Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2021 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | // `dm` module implements part of the `device-mapper` ioctl interfaces. It currently supports |
| 18 | // creation and deletion of the mapper device. It doesn't support other operations like querying |
| 19 | // the status of the mapper device. And there's no plan to extend the support unless it is |
| 20 | // required. |
| 21 | // |
| 22 | // Why in-house development? [`devicemapper`](https://crates.io/crates/devicemapper) is a public |
| 23 | // Rust implementation of the device mapper APIs. However, it doesn't provide any abstraction for |
| 24 | // the target-specific tables. User has to manually craft the table. Ironically, the library |
| 25 | // provides a lot of APIs for the features that are not required for `apkdmverity` such as listing |
| 26 | // the device mapper block devices that are currently listed in the kernel. Size is an important |
| 27 | // criteria for Microdroid. |
| 28 | |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 29 | //! A library to create device mapper spec & issue ioctls. |
| 30 | |
| 31 | #![allow(missing_docs)] |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 32 | #![cfg_attr(test, allow(unused))] |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 33 | |
Jiyong Park | 0553ff2 | 2021-07-15 12:25:36 +0900 | [diff] [blame] | 34 | use anyhow::{Context, Result}; |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 35 | use data_model::DataInit; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 36 | use std::fs::{File, OpenOptions}; |
| 37 | use std::io::Write; |
| 38 | use std::mem::size_of; |
| 39 | use std::os::unix::io::AsRawFd; |
| 40 | use std::path::{Path, PathBuf}; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 41 | |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 42 | /// Exposes DmCryptTarget & related builder |
| 43 | pub mod crypt; |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 44 | /// Expose util functions |
| 45 | pub mod util; |
| 46 | /// Exposes the DmVerityTarget & related builder |
| 47 | pub mod verity; |
Shikha Panwar | b278b1c | 2022-10-14 12:38:32 +0000 | [diff] [blame] | 48 | // Expose loopdevice |
| 49 | pub mod loopdevice; |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 50 | |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 51 | mod sys; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 52 | use crypt::DmCryptTarget; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 53 | use sys::*; |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 54 | use util::*; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 55 | use verity::DmVerityTarget; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 56 | |
| 57 | nix::ioctl_readwrite!(_dm_dev_create, DM_IOCTL, Cmd::DM_DEV_CREATE, DmIoctl); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 58 | nix::ioctl_readwrite!(_dm_dev_suspend, DM_IOCTL, Cmd::DM_DEV_SUSPEND, DmIoctl); |
| 59 | nix::ioctl_readwrite!(_dm_table_load, DM_IOCTL, Cmd::DM_TABLE_LOAD, DmIoctl); |
Jiyong Park | 99a35b8 | 2021-06-07 10:13:44 +0900 | [diff] [blame] | 60 | nix::ioctl_readwrite!(_dm_dev_remove, DM_IOCTL, Cmd::DM_DEV_REMOVE, DmIoctl); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 61 | |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 62 | /// Create a new (mapper) device |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 63 | fn dm_dev_create(dm: &DeviceMapper, ioctl: *mut DmIoctl) -> Result<i32> { |
| 64 | // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the |
| 65 | // state of this process in any way. |
| 66 | Ok(unsafe { _dm_dev_create(dm.0.as_raw_fd(), ioctl) }?) |
| 67 | } |
| 68 | |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 69 | fn dm_dev_suspend(dm: &DeviceMapper, ioctl: *mut DmIoctl) -> Result<i32> { |
| 70 | // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the |
| 71 | // state of this process in any way. |
