Add test cases that make sure that CryFS notices if an attacker replaces the whole file system

This commit is contained in:
Sebastian Messmer 2017-09-30 22:42:34 +01:00
parent be8a1efd35
commit 04341f3f7d
3 changed files with 45 additions and 4 deletions

View File

@ -11,7 +11,7 @@ set(SOURCES
CliTest_ShowingHelp.cpp
EnvironmentTest.cpp
VersionCheckerTest.cpp
IntegrityCheckTest.cpp
CliTest_IntegrityCheck.cpp
)
add_executable(${PROJECT_NAME} ${SOURCES})

View File

@ -0,0 +1,44 @@
#include "testutils/CliTest.h"
#include <cryfs/config/CryConfigFile.h>
using std::vector;
using std::string;
using cryfs::CryConfig;
using cryfs::CryConfigFile;
class CliTest_IntegrityCheck: public CliTest {
public:
void modifyFilesystemId() {
auto configFile = CryConfigFile::load(basedir / "cryfs.config", "pass").value();
configFile.config()->SetFilesystemId(CryConfig::FilesystemID::FromString("0123456789ABCDEF0123456789ABCDEF"));
configFile.save();
}
void modifyFilesystemKey() {
auto configFile = CryConfigFile::load(basedir / "cryfs.config", "pass").value();
configFile.config()->SetEncryptionKey("0123456789ABCDEF0123456789ABCDEF");
configFile.save();
}
};
TEST_F(CliTest_IntegrityCheck, givenIncorrectFilesystemId_thenFails) {
vector<const char*> args {basedir.c_str(), mountdir.c_str(), "--cipher", "aes-256-gcm", "-f"};
//TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that
EXPECT_RUN_SUCCESS(args, mountdir);
modifyFilesystemId();
EXPECT_RUN_ERROR(
args,
"Error: The filesystem id in the config file is different to the last time we loaded a filesystem from this basedir."
);
}
TEST_F(CliTest_IntegrityCheck, givenIncorrectFilesystemKey_thenFails) {
vector<const char*> args {basedir.c_str(), mountdir.c_str(), "--cipher", "aes-256-gcm", "-f"};
//TODO Remove "-f" parameter, once EXPECT_RUN_SUCCESS can handle that
EXPECT_RUN_SUCCESS(args, mountdir);
modifyFilesystemKey();
EXPECT_RUN_ERROR(
args,
"Error: The filesystem encryption key differs from the last time we loaded this filesystem. Did an attacker replace the file system?"
);
}

View File

@ -1,3 +0,0 @@
//TODO Add cryfs-cli tests for
// - filesystem id changed
// - filesystem id correct but encryption key changed