1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <string>
18 #include <vector>
19
20 #include <stdlib.h>
21 #include <sys/wait.h>
22 #include <unistd.h>
23
24 #include "directory_ex.h"
25 #include "fbex.h"
26 #include "file_ex.h"
27 #include "fscrypt_key_v1_ext.h"
28 #include "fscrypt_key_v1.h"
29 #include "fscrypt_key_v2.h"
30 #include "huks_master.h"
31 #include "key_blob.h"
32 #include "key_manager.h"
33 #include "libfscrypt/fscrypt_control.h"
34 #include "libfscrypt/fscrypt_sysparam.h"
35 #include "libfscrypt/fscrypt_utils.h"
36 #include "libfscrypt/key_control.h"
37 #include "securec.h"
38
39 using namespace testing::ext;
40 using namespace OHOS::StorageDaemon;
41
42 namespace {
43 const std::string TEST_MNT = "/data";
44 const std::string TEST_DIR_LEGACY = "/data/test/crypto_dir_legacy";
45 const std::string TEST_DIR_V2 = "/data/test/crypto_dir";
46 const std::string TEST_KEYPATH = "/data/test/key/el2/80";
47 const std::string TEST_KEYPATH_BAD = "/sys/test/keypath";
48 const std::string TEST_KEYDIR_VERSION0 = "/version_0";
49 const std::string TEST_KEYDIR_VERSION1 = "/version_1";
50 const std::string TEST_KEYDIR_VERSION2 = "/version_2";
51 const std::string TEST_KEYDIR_LATEST = "/latest";
52 const std::string TEST_KEYDIR_LATEST_BACKUP = "/latest_bak";
53 const std::string TEST_POLICY = "/data/test/policy";
54 const std::string USER_KEY_DIR = "/data/service/el1/public/storage_daemon/sd";
55 const std::string USER_KEY_EL1_DIR = USER_KEY_DIR + "/el1";
56 const std::string USER_KEY_EL2_DIR = USER_KEY_DIR + "/el2";
57 FscryptKeyV1 g_testKeyV1 {TEST_KEYPATH};
58 FscryptKeyV2 g_testKeyV2 {TEST_KEYPATH};
59 }
60
61 class CryptoKeyTest : public testing::Test {
62 public:
63 static void SetUpTestCase(void);
64 static void TearDownTestCase(void);
65 static int32_t ExecSdcBinary(std::vector<std::string> params, int isCrypt);
66 void SetUp();
67 void TearDown();
68 UserAuth emptyUserAuth {};
69 };
70
SetUpTestCase(void)71 void CryptoKeyTest::SetUpTestCase(void)
72 {
73 // input testsuit setup step,setup invoked before all testcases
74 }
75
TearDownTestCase(void)76 void CryptoKeyTest::TearDownTestCase(void)
77 {
78 // input testsuit teardown step,teardown invoked after all testcases
79 }
80
SetUp(void)81 void CryptoKeyTest::SetUp(void)
82 {
83 // input testcase setup step,setup invoked before each testcases
84 }
85
TearDown(void)86 void CryptoKeyTest::TearDown(void)
87 {
88 // input testcase teardown step,teardown invoked after each testcases
89 }
90
ExecSdcBinary(std::vector<std::string> params,int isCrypt)91 int32_t CryptoKeyTest::ExecSdcBinary(std::vector<std::string> params, int isCrypt)
92 {
93 pid_t pid = fork();
94 if (pid < 0) {
95 return -EINVAL;
96 }
97 if (pid == 0) {
98 int ret = -EINVAL;
99 if (!isCrypt) {
100 char * const argv[] = {
101 (char *)"/system/bin/sdc",
102 (char *)"nullcmd",
103 NULL
104 };
105 ret = execv(argv[0], argv);
106 } else if (params.size() == 0) {
107 char * const argv[] = {
108 (char *)"/system/bin/sdc",
109 NULL
110 };
111 ret = execv(argv[0], argv);
112 } else if (params.size() == 1) {
113 char * const argv[] = {
114 (char *)"/system/bin/sdc",
115 (char *)"filecrypt",
116 (char *)params[0].c_str(),
117 NULL
118 };
119 ret = execv(argv[0], argv);
120 } else if (params.size() == 2) {
121 char * const argv[] = {
122 (char *)"/system/bin/sdc",
123 (char *)"filecrypt",
124 (char *)params[0].c_str(),
125 (char *)params[1].c_str(),
126 NULL
127 };
128 ret = execv(argv[0], argv);
129 } else if (params.size() == 3) {
130 char * const argv[] = {
131 (char *)"/system/bin/sdc",
132 (char *)"filecrypt",
133 (char *)params[0].c_str(),
134 (char *)params[1].c_str(),
135 (char *)params[2].c_str(),
136 NULL
137 };
138 ret = execv(argv[0], argv);
139 } else if (params.size() == 4) {
140 char * const argv[] = {
141 (char *)"/system/bin/sdc",
142 (char *)"filecrypt",
143 (char *)params[0].c_str(),
144 (char *)params[1].c_str(),
145 (char *)params[2].c_str(),
146 (char *)params[3].c_str(),
147 NULL
148 };
149 ret = execv(argv[0], argv);
150 }
151 if (ret) {
152 return -EINVAL;
153 }
154
155 }
156 int status;
157 pid_t ret = waitpid(pid, &status, 0);
158 if (ret != pid) {
159 return -EINVAL;
160 }
161
162 return 0;
163 }
164
165 /**
166 * @tc.name: fscrypt_key_v1_init
167 * @tc.desc: Verify the InitKey function.
