1 /*
2 * Copyright (C) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <string>
18 #include <vector>
19
20 #include <cstdlib>
21 #include <fcntl.h>
22 #include <sys/wait.h>
23 #include <unistd.h>
24
25 #include "directory_ex.h"
26 #include "fbex.h"
27 #include "file_ex.h"
28 #include "fscrypt_key_v1.h"
29 #include "fscrypt_key_v1_ext.h"
30 #include "fscrypt_key_v2.h"
31 #include "huks_master.h"
32 #include "key_blob.h"
33 #include "key_manager.h"
34 #include "libfscrypt/fscrypt_control.h"
35 #include "libfscrypt/fscrypt_sysparam.h"
36 #include "libfscrypt/fscrypt_utils.h"
37 #include "libfscrypt/key_control.h"
38 #include "securec.h"
39 #include "storage_service_errno.h"
40 #include "utils/init_utils.h"
41
42 using namespace testing::ext;
43
44 namespace {
45 const std::string TEST_MNT = "/data";
46 const std::string TEST_DIR_LEGACY = "/data/test/crypto_dir_legacy";
47 const std::string TEST_DIR_V2 = "/data/test/crypto_dir";
48 const std::string TEST_KEYPATH = "/data/test/key/el2/80";
49 const std::string TEST_KEYPATH_BAD = "/sys/test/keypath";
50 const std::string TEST_KEYDIR_VERSION0 = "/version_0";
51 const std::string TEST_KEYDIR_VERSION1 = "/version_1";
52 const std::string TEST_KEYDIR_VERSION2 = "/version_2";
53 const std::string TEST_KEYDIR_LATEST = "/latest";
54 const std::string TEST_KEYDIR_LATEST_BACKUP = "/latest_bak";
55 const std::string TEST_POLICY = "/data/test/policy";
56 const std::string USER_KEY_DIR = "/data/service/el1/public/storage_daemon/sd";
57 const std::string USER_KEY_EL1_DIR = USER_KEY_DIR + "/el1";
58 const std::string USER_KEY_EL2_DIR = USER_KEY_DIR + "/el2";
59 const int32_t PARAMS_SIZE_0 = 0;
60 const int32_t PARAMS_SIZE_1 = 1;
61 const int32_t PARAMS_SIZE_2 = 2;
62 const int32_t PARAMS_SIZE_3 = 3;
63 const int32_t PARAMS_SIZE_4 = 4;
64 constexpr int MAX_WORD_NUM = 3;
65 constexpr int MAX_WORD_LEN = 20;
66 auto g_testKeyV1 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV1>(TEST_KEYPATH);
67 auto g_testKeyV2 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV2>(TEST_KEYPATH);
68
69 constexpr uint8_t FIRST_CREATE_KEY = 0x6c;
70 constexpr uint8_t USER_DESTROY = 0x1;
71 }
72
73 namespace OHOS::StorageDaemon {
74 class CryptoKeyTest : public testing::Test {
75 public:
76 static void SetUpTestCase(void);
77 static void TearDownTestCase(void);
78 static int32_t ExecSdcBinary(std::vector<std::string> params, int isCrypt);
79 static int32_t ExecSdcBinaryPidIsZero(std::vector<std::string> params, int isCrypt);
80 void SetUp();
81 void TearDown();
82 UserAuth emptyUserAuth {};
83 };
84
SetUpTestCase(void)85 void CryptoKeyTest::SetUpTestCase(void)
86 {
87 // input testsuit setup step,setup invoked before all testcases
88 }
89
TearDownTestCase(void)90 void CryptoKeyTest::TearDownTestCase(void)
91 {
92 // input testsuit teardown step,teardown invoked after all testcases
93 }
94
SetUp(void)95 void CryptoKeyTest::SetUp(void)
96 {
97 // input testcase setup step,setup invoked before each testcases
98 }
99
TearDown(void)100 void CryptoKeyTest::TearDown(void)
101 {
102 // input testcase teardown step,teardown invoked after each testcases
103 }
104
ExecSdcBinary(std::vector<std::string> params,int isCrypt)105 int32_t CryptoKeyTest::ExecSdcBinary(std::vector<std::string> params, int isCrypt)
106 {
107 pid_t pid = fork();
108 if (pid < 0) {
109 return -EINVAL;
110 }
111 if (pid == 0) {
112 int ret = -EINVAL;
113 if (!isCrypt) {
114 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("nullcmd"), nullptr};
115 ret = execv(argv[0], argv);
116 } else if (params.size() == PARAMS_SIZE_0) {
117 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), nullptr};
118 ret = execv(argv[0], argv);
119 } else if (params.size() == PARAMS_SIZE_1) {
120 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
121 const_cast<char *>(params[0].c_str()), nullptr};
122 ret = execv(argv[0], argv);
123 } else if (params.size() == PARAMS_SIZE_2) {
124 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
125 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()), nullptr};
126 ret = execv(argv[0], argv);
127 } else if (params.size() == PARAMS_SIZE_3) {
128 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
129 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
130 const_cast<char *>(params[2].c_str()), nullptr};
131 ret = execv(argv[0], argv);
132 } else if (params.size() == PARAMS_SIZE_4) {
133 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
134 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
135 const_cast<char *>(params[2].c_str()), const_cast<char *>(params[3].c_str()), nullptr};
136 ret = execv(argv[0], argv);
137 }
138 if (ret) {
139 return -EINVAL;
140 }
141 }
142 int status;
143 pid_t ret = waitpid(pid, &status, 0);
144 if (ret != pid) {
145 return -EINVAL;
146 }
147
148 return 0;
149 }
150
151 /**
152 * @tc.name: fscrypt_key_v1_init
153 * @tc.desc: Verify the InitKey function.
154 * @tc.type: FUNC
155 * @tc.require: AR000GK0BP
156 */
157 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_init, TestSize.Level1)
158 {
159 EXPECT_TRUE(g_testKeyV1->InitKey(true));
160 EXPECT_FALSE(g_testKeyV1->InitKey(true)); // rawkey not empty
161
162 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
163 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
164 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
165 g_testKeyV1->keyInfo_.key.Clear();
166 }
167
168 /**
169 * @tc.name: fscrypt_key_v2_init
170 * @tc.desc: Verify the InitKey function.
