[QA] 1.5.2 Testplan

[jnweiger]

Encryption Test Plan

TODO: qualify test items from https://github.com/owncloud/enterprise/issues/4933#issuecomment-1005287788 to become regression test items here.

Setup

Setup details (click to view)

* Cloned from 135.181.147.142 (Erwin's HSM setup) * `env OC10_DNSNAME=oc1070-enc-hsm-DATE ./make_oc10_apps.sh encryption hsmdaemon-0.0.8.zip` * `env OC10_DNSNAME=oc1070-enc150-hsm-DATE ./make_oc10_apps.sh encryption=1.5.0 hsmdaemon-0.0.8.zip`

Testing functionality

The toplevel checkmark indictes the test was performed. The indented checkmarks indicate the results were as expected.

• [x] Enable the app
  • [x] No problems found
• [x] Disable and enable the app using CLI
  • [x] No problems found
• [x] Master Key Encryption occ encryption:enable occ encryption:select-encryption-type masterkey --yes
  • [x] Uploaded files via client are stored encrypted. (Inspect with xxd)
  • [x] Uploaded files via desktop are stored encrypted.
  • [x] Files saved via TextEditor or Colabora are stored encrypted.
  • [x] Files on external SFTP, WND storage are stored encrypted.
    • [x] Test_Plan_Files_external_CLI.md:Change Mount option for an SFTP mount
      • [x] option disable encryption is there.
      • [x] disable, and check it with list command.
      • [x] disable, and inspect files with xxd.
  • [x] files added to the storge + occ file:scan are not encrypted.
  • [x] move file from main storage to unencrypted external storage. The file gets decrypted on disk.
  • [x] move file from unencrypted external storage to main storage. The file gets encrypted on disk.

  • [x] move file one encrypted external storage to another encrypted external storage. The file gets encrypted on disk.

• [x] Receiving fedrated share folder from an unencrypted server.
  • [x] (See Test_Plan_External.md:) The admin adds an external site with different type of encryption from the external site settings page
    • [x] The external site icon must be visible in the apps menu
  • [x] (See Test_Plan_External.md:) The admin adds an external site with different type of encryption and clicks the icon on the apps menu
    • [x] The external site page should not be visible in the webUI
  • [x] Files added locally to the received folder are not encrypted.
  • [x] Files added locally can be read by the remote server.
• [x] Sending fedrated share folder to an unencrypted server.
  • [x] Files added locally to the folder are encrypted.
  • [x] Files can be cleanly read by feaderated servers.
• [x] (See Test_Plan_Federated_Sharing.md:) Share a file (server A), in (server B) using different oC versions both servers with encryption
  • [x] shared file can be seen from server B
• [x] (See Test_Plan_Federated_Sharing.md:) Share a file with link (server A), add link to your owncloud (server B) using different O.C versions both servers with encryption
  • [x] shared file can be seen from server B
• [x] Public link to folder with file drop
  • [x] files dropped into the folder are encrypted.
• [x] Public link to folder with file drop in unencrypted SFTP drive

  • [x] files dropped into the folder are not encrypted.

• [x] (See Test_Plan_Files_Transfer_Ownership.md:) files:transfer-ownership with encryption enabled
  • [x] (See Test_Plan_Files_Transfer_Ownership.md:) Transfer from user1 to user2, both users are in group "group1". Non-decrypted encrypted files
  • [x] The files/folders are transferred to user2 and they do not appear for user1 any longer

  • [x] Confirm user2 can read.

• [x] update migration from previous core release
  • [x] (See Test_Plan_Files_Transfer_Ownership.md:) * Create a file, encrypt the server and create another file after the encryption.
  • [x] latest app on previous core can encrypt files, unencrypted files remain unencrypted.
  • [x] update to latest oc10 succeeds. unencrypted files remain unencrypted.
  • [x] decrypt works, encrypt of new files works.
• [x] update migration from previous app release to current release
  • [x] previous app release on current core can encrypt files
  • [x] update to latest app succeeds.

  • [x] decrypt works, encrypt of new files works.

  • [ ] hsmdaemon + softHSM
  • [ ] Check Generated Keys (https://doc.owncloud.com/server/admin_manual/configuration/server/security/hsmdaemon/#initialize-and-check-generated-keys)
  • [ ] encrypt and decrypt with a generated key
  • [ ] hsmdaemon diagnostics
    • [ ] No errors during setup.
    • [ ] hsmdaemon logs to /var/www.hsm.log
    • [ ] no hsm-related errors in syslog journalctl -a | grep hsmdaemon
    • [ ] file upload: hsm debug log has "Requested","url":"/decrypt/...", Decrypting, Decrypt, module":"/usr/.../libsofthsm2.so, "slotID":757826573, "found object","id":"\u0013\ufffd?..., Decrypted
  • [ ] binary encryption works with hsm. xxd /var/www/owncloud/data/admin/files/Photos/Portugal.jpg | less
  • [ ] occ encryption:decrypt-all works

  • [ ] encrypted and unencrypted external storages work.

[jnweiger]

Changelog Testing

• [x] https://github.com/owncloud/encryption/pull/279

Known issues from last release

• [x] [QA] module does not exist error after disabling encryption #280
• [x] [QA] moving encrypted file to unencrypted FTP storage and back causes a decrypt error #281
• [x] [QA] excessive log messages from hsmdaemon #286
• [x] [QA] enabling encryption on non-empty external storage causes errors #287

[jnweiger]

Release done.