// gocryptfs v1.1 introduced reverse mode
func TestExampleFSv11reversePlaintextnames(t *testing.T) {
dirA := "v1.1-reverse-plaintextnames"
dirB := test_helpers.TmpDir + "/" + dirA + ".B"
err := os.Mkdir(dirB, 0700)
if err != nil {
t.Fatal(err)
}
dirC := test_helpers.TmpDir + "/" + dirA + ".C"
err = os.Mkdir(dirC, 0700)
if err != nil {
t.Fatal(err)
}
test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-extpass", "echo test", opensslOpt)
c := dirB + "/gocryptfs.conf"
if !test_helpers.VerifyExistence(c) {
t.Errorf("%s missing", c)
}
test_helpers.MountOrFatal(t, dirB, dirC, "-extpass", "echo test", opensslOpt)
checkExampleFSrw(t, dirC, false)
test_helpers.UnmountPanic(dirC)
test_helpers.UnmountPanic(dirB)
m := "e7fb8f0d-2a81df9e-26611e4b-5540b218-e48aa458-c2a623af-d0c82637-1466b5f2"
test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-masterkey", m, opensslOpt)
if !test_helpers.VerifyExistence(c) {
t.Errorf("%s missing", c)
}
test_helpers.MountOrFatal(t, dirB, dirC, "-aessiv", "-masterkey", m, opensslOpt)
checkExampleFSrw(t, dirC, false)
test_helpers.UnmountPanic(dirC)
test_helpers.UnmountPanic(dirB)
}
// Test -passwd flag
func TestPasswd(t *testing.T) {
// Create FS
dir := test_helpers.InitFS(t)
mnt := dir + ".mnt"
// Add content
test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test")
file1 := mnt + "/file1"
err := ioutil.WriteFile(file1, []byte("somecontent"), 0600)
if err != nil {
t.Fatal(err)
}
err = test_helpers.UnmountErr(mnt)
if err != nil {
t.Fatal(err)
}
// Change password to "newpasswd"
testPasswd(t, dir)
// Mount and verify
test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo newpasswd")
content, err := ioutil.ReadFile(file1)
if err != nil {
t.Error(err)
} else if string(content) != "somecontent" {
t.Errorf("wrong content: %q", string(content))
}
err = test_helpers.UnmountErr(mnt)
if err != nil {
t.Fatal(err)
}
}
// gocryptfs v1.1 introduced reverse mode
func TestExampleFSv11reverse(t *testing.T) {
dirA := "v1.1-reverse"
dirB := test_helpers.TmpDir + "/" + dirA + ".B"
err := os.Mkdir(dirB, 0700)
if err != nil {
t.Fatal(err)
}
dirC := test_helpers.TmpDir + "/" + dirA + ".C"
err = os.Mkdir(dirC, 0700)
if err != nil {
t.Fatal(err)
}
test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-extpass", "echo test", opensslOpt)
c := dirB + "/gocryptfs.conf"
if !test_helpers.VerifyExistence(c) {
t.Errorf("%s missing", c)
}
test_helpers.MountOrFatal(t, dirB, dirC, "-extpass", "echo test", opensslOpt)
checkExampleFSrw(t, dirC, false)
test_helpers.UnmountPanic(dirC)
test_helpers.UnmountPanic(dirB)
m := "68b51855-042abd80-635ae1ba-90152a78-2ec2d243-832ac72a-eab0561a-f2d37913"
test_helpers.MountOrFatal(t, dirA, dirB, "-reverse", "-masterkey", m, opensslOpt)
if !test_helpers.VerifyExistence(c) {
t.Errorf("%s missing", c)
}
test_helpers.MountOrFatal(t, dirB, dirC, "-aessiv", "-masterkey", m, opensslOpt)
checkExampleFSrw(t, dirC, false)
test_helpers.UnmountPanic(dirC)
test_helpers.UnmountPanic(dirB)
}
// Test -passwd with -masterkey
func TestPasswdMasterkey(t *testing.T) {
// Create FS
dir := test_helpers.InitFS(t)
// Overwrite with config with known master key
conf, err := ioutil.ReadFile("gocryptfs.conf.b9e5ba23")
if err != nil {
t.Fatal(err)
}
syscall.Unlink(dir + "/gocryptfs.conf")
err = ioutil.WriteFile(dir+"/gocryptfs.conf", conf, 0600)
if err != nil {
t.Fatal(err)
}
// Add content
mnt := dir + ".mnt"
test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo test")
file1 := mnt + "/file1"
err = ioutil.WriteFile(file1, []byte("somecontent"), 0600)
if err != nil {
t.Fatal(err)
}
test_helpers.UnmountPanic(mnt)
// Change password using stdin
args := []string{"-q", "-passwd", "-masterkey",
