From 1caa9258685fa5fad8935d3bfcd0eac7d7f84f1e Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 19 Dec 2015 14:41:39 +0100 Subject: Increase GCM IV size from 96 to 128 bits This pushes back the birthday bound for collisions to make it virtually irrelevant. --- .../v0.7/AgD7i9tiAUp42SYjULQt1w== | Bin 0 -> 60 bytes .../v0.7/FQnvM-qOnCYSnk368ugdWg== | 1 + .../v0.7/Pvg7Oy_Ar8Ar93EZZQV_Lw== | 1 + .../example_filesystems/v0.7/gocryptfs.conf | 16 ++++++++++ .../example_filesystems/v0.7/gocryptfs.diriv | 1 + integration_tests/example_filesystems_test.go | 35 ++++++++++++++++++--- 6 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 integration_tests/example_filesystems/v0.7/AgD7i9tiAUp42SYjULQt1w== create mode 120000 integration_tests/example_filesystems/v0.7/FQnvM-qOnCYSnk368ugdWg== create mode 120000 integration_tests/example_filesystems/v0.7/Pvg7Oy_Ar8Ar93EZZQV_Lw== create mode 100644 integration_tests/example_filesystems/v0.7/gocryptfs.conf create mode 100644 integration_tests/example_filesystems/v0.7/gocryptfs.diriv (limited to 'integration_tests') diff --git a/integration_tests/example_filesystems/v0.7/AgD7i9tiAUp42SYjULQt1w== b/integration_tests/example_filesystems/v0.7/AgD7i9tiAUp42SYjULQt1w== new file mode 100644 index 0000000..6c0d1e8 Binary files /dev/null and b/integration_tests/example_filesystems/v0.7/AgD7i9tiAUp42SYjULQt1w== differ diff --git a/integration_tests/example_filesystems/v0.7/FQnvM-qOnCYSnk368ugdWg== b/integration_tests/example_filesystems/v0.7/FQnvM-qOnCYSnk368ugdWg== new file mode 120000 index 0000000..2b7a4b4 --- /dev/null +++ b/integration_tests/example_filesystems/v0.7/FQnvM-qOnCYSnk368ugdWg== @@ -0,0 +1 @@ +cHxK1r_WYNd43oz_foCmzgt5jWrSvpiD-Ngy94L8LndrP9Kic-xlEg== \ No newline at end of file diff --git a/integration_tests/example_filesystems/v0.7/Pvg7Oy_Ar8Ar93EZZQV_Lw== b/integration_tests/example_filesystems/v0.7/Pvg7Oy_Ar8Ar93EZZQV_Lw== new file mode 120000 index 0000000..e527253 --- /dev/null +++ b/integration_tests/example_filesystems/v0.7/Pvg7Oy_Ar8Ar93EZZQV_Lw== @@ -0,0 +1 @@ +cdrpE7F_WZBEDSu1DI2k880I-9dsPjhD8AU8faPjh4omHmDcdcHlyimF \ No newline at end of file diff --git a/integration_tests/example_filesystems/v0.7/gocryptfs.conf b/integration_tests/example_filesystems/v0.7/gocryptfs.conf new file mode 100644 index 0000000..c2997f2 --- /dev/null +++ b/integration_tests/example_filesystems/v0.7/gocryptfs.conf @@ -0,0 +1,16 @@ +{ + "EncryptedKey": "rjkwSNwi3nCUKMLaDttlYweHSDgyhbDx5sWv/a+h+cG1co5IXoXF9ZQSxXl1Qwm/XhY/dvTvnGZRREde", + "ScryptObject": { + "Salt": "mX6madEb9nbE+xgo840s9d2ro88f/5GuEiimQ+C7Z1I=", + "N": 65536, + "R": 8, + "P": 1, + "KeyLen": 32 + }, + "Version": 2, + "FeatureFlags": [ + "GCMIV128", + "DirIV", + "EMENames" + ] +} \ No newline at end of file diff --git a/integration_tests/example_filesystems/v0.7/gocryptfs.diriv b/integration_tests/example_filesystems/v0.7/gocryptfs.diriv new file mode 100644 index 