Format LUKS encrypted device
This commit adds the functionality to format a new LUKS device, create a
filesystem, and mount it. Unit tests are included.
Currently, the D-Bus interface to format the LUKS device is synchronous,
but it may need to become asynchronous, since it can take some time. The
format operation took about 20 seconds when testing it.
Tested: Ran eStoraged on a machine with an eMMC, using the following
commands:
$ /usr/bin/eStoraged -b /dev/mmcblk0 &
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Format ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Lock ay 3 1 2 3
$ busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
/xyz/openbmc_project/storage/mmcblk0 xyz.openbmc_project.eStoraged \
Unlock ay 3 1 2 3
Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: Ib5d0b8bb201b43a60238bfd4f13a29a6519a9f7d
diff --git a/src/estoraged.cpp b/src/estoraged.cpp
index 8e49562..dcbb524 100644
--- a/src/estoraged.cpp
+++ b/src/estoraged.cpp
@@ -1,19 +1,45 @@
#include "estoraged.hpp"
-#include <phosphor-logging/lg2.hpp>
+#include "cryptsetupInterface.hpp"
+#include <libcryptsetup.h>
+#include <openssl/rand.h>
+#include <stdlib.h>
+
+#include <phosphor-logging/lg2.hpp>
+#include <xyz/openbmc_project/eStoraged/error.hpp>
+
+#include <filesystem>
#include <iostream>
+#include <string_view>
#include <vector>
namespace estoraged
{
-void eStoraged::format(std::vector<uint8_t>)
+using sdbusplus::xyz::openbmc_project::eStoraged::Error::EncryptionError;
+using sdbusplus::xyz::openbmc_project::eStoraged::Error::FilesystemError;
+
+void eStoraged::format(std::vector<uint8_t> password)
{
- std::cerr << "Formatting encrypted eMMC" << std::endl;
std::string msg = "OpenBMC.0.1.DriveFormat";
lg2::info("Starting format", "REDFISH_MESSAGE_ID", msg);
+
+ struct crypt_device* cryptDev;
+ CryptHandle cryptHandle(&cryptDev, devPath.c_str());
+ if (*cryptHandle.handle == nullptr)
+ {
+ lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatFail"));
+ throw EncryptionError();
+ }
+
+ formatLuksDev(cryptDev, password);
+ activateLuksDev(cryptDev, password);
+
+ createFilesystem();
+ mountFilesystem();
}
void eStoraged::erase(std::vector<uint8_t>, EraseMethod)
@@ -25,16 +51,29 @@
void eStoraged::lock(std::vector<uint8_t>)
{
- std::cerr << "Locking encrypted eMMC" << std::endl;
std::string msg = "OpenBMC.0.1.DriveLock";
lg2::info("Starting lock", "REDFISH_MESSAGE_ID", msg);
+
+ unmountFilesystem();
+ deactivateLuksDev();
}
-void eStoraged::unlock(std::vector<uint8_t>)
+void eStoraged::unlock(std::vector<uint8_t> password)
{
- std::cerr << "Unlocking encrypted eMMC" << std::endl;
std::string msg = "OpenBMC.0.1.DriveUnlock";
lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg);
+
+ struct crypt_device* cryptDev;
+ CryptHandle cryptHandle(&cryptDev, devPath.c_str());
+ if (*cryptHandle.handle == nullptr)
+ {
+ lg2::error("Failed to initialize crypt device", "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.UnlockFail"));
+ throw EncryptionError();
+ }
+
+ activateLuksDev(cryptDev, password);
+ mountFilesystem();
}
void eStoraged::changePassword(std::vector<uint8_t>, std::vector<uint8_t>)
@@ -44,4 +83,199 @@
lg2::info("Starting change password", "REDFISH_MESSAGE_ID", msg);
}
+bool eStoraged::isLocked() const
+{
+ return locked();
+}
+
+std::string_view eStoraged::getMountPoint() const
+{
+ return mountPoint;
+}
+
+void eStoraged::formatLuksDev(struct crypt_device* cd,
+ std::vector<uint8_t> password)
+{
+ lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatLuksDev"));
+
+ /* Generate the volume key. */
+ const std::size_t keySize = 64;
+ std::vector<uint8_t> volumeKey(keySize);
+ if (RAND_bytes(volumeKey.data(), keySize) != 1)
+ {
+ lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatLuksDevFail"));
+ throw EncryptionError();
+ }
+ /* Format the LUKS encrypted device. */
+ int retval =
+ cryptIface->cryptFormat(cd, CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