168 * @tc.type: FUNC
169 * @tc.require: AR000GK0BP
170 */
171 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_init, TestSize.Level1)
172 {
173 EXPECT_TRUE(g_testKeyV1.InitKey());
174 EXPECT_FALSE(g_testKeyV1.InitKey()); // rawkey not empty
175
176 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
177 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1.keyInfo_.key.size);
178 EXPECT_NE(nullptr, g_testKeyV1.keyInfo_.key.data.get());
179 g_testKeyV1.keyInfo_.key.Clear();
180 }
181
182 /**
183 * @tc.name: fscrypt_key_v2_init
184 * @tc.desc: Verify the InitKey function.
185 * @tc.type: FUNC
186 * @tc.require: AR000GK0BP
187 */
188 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_init, TestSize.Level1)
189 {
190 #ifdef SUPPORT_FSCRYPT_V2
191 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
192 return;
193 }
194 EXPECT_TRUE(g_testKeyV2.InitKey());
195 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
196 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV2.keyInfo_.key.size);
197 EXPECT_NE(nullptr, g_testKeyV2.keyInfo_.key.data.get());
198 g_testKeyV2.keyInfo_.key.Clear();
199 #else
200 EXPECT_FALSE(g_testKeyV2.InitKey());
201 EXPECT_FALSE(g_testKeyV2.ActiveKey());
202 EXPECT_FALSE(g_testKeyV2.InactiveKey());
203 #endif
204 }
205
206 /**
207 * @tc.name: fscrypt_key_v1_store
208 * @tc.desc: Verify the StoreKey function.
209 * @tc.type: FUNC
210 * @tc.require: AR000GK0BP
211 */
212 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_store, TestSize.Level1)
213 {
214 EXPECT_TRUE(g_testKeyV1.InitKey());
215 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
216
217 std::string buf {};
218 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
219 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf));
220
221 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
222 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf));
223 EXPECT_EQ(CRYPTO_KEY_SECDISC_SIZE, buf.size());
224
225 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
226 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf));
227 // the plaintext of 64 bytes, encrypted to 80 bytes size by huks.
228 EXPECT_EQ(80U, buf.size());
229
230 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
231 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf));
232 EXPECT_EQ(1U, buf.length());
233 EXPECT_EQ('1', buf[0]);
234
235 FscryptKeyV1 g_testKeyV1BadDir {TEST_KEYPATH_BAD};
236 EXPECT_TRUE(g_testKeyV1BadDir.InitKey());
237 EXPECT_FALSE(g_testKeyV1BadDir.StoreKey(emptyUserAuth));
238 EXPECT_FALSE(g_testKeyV1BadDir.UpdateKey());
239 EXPECT_FALSE(g_testKeyV1BadDir.ActiveKey());
240 }
241
242 #ifdef SUPPORT_FSCRYPT_V2
243 /**
244 * @tc.name: fscrypt_key_v2_store
245 * @tc.desc: Verify the StoreKey function.
246 * @tc.type: FUNC
247 * @tc.require: AR000GK0BP
248 */
249 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_store, TestSize.Level1)
250 {
251 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
252 return;
253 }
254 g_testKeyV2.ClearKey();
255 EXPECT_TRUE(g_testKeyV2.InitKey());
256 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
257 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
258
259 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
260 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
261 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
262 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
263 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SECDISC));
264 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_ENCRYPTED));
265
266 std::string buf {};
267 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
268 EXPECT_EQ(1U, buf.length());
269 EXPECT_EQ('2', buf[0]);
270 }
271
272 /**
273 * @tc.name: fscrypt_key_v2_update
274 * @tc.desc: Verify the UpdateKey function.
