1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <string>
18 #include <vector>
19
20 #include <stdlib.h>
21 #include <sys/wait.h>
22 #include <unistd.h>
23
24 #include "directory_ex.h"
25 #include "fbex.h"
26 #include "file_ex.h"
27 #include "fscrypt_key_v1_ext.h"
28 #include "fscrypt_key_v1.h"
29 #include "fscrypt_key_v2.h"
30 #include "huks_master.h"
31 #include "key_blob.h"
32 #include "key_manager.h"
33 #include "libfscrypt/fscrypt_control.h"
34 #include "libfscrypt/fscrypt_sysparam.h"
35 #include "libfscrypt/fscrypt_utils.h"
36 #include "libfscrypt/key_control.h"
37 #include "securec.h"
38
39 using namespace testing::ext;
40 using namespace OHOS::StorageDaemon;
41
42 namespace {
43 const std::string TEST_MNT = "/data";
44 const std::string TEST_DIR_LEGACY = "/data/test/crypto_dir_legacy";
45 const std::string TEST_DIR_V2 = "/data/test/crypto_dir";
46 const std::string TEST_KEYPATH = "/data/test/key/el2/80";
47 const std::string TEST_KEYPATH_BAD = "/sys/test/keypath";
48 const std::string TEST_KEYDIR_VERSION0 = "/version_0";
49 const std::string TEST_KEYDIR_VERSION1 = "/version_1";
50 const std::string TEST_KEYDIR_VERSION2 = "/version_2";
51 const std::string TEST_KEYDIR_LATEST = "/latest";
52 const std::string TEST_KEYDIR_LATEST_BACKUP = "/latest_bak";
53 const std::string TEST_POLICY = "/data/test/policy";
54 const std::string USER_KEY_DIR = "/data/service/el1/public/storage_daemon/sd";
55 const std::string USER_KEY_EL1_DIR = USER_KEY_DIR + "/el1";
56 const std::string USER_KEY_EL2_DIR = USER_KEY_DIR + "/el2";
57 FscryptKeyV1 g_testKeyV1 {TEST_KEYPATH};
58 FscryptKeyV2 g_testKeyV2 {TEST_KEYPATH};
59 }
60
61 class CryptoKeyTest : public testing::Test {
62 public:
63 static void SetUpTestCase(void);
64 static void TearDownTestCase(void);
65 static int32_t ExecSdcBinary(std::vector<std::string> params, int isCrypt);
66 void SetUp();
67 void TearDown();
68 UserAuth emptyUserAuth {};
69 };
70
SetUpTestCase(void)71 void CryptoKeyTest::SetUpTestCase(void)
72 {
73 // input testsuit setup step,setup invoked before all testcases
74 }
75
TearDownTestCase(void)76 void CryptoKeyTest::TearDownTestCase(void)
77 {
78 // input testsuit teardown step,teardown invoked after all testcases
79 }
80
SetUp(void)81 void CryptoKeyTest::SetUp(void)
82 {
83 // input testcase setup step,setup invoked before each testcases
84 }
85
TearDown(void)86 void CryptoKeyTest::TearDown(void)
87 {
88 // input testcase teardown step,teardown invoked after each testcases
89 }
90
ExecSdcBinary(std::vector<std::string> params,int isCrypt)91 int32_t CryptoKeyTest::ExecSdcBinary(std::vector<std::string> params, int isCrypt)
92 {
93 pid_t pid = fork();
94 if (pid < 0) {
95 return -EINVAL;
96 }
97 if (pid == 0) {
98 int ret = -EINVAL;
99 if (!isCrypt) {
100 char * const argv[] = {
101 (char *)"/system/bin/sdc",
102 (char *)"nullcmd",
103 NULL
104 };
105 ret = execv(argv[0], argv);
106 } else if (params.size() == 0) {
107 char * const argv[] = {
108 (char *)"/system/bin/sdc",
109 NULL
110 };
111 ret = execv(argv[0], argv);
112 } else if (params.size() == 1) {
113 char * const argv[] = {
114 (char *)"/system/bin/sdc",
115 (char *)"filecrypt",
116 (char *)params[0].c_str(),
117 NULL
118 };
119 ret = execv(argv[0], argv);
120 } else if (params.size() == 2) {
121 char * const argv[] = {
122 (char *)"/system/bin/sdc",
123 (char *)"filecrypt",
124 (char *)params[0].c_str(),
125 (char *)params[1].c_str(),
126 NULL
127 };
128 ret = execv(argv[0], argv);
129 } else if (params.size() == 3) {
130 char * const argv[] = {
131 (char *)"/system/bin/sdc",
132 (char *)"filecrypt",
133 (char *)params[0].c_str(),
134 (char *)params[1].c_str(),
135 (char *)params[2].c_str(),
136 NULL
137 };
138 ret = execv(argv[0], argv);
139 } else if (params.size() == 4) {
140 char * const argv[] = {
141 (char *)"/system/bin/sdc",
142 (char *)"filecrypt",
143 (char *)params[0].c_str(),
144 (char *)params[1].c_str(),
145 (char *)params[2].c_str(),
146 (char *)params[3].c_str(),
147 NULL
148 };
149 ret = execv(argv[0], argv);
150 }
151 if (ret) {
152 return -EINVAL;
153 }
154 }
155 int status;
156 pid_t ret = waitpid(pid, &status, 0);
157 if (ret != pid) {
158 return -EINVAL;
159 }
160
161 return 0;
162 }
163
164 /**
165 * @tc.name: fscrypt_key_v1_init
166 * @tc.desc: Verify the InitKey function.
