Commit Graph

344 Commits

Author SHA1 Message Date
Sebastian Lackner
a24342f656 fusefrontend: Handle PlaintextNames mode in Link
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning.

https://github.com/rfjakob/gocryptfs/issues/174
2017-12-25 15:07:37 +01:00
Jakob Unterwurzacher
87736eb833 fusefrontend_reverse: secure Access against symlink races (somewhat)
Unfortunately, faccessat in Linux ignores AT_SYMLINK_NOFOLLOW,
so this is not completely atomic.

Given that the information you get from access is not very
interesting, it seems good enough.

https://github.com/rfjakob/gocryptfs/issues/165
2017-12-07 00:11:35 +01:00
Jakob Unterwurzacher
6bd2da89d3 tets_helpers: handle t=nil in InitFS
The reverse tests call InitFS with t=nil. By
calling panic we get a better error message instead
of a generic nil pointer dereference.
2017-12-06 23:03:37 +01:00
Sebastian Lackner
614745ee57 fusefrontend: allow_other: close race between mkdir and chown
Fixes the same problem as described in 72b975867a,
except for directories instead of device nodes.
2017-11-29 13:28:04 +01:00
Sebastian Lackner
2591900b69 fusefrontend: Handle PlaintextNames mode in Unlink
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning. We should not attempt to delete any .name files.

Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-28 09:28:06 +01:00
Sebastian Lackner
3f68b0c09a fusefrontend: Handle PlaintextNames mode in Mknod
In PlaintextNames mode the "gocryptfs.longname." prefix does not have any
special meaning. We should not attempt to read the directory IV or to
create special .name files.

Partially fixes https://github.com/rfjakob/gocryptfs/issues/174
2017-11-28 09:28:06 +01:00
Jakob Unterwurzacher
72b975867a fusefronted: allow_other: close race between mknod and chown
If the user manages to replace the directory with
a symlink at just the right time, we could be tricked
into chown'ing the wrong file.

This change fixes the race by using fchownat, which
unfortunately is not available on darwin, hence a compat
wrapper is added.

Scenario, as described by @slackner at
https://github.com/rfjakob/gocryptfs/issues/177 :

1. Create a forward mount point with `plaintextnames` enabled
2. Mount as root user with `allow_other`
3. For testing purposes create a file `/tmp/file_owned_by_root`
   which is owned by the root user
4. As a regular user run inside of the GoCryptFS mount:

```
mkdir tempdir
mknod tempdir/file_owned_by_root p &
mv tempdir tempdir2
ln -s /tmp tempdir
```

When the steps are done fast enough and in the right order
(run in a loop!), the device file will be created in
`tempdir`, but the `lchown` will be executed by following
the symlink. As a result, the ownership of the file located
at `/tmp/file_owned_by_root` will be changed.
2017-11-27 21:04:45 +01:00
Jakob Unterwurzacher
1bb47b6796 reverse: reject too-long symlink target reads with ENAMETOOLONG
If the symlink target gets too long due to base64 encoding, we should
return ENAMETOOLONG instead of having the kernel reject the data and
returning an I/O error to the user.

Fixes https://github.com/rfjakob/gocryptfs/issues/167
2017-11-26 21:37:12 +01:00
Sebastian Lackner
90687215a4 fusefrontend_reverse: Do not mix up cache information for different directories
Fixes https://github.com/rfjakob/gocryptfs/issues/168

Steps to reproduce the problem:

* Create a regular reverse mount point
* Create files with the same very long name in multiple directories - so far
  everything works as expected, and it will appear with a different name each
  time, for example, gocryptfs.longname.A in directory A and
  gocryptfs.longname.B in directory B
* Try to access a path with A/gocryptfs.longname.B or B/gocryptfs.longname.A -
  this should fail, but it actually works.

The problem is that the longname cache only uses the path as key and not the
dir or divIV. Assume an attacker can directly interact with a reverse mount and
knows the relation longname path -> unencoded path in one directory, it allows
to test if the same unencoded filename appears in any other directory.
2017-11-25 16:20:48 +01:00
Sebastian Lackner
9f56b33e0c fusefrontend: Fix longname handling for renames with existing target
Fixes https://github.com/rfjakob/gocryptfs/issues/170

Steps to reproduce the problem:

* Create a regular forward mount point
* Create a file with a shortname and one with a long filename
* Try to run 'mv <shortname> <longname>'

