libgocryptfs/internal/configfile/config_test.go

package configfile

import (
	"fmt"
	"testing"
	"time"

	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)

var testPw = []byte("test")

func TestLoadV1(t *testing.T) {
	_, _, err := LoadAndDecrypt("config_test/v1.conf", testPw)
	if err == nil {
		t.Errorf("Outdated v1 config file must fail to load but it didn't")
	} else if testing.Verbose() {
		fmt.Println(err)
	}
}

// Load a known-good config file and verify that it takes at least 100ms
// (brute-force protection)
func TestLoadV2(t *testing.T) {
	t1 := time.Now()

	_, _, err := LoadAndDecrypt("config_test/v2.conf", testPw)
	if err != nil {
		t.Errorf("Could not load v2 config file: %v", err)
	}

	elapsed := time.Since(t1)
	if elapsed < 100*time.Millisecond {
		t.Errorf("scrypt calculation runs too fast: %d ms", elapsed/time.Millisecond)
	}
}

func TestLoadV2PwdError(t *testing.T) {
	if !testing.Verbose() {
		tlog.Warn.Enabled = false
	}
	_, _, err := LoadAndDecrypt("config_test/v2.conf", []byte("wrongpassword"))
	if err == nil {
		t.Errorf("Loading with wrong password must fail but it didn't")
	}
}

func TestLoadV2Feature(t *testing.T) {
	_, _, err := LoadAndDecrypt("config_test/PlaintextNames.conf", testPw)
	if err != nil {
		t.Errorf("Could not load v2 PlaintextNames config file: %v", err)
	}
}

func TestLoadV2StrangeFeature(t *testing.T) {
	_, _, err := LoadAndDecrypt("config_test/StrangeFeature.conf", testPw)
	if err == nil {
		t.Errorf("Loading unknown feature must fail but it didn't")
	} else if testing.Verbose() {
		fmt.Println(err)
	}
}

func TestCreateConfDefault(t *testing.T) {
	err := Create(&CreateArgs{
		Filename: "config_test/tmp.conf",
		Password: testPw,
		LogN:     10,
		Creator:  "test"})
	if err != nil {
		t.Fatal(err)
	}
	_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
	if err != nil {
		t.Fatal(err)
	}
	// Check that all expected feature flags are set
	want := []flagIota{
		FlagGCMIV128, FlagDirIV, FlagEMENames, FlagLongNames,
		FlagRaw64, FlagHKDF,
	}
	for _, f := range want {
		if !c.IsFeatureFlagSet(f) {
			t.Errorf("Feature flag %q should be set but is not", knownFlags[f])
		}
	}
}

func TestCreateConfDevRandom(t *testing.T) {
	err := Create(&CreateArgs{
		Filename:  "config_test/tmp.conf",
		Password:  testPw,
		LogN:      10,
		Creator:   "test",
		Devrandom: true})
	if err != nil {
		t.Fatal(err)
	}
}

func TestCreateConfPlaintextnames(t *testing.T) {
	err := Create(&CreateArgs{
		Filename:       "config_test/tmp.conf",
		Password:       testPw,
		PlaintextNames: true,
		LogN:           10,
		Creator:        "test"})
	if err != nil {
		t.Fatal(err)
	}
	_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
	if err != nil {
		t.Fatal(err)
	}
	// Check that all expected feature flags are set
	want := []flagIota{
		FlagGCMIV128, FlagHKDF,
	}
	for _, f := range want {
		if !c.IsFeatureFlagSet(f) {
			t.Errorf("Feature flag %q should be set but is not", knownFlags[f])
		}
	}
}

// Reverse mode uses AESSIV
func TestCreateConfFileAESSIV(t *testing.T) {
	err := Create(&CreateArgs{
		Filename: "config_test/tmp.conf",
		Password: testPw,
		LogN:     10,
		Creator:  "test",
		AESSIV:   true})
	if err != nil {
		t.Fatal(err)
	}
	_, c, err := LoadAndDecrypt("config_test/tmp.conf", testPw)
	if err != nil {
		t.Fatal(err)
	}
	if !c.IsFeatureFlagSet(FlagAESSIV) {
		t.Error("AESSIV flag should be set but is not")
	}
}

func TestIsFeatureFlagKnown(t *testing.T) {
	// Test a few hardcoded values
	testKnownFlags := []string{"DirIV", "PlaintextNames", "EMENames", "GCMIV128", "LongNames", "AESSIV"}
	// And also everything in knownFlags (yes, it is likely that we end up with
	// some duplicates. Does not matter.)
	for _, f := range knownFlags {
		testKnownFlags = append(testKnownFlags, f)
	}

	for _, f := range testKnownFlags {
		if !isFeatureFlagKnown(f) {
			t.Errorf("flag %q should be known", f)
		}
	}

	f := "StrangeFeatureFlag"
	if isFeatureFlagKnown(f) {
		t.Errorf("flag %q should be NOT known", f)
	}
}