167 * @tc.type: FUNC
168 * @tc.require: AR000GK0BP
169 */
170 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_init, TestSize.Level1)
171 {
172 EXPECT_TRUE(g_testKeyV1.InitKey());
173 EXPECT_FALSE(g_testKeyV1.InitKey()); // rawkey not empty
174
175 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
176 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1.keyInfo_.key.size);
177 EXPECT_NE(nullptr, g_testKeyV1.keyInfo_.key.data.get());
178 g_testKeyV1.keyInfo_.key.Clear();
179 }
180
181 /**
182 * @tc.name: fscrypt_key_v2_init
183 * @tc.desc: Verify the InitKey function.
184 * @tc.type: FUNC
185 * @tc.require: AR000GK0BP
186 */
187 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_init, TestSize.Level1)
188 {
189 #ifdef SUPPORT_FSCRYPT_V2
190 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
191 return;
192 }
193 EXPECT_TRUE(g_testKeyV2.InitKey());
194 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
195 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV2.keyInfo_.key.size);
196 EXPECT_NE(nullptr, g_testKeyV2.keyInfo_.key.data.get());
197 g_testKeyV2.keyInfo_.key.Clear();
198 #else
199 EXPECT_FALSE(g_testKeyV2.InitKey());
200 EXPECT_FALSE(g_testKeyV2.ActiveKey());
201 EXPECT_FALSE(g_testKeyV2.InactiveKey());
202 #endif
203 }
204
205 /**
206 * @tc.name: fscrypt_key_v1_store
207 * @tc.desc: Verify the StoreKey function.
208 * @tc.type: FUNC
209 * @tc.require: AR000GK0BP
210 */
211 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_store, TestSize.Level1)
212 {
213 EXPECT_TRUE(g_testKeyV1.InitKey());
214 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
215
216 std::string buf {};
217 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
218 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf));
219
220 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
221 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf));
222 EXPECT_EQ(CRYPTO_KEY_SECDISC_SIZE, buf.size());
223
224 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
225 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf));
226 // the plaintext of 64 bytes, encrypted to 80 bytes size by huks.
227 EXPECT_EQ(80U, buf.size());
228
229 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
230 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf));
231 EXPECT_EQ(1U, buf.length());
232 EXPECT_EQ('1', buf[0]);
233
234 FscryptKeyV1 g_testKeyV1BadDir {TEST_KEYPATH_BAD};
235 EXPECT_TRUE(g_testKeyV1BadDir.InitKey());
236 EXPECT_FALSE(g_testKeyV1BadDir.StoreKey(emptyUserAuth));
237 EXPECT_FALSE(g_testKeyV1BadDir.UpdateKey());
238 EXPECT_FALSE(g_testKeyV1BadDir.ActiveKey());
239 }
240
241 #ifdef SUPPORT_FSCRYPT_V2
242 /**
243 * @tc.name: fscrypt_key_v2_store
244 * @tc.desc: Verify the StoreKey function.
245 * @tc.type: FUNC
246 * @tc.require: AR000GK0BP
247 */
248 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_store, TestSize.Level1)
249 {
250 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
251 return;
252 }
253 g_testKeyV2.ClearKey();
254 EXPECT_TRUE(g_testKeyV2.InitKey());
255 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
256 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
257
258 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
259 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
260 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
261 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
262 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SECDISC));
263 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_ENCRYPTED));
264
265 std::string buf {};
266 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
267 EXPECT_EQ(1U, buf.length());
268 EXPECT_EQ('2', buf[0]);
269 }
270
271 /**
272 * @tc.name: fscrypt_key_v2_update
273 * @tc.desc: Verify the UpdateKey function.