275 * @tc.type: FUNC
276 * @tc.require: AR000GK0BP
277 */
278 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_update, TestSize.Level1)
279 {
280 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
281 return;
282 }
283 std::string buf {};
284 EXPECT_TRUE(g_testKeyV2.UpdateKey());
285
286 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
287 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
288 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
289 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC));
290 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED));
291 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
292 EXPECT_EQ(1U, buf.length());
293 EXPECT_EQ('2', buf[0]);
294 }
295
296 /**
297 * @tc.name: fscrypt_key_v1_restore_fail_wrong_version
298 * @tc.desc: Verify the RestoreKey function.
299 * @tc.type: FUNC
300 * @tc.require: AR000GK0BP
301 */
302 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore_fail_wrong_version, TestSize.Level1)
303 {
304 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
305 return;
306 }
307 g_testKeyV1.keyInfo_.key.Clear();
308 // the version loaded is v2, not expected v1.
309 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
310 }
311 #endif
312
313 /**
314 * @tc.name: fscrypt_key_v1_restore
315 * @tc.desc: Verify the RestoreKey function.
316 * @tc.type: FUNC
317 * @tc.require: AR000GK0BP
318 */
319 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore, TestSize.Level1)
320 {
321 g_testKeyV1.ClearKey();
322 EXPECT_TRUE(g_testKeyV1.InitKey());
323 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
324 EXPECT_TRUE(g_testKeyV1.UpdateKey());
325 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
326
327 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1.keyInfo_.key.size);
328 EXPECT_NE(nullptr, g_testKeyV1.keyInfo_.key.data.get());
329 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
330 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc"));
331 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth)); // should decrypt failed
332 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC).c_str());
333 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
334 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD).c_str());
335 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
336 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED).c_str());
337 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
338 remove(std::string(TEST_KEYPATH + "/fscrypt_version").c_str());
339 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
340 }
341
342 /**
343 * @tc.name: fscrypt_key_v1_active
344 * @tc.desc: Verify the ActiveKey function of v1 key.
345 * @tc.type: FUNC
346 * @tc.require: AR000GK0BP
347 */
348 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_active, TestSize.Level1)
349 {
350 g_testKeyV1.ClearKey();
351 EXPECT_FALSE(g_testKeyV1.ActiveKey()); // active empty key should fail
352 EXPECT_TRUE(g_testKeyV1.InitKey());
353 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
354 EXPECT_FALSE(g_testKeyV1.keyInfo_.key.IsEmpty());
355 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
356
357 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
358 // raw key should be erase after install to kernel.
359 EXPECT_TRUE(g_testKeyV1.keyInfo_.key.IsEmpty());
360 EXPECT_TRUE(g_testKeyV1.keyInfo_.keyId.IsEmpty());
361 // key desc saved in memory for later clear key.
362 EXPECT_FALSE(g_testKeyV1.keyInfo_.keyDesc.IsEmpty());
363
364 // v1 key installed, and key_desc was saved on disk.
365 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
366
367 FscryptKeyV1 g_testKeyV1BadLen {TEST_KEYPATH, CRYPTO_AES_256_XTS_KEY_SIZE * 2};
368 EXPECT_TRUE(g_testKeyV1BadLen.InitKey());
369 EXPECT_FALSE(g_testKeyV1BadLen.InactiveKey());
370 EXPECT_FALSE(g_testKeyV1BadLen.ActiveKey());
371 }
372
373 /**
374 * @tc.name: fscrypt_key_v1_clear
375 * @tc.desc: Verify the ClearKey function.
376 * @tc.type: FUNC
377 * @tc.require: AR000GK0BP
378 */
379 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_clear, TestSize.Level1)
380 {
381 EXPECT_TRUE(g_testKeyV1.ClearKey());
382 EXPECT_TRUE(g_testKeyV1.keyInfo_.key.IsEmpty());
383 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
384 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
385 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
386 }
387
388
389 /**
390 * @tc.name: fscrypt_key_v1_policy_set
391 * @tc.desc: Verify the fscrypt V1 KeyCtrl::SetPolicy function.
