diff options
author | Eric Biggers <ebiggers@google.com> | 2019-12-16 16:02:23 -0800 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2019-12-16 16:14:12 -0800 |
commit | 9b14aa3dc57c4b58edcc2d435761e9600fd8c631 (patch) | |
tree | ffba84c4499c85a8a58c4b9aadd24ef2c8a64059 /libfscrypt | |
parent | 35692b040079b188c487314f5489e55476518f25 (diff) | |
download | extras-9b14aa3dc57c4b58edcc2d435761e9600fd8c631.tar.gz |
libfscrypt: Use <linux/fscrypt.h> from Bionic
aosp/1184798 has updated the kernel headers to android-mainline, so we
no longer need to manually declare the declarations for v2 policies, nor
do we need to manually declare FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64.
Also replace the FS_* constants with their new FSCRYPT_* names. This
doesn't change the numerical values; it just changes the names.
Test: build and 'atest libfscrypt_unit_test'
Bug: None
Change-Id: I03ce177923bfa9e0fecbbdbf1718fbf1c17176d9
Diffstat (limited to 'libfscrypt')
-rw-r--r-- | libfscrypt/fscrypt.cpp | 66 | ||||
-rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 3 | ||||
-rw-r--r-- | libfscrypt/tests/fscrypt_test.cpp | 80 |
3 files changed, 59 insertions, 90 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index b76f0b17..a1f1fc4c 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -24,7 +24,7 @@ #include <cutils/properties.h> #include <errno.h> #include <fcntl.h> -#include <linux/fs.h> +#include <linux/fscrypt.h> #include <logwrap/logwrap.h> #include <string.h> #include <sys/stat.h> @@ -38,37 +38,9 @@ using namespace std::string_literals; -// TODO: switch to <linux/fscrypt.h> once it's in Bionic -#ifndef FSCRYPT_POLICY_V1 - -// Careful: due to an API quirk this is actually 0, not 1. We use 1 everywhere -// else, so make sure to only use this constant in the ioctl itself. -#define FSCRYPT_POLICY_V1 0 -#define FSCRYPT_KEY_DESCRIPTOR_SIZE 8 -struct fscrypt_policy_v1 { - __u8 version; - __u8 contents_encryption_mode; - __u8 filenames_encryption_mode; - __u8 flags; - __u8 master_key_descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE]; -}; - -#define FSCRYPT_POLICY_V2 2 -#define FSCRYPT_KEY_IDENTIFIER_SIZE 16 -struct fscrypt_policy_v2 { - __u8 version; - __u8 contents_encryption_mode; - __u8 filenames_encryption_mode; - __u8 flags; - __u8 __reserved[4]; - __u8 master_key_identifier[FSCRYPT_KEY_IDENTIFIER_SIZE]; -}; - -#endif /* FSCRYPT_POLICY_V1 */ - -/* modes not supported by upstream kernel, so not in <linux/fs.h> */ -#define FS_ENCRYPTION_MODE_AES_256_HEH 126 -#define FS_ENCRYPTION_MODE_PRIVATE 127 +/* modes not supported by upstream kernel, so not in <linux/fscrypt.h> */ +#define FSCRYPT_MODE_AES_256_HEH 126 +#define FSCRYPT_MODE_PRIVATE 127 #define HEX_LOOKUP "0123456789abcdef" @@ -78,16 +50,16 @@ struct ModeLookupEntry { }; static const auto contents_modes = std::vector<ModeLookupEntry>{ - {"aes-256-xts"s, FS_ENCRYPTION_MODE_AES_256_XTS}, - {"software"s, FS_ENCRYPTION_MODE_AES_256_XTS}, - {"adiantum"s, FS_ENCRYPTION_MODE_ADIANTUM}, - {"ice"s, FS_ENCRYPTION_MODE_PRIVATE}, + {"aes-256-xts"s, FSCRYPT_MODE_AES_256_XTS}, + {"software"s, FSCRYPT_MODE_AES_256_XTS}, + {"adiantum"s, FSCRYPT_MODE_ADIANTUM}, + {"ice"s, FSCRYPT_MODE_PRIVATE}, }; static const auto filenames_modes = std::vector<ModeLookupEntry>{ - {"aes-256-cts"s, FS_ENCRYPTION_MODE_AES_256_CTS}, - {"aes-256-heh"s, FS_ENCRYPTION_MODE_AES_256_HEH}, - {"adiantum"s, FS_ENCRYPTION_MODE_ADIANTUM}, + {"aes-256-cts"s, FSCRYPT_MODE_AES_256_CTS}, + {"aes-256-heh"s, FSCRYPT_MODE_AES_256_HEH}, + {"adiantum"s, FSCRYPT_MODE_ADIANTUM}, }; static bool LookupModeByName(const std::vector<struct ModeLookupEntry>& modes, @@ -199,10 +171,10 @@ bool ParseOptions(const std::string& options_string, EncryptionOptions* options) LOG(ERROR) << "Invalid file names encryption mode: " << parts[1]; return false; } - } else if (options->contents_mode == FS_ENCRYPTION_MODE_ADIANTUM) { - options->filenames_mode = FS_ENCRYPTION_MODE_ADIANTUM; + } else if (options->contents_mode == FSCRYPT_MODE_ADIANTUM) { + options->filenames_mode = FSCRYPT_MODE_ADIANTUM; } else { - options->filenames_mode = FS_ENCRYPTION_MODE_AES_256_CTS; + options->filenames_mode = FSCRYPT_MODE_AES_256_CTS; } options->version = 1; options->flags = 0; @@ -228,17 +200,17 @@ bool ParseOptions(const std::string& options_string, EncryptionOptions* options) // For everything else, use 16-byte padding. This is more secure (it helps // hide the length of filenames), and it makes the inputs evenly divisible // into cipher blocks which is more efficient for encryption and decryption. - if (options->version == 1 && options->filenames_mode == FS_ENCRYPTION_MODE_AES_256_CTS) { - options->flags |= FS_POLICY_FLAGS_PAD_4; + if (options->version == 1 && options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) { + options->flags |= FSCRYPT_POLICY_FLAGS_PAD_4; } else { - options->flags |= FS_POLICY_FLAGS_PAD_16; + options->flags |= FSCRYPT_POLICY_FLAGS_PAD_16; } // Use DIRECT_KEY for Adiantum, since it's much more efficient but just as // secure since Android doesn't reuse the same master key for multiple // encryption modes. - if (options->filenames_mode == FS_ENCRYPTION_MODE_ADIANTUM) { - options->flags |= FS_POLICY_FLAG_DIRECT_KEY; + if (options->filenames_mode == FSCRYPT_MODE_ADIANTUM) { + options->flags |= FSCRYPT_POLICY_FLAG_DIRECT_KEY; } return true; } diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index 2b809866..ca051f4a 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -19,9 +19,6 @@ #include <string> -// TODO: switch to <linux/fscrypt.h> once it's in Bionic -#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08 - bool fscrypt_is_native(); static const char* fscrypt_unencrypted_folder = "/unencrypted"; diff --git a/libfscrypt/tests/fscrypt_test.cpp b/libfscrypt/tests/fscrypt_test.cpp index 677f0f22..379e827b 100644 --- a/libfscrypt/tests/fscrypt_test.cpp +++ b/libfscrypt/tests/fscrypt_test.cpp @@ -14,7 +14,7 @@ * limitations under the License. */ -#include <linux/fs.h> +#include <linux/fscrypt.h> #include <fscrypt/fscrypt.h> @@ -22,9 +22,9 @@ using namespace android::fscrypt; -/* modes not supported by upstream kernel, so not in <linux/fs.h> */ -#define FS_ENCRYPTION_MODE_AES_256_HEH 126 -#define FS_ENCRYPTION_MODE_PRIVATE 127 +/* modes not supported by upstream kernel, so not in <linux/fscrypt.h> */ +#define FSCRYPT_MODE_AES_256_HEH 126 +#define FSCRYPT_MODE_PRIVATE 127 TEST(fscrypt, ParseOptions) { EncryptionOptions options; @@ -35,41 +35,41 @@ TEST(fscrypt, ParseOptions) { EXPECT_TRUE(ParseOptions("software", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v1", options_string); EXPECT_TRUE(ParseOptions("aes-256-xts", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v1", options_string); EXPECT_TRUE(ParseOptions("adiantum", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_ADIANTUM, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_ADIANTUM, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16 | FS_POLICY_FLAG_DIRECT_KEY, options.flags); + EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_DIRECT_KEY, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("adiantum:adiantum:v1", options_string); EXPECT_TRUE(ParseOptions("adiantum:aes-256-heh", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_ADIANTUM, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_HEH, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16, options.flags); + EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_HEH, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("adiantum:aes-256-heh:v1", options_string); EXPECT_TRUE(ParseOptions("ice", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_PRIVATE, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("ice:aes-256-cts:v1", options_string); @@ -77,57 +77,57 @@ TEST(fscrypt, ParseOptions) { EXPECT_TRUE(ParseOptions("ice:aes-256-cts", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_PRIVATE, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("ice:aes-256-cts:v1", options_string); EXPECT_TRUE(ParseOptions("ice:aes-256-heh", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_PRIVATE, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_HEH, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16, options.flags); + EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_HEH, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("ice:aes-256-heh:v1", options_string); EXPECT_TRUE(ParseOptions("ice:adiantum", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_PRIVATE, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_ADIANTUM, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16 | FS_POLICY_FLAG_DIRECT_KEY, options.flags); + EXPECT_EQ(FSCRYPT_MODE_PRIVATE, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_ADIANTUM, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_DIRECT_KEY, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("ice:adiantum:v1", options_string); EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v1", options_string); EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts:v1", &options)); EXPECT_EQ(1, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_4, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_4, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v1", options_string); EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts:v2", &options)); EXPECT_EQ(2, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v2", options_string); EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", &options)); EXPECT_EQ(2, options.version); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); - EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); - EXPECT_EQ(FS_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags); + EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags); EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", options_string); |