}
   199  	if deviceNamePath != encryptedSource {
   200  		t.Fatalf("expected path: '%v' got: '%v'", deviceNamePath, encryptedSource)
   201  	}
   202  }
   203  
   204  func Test_Cleanup_Dm_Crypt_Error(t *testing.T) {
   205  	clearCryptTestDependencies()
   206  
   207  	// Test what happens when cryptsetup fails to remove an encrypted device.
   208  	// Verify that the arguments passed to cryptsetup are the right ones.
   209  
   210  	dmCryptName := "dm-crypt-target"
   211  	expectedErr := errors.New("expected error message")
   212  
   213  	_cryptsetupClose = func(deviceName string) error {
   214  		if deviceName != dmCryptName {
   215  			t.Fatalf("expected device name: '%s' got: '%s'", dmCryptName, deviceName)
   216  		}
   217  		return expectedErr
   218  	}
   219  
   220  	err := CleanupCryptDevice(dmCryptName)
   221  	if errors.Unwrap(err) != expectedErr {
   222  		t.Fatalf("expected err: '%v' got: '%v'", expectedErr, err)
   223  	}
   224  }
   225  
   226  func Test_Cleanup_Dm_Crypt_Success(t *testing.T) {
   227  	clearCryptTestDependencies()
   228  
   229  	// Test what happens when cryptsetup succeeds to close an encrypted device.
   230  
   231  	_cryptsetupClose = func(deviceName string) error {
   232  		return nil
   233  	}
   234  
   235  	source := "/dev/sda"
   236  	err := CleanupCryptDevice(source)
   237  	if err != nil {
   238  		t.Fatalf("unexpected err: '%v'", err)
   239  	}
   240  }
   241
View as plain text