diff options
author | Paul Crowley <paulcrowley@google.com> | 2020-05-20 16:05:41 -0700 |
---|---|---|
committer | Paul Crowley <paulcrowley@google.com> | 2020-05-21 15:21:40 -0700 |
commit | 20a5aa5fdedf81f9b415e92bc09fdfa59bfb583c (patch) | |
tree | 50d65261f4e4e687e07e259dd2a561937231c8ac | |
parent | 901a08a73484b0989530fb9fc7de0829d13d6757 (diff) | |
download | extras-20a5aa5fdedf81f9b415e92bc09fdfa59bfb583c.tar.gz |
Add emmc_optimized flag
Bug: 144046242
Test: atest libfscrypt_unit_test
Test: Change fstab on Cuttlefish with patched kernel, check dir policy
Cherry-Picked-From: 476ce0a30615c1249969bedba0f1fb084d8ef193
Merged-In: I362f9a55fa28bb25afe992c8b0bae48546fc9ab0
Change-Id: I362f9a55fa28bb25afe992c8b0bae48546fc9ab0
-rw-r--r-- | libfscrypt/fscrypt.cpp | 17 | ||||
-rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 6 | ||||
-rw-r--r-- | libfscrypt/tests/fscrypt_test.cpp | 12 |
3 files changed, 35 insertions, 0 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index 622b4cdb..a52ed90c 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -153,6 +153,9 @@ bool OptionsToStringForApiLevel(unsigned int first_api_level, const EncryptionOp if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) { *options_string += "+inlinecrypt_optimized"; } + if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) { + *options_string += "+emmc_optimized"; + } if (options.use_hw_wrapped_key) { *options_string += "+wrappedkey_v0"; } @@ -214,6 +217,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op options->version = 2; } else if (flag == "inlinecrypt_optimized") { options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64; + } else if (flag == "emmc_optimized") { + options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32; } else if (flag == "wrappedkey_v0") { options->use_hw_wrapped_key = true; } else { @@ -248,6 +253,18 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op LOG(ERROR) << "Adiantum must be both contents and filenames mode or neither, invalid options: " << options_string; return false; } + + // IV generation methods are mutually exclusive + int iv_methods = 0; + iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64); + iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32); + iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY); + if (iv_methods > 1) { + LOG(ERROR) << "At most one IV generation method can be set, invalid options: " + << options_string; + return false; + } + return true; } diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index 78b12560..b1ba1dfe 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -19,6 +19,12 @@ #include <string> +#ifndef FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 +// When FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 is added to Bionic's linux/fscrypt.h +// then this whole stanza should be removed. +#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 0x10 +#endif + bool fscrypt_is_native(); static const char* fscrypt_unencrypted_folder = "/unencrypted"; diff --git a/libfscrypt/tests/fscrypt_test.cpp b/libfscrypt/tests/fscrypt_test.cpp index 457ac684..4fbd742c 100644 --- a/libfscrypt/tests/fscrypt_test.cpp +++ b/libfscrypt/tests/fscrypt_test.cpp @@ -156,6 +156,18 @@ TEST(fscrypt, ParseOptions) { EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags); } + { + TEST_STRING(30, "::emmc_optimized", "aes-256-xts:aes-256-cts:v2+emmc_optimized"); + EXPECT_EQ(2, options.version); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32, options.flags); + } + EXPECT_FALSE( + ParseOptionsForApiLevel(30, "::inlinecrypt_optimized+emmc_optimized", &dummy_options)); + EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::inlinecrypt_optimized", &dummy_options)); + EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::emmc_optimized", &dummy_options)); + EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:", &dummy_options)); EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:foo", &dummy_options)); EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:blah", &dummy_options)); |