summaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2017-11-27fusefronted: allow_other: close race between mknod and chownJakob Unterwurzacher
If the user manages to replace the directory with a symlink at just the right time, we could be tricked into chown'ing the wrong file. This change fixes the race by using fchownat, which unfortunately is not available on darwin, hence a compat wrapper is added. Scenario, as described by @slackner at https://github.com/rfjakob/gocryptfs/issues/177 : 1. Create a forward mount point with `plaintextnames` enabled 2. Mount as root user with `allow_other` 3. For testing purposes create a file `/tmp/file_owned_by_root` which is owned by the root user 4. As a regular user run inside of the GoCryptFS mount: ``` mkdir tempdir mknod tempdir/file_owned_by_root p & mv tempdir tempdir2 ln -s /tmp tempdir ``` When the steps are done fast enough and in the right order (run in a loop!), the device file will be created in `tempdir`, but the `lchown` will be executed by following the symlink. As a result, the ownership of the file located at `/tmp/file_owned_by_root` will be changed.
2017-11-26reverse: reject too-long symlink target reads with ENAMETOOLONGJakob Unterwurzacher
If the symlink target gets too long due to base64 encoding, we should return ENAMETOOLONG instead of having the kernel reject the data and returning an I/O error to the user. Fixes https://github.com/rfjakob/gocryptfs/issues/167
2017-11-25fusefrontend_reverse: Do not mix up cache information for different directoriesSebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/168 Steps to reproduce the problem: * Create a regular reverse mount point * Create files with the same very long name in multiple directories - so far everything works as expected, and it will appear with a different name each time, for example, gocryptfs.longname.A in directory A and gocryptfs.longname.B in directory B * Try to access a path with A/gocryptfs.longname.B or B/gocryptfs.longname.A - this should fail, but it actually works. The problem is that the longname cache only uses the path as key and not the dir or divIV. Assume an attacker can directly interact with a reverse mount and knows the relation longname path -> unencoded path in one directory, it allows to test if the same unencoded filename appears in any other directory.
2017-11-25fusefrontend: Fix longname handling for renames with existing targetSebastian Lackner
Fixes https://github.com/rfjakob/gocryptfs/issues/170 Steps to reproduce the problem: * Create a regular forward mount point * Create a file with a shortname and one with a long filename * Try to run 'mv <shortname> <longname>' This should actually work and replace the existing file, but instead it fails with: mv: cannot move '<shortname>' to '<longname>': File exists The problem is the creation of the .name file. If the target already exists we can safely ignore the EEXIST error and just keep the existing .name file.
2017-11-23tests: Add test for access to encrypted version of '.' and '..'Sebastian Lackner
To show that https://github.com/rfjakob/gocryptfs/issues/163 has been fixed.
2017-11-21main: Add '-devrandom' commandline optionSebastian Lackner
Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy.
2017-10-03fusefrontend_reverse: workaround ext4 test failureJakob Unterwurzacher
The extended TestLongnameStat() exposes a pathological case when run on ext4, as ext4 reuses inode numbers immediately. This change modifies the test to not delete the files immediately, so the inode numbers cannot be reused immediately. Fix for the underlying issue is a TODO.
2017-10-01fusefrontend_reverse: fix 176-byte namesJakob Unterwurzacher
A file with a name of exactly 176 bytes length caused this error: ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY -????????? ? ? ? ? ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name Root cause was a wrong shortNameMax constant that failed to account for the obligatory padding byte. Fix the constant and also expand the TestLongnameStat test case to test ALL file name lengths from 1-255 bytes. Fixes https://github.com/rfjakob/gocryptfs/issues/143 .
2017-08-10tests: add diriv cache race testJakob Unterwurzacher
Passes.
2017-07-27fusefrontend_reverse: return ENOENT for undecryptable namesJakob Unterwurzacher
This was working until DecryptName switched to returning EBADMSG instead of EINVAL. Add a test to catch the regression next time.
