aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2018-03-05macos: doTestUtimesNano: skip UTIME_OMIT and nanoseconds testcasesJakob Unterwurzacher
Not supported on macos. Beef up the first test case a little by using different second values.
2018-03-05tests: TestUtimesNano: replace ugly compareUtimes wrapperJakob Unterwurzacher
2018-03-05tests: fix a few fd leaksJakob Unterwurzacher
We relied on the finalizer to close a few fds. For some reason, this did not cause problems on Linux, but on MacOS, it causes unmount failures: umount(/private/tmp/gocryptfs-test-parent/194654785/default-plain): Resource busy -- try 'diskutil unmount'
2018-03-05macos: skip TestUtimesNanoSymlink earlyJakob Unterwurzacher
Gets rid of the touch error message upon running the tests.
2018-03-05macos: adjust TestTooLongSymlink length for darwinJakob Unterwurzacher
Limit is much lower than on linux
2018-02-28MacOS: skip TestUtimesNanoSymlink and TestUtimesNanoFdJakob Unterwurzacher
These cannot work on MacOS.
2018-02-28test_helpers: use an intermediate pipe for subprocess stdoutJakob Unterwurzacher
To Go test logic waits for stderr and stdout to close, so when we share it with a subprocess, it will wait for it to exit as well. We don't want the tests to hang when the unmount fails. Seen on MacOS as reported at https://github.com/rfjakob/gocryptfs/issues/213
2018-02-18readpassword: convert from string to []byteJakob Unterwurzacher
This will allows us to overwrite the password with zeros once we are done with it. https://github.com/rfjakob/gocryptfs/issues/211
2018-01-21Documentation: add extractloop example outputJakob Unterwurzacher
2018-01-17fusefronted: add PlaintextNames special-cases for Create & RenameJakob Unterwurzacher
gocryptfs.longname.XXX files were considered magic in PlaintextNames mode, which was wrong. Fix that and add tests. Fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25fusefrontend: Handle PlaintextNames mode in LinkSebastian Lackner
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any special meaning. https://github.com/rfjakob/gocryptfs/issues/174
2017-12-07fusefrontend_reverse: secure Access against symlink races (somewhat)Jakob Unterwurzacher
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW, so this is not completely atomic. Given that the information you get from access is not very interesting, it seems good enough. https://github.com/rfjakob/gocryptfs/issues/165
2017-12-06tets_helpers: handle t=nil in InitFSJakob Unterwurzacher
The reverse tests call InitFS with t=nil. By calling panic we get a better error message instead of a generic nil pointer dereference.
2017-11-29fusefrontend: allow_other: close race between mkdir and chownSebastian Lackner
Fixes the same problem as described in 72b975867a3b9bdf53fc2da62e2ba4a328d7e4ab, except for directories instead of device nodes.
2017-11-28fusefrontend: Handle PlaintextNames mode in UnlinkSebastian Lackner
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any special meaning. We should not attempt to delete any .name files. Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-28fusefrontend: Handle PlaintextNames mode in MknodSebastian Lackner
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any special meaning. We should not attempt to read the directory IV or to create special .name files. Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-27fusefronted: allow_other: close race between mknod and chownJakob Unterwurzacher
If the user manages to replace the directory with a symlink at just the right time, we could be tricked into chown'ing the wrong file. This change fixes the race by using fchownat, which unfortunately is not available on darwin, hence a compat wrapper is added. Scenario, as described by @slackner at https://github.com/rfjakob/gocryptfs/issues/177 : 1. Create a forward mount point with `plaintextnames` enabled 2. Mount as root user with `allow_other` 3. For testing purposes create a file `/tmp/file_owned_by_root` which is owned by the root user 4. As a regular user run inside of the GoCryptFS mount: ``` mkdir tempdir mknod tempdir/file_owned_by_root p & mv tempdir tempdir2 ln -s /tmp tempdir ``` When the steps are done fast enough and in the right order (run in a loop!), the device file will be created in `tempdir`, but the `lchown` will be executed by following the symlink. As a result, the ownership of the file located at `/tmp/file_owned_by_root` will be changed.
2017-11-26reverse: reject too-long symlink target reads with ENAMETOOLONGJakob Unterwurzacher
If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167
2017-11-25fusefrontend_reverse: Do not mix up cache information for different directoriesSebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/168 Steps to reproduce the problem: * Create a regular reverse mount point * Create files with the same very long name in multiple directories - so far everything works as expected, and it will appear with a different name each time, for example, gocryptfs.longname.A in directory A and gocryptfs.longname.B in directory B * Try to access a path with A/gocryptfs.longname.B or B/gocryptfs.longname.A - this should fail, but it actually works. The problem is that the longname cache only uses the path as key and not the dir or divIV. Assume an attacker can directly interact with a reverse mount and knows the relation longname path -> unencoded path in one directory, it allows to test if the same unencoded filename appears in any other directory.
2017-11-25fusefrontend: Fix longname handling for renames with existing targetSebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/170 Steps to reproduce the problem: * Create a regular forward mount point * Create a file with a shortname and one with a long filename * Try to run 'mv <shortname> <longname>' This should actually work and replace the existing file, but instead it fails with: mv: cannot move '<shortname>' to '<longname>': File exists The problem is the creation of the .name file. If the target already exists we can safely ignore the EEXIST error and just keep the existing .name file.
2017-11-23tests: Add test for access to encrypted version of '.' and '..'Sebastian Lackner
To show that https://github.com/rfjakob/gocryptfs/issues/163 has been fixed.