"b9e5ba23-981a22b8-c8d790d8-627add29-f680513f-b7b7035f-d203fb83-21d82205"}
args = append(args, dir)
cmd := exec.Command(test_helpers.GocryptfsBinary, args...)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
p, err := cmd.StdinPipe()
if err != nil {
t.Fatal(err)
}
err = cmd.Start()
if err != nil {
t.Error(err)
}
// New password
p.Write([]byte("newpasswd\n"))
p.Close()
err = cmd.Wait()
if err != nil {
t.Error(err)
}
// Mount and verify
test_helpers.MountOrFatal(t, dir, mnt, "-extpass", "echo newpasswd")
content, err := ioutil.ReadFile(file1)
if err != nil {
t.Error(err)
} else if string(content) != "somecontent" {
t.Errorf("wrong content: %q", string(content))
}
test_helpers.UnmountPanic(mnt)
}
func TestCtlSock(t *testing.T) {
cDir := test_helpers.InitFS(t)
pDir := cDir + ".mnt"
sock := cDir + ".sock"
test_helpers.MountOrFatal(t, cDir, pDir, "-ctlsock="+sock, "-extpass", "echo test")
defer test_helpers.UnmountPanic(pDir)
req := ctlsock.RequestStruct{
EncryptPath: "foobar",
}
response := test_helpers.QueryCtlSock(t, sock, req)
if response.Result == "" || response.ErrNo != 0 {
t.Errorf("got an error reply: %+v", response)
}
req.EncryptPath = "not-existing-dir/xyz"
response = test_helpers.QueryCtlSock(t, sock, req)
if response.ErrNo != int32(syscall.ENOENT) || response.Result != "" {
t.Errorf("incorrect error handling: %+v", response)
}
// Strange paths should not cause a crash
crashers := []string{"/foo", "foo/", "/foo/", ".", "/////", "/../../."}
for _, c := range crashers {
req.EncryptPath = c
// QueryCtlSock calls t.Fatal if it gets EOF when gocryptfs panics
test_helpers.QueryCtlSock(t, sock, req)
}
}
// Test DecryptPath and EncryptPath
func TestCtlSockPathOps(t *testing.T) {
mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")
if err != nil {
t.Fatal(err)
}
sock := mnt + ".sock"
test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock)
defer test_helpers.UnmountPanic(mnt)
var req ctlsock.RequestStruct
for i, tc := range ctlSockTestCases {
// Decrypt
req = ctlsock.RequestStruct{DecryptPath: tc[0]}
response := test_helpers.QueryCtlSock(t, sock, req)
if response.ErrNo != 0 {
t.Errorf("Testcase %d Decrypt: %q ErrNo=%d ErrText=%s", i, tc[0], response.ErrNo, response.ErrText)
} else if response.Result != tc[1] {
t.Errorf("Testcase %d Decrypt: Want %q got %q", i, tc[1], response.Result)
}
// Encrypt
req = ctlsock.RequestStruct{EncryptPath: tc[1]}
response = test_helpers.QueryCtlSock(t, sock, req)
if response.ErrNo != 0 {
t.Errorf("Testcase %d Encrypt: %q ErrNo=%d ErrText=%s", i, tc[0], response.ErrNo, response.ErrText)
} else if response.Result != tc[0] {
t.Errorf("Testcase %d Encrypt: Want %q got %q", i, tc[1], response.Result)
}
}
}
// Test example_filesystems/v0.7
// with password mount and -masterkey mount
// v0.7 adds 128 bit GCM IVs
func TestExampleFSv07(t *testing.T) {
cDir := "v0.7"
pDir := test_helpers.TmpDir + "/" + cDir
err := os.Mkdir(pDir, 0777)
if err != nil {
t.Fatal(err)
}
test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
checkExampleFS(t, pDir, true)
test_helpers.UnmountPanic(pDir)
test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
"ed7f6d83-40cce86c-0e7d79c2-a9438710-575221bf-30a0eb60-2821fa8f-7f3123bf",
opensslOpt)
checkExampleFS(t, pDir, true)
test_helpers.UnmountPanic(pDir)
}
// gocryptfs v0.7 filesystem created with "-plaintextnames"
func TestExampleFSv07PlaintextNames(t *testing.T) {
cDir := "v0.7-plaintextnames"
pDir := test_helpers.TmpDir + "/" + cDir + ".mnt"
test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
checkExampleFS(t, pDir, true)
test_helpers.UnmountPanic(pDir)
// The actual unmount takes some time, this causes weird problems. Just don't
// reuse the mountpoint.
