Extend libdm_rust to build dm-crypt device
Add crypt module which supports building DmCryptTarget based dm table
entry. Also expose this via create_crypt_device()
Also, add unit test that use loopdevice as the backing device.
Test: atest libdm_rust.test
Bug: 250880499
Change-Id: Ibf09ca267cbcc7a2dc00dd835f2d8b781040f130
diff --git a/libs/devicemapper/src/lib.rs b/libs/devicemapper/src/lib.rs
index 938ca0f..b9fb5c3 100644
--- a/libs/devicemapper/src/lib.rs
+++ b/libs/devicemapper/src/lib.rs
@@ -38,6 +38,8 @@
use std::os::unix::io::AsRawFd;
use std::path::{Path, PathBuf};
+/// Exposes DmCryptTarget & related builder
+pub mod crypt;
/// Expose util functions
pub mod util;
/// Exposes the DmVerityTarget & related builder
@@ -46,9 +48,10 @@
pub mod loopdevice;
mod sys;
+use crypt::DmCryptTarget;
use sys::*;
use util::*;
-use verity::*;
+use verity::DmVerityTarget;
nix::ioctl_readwrite!(_dm_dev_create, DM_IOCTL, Cmd::DM_DEV_CREATE, DmIoctl);
nix::ioctl_readwrite!(_dm_dev_suspend, DM_IOCTL, Cmd::DM_DEV_SUSPEND, DmIoctl);
@@ -151,27 +154,55 @@
Ok(DeviceMapper(f))
}
- /// Creates a device mapper device and configure it according to the `target` specification.
+ /// Creates a (crypt) device and configure it according to the `target` specification.
+ /// The path to the generated device is "/dev/mapper/<name>".
+ pub fn create_crypt_device(&self, name: &str, target: &DmCryptTarget) -> Result<PathBuf> {
+ self.create_device(name, target.as_slice(), uuid("crypto".as_bytes())?, true)
+ }
+
+ /// Creates a (verity) device and configure it according to the `target` specification.
/// The path to the generated device is "/dev/mapper/<name>".
pub fn create_verity_device(&self, name: &str, target: &DmVerityTarget) -> Result<PathBuf> {
+ self.create_device(name, target.as_slice(), uuid("apkver".as_bytes())?, false)
+ }
+
+ /// Removes a mapper device.
+ pub fn delete_device_deferred(&self, name: &str) -> Result<()> {
+ let mut data = DmIoctl::new(name)?;
+ data.flags |= Flag::DM_DEFERRED_REMOVE;
+ dm_dev_remove(self, &mut data)
+ .context(format!("failed to remove device with name {}", &name))?;
+ Ok(())
+ }
+
+ fn create_device(
+ &self,
+ name: &str,
+ target: &[u8],
+ uid: String,
+ writable: bool,
+ ) -> Result<PathBuf> {
// Step 1: create an empty device
let mut data = DmIoctl::new(name)?;
- data.set_uuid(&uuid("apkver".as_bytes())?)?;
+ data.set_uuid(&uid)?;
dm_dev_create(self, &mut data)
.context(format!("failed to create an empty device with name {}", &name))?;
// Step 2: load table onto the device
- let payload_size = size_of::<DmIoctl>() + target.as_slice().len();
+ let payload_size = size_of::<DmIoctl>() + target.len();
let mut data = DmIoctl::new(name)?;
data.data_size = payload_size as u32;
data.data_start = size_of::<DmIoctl>() as u32;
data.target_count = 1;
- data.flags |= Flag::DM_READONLY_FLAG;
+
+ if !writable {
+ data.flags |= Flag::DM_READONLY_FLAG;
+ }
let mut payload = Vec::with_capacity(payload_size);
payload.extend_from_slice(data.as_slice());
- payload.extend_from_slice(target.as_slice());
+ payload.extend_from_slice(target);
dm_table_load(self, payload.as_mut_ptr() as *mut DmIoctl)
.context("failed to load table")?;
@@ -185,15 +216,6 @@
wait_for_path(&path)?;
Ok(path)
}
-
- /// Removes a mapper device
- pub fn delete_device_deferred(&self, name: &str) -> Result<()> {
- let mut data = DmIoctl::new(name)?;
- data.flags |= Flag::DM_DEFERRED_REMOVE;
- dm_dev_remove(self, &mut data)
- .context(format!("failed to remove device with name {}", &name))?;
- Ok(())
- }
}
/// Used to derive a UUID that uniquely identifies a device mapper device when creating it.
