diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.in | 12 | ||||
| -rw-r--r-- | tests/kernel/Makefile.am | 1 | ||||
| -rw-r--r-- | tests/kernel/Makefile.in | 13 | ||||
| -rwxr-xr-x | tests/kernel/lp-509180.sh | 9 | ||||
| -rw-r--r-- | tests/kernel/lp-509180/test.c | 130 | ||||
| -rwxr-xr-x | tests/kernel/lp-872905.sh | 8 | ||||
| -rwxr-xr-x | tests/kernel/namelen.sh | 58 | ||||
| -rw-r--r-- | tests/kernel/tests.rc | 2 | ||||
| -rw-r--r-- | tests/kernel/xattr/test.c | 74 | ||||
| -rw-r--r-- | tests/lib/Makefile.in | 16 | ||||
| -rw-r--r-- | tests/lib/etl_add_passphrase_key_to_keyring.c | 4 | ||||
| -rw-r--r-- | tests/lib/etl_funcs.sh | 44 | ||||
| -rw-r--r-- | tests/userspace/Makefile.am | 15 | ||||
| -rw-r--r-- | tests/userspace/Makefile.in | 76 | ||||
| -rw-r--r-- | tests/userspace/tests.rc | 2 | ||||
| -rwxr-xr-x | tests/userspace/v1-to-v2-wrapped-passphrase.sh | 63 | ||||
| -rw-r--r-- | tests/userspace/v1-to-v2-wrapped-passphrase/test.c | 189 | ||||
| -rwxr-xr-x | tests/userspace/wrap-unwrap.sh | 7 |
18 files changed, 612 insertions, 111 deletions
diff --git a/tests/Makefile.in b/tests/Makefile.in index 00b4977..4f77156 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -85,9 +85,9 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ $(top_srcdir)/m4/ac_python_devel.m4 \ - $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -393,9 +393,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign tests/Makefile + $(AUTOMAKE) --gnu tests/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/tests/kernel/Makefile.am b/tests/kernel/Makefile.am index 5758677..acf0349 100644 --- a/tests/kernel/Makefile.am +++ b/tests/kernel/Makefile.am @@ -28,6 +28,7 @@ dist_noinst_SCRIPTS = directory-concurrent.sh \ mmap-bmap.sh \ mmap-close.sh \ mmap-dir.sh \ + namelen.sh \ read-dir.sh \ setattr-flush-dirty.sh \ trunc-file.sh diff --git a/tests/kernel/Makefile.in b/tests/kernel/Makefile.in index 85e3355..d2d2144 100644 --- a/tests/kernel/Makefile.in +++ b/tests/kernel/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -106,9 +106,9 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ $(top_srcdir)/m4/ac_python_devel.m4 \ - $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -492,6 +492,7 @@ dist_noinst_SCRIPTS = directory-concurrent.sh \ mmap-bmap.sh \ mmap-close.sh \ mmap-dir.sh \ + namelen.sh \ read-dir.sh \ setattr-flush-dirty.sh \ trunc-file.sh @@ -528,9 +529,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/kernel/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/kernel/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign tests/kernel/Makefile + $(AUTOMAKE) --gnu tests/kernel/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ diff --git a/tests/kernel/lp-509180.sh b/tests/kernel/lp-509180.sh index 854bd56..fa7cc72 100755 --- a/tests/kernel/lp-509180.sh +++ b/tests/kernel/lp-509180.sh @@ -22,6 +22,7 @@ test_script_dir=$(dirname $0) rc=1 test_dir="" +xattr_opt="" . ${test_script_dir}/../lib/etl_funcs.sh @@ -48,14 +49,18 @@ echo "testing 1 2 3" > $test_dir/test_file old_sum=`md5sum $test_dir/test_file | cut -d ' ' -f 1` lower_file=`ls $ETL_MOUNT_SRC/ECRYPTFS*/*` +if etl_is_mount_opt_set "ecryptfs_xattr_metadata" ; then + xattr_opt="-x" +fi + # Increment 9th byte so that eCryptfs marker fails validation -${test_script_dir}/lp-509180/test -i $lower_file || exit +${test_script_dir}/lp-509180/test -i $xattr_opt $lower_file || exit etl_umount etl_mount_i || exit cat $test_dir/test_file &> /dev/null # Decrement 9th byte so that eCryptfs marker passes validation -${test_script_dir}/lp-509180/test -d $lower_file || exit +${test_script_dir}/lp-509180/test -d $xattr_opt $lower_file || exit new_sum=`md5sum $test_dir/test_file | cut -d ' ' -f 1` # md5sums should be the same diff --git a/tests/kernel/lp-509180/test.c b/tests/kernel/lp-509180/test.c index 5b4886b..60cd017 100644 --- a/tests/kernel/lp-509180/test.c +++ b/tests/kernel/lp-509180/test.c @@ -26,6 +26,7 @@ #include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> +#include <attr/xattr.h> #define TEST_ERROR (2) @@ -33,12 +34,99 @@ #define OPT_INC (0x0001) #define OPT_DEC (0x0002) +#define OPT_XATTR (0x0004) void usage(char *name) { - fprintf(stderr, "Usage: [-i | -d] file\n"); + fprintf(stderr, "Usage: [-i | -d] [-x] file\n"); } +static int test_with_metadata_in_header(int fd, int flags) +{ + unsigned char buffer[1]; + + if ((lseek(fd, (off_t)OFFSET, SEEK_SET)) < 0) { + fprintf(stderr, "Cannot lseek to offset %d: %s\n", + OFFSET, strerror(errno)); + return TEST_ERROR; + } + + if (read(fd, buffer, sizeof(buffer)) != sizeof(buffer)) { + fprintf(stderr, "Failed to read\n"); + return TEST_ERROR; + } + + if (flags & OPT_INC) + buffer[0]++; + + if (flags & OPT_DEC) + buffer[0]--; + + if ((lseek(fd, (off_t)OFFSET, SEEK_SET)) < 0) { + fprintf(stderr, "Cannot lseek to offset %d: %s\n", + OFFSET, strerror(errno)); + return TEST_ERROR; + } + + if (write(fd, buffer, sizeof(buffer)) != sizeof(buffer)) { + fprintf(stderr, "Failed to write\n"); + return TEST_ERROR; + } + + return 0; +} + +static int test_with_metadata_in_xattr(int fd, int flags) +{ + const char *name = "user.ecryptfs"; + unsigned char *value = NULL; + ssize_t nread, size = 0; + int rc = TEST_ERROR; + + size = fgetxattr(fd, name, value, size); + if (size < 0) { + fprintf(stderr, "Cannot retrieve xattr size: %s\n", + strerror(errno)); + goto out; + } + + value = malloc(size); + if (!value) { + fprintf(stderr, + "Cannot allocate memory to store the xattr value\n"); + goto out; + } + + nread = fgetxattr(fd, name, value, size); + if (nread != size) { + if (nread < 0) + fprintf(stderr, "Cannot read xattr: %s\n", + strerror(errno)); + else + fprintf(stderr, "Partial xattr read: %zu < %zu\n", + nread, size); + goto out; + } + + if (flags & OPT_INC) + value[OFFSET]++; + + if (flags & OPT_DEC) + value[OFFSET]--; + + if (fsetxattr(fd, name, value, size, XATTR_REPLACE) < 0) { + fprintf(stderr, "Cannot write xattr: %s\n", strerror(errno)); + goto out; + } + + rc = 0; +out: + free(value); + + return rc; +} + + /* * https://bugs.launchpad.net/ecryptfs/+bug/509180 * Increment/Decrement 9th byte in lower file @@ -49,14 +137,13 @@ int main(int argc, char **argv) int opt, flags = 0; int rc = 0; char *file; - unsigned char buffer[1]; if (argc < 3) { usage(argv[0]); exit(TEST_ERROR); } - while ((opt = getopt(argc, argv, "id")) != -1) { + while ((opt = getopt(argc, argv, "idx")) != -1) { switch (opt) { case 'i': flags |= OPT_INC; @@ -64,6 +151,9 @@ int main(int argc, char **argv) case 'd': flags |= OPT_DEC; break; + case 'x': + flags |= OPT_XATTR; + break; default: usage(argv[0]); exit(TEST_ERROR); @@ -82,36 +172,10 @@ int main(int argc, char **argv) exit(TEST_ERROR); } - if ((lseek(fd, (off_t)OFFSET, SEEK_SET)) < 0) { - fprintf(stderr, "Cannot lseek to offset %d in %s : %s\n", - OFFSET, file, strerror(errno)); - rc = TEST_ERROR; - goto tidy; - } - - if (read(fd, buffer, sizeof(buffer)) != sizeof(buffer)) { - fprintf(stderr, "Failed to read\n"); - rc = TEST_ERROR; - goto tidy; - } - - if (flags & OPT_INC) - buffer[0]++; - - if (flags & OPT_DEC) - buffer[0]--; - - if ((lseek(fd, (off_t)OFFSET, SEEK_SET)) < 0) { - fprintf(stderr, "Cannot lseek to offset %d in %s : %s\n", - OFFSET, file, strerror(errno)); - rc = TEST_ERROR; - goto tidy; - } - - if (write(fd, buffer, sizeof(buffer)) != sizeof(buffer)) { - fprintf(stderr, "Failed to write\n"); - rc = TEST_ERROR; - } + if (flags & OPT_XATTR) + rc = test_with_metadata_in_xattr(fd, flags); + else + rc = test_with_metadata_in_header(fd, flags); tidy: if (close(fd) < 0) { diff --git a/tests/kernel/lp-872905.sh b/tests/kernel/lp-872905.sh index 59244b8..55c4dfa 100755 --- a/tests/kernel/lp-872905.sh +++ b/tests/kernel/lp-872905.sh @@ -66,11 +66,13 @@ if [ $? -ne 0 ]; then fi # -# We shouldn't have a lower file created of zero bytes size if -# the bug is fixed +# If xattr metadata is not enabled, we shouldn't have a zero length lower file. +# If xattr metadata is enabled, the expected lower file size is 0. # sz=$(stat -c%s $lower_test_file) -if [ $sz -ne 0 ]; then +if ! etl_is_mount_opt_set "ecryptfs_xattr_metadata" && [ $sz -ne 0 ]; then + rc=0 +elif etl_is_mount_opt_set "ecryptfs_xattr_metadata" && [ $sz -eq 0 ]; then rc=0 fi diff --git a/tests/kernel/namelen.sh b/tests/kernel/namelen.sh new file mode 100755 index 0000000..1a17455 --- /dev/null +++ b/tests/kernel/namelen.