0000000..4606c90 --- /dev/null +++ b/integration_tests/example_filesystems/v0.7/gocryptfs.diriv @@ -0,0 +1 @@ +7vFT5ˣN \ No newline at end of file diff --git a/integration_tests/example_filesystems_test.go b/integration_tests/example_filesystems_test.go index 5eb34e0..3beca60 100644 --- a/integration_tests/example_filesystems_test.go +++ b/integration_tests/example_filesystems_test.go @@ -60,7 +60,7 @@ func TestExampleFSv04(t *testing.T) { checkExampleFS(t, pDir) unmount(pDir) mount(cDir, pDir, "-masterkey", "74676e34-0b47c145-00dac61a-17a92316-"+ - "bb57044c-e205b71f-65f4fdca-7cabd4b3", "-diriv=false", "-emenames=false") + "bb57044c-e205b71f-65f4fdca-7cabd4b3", "-diriv=false", "-emenames=false", "-gcmiv128=false") checkExampleFS(t, pDir) unmount(pDir) err = os.Remove(pDir) @@ -82,7 +82,7 @@ func TestExampleFSv05(t *testing.T) { checkExampleFS(t, pDir) unmount(pDir) mount(cDir, pDir, "-masterkey", "199eae55-36bff4af-83b9a3a2-4fa16f65-"+ - "1549ccdb-2d08d1f0-b1b26965-1b61f896", "-emenames=false") + "1549ccdb-2d08d1f0-b1b26965-1b61f896", "-emenames=false", "-gcmiv128=false") checkExampleFS(t, pDir) unmount(pDir) err = os.Remove(pDir) @@ -104,7 +104,7 @@ func TestExampleFSv06(t *testing.T) { checkExampleFS(t, pDir) unmount(pDir) mount(cDir, pDir, "-masterkey", "7bc8deb0-5fc894ef-a093da43-61561a81-"+ - "0e8dee83-fdc056a4-937c37dd-9df5c520") + "0e8dee83-fdc056a4-937c37dd-9df5c520", "-gcmiv128=false") checkExampleFS(t, pDir) unmount(pDir) err = os.Remove(pDir) @@ -113,8 +113,10 @@ func TestExampleFSv06(t *testing.T) { } } -// Test example_filesystems/v0.6 +// Test example_filesystems/v0.6-plaintextnames // with password mount and -masterkey mount +// v0.6 changed the file name handling a lot, hence the explicit test case for +// plaintextnames. func TestExampleFSv06PlaintextNames(t *testing.T) { pDir := tmpDir + "TestExampleFsV06PlaintextNames/" cDir := "example_filesystems/v0.6-plaintextnames" @@ -126,7 +128,30 @@ func TestExampleFSv06PlaintextNames(t *testing.T) { checkExampleFS(t, pDir) unmount(pDir) mount(cDir, pDir, "-masterkey", "f4690202-595e4593-64c4f7e0-4dddd7d1-"+ - "303147f9-0ca8aea2-966341a7-52ea8ae9", "-plaintextnames") + "303147f9-0ca8aea2-966341a7-52ea8ae9", "-plaintextnames", "-gcmiv128=false") + checkExampleFS(t, pDir) + unmount(pDir) + err = os.Remove(pDir) + if err != nil { + t.Error(err) + } +} + +// Test example_filesystems/v0.7 +// with password mount and -masterkey mount +// v0.7 adds 128 bit GCM IVs +func TestExampleFSv07(t *testing.T) { + pDir := tmpDir + "TestExampleFsV07/" + cDir := "example_filesystems/v0.7" + err := os.Mkdir(pDir, 0777) + if err != nil { + t.Fatal(err) + } + mount(cDir, pDir, "-extpass", "echo test") + checkExampleFS(t, pDir) + unmount(pDir) + mount(cDir, pDir, "-masterkey", "bee8d0c5-74ec49ff-24b8793d-91d488a9-"+ + "6117c58b-357eafaa-162ce3cf-8a061a28") checkExampleFS(t, pDir) unmount(pDir) err = os.Remove(pDir) -- cgit v1.2.3