274 * @tc.type: FUNC
275 * @tc.require: AR000GK0BP
276 */
277 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_update, TestSize.Level1)
278 {
279 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
280 return;
281 }
282 std::string buf {};
283 EXPECT_TRUE(g_testKeyV2.UpdateKey());
284
285 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
286 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
287 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
288 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC));
289 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED));
290 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
291 EXPECT_EQ(1U, buf.length());
292 EXPECT_EQ('2', buf[0]);
293 }
294
295 /**
296 * @tc.name: fscrypt_key_v1_restore_fail_wrong_version
297 * @tc.desc: Verify the RestoreKey function.
298 * @tc.type: FUNC
299 * @tc.require: AR000GK0BP
300 */
301 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore_fail_wrong_version, TestSize.Level1)
302 {
303 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
304 return;
305 }
306 g_testKeyV1.keyInfo_.key.Clear();
307 // the version loaded is v2, not expected v1.
308 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
309 }
310 #endif
311
312 /**
313 * @tc.name: fscrypt_key_v1_restore
314 * @tc.desc: Verify the RestoreKey function.
315 * @tc.type: FUNC
316 * @tc.require: AR000GK0BP
317 */
318 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore, TestSize.Level1)
319 {
320 g_testKeyV1.ClearKey();
321 EXPECT_TRUE(g_testKeyV1.InitKey());
322 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
323 EXPECT_TRUE(g_testKeyV1.UpdateKey());
324 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
325
326 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1.keyInfo_.key.size);
327 EXPECT_NE(nullptr, g_testKeyV1.keyInfo_.key.data.get());
328 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
329 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc"));
330 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth)); // should decrypt failed
331 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC).c_str());
332 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
333 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD).c_str());
334 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
335 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED).c_str());
336 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
337 remove(std::string(TEST_KEYPATH + "/fscrypt_version").c_str());
338 EXPECT_FALSE(g_testKeyV1.RestoreKey(emptyUserAuth));
339 }
340
341 /**
342 * @tc.name: fscrypt_key_v1_active
343 * @tc.desc: Verify the ActiveKey function of v1 key.
344 * @tc.type: FUNC
345 * @tc.require: AR000GK0BP
346 */
347 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_active, TestSize.Level1)
348 {
349 g_testKeyV1.ClearKey();
350 EXPECT_FALSE(g_testKeyV1.ActiveKey()); // active empty key should fail
351 EXPECT_TRUE(g_testKeyV1.InitKey());
352 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
353 EXPECT_FALSE(g_testKeyV1.keyInfo_.key.IsEmpty());
354 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1.keyInfo_.version);
355
356 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
357 // raw key should be erase after install to kernel.
358 EXPECT_TRUE(g_testKeyV1.keyInfo_.key.IsEmpty());
359 EXPECT_TRUE(g_testKeyV1.keyInfo_.keyId.IsEmpty());
360 // key desc saved in memory for later clear key.
361 EXPECT_FALSE(g_testKeyV1.keyInfo_.keyDesc.IsEmpty());
362
363 // v1 key installed, and key_desc was saved on disk.
364 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
365
366 FscryptKeyV1 g_testKeyV1BadLen {TEST_KEYPATH, CRYPTO_AES_256_XTS_KEY_SIZE * 2};
367 EXPECT_TRUE(g_testKeyV1BadLen.InitKey());
368 EXPECT_FALSE(g_testKeyV1BadLen.InactiveKey());
369 EXPECT_FALSE(g_testKeyV1BadLen.ActiveKey());
370 }
371
372 /**
373 * @tc.name: fscrypt_key_v1_clear
374 * @tc.desc: Verify the ClearKey function.
375 * @tc.type: FUNC
376 * @tc.require: AR000GK0BP
377 */
378 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_clear, TestSize.Level1)
379 {
380 EXPECT_TRUE(g_testKeyV1.ClearKey());
381 EXPECT_TRUE(g_testKeyV1.keyInfo_.key.IsEmpty());
382 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
383 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
384 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
385 }
386
387
388 /**
389 * @tc.name: fscrypt_key_v1_policy_set
390 * @tc.desc: Verify the fscrypt V1 KeyCtrl::SetPolicy function.
