1 files changed, 126 insertions, 0 deletions

diff --git a/tests/storage/devicelibs/crypto.py b/tests/storage/devicelibs/crypto.py
new file mode 100644
index 0000000..0f9f7bd
--- /dev/null
+++ b/tests/storage/devicelibs/crypto.py
@@ -0,0 +1,126 @@
+import baseclass
+import unittest
+import storage.devicelibs.crypto as crypto
+
+import tempfile
+import os
+
+class CryptoTestCase(baseclass.DevicelibsTestCase):
+
+    def testCrypto(self):
+        ##
+        ## is_luks
+        ##
+        # pass
+        self.assertEqual(crypto.is_luks(self._LOOP_DEV0), -22)
+        self.assertEqual(crypto.is_luks("/not/existing/device"), -22)
+
+        ##
+        ## luks_format
+        ##
+        # pass
+        self.assertEqual(crypto.luks_format(self._LOOP_DEV0, passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256), None)
+
+        # make a key file
+        handle, keyfile = tempfile.mkstemp(prefix="key", text=False)
+        os.write(handle, "nobodyknows")
+        os.close(handle)
+
+        # format with key file
+        self.assertEqual(crypto.luks_format(self._LOOP_DEV1, key_file=keyfile), None)
+
+        # fail
+        self.assertRaises(crypto.CryptoError, crypto.luks_format, "/not/existing/device", passphrase="secret", cipher="aes-cbc-essiv:sha256", key_size=256)
+        # no passhprase or key file
+        self.assertRaises(ValueError, crypto.luks_format, self._LOOP_DEV1, cipher="aes-cbc-essiv:sha256", key_size=256)
+
+        ##
+        ## is_luks
+        ##
+        # pass
+        self.assertEqual(crypto.is_luks(self._LOOP_DEV0), 0)    # 0 = is luks
+        self.assertEqual(crypto.is_luks(self._LOOP_DEV1), 0)
+
+        ##
+        ## luks_add_key
+        ##
+        # pass
+        self.assertEqual(crypto.luks_add_key(self._LOOP_DEV0, new_passphrase="another-secret", passphrase="secret"), None)
+
+        # make another key file
+        handle, new_keyfile = tempfile.mkstemp(prefix="key", text=False)
+        os.write(handle, "area51")
+        os.close(handle)
+
+        # add new key file
+        self.assertEqual(crypto.luks_add_key(self._LOOP_DEV1, new_key_file=new_keyfile, key_file=keyfile), None)
+
+        # fail
+        self.assertRaises(RuntimeError, crypto.luks_add_key, self._LOOP_DEV0, new_passphrase="another-secret", passphrase="wrong-passphrase")
+
+        ##
+        ## luks_remove_key
+        ##
+        # fail
+        self.assertRaises(RuntimeError, crypto.luks_remove_key, self._LOOP_DEV0, del_passphrase="another-secret", passphrase="wrong-pasphrase")
+
+        # pass
+        self.assertEqual(crypto.luks_remove_key(self._LOOP_DEV0, del_passphrase="another-secret", passphrase="secret"), None)
+
+        # remove key file
+        self.assertEqual(crypto.luks_remove_key(self._LOOP_DEV1, del_key_file=new_keyfile, key_file=keyfile), None)
+
+        ##
+        ## luks_open
+        ##
+        # pass
+        self.assertEqual(crypto.luks_open(self._LOOP_DEV0, "crypted", passphrase="secret"), None)
+        self.assertEqual(crypto.luks_open(self._LOOP_DEV1, "encrypted", key_file=keyfile), None)
+
+        # fail
+        self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", passphrase="secret")
+        self.assertRaises(crypto.CryptoError, crypto.luks_open, "/not/existing/device", "another-crypted", key_file=keyfile)
+        # no passhprase or key file
+        self.assertRaises(ValueError, crypto.luks_open, self._LOOP_DEV1, "another-crypted")
+
+        ##
+        ## luks_status
+        ##
+        # pass
+        self.assertEqual(crypto.luks_status("crypted"), True)
+        self.assertEqual(crypto.luks_status("encrypted"), True)
+        self.assertEqual(crypto.luks_status("another-crypted"), False)
+
+        ##
+        ## luks_uuid
+        ##
+        # pass
+        uuid = crypto.luks_uuid(self._LOOP_DEV0)
+        self.assertEqual(crypto.luks_uuid(self._LOOP_DEV0), uuid)
+        uuid = crypto.luks_uuid(self._LOOP_DEV1)
+        self.assertEqual(crypto.luks_uuid(self._LOOP_DEV1), uuid)
+
+        ##
+        ## luks_close
+        ##
+        # pass
+        self.assertEqual(crypto.luks_close("crypted"), None)
+        self.assertEqual(crypto.luks_close("encrypted"), None)
+
+        # fail
+        self.assertRaises(crypto.CryptoError, crypto.luks_close, "wrong-name")
+        # already closed
+        self.assertRaises(crypto.CryptoError, crypto.luks_close, "crypted")
+        self.assertRaises(crypto.CryptoError, crypto.luks_close, "encrypted")
+
+        # cleanup
+        os.unlink(keyfile)
+        os.unlink(new_keyfile)
+
+
+def suite():
+    return unittest.TestLoader().loadTestsFromTestCase(CryptoTestCase)
+
+
+if __name__ == "__main__":
+    unittest.main()