• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <linux/fscrypt.h>
18 
19 #include <fscrypt/fscrypt.h>
20 
21 #include <gtest/gtest.h>
22 
23 using namespace android::fscrypt;
24 
25 /* modes not supported by upstream kernel, so not in <linux/fscrypt.h> */
26 #define FSCRYPT_MODE_AES_256_HEH 126
27 #define FSCRYPT_MODE_PRIVATE 127
28 
TestString(unsigned int first_api_level,const std::string instring,const std::string outstring)29 const EncryptionOptions TestString(unsigned int first_api_level, const std::string instring,
30                                    const std::string outstring) {
31     EncryptionOptions options;
32     std::string options_string;
33 
34     EXPECT_TRUE(ParseOptionsForApiLevel(first_api_level, instring, &options));
35     EXPECT_TRUE(OptionsToStringForApiLevel(first_api_level, options, &options_string));
36     EXPECT_EQ(outstring, options_string);
37     return options;
38 }
39 
40 #define TEST_STRING(first_api_level, instring, outstring) \
41     SCOPED_TRACE(instring);                               \
42     auto options = TestString(first_api_level, instring, outstring);
43 
TEST(fscrypt,ParseOptions)44 TEST(fscrypt, ParseOptions) {
45     EncryptionOptions dummy_options;
46 
47     std::vector<std::string> defaults = {
48             "software",
49             "",
50             ":",
51             "::",
52             "aes-256-xts",
53             "aes-256-xts:",
54             "aes-256-xts::",
55             "aes-256-xts:aes-256-cts",
56             "aes-256-xts:aes-256-cts:",
57             ":aes-256-cts",
58             ":aes-256-cts:",
59     };
60     for (const auto& d : defaults) {
61         TEST_STRING(29, d, "aes-256-xts:aes-256-cts:v1");
62         EXPECT_EQ(1, options.version);
63         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
64         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
65         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags);
66     }
67     for (const auto& d : defaults) {
68         TEST_STRING(30, d, "aes-256-xts:aes-256-cts:v2");
69         EXPECT_TRUE(ParseOptionsForApiLevel(30, d, &dummy_options));
70         EXPECT_EQ(2, options.version);
71         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
72         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
73         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags);
74     }
75 
76     EXPECT_FALSE(ParseOptionsForApiLevel(29, "blah", &dummy_options));
77     EXPECT_FALSE(ParseOptionsForApiLevel(30, "blah", &dummy_options));
78 
79     {
80         TEST_STRING(29, "::v1", "aes-256-xts:aes-256-cts:v1");
81         EXPECT_EQ(1, options.version);
82         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
83         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
84         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags);
85     }
86     {
87         TEST_STRING(30, "::v1", "aes-256-xts:aes-256-cts:v1");
88         EXPECT_EQ(1, options.version);
89         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
90         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
91         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags);
92     }
93     {
94         TEST_STRING(29, "::v2", "aes-256-xts:aes-256-cts:v2");
95         EXPECT_EQ(2, options.version);
96         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
97         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
98         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags);
99     }
100     {
101         TEST_STRING(29, "ice", "ice:aes-256-cts:v1");
102         EXPECT_EQ(1, options.version);
103         EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode);
104         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
105         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags);
106     }
107     EXPECT_FALSE(ParseOptionsForApiLevel(29, "ice:blah", &dummy_options));
108 
109     {
110         TEST_STRING(29, "ice:aes-256-cts", "ice:aes-256-cts:v1");
111         EXPECT_EQ(1, options.version);
112         EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode);
113         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
114         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags);
115     }
116 
117     {
118         TEST_STRING(29, "ice:aes-256-heh", "ice:aes-256-heh:v1");
119         EXPECT_EQ(1, options.version);
120         EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode);
121         EXPECT_EQ(FSCRYPT_MODE_AES_256_HEH, options.filenames_mode);
122         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags);
123     }
124     {
125         TEST_STRING(29, "adiantum", "adiantum:adiantum:v1");
126         EXPECT_EQ(1, options.version);
127         EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.contents_mode);
128         EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.filenames_mode);
129         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_DIRECT_KEY, options.flags);
130     }
131     {
132         TEST_STRING(30, "adiantum", "adiantum:adiantum:v2");
133         EXPECT_EQ(2, options.version);
134         EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.contents_mode);
135         EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.filenames_mode);
136         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_DIRECT_KEY, options.flags);
137     }
138     EXPECT_FALSE(ParseOptionsForApiLevel(29, "adiantum:aes-256-cts", &dummy_options));
139     EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum:aes-256-cts", &dummy_options));
140     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:adiantum", &dummy_options));
141     EXPECT_FALSE(ParseOptionsForApiLevel(30, "aes-256-xts:adiantum", &dummy_options));
142     {
143         TEST_STRING(30, "::inlinecrypt_optimized",
144                     "aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized");
145         EXPECT_EQ(2, options.version);
146         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
147         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
148         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags);
149     }
150     {
151         TEST_STRING(30, "aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized",
152                     "aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized");
153         EXPECT_EQ(2, options.version);
154         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
155         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
156         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags);
157     }
158 
159     {
160         TEST_STRING(30, "::emmc_optimized", "aes-256-xts:aes-256-cts:v2+emmc_optimized");
161         EXPECT_EQ(2, options.version);
162         EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
163         EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
164         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32, options.flags);
165     }
166     EXPECT_FALSE(
167             ParseOptionsForApiLevel(30, "::inlinecrypt_optimized+emmc_optimized", &dummy_options));
168     EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::inlinecrypt_optimized", &dummy_options));
169     EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::emmc_optimized", &dummy_options));
170 
171     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:", &dummy_options));
172     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:foo", &dummy_options));
173     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:blah", &dummy_options));
174     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:vblah", &dummy_options));
175     EXPECT_FALSE(ParseOptionsForApiLevel(30, "aes-256-xts:aes-256-cts:v2:", &dummy_options));
176     EXPECT_FALSE(ParseOptionsForApiLevel(30, "aes-256-xts:aes-256-cts:v2:foo", &dummy_options));
177     EXPECT_FALSE(ParseOptionsForApiLevel(30, "aes-256-xts:aes-256-cts:blah", &dummy_options));
178     EXPECT_FALSE(ParseOptionsForApiLevel(30, "aes-256-xts:aes-256-cts:vblah", &dummy_options));
179 }
180 
TEST(fscrypt,ComparePolicies)181 TEST(fscrypt, ComparePolicies) {
182 #define TEST_INEQUALITY(foo, field, value) \
183     {                                      \
184         auto bar = foo;                    \
185         bar.field = value;                 \
186         EXPECT_NE(foo, bar);               \
187     }
188     EncryptionPolicy foo;
189     foo.key_raw_ref = "foo";
190     EncryptionOptions foo_options;
191     foo_options.version = 1;
192     foo_options.contents_mode = 1;
193     foo_options.filenames_mode = 1;
194     foo_options.flags = 1;
195     foo_options.use_hw_wrapped_key = true;
196     foo.options = foo_options;
197     EXPECT_EQ(foo, foo);
198     TEST_INEQUALITY(foo, key_raw_ref, "bar");
199     TEST_INEQUALITY(foo, options.version, 2);
200     TEST_INEQUALITY(foo, options.contents_mode, -1);
201     TEST_INEQUALITY(foo, options.filenames_mode, 3);
202     TEST_INEQUALITY(foo, options.flags, 0);
203     TEST_INEQUALITY(foo, options.use_hw_wrapped_key, false);
204 }
205