This should actually work and replace the existing file, but instead it
fails with:

    mv: cannot move '<shortname>' to '<longname>': File exists

The problem is the creation of the .name file. If the target already exists
we can safely ignore the EEXIST error and just keep the existing .name file.
2017-11-25 16:19:09 +01:00
Sebastian Lackner
d257bb34c1 tests: Add test for access to encrypted version of '.' and '..'
To show that https://github.com/rfjakob/gocryptfs/issues/163 has been fixed.
2017-11-23 08:48:00 +01:00
Sebastian Lackner
f3c777d5ea main: Add '-devrandom' commandline option
Allows to use /dev/random for generating the master key instead of the
default Go implementation. When the kernel random generator has been
properly initialized both are considered equally secure, however:

* Versions of Go prior to 1.9 just fall back to /dev/urandom if the
  getrandom() syscall would be blocking (Go Bug #19274)

* Kernel versions prior to 3.17 do not support getrandom(), and there
  is no check if the random generator has been properly initialized
  before reading from /dev/urandom

This is especially useful for embedded hardware with low-entroy. Please
note that generation of the master key might block indefinitely if the
kernel cannot harvest enough entropy.
2017-11-21 23:37:06 +01:00
Jakob Unterwurzacher
64e5906ffa fusefrontend_reverse: workaround ext4 test failure
The extended TestLongnameStat() exposes a pathological case
when run on ext4, as ext4 reuses inode numbers immediately.

This change modifies the test to not delete the files immediately,
so the inode numbers cannot be reused immediately.

Fix for the underlying issue is a TODO.
2017-10-03 21:15:17 +02:00
Jakob Unterwurzacher
4da245c69d fusefrontend_reverse: fix 176-byte names
A file with a name of exactly 176 bytes length caused this error:

  ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY: No such file or directory
  ls: cannot access ./tmp/dsg/sXSGJLTuZuW1FarwIkJs0w/b6mGjdxIRpaeanTo0rbh0A/QjMRrQZC_4WLhmHI1UOBcA/gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name: No such file or directory
  -????????? ? ?     ?             ?            ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY
  -????????? ? ?     ?             ?            ? gocryptfs.longname.QV-UipdDXeUVdl05WruoEzBNPrQCfpu6OzJL0_QnDKY.name

Root cause was a wrong shortNameMax constant that failed to
account for the obligatory padding byte.

Fix the constant and also expand the TestLongnameStat test case
to test ALL file name lengths from 1-255 bytes.

Fixes https://github.com/rfjakob/gocryptfs/issues/143 .
2017-10-01 13:50:25 +02:00
Jakob Unterwurzacher
f59479736b tests: add diriv cache race test
Passes.
2017-08-10 21:01:19 +02:00
Jakob Unterwurzacher
d5133ca5ac fusefrontend_reverse: return ENOENT for undecryptable names
This was working until DecryptName switched to returning
EBADMSG instead of EINVAL.

Add a test to catch the regression next time.
2017-07-27 20:31:22 +02:00
Jakob Unterwurzacher
318c41827c tests: check if we close stderr and stdout correctly on mount
Currently fails, as reported at
https://github.com/rfjakob/gocryptfs/issues/130 .
2017-07-24 00:05:29 +02:00
Jakob Unterwurzacher
74e58ae8e6 tests: fsstress-gocryptfs.bash: sync up with EncFS
I have added a subset of fsstress-gocryptfs.bash to EncFS as
fsstress-encfs.sh, improving the code a bit.

This change forward-ports these improvements to
fsstress-gocryptfs.bash.
2017-07-21 23:34:44 +02:00
Jakob Unterwurzacher
3062de6187 fusefronted: enable writing to write-only files
Due to RMW, we always need read permissions on the backing file. This is a
problem if the file permissions do not allow reading (i.e. 0200 permissions).
This patch works around that problem by chmod'ing the file, obtaining a fd,
and chmod'ing it back.

Test included.

Issue reported at: https://github.com/rfjakob/gocryptfs/issues/125
2017-07-11 23:19:58 +02:00
Jakob Unterwurzacher
c12a50d4c8 benchmarks: add streaming read benchmark 2017-06-27 00:04:58 +02:00
Jakob Unterwurzacher
f44902aaae Fix two comments
One out-of-date and the other with a typo.
2017-06-01 18:53:57 +02:00
Jakob Unterwurzacher
e43eb36da3 tests: add v1.3-reverse example filesystem
We check the md5 sum of the encrypted version of a file to make sure we don't
accidentially change the ciphertext generation.
2017-05-30 17:04:46 +02:00
Jakob Unterwurzacher
18f354d84b main: password change: exit with code 12 on wrong password
We used to return code 8, now we return code 12 as documented in
the man page.