| 72 | Ok(unsafe { _dm_dev_suspend(dm.0.as_raw_fd(), ioctl) }?) |
| 73 | } |
| 74 | |
| 75 | fn dm_table_load(dm: &DeviceMapper, ioctl: *mut DmIoctl) -> Result<i32> { |
| 76 | // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the |
| 77 | // state of this process in any way. |
| 78 | Ok(unsafe { _dm_table_load(dm.0.as_raw_fd(), ioctl) }?) |
| 79 | } |
| 80 | |
Jiyong Park | 99a35b8 | 2021-06-07 10:13:44 +0900 | [diff] [blame] | 81 | fn dm_dev_remove(dm: &DeviceMapper, ioctl: *mut DmIoctl) -> Result<i32> { |
| 82 | // SAFETY: `ioctl` is copied into the kernel. It modifies the state in the kernel, not the |
| 83 | // state of this process in any way. |
| 84 | Ok(unsafe { _dm_dev_remove(dm.0.as_raw_fd(), ioctl) }?) |
| 85 | } |
| 86 | |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 87 | // `DmTargetSpec` is the header of the data structure for a device-mapper target. When doing the |
| 88 | // ioctl, one of more `DmTargetSpec` (and its body) are appened to the `DmIoctl` struct. |
| 89 | #[repr(C)] |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 90 | #[derive(Copy, Clone)] |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 91 | struct DmTargetSpec { |
| 92 | sector_start: u64, |
| 93 | length: u64, // number of 512 sectors |
| 94 | status: i32, |
| 95 | next: u32, |
| 96 | target_type: [u8; DM_MAX_TYPE_NAME], |
| 97 | } |
| 98 | |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 99 | // SAFETY: C struct is safe to be initialized from raw data |
| 100 | unsafe impl DataInit for DmTargetSpec {} |
| 101 | |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 102 | impl DmTargetSpec { |
| 103 | fn new(target_type: &str) -> Result<Self> { |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 104 | // safe because the size of the array is the same as the size of the struct |
| 105 | let mut spec: Self = *DataInit::from_mut_slice(&mut [0; size_of::<Self>()]).unwrap(); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 106 | spec.target_type.as_mut().write_all(target_type.as_bytes())?; |
| 107 | Ok(spec) |
| 108 | } |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 109 | } |
| 110 | |
| 111 | impl DmIoctl { |
| 112 | fn new(name: &str) -> Result<DmIoctl> { |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 113 | // safe because the size of the array is the same as the size of the struct |
| 114 | let mut data: Self = *DataInit::from_mut_slice(&mut [0; size_of::<Self>()]).unwrap(); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 115 | data.version[0] = DM_VERSION_MAJOR; |
| 116 | data.version[1] = DM_VERSION_MINOR; |
| 117 | data.version[2] = DM_VERSION_PATCHLEVEL; |
| 118 | data.data_size = size_of::<Self>() as u32; |
| 119 | data.data_start = 0; |
| 120 | data.name.as_mut().write_all(name.as_bytes())?; |
| 121 | Ok(data) |
| 122 | } |
| 123 | |
| 124 | fn set_uuid(&mut self, uuid: &str) -> Result<()> { |
| 125 | let mut dst = self.uuid.as_mut(); |
| 126 | dst.fill(0); |
| 127 | dst.write_all(uuid.as_bytes())?; |
| 128 | Ok(()) |
| 129 | } |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 130 | } |
| 131 | |
| 132 | /// `DeviceMapper` is the entry point for the device mapper framework. It essentially is a file |
| 133 | /// handle to "/dev/mapper/control". |
| 134 | pub struct DeviceMapper(File); |
| 135 | |
Jiyong Park | 5f0ebea | 2021-06-07 12:53:35 +0900 | [diff] [blame] | 136 | #[cfg(not(target_os = "android"))] |
| 137 | const MAPPER_CONTROL: &str = "/dev/mapper/control"; |
| 138 | #[cfg(not(target_os = "android"))] |
| 139 | const MAPPER_DEV_ROOT: &str = "/dev/mapper"; |
| 140 | |
| 141 | #[cfg(target_os = "android")] |
| 142 | const MAPPER_CONTROL: &str = "/dev/device-mapper"; |
| 143 | #[cfg(target_os = "android")] |
| 144 | const MAPPER_DEV_ROOT: &str = "/dev/block/mapper"; |
| 145 | |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 146 | impl DeviceMapper { |
| 147 | /// Constructs a new `DeviceMapper` entrypoint. This is essentially the same as opening |