+ reinterpret_cast<const char*>(volumeKey.data()),
+ volumeKey.size(), nullptr);
+ if (retval < 0)
+ {
+ lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL",
+ retval, "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatLuksDevFail"));
+ throw EncryptionError();
+ }
+
+ /* Device is now encrypted. */
+ locked(true);
+
+ /* Set the password. */
+ retval = cryptIface->cryptKeyslotAddByVolumeKey(
+ cd, CRYPT_ANY_SLOT, nullptr, 0,
+ reinterpret_cast<const char*>(password.data()), password.size());
+
+ if (retval < 0)
+ {
+ lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatLuksDevFail"));
+ throw EncryptionError();
+ }
+
+ lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
+}
+
+void eStoraged::activateLuksDev(struct crypt_device* cd,
+ std::vector<uint8_t> password)
+{
+ lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.ActivateLuksDev"));
+
+ int retval = cryptIface->cryptLoad(cd, CRYPT_LUKS2, nullptr);
+ if (retval < 0)
+ {
+ lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.ActivateLuksDevFail"));
+ throw EncryptionError();
+ }
+
+ retval = cryptIface->cryptActivateByPassphrase(
+ cd, containerName.c_str(), CRYPT_ANY_SLOT,
+ reinterpret_cast<const char*>(password.data()), password.size(), 0);
+
+ if (retval < 0)
+ {
+ lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.ActivateLuksDevFail"));
+ throw EncryptionError();
+ }
+
+ /* Device is now unlocked. */
+ locked(false);
+
+ lg2::info("Successfully activated LUKS dev {DEV}", "DEV", devPath,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.ActivateLuksDevSuccess"));
+}
+
+void eStoraged::createFilesystem()
+{
+ /* Run the command to create the filesystem. */
+ int retval = fsIface->runMkfs(containerName);
+ if (retval)
+ {
+ lg2::error("Failed to create filesystem: {RETVAL}", "RETVAL", retval,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.CreateFilesystemFail"));
+ throw FilesystemError();
+ }
+ lg2::info("Successfully created filesystem for /dev/mapper/{CONTAINER}",
+ "CONTAINER", containerName, "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.CreateFilesystemSuccess"));
+}
+
+void eStoraged::mountFilesystem()
+{
+ /* Create directory for the filesystem. */
+ bool success = fsIface->createDirectory(std::filesystem::path(mountPoint));
+ if (!success)
+ {
+ lg2::error("Failed to create mount point: {DIR}", "DIR", mountPoint,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.MountFilesystemFail"));
+ throw FilesystemError();
+ }
+
+ /* Run the command to mount the filesystem. */
+ std::string luksContainer("/dev/mapper/" + containerName);
+ int retval = fsIface->doMount(luksContainer.c_str(), mountPoint.c_str(),
+ "ext4", 0, nullptr);
+ if (retval)
+ {
+ lg2::error("Failed to mount filesystem: {RETVAL}", "RETVAL", retval,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.MountFilesystemFail"));
+ bool removeSuccess =
+ fsIface->removeDirectory(std::filesystem::path(mountPoint));
+ if (!removeSuccess)
+ {
+ lg2::error("Failed to remove mount point: {DIR}", "DIR", mountPoint,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.MountFilesystemFail"));
+ }
+ throw FilesystemError();
+ }
+
+ lg2::info("Successfully mounted filesystem at {DIR}", "DIR", mountPoint,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.MountFilesystemSuccess"));
+}
+
+void eStoraged::unmountFilesystem()
+{
+ int retval = fsIface->doUnmount(mountPoint.c_str());
+ if (retval)
+ {
+ lg2::error("Failed to unmount filesystem: {RETVAL}", "RETVAL", retval,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.UnmountFilesystemFail"));
+ throw FilesystemError();
+ }
+
+ /* Remove the mount point. */
+ bool success = fsIface->removeDirectory(std::filesystem::path(mountPoint));
+ if (!success)
+ {
+ lg2::error("Failed to remove mount point {DIR}", "DIR", mountPoint,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.UnmountFilesystemFail"));
+ throw FilesystemError();
+ }
+