Also adds a test.
2017-05-14 13:14:00 +02:00
Jakob Unterwurzacher
d5adde1eeb exitcodes: pull all exit code definitions into the package
This commit defines all exit codes in one place in the exitcodes
package.

Also, it adds a test to verify the exit code on incorrect
password, which is what SiriKali cares about the most.

Fixes https://github.com/rfjakob/gocryptfs/issues/77 .
2017-05-07 22:16:22 +02:00
Jakob Unterwurzacher
ad7942f434 fusefrontend: implement path decryption via ctlsock
Closes https://github.com/rfjakob/gocryptfs/issues/84 .
2017-05-07 21:01:39 +02:00
Jakob Unterwurzacher
68387b470c Fix typos found by Misspell
Misspell Finds commonly misspelled English words
gocryptfs/internal/configfile/scrypt.go
Line 41: warning: "paramter" is a misspelling of "parameter" (misspell)
gocryptfs/internal/ctlsock/ctlsock_serve.go
Line 1: warning: "implementes" is a misspelling of "implements" (misspell)
gocryptfs/tests/test_helpers/helpers.go
Line 27: warning: "compatability" is a misspelling of "compatibility" (misspell)
2017-05-07 12:22:15 +02:00
Jakob Unterwurzacher
daada9d7c6 tests: support encfs in the fsstress script
May be helpful for https://github.com/vgough/encfs/issues/214 .
2017-05-01 23:50:49 +02:00
Jakob Unterwurzacher
9768376bd1 tests: add TestXfs124
This test reproduces the problem xfstests generic/124 uncovered.
The warning itself is harmless, but we should either (1) add locking
so that this cannot happen anymore or (2) drop the warning.

Currently fails:

$ go test -v
=== RUN   Test1980Tar
--- PASS: Test1980Tar (0.00s)
=== RUN   TestCtlSock
--- PASS: TestCtlSock (0.10s)
=== RUN   TestOpenTruncateRead
--- PASS: TestOpenTruncateRead (0.00s)
=== RUN   TestWORead
--- PASS: TestWORead (0.00s)
=== RUN   TestXfs124
cipherSize 18 == header size: interrupted write?
-wpanic turns this warning into a panic: cipherSize 18 == header size: interrupted write?
2017-05-01 18:44:03 +02:00
Jakob Unterwurzacher
9ab11aa4d7 fusefrontend: drop writeOnly flag
We do not have to track the writeOnly status because the kernel
will not forward read requests on a write-only FD to us anyway.

I have verified this behavoir manually on a 4.10.8 kernel and also
added a testcase.
2017-05-01 17:49:37 +02:00
Jakob Unterwurzacher
f1dbd19fe9 tests: add hkdf_sanity tests with broken example filesystem
These are deliberately corrupt.
2017-03-18 16:48:58 +01:00
Jakob Unterwurzacher
61502f9b94 benchmark: add md5sum read performance benchmark 2017-03-18 16:23:33 +01:00
Jakob Unterwurzacher
efc88346be cli: enable "-raw64" by default
This brings the CLI options back in sync with the default
feature flags.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
f1244b6d06 tests: recreate v1.3 example filesystem
The filesystem was created with a gocryptfs version that ignored
the HKDF flag (hence everything was actually encrypted WITHOUT hkdf).

Fix it by recreating it.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
2362e67a9e cli: add "-hkdf" option
This commit also enables actually passing the HKDF setting to
fusefrontend, this was missing till now.
2017-03-07 20:56:50 +01:00
Jakob Unterwurzacher
a80d798c2d tests: reverse: don't run tests that ignore "-plaintextnames" twice
TestMain() runs all tests twice, once with plaintextnames=true and once
with false. Several tests mount their own filesystem and ignore the
plaintextnames variable. It makes no sense to run them twice, so
skip execution when plaintextnames is set.
2017-03-07 20:53:58 +01:00
M. Vefa Bicakci
d48ccb3dda Report correct symbolic link dentry sizes
Prior to this commit, gocryptfs's reverse mode did not report correct
directory entry sizes for symbolic links, where the dentry size needs to
be the same as the length of a string containing the target path.

This commit corrects this issue and adds a test case to verify the
correctness of the implementation.

