#![allow(clippy::unwrap_used, clippy::expect_used)]
mod common;
use std::fs::File;
use bitlocker::BitLockerVolume;
use common::{sha256_hex, OffsetReader};
const VOLUME_OFFSET: u64 = 65_536;
#[test]
fn tier2_clearkey_no_credential_matches_pybde() {
let Ok(path) = std::env::var("BDE_CLEARKEY_ORACLE") else {
eprintln!("BDE_CLEARKEY_ORACLE unset — skipping Tier-2 clear-key oracle");
return;
};
let file = File::open(&path).expect("open clearkey.raw");
let reader = OffsetReader::new(file, VOLUME_OFFSET).expect("window volume");
let mut vol = BitLockerVolume::unlock_clear_key(reader).expect("unlock clearkey.raw");
assert_eq!(
vol.metadata().encryption_method,
0x8004,
"oracle must be XTS-AES-128"
);
let cases: [(u64, &str); 3] = [
(
0,
"2ec4443a018d15665ab5168b1de633f4f7b368dc1e7492521e90d8238cf96224",
),
(
16_777_216,
"ba92072a9e2b2578939d4df43a6dfd64564e546e10e57baf263a1563e784f9a7",
),
(
33_554_432,
"285b610ce6bb4ebdbc11d35ee232078d183dbf05941004253a58fe86756f6235",
),
];
for (offset, want) in cases {
let mut buf = [0u8; 512];
vol.read_at(offset, &mut buf).expect("read_at");
let got = sha256_hex(&buf);
println!("offset {offset}: {got}");
assert_eq!(got, want, "decrypted offset {offset} does not match pybde");
}
}