171 * @tc.type: FUNC
172 * @tc.require: AR000GK0BP
173 */
174 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_init, TestSize.Level1)
175 {
176 #ifdef SUPPORT_FSCRYPT_V2
177 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
178 return;
179 }
180 EXPECT_TRUE(g_testKeyV2->InitKey(true));
181 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
182 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV2->keyInfo_.key.size);
183 EXPECT_NE(nullptr, g_testKeyV2->keyInfo_.key.data.get());
184 g_testKeyV2->keyInfo_.key.Clear();
185 #else
186 EXPECT_FALSE(g_testKeyV2->InitKey(true));
187 EXPECT_NE(g_testKeyV2->ActiveKey({}), E_OK);
188 EXPECT_NE(g_testKeyV2->InactiveKey(), E_OK);
189 #endif
190 }
191
192 /**
193 * @tc.name: fscrypt_key_v1_store
194 * @tc.desc: Verify the StoreKey function.
195 * @tc.type: FUNC
196 * @tc.require: AR000GK0BP
197 */
198 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_store, TestSize.Level1)
199 {
200 #ifndef CRYPTO_TEST
201 EXPECT_TRUE(g_testKeyV1->InitKey(true));
202 g_testKeyV1->StoreKey(emptyUserAuth);
203
204 std::string buf {};
205 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
206 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf);
207
208 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC);
209 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf);
210
211 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED);
212 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf);
213 #else
214 EXPECT_TRUE(g_testKeyV1->InitKey(true));
215 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
216
217 std::string buf {};
218 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
219 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf));
220
221 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
222 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf));
223 EXPECT_EQ(CRYPTO_KEY_SECDISC_SIZE, buf.size());
224
225 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
226 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf));
227 // the plaintext of 64 bytes, encrypted to 80 bytes size by huks.
228 EXPECT_EQ(80U, buf.size());
229 #endif
230 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
231 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf));
232 ASSERT_EQ(1U, buf.length());
233 EXPECT_EQ('1', buf[0]);
234
235 FscryptKeyV1 g_testKeyV1BadDir {TEST_KEYPATH_BAD};
236 EXPECT_TRUE(g_testKeyV1BadDir.InitKey(true));
237 EXPECT_NE(g_testKeyV1BadDir.StoreKey(emptyUserAuth), E_OK);
238 EXPECT_NE(g_testKeyV1BadDir.UpdateKey(), E_OK);
239 EXPECT_NE(g_testKeyV1BadDir.ActiveKey({}), E_OK);
240 }
241
242 #ifdef SUPPORT_FSCRYPT_V2
243 /**
244 * @tc.name: fscrypt_key_v2_store
245 * @tc.desc: Verify the StoreKey function.
246 * @tc.type: FUNC
247 * @tc.require: AR000GK0BP
248 */
249 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_store, TestSize.Level1)
250 {
251 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
252 return;
253 }
254 g_testKeyV2->ClearKey();
255 EXPECT_TRUE(g_testKeyV2->InitKey(true));
256 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
257 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
258
259 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
260 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
261 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
262 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
263 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SECDISC));
264 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_ENCRYPTED));
265
266 std::string buf {};
267 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
268 ASSERT_EQ(1U, buf.length());
269 EXPECT_EQ('2', buf[0]);
270 }
271
272 /**
273 * @tc.name: fscrypt_key_v2_update
274 * @tc.desc: Verify the UpdateKey function.
275 * @tc.type: FUNC
276 * @tc.require: AR000GK0BP
277 */
278 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_update, TestSize.Level1)
279 {
280 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
281 return;
282 }
283 std::string buf {};
284 EXPECT_EQ(g_testKeyV2->UpdateKey(), E_OK);
285
286 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
287 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
288 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
289 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC));
290 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED));
291 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
292 ASSERT_EQ(1U, buf.length());
293 EXPECT_EQ('2', buf[0]);
294 }
295
296 /**
297 * @tc.name: fscrypt_key_v1_restore_fail_wrong_version
298 * @tc.desc: Verify the RestoreKey function.
299 * @tc.type: FUNC
300 * @tc.require: AR000GK0BP
301 */
302 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore_fail_wrong_version, TestSize.Level1)
303 {
304 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
305 return;
306 }
307 g_testKeyV1->keyInfo_.key.Clear();
308 // the version loaded is v2, not expected v1.
309 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
310 }
311 #endif
312
313 /**
314 * @tc.name: fscrypt_key_v1_restore
315 * @tc.desc: Verify the RestoreKey function.
316 * @tc.type: FUNC
317 * @tc.require: AR000GK0BP
318 */
319 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore, TestSize.Level1)
320 {
321 g_testKeyV1->ClearKey();
322 EXPECT_TRUE(g_testKeyV1->InitKey(true));
323 #ifndef CRYPTO_TEST
324 g_testKeyV1->StoreKey(emptyUserAuth);
325 g_testKeyV1->UpdateKey();
326 g_testKeyV1->RestoreKey(emptyUserAuth);
327
328 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
329 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
330 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
331 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc");
332 #else
333 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
334 EXPECT_EQ(g_testKeyV1->UpdateKey(), E_OK);
335 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
336
337 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
338 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
339 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
340 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc"));
341 #endif
342 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK); // should decrypt failed
343 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC).c_str());
344 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
345 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD).c_str());
346 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
347 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED).c_str());
348 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
349 remove(std::string(TEST_KEYPATH + "/fscrypt_version").c_str());
350 EXPECT_NE(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
351 }
352
353 /**
354 * @tc.name: fscrypt_key_v1_active
355 * @tc.desc: Verify the ActiveKey function of v1 key.
