Writing to the ciphertext files can rewrite the header. This
would mean we had to re-encrypt the whole file with the new IV.
This could be made more fine-grained, for example allowing
writes to everywhere but the header. However, this is
something that needs a lot of testing to ensure correctness.
Writing to the ciphertext is a niche use case of the niche
use case of using reverse mode, so it is unlikely it would
get the test coverage it needs.
To be safe, we deny all modifications of the ciphertext with
read-only filesystem error (EROFS) if uniqueIV is enabled.
Reverse mode with uniqueIV disabled still supports writing,
if somebody really needs it. This use case is not covered
by the test suite at the moment.
For now, the IVs are constant. This is fixed in a later commit.
They are enabled by default to make testing easier.
The whole thing passes the test suite on x86 and x86_64.
Disable block cache (in EncFS) and stat cache (in kernel).
This is needed if the backing files may be modified
behind the back of EncFS (for example, when you mount
an encrypted filesystem exported by encfs --reverse).
The reverse grow tests fail when this option is not passed to the
decrypting mount.
By default, the kernel caches file metadata for one second.
This is fine for EncFS' normal mode, but for --reverse, this
means that the encrypted view will be up to one second out of
date.
This causes the reverse grow tests to fail because stale stat()
data is returned.
This is something that should really not happen, it makes
sense to have the user examine the situation himself.
Behavoir was:
23:00:42 (FileUtils.cpp:379) Archive exception: XML start/end tag mismatch - uniqueIV
23:00:42 (FileUtils.cpp:337) Found config file /tmp/a/ciphertext/.encfs6.xml, but failed to load
Creating new encrypted volume.
Please choose from one of the following options:
...
Now it exits with:
23:13:04 (FileUtils.cpp:337) Found config file /tmp/a/ciphertext/.encfs6.xml, but failed to load - exiting
Use "make test" or "make test-verbose" to run.
Note that "make test" seems to be more common than "make tests", hence the
change.
Also, use a new clean directory directory as a working area for each run
Created using mkdtemp and deleted in cleanup()
Used to fail with
Unsuccessful stat on filename containing newline at tests.t line 196.
umount: /tmp/crypt-11388: Permission denied
not ok 44 - unmount ok, mount point removed
# Failed test 'unmount ok, mount point removed'
# at tests.t line 205
now all tests pass.
Add a simple cli-based test infrastructure with a few tests
to prepare future code changes.
Note that these cannot be run on Travis CI as it does not support
FUSE.
Expected output:
$ tests/run.sh
1 Running unit tests: OK
*** running test_corruption.sh
2 Reading file: OK
3 Reading corrupted file: OK
4 Reading file with MAC: OK
5 Corruption with MAC returns IO error: OK
*** running test_file_expansion.sh
6 Creating files of different sizes: : OK
7 Growing file: OK
8 Internal modification: OK
*** All tests OK