391 * @tc.type: FUNC
392 * @tc.require: AR000GK0BO
393 */
394 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_set, TestSize.Level1)
395 {
396 EXPECT_TRUE(g_testKeyV1.InitKey());
397 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
398 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
399
400 FscryptPolicy arg;
401 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
402 arg.v1.version = FSCRYPT_POLICY_V1;
403 (void)memcpy_s(arg.v1.master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE, g_testKeyV1.keyInfo_.keyDesc.data.get(),
404 g_testKeyV1.keyInfo_.keyDesc.size);
405 arg.v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
406 arg.v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
407 arg.v1.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
408 // Default to maximum zero-padding to leak less info about filename lengths.
409 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
410 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
411 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
412
413 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
414 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
415 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
416 }
417
418 /**
419 * @tc.name: fscrypt_key_v1_policy_get
420 * @tc.desc: Verify the fscrypt V1 KeyCtrl::GetPolicy function.
421 * @tc.type: FUNC
422 * @tc.require: AR000GK0BO
423 */
424 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_get, TestSize.Level1)
425 {
426 struct fscrypt_policy arg;
427 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
428 EXPECT_TRUE(KeyCtrlGetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
429 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
430
431 std::string testDir = TEST_DIR_LEGACY + "/test_dir";
432 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
433 EXPECT_TRUE(KeyCtrlGetPolicy(testDir.c_str(), &arg));
434 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
435
436 EXPECT_FALSE(KeyCtrlGetPolicy(NULL, NULL));
437 EXPECT_FALSE(KeyCtrlGetPolicy(testDir.c_str(), NULL));
438 }
439
440 /**
441 * @tc.name: fscrypt_key_v1_key_inactive
442 * @tc.desc: Verify the FscryptKeyV1 InactiveKey function.
443 * @tc.type: FUNC
444 * @tc.require: AR000GK0BO
445 */
446 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_key_inactive, TestSize.Level1)
447 {
448 EXPECT_TRUE(g_testKeyV1.InactiveKey(USER_DESTROY));
449
450 #ifdef SUPPORT_FSCRYPT_V2
451 EXPECT_FALSE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir1"));
452 EXPECT_FALSE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file3", "AAA"));
453 // earlier kernels may have different behaviour.
454 #endif
455 }
456
457 #ifdef SUPPORT_FSCRYPT_V2
458 /**
459 * @tc.name: fscrypt_key_v2_active
460 * @tc.desc: Verify the fscrypt V2 active function.
461 * @tc.type: FUNC
462 * @tc.require: AR000GK0BP
463 */
464 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_active, TestSize.Level1)
465 {
466 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
467 return;
468 }
469 g_testKeyV2.ClearKey();
470 EXPECT_TRUE(g_testKeyV2.InitKey());
471 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
472 EXPECT_TRUE(g_testKeyV2.ActiveKey());
473
474 // raw key should be erase after install to kernel.
475 EXPECT_TRUE(g_testKeyV2.keyInfo_.key.IsEmpty());
476 EXPECT_TRUE(g_testKeyV2.keyInfo_.keyDesc.IsEmpty());
477 EXPECT_EQ(static_cast<unsigned int>(FSCRYPT_KEY_IDENTIFIER_SIZE), g_testKeyV2.keyInfo_.keyId.size);
478 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYID));
479 }
480
481 /**
482 * @tc.name: fscrypt_key_v2_policy_set
483 * @tc.desc: Verify the fscrypt V2 setpolicy function.
484 * @tc.type: FUNC
485 * @tc.require: AR000GK0BO
486 */
487 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_set, TestSize.Level1)
488 {
489 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
490 return;
491 }
492 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
493 FscryptPolicy arg;
494 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
495 arg.v2.version = FSCRYPT_POLICY_V2;
496 (void)memcpy_s(arg.v2.master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, g_testKeyV2.keyInfo_.keyId.data.get(),
497 g_testKeyV2.keyInfo_.keyId.size);
498 arg.v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
499 arg.v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
500 arg.v2.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
501 // Default to maximum zero-padding to leak less info about filename lengths.
502 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
503 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2));
504 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_V2.c_str(), &arg));
505
506 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
507 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
508 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
509 }
510
511 /**
512 * @tc.name: fscrypt_key_v2_policy_get
513 * @tc.desc: Verify the fscrypt V2 getpolicy function.
514 * @tc.type: FUNC
515 * @tc.require: AR000GK0BO
516 */
517 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_get, TestSize.Level1)
518 {
519 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
520 return;
521 }
522 struct fscrypt_get_policy_ex_arg arg;
523 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
524 arg.policy_size = sizeof(arg.policy);
525 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
526 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
527
528 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
529 arg.policy_size = sizeof(arg.policy);
530 std::string testDir = TEST_DIR_V2 + "/test_dir";
531 EXPECT_TRUE(KeyCtrlGetPolicyEx(testDir.c_str(), &arg));
532 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
533 }
534
535 /**
536 * @tc.name: fscrypt_key_v2_policy_inactive
537 * @tc.desc: Verify the fscryptV2 InactiveKey function.
538 * @tc.type: FUNC
539 * @tc.require: AR000GK0BP
540 */
541 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_inactive, TestSize.Level1)
542 {
543 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
544 return;
545 }
546 EXPECT_TRUE(g_testKeyV2.InactiveKey());
547 // When the v2 policy removed, the files are encrypted.
548 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
549 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
550 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
551 }
552
553 /**
554 * @tc.name: fscrypt_key_v2_policy_restore
555 * @tc.desc: Verify the fscrypt V2 restore and decrypt.
556 * @tc.type: FUNC
557 * @tc.require: AR000GK0BP
558 */
559 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_restore, TestSize.Level1)
560 {
561 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
562 return;
563 }
564 EXPECT_TRUE(g_testKeyV2.RestoreKey(emptyUserAuth));
565 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2.keyInfo_.version);
566 EXPECT_TRUE(g_testKeyV2.ActiveKey());
567
568 // the files is decrypted now
569 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
570 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
571 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
572
573 EXPECT_TRUE(g_testKeyV2.ClearKey());
574 }
575
576 /**
577 * @tc.name: fscrypt_key_v2_load_and_set_policy_default
578 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
579 * @tc.type: FUNC
580 * @tc.require: AR000GK0BO
581 */
582 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_default, TestSize.Level1)
583 {
584 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
585 return;
586 }
587 g_testKeyV2.ClearKey();
588 EXPECT_TRUE(g_testKeyV2.InitKey());
589 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
590 EXPECT_TRUE(g_testKeyV2.ActiveKey());
591
592 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
593 EXPECT_EQ(0, InitFscryptPolicy());
594
595 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
596 OHOS::ForceCreateDirectory(TEST_DIR_V2);
597 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2.GetDir().c_str(), TEST_DIR_V2.c_str()));
598
599 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
600 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
601 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
602 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
603
604 EXPECT_TRUE(g_testKeyV2.ClearKey());
605 }
606 #endif
607
608 /**
609 * @tc.name: fscrypt_key_v1_load_and_set_policy_default
610 * @tc.desc: Verify the fscrypt V1 setpolicy function.
611 * @tc.type: FUNC
612 * @tc.require: AR000GK0BO
613 */
614 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_load_and_set_policy_default, TestSize.Level1)
615 {
616 g_testKeyV1.ClearKey();
617 EXPECT_TRUE(g_testKeyV1.InitKey());
618 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
619 EXPECT_TRUE(g_testKeyV1.ActiveKey(FIRST_CREATE_KEY));
620
621 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
622 EXPECT_EQ(0, InitFscryptPolicy());
623
624 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
625 OHOS::ForceCreateDirectory(TEST_DIR_LEGACY);
626 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV1.GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
627
628 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
629 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
630 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
631 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/111111111111111111111111111111111111111111111111", "AA"));
632
633 EXPECT_TRUE(g_testKeyV1.ClearKey());
634 }
635
636 /**
637 * @tc.name: fscrypt_key_storekey_version_test_1
638 * @tc.desc: Verify the fscrypt storekey function.
639 * @tc.type: FUNC
640 * @tc.require: AR000GK0BO
641 */
642 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_1, TestSize.Level1)
643 {
644 EXPECT_TRUE(g_testKeyV1.InitKey());
645
646 // storekey to version 0
647 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
648 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
649 std::string keyShieldV0;
650 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
651
652 // storekey to version 1
653 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
654 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
655 std::string keyShieldV1;
656 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
657 EXPECT_NE(keyShieldV0, keyShieldV1);
658
659 // storekey to version 2
660 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
661 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD));
662 std::string keyShieldV2;
663 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2));
664 EXPECT_NE(keyShieldV1, keyShieldV2);
665
666 // updatekey will rename version 2 to latest
667 EXPECT_TRUE(g_testKeyV1.UpdateKey());
668 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
669 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
670 std::string keyShieldLatest;
671 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
672 EXPECT_EQ(keyShieldLatest, keyShieldV2);
673 }
674
675 /**
676 * @tc.name: fscrypt_key_storekey_version_test_2
677 * @tc.desc: Verify the fscrypt storekey function.