2017-07-24tests: check if we close stderr and stdout correctly on mountJakob Unterwurzacher
Currently fails, as reported at https://github.com/rfjakob/gocryptfs/issues/130 .
2017-07-21tests: fsstress-gocryptfs.bash: sync up with EncFSJakob Unterwurzacher
I have added a subset of fsstress-gocryptfs.bash to EncFS as fsstress-encfs.sh, improving the code a bit. This change forward-ports these improvements to fsstress-gocryptfs.bash.
2017-07-11fusefronted: enable writing to write-only filesJakob Unterwurzacher
Due to RMW, we always need read permissions on the backing file. This is a problem if the file permissions do not allow reading (i.e. 0200 permissions). This patch works around that problem by chmod'ing the file, obtaining a fd, and chmod'ing it back. Test included. Issue reported at: https://github.com/rfjakob/gocryptfs/issues/125
2017-06-27benchmarks: add streaming read benchmarkJakob Unterwurzacher
2017-06-01Fix two commentsJakob Unterwurzacher
One out-of-date and the other with a typo.
2017-05-30tests: add v1.3-reverse example filesystemJakob Unterwurzacher
We check the md5 sum of the encrypted version of a file to make sure we don't accidentially change the ciphertext generation.
2017-05-14main: password change: exit with code 12 on wrong passwordJakob Unterwurzacher
We used to return code 8, now we return code 12 as documented in the man page. Also adds a test.
2017-05-07exitcodes: pull all exit code definitions into the packageJakob Unterwurzacher
This commit defines all exit codes in one place in the exitcodes package. Also, it adds a test to verify the exit code on incorrect password, which is what SiriKali cares about the most. Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07fusefrontend: implement path decryption via ctlsockJakob Unterwurzacher
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
2017-05-07Fix typos found by MisspellJakob Unterwurzacher
Misspell Finds commonly misspelled English words gocryptfs/internal/configfile/scrypt.go Line 41: warning: "paramter" is a misspelling of "parameter" (misspell) gocryptfs/internal/ctlsock/ctlsock_serve.go Line 1: warning: "implementes" is a misspelling of "implements" (misspell) gocryptfs/tests/test_helpers/helpers.go Line 27: warning: "compatability" is a misspelling of "compatibility" (misspell)
2017-05-01tests: support encfs in the fsstress scriptJakob Unterwurzacher
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01tests: add TestXfs124Jakob Unterwurzacher
This test reproduces the problem xfstests generic/124 uncovered. The warning itself is harmless, but we should either (1) add locking so that this cannot happen anymore or (2) drop the warning. Currently fails: $ go test -v === RUN Test1980Tar --- PASS: Test1980Tar (0.00s) === RUN TestCtlSock --- PASS: TestCtlSock (0.10s) === RUN TestOpenTruncateRead --- PASS: TestOpenTruncateRead (0.00s) === RUN TestWORead --- PASS: TestWORead (0.00s) === RUN TestXfs124 cipherSize 18 == header size: interrupted write? -wpanic turns this warning into a panic: cipherSize 18 == header size: interrupted write?
2017-05-01fusefrontend: drop writeOnly flagJakob Unterwurzacher
We do not have to track the writeOnly status because the kernel will not forward read requests on a write-only FD to us anyway. I have verified this behavoir manually on a 4.10.8 kernel and also added a testcase.
2017-03-18tests: add hkdf_sanity tests with broken example filesystemv1.3-beta1Jakob Unterwurzacher
These are deliberately corrupt.
2017-03-18benchmark: add md5sum read performance benchmarkJakob Unterwurzacher
2017-03-07cli: enable "-raw64" by defaultJakob Unterwurzacher
This brings the CLI options back in sync with the default feature flags.
2017-03-07tests: recreate v1.3 example filesystemJakob Unterwurzacher
The filesystem was created with a gocryptfs version that ignored the HKDF flag (hence everything was actually encrypted WITHOUT hkdf). Fix it by recreating it.