+ lg2::info("Successfully unmounted filesystem at {DIR}", "DIR", mountPoint,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.MountFilesystemSuccess"));
+}
+
+void eStoraged::deactivateLuksDev()
+{
+ lg2::info("Deactivating LUKS device {DEV}", "DEV", devPath,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.DeactivateLuksDev"));
+
+ int retval = cryptIface->cryptDeactivate(nullptr, containerName.c_str());
+ if (retval < 0)
+ {
+ lg2::error("Failed to deactivate crypt device: {RETVAL}", "RETVAL",
+ retval, "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.DeactivateLuksDevFail"));
+ throw EncryptionError();
+ }
+
+ /* Device is now locked. */
+ locked(true);
+
+ lg2::info("Successfully deactivated LUKS device {DEV}", "DEV", devPath,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.DeactivateLuksDevSuccess"));
+}
+
} // namespace estoraged
diff --git a/src/meson.build b/src/meson.build
index 958fa0a..50a5c7c 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -6,6 +6,9 @@
'phosphor_logging_dep'],
),
eStoraged_dbus,
+ dependency('openssl'),
+ dependency('libcryptsetup'),
+ dependency('stdplus'),
]
libeStoraged_lib = static_library(
@@ -29,3 +32,9 @@
install: true,
install_dir: get_option('bindir')
)
+
+build_tests = get_option('tests')
+if not build_tests.disabled()
+ subdir('test')
+endif
+
diff --git a/src/test/estoraged_test.cpp b/src/test/estoraged_test.cpp
new file mode 100644
index 0000000..f293ffc
--- /dev/null
+++ b/src/test/estoraged_test.cpp
@@ -0,0 +1,491 @@
+
+#include "cryptsetupInterface.hpp"
+#include "estoraged.hpp"
+#include "filesystemInterface.hpp"
+
+#include <unistd.h>
+
+#include <sdbusplus/bus.hpp>
+#include <sdbusplus/test/sdbus_mock.hpp>
+#include <xyz/openbmc_project/eStoraged/error.hpp>
+
+#include <exception>
+#include <filesystem>
+#include <fstream>
+#include <iterator>
+#include <string>
+#include <vector>
+
+#include <gmock/gmock.h>
+#include <gtest/gtest.h>
+
+namespace estoraged_test
+{
+
+class MockFilesystemInterface : public estoraged::FilesystemInterface
+{
+ public:
+ MOCK_METHOD(int, runMkfs, (const std::string& logicalVolume), (override));
+
+ MOCK_METHOD(int, doMount,
+ (const char* source, const char* target,
+ const char* filesystemtype, unsigned long mountflags,
+ const void* data),
+ (override));
+
+ MOCK_METHOD(int, doUnmount, (const char* target), (override));
+
+ MOCK_METHOD(bool, createDirectory, (const std::filesystem::path& p),
+ (override));
+
+ MOCK_METHOD(bool, removeDirectory, (const std::filesystem::path& p),
+ (override));
+};
+
+class MockCryptsetupInterface : public estoraged::CryptsetupInterface
+{
+ public:
+ MOCK_METHOD(int, cryptFormat,
+ (struct crypt_device * cd, const char* type, const char* cipher,
+ const char* cipher_mode, const char* uuid,
+ const char* volume_key, size_t volume_key_size, void* params),
+ (override));
+
+ MOCK_METHOD(int, cryptKeyslotAddByVolumeKey,
+ (struct crypt_device * cd, int keyslot, const char* volume_key,
+ size_t volume_key_size, const char* passphrase,
+ size_t passphrase_size),
+ (override));
+
+ MOCK_METHOD(int, cryptLoad,
+ (struct crypt_device * cd, const char* requested_type,
+ void* params),
+ (override));
+
+ MOCK_METHOD(int, cryptActivateByPassphrase,
+ (struct crypt_device * cd, const char* name, int keyslot,
+ const char* passphrase, size_t passphrase_size,
+ uint32_t flags),
+ (override));
+
+ MOCK_METHOD(int, cryptDeactivate,
+ (struct crypt_device * cd, const char* name), (override));
+};
+
+using sdbusplus::xyz::openbmc_project::eStoraged::Error::EncryptionError;
+using sdbusplus::xyz::openbmc_project::eStoraged::Error::FilesystemError;
+using std::filesystem::path;
+using ::testing::_;
+using ::testing::ContainsRegex;
+using ::testing::IsNull;
+using ::testing::Return;
+using ::testing::StrEq;
+
+/*
+ * This sdbus mock object gets used in the destructor of one of the parent
+ * classes for the MockeStoraged object, so this can't be part of the
+ * eStoragedTest class.
