When creating a file system, the user can choose whether to choose missing blocks as integrity violations.
This commit is contained in:
Sebastian Messmer
parent
2451a8c46f
commit
a7f13ad7c1
@ -194,7 +194,7 @@ namespace cryfs {
|
||||
CryConfigLoader::ConfigLoadResult Cli::_loadOrCreateConfig(const ProgramOptions &options) {
|
||||
try {
|
||||
auto configFile = _determineConfigFile(options);
|
||||
auto config = _loadOrCreateConfigFile(configFile, options.cipher(), options.blocksizeBytes());
|
||||
auto config = _loadOrCreateConfigFile(configFile, options.cipher(), options.blocksizeBytes(), options.missingBlockIsIntegrityViolation());
|
||||
if (config == none) {
|
||||
std::cerr << "Could not load config file. Did you enter the correct password?" << std::endl;
|
||||
exit(1);
|
||||
@ -206,17 +206,19 @@ namespace cryfs {
|
||||
}
|
||||
}
|
||||
|
||||
optional<CryConfigLoader::ConfigLoadResult> Cli::_loadOrCreateConfigFile(const bf::path &configFilePath, const optional<string> &cipher, const optional<uint32_t> &blocksizeBytes) {
|
||||
optional<CryConfigLoader::ConfigLoadResult> Cli::_loadOrCreateConfigFile(const bf::path &configFilePath, const optional<string> &cipher, const optional<uint32_t> &blocksizeBytes, const optional<bool> &missingBlockIsIntegrityViolation) {
|
||||
if (_noninteractive) {
|
||||
return CryConfigLoader(_console, _keyGenerator, _scryptSettings,
|
||||
&Cli::_askPasswordNoninteractive,
|
||||
&Cli::_askPasswordNoninteractive,
|
||||
cipher, blocksizeBytes, _noninteractive).loadOrCreate(configFilePath);
|
||||
cipher, blocksizeBytes, missingBlockIsIntegrityViolation,
|
||||
_noninteractive).loadOrCreate(configFilePath);
|
||||
} else {
|
||||
return CryConfigLoader(_console, _keyGenerator, _scryptSettings,
|
||||
&Cli::_askPasswordForExistingFilesystem,
|
||||
&Cli::_askPasswordForNewFilesystem,
|
||||
cipher, blocksizeBytes, _noninteractive).loadOrCreate(configFilePath);
|
||||
cipher, blocksizeBytes, missingBlockIsIntegrityViolation,
|
||||
_noninteractive).loadOrCreate(configFilePath);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ namespace cryfs {
|
||||
void _checkForUpdates();
|
||||
void _runFilesystem(const program_options::ProgramOptions &options);
|
||||
CryConfigLoader::ConfigLoadResult _loadOrCreateConfig(const program_options::ProgramOptions &options);
|
||||
boost::optional<CryConfigLoader::ConfigLoadResult> _loadOrCreateConfigFile(const boost::filesystem::path &configFilePath, const boost::optional<std::string> &cipher, const boost::optional<uint32_t> &blocksizeBytes);
|
||||
boost::optional<CryConfigLoader::ConfigLoadResult> _loadOrCreateConfigFile(const boost::filesystem::path &configFilePath, const boost::optional<std::string> &cipher, const boost::optional<uint32_t> &blocksizeBytes, const boost::optional<bool> &missingBlockIsIntegrityViolation);
|
||||
boost::filesystem::path _determineConfigFile(const program_options::ProgramOptions &options);
|
||||
static std::string _askPasswordForExistingFilesystem();
|
||||
static std::string _askPasswordForNewFilesystem();
|
||||
|
||||
@ -68,6 +68,18 @@ namespace cryfs {
|
||||
}
|
||||
}
|
||||
|
||||
bool CryConfigConsole::askMissingBlockIsIntegrityViolation() {
|
||||
if (_checkUseDefaultSettings()) {
|
||||
return DEFAULT_MISSINGBLOCKISINTEGRITYVIOLATION;
|
||||
} else {
|
||||
return _askMissingBlockIsIntegrityViolation();
|
||||
}
|
||||
}
|
||||
|
||||
bool CryConfigConsole::_askMissingBlockIsIntegrityViolation() const {
|
||||