This issue was discovered during the use of a strict file copying program
on a reverse-mounted gocryptfs file system.
2017-03-07 20:46:58 +01:00
Jakob Unterwurzacher
b7538fc026 tests: add v1.3 example filesystem
This filesystem has both HKDF and Raw64 enabled.
2017-03-05 23:07:52 +01:00
Jakob Unterwurzacher
966308eeb7 Drop Go 1.4 compatability code everywhere
Yields a nice reduction in code size.
2017-03-05 17:44:14 +01:00
Jakob Unterwurzacher
b2f154a9a9 tests: stop calling t.Fatal from example_test_helpers
Calling t.Fatal immeadiately aborts the test, which means the
filesystem will not get unmounted, which means test.bash will
hang.
2017-03-05 13:39:25 +01:00
Jakob Unterwurzacher
d2c0fae4f6 tests: somewhat support testing without openssl
You will still get lots of test error, but at least the tests
will run.
2017-02-26 19:53:29 +01:00
Jakob Unterwurzacher
b056776a01 tests: adapt dir overwrite test for Go 1.8
In Go 1.8, os.Rename refuses to overwrite an empty directory.
Switch to syscall.Rename, which still does the right thing.
2017-02-20 21:27:37 +01:00
Jakob Unterwurzacher
e406eb22ba Get rid of remaining $GOPATH dependencies 2017-02-20 21:26:42 +01:00
Jakob Unterwurzacher
62e7eb7d04 tests: reverse: check Access() call 2017-02-16 21:20:29 +01:00
Jakob Unterwurzacher
0b19e637c9 tests: OSX compat: wrap Stat_t atime extract
Linux has st.Atim, st.Mtim,
OSX hat st.Atimespec, st.Mtimespec.

Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:39:56 +01:00
Jakob Unterwurzacher
e5bee6a6aa tests: OSX compat: use OSX-style "stat -f"
Reported at https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217
2017-02-16 19:10:36 +01:00
Jakob Unterwurzacher
9f6841373d benchmarks: OSX compat: replace /usr/bin/time with bash builtin
On OSX, /usr/bin/time does not support "-f".

Reported in https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-279130217 .
2017-02-16 19:01:24 +01:00
Jakob Unterwurzacher
ca5c06ef4e tests: get rid of syscall.PathMax
Does not exist on OSX

Reported in https://github.com/rfjakob/gocryptfs/issues/15
2017-02-16 18:47:04 +01:00
Jakob Unterwurzacher
6ac9dcaae0 tests: use fuse-unmount.bash
...instead of having separate compatability logic.
2017-02-15 23:13:33 +01:00
Jakob Unterwurzacher
ce2e610428 OSX compat: replace fusermount calls with fuse-unmount.bash
Mac OS X does not have fusermount and uses umount instead.
The fuse-unmount.bash calls the appropriate command.
2017-02-15 23:02:01 +01:00
Jakob Unterwurzacher
8adfbf2dc3 Check for trailing garbage after the password
From the comment:

// CheckTrailingGarbage tries to read one byte from stdin and exits with a
// fatal error if the read returns any data.
// This is meant to be called after reading the password, when there is no more
// data expected. This helps to catch problems with third-party tools that
// interface with gocryptfs.
2017-02-12 17:59:09 +01:00
Jakob Unterwurzacher
357307cbcf tests: ctlsock: check warning for non-canonical paths 2017-02-12 12:22:25 +01:00
Jakob Unterwurzacher
d2224aec58 tests: add TestLongLink (currently broken) 2017-01-26 20:49:35 +01:00
Jakob Unterwurzacher
94b66ee1b2 tests: only check the size in dl-linux-tarball.bash
Getting rid of the MD5 calculation makes calling the script
virtually free, where it took 0.2 seconds before.
2017-01-03 14:33:55 +01:00
Jakob Unterwurzacher
53555fec1c tests: factor out dl-linux-tarball.bash
This will be also used by the reverse benchmarks.
2017-01-03 14:17:42 +01:00
Jakob Unterwurzacher
2bacbdf99d benchmark.bash: OSX dd does not support "K" postfix 2016-12-13 22:13:12 +01:00
Jakob Unterwurzacher
2758c75cae ctlsock: sanitize paths before passing them to the backend
You used to be able to crash gocryptfs by passing "/foo"
of "foo/" to the ctlsock.

