Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
WIP: AutoYaST add crypt_pbkdf, crypt_label, crypt_cipher and crypt_ke…
…y_size
- Loading branch information
Showing
6 changed files
with
242 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
#!/usr/bin/env rspec | ||
|
||
# Copyright (c) [2023] SUSE LLC | ||
# | ||
# All Rights Reserved. | ||
# | ||
# This program is free software; you can redistribute it and/or modify it | ||
# under the terms of version 2 of the GNU General Public License as published | ||
# by the Free Software Foundation. | ||
# | ||
# This program is distributed in the hope that it will be useful, but WITHOUT | ||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | ||
# more details. | ||
# | ||
# You should have received a copy of the GNU General Public License along | ||
# with this program; if not, contact SUSE LLC. | ||
# | ||
# To contact SUSE LLC about this file by physical or electronic mail, you may | ||
# find current contact information at www.suse.com. | ||
|
||
require_relative "spec_helper" | ||
require "y2storage" | ||
|
||
describe Y2Storage::AutoinstProposal do | ||
before do | ||
fake_scenario(scenario) | ||
|
||
allow(Yast::Mode).to receive(:auto).and_return(true) | ||
end | ||
|
||
subject(:proposal) do | ||
described_class.new( | ||
partitioning: partitioning, devicegraph: fake_devicegraph, issues_list: issues_list | ||
) | ||
end | ||
|
||
let(:scenario) { "empty_disks" } | ||
let(:issues_list) { ::Installation::AutoinstIssues::List.new } | ||
|
||
let(:partitioning) do | ||
[ | ||
{ | ||
"device" => "/dev/sda", | ||
"type" => :CT_DISK, "use" => "all", "initialize" => true, "disklabel" => "gpt", | ||
"partitions" => [partition] | ||
} | ||
] | ||
end | ||
|
||
describe "#propose" do | ||
context "when creating a LUKS2 device with default options" do | ||
let(:partition) do | ||
{ "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2 } | ||
end | ||
|
||
it "encrypts the device with LUKS2 as encryption method" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.method).to eq Y2Storage::EncryptionMethod::LUKS2 | ||
end | ||
|
||
it "does not set any LUKS label" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.label).to eq "" | ||
end | ||
|
||
it "does not set any derivation function, cipher or key size" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.pbkdf).to be_nil | ||
expect(enc.cipher).to eq "" | ||
expect(enc.key_size).to be_zero | ||
end | ||
end | ||
|
||
context "when creating a LUKS2 device with a given password derivation function" do | ||
let(:partition) do | ||
{ "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2, "crypt_pbkdf" => :argon2i } | ||
end | ||
|
||
it "uses the corresponding derivation function" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.pbkdf).to eq Y2Storage::PbkdFunction::ARGON2I | ||
end | ||
end | ||
|
||
context "when creating a LUKS2 device with given cipher and key size" do | ||
let(:partition) do | ||
{ | ||
"mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2, | ||
"crypt_cipher" => "aes-xts-plain64", "crypt_key_size" => 512 | ||
} | ||
end | ||
|
||
it "uses the corresponding cipher and key size" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.cipher).to eq "aes-xts-plain64" | ||
# libstorage-ng uses bytes instead of bits to represent the key size, contrary to all LUKS | ||
# documentation and to cryptsetup | ||
expect(enc.key_size).to eq 64 | ||
end | ||
end | ||
|
||
context "when creating a LUKS2 device with a given LUKS label" do | ||
let(:partition) do | ||
{ "mount" => "/", "crypt_key" => "s3cr3t", "crypt_method" => :luks2, "crypt_label" => "crpt" } | ||
end | ||
|
||
it "sets the label in the LUKS device" do | ||
proposal.propose | ||
enc = proposal.devices.encryptions.first | ||
expect(enc.label).to eq "crpt" | ||
end | ||
end | ||
=begin | ||
context "when creating a LUKS1 device with a given password derivation function" do | ||
end | ||
context "when creating a LUKS1 device with a LUKS label" do | ||
end | ||
context "when creating a SECURE_SWAP device with default options" do | ||
end | ||
context "when creating a SECURE_SWAP device with given cipher and key size" do | ||
end | ||
=end | ||
end | ||
end |