| 148 | /// "/dev/mapper/control". |
| 149 | pub fn new() -> Result<DeviceMapper> { |
Jiyong Park | 0553ff2 | 2021-07-15 12:25:36 +0900 | [diff] [blame] | 150 | let f = OpenOptions::new() |
| 151 | .read(true) |
| 152 | .write(true) |
| 153 | .open(MAPPER_CONTROL) |
| 154 | .context(format!("failed to open {}", MAPPER_CONTROL))?; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 155 | Ok(DeviceMapper(f)) |
| 156 | } |
| 157 | |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 158 | /// Creates a (crypt) device and configure it according to the `target` specification. |
| 159 | /// The path to the generated device is "/dev/mapper/<name>". |
| 160 | pub fn create_crypt_device(&self, name: &str, target: &DmCryptTarget) -> Result<PathBuf> { |
| 161 | self.create_device(name, target.as_slice(), uuid("crypto".as_bytes())?, true) |
| 162 | } |
| 163 | |
| 164 | /// Creates a (verity) device and configure it according to the `target` specification. |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 165 | /// The path to the generated device is "/dev/mapper/<name>". |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 166 | pub fn create_verity_device(&self, name: &str, target: &DmVerityTarget) -> Result<PathBuf> { |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 167 | self.create_device(name, target.as_slice(), uuid("apkver".as_bytes())?, false) |
| 168 | } |
| 169 | |
| 170 | /// Removes a mapper device. |
| 171 | pub fn delete_device_deferred(&self, name: &str) -> Result<()> { |
| 172 | let mut data = DmIoctl::new(name)?; |
| 173 | data.flags |= Flag::DM_DEFERRED_REMOVE; |
| 174 | dm_dev_remove(self, &mut data) |
| 175 | .context(format!("failed to remove device with name {}", &name))?; |
| 176 | Ok(()) |
| 177 | } |
| 178 | |
| 179 | fn create_device( |
| 180 | &self, |
| 181 | name: &str, |
| 182 | target: &[u8], |
| 183 | uid: String, |
| 184 | writable: bool, |
| 185 | ) -> Result<PathBuf> { |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 186 | // Step 1: create an empty device |
Chris Wailes | 68c39f8 | 2021-07-27 16:03:44 -0700 | [diff] [blame] | 187 | let mut data = DmIoctl::new(name)?; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 188 | data.set_uuid(&uid)?; |
Chris Wailes | 68c39f8 | 2021-07-27 16:03:44 -0700 | [diff] [blame] | 189 | dm_dev_create(self, &mut data) |
Jiyong Park | 0553ff2 | 2021-07-15 12:25:36 +0900 | [diff] [blame] | 190 | .context(format!("failed to create an empty device with name {}", &name))?; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 191 | |
| 192 | // Step 2: load table onto the device |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 193 | let payload_size = size_of::<DmIoctl>() + target.len(); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 194 | |
Chris Wailes | 68c39f8 | 2021-07-27 16:03:44 -0700 | [diff] [blame] | 195 | let mut data = DmIoctl::new(name)?; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 196 | data.data_size = payload_size as u32; |
| 197 | data.data_start = size_of::<DmIoctl>() as u32; |
| 198 | data.target_count = 1; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 199 | |
| 200 | if !writable { |
| 201 | data.flags |= Flag::DM_READONLY_FLAG; |
| 202 | } |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 203 | |
| 204 | let mut payload = Vec::with_capacity(payload_size); |
Jiyong Park | 3c327d2 | 2021-06-08 20:51:54 +0900 | [diff] [blame] | 205 | payload.extend_from_slice(data.as_slice()); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 206 | payload.extend_from_slice(target); |
Chris Wailes | 68c39f8 | 2021-07-27 16:03:44 -0700 | [diff] [blame] | 207 | dm_table_load(self, payload.as_mut_ptr() as *mut DmIoctl) |
Jiyong Park | 0553ff2 | 2021-07-15 12:25:36 +0900 | [diff] [blame] | 208 | .context("failed to load table")?; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 209 | |