356 * @tc.type: FUNC
357 * @tc.require: AR000GK0BP
358 */
359 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_active, TestSize.Level1)
360 {
361 g_testKeyV1->ClearKey();
362 EXPECT_NE(g_testKeyV1->ActiveKey({}), E_OK); // active empty key should fail
363 EXPECT_TRUE(g_testKeyV1->InitKey(true));
364 #ifndef CRYPTO_TEST
365 g_testKeyV1->StoreKey(emptyUserAuth);
366 #else
367 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
368 #endif
369 EXPECT_FALSE(g_testKeyV1->keyInfo_.key.IsEmpty());
370 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
371
372 EXPECT_EQ(g_testKeyV1->ActiveKey({}, FIRST_CREATE_KEY), E_OK);
373 // raw key should be erase after install to kernel.
374 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
375 EXPECT_TRUE(g_testKeyV1->keyInfo_.keyId.IsEmpty());
376 // key desc saved in memory for later clear key.
377 EXPECT_FALSE(g_testKeyV1->keyInfo_.keyDesc.IsEmpty());
378
379 // v1 key installed, and key_desc was saved on disk.
380 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
381
382 FscryptKeyV1 g_testKeyV1BadLen {TEST_KEYPATH, CRYPTO_AES_256_XTS_KEY_SIZE * 2};
383 EXPECT_TRUE(g_testKeyV1BadLen.InitKey(true));
384 EXPECT_EQ(g_testKeyV1BadLen.InactiveKey(), E_OK);
385 EXPECT_NE(g_testKeyV1BadLen.ActiveKey({}), E_OK);
386 }
387
388 /**
389 * @tc.name: fscrypt_key_v1_clear
390 * @tc.desc: Verify the ClearKey function.
391 * @tc.type: FUNC
392 * @tc.require: AR000GK0BP
393 */
394 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_clear, TestSize.Level1)
395 {
396 EXPECT_TRUE(g_testKeyV1->ClearKey());
397 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
398 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
399 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
400 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
401 }
402
403 /**
404 * @tc.name: fscrypt_key_v1_policy_set
405 * @tc.desc: Verify the fscrypt V1 KeyCtrl::SetPolicy function.
406 * @tc.type: FUNC
407 * @tc.require: AR000GK0BO
408 */
409 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_set, TestSize.Level1)
410 {
411 EXPECT_TRUE(g_testKeyV1->InitKey(true));
412 #ifndef CRYPTO_TEST
413 g_testKeyV1->StoreKey(emptyUserAuth);
414 #else
415 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
416 #endif
417 EXPECT_EQ(g_testKeyV1->ActiveKey({}, FIRST_CREATE_KEY), E_OK);
418
419 FscryptPolicy arg;
420 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
421 arg.v1.version = FSCRYPT_POLICY_V1;
422 (void)memcpy_s(arg.v1.master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE, g_testKeyV1->keyInfo_.keyDesc.data.get(),
423 g_testKeyV1->keyInfo_.keyDesc.size);
424 arg.v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
425 arg.v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
426 arg.v1.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
427 // Default to maximum zero-padding to leak less info about filename lengths.
428 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
429 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
430 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
431
432 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
433 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
434 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
435 }
436
437 /**
438 * @tc.name: fscrypt_key_v1_policy_get
439 * @tc.desc: Verify the fscrypt V1 KeyCtrl::GetPolicy function.
440 * @tc.type: FUNC
441 * @tc.require: AR000GK0BO
442 */
443 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_get, TestSize.Level1)
444 {
445 struct fscrypt_policy arg;
446 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
447 EXPECT_TRUE(KeyCtrlGetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
448 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
449
450 std::string testDir = TEST_DIR_LEGACY + "/test_dir";
451 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
452 EXPECT_TRUE(KeyCtrlGetPolicy(testDir.c_str(), &arg));
453 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
454
455 EXPECT_FALSE(KeyCtrlGetPolicy(NULL, NULL));
456 EXPECT_FALSE(KeyCtrlGetPolicy(testDir.c_str(), NULL));
457 }
458
459 /**
460 * @tc.name: fscrypt_key_v1_key_inactive
461 * @tc.desc: Verify the FscryptKeyV1 InactiveKey function.
462 * @tc.type: FUNC
463 * @tc.require: AR000GK0BO
464 */
465 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_key_inactive, TestSize.Level1)
466 {
467 EXPECT_EQ(g_testKeyV1->InactiveKey(USER_DESTROY), E_OK);
468
469 #ifdef SUPPORT_FSCRYPT_V2
470 EXPECT_FALSE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir1"));
471 EXPECT_FALSE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file3", "AAA"));
472 // earlier kernels may have different behaviour.
473 #endif
474 }
475
476 #ifdef SUPPORT_FSCRYPT_V2
477 /**
478 * @tc.name: fscrypt_key_v2_active
479 * @tc.desc: Verify the fscrypt V2 active function.
480 * @tc.type: FUNC
481 * @tc.require: AR000GK0BP
482 */
483 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_active, TestSize.Level1)
484 {
485 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
486 return;
487 }
488 g_testKeyV2->ClearKey();
489 EXPECT_TRUE(g_testKeyV2->InitKey(true));
490 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
491 EXPECT_EQ(g_testKeyV2->UpdateKey(), E_OK);
492 EXPECT_EQ(g_testKeyV2->ActiveKey({}), E_OK);
493
494 // raw key should be erase after install to kernel.
495 EXPECT_TRUE(g_testKeyV2->keyInfo_.key.IsEmpty());
496 EXPECT_TRUE(g_testKeyV2->keyInfo_.keyDesc.IsEmpty());
497 EXPECT_EQ(static_cast<unsigned int>(FSCRYPT_KEY_IDENTIFIER_SIZE), g_testKeyV2->keyInfo_.keyId.size);
498 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYID));
499 }
500
501 /**
502 * @tc.name: fscrypt_key_v2_policy_set
503 * @tc.desc: Verify the fscrypt V2 setpolicy function.