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# +# namelen.sh: Test for validating namelen reported by eCryptfs +# Author: Tyler Hicks <tyhicks@canonical.com> +# +# Copyright (C) 2014 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation version 2 +# of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +test_script_dir=$(dirname $0) +rc=1 + +. ${test_script_dir}/../lib/etl_funcs.sh + +test_cleanup() +{ + etl_remove_test_dir "$test_dir" + etl_umount + etl_lumount + etl_unlink_keys + exit $rc +} +trap test_cleanup 0 1 2 3 15 + +etl_add_keys || exit +etl_lmount || exit +etl_mount_i || exit +test_dir=$(etl_create_test_dir) || exit +test_file="$test_dir/a" + +namelen=$(getconf NAME_MAX "$test_dir") +[ $namelen -le 0 ] && exit + +# Make sure we can create any file up to namelen chars long +for ((i=1; i <= $namelen; i++)); do + touch "$test_file" || exit + rm $test_file + test_file+=a +done + +# Throw an error if creating a file (namelen + 1) chars long succeeds +test_file+=a +touch "$test_file" 2>/dev/null && exit + +rc=0 +exit diff --git a/tests/kernel/tests.rc b/tests/kernel/tests.rc index 269266a..5c08810 100644 --- a/tests/kernel/tests.rc +++ b/tests/kernel/tests.rc @@ -1,2 +1,2 @@ destructive="miscdev-bad-count.sh extend-file-random.sh trunc-file.sh directory-concurrent.sh file-concurrent.sh lp-994247.sh" -safe="llseek.sh lp-469664.sh lp-524919.sh lp-509180.sh lp-613873.sh lp-745836.sh lp-870326.sh lp-885744.sh lp-926292.sh inotify.sh mmap-bmap.sh mmap-close.sh mmap-dir.sh read-dir.sh setattr-flush-dirty.sh inode-race-stat.sh lp-1009207.sh enospc.sh lp-911507.sh lp-872905.sh lp-561129.sh mknod.sh link.sh xattr.sh" +safe="llseek.sh lp-469664.sh lp-524919.sh lp-509180.sh lp-613873.sh lp-745836.sh lp-870326.sh lp-885744.sh lp-926292.sh inotify.sh mmap-bmap.sh mmap-close.sh mmap-dir.sh read-dir.sh setattr-flush-dirty.sh inode-race-stat.sh lp-1009207.sh enospc.sh lp-911507.sh lp-872905.sh lp-561129.sh mknod.sh link.sh xattr.sh namelen.sh" diff --git a/tests/kernel/xattr/test.c b/tests/kernel/xattr/test.c index a552fbc..e2f819d 100644 --- a/tests/kernel/xattr/test.c +++ b/tests/kernel/xattr/test.c @@ -26,6 +26,8 @@ #include <errno.h> #include <sys/xattr.h> +#define XATTR_METADATA_NAME "user.ecryptfs" + static const char *names[] = { "user.test1", "user.test2", @@ -40,20 +42,42 @@ static const char *values[] = { NULL }; +static void usage(const char *name) +{ + fprintf(stderr, "Usage: %s [-x] file\n", name); +} + int main(int argc, char **argv) { ssize_t len, names_len = 0; - int i, rc; + int i, rc, xattr_metadata = 0; char buffer[1024]; - char *ptr = buffer; + char *file, *ptr = buffer; - if (argc != 2) { - fprintf(stderr, "Usage: %s file\n", argv[0]); + if (argc < 2 || argc > 3) { + usage(argv[0]); exit(EXIT_FAILURE); } + file = argv[1]; + + if (argc == 3) { + if (strcmp(argv[1], "-x")) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + file = argv[2]; + + /* + * The XATTR_METADATA_NAME xattr is set. Account for it in + * future sanity checks. + */ + xattr_metadata = 1; + names_len = 1 + strlen(XATTR_METADATA_NAME); + } + for (i = 0; names[i]; i++) { - if (setxattr(argv[1], names[i], values[i], strlen(values[i]), 0) < 0) + if (setxattr(file, names[i], values[i], strlen(values[i]), 0) < 0) exit(EXIT_FAILURE); names_len += 1 + strlen(names[i]); } @@ -61,28 +85,42 @@ int main(int argc, char **argv) /* * Sanity check that listxattr returns correct length */ - len = listxattr(argv[1], NULL, 0); - if (len != names_len) + len = listxattr(file, NULL, 0); + if (len != names_len || len > sizeof(buffer)) exit(EXIT_FAILURE); - len = listxattr(argv[1], buffer, sizeof(buffer)); - if (len < 0) + memset(buffer, 0, sizeof(buffer)); + + len = listxattr(file, buffer, sizeof(buffer)); + if (len != names_len) exit(EXIT_FAILURE); /* * Check listxattr names match what has been just set */ - for (i = 0; names[i]; i++) { - if (strcmp(names[i], ptr)) + for (ptr = buffer; *ptr; ptr += strlen(ptr) + 1) { + int matched = 0; + + if (xattr_metadata && !strcmp(XATTR_METADATA_NAME, ptr)) + continue; + + for (i = 0; names[i]; i++) { + if (strcmp(names[i], ptr)) + continue; + + matched = 1; + break; + } + + if (!matched) exit(EXIT_FAILURE); - ptr += strlen(ptr) + 1; } /* * Check contents of xattr */ for (i = 0; names[i]; i++) { - len = getxattr(argv[1], names[i], buffer, sizeof(buffer)); + len = getxattr(file, names[i], buffer, sizeof(buffer)); if (len < 0) exit(EXIT_FAILURE); buffer[len] = '\0'; @@ -95,16 +133,18 @@ int main(int argc, char **argv) * Remove xattr */ for (i = 0; names[i]; i++) { - rc = removexattr(argv[1], names[i]); + rc = removexattr(file, names[i]); if (rc < 0) exit(EXIT_FAILURE); + names_len -= 1 + strlen(names[i]); } /* - * ..and there should be no xattrs left + * ..and the only xattrs that should be left are those that were + * already there when the test started */ - len = listxattr(argv[1], NULL, 0); - if (len != 0) + len = listxattr(file, NULL, 0); + if (len != names_len) exit(EXIT_FAILURE); exit(EXIT_SUCCESS); diff --git a/tests/lib/Makefile.in b/tests/lib/Makefile.in index 2a431ae..e6866a6 100644 --- a/tests/lib/Makefile.in +++ b/tests/lib/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -87,9 +87,9 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ $(top_srcdir)/m4/ac_python_devel.m4 \ - $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -388,9 +388,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/lib/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/lib/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign tests/lib/Makefile + $(AUTOMAKE) --gnu tests/lib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -436,14 +436,14 @@ distclean-compile: @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: @am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/tests/lib/etl_add_passphrase_key_to_keyring.c b/tests/lib/etl_add_passphrase_key_to_keyring.c index 2a9c265..b0e6843 100644 --- a/tests/lib/etl_add_passphrase_key_to_keyring.c +++ b/tests/lib/etl_add_passphrase_key_to_keyring.c @@ -36,6 +36,10 @@ int main(int argc, char *argv[]) return EINVAL; } + rc = ecryptfs_validate_keyring(); + if (rc) + return errno; + from_hex(salt, argv[2], ECRYPTFS_SALT_SIZE); rc = ecryptfs_add_passphrase_key_to_keyring(auth_tok_sig_hex, argv[1], salt); diff --git a/tests/lib/etl_funcs.sh b/tests/lib/etl_funcs.sh index 7803008..e8261e0 100644 --- a/tests/lib/etl_funcs.sh +++ b/tests/lib/etl_funcs.sh @@ -447,6 +447,38 @@ etl_lmax_filesize() echo $blks } +_etl_init_mount_opts() +{ + if [ -z "$ETL_MOUNT_OPTS" ]; then + opts=$default_mount_opts + + if [ -n "$ETL_FNEK_SIG" ]; then + opts="$default_fne_mount_opts" + fi + + if [ -n "$ETL_APPENDED_MOUNT_OPTS" ]; then + opts="${opts},${ETL_APPENDED_MOUNT_OPTS}" + fi + + export ETL_MOUNT_OPTS=$(eval "echo $opts") + fi +} + +etl_is_mount_opt_set() +{ + if [ -z "$1" ]; then + return 1 + fi + + _etl_init_mount_opts + + if [[ ! $ETL_MOUNT_OPTS =~ (^|,)$1($|,) ]]; then + return 1 + fi + + return 0 +} + # # etl_mount_i # @@ -461,15 +493,9 @@ etl_mount_i() if [ -z "$ETL_MOUNT_SRC" ] || [ -z "$ETL_MOUNT_DST" ]; then return 1 fi - if [ -z "$ETL_MOUNT_OPTS" ]; then - if [ -n "ETL_FNEK_SIG" ]; then - export ETL_MOUNT_OPTS=$(eval \ - "echo $default_fne_mount_opts") - else - export ETL_MOUNT_OPTS=$(eval "echo $default_mount_opts") - fi - fi - + + _etl_init_mount_opts + mount -it ecryptfs -o "$ETL_MOUNT_OPTS" \ "$ETL_MOUNT_SRC" "$ETL_MOUNT_DST" } diff --git a/tests/userspace/Makefile.am b/tests/userspace/Makefile.am index 5f61d5a..7bf0879 100644 --- a/tests/userspace/Makefile.am +++ b/tests/userspace/Makefile.am @@ -1,17 +1,15 @@ AUTOMAKE_OPTIONS = subdir-objects # Only place tests worth of 'make check' here. All other tests are noinst. -dist_check_SCRIPTS = lfs.sh verify-passphrase-sig.sh -check_PROGRAMS = lfs/test verify-passphrase-sig/test +dist_check_SCRIPTS = lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh v1-to-v2-wrapped-passphrase.sh +check_PROGRAMS = lfs/test verify-passphrase-sig/test wrap-unwrap/test v1-to-v2-wrapped-passphrase/test dist_noinst_DATA = tests.rc -dist_noinst_SCRIPTS = $(dist_check_SCRIPTS) \ - wrap-unwrap.sh +dist_noinst_SCRIPTS = $(dist_check_SCRIPTS) if ENABLE_TESTS -noinst_PROGRAMS = $(check_PROGRAMS) \ - wrap-unwrap/test +noinst_PROGRAMS = $(check_PROGRAMS) endif lfs_test_SOURCES = lfs/test.c @@ -22,5 +20,8 @@ verify_passphrase_sig_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.l wrap_unwrap_test_SOURCES = wrap-unwrap/test.c wrap_unwrap_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la -TESTS = lfs.sh verify-passphrase-sig.sh +v1_to_v2_wrapped_passphrase_test_SOURCES = v1-to-v2-wrapped-passphrase/test.c +v1_to_v2_wrapped_passphrase_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la + +TESTS = lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh v1-to-v2-wrapped-passphrase.sh diff --git a/tests/userspace/Makefile.in b/tests/userspace/Makefile.in index da54c3e..f7bda22 100644 --- a/tests/userspace/Makefile.in +++ b/tests/userspace/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -81,9 +81,9 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ target_triplet = @target@ -check_PROGRAMS = lfs/test$(EXEEXT) verify-passphrase-sig/test$(EXEEXT) -@ENABLE_TESTS_TRUE@noinst_PROGRAMS = $(check_PROGRAMS) \ -@ENABLE_TESTS_TRUE@ wrap-unwrap/test$(EXEEXT) +check_PROGRAMS = lfs/test$(EXEEXT) verify-passphrase-sig/test$(EXEEXT) \ + wrap-unwrap/test$(EXEEXT) \ + v1-to-v2-wrapped-passphrase/test$(EXEEXT) subdir = tests/userspace DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(dist_check_SCRIPTS) $(dist_noinst_SCRIPTS) \ @@ -92,9 +92,9 @@ DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pkg_swig.m4 \ $(top_srcdir)/m4/ac_python_devel.m4 \ - $(top_srcdir)/m4/intltool.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -111,6 +111,12 @@ AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = +am_v1_to_v2_wrapped_passphrase_test_OBJECTS = \ + v1-to-v2-wrapped-passphrase/test.$(OBJEXT) +v1_to_v2_wrapped_passphrase_test_OBJECTS = \ + $(am_v1_to_v2_wrapped_passphrase_test_OBJECTS) +v1_to_v2_wrapped_passphrase_test_DEPENDENCIES = \ + $(top_builddir)/src/libecryptfs/libecryptfs.la am_verify_passphrase_sig_test_OBJECTS = \ verify-passphrase-sig/test.$(OBJEXT) verify_passphrase_sig_test_OBJECTS = \ @@ -156,9 +162,12 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(lfs_test_SOURCES) $(verify_passphrase_sig_test_SOURCES) \ +SOURCES = $(lfs_test_SOURCES) \ + $(v1_to_v2_wrapped_passphrase_test_SOURCES) \ + $(verify_passphrase_sig_test_SOURCES) \ $(wrap_unwrap_test_SOURCES) DIST_SOURCES = $(lfs_test_SOURCES) \ + $(v1_to_v2_wrapped_passphrase_test_SOURCES) \ $(verify_passphrase_sig_test_SOURCES) \ $(wrap_unwrap_test_SOURCES) am__can_run_installinfo = \ @@ -596,17 +605,18 @@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = subdir-objects # Only place tests worth of 'make check' here. All other tests are noinst. -dist_check_SCRIPTS = lfs.sh verify-passphrase-sig.sh +dist_check_SCRIPTS = lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh v1-to-v2-wrapped-passphrase.sh dist_noinst_DATA = tests.rc -dist_noinst_SCRIPTS = $(dist_check_SCRIPTS) \ - wrap-unwrap.sh - +dist_noinst_SCRIPTS = $(dist_check_SCRIPTS) +@ENABLE_TESTS_TRUE@noinst_PROGRAMS = $(check_PROGRAMS) lfs_test_SOURCES = lfs/test.c verify_passphrase_sig_test_SOURCES = verify-passphrase-sig/test.c verify_passphrase_sig_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la wrap_unwrap_test_SOURCES = wrap-unwrap/test.c wrap_unwrap_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la -TESTS = lfs.sh verify-passphrase-sig.sh +v1_to_v2_wrapped_passphrase_test_SOURCES = v1-to-v2-wrapped-passphrase/test.c +v1_to_v2_wrapped_passphrase_test_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la +TESTS = lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh v1-to-v2-wrapped-passphrase.sh all: all-am .SUFFIXES: @@ -620,9 +630,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tests/userspace/Makefile'; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu tests/userspace/Makefile'; \ $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --foreign tests/userspace/Makefile + $(AUTOMAKE) --gnu tests/userspace/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -670,6 +680,19 @@ lfs/test.$(OBJEXT): lfs/$(am__dirstamp) lfs/$(DEPDIR)/$(am__dirstamp) lfs/test$(EXEEXT): $(lfs_test_OBJECTS) $(lfs_test_DEPENDENCIES) $(EXTRA_lfs_test_DEPENDENCIES) lfs/$(am__dirstamp) @rm -f lfs/test$(EXEEXT) $(AM_V_CCLD)$(LINK) $(lfs_test_OBJECTS) $(lfs_test_LDADD) $(LIBS) +v1-to-v2-wrapped-passphrase/$(am__dirstamp): + @$(MKDIR_P) v1-to-v2-wrapped-passphrase + @: > v1-to-v2-wrapped-passphrase/$(am__dirstamp) +v1-to-v2-wrapped-passphrase/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) v1-to-v2-wrapped-passphrase/$(DEPDIR) + @: > v1-to-v2-wrapped-passphrase/$(DEPDIR)/$(am__dirstamp) +v1-to-v2-wrapped-passphrase/test.$(OBJEXT): \ + v1-to-v2-wrapped-passphrase/$(am__dirstamp) \ + v1-to-v2-wrapped-passphrase/$(DEPDIR)/$(am__dirstamp) + +v1-to-v2-wrapped-passphrase/test$(EXEEXT): $(v1_to_v2_wrapped_passphrase_test_OBJECTS) $(v1_to_v2_wrapped_passphrase_test_DEPENDENCIES) $(EXTRA_v1_to_v2_wrapped_passphrase_test_DEPENDENCIES) v1-to-v2-wrapped-passphrase/$(am__dirstamp) + @rm -f v1-to-v2-wrapped-passphrase/test$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(v1_to_v2_wrapped_passphrase_test_OBJECTS) $(v1_to_v2_wrapped_passphrase_test_LDADD) $(LIBS) verify-passphrase-sig/$(am__dirstamp): @$(MKDIR_P) verify-passphrase-sig @: > verify-passphrase-sig/$(am__dirstamp) @@ -699,6 +722,7 @@ wrap-unwrap/test$(EXEEXT): $(wrap_unwrap_test_OBJECTS) $(wrap_unwrap_test_DEPEND mostlyclean-compile: -rm -f *.$(OBJEXT) -rm -f lfs/*.$(OBJEXT) + -rm -f v1-to-v2-wrapped-passphrase/*.$(OBJEXT) -rm -f verify-passphrase-sig/*.$(OBJEXT) -rm -f wrap-unwrap/*.$(OBJEXT) @@ -706,6 +730,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@lfs/$(DEPDIR)/test.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@v1-to-v2-wrapped-passphrase/$(DEPDIR)/test.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@verify-passphrase-sig/$(DEPDIR)/test.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@wrap-unwrap/$(DEPDIR)/test.Po@am__quote@ @@ -739,6 +764,7 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs -rm -rf lfs/.libs lfs/_libs + -rm -rf v1-to-v2-wrapped-passphrase/.libs v1-to-v2-wrapped-passphrase/_libs -rm -rf verify-passphrase-sig/.libs verify-passphrase-sig/_libs -rm -rf wrap-unwrap/.libs wrap-unwrap/_libs @@ -949,6 +975,20 @@ verify-passphrase-sig.sh.log: verify-passphrase-sig.sh --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +wrap-unwrap.sh.log: wrap-unwrap.sh + @p='wrap-unwrap.sh'; \ + b='wrap-unwrap.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +v1-to-v2-wrapped-passphrase.sh.log: v1-to-v2-wrapped-passphrase.sh + @p='v1-to-v2-wrapped-passphrase.sh'; \ + b='v1-to-v2-wrapped-passphrase.