+ */
+sdbusplus::SdBusMock sdbusMock;
+
+class eStoragedTest : public testing::Test
+{
+ public:
+ static constexpr char testFileName[] = "testfile";
+ static constexpr char testLuksDevName[] = "testfile_luksDev";
+ std::ofstream testFile;
+ std::unique_ptr<estoraged::eStoraged> esObject;
+ static constexpr auto TEST_PATH = "/test/openbmc_project/storage/test_dev";
+ static constexpr auto ESTORAGED_INTERFACE = "xyz.openbmc_project.eStoraged";
+ sdbusplus::bus::bus bus;
+ std::string passwordString;
+ std::vector<uint8_t> password;
+ MockCryptsetupInterface* mockCryptIface;
+ MockFilesystemInterface* mockFsIface;
+
+ eStoragedTest() :
+ bus(sdbusplus::get_mocked_new(&sdbusMock)), passwordString("password"),
+ password(passwordString.begin(), passwordString.end())
+ {}
+
+ void SetUp() override
+ {
+ /* Create an empty file that we'll pretend is a 'storage device'. */
+ testFile.open(testFileName,
+ std::ios::out | std::ios::binary | std::ios::trunc);
+ testFile.close();
+ if (testFile.fail())
+ {
+ throw std::runtime_error("Failed to open test file");
+ }
+
+ EXPECT_CALL(sdbusMock,
+ sd_bus_add_object_vtable(IsNull(), _, StrEq(TEST_PATH),
+ StrEq(ESTORAGED_INTERFACE), _, _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_object_added(IsNull(), StrEq(TEST_PATH)))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_object_removed(IsNull(), StrEq(TEST_PATH)))
+ .WillRepeatedly(Return(0));
+
+ std::unique_ptr<MockCryptsetupInterface> cryptIface =
+ std::make_unique<MockCryptsetupInterface>();
+ mockCryptIface = cryptIface.get();
+ std::unique_ptr<MockFilesystemInterface> fsIface =
+ std::make_unique<MockFilesystemInterface>();
+ mockFsIface = fsIface.get();
+
+ esObject = std::make_unique<estoraged::eStoraged>(
+ bus, TEST_PATH, std::string(testFileName),
+ std::string(testLuksDevName), std::move(cryptIface),
+ std::move(fsIface));
+ }
+
+ void TearDown() override
+ {
+ EXPECT_EQ(0, unlink(testFileName));
+ }
+};
+
+/* Test case to format and then lock the LUKS device. */
+TEST_F(eStoragedTest, FormatPass)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockFsIface,
+ doMount(ContainsRegex("/dev/mapper/"),
+ StrEq(esObject->getMountPoint()), _, _, _))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, doUnmount(StrEq(esObject->getMountPoint())))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, removeDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockCryptIface, cryptDeactivate(_, _)).Times(1);
+
+ /* Format the encrypted device. */
+ esObject->format(password);
+ EXPECT_FALSE(esObject->isLocked());
+
+ esObject->lock(password);
+ EXPECT_TRUE(esObject->isLocked());
+}
+
+/* Test case where the device/file doesn't exist. */
+TEST_F(eStoragedTest, FormatNoDeviceFail)
+{
+ /* Delete the test file. */
+ EXPECT_EQ(0, unlink(testFileName));
+
+ EXPECT_THROW(esObject->format(password), EncryptionError);
+ EXPECT_FALSE(esObject->isLocked());
+
+ /* Create the test file again, so that the TearDown function works. */
+ testFile.open(testFileName,
+ std::ios::out | std::ios::binary | std::ios::trunc);
+ testFile.close();
+}
+
+/* Test case where we fail to format the LUKS device. */
+TEST_F(eStoragedTest, FormatFail)
+{
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _))
+ .WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->format(password), EncryptionError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to set the password for the LUKS device. */
+TEST_F(eStoragedTest, AddKeyslotFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->format(password), EncryptionError);
+ EXPECT_TRUE(esObject->isLocked());
+}
+
+/* Test case where we fail to load the LUKS header. */
+TEST_F(eStoragedTest, LoadLuksHeaderFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->format(password), EncryptionError);
+ EXPECT_TRUE(esObject->isLocked());
+}
+
+/* Test case where we fail to activate the LUKS device. */
+TEST_F(eStoragedTest, ActivateFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->format(password), EncryptionError);
+ EXPECT_TRUE(esObject->isLocked());