504 * @tc.type: FUNC
505 * @tc.require: AR000GK0BO
506 */
507 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_set, TestSize.Level1)
508 {
509 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
510 return;
511 }
512 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
513 FscryptPolicy arg;
514 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
515 arg.v2.version = FSCRYPT_POLICY_V2;
516 (void)memcpy_s(arg.v2.master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, g_testKeyV2->keyInfo_.keyId.data.get(),
517 g_testKeyV2->keyInfo_.keyId.size);
518 arg.v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
519 arg.v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
520 arg.v2.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
521 // Default to maximum zero-padding to leak less info about filename lengths.
522 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
523 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2));
524 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_V2.c_str(), &arg));
525
526 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
527 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
528 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
529 }
530
531 /**
532 * @tc.name: fscrypt_key_v2_policy_get
533 * @tc.desc: Verify the fscrypt V2 getpolicy function.
534 * @tc.type: FUNC
535 * @tc.require: AR000GK0BO
536 */
537 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_get, TestSize.Level1)
538 {
539 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
540 return;
541 }
542 struct fscrypt_get_policy_ex_arg arg;
543 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
544 arg.policy_size = sizeof(arg.policy);
545 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
546 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
547
548 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
549 arg.policy_size = sizeof(arg.policy);
550 std::string testDir = TEST_DIR_V2 + "/test_dir";
551 EXPECT_TRUE(KeyCtrlGetPolicyEx(testDir.c_str(), &arg));
552 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
553 }
554
555 /**
556 * @tc.name: fscrypt_key_v2_policy_inactive
557 * @tc.desc: Verify the fscryptV2 InactiveKey function.
558 * @tc.type: FUNC
559 * @tc.require: AR000GK0BP
560 */
561 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_inactive, TestSize.Level1)
562 {
563 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
564 return;
565 }
566 EXPECT_EQ(g_testKeyV2->InactiveKey(), E_OK);
567 // When the v2 policy removed, the files are encrypted.
568 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
569 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
570 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
571 }
572
573 /**
574 * @tc.name: fscrypt_key_v2_policy_restore
575 * @tc.desc: Verify the fscrypt V2 restore and decrypt.
576 * @tc.type: FUNC
577 * @tc.require: AR000GK0BP
578 */
579 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_restore, TestSize.Level1)
580 {
581 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
582 return;
583 }
584 EXPECT_EQ(g_testKeyV2->RestoreKey(emptyUserAuth), E_OK);
585 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
586 EXPECT_EQ(g_testKeyV2->ActiveKey({}), E_OK);
587
588 // the files is decrypted now
589 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
590 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
591 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
592
593 EXPECT_TRUE(g_testKeyV2->ClearKey());
594 }
595
596 /**
597 * @tc.name: fscrypt_key_v2_load_and_set_policy_default
598 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
599 * @tc.type: FUNC
600 * @tc.require: AR000GK0BO
601 */
602 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_default, TestSize.Level1)
603 {
604 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
605 return;
606 }
607 g_testKeyV2->ClearKey();
608 EXPECT_TRUE(g_testKeyV2->InitKey(true));
609 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
610 EXPECT_EQ(g_testKeyV2->ActiveKey({}), E_OK);
611
612 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
613 EXPECT_EQ(0, InitFscryptPolicy());
614
615 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
616 OHOS::ForceCreateDirectory(TEST_DIR_V2);
617 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
618
619 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
620 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
621 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
622 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
623
624 EXPECT_TRUE(g_testKeyV2->ClearKey());
625 }
626 #endif
627
628 /**
629 * @tc.name: fscrypt_key_v1_load_and_set_policy_default
630 * @tc.desc: Verify the fscrypt V1 setpolicy function.
631 * @tc.type: FUNC
632 * @tc.require: AR000GK0BO
633 */
634 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_load_and_set_policy_default, TestSize.Level1)
635 {
636 g_testKeyV1->ClearKey();
637 EXPECT_TRUE(g_testKeyV1->InitKey(true));
638 #ifndef CRYPTO_TEST
639 g_testKeyV1->StoreKey(emptyUserAuth);
640 #else
641 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
642 #endif
643 EXPECT_EQ(g_testKeyV1->ActiveKey({}, FIRST_CREATE_KEY), E_OK);
644
645 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
646 EXPECT_EQ(0, InitFscryptPolicy());
647
648 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
649 OHOS::ForceCreateDirectory(TEST_DIR_LEGACY);
650 if (KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()) == FSCRYPT_V1) {
651 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV1->GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
652 } else {
653 EXPECT_EQ(-EFAULT, LoadAndSetPolicy(g_testKeyV1->GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
654 }
655
656 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
657 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
658 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
659 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/111111111111111111111111111111111111111111111111", "AA"));
660
661 EXPECT_TRUE(g_testKeyV1->ClearKey());
662 }
663
664 /**
665 * @tc.name: fscrypt_key_storekey_version_test_1
666 * @tc.desc: Verify the fscrypt storekey function.
667 * @tc.type: FUNC
668 * @tc.require: AR000GK0BO
669 */
670 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_1, TestSize.Level1)
671 {
672 EXPECT_TRUE(g_testKeyV1->InitKey(true));
673 #ifndef CRYPTO_TEST
674 // storekey to version 0
675 g_testKeyV1->StoreKey(emptyUserAuth);
676 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
677 std::string keyShieldV0;
678 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
679
680 // storekey to version 1
681 g_testKeyV1->StoreKey(emptyUserAuth);
682 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
683 std::string keyShieldV1;
684 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
685
686 // storekey to version 2
687 g_testKeyV1->StoreKey(emptyUserAuth);
688 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD);
689 std::string keyShieldV2;
690 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2);
691
692 // updatekey will rename version 2 to latest
693 g_testKeyV1->UpdateKey();
694 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
695 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
696 std::string keyShieldLatest;
697 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
698 EXPECT_EQ(keyShieldLatest, keyShieldV2);
699 #else
700 // storekey to version 0
701 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
702 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
703 std::string keyShieldV0;
704 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
705
706 // storekey to version 1
707 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
708 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
709 std::string keyShieldV1;
710 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
711 EXPECT_NE(keyShieldV0, keyShieldV1);
712
713 // storekey to version 2
714 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
715 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD));
716 std::string keyShieldV2;
717 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2));
718 EXPECT_NE(keyShieldV1, keyShieldV2);
719
720 // updatekey will rename version 2 to latest
721 EXPECT_EQ(g_testKeyV1->UpdateKey(), E_OK);
722 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
723 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
724 std::string keyShieldLatest;
725 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
726 EXPECT_EQ(keyShieldLatest, keyShieldV2);
727 #endif
728 }
729
730 /**
731 * @tc.name: fscrypt_key_storekey_version_test_2
732 * @tc.desc: Verify the fscrypt storekey function.
733 * @tc.type: FUNC
734 * @tc.require: AR000GK0BO
735 */
736 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_2, TestSize.Level1)
737 {
738 g_testKeyV1->ClearKey();
739 EXPECT_TRUE(g_testKeyV1->InitKey(true));
740 #ifndef CRYPTO_TEST
741 g_testKeyV1->RestoreKey(emptyUserAuth);
742
743 // storekey to version 0
744 g_testKeyV1->StoreKey(emptyUserAuth);
745 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
746 std::string keyShieldV0;
747 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
748
749 // storekey to version 1
750 g_testKeyV1->StoreKey(emptyUserAuth);
751 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
752 std::string keyShieldV1;
753 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
754
755 // restorekey will decrypt from versions and rename first success one to latest
756 g_testKeyV1->keyInfo_.version = KeyCtrlLoadVersion(nullptr);
757 g_testKeyV1->RestoreKey(emptyUserAuth);
758 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
759 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
760 std::string keyShieldLatest;
761 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
762 EXPECT_EQ(keyShieldLatest, keyShieldV1);
763 #else
764 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
765
766 // storekey to version 0
767 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
768 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
769 std::string keyShieldV0;
770 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
771
772 // storekey to version 1
773 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
774 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
775 std::string keyShieldV1;
776 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
777
778 // restorekey will decrypt from versions and rename first success one to latest
779 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
780 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
781 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
782 std::string keyShieldLatest;
783 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
784 EXPECT_EQ(keyShieldLatest, keyShieldV1);
785 #endif
786 }
787
788 /**
789 * @tc.name: fscrypt_key_storekey_version_test_3
790 * @tc.desc: Verify the fscrypt storekey function.
791 * @tc.type: FUNC
792 * @tc.require: AR000GK0BO
793 */
794 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_3, TestSize.Level1)
795 {
796 #ifndef CRYPTO_TEST
797 // storekey to version 0
798 g_testKeyV1->StoreKey(emptyUserAuth);
799 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
800 std::string keyShieldV0A;
801 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A);
802
803 // latest dir broken, not affect restore and update operation
804 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
805 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
806 g_testKeyV1->RestoreKey(emptyUserAuth);
807 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
808 std::string keyShieldV0B;
809 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B);
810 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
811 g_testKeyV1->RestoreKey(emptyUserAuth);
812 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
813
814 // latest dir backup also broken, not affect restore and update operation
815 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
816 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
817 g_testKeyV1->RestoreKey(emptyUserAuth);
818 #else
819 // storekey to version 0
820 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
821 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
822 std::string keyShieldV0A;
823 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A));
824
825 // latest dir broken, not affect restore and update operation
826 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
827 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
828 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
829 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
830 std::string keyShieldV0B;
831 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B));
832 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
833 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
834 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
835
836 // latest dir backup also broken, not affect restore and update operation
837 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
838 EXPECT_NE(g_testKeyV1->UpdateKey(), E_OK);
839 EXPECT_EQ(g_testKeyV1->RestoreKey(emptyUserAuth), E_OK);
840 #endif
841 }
842
843 #ifdef SUPPORT_FSCRYPT_V2
844 /**
845 * @tc.name: fscrypt_key_v2_load_and_set_policy_padding_4
846 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
847 * @tc.type: FUNC
848 * @tc.require: AR000GK0BO
849 */
850 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_padding_4, TestSize.Level1)
851 {
852 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
853 return;
854 }
855 g_testKeyV2->ClearKey();
856 EXPECT_TRUE(g_testKeyV2->InitKey(true));
857 EXPECT_EQ(g_testKeyV2->StoreKey(emptyUserAuth), E_OK);
858 EXPECT_EQ(g_testKeyV2->ActiveKey({}), E_OK);
859
860 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
861 EXPECT_EQ(0, InitFscryptPolicy());
862
863 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
864 OHOS::ForceCreateDirectory(TEST_DIR_V2);
865 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
866
867 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
868 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
869 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
870 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
871
872 struct fscrypt_get_policy_ex_arg arg;
873 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
874 arg.policy_size = sizeof(arg.policy);