return _console->askYesNo("\nMost integrity checks are enabled by default. However, by default CryFS does not treat missing blocks as integrity violations.\nThat is, if CryFS finds a block missing, it will assume that this is due to a synchronization delay and not because an attacker deleted the block.\nIf you are in a single-client setting, you can let it treat missing blocks as integrity violations, which will ensure that you notice if an attacker deletes one of your files.\nHowever, in this case, you will not be able to use the file system with other devices anymore.\nDo you want to treat missing blocks as integrity violations?");
|
||||
}
|
||||
|
||||
bool CryConfigConsole::_checkUseDefaultSettings() {
|
||||
if (_useDefaultSettings == none) {
|
||||
_useDefaultSettings = _console->askYesNo("Use default settings?");
|
||||
|
||||
@ -14,9 +14,11 @@ namespace cryfs {
|
||||
|
||||
std::string askCipher();
|
||||
uint32_t askBlocksizeBytes();
|
||||
bool askMissingBlockIsIntegrityViolation();
|
||||
|
||||
static constexpr const char *DEFAULT_CIPHER = "aes-256-gcm";
|
||||
static constexpr uint32_t DEFAULT_BLOCKSIZE_BYTES = 32 * 1024; // 32KB
|
||||
static constexpr uint32_t DEFAULT_MISSINGBLOCKISINTEGRITYVIOLATION = false;
|
||||
|
||||
private:
|
||||
|
||||
@ -25,6 +27,7 @@ namespace cryfs {
|
||||
std::string _askCipher() const;
|
||||
bool _showWarningForCipherAndReturnIfOk(const std::string &cipherName) const;
|
||||
uint32_t _askBlocksizeBytes() const;
|
||||
bool _askMissingBlockIsIntegrityViolation() const;
|
||||
|
||||
std::shared_ptr<cpputils::Console> _console;
|
||||
boost::optional<bool> _useDefaultSettings;
|
||||
|
||||
@ -21,7 +21,7 @@ namespace cryfs {
|
||||
:_console(console), _configConsole(console, noninteractive), _encryptionKeyGenerator(encryptionKeyGenerator) {
|
||||
}
|
||||
|
||||
CryConfigCreator::ConfigCreateResult CryConfigCreator::create(const optional<string> &cipherFromCommandLine, const optional<uint32_t> &blocksizeBytesFromCommandLine) {
|
||||
CryConfigCreator::ConfigCreateResult CryConfigCreator::create(const optional<string> &cipherFromCommandLine, const optional<uint32_t> &blocksizeBytesFromCommandLine, const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine) {
|
||||
CryConfig config;
|
||||
config.SetCipher(_generateCipher(cipherFromCommandLine));
|
||||
config.SetVersion(gitversion::VersionString());
|
||||
@ -30,10 +30,11 @@ namespace cryfs {
|
||||
config.SetRootBlob(_generateRootBlobKey());
|
||||
config.SetEncryptionKey(_generateEncKey(config.Cipher()));
|
||||
config.SetFilesystemId(_generateFilesystemID());
|
||||
uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config.FilesystemId())).loadOrGenerate();
|
||||
config.SetExclusiveClientId(_generateExclusiveClientId(missingBlockIsIntegrityViolationFromCommandLine, myClientId));
|
||||
#ifndef CRYFS_NO_COMPATIBILITY
|
||||
config.SetHasVersionNumbers(true);
|
||||
#endif
|
||||
uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config.FilesystemId())).loadOrGenerate();
|
||||
return ConfigCreateResult {std::move(config), myClientId};
|
||||
}
|
||||
|
||||
@ -55,6 +56,21 @@ namespace cryfs {
|
||||
}
|
||||
}
|
||||
|
||||
optional<uint32_t> CryConfigCreator::_generateExclusiveClientId(const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, uint32_t myClientId) {
|
||||
if (!_generateMissingBlockIsIntegrityViolation(missingBlockIsIntegrityViolationFromCommandLine)) {
|
||||
return none;
|
||||
}
|
||||
return myClientId;
|
||||
}
|
||||
|
||||
bool CryConfigCreator::_generateMissingBlockIsIntegrityViolation(const optional<bool> &missingBlockIsIntegrityViolationFromCommandLine) {
|
||||
if (missingBlockIsIntegrityViolationFromCommandLine != none) {
|
||||
return *missingBlockIsIntegrityViolationFromCommandLine;
|
||||
} else {
|
||||
return _configConsole.askMissingBlockIsIntegrityViolation();
|
||||
}
|
||||
}
|
||||
|
||||
string CryConfigCreator::_generateEncKey(const std::string &cipher) {
|
||||
_console->print("\nGenerating secure encryption key. This might take some time..");
