Merge changes from topics "dm-default-key-v2", "metadata_cipher"
* changes: Set metadata cipher in fstab Add support for v2 of dm-default-key
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
cb1a8e7fdd
6 changed files with 75 additions and 7 deletions
|
|
@ -277,6 +277,9 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) {
|
|||
} else if (StartsWith(flag, "keydirectory=")) {
|
||||
// The metadata flag is followed by an = and the directory for the keys.
|
||||
entry->metadata_key_dir = arg;
|
||||
} else if (StartsWith(flag, "metadata_cipher=")) {
|
||||
// Specify the cipher to use for metadata encryption
|
||||
entry->metadata_cipher = arg;
|
||||
} else if (StartsWith(flag, "sysfs_path=")) {
|
||||
// The path to trigger device gc by idle-maint of vold.
|
||||
entry->sysfs_path = arg;
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ struct FstabEntry {
|
|||
std::string fs_options;
|
||||
std::string key_loc;
|
||||
std::string metadata_key_dir;
|
||||
std::string metadata_cipher;
|
||||
off64_t length = 0;
|
||||
std::string label;
|
||||
int partnum = -1;
|
||||
|
|
|
|||
|
|
@ -243,15 +243,43 @@ std::string DmTargetCrypt::GetParameterString() const {
|
|||
return android::base::Join(argv, " ");
|
||||
}
|
||||
|
||||
const std::string DmTargetDefaultKey::name_ = "default-key";
|
||||
|
||||
bool DmTargetDefaultKey::IsLegacy(bool* result) {
|
||||
DeviceMapper& dm = DeviceMapper::Instance();
|
||||
DmTargetTypeInfo info;
|
||||
if (!dm.GetTargetByName(name_, &info)) return false;
|
||||
// dm-default-key was modified to be like dm-crypt with version 2
|
||||
*result = !info.IsAtLeast(2, 0, 0);
|
||||
return true;
|
||||
}
|
||||
|
||||
bool DmTargetDefaultKey::Valid() const {
|
||||
bool real_is_legacy;
|
||||
if (!DmTargetDefaultKey::IsLegacy(&real_is_legacy)) return false;
|
||||
if (real_is_legacy != is_legacy_) return false;
|
||||
if (!is_legacy_ && !set_dun_) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
std::string DmTargetDefaultKey::GetParameterString() const {
|
||||
std::vector<std::string> argv;
|
||||
argv.emplace_back(cipher_);
|
||||
argv.emplace_back(key_);
|
||||
if (!is_legacy_) {
|
||||
argv.emplace_back("0"); // iv_offset
|
||||
}
|
||||
argv.emplace_back(blockdev_);
|
||||
argv.push_back(std::to_string(start_sector_));
|
||||
std::vector<std::string> extra_argv;
|
||||
if (set_dun_) {
|
||||
extra_argv.emplace_back("set_dun");
|
||||
if (is_legacy_) {
|
||||
if (set_dun_) { // v2 always sets the DUN.
|
||||
extra_argv.emplace_back("set_dun");
|
||||
}
|
||||
} else {
|
||||
extra_argv.emplace_back("allow_discards");
|
||||
extra_argv.emplace_back("sector_size:4096");
|
||||
extra_argv.emplace_back("iv_large_sectors");
|
||||
}
|
||||
if (!extra_argv.empty()) {
|
||||
argv.emplace_back(std::to_string(extra_argv.size()));
|
||||
|
|
|
|||
|
|
@ -516,10 +516,25 @@ TEST(libdm, CryptArgs) {
|
|||
}
|
||||
|
||||
TEST(libdm, DefaultKeyArgs) {
|
||||
DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0);
|
||||
DmTargetTypeInfo info;
|
||||
|
||||
DeviceMapper& dm = DeviceMapper::Instance();
|
||||
if (!dm.GetTargetByName("default-key", &info)) {
|
||||
cout << "default-key module not enabled; skipping test" << std::endl;
|
||||
return;
|
||||
}
|
||||
bool is_legacy;
|
||||
ASSERT_TRUE(DmTargetDefaultKey::IsLegacy(&is_legacy));
|
||||
// set_dun only in the non-is_legacy case
|
||||
DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0,
|
||||
is_legacy, !is_legacy);
|
||||
ASSERT_EQ(target.name(), "default-key");
|
||||
ASSERT_TRUE(target.Valid());
|
||||
ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 /dev/loop0 0");
|
||||
if (is_legacy) {
|
||||
ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 /dev/loop0 0");
|
||||
} else {
|
||||
ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 0 /dev/loop0 0");
|
||||
}
|
||||
}
|
||||
|
||||
TEST(libdm, DeleteDeviceWithTimeout) {
|
||||
|
|
|
|||
|
|
@ -281,23 +281,27 @@ class DmTargetDefaultKey final : public DmTarget {
|
|||
public:
|
||||
DmTargetDefaultKey(uint64_t start, uint64_t length, const std::string& cipher,
|
||||
const std::string& key, const std::string& blockdev, uint64_t start_sector,
|
||||
bool set_dun = false)
|
||||
bool is_legacy, bool set_dun)
|
||||
: DmTarget(start, length),
|
||||
cipher_(cipher),
|
||||
key_(key),
|
||||
blockdev_(blockdev),
|
||||
start_sector_(start_sector),
|
||||
is_legacy_(is_legacy),
|
||||
set_dun_(set_dun) {}
|
||||
|
||||
std::string name() const override { return "default-key"; }
|
||||
bool Valid() const override { return true; }
|
||||
std::string name() const override { return name_; }
|
||||
bool Valid() const override;
|
||||
std::string GetParameterString() const override;
|
||||
static bool IsLegacy(bool* result);
|
||||
|
||||
private:
|
||||
static const std::string name_;
|
||||
std::string cipher_;
|
||||
std::string key_;
|
||||
std::string blockdev_;
|
||||
uint64_t start_sector_;
|
||||
bool is_legacy_;
|
||||
bool set_dun_;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -895,6 +895,23 @@ source none0 swap defaults keydirectory=/dir/key
|
|||
EXPECT_EQ("/dir/key", entry->metadata_key_dir);
|
||||
}
|
||||
|
||||
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MetadataCipher) {
|
||||
TemporaryFile tf;
|
||||
ASSERT_TRUE(tf.fd != -1);
|
||||
std::string fstab_contents = R"fs(
|
||||
source none0 swap defaults keydirectory=/dir/key,metadata_cipher=adiantum
|
||||
)fs";
|
||||
|
||||
ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
|
||||
|
||||
Fstab fstab;
|
||||
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
|
||||
ASSERT_EQ(1U, fstab.size());
|
||||
|
||||
auto entry = fstab.begin();
|
||||
EXPECT_EQ("adiantum", entry->metadata_cipher);
|
||||
}
|
||||
|
||||
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_SysfsPath) {
|
||||
TemporaryFile tf;
|
||||
ASSERT_TRUE(tf.fd != -1);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue