#endif /* FSCRYPT_POLICY_V1 */
+// TODO: switch to <linux/fscrypt.h> once it's in Bionic
+#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08
+
/* modes not supported by upstream kernel, so not in <linux/fs.h> */
#define FS_ENCRYPTION_MODE_AES_256_HEH 126
#define FS_ENCRYPTION_MODE_PRIVATE 127
return false;
}
*options_string = contents_mode + ":" + filenames_mode + ":v" + std::to_string(options.version);
+ if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) {
+ *options_string += "+inlinecrypt_optimized";
+ }
EncryptionOptions options_check;
if (!ParseOptions(*options_string, &options_check)) {
LOG(ERROR) << "Internal error serializing options as string: " << *options_string;
} else {
options->filenames_mode = FS_ENCRYPTION_MODE_AES_256_CTS;
}
+ options->version = 1;
+ options->flags = 0;
if (parts.size() >= 3) {
- if (parts[2] == "v1") {
- options->version = 1;
- } else if (parts[2] == "v2") {
- options->version = 2;
- } else {
- LOG(ERROR) << "Unknown flag: " << parts[2];
- return false;
+ auto flags = android::base::Split(parts[2], "+");
+ for (const auto& flag : flags) {
+ if (flag == "v1") {
+ options->version = 1;
+ } else if (flag == "v2") {
+ options->version = 2;
+ } else if (flag == "inlinecrypt_optimized") {
+ options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64;
+ } else {
+ LOG(ERROR) << "Unknown flag: " << flag;
+ return false;
+ }
}
- } else {
- options->version = 1;
}
- options->flags = 0;
// In the original setting of v1 policies and AES-256-CTS we used 4-byte
// padding of filenames, so we have to retain that for compatibility.
using namespace android::fscrypt;
+// TODO: switch to <linux/fscrypt.h> once it's in Bionic
+#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08
+
/* modes not supported by upstream kernel, so not in <linux/fs.h> */
#define FS_ENCRYPTION_MODE_AES_256_HEH 126
#define FS_ENCRYPTION_MODE_PRIVATE 127
EXPECT_TRUE(OptionsToString(options, &options_string));
EXPECT_EQ("aes-256-xts:aes-256-cts:v2", options_string);
+ EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", &options));
+ EXPECT_EQ(2, options.version);
+ EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode);
+ EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode);
+ EXPECT_EQ(FS_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags);
+ EXPECT_TRUE(OptionsToString(options, &options_string));
+ EXPECT_EQ("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", options_string);
+
EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:v2:", &options));
EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:v2:foo", &options));
EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:blah", &options));