|
||||
auto key = CryCiphers::find(cipher).createKey(_encryptionKeyGenerator);
|
||||
|
||||
@ -19,13 +19,15 @@ namespace cryfs {
|
||||
uint32_t myClientId;
|
||||
};
|
||||
|
||||
ConfigCreateResult create(const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine);
|
||||
ConfigCreateResult create(const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine);
|
||||
private:
|
||||
std::string _generateCipher(const boost::optional<std::string> &cipherFromCommandLine);
|
||||
std::string _generateEncKey(const std::string &cipher);
|
||||
std::string _generateRootBlobKey();
|
||||
uint32_t _generateBlocksizeBytes(const boost::optional<uint32_t> &blocksizeBytesFromCommandLine);
|
||||
CryConfig::FilesystemID _generateFilesystemID();
|
||||
boost::optional<uint32_t> _generateExclusiveClientId(const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, uint32_t myClientId);
|
||||
bool _generateMissingBlockIsIntegrityViolation(const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine);
|
||||
|
||||
std::shared_ptr<cpputils::Console> _console;
|
||||
CryConfigConsole _configConsole;
|
||||
|
||||
@ -31,10 +31,11 @@ using namespace cpputils::logging;
|
||||
|
||||
namespace cryfs {
|
||||
|
||||
CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive)
|
||||
CryConfigLoader::CryConfigLoader(shared_ptr<Console> console, RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, function<string()> askPasswordForExistingFilesystem, function<string()> askPasswordForNewFilesystem, const optional<string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, bool noninteractive)
|
||||
: _console(console), _creator(console, keyGenerator, noninteractive), _scryptSettings(scryptSettings),
|
||||
_askPasswordForExistingFilesystem(askPasswordForExistingFilesystem), _askPasswordForNewFilesystem(askPasswordForNewFilesystem),
|
||||
_cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine) {
|
||||
_cipherFromCommandLine(cipherFromCommandLine), _blocksizeBytesFromCommandLine(blocksizeBytesFromCommandLine),
|
||||
_missingBlockIsIntegrityViolationFromCommandLine(missingBlockIsIntegrityViolationFromCommandLine) {
|
||||
}
|
||||
|
||||
optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::_loadConfig(const bf::path &filename) {
|
||||
@ -58,6 +59,7 @@ optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::_loadConfig(const b
|
||||
}
|
||||
_checkCipher(*config->config());
|
||||
uint32_t myClientId = MyClientId(LocalStateDir::forFilesystemId(config->config()->FilesystemId())).loadOrGenerate();
|
||||
_checkMissingBlocksAreIntegrityViolations(&*config, myClientId);
|
||||
return ConfigLoadResult {std::move(*config), myClientId};
|
||||
}
|
||||
|
||||
@ -80,6 +82,25 @@ void CryConfigLoader::_checkCipher(const CryConfig &config) const {
|
||||
}
|
||||
}
|
||||
|
||||
void CryConfigLoader::_checkMissingBlocksAreIntegrityViolations(CryConfigFile *configFile, uint32_t myClientId) {
|
||||
if (_missingBlockIsIntegrityViolationFromCommandLine == optional<bool>(true) && configFile->config()->ExclusiveClientId() == none) {
|
||||
throw std::runtime_error("You specified on the command line to treat missing blocks as integrity violations, but the file system is not setup to do that.");
|
||||
}
|
||||
if (_missingBlockIsIntegrityViolationFromCommandLine == optional<bool>(false) && configFile->config()->ExclusiveClientId() != none) {
|
||||
throw std::runtime_error("You specified on the command line to not treat missing blocks as integrity violations, but the file system is setup to do that.");
|
||||
}
|
||||
|
||||
// If the file system is set up to treat missing blocks as integrity violations, but we're accessing from a different client, ask whether they want to disable the feature.