Fixes https://github.com/rfjakob/gocryptfs/issues/66
2016-12-10 12:59:54 +01:00
Jakob Unterwurzacher
3f5c48e058 tests: don't call t.Fatal in checkExampleFS
Calling t.Fatal means that the parent test has no chance
to clean up.
2016-11-26 15:20:54 +01:00
Jakob Unterwurzacher
10884603d8 benchmark.bash: double write length
Writing 1000 128KB blocks takes only 1 second and yielded
inconsistent results. With 2000, things look saner.
2016-11-26 12:36:55 +01:00
Jakob Unterwurzacher
41af353dcb tests: rename fsstress-loopback.bash to fsstress-gocryptfs.bash
The primary use is testing gocryptfs, after all.
2016-11-17 22:51:25 +01:00
Jakob Unterwurzacher
1bae06a16a tests: add OpenTruncateRead test
This is a regression test for the issue that was fixed by the
last commit.
2016-11-17 22:48:50 +01:00
Jakob Unterwurzacher
d8fb28a1c3 ctlsock: prevent panic on invalid decrypt request 2016-11-10 23:51:47 +01:00
Jakob Unterwurzacher
c2629bd9b5 tests: allow overriding hardcoded arguments in Mount helper 2016-11-10 23:47:04 +01:00
Jakob Unterwurzacher
c03fc46a51 ctlsock: implement EncryptPath for reverse mode, add tests 2016-11-10 23:32:51 +01:00
Jakob Unterwurzacher
75ebb28a62 ctlsock: add initial limited implementation
At the moment, in forward mode you can only encrypt paths
and in reverse mode you can only decrypt paths.
2016-11-10 00:27:08 +01:00
Jakob Unterwurzacher
d15122d3d6 Add Go 1.4 compatibility layer for raw64
Using raw64 will not work, but at least it will compile.
2016-11-01 19:25:59 +01:00
Jakob Unterwurzacher
964e0e6b36 tests: add raw64 tests
Also, use "%#v" instead of JSON for debug output.
This means we can unexport all fields.
2016-11-01 18:42:10 +01:00
Jakob Unterwurzacher
c2192cfcad fusefrontend: drop atime workarounds
The fix at https://github.com/hanwen/go-fuse/pull/131 has been merged.
Drop the workarounds and re-enable the tests.
2016-10-30 16:29:36 +01:00
Jakob Unterwurzacher
9b7135224b tests: fetch the example tarball from cdn.kernel.org
www.kernel.org is painfully slow at times.
2016-10-25 23:13:44 +02:00
Jakob Unterwurzacher
aeda9721d0 Fix misspellings
Close https://github.com/rfjakob/gocryptfs/issues/54
2016-10-24 19:18:13 +02:00
Jakob Unterwurzacher
1e66499af8 tests: add example tar 2016-10-19 22:32:21 +02:00
Jakob Unterwurzacher
77ebd62721 tests: fix forgotten variable rename 2016-10-19 22:31:03 +02:00
Jakob Unterwurzacher
589748548f tests: add 1980.tar.gz extract test
Test that we get the right timestamp when extracting a tarball.

Also simplify the workaround in doTestUtimesNano() and fix the
fact that it was running no test at all.
2016-10-19 22:25:54 +02:00
Jakob Unterwurzacher
600ceece35 lint fixes 2016-10-19 01:12:45 +02:00
Jakob Unterwurzacher
891a3b4c8a fusefrontend: Utimens: one more band-aid
Revert once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16 20:20:00 +02:00
Jakob Unterwurzacher
4866785f4b tests: add test for -password -masterkey
Also, make the other password tests more rigorous by verifying the
fs content.
2016-10-16 19:13:00 +02:00
Jakob Unterwurzacher
ca3cc5eca3 tests: fix stdin password change test
It was actually testing extpass a second time.
2016-10-16 18:13:26 +02:00
Jakob Unterwurzacher
5144470e3d fusefrontend: Utimens: ugly band-aid for nil pointer crash in go-fuse
Crash is described at https://github.com/rfjakob/gocryptfs/issues/48 .
Revert this once https://github.com/hanwen/go-fuse/pull/131 is merged.
2016-10-16 15:08:05 +02:00
Jakob Unterwurzacher
a36e29f77e tests: verify that UTIME_OMIT works
It currently does not and even causes a crash due to a bug in
go-fuse.

Also converts the test to table-based.
2016-10-16 15:08:00 +02:00
Jakob Unterwurzacher
e2c5632db8 tests: deduplicate UtimesNano testing code 2016-10-16 15:04:59 +02:00
Jakob Unterwurzacher
57e8df990c tests: split "normal" tests into "cli" and "defaults"
Also fixes the failure to run the benchmarks do to the missing
gocryptfs.diriv.
2016-10-16 15:04:53 +02:00
Jakob Unterwurzacher
c8e5dc9844 main: show "-o" in the help text
Binds it to a dummy variable so it appears in the help text.
2016-10-10 20:57:35 +02:00
Jakob Unterwurzacher
e220b24c5a tests: add test for "mountpoint shadows cipherdir" logic 2016-10-09 00:03:39 +02:00
Jakob Unterwurzacher
d25fcc6a4b reverse: gocryptfs.conf was missing from the directory listings
Fix the test for that and add checks in example_filesystems_test.
2016-10-08 22:25:08 +02:00
Jakob Unterwurzacher
79e3e28671 tests: add v1.1-reverse-plaintextnames example filesystem 2016-10-08 21:49:21 +02:00
Jakob Unterwurzacher
eb51a1ed20 tests: add v1.1-reverse example filesystem 2016-10-08 21:45:11 +02:00
Jakob Unterwurzacher
3c2c3453ad tests: add v1.1-aessiv example filesystem
Also move the example content into "content".
2016-10-08 21:45:01 +02:00
Jakob Unterwurzacher
f054353bd3 reverse: make gocryptfs.conf mapping plaintextnames-aware
Only in plaintextnames-mode AND with the config file at the
default location it will be mapped into the mountpoint.