+}
+
+/* Test case where we fail to create the filesystem. */
+TEST_F(eStoragedTest, CreateFilesystemFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->format(password), FilesystemError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to create the mount point. */
+TEST_F(eStoragedTest, CreateMountPointFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(false));
+
+ EXPECT_THROW(esObject->format(password), FilesystemError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to mount the filesystem. */
+TEST_F(eStoragedTest, MountFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockFsIface,
+ doMount(ContainsRegex("/dev/mapper/"),
+ StrEq(esObject->getMountPoint()), _, _, _))
+ .WillOnce(Return(-1));
+
+ EXPECT_CALL(*mockFsIface, removeDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_THROW(esObject->format(password), FilesystemError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to unmount the filesystem. */
+TEST_F(eStoragedTest, UnmountFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockFsIface,
+ doMount(ContainsRegex("/dev/mapper/"),
+ StrEq(esObject->getMountPoint()), _, _, _))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, doUnmount(StrEq(esObject->getMountPoint())))
+ .WillOnce(Return(-1));
+
+ esObject->format(password);
+ EXPECT_FALSE(esObject->isLocked());
+
+ EXPECT_THROW(esObject->lock(password), FilesystemError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to remove the mount point. */
+TEST_F(eStoragedTest, RemoveMountPointFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockFsIface,
+ doMount(ContainsRegex("/dev/mapper/"),
+ StrEq(esObject->getMountPoint()), _, _, _))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, doUnmount(StrEq(esObject->getMountPoint())))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, removeDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(false));
+
+ esObject->format(password);
+ EXPECT_FALSE(esObject->isLocked());
+
+ /* This will fail to remove the mount point. */
+ EXPECT_THROW(esObject->lock(password), FilesystemError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+/* Test case where we fail to deactivate the LUKS device. */
+TEST_F(eStoragedTest, DeactivateFail)
+{
+ EXPECT_CALL(sdbusMock,
+ sd_bus_emit_properties_changed_strv(
+ IsNull(), StrEq(TEST_PATH), StrEq(ESTORAGED_INTERFACE), _))
+ .WillRepeatedly(Return(0));
+
+ EXPECT_CALL(*mockCryptIface, cryptFormat(_, _, _, _, _, _, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptKeyslotAddByVolumeKey(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface, cryptActivateByPassphrase(_, _, _, _, _, _))
+ .Times(1);
+
+ EXPECT_CALL(*mockFsIface, runMkfs(testLuksDevName)).WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, createDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockFsIface,
+ doMount(ContainsRegex("/dev/mapper/"),
+ StrEq(esObject->getMountPoint()), _, _, _))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, doUnmount(StrEq(esObject->getMountPoint())))
+ .WillOnce(Return(0));
+
+ EXPECT_CALL(*mockFsIface, removeDirectory(path(esObject->getMountPoint())))
+ .WillOnce(Return(true));
+
+ EXPECT_CALL(*mockCryptIface, cryptDeactivate(_, _)).WillOnce(Return(-1));
+
+ /* Format the encrypted device. */
+ esObject->format(password);
+ EXPECT_FALSE(esObject->isLocked());
+
+ EXPECT_THROW(esObject->lock(password), EncryptionError);
+ EXPECT_FALSE(esObject->isLocked());
+}
+
+} // namespace estoraged_test
diff --git a/src/test/meson.build b/src/test/meson.build
new file mode 100644
index 0000000..a4c23f7
--- /dev/null
+++ b/src/test/meson.build
@@ -0,0 +1,17 @@
+gtest = dependency('gtest', main: true, disabler: true, required: build_tests)
+gmock = dependency('gmock', disabler: true, required: build_tests)
+
+tests = [
+ 'estoraged_test',
+]
+
+foreach t : tests
+ test(t, executable(t.underscorify(), t + '.cpp',
+ implicit_include_directories: false,
+ dependencies: [
+ gtest,
+ gmock,
+ libeStoraged,
+ ],
+ include_directories: eStoraged_headers))
+endforeach