| 210 | // Step 3: activate the device (note: the term 'suspend' might be misleading, but it |
| 211 | // actually activates the table. See include/uapi/linux/dm-ioctl.h |
Chris Wailes | 68c39f8 | 2021-07-27 16:03:44 -0700 | [diff] [blame] | 212 | let mut data = DmIoctl::new(name)?; |
| 213 | dm_dev_suspend(self, &mut data).context("failed to activate")?; |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 214 | |
| 215 | // Step 4: wait unti the device is created and return the device path |
Chris Wailes | 9b866f0 | 2022-11-16 15:17:16 -0800 | [diff] [blame] | 216 | let path = Path::new(MAPPER_DEV_ROOT).join(name); |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 217 | wait_for_path(&path)?; |
| 218 | Ok(path) |
| 219 | } |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 220 | } |
| 221 | |
| 222 | /// Used to derive a UUID that uniquely identifies a device mapper device when creating it. |
Shikha Panwar | 414ea89 | 2022-10-12 13:45:52 +0000 | [diff] [blame] | 223 | fn uuid(node_id: &[u8]) -> Result<String> { |
Jiyong Park | f02061f | 2021-06-07 09:44:44 +0900 | [diff] [blame] | 224 | use std::time::{SystemTime, UNIX_EPOCH}; |
| 225 | use uuid::v1::{Context, Timestamp}; |
| 226 | use uuid::Uuid; |
| 227 | |
| 228 | let context = Context::new(0); |
| 229 | let now = SystemTime::now().duration_since(UNIX_EPOCH)?; |
Charisee | 96113f3 | 2023-01-26 09:00:42 +0000 | [diff] [blame] | 230 | let ts = Timestamp::from_unix(context, now.as_secs(), now.subsec_nanos()); |
Chris Wailes | c7c1144 | 2023-01-26 15:25:27 -0800 | [diff] [blame] | 231 | let uuid = Uuid::new_v1(ts, node_id.try_into()?); |
| 232 | Ok(String::from(uuid.hyphenated().encode_lower(&mut Uuid::encode_buffer()))) |
Jiyong Park | 86c9b08 | 2021-06-04 19:03:48 +0900 | [diff] [blame] | 233 | } |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 234 | |
| 235 | #[cfg(test)] |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 236 | ignorabletest::test_main!(tests::all_tests()); |
| 237 | |
| 238 | #[cfg(test)] |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 239 | mod tests { |
| 240 | use super::*; |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 241 | use crypt::{CipherType, DmCryptTargetBuilder}; |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 242 | use ignorabletest::{list_tests, test}; |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 243 | use rustutils::system_properties; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 244 | use std::fs::{read, File, OpenOptions}; |
| 245 | use std::io::Write; |
| 246 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 247 | // Just a logical set of keys to make testing easy. This has no real meaning. |
| 248 | struct KeySet<'a> { |
| 249 | cipher: CipherType, |
| 250 | key: &'a [u8], |
| 251 | different_key: &'a [u8], |
| 252 | } |
| 253 | |
| 254 | const KEY_SET_XTS: KeySet = KeySet { |
| 255 | cipher: CipherType::AES256XTS, |
| 256 | key: b"sixtyfourbyteslongsentencearerarebutletsgiveitatrycantbethathard", |
| 257 | different_key: b"drahtahtebtnacyrtatievigsteltuberareraecnetnesgnolsetybruofytxis", |
| 258 | }; |
| 259 | const KEY_SET_HCTR2: KeySet = KeySet { |
| 260 | cipher: CipherType::AES256HCTR2, |
| 261 | key: b"thirtytwobyteslongreallylongword", |
| 262 | different_key: b"drowgnolyllaergnolsetybowtytriht", |
| 263 | }; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 264 | |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 265 | list_tests! {all_tests: [ |
| 266 | mapping_again_keeps_data_xts, |
| 267 | mapping_again_keeps_data_hctr2, |
| 268 | data_inaccessible_with_diff_key_xts, |
| 269 | data_inaccessible_with_diff_key_hctr2, |
| 270 | ]} |
| 271 | |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 272 | // Create a file in given temp directory with given size |
| 273 | fn prepare_tmpfile(test_dir: &Path, filename: &str, sz: u64) -> PathBuf { |
| 274 | let filepath = test_dir.join(filename); |
| 275 | let f = File::create(&filepath).unwrap(); |