pDir = pDir + ".2"
test_helpers.MountOrFatal(t, cDir, pDir, "-plaintextnames", "-masterkey",
"6d96397b-585631e1-c7cba69d-61e738b6-4d5ad2c2-e21f0fb3-52f60d3a-b08526f7",
opensslOpt)
checkExampleFS(t, pDir, true)
test_helpers.UnmountPanic(pDir)
}
// gocryptfs v1.1 introduced AES-SIV
func TestExampleFSv11(t *testing.T) {
cDir := "v1.1-aessiv"
pDir := test_helpers.TmpDir + "/" + cDir
err := os.Mkdir(pDir, 0777)
if err != nil {
t.Fatal(err)
}
test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
checkExampleFSLongnames(t, pDir)
test_helpers.UnmountPanic(pDir)
pDir = pDir + ".2"
test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
"eaf371c3-f9a55336-8819f22b-7bccd7c2-a738cf61-7261c658-14c28a03-9428992b",
"-aessiv", opensslOpt)
checkExampleFSLongnames(t, pDir)
test_helpers.UnmountPanic(pDir)
}
// Test example_filesystems/v0.9
// (gocryptfs v0.9 introduced long file name support)
func TestExampleFSv09(t *testing.T) {
cDir := "v0.9"
pDir := test_helpers.TmpDir + "/" + cDir
err := os.Mkdir(pDir, 0777)
if err != nil {
t.Fatal(err)
}
test_helpers.MountOrFatal(t, cDir, pDir, "-extpass", "echo test", opensslOpt)
checkExampleFSLongnames(t, pDir)
test_helpers.UnmountPanic(pDir)
pDir = pDir + ".2"
test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey",
"1cafe3f4-bc316466-2214c47c-ecd89bf3-4e078fe4-f5faeea7-8b7cab02-884f5e1c",
opensslOpt)
checkExampleFSLongnames(t, pDir)
test_helpers.UnmountPanic(pDir)
}
// We should not panic when somebody feeds requests that make no sense
func TestCtlSockCrash(t *testing.T) {
mnt, err := ioutil.TempDir(test_helpers.TmpDir, "reverse_mnt_")
if err != nil {
t.Fatal(err)
}
sock := mnt + ".sock"
test_helpers.MountOrFatal(t, "ctlsock_reverse_test_fs", mnt, "-reverse", "-extpass", "echo test", "-ctlsock="+sock,
"-wpanic=0", "-nosyslog=0")
defer test_helpers.UnmountPanic(mnt)
// Try to crash it
req := ctlsock.RequestStruct{DecryptPath: "gocryptfs.longname.XXX_TestCtlSockCrash_XXX.name"}
test_helpers.QueryCtlSock(t, sock, req)
}
// Test -ro
func TestRo(t *testing.T) {
dir := test_helpers.InitFS(t)
mnt := dir + ".mnt"
test_helpers.MountOrFatal(t, dir, mnt, "-ro", "-extpass=echo test")
defer test_helpers.UnmountPanic(mnt)
file := mnt + "/file"
err := os.Mkdir(file, 0777)
if err == nil {
t.Errorf("Mkdir should have failed")
}
_, err = os.Create(file)
if err == nil {
t.Errorf("Create should have failed")
}
}
// Test "-nonempty"
func TestNonempty(t *testing.T) {
dir := test_helpers.InitFS(t)
mnt := dir + ".mnt"
err := os.Mkdir(mnt, 0700)
if err != nil {
t.Fatal(err)
}
err = ioutil.WriteFile(mnt+"/somefile", []byte("xyz"), 0600)
if err != nil {
t.Fatal(err)
}
err = test_helpers.Mount(dir, mnt, false, "-extpass=echo test")
if err == nil {
t.Errorf("Mounting over a file should fail per default")
}
// Should work with "-nonempty"
test_helpers.MountOrFatal(t, dir, mnt, "-nonempty", "-extpass=echo test")
test_helpers.UnmountPanic(mnt)
}
// Test "mountpoint shadows cipherdir" handling
func TestShadows(t *testing.T) {
mnt := test_helpers.InitFS(t)
cipher := mnt + ".cipher"
err := os.Rename(mnt, cipher)
if err != nil {
t.Fatal(err)
}
// This should work
// (note that MountOrFatal creates "mnt" again)
test_helpers.MountOrFatal(t, cipher, mnt, "-extpass=echo test")
test_helpers.UnmountPanic(mnt)
cipher2 := mnt + "/cipher"
err = os.Rename(cipher, cipher2)
if err != nil {
t.Fatal(err)
}
// This should fail
err = test_helpers.Mount(cipher2, mnt, false, "-extpass=echo test")
if err == nil {
t.Errorf("Should have failed")
}
}