Also adds a test for that.
2016-10-08 20:57:38 +02:00
Jakob Unterwurzacher
dde4a66454 tests: pass "-nosyslog"
We want to see panics and warnings on the console
2016-10-08 19:36:26 +02:00
Jakob Unterwurzacher
8c89e2da0c tests: invert ResetTmpDir argument
As reverse also does not want a diriv file, the "plaintextNames"
argument became a misnomer.
2016-10-08 19:22:59 +02:00
Jakob Unterwurzacher
29c8ca85d8 tests: matrix: have the testcase struct as a global variable
Future tests will need more info about the running test case.
2016-10-08 19:18:56 +02:00
Jakob Unterwurzacher
084cd597ab tests: matrix: convert to table-based style
And add AES-SIV
2016-10-08 19:16:05 +02:00
Jakob Unterwurzacher
434ce50db3 main: add "-nonempty" option 2016-10-06 22:41:13 +02:00
Valient Gough
b764917cd5 lint fixes 2016-10-04 23:18:33 +02:00
Jakob Unterwurzacher
db5782028a tests: skip tests with -openssl=false on Go 1.4 and lower
Go versions 1.4 and lower lack NewGCMWithNonceSize(), which causes
a panic in the test.
2016-10-04 22:34:12 +02:00
Jakob Unterwurzacher
67a959eebf tests: symlink to "/" instead of "/etc/motd"
This file does not exist on all systems, causing spurious
test failures.

See #40, #43
2016-10-04 22:01:47 +02:00
Jakob Unterwurzacher
95db38912b tests: fallocate: skip some disk usage checks on btrfs
The expected allocated sizes are verified for tmpfs and ext4.
btrfs gives different results, but that's not an error.

Also, simplify test_helpers.Du and several code paths.

Fixes #43.
2016-10-04 21:57:13 +02:00
Jakob Unterwurzacher
b068ffbff9 maxlen.bash: result was 1 too high
Additionally, output 0 instead of 7 on permission errors.
2016-10-04 10:26:22 +02:00
Jakob Unterwurzacher
e9bb8b800c reverse: switch from GCM-SIV to AES-SIV
GCM-SIV is not yet finalized, and the reference implemenation is
painfully slow at about 2 MB/s. Switch to AES-SIV.
2016-09-26 23:25:13 +02:00
Jakob Unterwurzacher
32e35adcad tests: add reverse linux tarball test 2016-09-25 20:04:03 +02:00
Jakob Unterwurzacher
5f4b16c00f Implement changes proposed by gosimple.
Also delete the unused "dirIVNameStruct", found by deadcode.
2016-09-25 19:48:21 +02:00
Jakob Unterwurzacher
b883dd10a6 reverse: add symlink encryption and Readlink support 2016-09-25 18:01:24 +02:00
Jakob Unterwurzacher
ffdb7cd47a reverse: more thorough longname stat test
Now also verifies the returned file size.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
2050c7f3b3 reverse: add gcmsiv flag and associated tests 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
f8da264222 tests: smarter error handling in ResetTmpDir
Look at the error code from os.Remove and decide about the
right thing to do.

Gets rid of spurious fusermount error messages.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
6c52c1a6e6 reverse: add longname benchmark 2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
6ffd07f02a tests: extractloop: use tmp dir based on script name
This is how this should be done as well in future test scripts.
2016-09-25 16:43:17 +02:00
Jakob Unterwurzacher
f6d4d240e6 tests: skip the nanosecond compare for now 2016-09-25 16:42:29 +02:00
Jakob Unterwurzacher
8f1e51789d tests: set the times on a symlink
This currently fails as reported in
https://github.com/rfjakob/gocryptfs/issues/35 .

