From db273b67560ec27510357415c06b986e420d1824 Mon Sep 17 00:00:00 2001
From: Valentin David <valentin.david@canonical.com>
Date: Wed, 23 Oct 2024 16:46:33 +0200
Subject: [PATCH] fixup! secboot: re-introduce v1 fde hook format

---
 secboot/export_sb_test.go  |  3 ++
 secboot/secboot_sb_test.go | 79 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)

diff --git a/secboot/export_sb_test.go b/secboot/export_sb_test.go
index 1a84bb46fe9..1a1a69475bc 100644
--- a/secboot/export_sb_test.go
+++ b/secboot/export_sb_test.go
@@ -351,3 +351,6 @@ func MockNewLUKS2KeyDataWriter(f func(devicePath string, name string) (KeyDataWr
 		newLUKS2KeyDataWriter = old
 	}
 }
+
+type DefaultKeyLoader = defaultKeyLoader
+var ReadKeyFile = readKeyFile
diff --git a/secboot/secboot_sb_test.go b/secboot/secboot_sb_test.go
index 424b834b471..c72cd6ab48d 100644
--- a/secboot/secboot_sb_test.go
+++ b/secboot/secboot_sb_test.go
@@ -2561,3 +2561,82 @@ func (s *secbootSuite) TestSerializedProfile(c *C) {
 		"tpm2-pcr-profile": base64.StdEncoding.EncodeToString([]byte("serialized-profile")),
 	})
 }
+
+func (s *secbootSuite) TestReadKeyFileKeyData(c *C) {
+	keyLoader := &secboot.DefaultKeyLoader{}
+	const fdeHookHint = false
+	tmpDir := c.MkDir()
+	keyPath := filepath.Join(tmpDir, "key")
+	// KeyData is a json
+	err := os.WriteFile(keyPath, []byte(`{}`), 0644)
+	c.Assert(err, IsNil)
+
+	newFileKeyDataReaderCalls := 0
+	restore := secboot.MockSbNewFileKeyDataReader(func(kf string) (*sb.FileKeyDataReader, error) {
+		newFileKeyDataReaderCalls++
+		c.Check(kf, Equals, keyPath)
+		return sb.NewFileKeyDataReader(kf)
+	})
+	defer restore()
+
+	readKeyDataCalls := 0
+	restore = secboot.MockSbReadKeyData(func(reader sb.KeyDataReader) (*sb.KeyData, error) {
+		readKeyDataCalls++
+		return sb.ReadKeyData(reader)
+	})
+	defer restore()
+
+	err = secboot.ReadKeyFile(keyPath, keyLoader, fdeHookHint)
+	c.Assert(err, IsNil)
+	c.Check(newFileKeyDataReaderCalls, Equals, 1)
+	c.Check(readKeyDataCalls, Equals, 1)
+	c.Check(keyLoader.KeyData, NotNil)
+	c.Check(keyLoader.SealedKeyObject, IsNil)
+	c.Check(keyLoader.FDEHookKeyV1, IsNil)
+}
+
+func (s *secbootSuite) TestReadKeyFileSealedObject(c *C) {
+	keyLoader := &secboot.DefaultKeyLoader{}
+	const fdeHookHint = false
+	keyPath := filepath.Join("test-data", "keyfile")
+
+	readSealedKeyObjectFromFileCalls := 0
+	restore := secboot.MockSbReadSealedKeyObjectFromFile(func(path string) (*sb_tpm2.SealedKeyObject, error) {
+		readSealedKeyObjectFromFileCalls++
+		c.Check(path, Equals, keyPath)
+		return sb_tpm2.ReadSealedKeyObjectFromFile(path)
+	})
+	defer restore()
+
+	newKeyDataFromSealedKeyObjectFile := 0
+	restore = secboot.MockSbNewKeyDataFromSealedKeyObjectFile(func(path string) (*sb.KeyData, error) {
+		newKeyDataFromSealedKeyObjectFile++
+		c.Check(path, Equals, keyPath)
+		return sb_tpm2.NewKeyDataFromSealedKeyObjectFile(path)
+	})
+	defer restore()
+
+	err := secboot.ReadKeyFile(keyPath, keyLoader, fdeHookHint)
+	c.Assert(err, IsNil)
+	c.Check(readSealedKeyObjectFromFileCalls, Equals, 1)
+	c.Check(newKeyDataFromSealedKeyObjectFile, Equals, 1)
+	c.Check(keyLoader.KeyData, NotNil)
+	c.Check(keyLoader.SealedKeyObject, NotNil)
+	c.Check(keyLoader.FDEHookKeyV1, IsNil)
+}
+
+func (s *secbootSuite) TestReadKeyFileFDEHookV1(c *C) {
+	keyLoader := &secboot.DefaultKeyLoader{}
+	const fdeHookHint = true
+	tmpDir := c.MkDir()
+	keyPath := filepath.Join(tmpDir, "key")
+	// KeyData starts with USK$
+	err := os.WriteFile(keyPath, []byte(`USK$blahblah`), 0644)
+	c.Assert(err, IsNil)
+
+	err = secboot.ReadKeyFile(keyPath, keyLoader, fdeHookHint)
+	c.Assert(err, IsNil)
+	c.Check(keyLoader.KeyData, IsNil)
+	c.Check(keyLoader.SealedKeyObject, IsNil)
+	c.Check(keyLoader.FDEHookKeyV1, DeepEquals, []byte(`USK$blahblah`))
+}