2017-11-21main: Add '-devrandom' commandline optionSebastian Lackner
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
2017-10-03fusefrontend_reverse: workaround ext4 test failureJakob Unterwurzacher
The extended TestLongnameStat() exposes a pathological case when run on ext4, as ext4 reuses inode numbers immediately. This change modifies the test to not delete the files immediately, so the inode numbers cannot be reused immediately. Fix for the underlying issue is a TODO.
2017-10-01fusefrontend_reverse: fix 176-byte namesJakob Unterwurzacher
A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 .
2017-08-10tests: add diriv cache race testJakob Unterwurzacher
Passes.
2017-07-27fusefrontend_reverse: return ENOENT for undecryptable namesJakob Unterwurzacher
This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time.
2017-07-24tests: check if we close stderr and stdout correctly on mountJakob Unterwurzacher
Currently fails, as reported at https://github.com/rfjakob/gocryptfs/issues/130 .
2017-07-21tests: fsstress-gocryptfs.bash: sync up with EncFSJakob Unterwurzacher
I have added a subset of fsstress-gocryptfs.bash to EncFS as fsstress-encfs.sh, improving the code a bit. This change forward-ports these improvements to fsstress-gocryptfs.bash.
2017-07-11fusefronted: enable writing to write-only filesJakob Unterwurzacher
Due to RMW, we always need read permissions on the backing file. This is a problem if the file permissions do not allow reading (i.e. 0200 permissions). This patch works around that problem by chmod'ing the file, obtaining a fd, and chmod'ing it back. Test included. Issue reported at: https://github.com/rfjakob/gocryptfs/issues/125
2017-06-27benchmarks: add streaming read benchmarkJakob Unterwurzacher
2017-06-01Fix two commentsJakob Unterwurzacher
One out-of-date and the other with a typo.
2017-05-30tests: add v1.3-reverse example filesystemJakob Unterwurzacher
We check the md5 sum of the encrypted version of a file to make sure we don't accidentially change the ciphertext generation.
2017-05-14main: password change: exit with code 12 on wrong passwordJakob Unterwurzacher
We used to return code 8, now we return code 12 as documented in the man page. Also adds a test.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07fusefrontend: implement path decryption via ctlsockJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
2017-05-07Fix typos found by MisspellJakob Unterwurzacher
Misspell Finds commonly misspelled English words gocryptfs/internal/configfile/scrypt.go Line 41: warning: "paramter" is a misspelling of "parameter" (misspell) gocryptfs/internal/ctlsock/ctlsock_serve.go Line 1: warning: "implementes" is a misspelling of "implements" (misspell) gocryptfs/tests/test_helpers/helpers.go Line 27: warning: "compatability" is a misspelling of "compatibility" (misspell)
2017-05-01tests: support encfs in the fsstress scriptJakob Unterwurzacher
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01tests: add TestXfs124Jakob Unterwurzacher
This test reproduces the problem xfstests generic/124 uncovered. The warning itself is harmless, but we should either (1) add locking so that this cannot happen anymore or (2) drop the warning. Currently fails: $ go test -v === RUN Test1980Tar --- PASS: Test1980Tar (0.00s) === RUN TestCtlSock --- PASS: TestCtlSock (0.10s) === RUN TestOpenTruncateRead --- PASS: TestOpenTruncateRead (0.00s) === RUN TestWORead --- PASS: TestWORead (0.00s) === RUN TestXfs124 cipherSize 18 == header size: interrupted write? -wpanic turns this warning into a panic: cipherSize 18 == header size: interrupted write?
2017-05-01fusefrontend: drop writeOnly flagJakob Unterwurzacher
We do not have to track the writeOnly status because the kernel will not forward read requests on a write-only FD to us anyway. I have verified this behavoir manually on a 4.10.8 kernel and also added a testcase.
2017-03-18tests: add hkdf_sanity tests with broken example filesystemv1.3-beta1Jakob Unterwurzacher
These are deliberately corrupt.
2017-03-18benchmark: add md5sum read performance benchmarkJakob Unterwurzacher
2017-03-07cli: enable "-raw64" by defaultJakob Unterwurzacher
This brings the CLI options back in sync with the default feature flags.
2017-03-07tests: recreate v1.3 example filesystemJakob Unterwurzacher
The filesystem was created with a gocryptfs version that ignored the HKDF flag (hence everything was actually encrypted WITHOUT hkdf). Fix it by recreating it.
2017-03-07cli: add "-hkdf" optionJakob Unterwurzacher
This commit also enables actually passing the HKDF setting to fusefrontend, this was missing till now.
2017-03-07tests: reverse: don't run tests that ignore "-plaintextnames" twiceJakob Unterwurzacher
TestMain() runs all tests twice, once with plaintextnames=true and once with false. Several tests mount their own filesystem and ignore the plaintextnames variable. It makes no sense to run them twice, so skip execution when plaintextnames is set.
2017-03-07Report correct symbolic link dentry sizesM. Vefa Bicakci
Prior to this commit, gocryptfs's reverse mode did not report correct directory entry sizes for symbolic links, where the dentry size needs to be the same as the length of a string containing the target path. This commit corrects this issue and adds a test case to verify the correctness of the implementation. This issue was discovered during the use of a strict file copying program on a reverse-mounted gocryptfs file system.
2017-03-05tests: add v1.3 example filesystemJakob Unterwurzacher
This filesystem has both HKDF and Raw64 enabled.
2017-03-05Drop Go 1.4 compatability code everywhereJakob Unterwurzacher
Yields a nice reduction in code size.
2017-03-05tests: stop calling t.Fatal from example_test_helpersJakob Unterwurzacher
Calling t.Fatal immeadiately aborts the test, which means the filesystem will not get unmounted, which means test.bash will hang.
2017-02-26tests: somewhat support testing without opensslJakob Unterwurzacher
You will still get lots of test error, but at least the tests will run.