| 276 | f.set_len(sz).unwrap(); |
| 277 | filepath |
| 278 | } |
| 279 | |
| 280 | fn write_to_dev(path: &Path, data: &[u8]) { |
Chris Wailes | 9b866f0 | 2022-11-16 15:17:16 -0800 | [diff] [blame] | 281 | let mut f = OpenOptions::new().read(true).write(true).open(path).unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 282 | f.write_all(data).unwrap(); |
| 283 | } |
| 284 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 285 | // TODO(b/250880499): delete_device() doesn't really delete it even without DM_DEFERRED_REMOVE. |
| 286 | // Hence, we have to create a new device with a different name for each test. Retrying |
| 287 | // the test on same machine without reboot will also fail. |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 288 | fn delete_device(dm: &DeviceMapper, name: &str) -> Result<()> { |
| 289 | dm.delete_device_deferred(name)?; |
Chris Wailes | 9b866f0 | 2022-11-16 15:17:16 -0800 | [diff] [blame] | 290 | wait_for_path_disappears(Path::new(MAPPER_DEV_ROOT).join(name))?; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 291 | Ok(()) |
| 292 | } |
| 293 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 294 | fn is_hctr2_supported() -> bool { |
| 295 | // hctr2 is NOT enabled in kernel 5.10 or lower. We run Microdroid tests on kernel versions |
| 296 | // 5.10 or above & therefore, we don't really care to skip test on other versions. |
| 297 | if let Some(version) = system_properties::read("ro.kernel.version") |
| 298 | .expect("Unable to read system property ro.kernel.version") |
| 299 | { |
| 300 | version != "5.10" |
| 301 | } else { |
| 302 | panic!("Could not read property: kernel.version!!"); |
| 303 | } |
| 304 | } |
| 305 | |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 306 | test!(mapping_again_keeps_data_xts); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 307 | fn mapping_again_keeps_data_xts() { |
| 308 | mapping_again_keeps_data(&KEY_SET_XTS, "name1"); |
| 309 | } |
| 310 | |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 311 | test!(mapping_again_keeps_data_hctr2, ignore_if: !is_hctr2_supported()); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 312 | fn mapping_again_keeps_data_hctr2() { |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 313 | mapping_again_keeps_data(&KEY_SET_HCTR2, "name2"); |
| 314 | } |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 315 | |
| 316 | test!(data_inaccessible_with_diff_key_xts); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 317 | fn data_inaccessible_with_diff_key_xts() { |
| 318 | data_inaccessible_with_diff_key(&KEY_SET_XTS, "name3"); |
| 319 | } |
| 320 | |
Andrew Walbran | 3fcebdb | 2022-11-30 11:16:17 +0000 | [diff] [blame^] | 321 | test!(data_inaccessible_with_diff_key_hctr2, ignore_if: !is_hctr2_supported()); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 322 | fn data_inaccessible_with_diff_key_hctr2() { |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 323 | data_inaccessible_with_diff_key(&KEY_SET_HCTR2, "name4"); |
| 324 | } |
| 325 | |
| 326 | fn mapping_again_keeps_data(keyset: &KeySet, device: &str) { |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 327 | // This test creates 2 different crypt devices using same key backed by same data_device |
| 328 | // -> Write data on dev1 -> Check the data is visible & same on dev2 |
| 329 | let dm = DeviceMapper::new().unwrap(); |
| 330 | let inputimg = include_bytes!("../testdata/rand8k"); |
| 331 | let sz = inputimg.len() as u64; |
| 332 | |
| 333 | let test_dir = tempfile::TempDir::new().unwrap(); |
| 334 | let backing_file = prepare_tmpfile(test_dir.path(), "storage", sz); |
| 335 | let data_device = loopdevice::attach( |
| 336 | backing_file, |
| 337 | 0, |
| 338 | sz, |
| 339 | /*direct_io*/ true, |
| 340 | /*writable*/ true, |
| 341 | ) |
| 342 | .unwrap(); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 343 | let device_diff = device.to_owned() + "_diff"; |