392 * @tc.type: FUNC
393 * @tc.require: AR000GK0BO
394 */
395 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_set, TestSize.Level1)
396 {
397 EXPECT_TRUE(g_testKeyV1.InitKey());
398 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
399 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
400
401 FscryptPolicy arg;
402 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
403 arg.v1.version = FSCRYPT_POLICY_V1;
404 (void)memcpy_s(arg.v1.master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE, g_testKeyV1.keyInfo_.keyDesc.data.get(),
405 g_testKeyV1.keyInfo_.keyDesc.size);
406 arg.v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
407 arg.v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
408 arg.v1.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
409 // Default to maximum zero-padding to leak less info about filename lengths.
410 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
411 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
412 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
413
414 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
415 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
416 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
417 }
418
419 /**
420 * @tc.name: fscrypt_key_v1_policy_get
421 * @tc.desc: Verify the fscrypt V1 KeyCtrl::GetPolicy function.
422 * @tc.type: FUNC
423 * @tc.require: AR000GK0BO
424 */
425 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_get, TestSize.Level1)
426 {
427 struct fscrypt_policy arg;
428 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
429 EXPECT_TRUE(KeyCtrlGetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
430 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
431
432 std::string testDir = TEST_DIR_LEGACY + "/test_dir";
433 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
434 EXPECT_TRUE(KeyCtrlGetPolicy(testDir.c_str(), &arg));
435 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
436
437 EXPECT_FALSE(KeyCtrlGetPolicy(NULL, NULL));
438 EXPECT_FALSE(KeyCtrlGetPolicy(testDir.c_str(), NULL));
439
440 }
441
442 /**
443 * @tc.name: fscrypt_key_v1_key_inactive
444 * @tc.desc: Verify the FscryptKeyV1 InactiveKey function.
445 * @tc.type: FUNC
446 * @tc.require: AR000GK0BO
447 */
448 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_key_inactive, TestSize.Level1)
449 {
450 EXPECT_TRUE(g_testKeyV1.InactiveKey(USER_DESTROY));
451
452 #ifdef SUPPORT_FSCRYPT_V2
453 EXPECT_FALSE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir1"));
454 EXPECT_FALSE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file3", "AAA"));
455 // earlier kernels may have different behaviour.
456 #endif
457 }
458
459 #ifdef SUPPORT_FSCRYPT_V2
460 /**
461 * @tc.name: fscrypt_key_v2_active
462 * @tc.desc: Verify the fscrypt V2 active function.
463 * @tc.type: FUNC
464 * @tc.require: AR000GK0BP
465 */
466 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_active, TestSize.Level1)
467 {
468 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
469 return;
470 }
471 g_testKeyV2.ClearKey();
472 EXPECT_TRUE(g_testKeyV2.InitKey());
473 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
474 EXPECT_TRUE(g_testKeyV2.ActiveKey());
475
476 // raw key should be erase after install to kernel.
477 EXPECT_TRUE(g_testKeyV2.keyInfo_.key.IsEmpty());
478 EXPECT_TRUE(g_testKeyV2.keyInfo_.keyDesc.IsEmpty());
479 EXPECT_EQ(static_cast<unsigned int>(FSCRYPT_KEY_IDENTIFIER_SIZE), g_testKeyV2.keyInfo_.keyId.size);
480 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYID));
481 }
482
483 /**
484 * @tc.name: fscrypt_key_v2_policy_set
485 * @tc.desc: Verify the fscrypt V2 setpolicy function.
486 * @tc.type: FUNC
487 * @tc.require: AR000GK0BO
488 */
489 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_set, TestSize.Level1)
490 {
491 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
492 return;
493 }
494 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
495 FscryptPolicy arg;
496 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
497 arg.v2.version = FSCRYPT_POLICY_V2;
498 (void)memcpy_s(arg.v2.master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, g_testKeyV2.keyInfo_.keyId.data.get(),
499 g_testKeyV2.keyInfo_.keyId.size);
500 arg.v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
501 arg.v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
502 arg.v2.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
503 // Default to maximum zero-padding to leak less info about filename lengths.
504 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
505 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2));
506 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_V2.c_str(), &arg));
507
508 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
509 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
510 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
511 }
512
513 /**
514 * @tc.name: fscrypt_key_v2_policy_get
515 * @tc.desc: Verify the fscrypt V2 getpolicy function.