@@ -208,3 +230,113 @@
let uuid = Uuid::new_v1(ts, node_id)?;
Ok(String::from(uuid.to_hyphenated().encode_lower(&mut Uuid::encode_buffer())))
}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use crypt::DmCryptTargetBuilder;
+ use std::fs::{read, File, OpenOptions};
+ use std::io::Write;
+
+ const KEY: &[u8; 32] = b"thirtytwobyteslongreallylongword";
+ const DIFFERENT_KEY: &[u8; 32] = b"drowgnolyllaergnolsetybowtytriht";
+
+ // Create a file in given temp directory with given size
+ fn prepare_tmpfile(test_dir: &Path, filename: &str, sz: u64) -> PathBuf {
+ let filepath = test_dir.join(filename);
+ let f = File::create(&filepath).unwrap();
+ f.set_len(sz).unwrap();
+ filepath
+ }
+
+ fn write_to_dev(path: &Path, data: &[u8]) {
+ let mut f = OpenOptions::new().read(true).write(true).open(&path).unwrap();
+ f.write_all(data).unwrap();
+ }
+
+ fn delete_device(dm: &DeviceMapper, name: &str) -> Result<()> {
+ dm.delete_device_deferred(name)?;
+ wait_for_path_disappears(Path::new(MAPPER_DEV_ROOT).join(&name))?;
+ Ok(())
+ }
+
+ #[test]
+ fn mapping_again_keeps_data() {
+ // This test creates 2 different crypt devices using same key backed by same data_device
+ // -> Write data on dev1 -> Check the data is visible & same on dev2
+ let dm = DeviceMapper::new().unwrap();
+ let inputimg = include_bytes!("../testdata/rand8k");
+ let sz = inputimg.len() as u64;
+
+ let test_dir = tempfile::TempDir::new().unwrap();
+ let backing_file = prepare_tmpfile(test_dir.path(), "storage", sz);
+ let data_device = loopdevice::attach(
+ backing_file,
+ 0,
+ sz,
+ /*direct_io*/ true,
+ /*writable*/ true,
+ )
+ .unwrap();
+ scopeguard::defer! {
+ loopdevice::detach(&data_device).unwrap();
+ _ = delete_device(&dm, "crypt1");
+ _ = delete_device(&dm, "crypt2");
+ }
+
+ let target =
+ DmCryptTargetBuilder::default().data_device(&data_device, sz).key(KEY).build().unwrap();
+
+ let mut crypt_device = dm.create_crypt_device("crypt1", &target).unwrap();
+ write_to_dev(&crypt_device, inputimg);
+
+ // Recreate another device using same target spec & check if the content is the same
+ crypt_device = dm.create_crypt_device("crypt2", &target).unwrap();
+
+ let crypt = read(crypt_device).unwrap();
+ assert_eq!(inputimg.len(), crypt.len()); // fail early if the size doesn't match
+ assert_eq!(inputimg, crypt.as_slice());
+ }
+
+ #[test]
+ fn data_inaccessible_with_diff_key() {
+ // This test creates 2 different crypt devices using different keys backed
+ // by same data_device -> Write data on dev1 -> Check the data is visible but not the same on dev2
+ let dm = DeviceMapper::new().unwrap();
+ let inputimg = include_bytes!("../testdata/rand8k");
+ let sz = inputimg.len() as u64;
+
+ let test_dir = tempfile::TempDir::new().unwrap();
+ let backing_file = prepare_tmpfile(test_dir.path(), "storage", sz);
+ let data_device = loopdevice::attach(
+ backing_file,
+ 0,
+ sz,
+ /*direct_io*/ true,
+ /*writable*/ true,
+ )
+ .unwrap();
+ scopeguard::defer! {
+ loopdevice::detach(&data_device).unwrap();
+ _ = delete_device(&dm, "crypt3");
+ _ = delete_device(&dm, "crypt4");
+ }
+
+ let target =
+ DmCryptTargetBuilder::default().data_device(&data_device, sz).key(KEY).build().unwrap();
+ let target2 = DmCryptTargetBuilder::default()
+ .data_device(&data_device, sz)
+ .key(DIFFERENT_KEY)
+ .build()
+ .unwrap();
+
+ let mut crypt_device = dm.create_crypt_device("crypt3", &target).unwrap();
+
+ write_to_dev(&crypt_device, inputimg);
+
+ // Recreate the crypt device again diff key & check if the content is changed
+ crypt_device = dm.create_crypt_device("crypt4", &target2).unwrap();
+ let crypt = read(crypt_device).unwrap();
+ assert_ne!(inputimg, crypt.as_slice());
+ }
+}