1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <gtest/gtest.h>
17 #include <string>
18 #include <vector>
19
20 #include <cstdlib>
21 #include <sys/wait.h>
22 #include <unistd.h>
23
24 #include "directory_ex.h"
25 #include "fbex.h"
26 #include "file_ex.h"
27 #include "fscrypt_key_v1.h"
28 #include "fscrypt_key_v1_ext.h"
29 #include "fscrypt_key_v2.h"
30 #include "huks_master.h"
31 #include "key_blob.h"
32 #include "key_manager.h"
33 #include "libfscrypt/fscrypt_control.h"
34 #include "libfscrypt/fscrypt_sysparam.h"
35 #include "libfscrypt/fscrypt_utils.h"
36 #include "libfscrypt/key_control.h"
37 #include "securec.h"
38
39 using namespace testing::ext;
40
41 namespace {
42 const std::string TEST_MNT = "/data";
43 const std::string TEST_DIR_LEGACY = "/data/test/crypto_dir_legacy";
44 const std::string TEST_DIR_V2 = "/data/test/crypto_dir";
45 const std::string TEST_KEYPATH = "/data/test/key/el2/80";
46 const std::string TEST_KEYPATH_BAD = "/sys/test/keypath";
47 const std::string TEST_KEYDIR_VERSION0 = "/version_0";
48 const std::string TEST_KEYDIR_VERSION1 = "/version_1";
49 const std::string TEST_KEYDIR_VERSION2 = "/version_2";
50 const std::string TEST_KEYDIR_LATEST = "/latest";
51 const std::string TEST_KEYDIR_LATEST_BACKUP = "/latest_bak";
52 const std::string TEST_POLICY = "/data/test/policy";
53 const std::string USER_KEY_DIR = "/data/service/el1/public/storage_daemon/sd";
54 const std::string USER_KEY_EL1_DIR = USER_KEY_DIR + "/el1";
55 const std::string USER_KEY_EL2_DIR = USER_KEY_DIR + "/el2";
56 const int32_t PARAMS_SIZE_0 = 0;
57 const int32_t PARAMS_SIZE_1 = 1;
58 const int32_t PARAMS_SIZE_2 = 2;
59 const int32_t PARAMS_SIZE_3 = 3;
60 const int32_t PARAMS_SIZE_4 = 4;
61 auto g_testKeyV1 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV1>(TEST_KEYPATH);
62 auto g_testKeyV2 = std::make_shared<OHOS::StorageDaemon::FscryptKeyV2>(TEST_KEYPATH);
63 }
64
65 namespace OHOS::StorageDaemon {
66 class CryptoKeyTest : public testing::Test {
67 public:
68 static void SetUpTestCase(void);
69 static void TearDownTestCase(void);
70 static int32_t ExecSdcBinary(std::vector<std::string> params, int isCrypt);
71 static int32_t ExecSdcBinaryPidIsZero(std::vector<std::string> params, int isCrypt);
72 void SetUp();
73 void TearDown();
74 UserAuth emptyUserAuth {};
75 };
76
SetUpTestCase(void)77 void CryptoKeyTest::SetUpTestCase(void)
78 {
79 // input testsuit setup step,setup invoked before all testcases
80 }
81
TearDownTestCase(void)82 void CryptoKeyTest::TearDownTestCase(void)
83 {
84 // input testsuit teardown step,teardown invoked after all testcases
85 }
86
SetUp(void)87 void CryptoKeyTest::SetUp(void)
88 {
89 // input testcase setup step,setup invoked before each testcases
90 }
91
TearDown(void)92 void CryptoKeyTest::TearDown(void)
93 {
94 // input testcase teardown step,teardown invoked after each testcases
95 }
96
ExecSdcBinary(std::vector<std::string> params,int isCrypt)97 int32_t CryptoKeyTest::ExecSdcBinary(std::vector<std::string> params, int isCrypt)
98 {
99 pid_t pid = fork();
100 if (pid < 0) {
101 return -EINVAL;
102 }
103 if (pid == 0) {
104 int ret = -EINVAL;
105 if (!isCrypt) {
106 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("nullcmd"), nullptr};
107 ret = execv(argv[0], argv);
108 } else if (params.size() == PARAMS_SIZE_0) {
109 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), nullptr};
110 ret = execv(argv[0], argv);
111 } else if (params.size() == PARAMS_SIZE_1) {
112 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
113 const_cast<char *>(params[0].c_str()), nullptr};
114 ret = execv(argv[0], argv);
115 } else if (params.size() == PARAMS_SIZE_2) {
116 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
117 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()), nullptr};
118 ret = execv(argv[0], argv);
119 } else if (params.size() == PARAMS_SIZE_3) {
120 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
121 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
122 const_cast<char *>(params[2].c_str()), nullptr};
123 ret = execv(argv[0], argv);
124 } else if (params.size() == PARAMS_SIZE_4) {
125 char *const argv[] = {const_cast<char *>("/system/bin/sdc"), const_cast<char *>("filecrypt"),
126 const_cast<char *>(params[0].c_str()), const_cast<char *>(params[1].c_str()),
127 const_cast<char *>(params[2].c_str()), const_cast<char *>(params[3].c_str()), nullptr};
128 ret = execv(argv[0], argv);
129 }
130 if (ret) {
131 return -EINVAL;
132 }
133 }
134 int status;
135 pid_t ret = waitpid(pid, &status, 0);
136 if (ret != pid) {
137 return -EINVAL;
138 }
139
140 return 0;
141 }
142
143 /**
144 * @tc.name: fscrypt_key_v1_init
145 * @tc.desc: Verify the InitKey function.
