TEST_F(CryConfigFileTest, Cipher_CreateAndLoad) {
CryConfig cfg = Config();
cfg.SetCipher("twofish-128-cfb");
Create(std::move(cfg));
CryConfigFile loaded = Load().value();
EXPECT_EQ("twofish-128-cfb", loaded.config()->Cipher());
}
TEST_F(CryConfigFileTest, EncryptionKey_CreateAndLoad) {
CryConfig cfg = Config();
cfg.SetEncryptionKey("encryptionkey");
Create(std::move(cfg));
CryConfigFile loaded = Load().value();
EXPECT_EQ("encryptionkey", loaded.config()->EncryptionKey());
}
CryConfig CryConfigCreator::create(const optional<string> &cipherFromCommandLine) {
CryConfig config;
config.SetCipher(_generateCipher(cipherFromCommandLine));
config.SetEncryptionKey(_generateEncKey(config.Cipher()));
config.SetRootBlob(_generateRootBlobKey());
return config;
}
TEST_F(CryConfigFileTest, RootBlob_CreateAndLoad) {
CryConfig cfg = Config();
cfg.SetRootBlob("rootblobid");
Create(std::move(cfg));
CryConfigFile loaded = Load().value();
EXPECT_EQ("rootblobid", loaded.config()->RootBlob());
}
void CryConfigLoader::_checkVersion(const CryConfig &config) {
if (gitversion::VersionCompare::isOlderThan(gitversion::VersionString(), config.Version())) {
if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " and should not be opened with older versions. It is strongly recommended to update your CryFS version. However, if you have backed up your base directory and know what you're doing, you can continue trying to load it. Do you want to continue?")) {
throw std::runtime_error("Not trying to load file system.");
}
}
if (gitversion::VersionCompare::isOlderThan(config.Version(), gitversion::VersionString())) {
if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + ". It can be migrated to CryFS " + gitversion::VersionString() + ", but afterwards couldn't be opened anymore with older versions. Do you want to migrate it?")) {
throw std::runtime_error(string() + "Not migrating file system.");
}
}
}
TEST_P(CryConfigCreatorTest_ChooseCipher, ChoosesCipherCorrectly) {
if (cipherWarning == none) {
EXPECT_DONT_SHOW_WARNING();
} else {
EXPECT_SHOW_WARNING(*cipherWarning);
}
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher(cipherName));
CryConfig config = creator.create(none);
EXPECT_EQ(cipherName, config.Cipher());
}
CryConfig CryConfigCreator::create(const optional<string> &cipherFromCommandLine, const optional<uint32_t> &blocksizeBytesFromCommandLine) {
CryConfig config;
config.SetCipher(_generateCipher(cipherFromCommandLine));
config.SetVersion(gitversion::VersionString());
config.SetCreatedWithVersion(gitversion::VersionString());
config.SetBlocksizeBytes(_generateBlocksizeBytes(blocksizeBytesFromCommandLine));
config.SetRootBlob(_generateRootBlobKey());
config.SetEncryptionKey(_generateEncKey(config.Cipher()));
config.SetFilesystemId(_generateFilesystemID());
return config;
}
optional<CryConfigFile> CryConfigFile::load(const bf::path &path, const string &password) {
auto encryptedConfigData = Data::LoadFromFile(path);
if (encryptedConfigData == none) {
LOG(ERROR) << "Config file not found";
return none;
}
auto encryptor = CryConfigEncryptorFactory::loadKey(*encryptedConfigData, password);
if (encryptor == none) {
return none;
}
auto decrypted = (*encryptor)->decrypt(*encryptedConfigData);
if (decrypted == none) {
return none;
}
CryConfig config = CryConfig::load(decrypted->data);
if (config.Cipher() != decrypted->cipherName) {
