61ef6b00a6
Commitf3c777d5eaadded the `-devrandom` option: commitf3c777d5eaAuthor: @slackner Date: Sun Nov 19 13:30:04 2017 +0100 main: Add '-devrandom' commandline option Allows to use /dev/random for generating the master key instead of the default Go implementation. When the kernel random generator has been properly initialized both are considered equally secure, however: * Versions of Go prior to 1.9 just fall back to /dev/urandom if the getrandom() syscall would be blocking (Go Bug #19274) * Kernel versions prior to 3.17 do not support getrandom(), and there is no check if the random generator has been properly initialized before reading from /dev/urandom This is especially useful for embedded hardware with low-entroy. Please note that generation of the master key might block indefinitely if the kernel cannot harvest enough entropy. We now require Go v1.13 and Kernel versions should have also moved on. Make the flag a no-op. https://github.com/rfjakob/gocryptfs/issues/596
154 lines
3.6 KiB
Go
154 lines
3.6 KiB
Go
package configfile
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
|
|
)
|
|
|
|
var testPw = []byte("test")
|
|
|
|
func TestLoadV1(t *testing.T) {
|
|
_, _, err := LoadAndDecrypt("config_test/v1.conf", testPw)
|
|
if err == nil {
|
|
t.Errorf("Outdated v1 config file must fail to load but it didn't")
|
|
} else if testing.Verbose() {
|
|
fmt.Println(err)
|
|
}
|
|
}
|
|
|
|
// Load a known-good config file and verify that it takes at least 100ms
|
|
// (brute-force protection)
|
|
func TestLoadV2(t *testing.T) {
|
|
t1 := time.Now()
|
|
|
|
_, _, err := LoadAndDecrypt("config_test/v2.conf", testPw)
|
|
if err != nil {
|
|
t.Errorf("Could not load v2 config file: %v", err)
|
|
}
|
|
|
|
elapsed := time.Since(t1)
|
|
if elapsed < 100*time.Millisecond {
|
|
t.Errorf("scrypt calculation runs too fast: %d ms", elapsed/time.Millisecond)
|
|
}
|
|
}
|
|
|
|
func TestLoadV2PwdError(t *testing.T) {
|
|
if !testing.Verbose() {
|
|
tlog.Warn.Enabled = false
|
|
}
|
|
_, _, err := LoadAndDecrypt("config_test/v2.conf", []byte("wrongpassword"))
|
|
if err == nil {
|
|
t.Errorf("Loading with wrong password must fail but it didn't")
|
|
}
|
|
}
|
|
|
|
func TestLoadV2Feature(t *testing.T) {
|
|
_, _, err := LoadAndDecrypt("config_test/PlaintextNames.conf", testPw)
|
|
if err != nil {
|
|
t.Errorf("Could not load v2 PlaintextNames config file: %v", err)
|
|
}
|
|
}
|
|
|
|
func TestLoadV2StrangeFeature(t *testing.T) {
|
|
_, _, err := LoadAndDecrypt("config_test/StrangeFeature.conf", testPw)
|
|
if err == nil {
|
|
t.Errorf("Loading unknown feature must fail but it didn't")
|
|
} else if testing.Verbose() {
|
|
fmt.Println(err)
|
|
}
|
|
}
|
|
|
|
func TestCreateConfDefault(t *testing.T) {
|
|
err := Create(&CreateArgs{
|
|
Filename: "config_test/tmp.conf",
|
|
Password: testPw,
|
|
LogN: 10,
|
|
Creator: "test"})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// Check that all expected feature flags are set
|
|
want := []flagIota{
|
|
FlagGCMIV128, FlagDirIV, FlagEMENames, FlagLongNames,
|
|
FlagRaw64, FlagHKDF,
|
|
}
|
|
for _, f := range want {
|
|
if !c.IsFeatureFlagSet(f) {
|
|
t.Errorf("Feature flag %q should be set but is not", knownFlags[f])
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestCreateConfPlaintextnames(t *testing.T) {
|
|
err := Create(&CreateArgs{
|
|
Filename: "config_test/tmp.conf",
|
|
Password: testPw,
|
|
PlaintextNames: true,
|
|
LogN: 10,
|
|
Creator: "test"})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
// Check that all expected feature flags are set
|
|
want := []flagIota{
|
|
FlagGCMIV128, FlagHKDF,
|
|
}
|
|
for _, f := range want {
|
|
if !c.IsFeatureFlagSet(f) {
|
|
t.Errorf("Feature flag %q should be set but is not", knownFlags[f])
|
|
}
|
|
}
|
|
}
|
|
|
|
// Reverse mode uses AESSIV
|
|
func TestCreateConfFileAESSIV(t *testing.T) {
|
|
err := Create(&CreateArgs{
|
|
Filename: "config_test/tmp.conf",
|
|
Password: testPw,
|
|
LogN: 10,
|
|
Creator: "test",
|
|
AESSIV: true})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !c.IsFeatureFlagSet(FlagAESSIV) {
|
|
t.Error("AESSIV flag should be set but is not")
|
|
}
|
|
}
|
|
|
|
func TestIsFeatureFlagKnown(t *testing.T) {
|
|
// Test a few hardcoded values
|
|
testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "AESSIV"}
|
|
// And also everything in knownFlags (yes, it is likely that we end up with
|
|
// some duplicates. Does not matter.)
|
|
for _, f := range knownFlags {
|
|
testKnownFlags = append(testKnownFlags, f)
|
|
}
|
|
|
|
for _, f := range testKnownFlags {
|
|
if !isFeatureFlagKnown(f) {
|
|
t.Errorf("flag %q should be known", f)
|
|
}
|
|
}
|
|
|
|
f := "StrangeFeatureFlag"
|
|
if isFeatureFlagKnown(f) {
|
|
t.Errorf("flag %q should be NOT known", f)
|
|
}
|
|
}
|