1 /*
2 * Copyright (C) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <string>
18 #include <vector>
19
20 #include <cstdlib>
21 #include <fcntl.h>
22 #include <sys/wait.h>
23 #include <unistd.h>
24
25 #include "directory_ex.h"
26 #include "fbex.h"
27 #include "file_ex.h"
28 #include "fscrypt_key_v1.h"
29 #include "fscrypt_key_v1_ext.h"
30 #include "fscrypt_key_v2.h"
31 #include "huks_master.h"
32 #include "key_blob.h"
33 #include "key_manager.h"
34 #include "libfscrypt/fscrypt_control.h"
35 #include "libfscrypt/fscrypt_sysparam.h"
36 #include "libfscrypt/fscrypt_utils.h"
37 #include "libfscrypt/key_control.h"
38 #include "securec.h"
39 #include "storage_service_errno.h"
40 #include "utils/init_utils.h"
41
42 using namespace testing::ext;
43
44 namespace {
45 const std::string TEST_MNT = "/data";
46 const std::string TEST_DIR_LEGACY = "/data/test/crypto_dir_legacy";
47 const std::string TEST_DIR_V2 = "/data/test/crypto_dir";
48 const std::string TEST_KEYPATH = "/data/test/key/el2/80";
49 const std::string TEST_KEYPATH_BAD = "/sys/test/keypath";
50 const std::string TEST_KEYDIR_VERSION0 = "/version_0";
51 const std::string TEST_KEYDIR_VERSION1 = "/version_1";
52 const std::string TEST_KEYDIR_VERSION2 = "/version_2";
53 const std::string TEST_KEYDIR_LATEST = "/latest";
54 const std::string TEST_KEYDIR_LATEST_BACKUP = "/latest_bak";
55 const std::string TEST_POLICY = "/data/test/policy";
56 const std::string USER_KEY_DIR = "/data/service/el1/public/storage_daemon/sd";
57 const std::string USER_KEY_EL1_DIR = USER_KEY_DIR + "/el1";
58 const std::string USER_KEY_EL2_DIR = USER_KEY_DIR + "/el2";
59 const int32_t PARAMS_SIZE_0 = 0;
60 const int32_t PARAMS_SIZE_1 = 1;
61 const int32_t PARAMS_SIZE_2 = 2;
62 const int32_t PARAMS_SIZE_3 = 3;
63 const int32_t PARAMS_SIZE_4 = 4;
64 constexpr int MAX_WORD_NUM = 3;
65 constexpr int MAX_WORD_LEN = 20;
66 auto g_testKeyV1 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV1>(TEST_KEYPATH);
67 auto g_testKeyV2 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV2>(TEST_KEYPATH);
68
69 constexpr uint8_t FIRST_CREATE_KEY = 0x6c;
70 constexpr uint8_t USER_DESTROY = 0x1;
71 }
72
73 namespace OHOS::StorageDaemon {
74 class CryptoKeyTest : public testing::Test {
75 public:
76 static void SetUpTestCase(void);
77 static void TearDownTestCase(void);
78 static int32_t ExecSdcBinary(std::vector<std::string> params, int isCrypt);
79 static int32_t ExecSdcBinaryPidIsZero(std::vector<std::string> params, int isCrypt);
80 void SetUp();
81 void TearDown();
82 UserAuth emptyUserAuth {};
83 };
84
SetUpTestCase(void)85 void CryptoKeyTest::SetUpTestCase(void)
86 {
87 // input testsuit setup step,setup invoked before all testcases
88 }
89
TearDownTestCase(void)90 void CryptoKeyTest::TearDownTestCase(void)
91 {
92 // input testsuit teardown step,teardown invoked after all testcases
93 }
94
SetUp(void)95 void CryptoKeyTest::SetUp(void)
96 {
97 // input testcase setup step,setup invoked before each testcases
98 }
99
TearDown(void)100 void CryptoKeyTest::TearDown(void)
101 {
102 // input testcase teardown step,teardown invoked after each testcases
103 }
104
ExecSdcBinary(std::vector<std::string> params,int isCrypt)105 int32_t CryptoKeyTest::ExecSdcBinary(std::vector<std::string> params, int isCrypt)
106 {
107 pid_t pid = fork();
108 if (pid < 0) {
109 return -EINVAL;
110 }
111 if (pid == 0) {
112 int ret = -EINVAL;
113 if (!isCrypt) {
114 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("nullcmd"), nullptr};
115 ret = execv(argv[0], argv);
116 } else if (params.size() == PARAMS_SIZE_0) {
117 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), nullptr};
118 ret = execv(argv[0], argv);
119 } else if (params.size() == PARAMS_SIZE_1) {
120 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
121 const_cast<char *>(params[0].c_str()), nullptr};
122 ret = execv(argv[0], argv);
123 } else if (params.size() == PARAMS_SIZE_2) {
124 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
125 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()), nullptr};
126 ret = execv(argv[0], argv);
127 } else if (params.size() == PARAMS_SIZE_3) {
128 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
129 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
130 const_cast<char *>(params[2].c_str()), nullptr};
131 ret = execv(argv[0], argv);
132 } else if (params.size() == PARAMS_SIZE_4) {
133 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
134 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
135 const_cast<char *>(params[2].c_str()), const_cast<char *>(params[3].c_str()), nullptr};
136 ret = execv(argv[0], argv);
137 }
138 if (ret) {
139 return -EINVAL;
140 }
141 }
142 int status;
143 pid_t ret = waitpid(pid, &status, 0);
144 if (ret != pid) {
145 return -EINVAL;
146 }
147
148 return 0;
149 }
150
151 /**
152 * @tc.name: fscrypt_key_v1_init
153 * @tc.desc: Verify the InitKey function.