| 344 | |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 345 | scopeguard::defer! { |
| 346 | loopdevice::detach(&data_device).unwrap(); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 347 | _ = delete_device(&dm, device); |
| 348 | _ = delete_device(&dm, &device_diff); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 349 | } |
| 350 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 351 | let target = DmCryptTargetBuilder::default() |
| 352 | .data_device(&data_device, sz) |
| 353 | .cipher(keyset.cipher) |
| 354 | .key(keyset.key) |
| 355 | .build() |
| 356 | .unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 357 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 358 | let mut crypt_device = dm.create_crypt_device(device, &target).unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 359 | write_to_dev(&crypt_device, inputimg); |
| 360 | |
| 361 | // Recreate another device using same target spec & check if the content is the same |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 362 | crypt_device = dm.create_crypt_device(&device_diff, &target).unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 363 | |
| 364 | let crypt = read(crypt_device).unwrap(); |
| 365 | assert_eq!(inputimg.len(), crypt.len()); // fail early if the size doesn't match |
| 366 | assert_eq!(inputimg, crypt.as_slice()); |
| 367 | } |
| 368 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 369 | fn data_inaccessible_with_diff_key(keyset: &KeySet, device: &str) { |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 370 | // This test creates 2 different crypt devices using different keys backed |
| 371 | // by same data_device -> Write data on dev1 -> Check the data is visible but not the same on dev2 |
| 372 | let dm = DeviceMapper::new().unwrap(); |
| 373 | let inputimg = include_bytes!("../testdata/rand8k"); |
| 374 | let sz = inputimg.len() as u64; |
| 375 | |
| 376 | let test_dir = tempfile::TempDir::new().unwrap(); |
| 377 | let backing_file = prepare_tmpfile(test_dir.path(), "storage", sz); |
| 378 | let data_device = loopdevice::attach( |
| 379 | backing_file, |
| 380 | 0, |
| 381 | sz, |
| 382 | /*direct_io*/ true, |
| 383 | /*writable*/ true, |
| 384 | ) |
| 385 | .unwrap(); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 386 | let device_diff = device.to_owned() + "_diff"; |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 387 | scopeguard::defer! { |
| 388 | loopdevice::detach(&data_device).unwrap(); |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 389 | _ = delete_device(&dm, device); |
| 390 | _ = delete_device(&dm, &device_diff); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 391 | } |
| 392 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 393 | let target = DmCryptTargetBuilder::default() |
| 394 | .data_device(&data_device, sz) |
| 395 | .cipher(keyset.cipher) |
| 396 | .key(keyset.key) |
| 397 | .build() |
| 398 | .unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 399 | let target2 = DmCryptTargetBuilder::default() |
| 400 | .data_device(&data_device, sz) |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 401 | .cipher(keyset.cipher) |
| 402 | .key(keyset.different_key) |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 403 | .build() |
| 404 | .unwrap(); |
| 405 | |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 406 | let mut crypt_device = dm.create_crypt_device(device, &target).unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 407 | |
| 408 | write_to_dev(&crypt_device, inputimg); |
| 409 | |
| 410 | // Recreate the crypt device again diff key & check if the content is changed |
Shikha Panwar | 8e48a17 | 2022-11-25 19:01:28 +0000 | [diff] [blame] | 411 | crypt_device = dm.create_crypt_device(&device_diff, &target2).unwrap(); |
Shikha Panwar | 27cb7e7 | 2022-10-13 20:34:45 +0000 | [diff] [blame] | 412 | let crypt = read(crypt_device).unwrap(); |
| 413 | assert_ne!(inputimg, crypt.as_slice()); |
| 414 | } |
| 415 | } |