Merge changes from topics "dm-default-key-v2", "metadata_cipher"
* changes:
Set metadata cipher in fstab
Add support for v2 of dm-default-key
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index ad878f2..561d994 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -277,6 +277,9 @@
} else if (StartsWith(flag, "keydirectory=")) {
// The metadata flag is followed by an = and the directory for the keys.
entry->metadata_key_dir = arg;
+ } else if (StartsWith(flag, "metadata_cipher=")) {
+ // Specify the cipher to use for metadata encryption
+ entry->metadata_cipher = arg;
} else if (StartsWith(flag, "sysfs_path=")) {
// The path to trigger device gc by idle-maint of vold.
entry->sysfs_path = arg;
diff --git a/fs_mgr/include_fstab/fstab/fstab.h b/fs_mgr/include_fstab/fstab/fstab.h
index a6e6e09..4dc09c1 100644
--- a/fs_mgr/include_fstab/fstab/fstab.h
+++ b/fs_mgr/include_fstab/fstab/fstab.h
@@ -38,6 +38,7 @@
std::string fs_options;
std::string key_loc;
std::string metadata_key_dir;
+ std::string metadata_cipher;
off64_t length = 0;
std::string label;
int partnum = -1;
diff --git a/fs_mgr/libdm/dm_target.cpp b/fs_mgr/libdm/dm_target.cpp
index ea54029..d7b689e 100644
--- a/fs_mgr/libdm/dm_target.cpp
+++ b/fs_mgr/libdm/dm_target.cpp
@@ -243,15 +243,43 @@
return android::base::Join(argv, " ");
}
+const std::string DmTargetDefaultKey::name_ = "default-key";
+
+bool DmTargetDefaultKey::IsLegacy(bool* result) {
+ DeviceMapper& dm = DeviceMapper::Instance();
+ DmTargetTypeInfo info;
+ if (!dm.GetTargetByName(name_, &info)) return false;
+ // dm-default-key was modified to be like dm-crypt with version 2
+ *result = !info.IsAtLeast(2, 0, 0);
+ return true;
+}
+
+bool DmTargetDefaultKey::Valid() const {
+ bool real_is_legacy;
+ if (!DmTargetDefaultKey::IsLegacy(&real_is_legacy)) return false;
+ if (real_is_legacy != is_legacy_) return false;
+ if (!is_legacy_ && !set_dun_) return false;
+ return true;
+}
+
std::string DmTargetDefaultKey::GetParameterString() const {
std::vector<std::string> argv;
argv.emplace_back(cipher_);
argv.emplace_back(key_);
+ if (!is_legacy_) {
+ argv.emplace_back("0"); // iv_offset
+ }
argv.emplace_back(blockdev_);
argv.push_back(std::to_string(start_sector_));
std::vector<std::string> extra_argv;
- if (set_dun_) {
- extra_argv.emplace_back("set_dun");
+ if (is_legacy_) {
+ if (set_dun_) { // v2 always sets the DUN.
+ extra_argv.emplace_back("set_dun");
+ }
+ } else {
+ extra_argv.emplace_back("allow_discards");
+ extra_argv.emplace_back("sector_size:4096");
+ extra_argv.emplace_back("iv_large_sectors");
}
if (!extra_argv.empty()) {
argv.emplace_back(std::to_string(extra_argv.size()));
diff --git a/fs_mgr/libdm/dm_test.cpp b/fs_mgr/libdm/dm_test.cpp
index b7f31bc..b296801 100644
--- a/fs_mgr/libdm/dm_test.cpp
+++ b/fs_mgr/libdm/dm_test.cpp
@@ -516,10 +516,25 @@
}
TEST(libdm, DefaultKeyArgs) {
- DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0);
+ DmTargetTypeInfo info;
+
+ DeviceMapper& dm = DeviceMapper::Instance();
+ if (!dm.GetTargetByName("default-key", &info)) {
+ cout << "default-key module not enabled; skipping test" << std::endl;
+ return;
+ }
+ bool is_legacy;
+ ASSERT_TRUE(DmTargetDefaultKey::IsLegacy(&is_legacy));
+ // set_dun only in the non-is_legacy case
+ DmTargetDefaultKey target(0, 4096, "AES-256-XTS", "abcdef0123456789", "/dev/loop0", 0,
+ is_legacy, !is_legacy);
ASSERT_EQ(target.name(), "default-key");
ASSERT_TRUE(target.Valid());
- ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 /dev/loop0 0");
+ if (is_legacy) {
+ ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 /dev/loop0 0");
+ } else {
+ ASSERT_EQ(target.GetParameterString(), "AES-256-XTS abcdef0123456789 0 /dev/loop0 0");
+ }
}
TEST(libdm, DeleteDeviceWithTimeout) {
diff --git a/fs_mgr/libdm/include/libdm/dm_target.h b/fs_mgr/libdm/include/libdm/dm_target.h
index a78bc71..e3dd92b 100644
--- a/fs_mgr/libdm/include/libdm/dm_target.h
+++ b/fs_mgr/libdm/include/libdm/dm_target.h
@@ -281,23 +281,27 @@
public:
DmTargetDefaultKey(uint64_t start, uint64_t length, const std::string& cipher,
const std::string& key, const std::string& blockdev, uint64_t start_sector,
- bool set_dun = false)
+ bool is_legacy, bool set_dun)
: DmTarget(start, length),
cipher_(cipher),
key_(key),
blockdev_(blockdev),
start_sector_(start_sector),
+ is_legacy_(is_legacy),
set_dun_(set_dun) {}
- std::string name() const override { return "default-key"; }
- bool Valid() const override { return true; }
+ std::string name() const override { return name_; }
+ bool Valid() const override;
std::string GetParameterString() const override;
+ static bool IsLegacy(bool* result);
private:
+ static const std::string name_;
std::string cipher_;
std::string key_;
std::string blockdev_;
uint64_t start_sector_;
+ bool is_legacy_;
bool set_dun_;
};
diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp
index 709be59..800ad7e 100644
--- a/fs_mgr/tests/fs_mgr_test.cpp
+++ b/fs_mgr/tests/fs_mgr_test.cpp
@@ -895,6 +895,23 @@
EXPECT_EQ("/dir/key", entry->metadata_key_dir);
}
+TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MetadataCipher) {
+ TemporaryFile tf;
+ ASSERT_TRUE(tf.fd != -1);
+ std::string fstab_contents = R"fs(
+source none0 swap defaults keydirectory=/dir/key,metadata_cipher=adiantum
+)fs";
+
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
+
+ Fstab fstab;
+ EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+ ASSERT_EQ(1U, fstab.size());
+
+ auto entry = fstab.begin();
+ EXPECT_EQ("adiantum", entry->metadata_cipher);
+}
+
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_SysfsPath) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);