154 * @tc.type: FUNC
155 * @tc.require: AR000GK0BP
156 */
157 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_init, TestSize.Level1)
158 {
159 EXPECT_TRUE(g_testKeyV1->InitKey(true));
160 EXPECT_FALSE(g_testKeyV1->InitKey(true)); // rawkey not empty
161
162 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
163 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
164 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
165 g_testKeyV1->keyInfo_.key.Clear();
166 }
167
168 /**
169 * @tc.name: fscrypt_key_v2_init
170 * @tc.desc: Verify the InitKey function.
171 * @tc.type: FUNC
172 * @tc.require: AR000GK0BP
173 */
174 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_init, TestSize.Level1)
175 {
176 #ifdef SUPPORT_FSCRYPT_V2
177 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
178 return;
179 }
180 EXPECT_TRUE(g_testKeyV2->InitKey(true));
181 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
182 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV2->keyInfo_.key.size);
183 EXPECT_NE(nullptr, g_testKeyV2->keyInfo_.key.data.get());
184 g_testKeyV2->keyInfo_.key.Clear();
185 #else
186 EXPECT_FALSE(g_testKeyV2->InitKey(true));
187 EXPECT_NE(g_testKeyV2->ActiveKey(), E_OK);
188 EXPECT_NE(g_testKeyV2->InactiveKey(), E_OK);
189 #endif
190 }
191
192 /**
193 * @tc.name: fscrypt_key_v1_store
194 * @tc.desc: Verify the StoreKey function.
195 * @tc.type: FUNC
196 * @tc.require: AR000GK0BP
197 */
198 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_store, TestSize.Level1)
199 {
200 #ifndef CRYPTO_TEST
201 EXPECT_TRUE(g_testKeyV1->InitKey(true));
202 g_testKeyV1->StoreKey(emptyUserAuth);
203
204 std::string buf {};
205 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
206 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf);
207
208 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC);
209 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf);
210
211 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED);
212 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf);
213 #else
214 EXPECT_TRUE(g_testKeyV1->InitKey(true));
215 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
216
217 std::string buf {};
218 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
219 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf));
220
221 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
222 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf));
223 EXPECT_EQ(CRYPTO_KEY_SECDISC_SIZE, buf.size());
224
225 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
226 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf));
227 // the plaintext of 64 bytes, encrypted to 80 bytes size by huks.
228 EXPECT_EQ(80U, buf.size());
229 #endif
230 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
231 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf));
232 EXPECT_EQ(1U, buf.length());
233 EXPECT_EQ('1', buf[0]);
234
235 FscryptKeyV1 g_testKeyV1BadDir {TEST_KEYPATH_BAD};
236 EXPECT_TRUE(g_testKeyV1BadDir.InitKey(true));
237 EXPECT_NE(g_testKeyV1BadDir.StoreKey(emptyUserAuth), E_OK);
238 EXPECT_NE(g_testKeyV1BadDir.UpdateKey(), E_OK);
239 EXPECT_NE(g_testKeyV1BadDir.ActiveKey(), E_OK);
240 }
241
242 #ifdef SUPPORT_FSCRYPT_V2
243 /**
244 * @tc.name: fscrypt_key_v2_store
245 * @tc.desc: Verify the StoreKey function.
246 * @tc.type: FUNC
247 * @tc.require: AR000GK0BP
248 */
249 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_store, TestSize.Level1)
250 {
251 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
252 return;
253 }
254 g_testKeyV2->ClearKey();
255 EXPECT_TRUE(g_testKeyV2->InitKey(true));
256 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
257 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
258
259 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
260 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
261 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
262 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
263 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SECDISC));
264 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_ENCRYPTED));
265
266 std::string buf {};
267 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
268 EXPECT_EQ(1U, buf.length());
269 EXPECT_EQ('2', buf[0]);
270 }
271
272 /**
273 * @tc.name: fscrypt_key_v2_update
274 * @tc.desc: Verify the UpdateKey function.
275 * @tc.type: FUNC
276 * @tc.require: AR000GK0BP
277 */
278 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_update, TestSize.Level1)
279 {
280 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
281 return;
282 }
283 std::string buf {};
284 EXPECT_EQ(g_testKeyV2->UpdateKey(), E_OK);
285
286 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
287 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
288 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
289 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC));
290 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED));
291 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
292 EXPECT_EQ(1U, buf.length());
293 EXPECT_EQ('2', buf[0]);
294 }
295
296 /**
297 * @tc.name: fscrypt_key_v1_restore_fail_wrong_version
298 * @tc.desc: Verify the RestoreKey function.
299 * @tc.type: FUNC
300 * @tc.require: AR000GK0BP
301 */
302 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore_fail_wrong_version, TestSize.Level1)
303 {
304 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
305 return;
306 }
307 g_testKeyV1->keyInfo_.key.Clear();
308 // the version loaded is v2, not expected v1.
309 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
310 }
311 #endif
312
313 /**
314 * @tc.name: fscrypt_key_v1_restore
315 * @tc.desc: Verify the RestoreKey function.
316 * @tc.type: FUNC
317 * @tc.require: AR000GK0BP
318 */
319 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore, TestSize.Level1)
320 {
321 g_testKeyV1->ClearKey();
322 EXPECT_TRUE(g_testKeyV1->InitKey(true));
323 #ifndef CRYPTO_TEST
324 g_testKeyV1->StoreKey(emptyUserAuth);
325 g_testKeyV1->UpdateKey();
326 g_testKeyV1->RestoreKey(emptyUserAuth);
327
328 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
329 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
330 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
331 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc");
332 #else
333 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
334 EXPECT_EQ(g_testKeyV1->UpdateKey(), E_OK);
335 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
336
337 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
338 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
339 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
340 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc"));
341 #endif
342 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK); // should decrypt failed
343 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC).c_str());
344 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
345 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD).c_str());
346 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
347 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED).c_str());
348 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
349 remove(std::string(TEST_KEYPATH + "/fscrypt_version").c_str());
350 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
351 }
352
353 /**
354 * @tc.name: fscrypt_key_v1_active
355 * @tc.desc: Verify the ActiveKey function of v1 key.
356 * @tc.type: FUNC
357 * @tc.require: AR000GK0BP
358 */
359 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_active, TestSize.Level1)
360 {
361 g_testKeyV1->ClearKey();
362 EXPECT_NE(g_testKeyV1->ActiveKey(), E_OK); // active empty key should fail
363 EXPECT_TRUE(g_testKeyV1->InitKey(true));
364 #ifndef CRYPTO_TEST
365 g_testKeyV1->StoreKey(emptyUserAuth);
366 #else
367 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
368 #endif
369 EXPECT_FALSE(g_testKeyV1->keyInfo_.key.IsEmpty());
370 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
371
372 EXPECT_EQ(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY), E_OK);
373 // raw key should be erase after install to kernel.
374 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
375 EXPECT_TRUE(g_testKeyV1->keyInfo_.keyId.IsEmpty());
376 // key desc saved in memory for later clear key.
377 EXPECT_FALSE(g_testKeyV1->keyInfo_.keyDesc.IsEmpty());
378
379 // v1 key installed, and key_desc was saved on disk.
380 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
381
382 FscryptKeyV1 g_testKeyV1BadLen {TEST_KEYPATH, CRYPTO_AES_256_XTS_KEY_SIZE * 2};
383 EXPECT_TRUE(g_testKeyV1BadLen.InitKey(true));
384 EXPECT_EQ(g_testKeyV1BadLen.InactiveKey(), E_OK);
385 EXPECT_NE(g_testKeyV1BadLen.ActiveKey(), E_OK);
386 }
387
388 /**
389 * @tc.name: fscrypt_key_v1_clear
390 * @tc.desc: Verify the ClearKey function.
391 * @tc.type: FUNC
392 * @tc.require: AR000GK0BP
393 */
394 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_clear, TestSize.Level1)
395 {
396 EXPECT_TRUE(g_testKeyV1->ClearKey());
397 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
398 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
399 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
400 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
401 }
402
403 /**
404 * @tc.name: fscrypt_key_v1_policy_set
405 * @tc.desc: Verify the fscrypt V1 KeyCtrl::SetPolicy function.
406 * @tc.type: FUNC
407 * @tc.require: AR000GK0BO
408 */
409 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_set, TestSize.Level1)
410 {
411 EXPECT_TRUE(g_testKeyV1->InitKey(true));
412 #ifndef CRYPTO_TEST
413 g_testKeyV1->StoreKey(emptyUserAuth);
414 #else
415 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
416 #endif
417 EXPECT_EQ(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY), E_OK);
418
419 FscryptPolicy arg;
420 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
421 arg.v1.version = FSCRYPT_POLICY_V1;
422 (void)memcpy_s(arg.v1.master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE, g_testKeyV1->keyInfo_.keyDesc.data.get(),
423 g_testKeyV1->keyInfo_.keyDesc.size);
424 arg.v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
425 arg.v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
426 arg.v1.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
427 // Default to maximum zero-padding to leak less info about filename lengths.
428 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
429 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
430 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
431
432 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
433 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
434 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
435 }
436
437 /**
438 * @tc.name: fscrypt_key_v1_policy_get
439 * @tc.desc: Verify the fscrypt V1 KeyCtrl::GetPolicy function.
440 * @tc.type: FUNC
441 * @tc.require: AR000GK0BO
442 */
443 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_get, TestSize.Level1)
444 {
445 struct fscrypt_policy arg;
446 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
447 EXPECT_TRUE(KeyCtrlGetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
448 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
449
450 std::string testDir = TEST_DIR_LEGACY + "/test_dir";
451 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
452 EXPECT_TRUE(KeyCtrlGetPolicy(testDir.c_str(), &arg));
453 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
454
455 EXPECT_FALSE(KeyCtrlGetPolicy(NULL, NULL));
456 EXPECT_FALSE(KeyCtrlGetPolicy(testDir.c_str(), NULL));
457 }
458
459 /**
460 * @tc.name: fscrypt_key_v1_key_inactive
461 * @tc.desc: Verify the FscryptKeyV1 InactiveKey function.
462 * @tc.type: FUNC
463 * @tc.require: AR000GK0BO
464 */
465 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_key_inactive, TestSize.Level1)
466 {
467 EXPECT_EQ(g_testKeyV1->InactiveKey(USER_DESTROY), E_OK);
468
469 #ifdef SUPPORT_FSCRYPT_V2
470 EXPECT_FALSE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir1"));
471 EXPECT_FALSE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file3", "AAA"));
472 // earlier kernels may have different behaviour.
473 #endif
474 }
475
476 #ifdef SUPPORT_FSCRYPT_V2
477 /**
478 * @tc.name: fscrypt_key_v2_active
479 * @tc.desc: Verify the fscrypt V2 active function.
480 * @tc.type: FUNC
481 * @tc.require: AR000GK0BP
482 */
483 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_active, TestSize.Level1)
484 {
485 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
486 return;
487 }
488 g_testKeyV2->ClearKey();
489 EXPECT_TRUE(g_testKeyV2->InitKey(true));
490 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
491 EXPECT_EQ(g_testKeyV2->UpdateKey(), E_OK);
492 EXPECT_EQ(g_testKeyV2->ActiveKey(), E_OK);
493
494 // raw key should be erase after install to kernel.
