diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp index c55e5325d..83c43c613 100644 --- a/fs_mgr/fs_mgr_fstab.cpp +++ b/fs_mgr/fs_mgr_fstab.cpp @@ -277,9 +277,9 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { } else if (StartsWith(flag, "keydirectory=")) { // The metadata flag is followed by an = and the directory for the keys. entry->metadata_key_dir = arg; - } else if (StartsWith(flag, "metadata_cipher=")) { - // Specify the cipher to use for metadata encryption - entry->metadata_cipher = arg; + } else if (StartsWith(flag, "metadata_encryption=")) { + // Specify the cipher and flags to use for metadata encryption + entry->metadata_encryption = arg; } else if (StartsWith(flag, "sysfs_path=")) { // The path to trigger device gc by idle-maint of vold. entry->sysfs_path = arg; diff --git a/fs_mgr/include_fstab/fstab/fstab.h b/fs_mgr/include_fstab/fstab/fstab.h index 4dc09c1df..087138e62 100644 --- a/fs_mgr/include_fstab/fstab/fstab.h +++ b/fs_mgr/include_fstab/fstab/fstab.h @@ -38,7 +38,7 @@ struct FstabEntry { std::string fs_options; std::string key_loc; std::string metadata_key_dir; - std::string metadata_cipher; + std::string metadata_encryption; off64_t length = 0; std::string label; int partnum = -1; diff --git a/fs_mgr/libdm/dm_target.cpp b/fs_mgr/libdm/dm_target.cpp index d7b689ed7..646178891 100644 --- a/fs_mgr/libdm/dm_target.cpp +++ b/fs_mgr/libdm/dm_target.cpp @@ -280,6 +280,7 @@ std::string DmTargetDefaultKey::GetParameterString() const { extra_argv.emplace_back("allow_discards"); extra_argv.emplace_back("sector_size:4096"); extra_argv.emplace_back("iv_large_sectors"); + if (is_hw_wrapped_) extra_argv.emplace_back("wrappedkey_v0"); } if (!extra_argv.empty()) { argv.emplace_back(std::to_string(extra_argv.size())); diff --git a/fs_mgr/libdm/dm_test.cpp b/fs_mgr/libdm/dm_test.cpp index affdd29f1..67af59a2c 100644 --- a/fs_mgr/libdm/dm_test.cpp +++ b/fs_mgr/libdm/dm_test.cpp @@ -526,13 +526,18 @@ TEST(libdm, DefaultKeyArgs) { bool is_legacy; ASSERT_TRUE(DmTargetDefaultKey::IsLegacy(&is_legacy)); // set_dun only in the non-is_legacy case - DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0, - is_legacy, !is_legacy); + DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0); + if (is_legacy) { + target.SetIsLegacy(); + } else { + target.SetSetDun(); + } ASSERT_EQ(target.name(), "default-key"); ASSERT_TRUE(target.Valid()); if (is_legacy) { ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 /dev/loop0 0"); } else { + // TODO: Add case for wrapped key enabled ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 0 /dev/loop0 0 3 allow_discards sector_size:4096 " "iv_large_sectors"); diff --git a/fs_mgr/libdm/include/libdm/dm_target.h b/fs_mgr/libdm/include/libdm/dm_target.h index e3dd92b17..d2e50d321 100644 --- a/fs_mgr/libdm/include/libdm/dm_target.h +++ b/fs_mgr/libdm/include/libdm/dm_target.h @@ -280,20 +280,20 @@ class DmTargetCrypt final : public DmTarget { class DmTargetDefaultKey final : public DmTarget { public: DmTargetDefaultKey(uint64_t start, uint64_t length, const std::string& cipher, - const std::string& key, const std::string& blockdev, uint64_t start_sector, - bool is_legacy, bool set_dun) + const std::string& key, const std::string& blockdev, uint64_t start_sector) : DmTarget(start, length), cipher_(cipher), key_(key), blockdev_(blockdev), - start_sector_(start_sector), - is_legacy_(is_legacy), - set_dun_(set_dun) {} + start_sector_(start_sector) {} std::string name() const override { return name_; } bool Valid() const override; std::string GetParameterString() const override; static bool IsLegacy(bool* result); + void SetIsLegacy() { is_legacy_ = true; } + void SetSetDun() { set_dun_ = true; } + void SetWrappedKeyV0() { is_hw_wrapped_ = true; } private: static const std::string name_; @@ -301,8 +301,9 @@ class DmTargetDefaultKey final : public DmTarget { std::string key_; std::string blockdev_; uint64_t start_sector_; - bool is_legacy_; - bool set_dun_; + bool is_legacy_ = false; + bool set_dun_ = false; + bool is_hw_wrapped_ = false; }; } // namespace dm diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp index 800ad7e56..69b31506c 100644 --- a/fs_mgr/tests/fs_mgr_test.cpp +++ b/fs_mgr/tests/fs_mgr_test.cpp @@ -895,11 +895,11 @@ source none0 swap defaults keydirectory=/dir/key EXPECT_EQ("/dir/key", entry->metadata_key_dir); } -TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MetadataCipher) { +TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MetadataEncryption) { TemporaryFile tf; ASSERT_TRUE(tf.fd != -1); std::string fstab_contents = R"fs( -source none0 swap defaults keydirectory=/dir/key,metadata_cipher=adiantum +source none0 swap defaults keydirectory=/dir/key,metadata_encryption=adiantum )fs"; ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path)); @@ -909,7 +909,28 @@ source none0 swap defaults keydirectory=/dir/key,metadata_cipher=ad ASSERT_EQ(1U, fstab.size()); auto entry = fstab.begin(); - EXPECT_EQ("adiantum", entry->metadata_cipher); + EXPECT_EQ("adiantum", entry->metadata_encryption); +} + +TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MetadataEncryption_WrappedKey) { + TemporaryFile tf; + ASSERT_TRUE(tf.fd != -1); + std::string fstab_contents = R"fs( +source none0 swap defaults keydirectory=/dir/key,metadata_encryption=aes-256-xts:wrappedkey_v0 +)fs"; + + ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path)); + + Fstab fstab; + EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab)); + ASSERT_EQ(1U, fstab.size()); + + auto entry = fstab.begin(); + EXPECT_EQ("aes-256-xts:wrappedkey_v0", entry->metadata_encryption); + auto parts = android::base::Split(entry->metadata_encryption, ":"); + EXPECT_EQ(2U, parts.size()); + EXPECT_EQ("aes-256-xts", parts[0]); + EXPECT_EQ("wrappedkey_v0", parts[1]); } TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_SysfsPath) {