From: Paul Crowley Date: Sat, 26 Oct 2019 00:09:03 +0000 (-0700) Subject: libfscrypt: Support inlinecrypt_optimized flag X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=3c78d4196ac40e6f8433fde8551f9b11841f0988;p=android-x86%2Fsystem-extras.git libfscrypt: Support inlinecrypt_optimized flag Bug: 143307095 Test: add flag in fstab, check policy logs Change-Id: Ic80d348c2c7d56048e0e73d985f709e8d287cd9f --- diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index 33c8249a..b0c9ed6e 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -66,6 +66,9 @@ struct fscrypt_policy_v2 { #endif /* FSCRYPT_POLICY_V1 */ +// TODO: switch to once it's in Bionic +#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08 + /* modes not supported by upstream kernel, so not in */ #define FS_ENCRYPTION_MODE_AES_256_HEH 126 #define FS_ENCRYPTION_MODE_PRIVATE 127 @@ -168,6 +171,9 @@ bool OptionsToString(const EncryptionOptions& options, std::string* options_stri return false; } *options_string = contents_mode + ":" + filenames_mode + ":v" + std::to_string(options.version); + if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) { + *options_string += "+inlinecrypt_optimized"; + } EncryptionOptions options_check; if (!ParseOptions(*options_string, &options_check)) { LOG(ERROR) << "Internal error serializing options as string: " << *options_string; @@ -201,19 +207,23 @@ bool ParseOptions(const std::string& options_string, EncryptionOptions* options) } else { options->filenames_mode = FS_ENCRYPTION_MODE_AES_256_CTS; } + options->version = 1; + options->flags = 0; if (parts.size() >= 3) { - if (parts[2] == "v1") { - options->version = 1; - } else if (parts[2] == "v2") { - options->version = 2; - } else { - LOG(ERROR) << "Unknown flag: " << parts[2]; - return false; + auto flags = android::base::Split(parts[2], "+"); + for (const auto& flag : flags) { + if (flag == "v1") { + options->version = 1; + } else if (flag == "v2") { + options->version = 2; + } else if (flag == "inlinecrypt_optimized") { + options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64; + } else { + LOG(ERROR) << "Unknown flag: " << flag; + return false; + } } - } else { - options->version = 1; } - options->flags = 0; // In the original setting of v1 policies and AES-256-CTS we used 4-byte // padding of filenames, so we have to retain that for compatibility. diff --git a/libfscrypt/tests/fscrypt_test.cpp b/libfscrypt/tests/fscrypt_test.cpp index 48d092df..eedcc34d 100644 --- a/libfscrypt/tests/fscrypt_test.cpp +++ b/libfscrypt/tests/fscrypt_test.cpp @@ -22,6 +22,9 @@ using namespace android::fscrypt; +// TODO: switch to once it's in Bionic +#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64 0x08 + /* modes not supported by upstream kernel, so not in */ #define FS_ENCRYPTION_MODE_AES_256_HEH 126 #define FS_ENCRYPTION_MODE_PRIVATE 127 @@ -123,6 +126,14 @@ TEST(fscrypt, ParseOptions) { EXPECT_TRUE(OptionsToString(options, &options_string)); EXPECT_EQ("aes-256-xts:aes-256-cts:v2", options_string); + EXPECT_TRUE(ParseOptions("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", &options)); + EXPECT_EQ(2, options.version); + EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_XTS, options.contents_mode); + EXPECT_EQ(FS_ENCRYPTION_MODE_AES_256_CTS, options.filenames_mode); + EXPECT_EQ(FS_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags); + EXPECT_TRUE(OptionsToString(options, &options_string)); + EXPECT_EQ("aes-256-xts:aes-256-cts:v2+inlinecrypt_optimized", options_string); + EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:v2:", &options)); EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:v2:foo", &options)); EXPECT_FALSE(ParseOptions("aes-256-xts:aes-256-cts:blah", &options));