495 EXPECT_TRUE(g_testKeyV2->keyInfo_.key.IsEmpty());
496 EXPECT_TRUE(g_testKeyV2->keyInfo_.keyDesc.IsEmpty());
497 EXPECT_EQ(static_cast<unsigned int>(FSCRYPT_KEY_IDENTIFIER_SIZE), g_testKeyV2->keyInfo_.keyId.size);
498 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYID));
499 }
500
501 /**
502 * @tc.name: fscrypt_key_v2_policy_set
503 * @tc.desc: Verify the fscrypt V2 setpolicy function.
504 * @tc.type: FUNC
505 * @tc.require: AR000GK0BO
506 */
507 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_set, TestSize.Level1)
508 {
509 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
510 return;
511 }
512 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
513 FscryptPolicy arg;
514 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
515 arg.v2.version = FSCRYPT_POLICY_V2;
516 (void)memcpy_s(arg.v2.master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, g_testKeyV2->keyInfo_.keyId.data.get(),
517 g_testKeyV2->keyInfo_.keyId.size);
518 arg.v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
519 arg.v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
520 arg.v2.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
521 // Default to maximum zero-padding to leak less info about filename lengths.
522 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
523 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2));
524 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_V2.c_str(), &arg));
525
526 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
527 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
528 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
529 }
530
531 /**
532 * @tc.name: fscrypt_key_v2_policy_get
533 * @tc.desc: Verify the fscrypt V2 getpolicy function.
534 * @tc.type: FUNC
535 * @tc.require: AR000GK0BO
536 */
537 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_get, TestSize.Level1)
538 {
539 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
540 return;
541 }
542 struct fscrypt_get_policy_ex_arg arg;
543 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
544 arg.policy_size = sizeof(arg.policy);
545 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
546 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
547
548 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
549 arg.policy_size = sizeof(arg.policy);
550 std::string testDir = TEST_DIR_V2 + "/test_dir";
551 EXPECT_TRUE(KeyCtrlGetPolicyEx(testDir.c_str(), &arg));
552 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
553 }
554
555 /**
556 * @tc.name: fscrypt_key_v2_policy_inactive
557 * @tc.desc: Verify the fscryptV2 InactiveKey function.
558 * @tc.type: FUNC
559 * @tc.require: AR000GK0BP
560 */
561 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_inactive, TestSize.Level1)
562 {
563 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
564 return;
565 }
566 EXPECT_EQ(g_testKeyV2->InactiveKey(), E_OK);
567 // When the v2 policy removed, the files are encrypted.
568 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
569 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
570 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
571 }
572
573 /**
574 * @tc.name: fscrypt_key_v2_policy_restore
575 * @tc.desc: Verify the fscrypt V2 restore and decrypt.
576 * @tc.type: FUNC
577 * @tc.require: AR000GK0BP
578 */
579 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_restore, TestSize.Level1)
580 {
581 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
582 return;
583 }
584 EXPECT_EQ(g_testKeyV2->RestoreKey(emptyUserAuth), E_OK);
585 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
586 EXPECT_EQ(g_testKeyV2->ActiveKey(), E_OK);
587
588 // the files is decrypted now
589 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
590 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
591 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
592
593 EXPECT_TRUE(g_testKeyV2->ClearKey());
594 }
595
596 /**
597 * @tc.name: fscrypt_key_v2_load_and_set_policy_default
598 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
599 * @tc.type: FUNC
600 * @tc.require: AR000GK0BO
601 */
602 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_default, TestSize.Level1)
603 {
604 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
605 return;
606 }
607 g_testKeyV2->ClearKey();
608 EXPECT_TRUE(g_testKeyV2->InitKey(true));
609 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
610 EXPECT_EQ(g_testKeyV2->ActiveKey(), E_OK);
611
612 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
613 EXPECT_EQ(0, InitFscryptPolicy());
614
615 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
616 OHOS::ForceCreateDirectory(TEST_DIR_V2);
617 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
618
619 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
620 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
621 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
622 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
623
624 EXPECT_TRUE(g_testKeyV2->ClearKey());
625 }
626 #endif
627
628 /**
629 * @tc.name: fscrypt_key_v1_load_and_set_policy_default
630 * @tc.desc: Verify the fscrypt V1 setpolicy function.
631 * @tc.type: FUNC
632 * @tc.require: AR000GK0BO
633 */
634 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_load_and_set_policy_default, TestSize.Level1)
635 {
636 g_testKeyV1->ClearKey();
637 EXPECT_TRUE(g_testKeyV1->InitKey(true));
638 #ifndef CRYPTO_TEST
639 g_testKeyV1->StoreKey(emptyUserAuth);
640 #else
641 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
642 #endif
643 EXPECT_EQ(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY), E_OK);
644
645 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
646 EXPECT_EQ(0, InitFscryptPolicy());
647
648 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
649 OHOS::ForceCreateDirectory(TEST_DIR_LEGACY);
650 if (KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()) == FSCRYPT_V1) {
651 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV1->GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
652 } else {
653 EXPECT_EQ(-EFAULT, LoadAndSetPolicy(g_testKeyV1->GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
654 }
655
656 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
657 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
658 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
659 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/111111111111111111111111111111111111111111111111", "AA"));
660
661 EXPECT_TRUE(g_testKeyV1->ClearKey());
662 }
663
664 /**
665 * @tc.name: fscrypt_key_storekey_version_test_1
666 * @tc.desc: Verify the fscrypt storekey function.
