#!/usr/bin/env bats # Comprehensive encryption configuration tests # Add bats library to BATS_LIB_PATH load 'bats-support/load' load 'bats-assert/load' load 'bats-file/load' load '../test_helper/common.bash' setup() { export TEST_ROOT="${TEST_TEMP_DIR}/encryption" mkdir -p "${TEST_ROOT}" } @test "Encryption: Preseed uses crypto partition method" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "d-i partman-auto/method string crypto" } @test "Encryption: Preseed configures LVM within encrypted partition" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "crypto" } @test "Encryption: Preseed uses AES cipher" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "aes-xts" } @test "Encryption: Preseed uses 512-bit key size" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "512" } @test "Encryption: Preseed enables LUKS2 format" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "LUKS2" } @test "Encryption: Preseed includes cryptsetup package" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "d-i base-installer/include/ string cryptsetup" } @test "Encryption: Preseed includes cryptsetup-initramfs package" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "cryptsetup-initramfs" } @test "Encryption: Preseed includes dmsetup package" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "dmsetup" } @test "Encryption: Preseed includes pam-pwquality package" { assert_file_contains "${PROJECT_ROOT}/config/preseed.cfg" "libpam-pwquality" } @test "Encryption: Encryption setup hook creates key management directory" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" local key_dir="${TEST_ROOT}/etc/luks-keys" create_key_directory "$key_dir" assert [ -d "$key_dir" ] } @test "Encryption: Encryption setup hook creates key backup directory" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" local backup_dir="${TEST_ROOT}/backup" create_key_backup_directory "$backup_dir" assert [ -d "$backup_dir" ] } @test "Encryption: Encryption setup hook creates check-encryption.sh" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" local bin_dir="${TEST_ROOT}/usr/local/bin" mkdir -p "$bin_dir" create_check_encryption_script "$bin_dir/check-encryption.sh" assert_file_exists "$bin_dir/check-encryption.sh" assert [ -x "$bin_dir/check-encryption.sh" ] } @test "Encryption: Encryption setup hook creates manage-encryption-keys.sh" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" local bin_dir="${TEST_ROOT}/usr/local/bin" mkdir -p "$bin_dir" create_manage_keys_script "$bin_dir/manage-encryption-keys.sh" assert_file_exists "$bin_dir/manage-encryption-keys.sh" assert [ -x "$bin_dir/manage-encryption-keys.sh" ] } @test "Encryption: Encryption setup hook creates systemd service" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" local systemd_dir="${TEST_ROOT}/etc/systemd/system" mkdir -p "$systemd_dir" create_encryption_status_service "$systemd_dir" assert_file_exists "$systemd_dir/knel-encryption-status.service" } @test "Encryption: Encryption validation hook checks encryption status" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" # Mock cryptsetup cryptsetup() { echo "Cryptsetup output" return 0 } export -f cryptsetup local config_file="${TEST_ROOT}/crypttab" echo "test_crypt UUID=12345678-1234-1234-1234-123456789012 none luks" > "$config_file" validate_encryption_status "$config_file" assert_success } @test "Encryption: Encryption validation hook creates user reminder" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local home_dir="${TEST_ROOT}/home/user" mkdir -p "$home_dir" create_encryption_reminder "$home_dir" assert_file_exists "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" } @test "Encryption: Encryption reminder contains LUKS2 information" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local home_dir="${TEST_ROOT}/home/user" mkdir -p "$home_dir" create_encryption_reminder "$home_dir" assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "LUKS2" } @test "Encryption: Encryption reminder contains cipher information" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local home_dir="${TEST_ROOT}/home/user" mkdir -p "$home_dir" create_encryption_reminder "$home_dir" assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "AES-256-XTS" } @test "Encryption: Encryption reminder contains passphrase requirements" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local home_dir="${TEST_ROOT}/home/user" mkdir -p "$home_dir" create_encryption_reminder "$home_dir" assert_file_contains "$home_dir/ENCRYPTION-PASSPHRASE-REMINDER.txt" "14+ characters" } @test "Encryption: Encryption validation hook creates MOTD" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local motd_dir="${TEST_ROOT}/etc/update-motd.d" mkdir -p "$motd_dir" setup_encryption_motd "$motd_dir" assert_file_exists "$motd_dir/10-encryption-status" } @test "Encryption: Encryption validation hook creates first boot check" { source "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" local local_bin="${TEST_ROOT}/usr/local/bin" mkdir -p "$local_bin" create_first_boot_check "$local_bin" assert_file_exists "$local_bin/first-boot-encryption-check.sh" assert [ -x "$local_bin/first-boot-encryption-check.sh" ] } @test "Encryption: All encryption hooks are valid bash" { run bash -n "${PROJECT_ROOT}/config/hooks/installed/encryption-setup.sh" assert_success run bash -n "${PROJECT_ROOT}/config/hooks/installed/encryption-validation.sh" assert_success }