2017-09-30 22:42:34 +01:00
|
|
|
#include "testutils/CliTest.h"
|
|
|
|
#include <cryfs/config/CryConfigFile.h>
|
2018-02-01 18:09:28 -08:00
|
|
|
#include <cryfs/ErrorCodes.h>
|
2017-09-30 22:42:34 +01:00
|
|
|
|
|
|
|
using std::vector;
|
|
|
|
using std::string;
|
|
|
|
using cryfs::CryConfig;
|
|
|
|
using cryfs::CryConfigFile;
|
2018-02-01 18:09:28 -08:00
|
|
|
using cryfs::ErrorCode;
|
2017-09-30 22:42:34 +01:00
|
|
|
|
|
|
|
class CliTest_IntegrityCheck: public CliTest {
|
|
|
|
public:
|
|
|
|
void modifyFilesystemId() {
|
|
|
|
auto configFile = CryConfigFile::load(basedir / "cryfs.config", "pass").value();
|
|
|
|
configFile.config()->SetFilesystemId(CryConfig::FilesystemID::FromString("0123456789ABCDEF0123456789ABCDEF"));
|
|
|
|
configFile.save();
|
|
|
|
}
|
|
|
|
|
|
|
|
void modifyFilesystemKey() {
|
|
|
|
auto configFile = CryConfigFile::load(basedir / "cryfs.config", "pass").value();
|
|
|
|
configFile.config()->SetEncryptionKey("0123456789ABCDEF0123456789ABCDEF");
|
|
|
|
configFile.save();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
TEST_F(CliTest_IntegrityCheck, givenIncorrectFilesystemId_thenFails) {
|
2018-09-06 22:44:23 -07:00
|
|
|
vector<string> args {basedir.string().c_str(), mountdir.string().c_str(), "--cipher", "aes-256-gcm", "-f"};
|
2017-09-30 22:42:34 +01:00
|
|
|
//TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that
|
|
|
|
EXPECT_RUN_SUCCESS(args, mountdir);
|
|
|
|
modifyFilesystemId();
|
|
|
|
EXPECT_RUN_ERROR(
|
|
|
|
args,
|
2018-02-01 18:09:28 -08:00
|
|
|
"Error: The filesystem id in the config file is different to the last time we loaded a filesystem from this basedir.",
|
|
|
|
ErrorCode::FilesystemIdChanged
|
2017-09-30 22:42:34 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(CliTest_IntegrityCheck, givenIncorrectFilesystemKey_thenFails) {
|
2018-09-06 22:44:23 -07:00
|
|
|
vector<string> args {basedir.string().c_str(), mountdir.string().c_str(), "--cipher", "aes-256-gcm", "-f"};
|
2017-09-30 22:42:34 +01:00
|
|
|
//TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that
|
|
|
|
EXPECT_RUN_SUCCESS(args, mountdir);
|
|
|
|
modifyFilesystemKey();
|
|
|
|
EXPECT_RUN_ERROR(
|
|
|
|
args,
|
2018-02-01 18:09:28 -08:00
|
|
|
"Error: The filesystem encryption key differs from the last time we loaded this filesystem. Did an attacker replace the file system?",
|
|
|
|
ErrorCode::EncryptionKeyChanged
|
2017-09-30 22:42:34 +01:00
|
|
|
);
|
|
|
|
}
|