875 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
876 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
877 EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, arg.policy.v2.filenames_encryption_mode);
878 EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, arg.policy.v2.contents_encryption_mode);
879
880 EXPECT_TRUE(g_testKeyV2->ClearKey());
881 }
882 #endif
883
884 /**
885 * @tc.name: key_manager_generate_delete_user_keys
886 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
887 * @tc.type: FUNC
888 * @tc.require: SR000H0CM9
889 */
890 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_000, TestSize.Level1)
891 {
892 uint32_t userId = 81;
893 const string USER_EL1_DIR = "/data/test/user/el1";
894 const string USER_EL2_DIR = "/data/test/user/el2";
895
896 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
897 EXPECT_EQ(0, InitFscryptPolicy());
898 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
899 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
900 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
901 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
902
903 KeyManager::GetInstance().InitGlobalDeviceKey();
904 KeyManager::GetInstance().InitGlobalUserKeys();
905 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
906 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
907 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
908 #ifndef CRYPTO_TEST
909 KeyManager::GetInstance().UpdateUserAuth(userId, userTokenSecret);
910 KeyManager::GetInstance().InActiveUserKey(userId); // may fail on some platforms
911 #else
912 EXPECT_EQ(0, KeyManager::GetInstance().GenerateUserKeys(userId, 0));
913 EXPECT_EQ(-EEXIST, KeyManager::GetInstance().GenerateUserKeys(userId, 0)); // key existed
914 EXPECT_EQ(0, KeyManager::GetInstance().SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
915 EXPECT_EQ(0, KeyManager::GetInstance().SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
916 EXPECT_EQ(0, KeyManager::GetInstance().UpdateUserAuth(userId, userTokenSecretNull));
917 EXPECT_EQ(0, KeyManager::GetInstance().UpdateKeyContext(userId));
918 KeyManager::GetInstance().UpdateUserAuth(userId, userTokenSecret);
919 EXPECT_EQ(-EFAULT, KeyManager::GetInstance().UpdateKeyContext(userId)); // no need to update keycontext
920 KeyManager::GetInstance().InActiveUserKey(userId); // may fail on some platforms
921 EXPECT_EQ(0, KeyManager::GetInstance().DeleteUserKeys(userId));
922 #endif
923
924 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
925 KeyManager::GetInstance().InitGlobalDeviceKey();
926 KeyManager::GetInstance().InitGlobalUserKeys();
927 }
928
929 /**
930 * @tc.name: key_manager_generate_delete_user_keys
931 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
932 * @tc.type: FUNC
933 * @tc.require: SR000H0CM9
934 */
935 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_001, TestSize.Level1)
936 {
937 const string USER_EL1_DIR = "/data/test/user/el1";
938 const string USER_EL2_DIR = "/data/test/user/el2";
939
940 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
941 EXPECT_EQ(0, InitFscryptPolicy());
942 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
943 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
944 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
945 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
946
947 KeyManager::GetInstance().InitGlobalDeviceKey();
948 KeyManager::GetInstance().InitGlobalUserKeys();
949 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
950 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
951 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
952
953 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
954 KeyManager::GetInstance().InitGlobalDeviceKey();
955 KeyManager::GetInstance().InitGlobalUserKeys();
956 uint32_t userId = 801; // bad userId, not generated
957 EXPECT_EQ(-ENOENT, KeyManager::GetInstance().SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
958 EXPECT_EQ(-ENOENT, KeyManager::GetInstance().SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
959 EXPECT_EQ(0, KeyManager::GetInstance().SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
960 {{userId, USER_EL2_DIR}})); // bad keytype
961 #ifdef EL5_FILEKEY_MANAGER
962 EXPECT_EQ(E_EL5_DELETE_CLASS_ERROR, KeyManager::GetInstance().UpdateUserAuth(userId, userTokenSecretNull));
963 #else
964 EXPECT_EQ(E_PARAMS_NULLPTR_ERR, KeyManager::GetInstance().UpdateUserAuth(userId, userTokenSecretNull));
965 #endif
966 EXPECT_EQ(E_PARAMS_INVALID, KeyManager::GetInstance().UpdateKeyContext(userId));
967 EXPECT_EQ(E_PARAMS_INVALID, KeyManager::GetInstance().InActiveUserKey(userId));
968 EXPECT_EQ(0, KeyManager::GetInstance().DeleteUserKeys(userId));
969 }
970
971 /**
972 * @tc.name: fscrypt_key_secure_access_control
973 * @tc.desc: Verify the secure access when user have pin code.
974 * @tc.type: FUNC
975 * @tc.require: SR000H0CLT
976 */
977 HWTEST_F(CryptoKeyTest, fscrypt_key_secure_access_control, TestSize.Level1)
978 {
979 g_testKeyV1->ClearKey();
980 EXPECT_TRUE(g_testKeyV1->InitKey(true));
981 #ifndef CRYPTO_TEST
982 g_testKeyV1->StoreKey(emptyUserAuth);
983 #else
984 EXPECT_EQ(g_testKeyV1->StoreKey(emptyUserAuth), E_OK);
985 #endif
986 std::string token = "bad_token";
987 std::string secret = "bad_secret";
988 std::vector<uint8_t> badToken(token.begin(), token.end());
989 std::vector<uint8_t> badSecret(secret.begin(), secret.end());
990 UserAuth badUserAuth {
991 .token = badToken,
992 .secret = badSecret
993 };
994 EXPECT_NE(g_testKeyV1->RestoreKey(badUserAuth), E_OK);
995 EXPECT_TRUE(g_testKeyV1->ClearKey());
996 }
997
998 /**
999 * @tc.name: fscrypt_sdc_filecrypt
1000 * @tc.desc: Verify the sdc interface.