|
||||
auto exclusiveClientId = configFile->config()->ExclusiveClientId();
|
||||
if (exclusiveClientId != none && *exclusiveClientId != myClientId) {
|
||||
if (!_console->askYesNo("\nThis filesystem is setup to treat missing blocks as integrity violations and therefore only works in single-client mode. You are trying to access it from a different client.\nDo you want to disable this integrity feature and stop treating missing blocks as integrity violations?\nChoosing yes will not affect the confidentiality of your data, but in future you might not notice if an attacker deletes one of your files.")) {
|
||||
throw std::runtime_error("File system is in single-client mode and can only be used from the client that created it.");
|
||||
}
|
||||
configFile->config()->SetExclusiveClientId(none);
|
||||
configFile->save();
|
||||
}
|
||||
}
|
||||
|
||||
optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::loadOrCreate(const bf::path &filename) {
|
||||
if (bf::exists(filename)) {
|
||||
return _loadConfig(filename);
|
||||
@ -89,7 +110,7 @@ optional<CryConfigLoader::ConfigLoadResult> CryConfigLoader::loadOrCreate(const
|
||||
}
|
||||
|
||||
CryConfigLoader::ConfigLoadResult CryConfigLoader::_createConfig(const bf::path &filename) {
|
||||
auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine);
|
||||
auto config = _creator.create(_cipherFromCommandLine, _blocksizeBytesFromCommandLine, _missingBlockIsIntegrityViolationFromCommandLine);
|
||||
//TODO Ask confirmation if using insecure password (<8 characters)
|
||||
string password = _askPasswordForNewFilesystem();
|
||||
std::cout << "Creating config file (this can take some time)..." << std::flush;
|
||||
|
||||
@ -13,7 +13,7 @@ namespace cryfs {
|
||||
|
||||
class CryConfigLoader final {
|
||||
public:
|
||||
CryConfigLoader(std::shared_ptr<cpputils::Console> console, cpputils::RandomGenerator &keyGenerator, const cpputils::SCryptSettings &scryptSettings, std::function<std::string()> askPasswordForExistingFilesystem, std::function<std::string()> askPasswordForNewFilesystem, const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, bool noninteractive);
|
||||
CryConfigLoader(std::shared_ptr<cpputils::Console> console, cpputils::RandomGenerator &keyGenerator, const cpputils::SCryptSettings &scryptSettings, std::function<std::string()> askPasswordForExistingFilesystem, std::function<std::string()> askPasswordForNewFilesystem, const boost::optional<std::string> &cipherFromCommandLine, const boost::optional<uint32_t> &blocksizeBytesFromCommandLine, const boost::optional<bool> &missingBlockIsIntegrityViolationFromCommandLine, bool noninteractive);
|
||||
CryConfigLoader(CryConfigLoader &&rhs) = default;
|
||||
|
||||
struct ConfigLoadResult {
|
||||
@ -28,6 +28,7 @@ private:
|
||||
ConfigLoadResult _createConfig(const boost::filesystem::path &filename);
|
||||
void _checkVersion(const CryConfig &config);
|
||||
void _checkCipher(const CryConfig &config) const;
|
||||
void _checkMissingBlocksAreIntegrityViolations(CryConfigFile *configFile, uint32_t myClientId);
|
||||
|
||||
std::shared_ptr<cpputils::Console> _console;
|
||||
CryConfigCreator _creator;
|
||||
@ -36,6 +37,7 @@ private:
|
||||
std::function<std::string()> _askPasswordForNewFilesystem;
|
||||
boost::optional<std::string> _cipherFromCommandLine;
|
||||
boost::optional<uint32_t> _blocksizeBytesFromCommandLine;
|
||||
boost::optional<bool> _missingBlockIsIntegrityViolationFromCommandLine;
|
||||
|
||||
DISALLOW_COPY_AND_ASSIGN(CryConfigLoader);
|
||||
};
|
||||
|
||||
@ -11,7 +11,7 @@ namespace cryfs {
|
||||
template<class Cipher>
|
||||
class ConcreteInnerEncryptor final: public InnerEncryptor {
|
||||
public:
|
||||
static constexpr size_t CONFIG_SIZE = 512; // Inner config data is grown to this size before encryption to hide its actual size
|
||||
static constexpr size_t CONFIG_SIZE = 900; // Inner config data is grown to this size before encryption to hide its actual size
|
||||
|
||||
ConcreteInnerEncryptor(typename Cipher::EncryptionKey key);
|
||||
|
||||
|
||||
@ -46,6 +46,10 @@ class CryConfigConsoleTest_Cipher: public CryConfigConsoleTest {};
|
||||
EXPECT_CALL(*console, askYesNo("Use default settings?")).Times(1).WillOnce(Return(false)); \
|
||||
EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(1)
|
||||
|