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) .test.log: @p='$<'; \ $(am__set_b); \ @@ -1032,6 +1072,8 @@ distclean-generic: -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -rm -f lfs/$(DEPDIR)/$(am__dirstamp) -rm -f lfs/$(am__dirstamp) + -rm -f v1-to-v2-wrapped-passphrase/$(DEPDIR)/$(am__dirstamp) + -rm -f v1-to-v2-wrapped-passphrase/$(am__dirstamp) -rm -f verify-passphrase-sig/$(DEPDIR)/$(am__dirstamp) -rm -f verify-passphrase-sig/$(am__dirstamp) -rm -f wrap-unwrap/$(DEPDIR)/$(am__dirstamp) @@ -1046,7 +1088,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ clean-noinstPROGRAMS mostlyclean-am distclean: distclean-am - -rm -rf lfs/$(DEPDIR) verify-passphrase-sig/$(DEPDIR) wrap-unwrap/$(DEPDIR) + -rm -rf lfs/$(DEPDIR) v1-to-v2-wrapped-passphrase/$(DEPDIR) verify-passphrase-sig/$(DEPDIR) wrap-unwrap/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1092,7 +1134,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf lfs/$(DEPDIR) verify-passphrase-sig/$(DEPDIR) wrap-unwrap/$(DEPDIR) + -rm -rf lfs/$(DEPDIR) v1-to-v2-wrapped-passphrase/$(DEPDIR) verify-passphrase-sig/$(DEPDIR) wrap-unwrap/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/tests/userspace/tests.rc b/tests/userspace/tests.rc index 326523d..a0e0987 100644 --- a/tests/userspace/tests.rc +++ b/tests/userspace/tests.rc @@ -1 +1 @@ -safe="lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh" +safe="lfs.sh verify-passphrase-sig.sh wrap-unwrap.sh v1-to-v2-wrapped-passphrase.sh" diff --git a/tests/userspace/v1-to-v2-wrapped-passphrase.sh b/tests/userspace/v1-to-v2-wrapped-passphrase.sh new file mode 100755 index 0000000..26dd17a --- /dev/null +++ b/tests/userspace/v1-to-v2-wrapped-passphrase.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# +# v1-to-v2-wrapped-passphrase.sh: Verify that v1 wrapped passphrase files can +# be unwrapped and then rewrapped as v2 files. +# Author: Tyler Hicks <tyhicks@canonical.com> +# +# Copyright (C) 2015 Canonical Ltd. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation version 2 +# of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +test_script_dir=$(dirname $0) +rc=1 + +. ${test_script_dir}/../lib/etl_funcs.sh + +test_cleanup() +{ + etl_remove_test_dir $test_dir + exit $rc +} +trap test_cleanup 0 1 2 3 15 + +do_test() +{ + ${test_script_dir}/v1-to-v2-wrapped-passphrase/test "$@" + rc=$? + if [ "$rc" -ne 0 ]; then + exit + fi +} + +test_dir_parent="$TMPDIR" +if [ -z "$test_dir_parent"]; then + test_dir_parent="/tmp" +fi + +test_dir=$(etl_create_test_dir "$test_dir_parent") || exit +cp "${test_script_dir}/v1-to-v2-wrapped-passphrase/wp"* "$test_dir" + +do_test "${test_dir}/wp01" "This is test #1" "Wrapping pass" "0011223344556677" + +do_test "${test_dir}/wp02" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" "0011223344556677" + +do_test "${test_dir}/wp03" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" "5a175a175a175a17" + +do_test "${test_dir}/wp04" "!" "*" "0011223344556677" + +do_test "${test_dir}/wp05" "!" "*" "0123456789abcdef" + +rc=0 +exit diff --git a/tests/userspace/v1-to-v2-wrapped-passphrase/test.c b/tests/userspace/v1-to-v2-wrapped-passphrase/test.c new file mode 100644 index 0000000..bd8e512 --- /dev/null +++ b/tests/userspace/v1-to-v2-wrapped-passphrase/test.c @@ -0,0 +1,189 @@ +/** + * test.c: Verify the migration from version 1 to version 2 wrapped-passphrase + * files + * Author: Tyler Hicks <tyhicks@canonical.com> + * + * Copyright (C) 2015 Canonical, Ltd. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA + */ + +#include <errno.h> +#include <stdio.h> +#include <string.h> +#include "../../src/include/ecryptfs.h" + +#define ECRYPTFS_MAX_KEY_HEX_BYTES (ECRYPTFS_MAX_KEY_BYTES * 2) + +#define NEW_WRAPPING_PASSPHRASE "The *new* eCryptfs wrapping passphrase." + +static void usage(const char *name) +{ + fprintf(stderr, + "%s FILENAME EXPECTED_PASS WRAPPING_PASS WRAPPING_SALT_HEX\n", + name); +} + +/** + * Returns 0 if the unwrap operation resulted in the expected decrypted + * passphrase + */ +static int verify_unwrap(char *expected_decrypted_passphrase, char *filename, + char *wrapping_passphrase, char *wrapping_salt) +{ + char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; + int rc; + + memset(decrypted_passphrase, 0, sizeof(decrypted_passphrase)); + + rc = ecryptfs_unwrap_passphrase(decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + if (rc) + return 1; + + if (strcmp(decrypted_passphrase, expected_decrypted_passphrase)) + return 1; + + return 0; +} + +/** + * Returns 0 if the *invalid* unwrap operations always fail + */ +static int verify_bad_unwrap(char *expected_decrypted_passphrase, char *filename, + char *wrapping_passphrase, char *wrapping_salt) +{ + char *last; + int rc; + + /* Increment first char in the wrapping_passphrase and verify that the + * unwrapping operation fails */ + wrapping_passphrase[0]++; + rc = verify_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + wrapping_passphrase[0]--; + if (!rc) + return 1; + + /* Increment last char in the wrapping_passphrase and verify that the + * unwrapping operation fails */ + last = wrapping_passphrase + (strlen(wrapping_passphrase) - 1); + (*last)++; + rc = verify_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + (*last)--; + if (!rc) + return 1; + + /* Perform a one's complement on the first char in the salt and verify + * that the unwrapping operation fails */ + wrapping_salt[0] = ~wrapping_salt[0]; + rc = verify_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + wrapping_salt[0] = ~wrapping_salt[0]; + if (!rc) + return 1; + + /* Perform a one's complement on the last char in the salt and verify + * that the unwrapping operation fails */ + last = wrapping_salt + (ECRYPTFS_SALT_SIZE - 1); + *last = ~(*last); + rc = verify_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + *last = ~(*last); + if (!rc) + return 1; + + return 0; +} + +static int do_rewrap(char *filename, char *old_wrapping_passphrase, + char *old_wrapping_salt, char *new_wrapping_passphrase) +{ + char decrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; + uint8_t version = 0; + int rc; + + memset(decrypted_passphrase, 0, sizeof(decrypted_passphrase)); + + rc = ecryptfs_unwrap_passphrase(decrypted_passphrase, filename, + old_wrapping_passphrase, + old_wrapping_salt); + if (rc) + return 1; + + rc = ecryptfs_wrap_passphrase(filename, new_wrapping_passphrase, NULL, + decrypted_passphrase); + if (rc) + return 1; + + rc = __ecryptfs_detect_wrapped_passphrase_file_version(filename, + &version); + if (version != 2) + return 1; + + return 0; +} + +int main(int argc, char *argv[]) +{ + char wrapping_salt[ECRYPTFS_SALT_SIZE]; + char *expected_decrypted_passphrase, *filename, *wrapping_passphrase, + *wrapping_salt_hex; + int rc; + + if (argc != 5) { + usage(argv[0]); + return EINVAL; + } + + filename = argv[1]; + expected_decrypted_passphrase = argv[2]; + wrapping_passphrase = argv[3]; + wrapping_salt_hex = argv[4]; + + if (strlen(expected_decrypted_passphrase) > ECRYPTFS_MAX_PASSPHRASE_BYTES || + strlen(wrapping_passphrase) > ECRYPTFS_MAX_PASSPHRASE_BYTES || + strlen(wrapping_salt_hex) != ECRYPTFS_SALT_SIZE_HEX) { + usage(argv[0]); + return EINVAL; + } + + from_hex(wrapping_salt, wrapping_salt_hex, ECRYPTFS_SALT_SIZE); + + rc = verify_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + if (rc) + return 1; + + rc = verify_bad_unwrap(expected_decrypted_passphrase, filename, + wrapping_passphrase, wrapping_salt); + if (rc) + return 2; + + rc = do_rewrap(filename, wrapping_passphrase, wrapping_salt, + NEW_WRAPPING_PASSPHRASE); + if (rc) + return 3; + + rc = verify_unwrap(expected_decrypted_passphrase, filename, + NEW_WRAPPING_PASSPHRASE, NULL); + if (rc) + return 4; + + return 0; +} + diff --git a/tests/userspace/wrap-unwrap.sh b/tests/userspace/wrap-unwrap.sh index f678cac..332834e 100755 --- a/tests/userspace/wrap-unwrap.sh +++ b/tests/userspace/wrap-unwrap.sh @@ -32,7 +32,12 @@ test_cleanup() } trap test_cleanup 0 1 2 3 15 -test_dir=$(etl_create_test_dir) || exit +test_dir_parent="$TMPDIR" +if [ -z "$test_dir_parent"]; then + test_dir_parent="/tmp" +fi + +test_dir=$(etl_create_test_dir "$test_dir_parent") || exit path="${test_dir}/foo" ${test_script_dir}/wrap-unwrap/test ${path} |