2017-03-07cli: add "-hkdf" optionJakob Unterwurzacher
This commit also enables actually passing the HKDF setting to fusefrontend, this was missing till now.
2017-03-07tests: reverse: don't run tests that ignore "-plaintextnames" twiceJakob Unterwurzacher
TestMain() runs all tests twice, once with plaintextnames=true and once with false. Several tests mount their own filesystem and ignore the plaintextnames variable. It makes no sense to run them twice, so skip execution when plaintextnames is set.
2017-03-07Report correct symbolic link dentry sizesM. Vefa Bicakci
Prior to this commit, gocryptfs's reverse mode did not report correct directory entry sizes for symbolic links, where the dentry size needs to be the same as the length of a string containing the target path. This commit corrects this issue and adds a test case to verify the correctness of the implementation. This issue was discovered during the use of a strict file copying program on a reverse-mounted gocryptfs file system.
2017-03-05tests: add v1.3 example filesystemJakob Unterwurzacher
This filesystem has both HKDF and Raw64 enabled.
2017-03-05Drop Go 1.4 compatability code everywhereJakob Unterwurzacher
Yields a nice reduction in code size.
2017-03-05tests: stop calling t.Fatal from example_test_helpersJakob Unterwurzacher
Calling t.Fatal immeadiately aborts the test, which means the filesystem will not get unmounted, which means test.bash will hang.
2017-02-26tests: somewhat support testing without opensslJakob Unterwurzacher
You will still get lots of test error, but at least the tests will run.
2017-02-20tests: adapt dir overwrite test for Go 1.8Jakob Unterwurzacher
In Go 1.8, os.Rename refuses to overwrite an empty directory. Switch to syscall.Rename, which still does the right thing.
2017-02-20Get rid of remaining $GOPATH dependenciesJakob Unterwurzacher
2017-02-16tests: reverse: check Access() callJakob Unterwurzacher
2017-02-16tests: OSX compat: wrap Stat_t atime extractJakob Unterwurzacher
Linux has st.Atim, st.Mtim, OSX hat st.Atimespec, st.Mtimespec. Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16tests: OSX compat: use OSX-style "stat -f"Jakob Unterwurzacher
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16benchmarks: OSX compat: replace /usr/bin/time with bash builtinJakob Unterwurzacher
On OSX, /usr/bin/time does not support "-f". Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16tests: get rid of syscall.PathMaxJakob Unterwurzacher
Does not exist on OSX Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-15tests: use fuse-unmount.bashJakob Unterwurzacher
...instead of having separate compatability logic.
2017-02-15OSX compat: replace fusermount calls with fuse-unmount.bashJakob Unterwurzacher
Mac OS X does not have fusermount and uses umount instead. The fuse-unmount.bash calls the appropriate command.
2017-02-12Check for trailing garbage after the passwordJakob Unterwurzacher
From the comment: // CheckTrailingGarbage tries to read one byte from stdin and exits with a // fatal error if the read returns any data. // This is meant to be called after reading the password, when there is no more // data expected. This helps to catch problems with third-party tools that // interface with gocryptfs.
2017-02-12tests: ctlsock: check warning for non-canonical pathsJakob Unterwurzacher
2017-01-26tests: add TestLongLink (currently broken)Jakob Unterwurzacher
2017-01-03tests: only check the size in dl-linux-tarball.bashJakob Unterwurzacher
Getting rid of the MD5 calculation makes calling the script virtually free, where it took 0.2 seconds before.
2017-01-03tests: factor out dl-linux-tarball.bashJakob Unterwurzacher
This will be also used by the reverse benchmarks.
2016-12-13benchmark.bash: OSX dd does not support "K" postfixJakob Unterwurzacher
2016-12-10ctlsock: sanitize paths before passing them to the backendJakob Unterwurzacher
You used to be able to crash gocryptfs by passing "/foo" of "foo/" to the ctlsock. Fixes https://github.com/rfjakob/gocryptfs/issues/66