Also remove the spurious sleep in the test.
2016-09-25 16:17:26 +02:00
Jakob Unterwurzacher
fc0de96763 tests: add TestUtimesNano
Make sure setting nanoseconds works by path and fd.
2016-08-09 22:10:25 +02:00
Jakob Unterwurzacher
0a3225b1eb tests: add RSS tracking to extractloop
This obsoletes loopback-mem.bash.
2016-07-16 21:20:54 +02:00
Jakob Unterwurzacher
6b50f2debc tests: factor out fs-agnostic benchmark script
"canonical-benchmarks.bash TESTDIR"
can now be used on any filesystem.
2016-07-16 18:08:01 +02:00
Jakob Unterwurzacher
d3940c6263 tests: add maxlen.bash helper
Simple script that finds out the maximum supported filename
length.
2016-07-16 14:10:17 +02:00
Jakob Unterwurzacher
e98c51afd6 tests: add loopback-mem script
Helps to find memory leaks in go-fuse's loopback, which
gocryptfs builds upon.
2016-07-14 09:26:00 +02:00
Jakob Unterwurzacher
09c16ed2a7 tests: extractloop: add loopback support
loopback is an example app that comes with the go-fuse lib.
It uses all the same APIs as gocryptfs, minus the encryption.
2016-07-12 08:30:29 +02:00
Jakob Unterwurzacher
cf742f4e8b tests: add encfs support to benchmark.bash and extractloop.bash
Pass "-encfs" to test encfs instead of gocryptfs.
2016-07-11 22:10:41 +02:00
Jakob Unterwurzacher
63def5df5d tests: matrix: print name in verbose output 2016-07-11 21:42:40 +02:00
Jakob Unterwurzacher
df17f1d702 tests: add verbose output when unmounting 2016-07-11 20:41:53 +02:00
Jakob Unterwurzacher
1c54fcd04b tests: use unmount wrapper in ResetTmpDir
This should make it work on OSX.

Also, split unmount into two functions. Depending on what you
want,

* UnmountErr returns the resulting error
* UnmountPanic panics if the error was not nil
2016-07-11 20:41:16 +02:00
Jakob Unterwurzacher
7f3ede473e tests: fix shadow warning
"go tool vet -shadow=true" complained about the md5 package
being shadowed by variables called "md5".
Fix by using the Md5hex helper and dropping the md5 import.
2016-07-06 21:06:42 +02:00
Jakob Unterwurzacher
9d17fdb206 tests: OSX: cast st.Blksize to int64
On Linux, Blksize is already int64. But on OSX
it is int32 and that caused a compile failure.

https://github.com/rfjakob/gocryptfs/issues/15
2016-07-04 08:22:05 +02:00
Jakob Unterwurzacher
9b725c15cf syscallcompat: OSX: add Fallocate and Openat wrappers
...and convert all calls to syscall.{Fallocate,Openat}
to syscallcompat .

Both syscalls are not available on OSX. We emulate Openat and just
return EOPNOTSUPP for Fallocate.
2016-07-03 19:18:34 +02:00
Jakob Unterwurzacher
d5b7eb33da tests: call umount instead of fusermount on OSX
Reported at https://github.com/rfjakob/gocryptfs/issues/15
2016-07-02 20:06:20 +02:00
Jakob Unterwurzacher
54470baa23 fusefrontend: add fallocate support
Mode=0 (default) and mode=1 (keep size) are supported.
The patch includes test cases and the whole thing passed xfstests.

Fixes https://github.com/rfjakob/gocryptfs/issues/1 .
2016-07-02 19:52:09 +02:00
Jakob Unterwurzacher
f2b4d57068 fusefrontend: coalesce grows in Truncate()
We were growing the file block-by-block which was pretty
inefficient. We now coalesce all the grows into a single
Ftruncate. Also simplifies the code!

Simplistic benchmark: Before:

  $ time truncate -s 1000M foo
  real	0m0.568s

After:

  $ time truncate -s 1000M foo
  real	0m0.205s
2016-07-01 23:32:27 +02:00
Jakob Unterwurzacher
02b6d3067d test: split up integration_tests
...into "matrix" and "normal".

Also:
* Make running multiple packages in parallel safe, see
  http://stackoverflow.com/questions/23715302/go-how-to-run-tests-for-multiple-packages
* Don't depent on test_helper.TmpDir and friends to have a terminating slash
2016-06-30 00:57:14 +02:00
Jakob Unterwurzacher
f873d5f0a1 tests: run example_filesystems with "-openssl=false" AND "=true"
Run the tests twice, once with openssl and once with Go crypto.
2016-06-27 23:43:43 +02:00
Jakob Unterwurzacher
2720cd7b0d tests: give "-plaintextnames" its own test package
...and add tests for checking that gocryptfs.diriv
does not get created.