516 * @tc.type: FUNC
517 * @tc.require: AR000GK0BO
518 */
519 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_get, TestSize.Level1)
520 {
521 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
522 return;
523 }
524 struct fscrypt_get_policy_ex_arg arg;
525 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
526 arg.policy_size = sizeof(arg.policy);
527 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
528 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
529
530 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
531 arg.policy_size = sizeof(arg.policy);
532 std::string testDir = TEST_DIR_V2 + "/test_dir";
533 EXPECT_TRUE(KeyCtrlGetPolicyEx(testDir.c_str(), &arg));
534 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
535 }
536
537 /**
538 * @tc.name: fscrypt_key_v2_policy_inactive
539 * @tc.desc: Verify the fscryptV2 InactiveKey function.
540 * @tc.type: FUNC
541 * @tc.require: AR000GK0BP
542 */
543 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_inactive, TestSize.Level1)
544 {
545 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
546 return;
547 }
548 EXPECT_TRUE(g_testKeyV2.InactiveKey());
549 // When the v2 policy removed, the files are encrypted.
550 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
551 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
552 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
553 }
554
555 /**
556 * @tc.name: fscrypt_key_v2_policy_restore
557 * @tc.desc: Verify the fscrypt V2 restore and decrypt.
558 * @tc.type: FUNC
559 * @tc.require: AR000GK0BP
560 */
561 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_restore, TestSize.Level1)
562 {
563 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
564 return;
565 }
566 EXPECT_TRUE(g_testKeyV2.RestoreKey(emptyUserAuth));
567 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
568 EXPECT_TRUE(g_testKeyV2.ActiveKey());
569
570 // the files is decrypted now
571 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
572 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
573 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
574
575 EXPECT_TRUE(g_testKeyV2.ClearKey());
576 }
577
578 /**
579 * @tc.name: fscrypt_key_v2_load_and_set_policy_default
580 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
581 * @tc.type: FUNC
582 * @tc.require: AR000GK0BO
583 */
584 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_default, TestSize.Level1)
585 {
586 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
587 return;
588 }
589 g_testKeyV2.ClearKey();
590 EXPECT_TRUE(g_testKeyV2.InitKey());
591 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
592 EXPECT_TRUE(g_testKeyV2.ActiveKey());
593
594 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
595 EXPECT_EQ(0, InitFscryptPolicy());
596
597 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
598 OHOS::ForceCreateDirectory(TEST_DIR_V2);
599 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2.GetDir().c_str(), TEST_DIR_V2.c_str()));
600
601 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
602 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
603 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
604 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
605
606 EXPECT_TRUE(g_testKeyV2.ClearKey());
607 }
608 #endif
609
610 /**
611 * @tc.name: fscrypt_key_v1_load_and_set_policy_default
612 * @tc.desc: Verify the fscrypt V1 setpolicy function.
613 * @tc.type: FUNC
614 * @tc.require: AR000GK0BO
615 */
616 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_load_and_set_policy_default, TestSize.Level1)
617 {
618 g_testKeyV1.ClearKey();
619 EXPECT_TRUE(g_testKeyV1.InitKey());
620 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
621 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
622
623 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
624 EXPECT_EQ(0, InitFscryptPolicy());
625
626 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
627 OHOS::ForceCreateDirectory(TEST_DIR_LEGACY);
628 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV1.GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
629
630 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
631 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
632 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
633 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/111111111111111111111111111111111111111111111111", "AA"));
634
635 EXPECT_TRUE(g_testKeyV1.ClearKey());
636 }
637
638 /**
639 * @tc.name: fscrypt_key_storekey_version_test_1
640 * @tc.desc: Verify the fscrypt storekey function.
641 * @tc.type: FUNC
642 * @tc.require: AR000GK0BO
643 */
644 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_1, TestSize.Level1)
645 {
646 EXPECT_TRUE(g_testKeyV1.InitKey());
647
648 // storekey to version 0
649 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
650 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
651 std::string keyShieldV0;
652 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
653
654 // storekey to version 1
655 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
656 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
657 std::string keyShieldV1;
658 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
659 EXPECT_NE(keyShieldV0, keyShieldV1);
660
661 // storekey to version 2
662 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
663 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD));
664 std::string keyShieldV2;
665 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2));
666 EXPECT_NE(keyShieldV1, keyShieldV2);
667
668 // updatekey will rename version 2 to latest
669 EXPECT_TRUE(g_testKeyV1.UpdateKey());
670 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
671 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
672 std::string keyShieldLatest;
673 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
674 EXPECT_EQ(keyShieldLatest, keyShieldV2);
675 }
676
677 /**
678 * @tc.name: fscrypt_key_storekey_version_test_2
679 * @tc.desc: Verify the fscrypt storekey function.