1001 * @tc.type: FUNC
1002 * @tc.require: SR000H0CLT
1003 */
1004 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_001, TestSize.Level1)
1005 {
1006 std::vector<std::string> params;
1007
1008 // test no param
1009 params.clear();
1010 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 0));
1011
1012 // test not filecrypt param
1013 params.clear();
1014 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1015
1016 // test filecrypt cmd not existed
1017 params.push_back("noexisted");
1018 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1019
1020 // test sdc enable
1021 params.push_back("enable");
1022 params.push_back("2:abs-256-cts:aes-256-xts");
1023 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1024 params.clear();
1025 params.push_back("enable");
1026 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1027 params.clear();
1028
1029 // test sdc init_global_key
1030 params.push_back("init_global_key");
1031 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1032 params.clear();
1033
1034 // test sdc init_main_user
1035 params.push_back("init_main_user");
1036 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1037 params.clear();
1038
1039 // test sdc inactive_user_key
1040 params.push_back("inactive_user_key");
1041 params.push_back("id");
1042 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1043 params.clear();
1044 params.push_back("inactive_user_key");
1045 params.push_back("10");
1046 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1047 params.clear();
1048 params.push_back("inactive_user_key");
1049 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1050 params.clear();
1051 }
1052
1053 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_002, TestSize.Level1)
1054 {
1055 std::vector<std::string> params;
1056
1057 // test sdc update_key_context
1058 params.clear();
1059 params.push_back("update_key_context");
1060 params.push_back("id");
1061 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1062 params.clear();
1063 params.push_back("update_key_context");
1064 params.push_back("10");
1065 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1066 params.clear();
1067 params.push_back("update_key_context");
1068 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1069 params.clear();
1070
1071 // test sdc delete_user_keys
1072 params.push_back("delete_user_keys");
1073 params.push_back("id");
1074 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1075 params.clear();
1076 params.push_back("delete_user_keys");
1077 params.push_back("10");
1078 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1079 params.clear();
1080 params.push_back("delete_user_keys");
1081 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1082 params.clear();
1083
1084 // test sdc generate_user_keys
1085 params.push_back("generate_user_keys");
1086 params.push_back("id");
1087 params.push_back("flag");
1088 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1089 params.clear();
1090 params.push_back("generate_user_keys");
1091 params.push_back("10");
1092 params.push_back("0");
1093 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1094 params.clear();
1095 params.push_back("generate_user_keys");
1096 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1097 params.clear();
1098 }
1099
1100 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_003, TestSize.Level1)
1101 {
1102 std::vector<std::string> params;
1103
1104 // test sdc prepare_user_space
1105 params.clear();
1106 params.push_back("prepare_user_space");
1107 params.push_back("id");
1108 params.push_back("flag");
1109 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1110 params.clear();
1111 params.push_back("prepare_user_space");
1112 params.push_back("10");
1113 params.push_back("0");
1114 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1115 params.clear();
1116 params.push_back("prepare_user_space");
1117 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1118 params.clear();
1119
1120 // test sdc destroy_user_space
1121 params.push_back("destroy_user_space");
1122 params.push_back("id");
1123 params.push_back("flag");
1124 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1125 params.clear();
1126 params.push_back("destroy_user_space");
1127 params.push_back("10");
1128 params.push_back("0");
1129 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1130 params.clear();
1131 params.push_back("destroy_user_space");
1132 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1133 params.clear();
1134 }
1135
1136 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_004, TestSize.Level1)
1137 {
1138 std::vector<std::string> params;
1139
1140 // test sdc update_user_auth
1141 params.clear();
1142 params.push_back("update_user_auth");
1143 params.push_back("id");
1144 params.push_back("01234567890abcd");
1145 params.push_back("01234567890abcd");
1146 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1147 params.clear();
1148 params.push_back("update_user_auth");
1149 params.push_back("10");
1150 params.push_back("01234567890abcd");
1151 params.push_back("01234567890abcd");
1152 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1153 params.clear();
1154 params.push_back("update_user_auth");
1155 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1156 params.clear();
1157 params.push_back("update_user_auth");
1158 params.push_back("10");
1159 params.push_back("01234567890abcd");
1160 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1161 params.clear();
1162
1163 // test sdc active_user_key
1164 params.push_back("active_user_key");
1165 params.push_back("id");
1166 params.push_back("01234567890abcd");
1167 params.push_back("01234567890abcd");
1168 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1169 params.clear();
1170 params.push_back("active_user_key");
1171 params.push_back("10");
1172 params.push_back("01234567890abcd");
1173 params.push_back("01234567890abcd");
1174 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1175 params.clear();
1176 params.push_back("active_user_key");
1177 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1178 params.clear();
1179 params.push_back("active_user_key");
1180 params.push_back("10");
1181 params.push_back("01234567890abcd");
1182 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1183 params.clear();
1184 }
1185
1186 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_005, TestSize.Level1)
1187 {
1188 std::vector<std::string> params;
1189
1190 // test sdc unlock_user_screen
1191 params.clear();
1192 params.push_back("unlock_user_screen");
1193 params.push_back("id");
1194 params.push_back("01234567890abcd");
1195 params.push_back("01234567890abcd");
1196 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1197 params.clear();
1198 params.push_back("unlock_user_screen");
1199 params.push_back("10");
1200 params.push_back("01234567890abcd");
1201 params.push_back("01234567890abcd");
1202 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1203 params.clear();
1204 params.push_back("unlock_user_screen");
1205 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1206 params.clear();
1207 params.push_back("unlock_user_screen");
1208 params.push_back("10");
1209 params.push_back("01234567890abcd");
1210 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1211 params.clear();
1212
1213 // test sdc lock_user_screen
1214 params.clear();
1215 params.push_back("lock_user_screen");
1216 params.push_back("id");
1217 params.push_back("01234567890abcd");
1218 params.push_back("01234567890abcd");
1219 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1220 params.clear();
1221 params.push_back("lock_user_screen");
1222 params.push_back("10");
1223 params.push_back("01234567890abcd");
1224 params.push_back("01234567890abcd");
1225 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1226 params.clear();