LOG(ERROR) << "Inner cipher algorithm used to encrypt config file doesn't match config value";
return none;
}
return CryConfigFile(path, std::move(config), std::move(*encryptor));
}
TEST_F(CryConfigTest, Cipher_AfterSaveAndLoad) {
cfg.SetCipher("mycipher");
CryConfig loaded = SaveAndLoad(std::move(cfg));
EXPECT_EQ("mycipher", loaded.Cipher());
}
TEST_F(CryConfigTest, Cipher_AfterMove) {
cfg.SetCipher("mycipher");
CryConfig moved = std::move(cfg);
EXPECT_EQ("mycipher", moved.Cipher());
}
TEST_F(CryConfigTest, EncryptionKey_AfterSaveAndLoad) {
cfg.SetEncryptionKey("enckey");
CryConfig loaded = SaveAndLoad(std::move(cfg));
EXPECT_EQ("enckey", loaded.EncryptionKey());
}
TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_256) {
AnswerNoToDefaultSettings();
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-256-gcm"));
CryConfig config = creator.create(none, none);
cpputils::AES256_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
}
cpputils::unique_ref<blockstore::BlockStore> CryDevice::CreateEncryptedBlockStore(const CryConfig &config, unique_ref<BlockStore> baseBlockStore) {
//TODO Test that CryFS is using the specified cipher
return CryCiphers::find(config.Cipher()).createEncryptedBlockstore(std::move(baseBlockStore), config.EncryptionKey());
}
CryConfig Config() {
CryConfig result;
result.SetCipher("aes-256-gcm");
return result;
}
CryConfig SaveAndLoad(CryConfig cfg) {
Data configData = cfg.save();
return CryConfig::load(configData);
}
void CryConfigLoader::_checkCipher(const CryConfig &config) const {
if (_cipherFromCommandLine != none && config.Cipher() != *_cipherFromCommandLine) {
throw std::runtime_error(string() + "Filesystem uses " + config.Cipher() + " cipher and not " + *_cipherFromCommandLine + " as specified.");
}
}
TEST_F(CryConfigCreatorTest, ChoosesValidEncryptionKey_128) {
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseCipher("aes-128-gcm"));
CryConfig config = creator.create(none);
cpputils::AES128_GCM::EncryptionKey::FromString(config.EncryptionKey()); // This crashes if invalid
}
TEST_F(CryConfigCreatorTest, ChoosesEmptyRootBlobId) {
EXPECT_ASK_FOR_CIPHER().WillOnce(ChooseAnyCipher());
CryConfig config = creator.create(none);
EXPECT_EQ("", config.RootBlob()); // This tells CryFS to create a new root blob
}
TEST_F(CryConfigTest, RootBlob_AfterMove) {
cfg.SetRootBlob("rootblobid");
CryConfig moved = std::move(cfg);
EXPECT_EQ("rootblobid", moved.RootBlob());
}
TEST_F(CryConfigCreatorTest, SetsCorrectVersion) {
CryConfig config = noninteractiveCreator.create(none, none);
EXPECT_EQ(gitversion::VersionString(), config.Version());
}
void CreateWithCipher(const string &cipher, const TempFile &tempFile) {
CryConfig cfg;
cfg.SetCipher(cipher);
CryConfigFile::create(tempFile.path(), std::move(cfg), "mypassword", SCrypt::TestSettings);
}
TEST_F(CryConfigTest, RootBlob_AfterSaveAndLoad) {
cfg.SetRootBlob("rootblobid");
CryConfig loaded = SaveAndLoad(std::move(cfg));
EXPECT_EQ("rootblobid", loaded.RootBlob());
}
TEST_F(CryConfigTest, EncryptionKey_AfterMove) {
cfg.SetEncryptionKey("enckey");
CryConfig moved = std::move(cfg);
EXPECT_EQ("enckey", moved.EncryptionKey());
}
TEST_F(CryConfigCreatorTest, ChoosesEmptyRootBlobId) {
AnswerNoToDefaultSettings();
CryConfig config = creator.create(none, none);
EXPECT_EQ("", config.RootBlob()); // This tells CryFS to create a new root blob
}
