bootenv: add tests for keyDataScope

canonical · Oct 27, 2023 · 3642470 · 3642470
1 parent fb2fa76
commit 3642470
Show file tree

Hide file tree

Showing 5 changed files with 567 additions and 8 deletions.
diff --git a/bootenv/bootenv_test.go b/bootenv/bootenv_test.go
@@ -0,0 +1,28 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2023 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package bootenv
+
+import (
+	"testing"
+
+	. "gopkg.in/check.v1"
+)
+
+func Test(t *testing.T) { TestingT(t) }
diff --git a/bootenv/env.go b/bootenv/env.go
@@ -30,10 +30,10 @@ var (
 	currentBootMode atomic.Value
 )
 
-func SetModel(model secboot.SnapModel) bool {
+var SetModel = func(model secboot.SnapModel) bool {
 	return currentModel.CompareAndSwap(nil, model)
 }
 
-func SetBootMode(mode string) bool {
+var SetBootMode = func(mode string) bool {
 	return currentBootMode.CompareAndSwap(nil, mode)
 }
diff --git a/bootenv/export_test.go b/bootenv/export_test.go
@@ -0,0 +1,58 @@
+// -*- Mode: Go; indent-tabs-mode: t -*-
+
+/*
+ * Copyright (C) 2023 Canonical Ltd
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+package bootenv
+
+import "github.com/snapcore/secboot"
+
+var (
+	ComputeSnapModelHash = computeSnapModelHash
+)
+
+func MockSetModel(f func(secboot.SnapModel) bool) (restore func()) {
+	origSetModel := SetModel
+	SetModel = f
+	return func() {
+		SetModel = origSetModel
+	}
+}
+
+func MockSetBootMode(f func(string) bool) (restore func()) {
+	origSetBootMode := SetBootMode
+	SetBootMode = f
+	return func() {
+		SetBootMode = origSetBootMode
+	}
+}
+
+func MockLoadCurrentModel(f func() (secboot.SnapModel, error)) (restore func()) {
+	origLoadCurrentModel := loadCurrentModel
+	loadCurrentModel = f
+	return func() {
+		loadCurrentModel = origLoadCurrentModel
+	}
+}
+
+func MockLoadCurrenBootMode(f func() (string, error)) (restore func()) {
+	origLoadCurrentBootMode := loadCurrentBootMode
+	loadCurrentBootMode = f
+	return func() {
+		loadCurrentBootMode = origLoadCurrentBootMode
+	}
+}
diff --git a/bootenv/keydata.go b/bootenv/keydata.go
@@ -384,6 +384,22 @@ func (d *KeyDataScope) SetAuthorizedBootModes(key secboot.PrimaryKey, role strin
 	return d.authorize(key, role)
 }
 
+var loadCurrentModel = func() (secboot.SnapModel, error) {
+	model, ok := currentModel.Load().(secboot.SnapModel)
+	if !ok {
+		return nil, errors.New("SetModel hasn't been called yet")
+	}
+	return model, nil
+}
+
+var loadCurrentBootMode = func() (string, error) {
+	mode, ok := currentBootMode.Load().(string)
+	if !ok {
+		return "", errors.New("SetBootMode hasn't been called yet")
+	}
+	return mode, nil
+}
+
 func (d *KeyDataScope) IsBootEnvironmentAuthorized() error {
 	ok, err := d.isAuthorized()
 	if err != nil {
@@ -399,9 +415,9 @@ func (d *KeyDataScope) IsBootEnvironmentAuthorized() error {
 	}
 
 	if len(d.data.Params.ModelDigests.Digests) > 0 {
-		model, ok := currentModel.Load().(secboot.SnapModel)
-		if !ok {
-			return errors.New("SetModel hasn't been called yet")
+		model, err := loadCurrentModel()
+		if err != nil {
+			return err
 		}
 
 		currentModelDigest, err := computeSnapModelHash(crypto.Hash(alg), model)
@@ -422,9 +438,9 @@ func (d *KeyDataScope) IsBootEnvironmentAuthorized() error {
 	}
 
 	if len(d.data.Params.Modes) > 0 {
-		mode, ok := currentBootMode.Load().(string)
-		if !ok {
-			return errors.New("SetBootMode hasn't been called yet")
+		mode, err := loadCurrentBootMode()
+		if err != nil {
+			return err
 		}
 
 		found := false