||||
#define EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION() \
|
||||
EXPECT_CALL(*console, askYesNo("Use default settings?")).Times(1).WillOnce(Return(false)); \
|
||||
EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(1)
|
||||
|
||||
TEST_F(CryConfigConsoleTest_Cipher, AsksForCipher) {
|
||||
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseAnyCipher());
|
||||
cryconsole.askCipher();
|
||||
@ -70,6 +74,11 @@ TEST_F(CryConfigConsoleTest_Cipher, AsksForBlocksize) {
|
||||
cryconsole.askBlocksizeBytes();
|
||||
}
|
||||
|
||||
TEST_F(CryConfigConsoleTest_Cipher, AsksForMissingBlockIsIntegrityViolation) {
|
||||
EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION().WillOnce(Return(true));
|
||||
cryconsole.askMissingBlockIsIntegrityViolation();
|
||||
}
|
||||
|
||||
TEST_F(CryConfigConsoleTest_Cipher, ChooseDefaultBlocksizeWhenNoninteractiveEnvironment) {
|
||||
EXPECT_CALL(*console, askYesNo(HasSubstr("default"))).Times(0);
|
||||
EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(0);
|
||||
|
||||
@ -37,6 +37,12 @@ using ::testing::WithParamInterface;
|
||||
EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(1)
|
||||
#define EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE() \
|
||||
EXPECT_CALL(*console, ask(HasSubstr("block size"), _)).Times(0)
|
||||
#define EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION() \
|
||||
EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(1)
|
||||
#define EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION() \
|
||||
EXPECT_CALL(*console, askYesNo(HasSubstr("missing block"))).Times(0)
|
||||
#define IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION() \
|
||||
EXPECT_CALL(*console, askYesNo(HasSubstr("missing block")))
|
||||
|
||||
class CryConfigCreatorTest: public ::testing::Test {
|
||||
public:
|
||||
@ -62,92 +68,130 @@ public:
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesAskForCipherIfNotSpecified) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseAnyCipher());
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfSpecified) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_DOES_NOT_ASK_FOR_CIPHER();
|
||||
CryConfig config = creator.create(string("aes-256-gcm"), none).config;
|
||||
CryConfig config = creator.create(string("aes-256-gcm"), none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfUsingDefaultSettings) {
|
||||
AnswerYesToDefaultSettings();
|
||||
EXPECT_DOES_NOT_ASK_FOR_CIPHER();
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForCipherIfNoninteractive) {
|
||||
EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
|
||||
EXPECT_DOES_NOT_ASK_FOR_CIPHER();
|
||||
CryConfig config = noninteractiveCreator.create(none, none).config;
|
||||
CryConfig config = noninteractiveCreator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesAskForBlocksizeIfNotSpecified) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_ASK_FOR_BLOCKSIZE().WillOnce(Return(1));
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfSpecified) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
|
||||
CryConfig config = creator.create(none, 10*1024u).config;
|
||||
CryConfig config = creator.create(none, 10*1024u, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfNoninteractive) {
|
||||
EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
|
||||
EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
|
||||
CryConfig config = noninteractiveCreator.create(none, none).config;
|
||||
CryConfig config = noninteractiveCreator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForBlocksizeIfUsingDefaultSettings) {
|
||||
AnswerYesToDefaultSettings();
|
||||
EXPECT_DOES_NOT_ASK_FOR_BLOCKSIZE();
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesAskWhetherMissingBlocksAreIntegrityViolationsIfNotSpecified) {
|
||||
AnswerNoToDefaultSettings();
|
||||
EXPECT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION().WillOnce(Return(true));
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfSpecified_True) {
|
||||
AnswerNoToDefaultSettings();
|
||||
EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
CryConfig config = creator.create(none, none, true).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfSpecified_False) {
|
||||
AnswerNoToDefaultSettings();
|
||||
EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