678 * @tc.type: FUNC
679 * @tc.require: AR000GK0BO
680 */
681 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_2, TestSize.Level1)
682 {
683 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
684
685 // storekey to version 0
686 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
687 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
688 std::string keyShieldV0;
689 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
690
691 // storekey to version 1
692 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
693 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
694 std::string keyShieldV1;
695 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
696
697 // restorekey will decrypt from versions and rename first success one to latest
698 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
699 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
700 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
701 std::string keyShieldLatest;
702 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
703 EXPECT_EQ(keyShieldLatest, keyShieldV1);
704 }
705
706 /**
707 * @tc.name: fscrypt_key_storekey_version_test_3
708 * @tc.desc: Verify the fscrypt storekey function.
709 * @tc.type: FUNC
710 * @tc.require: AR000GK0BO
711 */
712 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_3, TestSize.Level1)
713 {
714 // storekey to version 0
715 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
716 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
717 std::string keyShieldV0A;
718 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A));
719
720 // latest dir broken, not affect restore and update operation
721 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
722 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
723 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
724 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
725 std::string keyShieldV0B;
726 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B));
727 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
728 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
729 EXPECT_FALSE(g_testKeyV1.UpdateKey());
730
731 // latest dir backup also broken, not affect restore and update operation
732 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
733 EXPECT_FALSE(g_testKeyV1.UpdateKey());
734 EXPECT_TRUE(g_testKeyV1.RestoreKey(emptyUserAuth));
735 }
736
737 #ifdef SUPPORT_FSCRYPT_V2
738 /**
739 * @tc.name: fscrypt_key_v2_load_and_set_policy_padding_4
740 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
741 * @tc.type: FUNC
742 * @tc.require: AR000GK0BO
743 */
744 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_padding_4, TestSize.Level1)
745 {
746 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
747 return;
748 }
749 g_testKeyV2.ClearKey();
750 EXPECT_TRUE(g_testKeyV2.InitKey());
751 EXPECT_TRUE(g_testKeyV2.StoreKey(emptyUserAuth));
752 EXPECT_TRUE(g_testKeyV2.ActiveKey());
753
754 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
755 EXPECT_EQ(0, InitFscryptPolicy());
756
757 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
758 OHOS::ForceCreateDirectory(TEST_DIR_V2);
759 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2.GetDir().c_str(), TEST_DIR_V2.c_str()));
760
761 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
762 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
763 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
764 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
765
766 struct fscrypt_get_policy_ex_arg arg;
767 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
768 arg.policy_size = sizeof(arg.policy);
769 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
770 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
771 EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, arg.policy.v2.filenames_encryption_mode);
772 EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, arg.policy.v2.contents_encryption_mode);
773
774 EXPECT_TRUE(g_testKeyV2.ClearKey());
775 }
776 #endif
777
778 /**
779 * @tc.name: key_manager_generate_delete_user_keys
780 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
781 * @tc.type: FUNC
782 * @tc.require: SR000H0CM9
783 */
784 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys, TestSize.Level1)
785 {
786 uint32_t userId = 81;
787 const string USER_EL1_DIR = "/data/test/user/el1";
788 const string USER_EL2_DIR = "/data/test/user/el2";
789
790 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
791 EXPECT_EQ(0, InitFscryptPolicy());
792 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
793 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
794 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
795 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
796
797 OHOS::ForceRemoveDirectory(USER_KEY_EL1_DIR);
798 OHOS::ForceRemoveDirectory(USER_KEY_EL2_DIR);
799 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // no user_el1_dir
800
801 KeyManager::GetInstance()->InitGlobalDeviceKey();
802 KeyManager::GetInstance()->InitGlobalUserKeys();
803 EXPECT_EQ(0, KeyManager::GetInstance()->GenerateUserKeys(userId, 0));
804 EXPECT_EQ(-EEXIST, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // key existed
805 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
806 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
807 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, 0, {}, {}, {}));
808 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateKeyContext(userId));
809 KeyManager::GetInstance()->UpdateUserAuth(userId, 0, {'t', 'o', 'k', 'e', 'n'}, {}, {'s', 'e', 'c', 'r', 'e', 't'});
810 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->UpdateKeyContext(userId)); // no need to update keycontext
811 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
812 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
813 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {})); /// have been actived, also return 0
814 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
815
816 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
817 KeyManager::GetInstance()->InitGlobalDeviceKey();
818 KeyManager::GetInstance()->InitGlobalUserKeys();
819 userId = 801; // bad userId, not generated
820 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
821 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
822 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
823 {{userId, USER_EL2_DIR}})); // bad keytype
824 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateUserAuth(userId, 0, {}, {}, {}));
825 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateKeyContext(userId));
826 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->InActiveUserKey(userId));
827 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
828 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->DeleteUserKeys(userId));
829 }
830
831 /**
832 * @tc.name: fscrypt_key_secure_access_control
833 * @tc.desc: Verify the secure access when user have pin code.