146 * @tc.type: FUNC
147 * @tc.require: AR000GK0BP
148 */
149 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_init, TestSize.Level1)
150 {
151 EXPECT_TRUE(g_testKeyV1->InitKey(true));
152 EXPECT_FALSE(g_testKeyV1->InitKey(true)); // rawkey not empty
153
154 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
155 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
156 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
157 g_testKeyV1->keyInfo_.key.Clear();
158 }
159
160 /**
161 * @tc.name: fscrypt_key_v2_init
162 * @tc.desc: Verify the InitKey function.
163 * @tc.type: FUNC
164 * @tc.require: AR000GK0BP
165 */
166 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_init, TestSize.Level1)
167 {
168 #ifdef SUPPORT_FSCRYPT_V2
169 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
170 return;
171 }
172 EXPECT_TRUE(g_testKeyV2->InitKey(true));
173 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
174 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV2->keyInfo_.key.size);
175 EXPECT_NE(nullptr, g_testKeyV2->keyInfo_.key.data.get());
176 g_testKeyV2->keyInfo_.key.Clear();
177 #else
178 EXPECT_FALSE(g_testKeyV2->InitKey(true));
179 EXPECT_FALSE(g_testKeyV2->ActiveKey());
180 EXPECT_FALSE(g_testKeyV2->InactiveKey());
181 #endif
182 }
183
184 /**
185 * @tc.name: fscrypt_key_v1_store
186 * @tc.desc: Verify the StoreKey function.
187 * @tc.type: FUNC
188 * @tc.require: AR000GK0BP
189 */
190 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_store, TestSize.Level1)
191 {
192 #ifndef CRYPTO_TEST
193 EXPECT_TRUE(g_testKeyV1->InitKey(true));
194 g_testKeyV1->StoreKey(emptyUserAuth);
195
196 std::string buf {};
197 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
198 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf);
199
200 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC);
201 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf);
202
203 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED);
204 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf);
205 #else
206 EXPECT_TRUE(g_testKeyV1->InitKey(true));
207 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
208
209 std::string buf {};
210 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
211 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, buf));
212
213 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
214 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC, buf));
215 EXPECT_EQ(CRYPTO_KEY_SECDISC_SIZE, buf.size());
216
217 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
218 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED, buf));
219 // the plaintext of 64 bytes, encrypted to 80 bytes size by huks.
220 EXPECT_EQ(80U, buf.size());
221 #endif
222 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
223 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf));
224 EXPECT_EQ(1U, buf.length());
225 EXPECT_EQ('1', buf[0]);
226
227 FscryptKeyV1 g_testKeyV1BadDir {TEST_KEYPATH_BAD};
228 EXPECT_TRUE(g_testKeyV1BadDir.InitKey(true));
229 EXPECT_FALSE(g_testKeyV1BadDir.StoreKey(emptyUserAuth));
230 EXPECT_FALSE(g_testKeyV1BadDir.UpdateKey());
231 EXPECT_FALSE(g_testKeyV1BadDir.ActiveKey());
232 }
233
234 #ifdef SUPPORT_FSCRYPT_V2
235 /**
236 * @tc.name: fscrypt_key_v2_store
237 * @tc.desc: Verify the StoreKey function.