CryConfig config = creator.create(none, none, false).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfNoninteractive) {
|
||||
EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
|
||||
EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
CryConfig config = noninteractiveCreator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskWhetherMissingBlocksAreIntegrityViolationsIfUsingDefaultSettings) {
|
||||
AnswerYesToDefaultSettings();
|
||||
EXPECT_DOES_NOT_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, ChoosesEmptyRootBlobId) {
|
||||
AnswerNoToDefaultSettings();
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
EXPECT_EQ("", config.RootBlob()); // This tells CryFS to create a new root blob
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_448) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("mars-448-gcm"));
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
cpputils::Mars448_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_256) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-256-gcm"));
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
cpputils::AES256_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_128) {
|
||||
AnswerNoToDefaultSettings();
|
||||
IGNORE_ASK_FOR_MISSINGBLOCKISINTEGRITYVIOLATION();
|
||||
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-128-gcm"));
|
||||
CryConfig config = creator.create(none, none).config;
|
||||
CryConfig config = creator.create(none, none, none).config;
|
||||
cpputils::AES128_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, DoesNotAskForAnythingIfEverythingIsSpecified) {
|
||||
EXPECT_DOES_NOT_ASK_TO_USE_DEFAULT_SETTINGS();
|
||||
EXPECT_DOES_NOT_ASK_FOR_CIPHER();
|
||||
CryConfig config = noninteractiveCreator.create(string("aes-256-gcm"), 10*1024u).config;
|
||||
CryConfig config = noninteractiveCreator.create(string("aes-256-gcm"), 10*1024u, none).config;
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, SetsCorrectCreatedWithVersion) {
|
||||
CryConfig config = noninteractiveCreator.create(none, none).config;
|
||||
CryConfig config = noninteractiveCreator.create(none, none, none).config;
|
||||
EXPECT_EQ(gitversion::VersionString(), config.CreatedWithVersion());
|
||||
}
|
||||
|
||||
TEST_F(CryConfigCreatorTest, SetsCorrectVersion) {
|
||||
CryConfig config = noninteractiveCreator.create(none, none).config;
|
||||
CryConfig config = noninteractiveCreator.create(none, none, none).config;
|
||||
EXPECT_EQ(gitversion::VersionString(), config.Version());
|
||||
}
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ public:
|
||||
|
||||
CryConfigLoader loader(const string &password, bool noninteractive, const optional<string> &cipher = none) {
|
||||
auto askPassword = [password] { return password;};
|
||||
return CryConfigLoader(console, cpputils::Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, cipher, none, noninteractive);
|
||||
return CryConfigLoader(console, cpputils::Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, cipher, none, none, noninteractive);
|
||||
}
|
||||
|
||||
CryConfigFile Create(const string &password = "mypassword", const optional<string> &cipher = none, bool noninteractive = false) {
|
||||
|
||||
@ -40,7 +40,7 @@ public:
|
||||
|
||||
CryConfigFile loadOrCreateConfig() {
|
||||
auto askPassword = [] {return "mypassword";};
|
||||
return CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, true).loadOrCreate(config.path()).value().configFile;
|
||||
return CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, none, true).loadOrCreate(config.path()).value().configFile;
|
||||
}
|
||||
|
||||
unique_ref<OnDiskBlockStore> blockStore() {
|
||||
|
||||
@ -29,7 +29,7 @@ public:
|
||||
unique_ref<Device> createDevice() override {
|
||||
auto blockStore = cpputils::make_unique_ref<FakeBlockStore>();
|
||||
auto askPassword = [] {return "mypassword";};
|
||||
auto config = CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, true)
|
||||
auto config = CryConfigLoader(mockConsole(), Random::PseudoRandom(), SCrypt::TestSettings, askPassword, askPassword, none, none, none, true)
|
||||
.loadOrCreate(configFile.path()).value();
|
||||
return make_unique_ref<CryDevice>(std::move(config.configFile), std::move(blockStore), config.myClientId);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user