1227 params.push_back("lock_user_screen");
1228 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1229 params.clear();
1230 params.push_back("lock_user_screen");
1231 params.push_back("10");
1232 params.push_back("01234567890abcd");
1233 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1234 params.clear();
1235 }
1236
1237 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_006, TestSize.Level1)
1238 {
1239 std::vector<std::string> params;
1240
1241 // test sdc generate_app_key
1242 params.clear();
1243 params.push_back("generate_app_key");
1244 params.push_back("id");
1245 params.push_back("01234567890abcd");
1246 params.push_back("01234567890abcd");
1247 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1248 params.clear();
1249 params.push_back("generate_app_key");
1250 params.push_back("10");
1251 params.push_back("01234567890abcd");
1252 params.push_back("01234567890abcd");
1253 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1254 params.clear();
1255 params.push_back("generate_app_key");
1256 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1257 params.clear();
1258 params.push_back("generate_app_key");
1259 params.push_back("10");
1260 params.push_back("01234567890abcd");
1261 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1262 params.clear();
1263
1264 // test sdc delete_app_key
1265 params.clear();
1266 params.push_back("delete_app_key");
1267 params.push_back("id");
1268 params.push_back("01234567890abcd");
1269 params.push_back("01234567890abcd");
1270 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1271 params.clear();
1272 params.push_back("delete_app_key");
1273 params.push_back("10");
1274 params.push_back("01234567890abcd");
1275 params.push_back("01234567890abcd");
1276 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1277 params.clear();
1278 params.push_back("delete_app_key");
1279 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1280 params.clear();
1281 params.push_back("delete_app_key");
1282 params.push_back("10");
1283 params.push_back("01234567890abcd");
1284 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1285 params.clear();
1286 }
1287
1288 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_007, TestSize.Level1)
1289 {
1290 std::vector<std::string> params;
1291
1292 // test sdc Get_unlock_status
1293 params.clear();
1294 params.push_back("Get_unlock_status");
1295 params.push_back("id");
1296 params.push_back("01234567890abcd");
1297 params.push_back("01234567890abcd");
1298 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1299 params.clear();
1300 params.push_back("Get_unlock_status");
1301 params.push_back("10");
1302 params.push_back("01234567890abcd");
1303 params.push_back("01234567890abcd");
1304 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1305 params.clear();
1306 params.push_back("Get_unlock_status");
1307 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1308 params.clear();
1309 params.push_back("Get_unlock_status");
1310 params.push_back("10");
1311 params.push_back("01234567890abcd");
1312 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1313 params.clear();
1314 }
1315
1316 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_008, TestSize.Level1)
1317 {
1318 std::vector<std::string> params;
1319
1320 // test sdc create_recover_key
1321 params.clear();
1322 params.push_back("create_recover_key");
1323 params.push_back("id");
1324 params.push_back("01234567890abcd");
1325 params.push_back("01234567890abcd");
1326 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1327 params.clear();
1328 params.push_back("create_recover_key");
1329 params.push_back("10");
1330 params.push_back("01234567890abcd");
1331 params.push_back("01234567890abcd");
1332 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1333 params.clear();
1334 params.push_back("create_recover_key");
1335 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1336 params.clear();
1337 params.push_back("create_recover_key");
1338 params.push_back("10");
1339 params.push_back("11");
1340 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1341 params.clear();
1342 }
1343
1344 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_009, TestSize.Level1)
1345 {
1346 std::vector<std::string> params;
1347
1348 // test sdc set_recover_key
1349 params.clear();
1350 params.push_back("set_recover_key");
1351 params.push_back("id");
1352 params.push_back("01234567890abcd");
1353 params.push_back("01234567890abcd");
1354 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1355 params.clear();
1356 params.push_back("set_recover_key");
1357 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1358 params.clear();
1359 params.push_back("set_recover_key");
1360 params.push_back("10");
1361 params.push_back("11");
1362 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1363 params.clear();
1364 }
1365
1366 /**
1367 * @tc.name: libfscrypt api test
1368 * @tc.desc: Verify the libfscrypt interface.
1369 * @tc.type: FUNC
1370 * @tc.require: SR000H0CLT
1371 */
1372 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_api, TestSize.Level1)
1373 {
1374 // test api in sysparam_dynamic.c
1375 EXPECT_NE(0, GetFscryptParameter(NULL, NULL, NULL, NULL));
1376 EXPECT_NE(0, SetFscryptParameter(NULL, NULL));
1377
1378 // test api in fscrypt_utils.c
1379 EXPECT_NE(0, FscryptPolicyEnable(NULL));
1380 EXPECT_EQ(0, FscryptPolicyEnable("/data/test/badpath"));
1381 FscryptPolicyEnable("/data/app/el1/bundle/public");
1382 EXPECT_NE(0, SetFscryptSysparam(NULL));
1383
1384 // test api in key_control.c
1385 EXPECT_EQ(FSCRYPT_INVALID_REALPATH, KeyCtrlGetFscryptVersion(NULL));
1386
1387 key_serial_t id = 1;
1388 EXPECT_NE(0, KeyCtrlGetKeyringId(id, 0));
1389
1390 // test api in fscrypt_control.c
1391 EXPECT_NE(0, LoadAndSetPolicy(NULL, NULL));
1392 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts"));
1393 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts:bad-param"));
1394 EXPECT_NE(0, FscryptSetSysparam(NULL));
1395 }
1396
1397 /**
1398 * @tc.name: libfscrypt api test
1399 * @tc.desc: Verify the init_utils.c ReadFileToBuf.
1400 * @tc.type: FUNC
1401 * @tc.require: IBAH0D
1402 */
1403 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_ReadFileToBuf, TestSize.Level1)
1404 {
1405 auto result = ReadFileToBuf(NULL);
1406 EXPECT_EQ(NULL, result);
1407
1408 std::string fileName;
1409 result = ReadFileToBuf(fileName.c_str());
1410 EXPECT_EQ(NULL, result);
1411
1412 fileName = "/data/test/test1.txt";
1413 result = ReadFileToBuf(fileName.c_str());
1414 EXPECT_EQ(NULL, result);
1415
1416 auto fd = open(fileName.c_str(), O_RDWR | O_CREAT);
1417 ASSERT_GT(fd, 0);
1418 result = ReadFileToBuf(fileName.c_str());
1419 EXPECT_EQ(NULL, result);
1420
1421 std::string content = "this is a test";
1422 (void)write(fd, content.c_str(), content.size());
1423 close(fd);
1424 result = ReadFileToBuf(fileName.c_str());
1425 EXPECT_NE(NULL, result);
1426 free(result);
1427 ASSERT_EQ(remove(fileName.c_str()), 0);
1428 }
1429
1430 /**
1431 * @tc.name: libfscrypt api test
1432 * @tc.desc: Verify the init_utils.c SplitString.
1433 * @tc.type: FUNC
1434 * @tc.require: IBAH0D
1435 */
1436 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_SplitString, TestSize.Level1)
1437 {
1438 auto result = SplitString(NULL, NULL, NULL, MAX_WORD_NUM);
1439 EXPECT_EQ(result, -1);
1440
1441 char fileName[] = "a/data/test/test1.txt";
1442 result = SplitString(fileName, NULL, NULL, MAX_WORD_NUM);
1443 EXPECT_EQ(result, -1);
1444
1445 char del = '/';
1446 result = SplitString(fileName, &del, NULL, MAX_WORD_NUM);
1447 EXPECT_EQ(result, -1);
1448
1449 char spiltArr[MAX_WORD_NUM][MAX_WORD_LEN];
1450 result = SplitString(fileName, &del, (char **)spiltArr, MAX_WORD_NUM);
1451 EXPECT_EQ(result, MAX_WORD_NUM);
1452 }
1453 }
1454