667 * @tc.type: FUNC
668 * @tc.require: AR000GK0BO
669 */
670 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_1, TestSize.Level1)
671 {
672 EXPECT_TRUE(g_testKeyV1->InitKey(true));
673 #ifndef CRYPTO_TEST
674 // storekey to version 0
675 g_testKeyV1->StoreKey(emptyUserAuth);
676 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
677 std::string keyShieldV0;
678 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
679
680 // storekey to version 1
681 g_testKeyV1->StoreKey(emptyUserAuth);
682 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
683 std::string keyShieldV1;
684 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
685
686 // storekey to version 2
687 g_testKeyV1->StoreKey(emptyUserAuth);
688 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD);
689 std::string keyShieldV2;
690 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2);
691
692 // updatekey will rename version 2 to latest
693 g_testKeyV1->UpdateKey();
694 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
695 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
696 std::string keyShieldLatest;
697 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
698 EXPECT_EQ(keyShieldLatest, keyShieldV2);
699 #else
700 // storekey to version 0
701 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
702 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
703 std::string keyShieldV0;
704 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
705
706 // storekey to version 1
707 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
708 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
709 std::string keyShieldV1;
710 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
711 EXPECT_NE(keyShieldV0, keyShieldV1);
712
713 // storekey to version 2
714 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
715 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD));
716 std::string keyShieldV2;
717 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2));
718 EXPECT_NE(keyShieldV1, keyShieldV2);
719
720 // updatekey will rename version 2 to latest
721 EXPECT_EQ(g_testKeyV1->UpdateKey(), E_OK);
722 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
723 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
724 std::string keyShieldLatest;
725 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
726 EXPECT_EQ(keyShieldLatest, keyShieldV2);
727 #endif
728 }
729
730 /**
731 * @tc.name: fscrypt_key_storekey_version_test_2
732 * @tc.desc: Verify the fscrypt storekey function.
733 * @tc.type: FUNC
734 * @tc.require: AR000GK0BO
735 */
736 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_2, TestSize.Level1)
737 {
738 g_testKeyV1->ClearKey();
739 EXPECT_TRUE(g_testKeyV1->InitKey(true));
740 #ifndef CRYPTO_TEST
741 g_testKeyV1->RestoreKey(emptyUserAuth);
742
743 // storekey to version 0
744 g_testKeyV1->StoreKey(emptyUserAuth);
745 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
746 std::string keyShieldV0;
747 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
748
749 // storekey to version 1
750 g_testKeyV1->StoreKey(emptyUserAuth);
751 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
752 std::string keyShieldV1;
753 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
754
755 // restorekey will decrypt from versions and rename first success one to latest
756 g_testKeyV1->keyInfo_.version = FSCRYPT_V2;
757 g_testKeyV1->RestoreKey(emptyUserAuth);
758 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
759 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
760 std::string keyShieldLatest;
761 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
762 EXPECT_EQ(keyShieldLatest, keyShieldV1);
763 #else
764 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
765
766 // storekey to version 0
767 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
768 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
769 std::string keyShieldV0;
770 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
771
772 // storekey to version 1
773 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
774 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
775 std::string keyShieldV1;
776 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
777
778 // restorekey will decrypt from versions and rename first success one to latest
779 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
780 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
781 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
782 std::string keyShieldLatest;
783 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
784 EXPECT_EQ(keyShieldLatest, keyShieldV1);
785 #endif
786 }
787
788 /**
789 * @tc.name: fscrypt_key_storekey_version_test_3
790 * @tc.desc: Verify the fscrypt storekey function.
791 * @tc.type: FUNC
792 * @tc.require: AR000GK0BO
793 */
794 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_3, TestSize.Level1)
795 {
796 #ifndef CRYPTO_TEST
797 // storekey to version 0
798 g_testKeyV1->StoreKey(emptyUserAuth);
799 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
800 std::string keyShieldV0A;
801 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A);
802
803 // latest dir broken, not affect restore and update operation
804 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
805 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
806 g_testKeyV1->RestoreKey(emptyUserAuth);
807 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
808 std::string keyShieldV0B;
809 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B);
810 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
811 g_testKeyV1->RestoreKey(emptyUserAuth);
812 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
813
814 // latest dir backup also broken, not affect restore and update operation
815 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
816 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
817 g_testKeyV1->RestoreKey(emptyUserAuth);
818 #else
819 // storekey to version 0
820 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
821 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
822 std::string keyShieldV0A;
823 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A));
824
825 // latest dir broken, not affect restore and update operation
826 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
827 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
828 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
829 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
830 std::string keyShieldV0B;
831 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B));
832 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
833 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
834 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
835
836 // latest dir backup also broken, not affect restore and update operation
837 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
838 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
839 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
840 #endif
841 }
842
843 #ifdef SUPPORT_FSCRYPT_V2
844 /**
845 * @tc.name: fscrypt_key_v2_load_and_set_policy_padding_4
846 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
847 * @tc.type: FUNC
848 * @tc.require: AR000GK0BO
849 */