238 * @tc.type: FUNC
239 * @tc.require: AR000GK0BP
240 */
241 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_store, TestSize.Level1)
242 {
243 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
244 return;
245 }
246 g_testKeyV2->ClearKey();
247 EXPECT_TRUE(g_testKeyV2->InitKey(true));
248 EXPECT_TRUE(g_testKeyV2->StoreKey(emptyUserAuth));
249 EXPECT_TRUE(g_testKeyV2->StoreKey(emptyUserAuth));
250
251 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
252 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SECDISC));
253 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_ENCRYPTED));
254 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
255 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SECDISC));
256 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_ENCRYPTED));
257
258 std::string buf {};
259 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
260 EXPECT_EQ(1U, buf.length());
261 EXPECT_EQ('2', buf[0]);
262 }
263
264 /**
265 * @tc.name: fscrypt_key_v2_update
266 * @tc.desc: Verify the UpdateKey function.
267 * @tc.type: FUNC
268 * @tc.require: AR000GK0BP
269 */
270 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_update, TestSize.Level1)
271 {
272 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
273 return;
274 }
275 std::string buf {};
276 EXPECT_TRUE(g_testKeyV2->UpdateKey());
277
278 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
279 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
280 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
281 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC));
282 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED));
283 OHOS::LoadStringFromFile(TEST_KEYPATH + PATH_FSCRYPT_VER, buf);
284 EXPECT_EQ(1U, buf.length());
285 EXPECT_EQ('2', buf[0]);
286 }
287
288 /**
289 * @tc.name: fscrypt_key_v1_restore_fail_wrong_version
290 * @tc.desc: Verify the RestoreKey function.
291 * @tc.type: FUNC
292 * @tc.require: AR000GK0BP
293 */
294 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore_fail_wrong_version, TestSize.Level1)
295 {
296 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
297 return;
298 }
299 g_testKeyV1->keyInfo_.key.Clear();
300 // the version loaded is v2, not expected v1.
301 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth));
302 }
303 #endif
304
305 /**
306 * @tc.name: fscrypt_key_v1_restore
307 * @tc.desc: Verify the RestoreKey function.
308 * @tc.type: FUNC
309 * @tc.require: AR000GK0BP
310 */
311 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_restore, TestSize.Level1)
312 {
313 g_testKeyV1->ClearKey();
314 EXPECT_TRUE(g_testKeyV1->InitKey(true));
315 #ifndef CRYPTO_TEST
316 g_testKeyV1->StoreKey(emptyUserAuth);
317 g_testKeyV1->UpdateKey();
318 g_testKeyV1->RestoreKey(emptyUserAuth);
319
320 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
321 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
322 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
323 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc");
324 #else
325 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
326 EXPECT_TRUE(g_testKeyV1->UpdateKey());
327 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
328
329 EXPECT_EQ(CRYPTO_AES_256_XTS_KEY_SIZE, g_testKeyV1->keyInfo_.key.size);
330 EXPECT_NE(nullptr, g_testKeyV1->keyInfo_.key.data.get());
331 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
332 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC, "bad secdesc"));
333 #endif
334 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth)); // should decrypt failed
335 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SECDISC).c_str());
336 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth));
337 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD).c_str());
338 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth));
339 remove(std::string(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_ENCRYPTED).c_str());
340 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth));
341 remove(std::string(TEST_KEYPATH + "/fscrypt_version").c_str());
342 EXPECT_FALSE(g_testKeyV1->RestoreKey(emptyUserAuth));
343 }
344
345 /**
346 * @tc.name: fscrypt_key_v1_active
347 * @tc.desc: Verify the ActiveKey function of v1 key.
348 * @tc.type: FUNC
349 * @tc.require: AR000GK0BP
350 */
351 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_active, TestSize.Level1)
352 {
353 g_testKeyV1->ClearKey();
354 EXPECT_FALSE(g_testKeyV1->ActiveKey()); // active empty key should fail
355 EXPECT_TRUE(g_testKeyV1->InitKey(true));
356 #ifndef CRYPTO_TEST
357 g_testKeyV1->StoreKey(emptyUserAuth);
358 #else
359 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
360 #endif
361 EXPECT_FALSE(g_testKeyV1->keyInfo_.key.IsEmpty());
362 EXPECT_EQ(FSCRYPT_V1, g_testKeyV1->keyInfo_.version);
363
364 EXPECT_TRUE(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY));
365 // raw key should be erase after install to kernel.
366 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
367 EXPECT_TRUE(g_testKeyV1->keyInfo_.keyId.IsEmpty());
368 // key desc saved in memory for later clear key.
