[QA] 1.5.2 Testplan

[jnweiger]

Encryption Test Plan

TODO: qualify test items from https://github.com/owncloud/enterprise/issues/4933#issuecomment-1005287788 to become regression test items here.

Setup

Setup details (click to view)

• Cloned from 135.181.147.142 (Erwin's HSM setup)
• env OC10_DNSNAME=oc1070-enc-hsm-DATE ./make_oc10_apps.sh encryption hsmdaemon-0.0.8.zip
• env OC10_DNSNAME=oc1070-enc150-hsm-DATE ./make_oc10_apps.sh encryption=1.5.0 hsmdaemon-0.0.8.zip

Testing functionality

The toplevel checkmark indictes the test was performed.
The indented checkmarks indicate the results were as expected.

• Enable the app
  • No problems found
• Disable and enable the app using CLI
  • No problems found
• Master Key Encryption
  occ encryption:enable
  occ encryption:select-encryption-type masterkey --yes
  • Uploaded files via client are stored encrypted. (Inspect with xxd)
  • Uploaded files via desktop are stored encrypted.
  • Files saved via TextEditor or Colabora are stored encrypted.
  • Files on external SFTP, WND storage are stored encrypted.
    • Test_Plan_Files_external_CLI.md:Change Mount option for an SFTP mount
      • option disable encryption is there.
      • disable, and check it with list command.
      • disable, and inspect files with xxd.
  • files added to the storge + occ file:scan are not encrypted.
  • move file from main storage to unencrypted external storage. The file gets decrypted on disk.
  • move file from unencrypted external storage to main storage. The file gets encrypted on disk.
  • move file one encrypted external storage to another encrypted external storage. The file gets encrypted on disk.

---

• Receiving fedrated share folder from an unencrypted server.
  • (See Test_Plan_External.md:) The admin adds an external site with different type of encryption from the external site settings page
    • The external site icon must be visible in the apps menu
  • (See Test_Plan_External.md:) The admin adds an external site with different type of encryption and clicks the icon on the apps menu
    • The external site page should not be visible in the webUI
  • Files added locally to the received folder are not encrypted.
  • Files added locally can be read by the remote server.
• Sending fedrated share folder to an unencrypted server.
  • Files added locally to the folder are encrypted.
  • Files can be cleanly read by feaderated servers.
• (See Test_Plan_Federated_Sharing.md:) Share a file (server A), in (server B) using different oC versions both servers with encryption
  • shared file can be seen from server B
• (See Test_Plan_Federated_Sharing.md:) Share a file with link (server A), add link to your owncloud (server B) using different O.C versions both servers with encryption
  • shared file can be seen from server B
• Public link to folder with file drop
  • files dropped into the folder are encrypted.
• Public link to folder with file drop in unencrypted SFTP drive
  • files dropped into the folder are not encrypted.

---

• (See Test_Plan_Files_Transfer_Ownership.md:) files:transfer-ownership with encryption enabled
  • (See Test_Plan_Files_Transfer_Ownership.md:) Transfer from user1 to user2, both users are in group "group1". Non-decrypted encrypted files
  • The files/folders are transferred to user2 and they do not appear for user1 any longer
  • Confirm user2 can read.

---

• update migration from previous core release
  • (See Test_Plan_Files_Transfer_Ownership.md:) * Create a file, encrypt the server and create another file after the encryption.
  • latest app on previous core can encrypt files, unencrypted files remain unencrypted.
  • update to latest oc10 succeeds. unencrypted files remain unencrypted.
  • decrypt works, encrypt of new files works.
• update migration from previous app release to current release
  • previous app release on current core can encrypt files
  • update to latest app succeeds.
  • decrypt works, encrypt of new files works.

---

• hsmdaemon + softHSM
  • Check Generated Keys (https://doc.owncloud.com/server/admin_manual/configuration/server/security/hsmdaemon/#initialize-and-check-generated-keys)
  • encrypt and decrypt with a generated key
  • hsmdaemon diagnostics
    • No errors during setup.
    • hsmdaemon logs to /var/www.hsm.log
    • no hsm-related errors in syslog journalctl -a | grep hsmdaemon
    • file upload: hsm debug log has "Requested","url":"/decrypt/...", Decrypting, Decrypt, module":"/usr/.../libsofthsm2.so, "slotID":757826573, "found object","id":"\u0013\ufffd?..., Decrypted
  • binary encryption works with hsm. xxd /var/www/owncloud/data/admin/files/Photos/Portugal.jpg | less
  • occ encryption:decrypt-all works
  • encrypted and unencrypted external storages work.

---

[jnweiger]

Changelog Testing

• Add increment option to fix-encrypted-version #279

Known issues from last release

• [QA] module does not exist error after disabling encryption [QA] module does not exist error after disabling encryption #280
• [QA] moving encrypted file to unencrypted FTP storage and back causes a decrypt error [QA] moving encrypted file to unencrypted FTP storage and back causes a decrypt error #281
• [QA] excessive log messages from hsmdaemon [QA] excessive syslog messages from hsmdaemon #286
• [QA] enabling encryption on non-empty external storage causes errors [QA] enabling encryption on non-empty external storage causes errors #287

[jnweiger]

Release done.