850 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_padding_4, TestSize.Level1)
851 {
852 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
853 return;
854 }
855 g_testKeyV2->ClearKey();
856 EXPECT_TRUE(g_testKeyV2->InitKey(true));
857 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
858 EXPECT_EQ(g_testKeyV2->ActiveKey(), E_OK);
859
860 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
861 EXPECT_EQ(0, InitFscryptPolicy());
862
863 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
864 OHOS::ForceCreateDirectory(TEST_DIR_V2);
865 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
866
867 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
868 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
869 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
870 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
871
872 struct fscrypt_get_policy_ex_arg arg;
873 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
874 arg.policy_size = sizeof(arg.policy);
875 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
876 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
877 EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, arg.policy.v2.filenames_encryption_mode);
878 EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, arg.policy.v2.contents_encryption_mode);
879
880 EXPECT_TRUE(g_testKeyV2->ClearKey());
881 }
882 #endif
883
884 /**
885 * @tc.name: key_manager_generate_delete_user_keys
886 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
887 * @tc.type: FUNC
888 * @tc.require: SR000H0CM9
889 */
890 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_000, TestSize.Level1)
891 {
892 uint32_t userId = 81;
893 const string USER_EL1_DIR = "/data/test/user/el1";
894 const string USER_EL2_DIR = "/data/test/user/el2";
895
896 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
897 EXPECT_EQ(0, InitFscryptPolicy());
898 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
899 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
900 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
901 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
902
903 KeyManager::GetInstance()->InitGlobalDeviceKey();
904 KeyManager::GetInstance()->InitGlobalUserKeys();
905 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
906 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
907 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
908 #ifndef CRYPTO_TEST
909 KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
910 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
911 #else
912 EXPECT_EQ(0, KeyManager::GetInstance()->GenerateUserKeys(userId, 0));
913 EXPECT_EQ(-EEXIST, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // key existed
914 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
915 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
916 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
917 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateKeyContext(userId));
918 KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
919 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->UpdateKeyContext(userId)); // no need to update keycontext
920 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
921 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
922 #endif
923
924 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
925 KeyManager::GetInstance()->InitGlobalDeviceKey();
926 KeyManager::GetInstance()->InitGlobalUserKeys();
927 }
928
929 /**
930 * @tc.name: key_manager_generate_delete_user_keys
931 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
932 * @tc.type: FUNC
933 * @tc.require: SR000H0CM9
934 */
935 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_001, TestSize.Level1)
936 {
937 const string USER_EL1_DIR = "/data/test/user/el1";
938 const string USER_EL2_DIR = "/data/test/user/el2";
939
940 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
941 EXPECT_EQ(0, InitFscryptPolicy());
942 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
943 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
944 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
945 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
946
947 KeyManager::GetInstance()->InitGlobalDeviceKey();
948 KeyManager::GetInstance()->InitGlobalUserKeys();
949 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
950 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
951 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
952
953 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
954 KeyManager::GetInstance()->InitGlobalDeviceKey();
955 KeyManager::GetInstance()->InitGlobalUserKeys();
956 uint32_t userId = 801; // bad userId, not generated
957 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
958 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
959 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
960 {{userId, USER_EL2_DIR}})); // bad keytype
961 EXPECT_EQ(E_PARAMS_NULLPTR_ERR, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
962 EXPECT_EQ(E_PARAMS_INVALID, KeyManager::GetInstance()->UpdateKeyContext(userId));
963 EXPECT_EQ(E_PARAMS_INVALID, KeyManager::GetInstance()->InActiveUserKey(userId));
964 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
965 }
966
967 /**
968 * @tc.name: fscrypt_key_secure_access_control
969 * @tc.desc: Verify the secure access when user have pin code.
970 * @tc.type: FUNC
971 * @tc.require: SR000H0CLT
972 */
973 HWTEST_F(CryptoKeyTest, fscrypt_key_secure_access_control, TestSize.Level1)
974 {
975 g_testKeyV1->ClearKey();
976 EXPECT_TRUE(g_testKeyV1->InitKey(true));
977 #ifndef CRYPTO_TEST
978 g_testKeyV1->StoreKey(emptyUserAuth);
979 #else
980 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
981 #endif
982 std::string token = "bad_token";
983 std::string secret = "bad_secret";
984 std::vector<uint8_t> badToken(token.begin(), token.end());
985 std::vector<uint8_t> badSecret(secret.begin(), secret.end());
986 UserAuth badUserAuth {
987 .token = badToken,
988 .secret = badSecret
989 };
990 EXPECT_NE(g_testKeyV1->RestoreKey(badUserAuth), E_OK);
991 EXPECT_TRUE(g_testKeyV1->ClearKey());
992 }
993
994 /**
995 * @tc.name: fscrypt_sdc_filecrypt
996 * @tc.desc: Verify the sdc interface.
997 * @tc.type: FUNC
998 * @tc.require: SR000H0CLT
999 */
1000 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_001, TestSize.Level1)
1001 {
1002 std::vector<std::string> params;
1003
1004 // test no param
1005 params.clear();
1006 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 0));
1007
1008 // test not filecrypt param
1009 params.clear();
1010 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1011
1012 // test filecrypt cmd not existed
1013 params.push_back("noexisted");
1014 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1015
1016 // test sdc enable
1017 params.push_back("enable");
1018 params.push_back("2:abs-256-cts:aes-256-xts");
1019 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1020 params.clear();
1021 params.push_back("enable");
1022 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1023 params.clear();
1024
1025 // test sdc init_global_key
1026 params.push_back("init_global_key");
1027 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1028 params.clear();
1029
1030 // test sdc init_main_user
1031 params.push_back("init_main_user");