680 * @tc.type: FUNC
681 * @tc.require: AR000GK0BO
682 */
683 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_2, TestSize.Level1)
684 {
685 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
686
687 // storekey to version 0
688 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
689 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
690 std::string keyShieldV0;
691 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
692
693 // storekey to version 1
694 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
695 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
696 std::string keyShieldV1;
697 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
698
699 // restorekey will decrypt from versions and rename first success one to latest
700 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
701 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
702 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
703 std::string keyShieldLatest;
704 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
705 EXPECT_EQ(keyShieldLatest, keyShieldV1);
706 }
707
708 /**
709 * @tc.name: fscrypt_key_storekey_version_test_3
710 * @tc.desc: Verify the fscrypt storekey function.
711 * @tc.type: FUNC
712 * @tc.require: AR000GK0BO
713 */
714 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_3, TestSize.Level1)
715 {
716 // storekey to version 0
717 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
718 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
719 std::string keyShieldV0A;
720 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A));
721
722 // latest dir broken, not affect restore and update operation
723 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
724 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
725 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
726 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
727 std::string keyShieldV0B;
728 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B));
729 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
730 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
731 EXPECT_FALSE(g_testKeyV1.UpdateKey());
732
733 // latest dir backup also broken, not affect restore and update operation
734 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
735 EXPECT_FALSE(g_testKeyV1.UpdateKey());
736 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
737 }
738
739 #ifdef SUPPORT_FSCRYPT_V2
740 /**
741 * @tc.name: fscrypt_key_v2_load_and_set_policy_padding_4
742 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
743 * @tc.type: FUNC
744 * @tc.require: AR000GK0BO
745 */
746 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_padding_4, TestSize.Level1)
747 {
748 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
749 return;
750 }
751 g_testKeyV2.ClearKey();
752 EXPECT_TRUE(g_testKeyV2.InitKey());
753 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
754 EXPECT_TRUE(g_testKeyV2.ActiveKey());
755
756 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
757 EXPECT_EQ(0, InitFscryptPolicy());
758
759 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
760 OHOS::ForceCreateDirectory(TEST_DIR_V2);
761 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2.GetDir().c_str(), TEST_DIR_V2.c_str()));
762
763 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
764 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
765 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
766 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
767
768 struct fscrypt_get_policy_ex_arg arg;
769 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
770 arg.policy_size = sizeof(arg.policy);
771 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
772 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
773 EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, arg.policy.v2.filenames_encryption_mode);
774 EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, arg.policy.v2.contents_encryption_mode);
775
776 EXPECT_TRUE(g_testKeyV2.ClearKey());
777 }
778 #endif
779
780 /**
781 * @tc.name: key_manager_generate_delete_user_keys
782 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
783 * @tc.type: FUNC
784 * @tc.require: SR000H0CM9
785 */
786 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys, TestSize.Level1)
787 {
788 uint32_t userId = 81;
789 const string USER_EL1_DIR = "/data/test/user/el1";
790 const string USER_EL2_DIR = "/data/test/user/el2";
791
792 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
793 EXPECT_EQ(0, InitFscryptPolicy());
794 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
795 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
796 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
797 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
798
799 OHOS::ForceRemoveDirectory(USER_KEY_EL1_DIR);
800 OHOS::ForceRemoveDirectory(USER_KEY_EL2_DIR);
801 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // no user_el1_dir
802
803 KeyManager::GetInstance()->InitGlobalDeviceKey();
804 KeyManager::GetInstance()->InitGlobalUserKeys();
805 EXPECT_EQ(0, KeyManager::GetInstance()->GenerateUserKeys(userId, 0));
806 EXPECT_EQ(-EEXIST, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // key existed
807 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
808 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
809 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, {}, {}, {}));
810 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateKeyContext(userId));
811 KeyManager::GetInstance()->UpdateUserAuth(userId, {'t', 'o', 'k', 'e', 'n'}, {}, {'s', 'e', 'c', 'r', 'e', 't'});
812 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->UpdateKeyContext(userId)); // no need to update keycontext
813 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
814 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
815 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {})); /// have been actived, also return 0
816 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
817
818 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
819 KeyManager::GetInstance()->InitGlobalDeviceKey();
820 KeyManager::GetInstance()->InitGlobalUserKeys();
821 userId = 801; // bad userId, not generated
822 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
823 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
824 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
825 {{userId, USER_EL2_DIR}})); // bad keytype
826 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateUserAuth(userId, {}, {}, {}));
827 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateKeyContext(userId));
828 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->InActiveUserKey(userId));
829 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
830 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->DeleteUserKeys(userId));
831 }
832
833 /**
834 * @tc.name: fscrypt_key_secure_access_control
835 * @tc.desc: Verify the secure access when user have pin code.
