aboutsummaryrefslogtreecommitdiff
path: root/keyring/keyring_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'keyring/keyring_test.go')
-rw-r--r--keyring/keyring_test.go95
1 files changed, 95 insertions, 0 deletions
diff --git a/keyring/keyring_test.go b/keyring/keyring_test.go
new file mode 100644
index 0000000..10ff874
--- /dev/null
+++ b/keyring/keyring_test.go
@@ -0,0 +1,95 @@
+/*
+ * keyring_test.go - tests for the keyring package
+ *
+ * Copyright 2017 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package keyring
+
+import (
+ "testing"
+
+ "golang.org/x/sys/unix"
+
+ "github.com/google/fscrypt/crypto"
+ "github.com/google/fscrypt/metadata"
+ "github.com/google/fscrypt/util"
+)
+
+// Reader that always returns the same byte
+type ConstReader byte
+
+func (r ConstReader) Read(b []byte) (n int, err error) {
+ for i := range b {
+ b[i] = byte(r)
+ }
+ return len(b), nil
+}
+
+// Makes a key of the same repeating byte
+func makeKey(b byte, n int) (*crypto.Key, error) {
+ return crypto.NewFixedLengthKeyFromReader(ConstReader(b), n)
+}
+
+var (
+ fakeValidDescriptor = "0123456789abcdef"
+ defaultService = unix.FSCRYPT_KEY_DESC_PREFIX
+ testUser, _ = util.EffectiveUser()
+ fakeValidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen)
+ fakeInvalidPolicyKey, _ = makeKey(42, metadata.PolicyKeyLen-1)
+)
+
+// Adds and removes a key with various services.
+func TestAddRemoveKeys(t *testing.T) {
+ for _, service := range []string{defaultService, "ext4:", "f2fs:"} {
+ options := &Options{
+ User: testUser,
+ Service: service,
+ }
+ if err := AddEncryptionKey(fakeValidPolicyKey, fakeValidDescriptor, options); err != nil {
+ t.Error(err)
+ }
+ if err := RemoveEncryptionKey(fakeValidDescriptor, options); err != nil {
+ t.Error(err)
+ }
+ }
+}
+
+// Adds a key twice (both should succeed)
+func TestAddTwice(t *testing.T) {
+ options := &Options{
+ User: testUser,
+ Service: defaultService,
+ }
+ if err := AddEncryptionKey(fakeValidPolicyKey, fakeValidDescriptor, options); err != nil {
+ t.Error(err)
+ }
+ if err := AddEncryptionKey(fakeValidPolicyKey, fakeValidDescriptor, options); err != nil {
+ t.Error("AddEncryptionKey should not fail if key already exists")
+ }
+ RemoveEncryptionKey(fakeValidDescriptor, options)
+}
+
+// Makes sure trying to add a key of the wrong length fails
+func TestAddWrongLengthKey(t *testing.T) {
+ options := &Options{
+ User: testUser,
+ Service: defaultService,
+ }
+ if err := AddEncryptionKey(fakeInvalidPolicyKey, fakeValidDescriptor, options); err == nil {
+ RemoveEncryptionKey(fakeValidDescriptor, options)
+ t.Error("AddEncryptionKey should fail with wrong-length key")
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 18:52:14 +0000