1032 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1033 params.clear();
1034
1035 // test sdc inactive_user_key
1036 params.push_back("inactive_user_key");
1037 params.push_back("id");
1038 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1039 params.clear();
1040 params.push_back("inactive_user_key");
1041 params.push_back("10");
1042 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1043 params.clear();
1044 params.push_back("inactive_user_key");
1045 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1046 params.clear();
1047 }
1048
1049 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_002, TestSize.Level1)
1050 {
1051 std::vector<std::string> params;
1052
1053 // test sdc update_key_context
1054 params.clear();
1055 params.push_back("update_key_context");
1056 params.push_back("id");
1057 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1058 params.clear();
1059 params.push_back("update_key_context");
1060 params.push_back("10");
1061 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1062 params.clear();
1063 params.push_back("update_key_context");
1064 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1065 params.clear();
1066
1067 // test sdc delete_user_keys
1068 params.push_back("delete_user_keys");
1069 params.push_back("id");
1070 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1071 params.clear();
1072 params.push_back("delete_user_keys");
1073 params.push_back("10");
1074 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1075 params.clear();
1076 params.push_back("delete_user_keys");
1077 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1078 params.clear();
1079
1080 // test sdc generate_user_keys
1081 params.push_back("generate_user_keys");
1082 params.push_back("id");
1083 params.push_back("flag");
1084 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1085 params.clear();
1086 params.push_back("generate_user_keys");
1087 params.push_back("10");
1088 params.push_back("0");
1089 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1090 params.clear();
1091 params.push_back("generate_user_keys");
1092 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1093 params.clear();
1094 }
1095
1096 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_003, TestSize.Level1)
1097 {
1098 std::vector<std::string> params;
1099
1100 // test sdc prepare_user_space
1101 params.clear();
1102 params.push_back("prepare_user_space");
1103 params.push_back("id");
1104 params.push_back("flag");
1105 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1106 params.clear();
1107 params.push_back("prepare_user_space");
1108 params.push_back("10");
1109 params.push_back("0");
1110 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1111 params.clear();
1112 params.push_back("prepare_user_space");
1113 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1114 params.clear();
1115
1116 // test sdc destroy_user_space
1117 params.push_back("destroy_user_space");
1118 params.push_back("id");
1119 params.push_back("flag");
1120 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1121 params.clear();
1122 params.push_back("destroy_user_space");
1123 params.push_back("10");
1124 params.push_back("0");
1125 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1126 params.clear();
1127 params.push_back("destroy_user_space");
1128 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1129 params.clear();
1130 }
1131
1132 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_004, TestSize.Level1)
1133 {
1134 std::vector<std::string> params;
1135
1136 // test sdc update_user_auth
1137 params.clear();
1138 params.push_back("update_user_auth");
1139 params.push_back("id");
1140 params.push_back("01234567890abcd");
1141 params.push_back("01234567890abcd");
1142 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1143 params.clear();
1144 params.push_back("update_user_auth");
1145 params.push_back("10");
1146 params.push_back("01234567890abcd");
1147 params.push_back("01234567890abcd");
1148 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1149 params.clear();
1150 params.push_back("update_user_auth");
1151 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1152 params.clear();
1153 params.push_back("update_user_auth");
1154 params.push_back("10");
1155 params.push_back("01234567890abcd");
1156 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1157 params.clear();
1158
1159 // test sdc active_user_key
1160 params.push_back("active_user_key");
1161 params.push_back("id");
1162 params.push_back("01234567890abcd");
1163 params.push_back("01234567890abcd");
1164 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1165 params.clear();
1166 params.push_back("active_user_key");
1167 params.push_back("10");
1168 params.push_back("01234567890abcd");
1169 params.push_back("01234567890abcd");
1170 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1171 params.clear();
1172 params.push_back("active_user_key");
1173 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1174 params.clear();
1175 params.push_back("active_user_key");
1176 params.push_back("10");
1177 params.push_back("01234567890abcd");
1178 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1179 params.clear();
1180 }
1181
1182 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_005, TestSize.Level1)
1183 {
1184 std::vector<std::string> params;
1185
1186 // test sdc unlock_user_screen
1187 params.clear();
1188 params.push_back("unlock_user_screen");
1189 params.push_back("id");
1190 params.push_back("01234567890abcd");
1191 params.push_back("01234567890abcd");
1192 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1193 params.clear();
1194 params.push_back("unlock_user_screen");
1195 params.push_back("10");
1196 params.push_back("01234567890abcd");
1197 params.push_back("01234567890abcd");
1198 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1199 params.clear();
1200 params.push_back("unlock_user_screen");
1201 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1202 params.clear();
1203 params.push_back("unlock_user_screen");
1204 params.push_back("10");
1205 params.push_back("01234567890abcd");
1206 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1207 params.clear();
1208
1209 // test sdc lock_user_screen
1210 params.clear();
1211 params.push_back("lock_user_screen");
1212 params.push_back("id");
1213 params.push_back("01234567890abcd");
1214 params.push_back("01234567890abcd");
1215 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1216 params.clear();
1217 params.push_back("lock_user_screen");
1218 params.push_back("10");
1219 params.push_back("01234567890abcd");
1220 params.push_back("01234567890abcd");
1221 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1222 params.clear();
1223 params.push_back("lock_user_screen");
1224 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1225 params.clear();
1226 params.push_back("lock_user_screen");
1227 params.push_back("10");
1228 params.push_back("01234567890abcd");
1229 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1230 params.clear();
1231 }
1232
1233 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_006, TestSize.Level1)
1234 {
1235 std::vector<std::string> params;
1236
1237 // test sdc generate_app_key
1238 params.clear();