836 * @tc.type: FUNC
837 * @tc.require: SR000H0CLT
838 */
839 HWTEST_F(CryptoKeyTest, fscrypt_key_secure_access_control, TestSize.Level1)
840 {
841 g_testKeyV1.ClearKey();
842 EXPECT_TRUE(g_testKeyV1.InitKey());
843 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
844
845 std::string token = "bad_token";
846 std::string secret = "bad_secret";
847 std::vector<uint8_t> badToken(token.begin(), token.end());
848 std::vector<uint8_t> badSecret(secret.begin(), secret.end());
849 UserAuth badUserAuth {
850 .token = badToken,
851 .secret = badSecret
852 };
853 EXPECT_FALSE(g_testKeyV1.RestoreKey(badUserAuth));
854 EXPECT_TRUE(g_testKeyV1.ClearKey());
855 }
856
857 /**
858 * @tc.name: fscrypt_sdc_filecrypt
859 * @tc.desc: Verify the sdc interface.
860 * @tc.type: FUNC
861 * @tc.require: SR000H0CLT
862 */
863 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt, TestSize.Level1)
864 {
865 std::vector<std::string> params;
866
867 // test no param
868 params.clear();
869 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 0));
870
871 // test not filecrypt param
872 params.clear();
873 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
874
875 // test filecrypt cmd not existed
876 params.push_back("noexisted");
877 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
878
879 // test sdc enable
880 params.push_back("enable");
881 params.push_back("2:abs-256-cts:aes-256-xts");
882 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
883 params.clear();
884 params.push_back("enable");
885 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
886 params.clear();
887
888 // test sdc init_global_key
889 params.push_back("init_global_key");
890 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
891 params.clear();
892
893 // test sdc init_main_user
894 params.push_back("init_main_user");
895 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
896 params.clear();
897
898 // test sdc inactive_user_key
899 params.push_back("inactive_user_key");
900 params.push_back("id");
901 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
902 params.clear();
903 params.push_back("inactive_user_key");
904 params.push_back("10");
905 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
906 params.clear();
907 params.push_back("inactive_user_key");
908 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
909 params.clear();
910
911 // test sdc update_key_context
912 params.push_back("update_key_context");
913 params.push_back("id");
914 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
915 params.clear();
916 params.push_back("update_key_context");
917 params.push_back("10");
918 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
919 params.clear();
920 params.push_back("update_key_context");
921 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
922 params.clear();
923
924 // test sdc delete_user_keys
925 params.push_back("delete_user_keys");
926 params.push_back("id");
927 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
928 params.clear();
929 params.push_back("delete_user_keys");
930 params.push_back("10");
931 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
932 params.clear();
933 params.push_back("delete_user_keys");
934 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
935 params.clear();
936
937 // test sdc generate_user_keys
938 params.push_back("generate_user_keys");
939 params.push_back("id");
940 params.push_back("flag");
941 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
942 params.clear();
943 params.push_back("generate_user_keys");
944 params.push_back("10");
945 params.push_back("0");
946 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
947 params.clear();
948 params.push_back("generate_user_keys");
949 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
950 params.clear();
951
952 // test sdc prepare_user_space
953 params.push_back("prepare_user_space");
954 params.push_back("id");
955 params.push_back("flag");
956 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
957 params.clear();
958 params.push_back("prepare_user_space");
959 params.push_back("10");
960 params.push_back("0");
961 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
962 params.clear();
963 params.push_back("prepare_user_space");
964 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
965 params.clear();
966
967 // test sdc destroy_user_space
968 params.push_back("destroy_user_space");
969 params.push_back("id");
970 params.push_back("flag");
971 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
972 params.clear();
973 params.push_back("destroy_user_space");
974 params.push_back("10");
975 params.push_back("0");
976 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
977 params.clear();
978 params.push_back("destroy_user_space");
979 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
980 params.clear();
981
982 // test sdc update_user_auth
983 params.push_back("update_user_auth");
984 params.push_back("id");
985 params.push_back("01234567890abcd");
986 params.push_back("01234567890abcd");
987 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
988 params.clear();
989 params.push_back("update_user_auth");
990 params.push_back("10");
991 params.push_back("01234567890abcd");
992 params.push_back("01234567890abcd");
993 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
994 params.clear();
995 params.push_back("update_user_auth");
996 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
997 params.clear();
998 params.push_back("update_user_auth");
999 params.push_back("10");
1000 params.push_back("01234567890abcd");
1001 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1002 params.clear();
1003
1004 // test sdc active_user_key
1005 params.push_back("active_user_key");
1006 params.push_back("id");
1007 params.push_back("01234567890abcd");
1008 params.push_back("01234567890abcd");
1009 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1010 params.clear();
1011 params.push_back("active_user_key");
1012 params.push_back("10");
1013 params.push_back("01234567890abcd");
1014 params.push_back("01234567890abcd");
1015 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1016 params.clear();
1017 params.push_back("active_user_key");
1018 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1019 params.clear();
1020 params.push_back("active_user_key");
1021 params.push_back("10");
1022 params.push_back("01234567890abcd");
1023 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1024 params.clear();
1025 }
1026
1027 /**
1028 * @tc.name: libfscrypt api test
1029 * @tc.desc: Verify the libfscrypt interface.