834 * @tc.type: FUNC
835 * @tc.require: SR000H0CLT
836 */
837 HWTEST_F(CryptoKeyTest, fscrypt_key_secure_access_control, TestSize.Level1)
838 {
839 g_testKeyV1.ClearKey();
840 EXPECT_TRUE(g_testKeyV1.InitKey());
841 EXPECT_TRUE(g_testKeyV1.StoreKey(emptyUserAuth));
842
843 std::string token = "bad_token";
844 std::string secret = "bad_secret";
845 std::vector<uint8_t> badToken(token.begin(), token.end());
846 std::vector<uint8_t> badSecret(secret.begin(), secret.end());
847 UserAuth badUserAuth {
848 .token = badToken,
849 .secret = badSecret
850 };
851 EXPECT_FALSE(g_testKeyV1.RestoreKey(badUserAuth));
852 EXPECT_TRUE(g_testKeyV1.ClearKey());
853 }
854
855 /**
856 * @tc.name: fscrypt_sdc_filecrypt
857 * @tc.desc: Verify the sdc interface.
858 * @tc.type: FUNC
859 * @tc.require: SR000H0CLT
860 */
861 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt, TestSize.Level1)
862 {
863 std::vector<std::string> params;
864
865 // test no param
866 params.clear();
867 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 0));
868
869 // test not filecrypt param
870 params.clear();
871 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
872
873 // test filecrypt cmd not existed
874 params.push_back("noexisted");
875 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
876
877 // test sdc enable
878 params.push_back("enable");
879 params.push_back("2:abs-256-cts:aes-256-xts");
880 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
881 params.clear();
882 params.push_back("enable");
883 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
884 params.clear();
885
886 // test sdc init_global_key
887 params.push_back("init_global_key");
888 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
889 params.clear();
890
891 // test sdc init_main_user
892 params.push_back("init_main_user");
893 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
894 params.clear();
895
896 // test sdc inactive_user_key
897 params.push_back("inactive_user_key");
898 params.push_back("id");
899 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
900 params.clear();
901 params.push_back("inactive_user_key");
902 params.push_back("10");
903 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
904 params.clear();
905 params.push_back("inactive_user_key");
906 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
907 params.clear();
908
909 // test sdc update_key_context
910 params.push_back("update_key_context");
911 params.push_back("id");
912 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
913 params.clear();
914 params.push_back("update_key_context");
915 params.push_back("10");
916 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
917 params.clear();
918 params.push_back("update_key_context");
919 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
920 params.clear();
921
922 // test sdc delete_user_keys
923 params.push_back("delete_user_keys");
924 params.push_back("id");
925 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
926 params.clear();
927 params.push_back("delete_user_keys");
928 params.push_back("10");
929 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
930 params.clear();
931 params.push_back("delete_user_keys");
932 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
933 params.clear();
934
935 // test sdc generate_user_keys
936 params.push_back("generate_user_keys");
937 params.push_back("id");
938 params.push_back("flag");
939 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
940 params.clear();
941 params.push_back("generate_user_keys");
942 params.push_back("10");
943 params.push_back("0");
944 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
945 params.clear();
946 params.push_back("generate_user_keys");
947 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
948 params.clear();
949
950 // test sdc prepare_user_space
951 params.push_back("prepare_user_space");
952 params.push_back("id");
953 params.push_back("flag");
954 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
955 params.clear();
956 params.push_back("prepare_user_space");
957 params.push_back("10");
958 params.push_back("0");
959 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
960 params.clear();
961 params.push_back("prepare_user_space");
962 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
963 params.clear();
964
965 // test sdc destroy_user_space
966 params.push_back("destroy_user_space");
967 params.push_back("id");
968 params.push_back("flag");
969 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
970 params.clear();
971 params.push_back("destroy_user_space");
972 params.push_back("10");
973 params.push_back("0");
974 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
975 params.clear();
976 params.push_back("destroy_user_space");
977 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
978 params.clear();
979
980 // test sdc update_user_auth
981 params.push_back("update_user_auth");
982 params.push_back("id");
983 params.push_back("01234567890abcd");
984 params.push_back("01234567890abcd");
985 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
986 params.clear();
987 params.push_back("update_user_auth");
988 params.push_back("10");
989 params.push_back("01234567890abcd");
990 params.push_back("01234567890abcd");
991 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
992 params.clear();
993 params.push_back("update_user_auth");
994 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
995 params.clear();
996 params.push_back("update_user_auth");
997 params.push_back("10");
998 params.push_back("01234567890abcd");
999 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1000 params.clear();
1001
1002 // test sdc active_user_key
1003 params.push_back("active_user_key");
1004 params.push_back("id");
1005 params.push_back("01234567890abcd");
1006 params.push_back("01234567890abcd");
1007 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1008 params.clear();
1009 params.push_back("active_user_key");
1010 params.push_back("10");
1011 params.push_back("01234567890abcd");
1012 params.push_back("01234567890abcd");
1013 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1014 params.clear();
1015 params.push_back("active_user_key");
1016 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1017 params.clear();
1018 params.push_back("active_user_key");
1019 params.push_back("10");
1020 params.push_back("01234567890abcd");
1021 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1022 params.clear();
1023 }
1024
1025 /**
1026 * @tc.name: libfscrypt api test
1027 * @tc.desc: Verify the libfscrypt interface.