1239 params.push_back("generate_app_key");
1240 params.push_back("id");
1241 params.push_back("01234567890abcd");
1242 params.push_back("01234567890abcd");
1243 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1244 params.clear();
1245 params.push_back("generate_app_key");
1246 params.push_back("10");
1247 params.push_back("01234567890abcd");
1248 params.push_back("01234567890abcd");
1249 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1250 params.clear();
1251 params.push_back("generate_app_key");
1252 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1253 params.clear();
1254 params.push_back("generate_app_key");
1255 params.push_back("10");
1256 params.push_back("01234567890abcd");
1257 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1258 params.clear();
1259
1260 // test sdc delete_app_key
1261 params.clear();
1262 params.push_back("delete_app_key");
1263 params.push_back("id");
1264 params.push_back("01234567890abcd");
1265 params.push_back("01234567890abcd");
1266 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1267 params.clear();
1268 params.push_back("delete_app_key");
1269 params.push_back("10");
1270 params.push_back("01234567890abcd");
1271 params.push_back("01234567890abcd");
1272 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1273 params.clear();
1274 params.push_back("delete_app_key");
1275 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1276 params.clear();
1277 params.push_back("delete_app_key");
1278 params.push_back("10");
1279 params.push_back("01234567890abcd");
1280 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1281 params.clear();
1282 }
1283
1284 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_007, TestSize.Level1)
1285 {
1286 std::vector<std::string> params;
1287
1288 // test sdc Get_unlock_status
1289 params.clear();
1290 params.push_back("Get_unlock_status");
1291 params.push_back("id");
1292 params.push_back("01234567890abcd");
1293 params.push_back("01234567890abcd");
1294 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1295 params.clear();
1296 params.push_back("Get_unlock_status");
1297 params.push_back("10");
1298 params.push_back("01234567890abcd");
1299 params.push_back("01234567890abcd");
1300 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1301 params.clear();
1302 params.push_back("Get_unlock_status");
1303 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1304 params.clear();
1305 params.push_back("Get_unlock_status");
1306 params.push_back("10");
1307 params.push_back("01234567890abcd");
1308 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1309 params.clear();
1310 }
1311
1312 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_008, TestSize.Level1)
1313 {
1314 std::vector<std::string> params;
1315
1316 // test sdc create_recover_key
1317 params.clear();
1318 params.push_back("create_recover_key");
1319 params.push_back("id");
1320 params.push_back("01234567890abcd");
1321 params.push_back("01234567890abcd");
1322 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1323 params.clear();
1324 params.push_back("create_recover_key");
1325 params.push_back("10");
1326 params.push_back("01234567890abcd");
1327 params.push_back("01234567890abcd");
1328 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1329 params.clear();
1330 params.push_back("create_recover_key");
1331 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1332 params.clear();
1333 params.push_back("create_recover_key");
1334 params.push_back("10");
1335 params.push_back("11");
1336 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1337 params.clear();
1338 }
1339
1340 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_009, TestSize.Level1)
1341 {
1342 std::vector<std::string> params;
1343
1344 // test sdc set_recover_key
1345 params.clear();
1346 params.push_back("set_recover_key");
1347 params.push_back("id");
1348 params.push_back("01234567890abcd");
1349 params.push_back("01234567890abcd");
1350 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1351 params.clear();
1352 params.push_back("set_recover_key");
1353 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1354 params.clear();
1355 params.push_back("set_recover_key");
1356 params.push_back("10");
1357 params.push_back("11");
1358 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1359 params.clear();
1360 }
1361
1362 /**
1363 * @tc.name: libfscrypt api test
1364 * @tc.desc: Verify the libfscrypt interface.
1365 * @tc.type: FUNC
1366 * @tc.require: SR000H0CLT
1367 */
1368 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_api, TestSize.Level1)
1369 {
1370 // test api in sysparam_dynamic.c
1371 EXPECT_NE(0, GetFscryptParameter(NULL, NULL, NULL, NULL));
1372 EXPECT_NE(0, SetFscryptParameter(NULL, NULL));
1373
1374 // test api in fscrypt_utils.c
1375 EXPECT_NE(0, FscryptPolicyEnable(NULL));
1376 EXPECT_EQ(0, FscryptPolicyEnable("/data/test/badpath"));
1377 FscryptPolicyEnable("/data/app/el1/bundle/public");
1378 EXPECT_NE(0, SetFscryptSysparam(NULL));
1379
1380 // test api in key_control.c
1381 EXPECT_EQ(FSCRYPT_INVALID_REALPATH, KeyCtrlGetFscryptVersion(NULL));
1382
1383 key_serial_t id = 1;
1384 EXPECT_NE(0, KeyCtrlGetKeyringId(id, 0));
1385
1386 // test api in fscrypt_control.c
1387 EXPECT_NE(0, LoadAndSetPolicy(NULL, NULL));
1388 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts"));
1389 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts:bad-param"));
1390 EXPECT_NE(0, FscryptSetSysparam(NULL));
1391 }
1392
1393 /**
1394 * @tc.name: libfscrypt api test
1395 * @tc.desc: Verify the init_utils.c ReadFileToBuf.
1396 * @tc.type: FUNC
1397 * @tc.require: IBAH0D
1398 */
1399 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_ReadFileToBuf, TestSize.Level1)
1400 {
1401 auto result = ReadFileToBuf(NULL);
1402 EXPECT_EQ(NULL, result);
1403
1404 std::string fileName;
1405 result = ReadFileToBuf(fileName.c_str());
1406 EXPECT_EQ(NULL, result);
1407
1408 fileName = "/data/test/test1.txt";
1409 result = ReadFileToBuf(fileName.c_str());
1410 EXPECT_EQ(NULL, result);
1411
1412 auto fd = open(fileName.c_str(), O_RDWR | O_CREAT);
1413 ASSERT_GT(fd, 0);
1414 result = ReadFileToBuf(fileName.c_str());
1415 EXPECT_EQ(NULL, result);
1416
1417 std::string content = "this is a test";
1418 (void)write(fd, content.c_str(), content.size());
1419 close(fd);
1420 result = ReadFileToBuf(fileName.c_str());
1421 EXPECT_NE(NULL, result);
1422 free(result);
1423 ASSERT_EQ(remove(fileName.c_str()), 0);
1424 }
1425
1426 /**
1427 * @tc.name: libfscrypt api test
1428 * @tc.desc: Verify the init_utils.c SplitString.
1429 * @tc.type: FUNC
1430 * @tc.require: IBAH0D
1431 */
1432 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_SplitString, TestSize.Level1)
1433 {
1434 auto result = SplitString(NULL, NULL, NULL, MAX_WORD_NUM);
1435 EXPECT_EQ(result, -1);
1436
1437 char fileName[] = "a/data/test/test1.txt";
1438 result = SplitString(fileName, NULL, NULL, MAX_WORD_NUM);
1439 EXPECT_EQ(result, -1);
1440
1441 char del = '/';
1442 result = SplitString(fileName, &del, NULL, MAX_WORD_NUM);
1443 EXPECT_EQ(result, -1);
1444
1445 char spiltArr[MAX_WORD_NUM][MAX_WORD_LEN];
1446 result = SplitString(fileName, &del, (char **)spiltArr, MAX_WORD_NUM);
1447 EXPECT_EQ(result, MAX_WORD_NUM);
1448 }
1449 }
1450