1030 * @tc.type: FUNC
1031 * @tc.require: SR000H0CLT
1032 */
1033 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_api, TestSize.Level1)
1034 {
1035 // test api in sysparam_dynamic.c
1036 EXPECT_NE(0, GetFscryptParameter(NULL, NULL, NULL, NULL));
1037 EXPECT_NE(0, SetFscryptParameter(NULL, NULL));
1038
1039 // test api in fscrypt_utils.c
1040 EXPECT_NE(0, FscryptPolicyEnable(NULL));
1041 EXPECT_EQ(0, FscryptPolicyEnable("/data/test/badpath"));
1042 FscryptPolicyEnable("/data/app/el1/bundle/public");
1043 EXPECT_NE(0, SetFscryptSysparam(NULL));
1044
1045 // test api in key_control.c
1046 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(NULL));
1047 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion("/nofile"));
1048 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlGetFscryptVersion(NULL));
1049 // version iss not digit
1050 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1051 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1052 std::string testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1053 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "not-digit\n"));
1054 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1055 // bad version
1056 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1057 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1058 testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1059 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "10\n"));
1060 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1061
1062 key_serial_t id = 1;
1063 EXPECT_NE(0, KeyCtrlGetKeyringId(id, 0));
1064
1065 // test api in fscrypt_control.c
1066 EXPECT_NE(0, LoadAndSetPolicy(NULL, NULL));
1067 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts"));
1068 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts:bad-param"));
1069 EXPECT_NE(0, FscryptSetSysparam(NULL));
1070 }
1071
1072 /**
1073 * @tc.name: fscrypt_fbex_utils
1074 * @tc.desc: Verify the fbex utils.
1075 * @tc.type: FUNC
1076 * @tc.require: SR000HE9U7
1077 */
1078 HWTEST_F(CryptoKeyTest, fscrypt_fbex_utils, TestSize.Level1)
1079 {
1080 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) != FSCRYPT_V1) {
1081 return; // skip not v1 fscrypt
1082 }
1083 if (!FBEX::IsFBEXSupported()) {
1084 return; // skip no fbex support
1085 }
1086 (void)FBEX::IsMspReady();
1087 (void)FBEX::GetStatus();
1088
1089 constexpr uint32_t userId = 82; // test userid
1090 uint8_t buf[FBEX_IV_SIZE] = {0};
1091 buf[0] = 0xfb; // fitst byte const to kernel
1092 buf[1] = 0x30; // second byte const to kernel
1093 EXPECT_EQ(0, FBEX::InstallKeyToKernel(userId, TYPE_EL2, buf, FBEX_IV_SIZE, FIRST_CREATE_KEY));
1094 EXPECT_EQ(0, FBEX::LockScreenToKernel(userId));
1095 EXPECT_EQ(0, FBEX::UnlockScreenToKernel(userId, TYPE_EL3, buf, FBEX_IV_SIZE));
1096 uint8_t buf1[FBEX_IV_SIZE] = {0};
1097 buf1[0] = 0xfb; // fitst byte const to kernel
1098 buf1[1] = 0x30; // second byte const to kernel
1099 EXPECT_EQ(0, FBEX::UninstallOrLockUserKeyToKernel(userId, TYPE_EL2, buf1, FBEX_IV_SIZE, USER_DESTROY));
1100 }
1101