The main "integration_tests" package has become quite
big and convoluted over time.

This small separate package should make writing tests
for "-plaintextnames" easier.

As seen in "fusefrontend: fix PlaintextNames versions of Mkdir, Rmdir",
we need more of them.
2016-06-27 21:40:39 +02:00
Jakob Unterwurzacher
1de5ceed58 tests: add missing file "example_test_helpers.go"
This file was forgotten in commit
"tests: make tests for unsupported FSs more compact".
2016-06-26 18:34:30 +02:00
Jakob Unterwurzacher
b558901e66 Drop deprecated "-gcmiv128" option
The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.

Completes https://github.com/rfjakob/gocryptfs/issues/29 .
2016-06-23 22:10:19 +02:00
Jakob Unterwurzacher
80fc3532f6 tests: make tests for unsupported FSs more compact
There is no need to test that deprecated command-line options
produce an error. I trust the flags package.

Also split the example_filesystem helper functions into a
separate file.
2016-06-23 22:03:45 +02:00
Jakob Unterwurzacher
3d59a72ba9 Drop deprecated "-emenames" option
The EMENames feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:56:50 +02:00
Jakob Unterwurzacher
b17f0465c7 Drop deprecated "-diriv" option
The DirIV feature flag is already mandatory, dropping the command
line option is the final step.
2016-06-23 21:38:59 +02:00
Jakob Unterwurzacher
8a2e1a543a tests: add v0.7-plaintextnames example filesystem
The v0.6-plaintextnames example FS lacks the GCMIV128 feature
flag, is no longer mountable and can no longer be used for testing.

Add a new "-plaintextnames" filesystem created by gocryptfs v0.7.
There have been no format changes to "-plaintextnames" since then.
2016-06-23 20:53:14 +02:00
Jakob Unterwurzacher
930e597f5a tests: expect mount failure for v0.6 and older example filesystems 2016-06-19 20:04:09 +02:00
Jakob Unterwurzacher
4d067e2de1 tests: adapt for read-only operation
The v0.6 and older example filesystem are mounted read-only
because they are deprecated, so skip the read-write tests.
2016-06-16 23:24:32 +02:00
Jakob Unterwurzacher
96750a7d3c tests: exit with correct error code from TestMain
extpass_test and example_filesystems_test did it wrong,
always returning 0.
2016-06-16 21:56:23 +02:00
Jakob Unterwurzacher
82d87ff8ed Add "-ro" (read-only) flag
From the man page:

  **-ro**
  :      Mount the filesystem read-only

Also add a test.
2016-06-16 21:29:22 +02:00
Jakob Unterwurzacher
305e9c1045 tests: add InitFS helper 2016-06-16 21:27:01 +02:00
Jakob Unterwurzacher
c89455063c readpassword: create internal package for password reading
* Supports stdin
* Add tests for extpass and stdin

As per user request at https://github.com/rfjakob/gocryptfs/issues/30
2016-06-15 22:44:24 +02:00
Jakob Unterwurzacher
218bf83ce3 tests: spin off TestPasswd from TestInit
Also, capture all stderr and stdout but pass "-q".
This way we get to see error messages if there are any, or
spurious output when there should be none due to "-q".
2016-06-14 23:11:54 +02:00
Jakob Unterwurzacher
37d824c9a8 test: add pingpong.bash and pingping-rsync.bash
Mounts two gocryptfs filesystems, "ping" and "pong" and moves the
linux-3.0 kernel tree back and forth between them.

When called as "pingpong-rsync.bash" it uses "rsync --remove-source-files"
for moving the files, otherwise plain "mv".
2016-06-09 22:20:55 +02:00
Jakob Unterwurzacher
5da292828c fusefrontend: fix chown on dangling symlinks
We (actually, go-fuse) used to call Chown() instead of Lchown()
which meant that the operation would fail on dangling symlinks.

Fix this by calling os.Lchown() ourself. Also add a test case
for this.
2016-06-08 00:32:44 +02:00
Jakob Unterwurzacher
f58a8d8740 tests: rename extractloop.md5sums to linux-3.0.md5sums
This file will also be used by other tests, so it should
have a generic name.
2016-06-08 00:32:44 +02:00
Jakob Unterwurzacher
c2a5303eeb tests: split example_filesystems into its own package
Running these tests from integration_tests' TestMain() was awkward
because they were run twice with unchanged settings.
integration_tests tests everything with OpenSSL and with native
Go crypto, but this does not take affect for the example filesystems.

To make this work, test_helpers is also split into its own package.
2016-06-07 00:08:56 +02:00