1028 * @tc.type: FUNC
1029 * @tc.require: SR000H0CLT
1030 */
1031 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_api, TestSize.Level1)
1032 {
1033 // test api in sysparam_dynamic.c
1034 EXPECT_NE(0, GetFscryptParameter(NULL, NULL, NULL, NULL));
1035 EXPECT_NE(0, SetFscryptParameter(NULL, NULL));
1036
1037 // test api in fscrypt_utils.c
1038 EXPECT_NE(0, FscryptPolicyEnable(NULL));
1039 EXPECT_EQ(0, FscryptPolicyEnable("/data/test/badpath"));
1040 FscryptPolicyEnable("/data/app/el1/bundle/public");
1041 EXPECT_NE(0, SetFscryptSysparam(NULL));
1042
1043 // test api in key_control.c
1044 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(NULL));
1045 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion("/nofile"));
1046 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlGetFscryptVersion(NULL));
1047
1048 // version iss not digit
1049 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1050 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1051 std::string testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1052 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "not-digit\n"));
1053 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1054
1055 // bad version
1056 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1057 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1058 testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1059 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "10\n"));
1060 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1061
1062 key_serial_t id = 1;
1063 EXPECT_NE(0, KeyCtrlGetKeyringId(id, 0));
1064
1065 // test api in fscrypt_control.c
1066 EXPECT_NE(0, LoadAndSetPolicy(NULL, NULL));
1067 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts"));
1068 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts:bad-param"));
1069 EXPECT_NE(0, FscryptSetSysparam(NULL));
1070 }
1071
1072 /**
1073 * @tc.name: fscrypt_fbex_utils
1074 * @tc.desc: Verify the fbex utils.
1075 * @tc.type: FUNC
1076 * @tc.require: SR000HE9U7
1077 */
1078 HWTEST_F(CryptoKeyTest, fscrypt_fbex_utils, TestSize.Level1)
1079 {
1080 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) != FSCRYPT_V1) {
1081 return; // skip not v1 fscrypt
1082 }
1083 if (!FBEX::IsFBEXSupported()) {
1084 return; // skip no fbex support
1085 }
1086 (void)FBEX::IsMspReady();
1087 (void)FBEX::GetStatus();
1088
1089 constexpr uint32_t userId = 82; // test userid
1090 uint8_t buf[FBEX_IV_SIZE] = {0};
1091 buf[0] = 0xfb; // fitst byte const to kernel
1092 buf[1] = 0x30; // second byte const to kernel
1093 EXPECT_EQ(0, FBEX::InstallKeyToKernel(userId, TYPE_EL2, buf, FBEX_IV_SIZE, FIRST_CREATE_KEY));
1094 EXPECT_EQ(0, FBEX::LockScreenToKernel(userId));
1095 EXPECT_EQ(0, FBEX::UnlockScreenToKernel(userId, TYPE_EL3, buf, FBEX_IV_SIZE));
1096 uint8_t buf1[FBEX_IV_SIZE] = {0};
1097 buf1[0] = 0xfb; // fitst byte const to kernel
1098 buf1[1] = 0x30; // second byte const to kernel
1099 EXPECT_EQ(0, FBEX::UninstallOrLockUserKeyToKernel(userId, TYPE_EL2, buf1, FBEX_IV_SIZE, USER_DESTROY));
1100 }
1101