369 EXPECT_FALSE(g_testKeyV1->keyInfo_.keyDesc.IsEmpty());
370
371 // v1 key installed, and key_desc was saved on disk.
372 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
373
374 FscryptKeyV1 g_testKeyV1BadLen {TEST_KEYPATH, CRYPTO_AES_256_XTS_KEY_SIZE * 2};
375 EXPECT_TRUE(g_testKeyV1BadLen.InitKey(true));
376 EXPECT_TRUE(g_testKeyV1BadLen.InactiveKey());
377 EXPECT_FALSE(g_testKeyV1BadLen.ActiveKey());
378 }
379
380 /**
381 * @tc.name: fscrypt_key_v1_clear
382 * @tc.desc: Verify the ClearKey function.
383 * @tc.type: FUNC
384 * @tc.require: AR000GK0BP
385 */
386 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_clear, TestSize.Level1)
387 {
388 EXPECT_TRUE(g_testKeyV1->ClearKey());
389 EXPECT_TRUE(g_testKeyV1->keyInfo_.key.IsEmpty());
390 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYDESC));
391 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + PATH_FSCRYPT_VER));
392 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
393 }
394
395 /**
396 * @tc.name: fscrypt_key_v1_policy_set
397 * @tc.desc: Verify the fscrypt V1 KeyCtrl::SetPolicy function.
398 * @tc.type: FUNC
399 * @tc.require: AR000GK0BO
400 */
401 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_set, TestSize.Level1)
402 {
403 EXPECT_TRUE(g_testKeyV1->InitKey(true));
404 #ifndef CRYPTO_TEST
405 g_testKeyV1->StoreKey(emptyUserAuth);
406 #else
407 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
408 #endif
409 EXPECT_TRUE(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY));
410
411 FscryptPolicy arg;
412 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
413 arg.v1.version = FSCRYPT_POLICY_V1;
414 (void)memcpy_s(arg.v1.master_key_descriptor, FSCRYPT_KEY_DESCRIPTOR_SIZE, g_testKeyV1->keyInfo_.keyDesc.data.get(),
415 g_testKeyV1->keyInfo_.keyDesc.size);
416 arg.v1.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
417 arg.v1.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
418 arg.v1.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
419 // Default to maximum zero-padding to leak less info about filename lengths.
420 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
421 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
422 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
423
424 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
425 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
426 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
427 }
428
429 /**
430 * @tc.name: fscrypt_key_v1_policy_get
431 * @tc.desc: Verify the fscrypt V1 KeyCtrl::GetPolicy function.
432 * @tc.type: FUNC
433 * @tc.require: AR000GK0BO
434 */
435 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_policy_get, TestSize.Level1)
436 {
437 struct fscrypt_policy arg;
438 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
439 EXPECT_TRUE(KeyCtrlGetPolicy(TEST_DIR_LEGACY.c_str(), &arg));
440 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
441
442 std::string testDir = TEST_DIR_LEGACY + "/test_dir";
443 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
444 EXPECT_TRUE(KeyCtrlGetPolicy(testDir.c_str(), &arg));
445 EXPECT_EQ(FSCRYPT_POLICY_V1, arg.version);
446
447 EXPECT_FALSE(KeyCtrlGetPolicy(NULL, NULL));
448 EXPECT_FALSE(KeyCtrlGetPolicy(testDir.c_str(), NULL));
449 }
450
451 /**
452 * @tc.name: fscrypt_key_v1_key_inactive
453 * @tc.desc: Verify the FscryptKeyV1 InactiveKey function.
454 * @tc.type: FUNC
455 * @tc.require: AR000GK0BO
456 */
457 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_key_inactive, TestSize.Level1)
458 {
459 EXPECT_TRUE(g_testKeyV1->InactiveKey(USER_DESTROY));
460
461 #ifdef SUPPORT_FSCRYPT_V2
462 EXPECT_FALSE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir1"));
463 EXPECT_FALSE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file3", "AAA"));
464 // earlier kernels may have different behaviour.
465 #endif
466 }
467
468 #ifdef SUPPORT_FSCRYPT_V2
469 /**
470 * @tc.name: fscrypt_key_v2_active
471 * @tc.desc: Verify the fscrypt V2 active function.
472 * @tc.type: FUNC
473 * @tc.require: AR000GK0BP
474 */
475 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_active, TestSize.Level1)
476 {
477 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
478 return;
479 }
480 g_testKeyV2->ClearKey();
481 EXPECT_TRUE(g_testKeyV2->InitKey(true));
482 EXPECT_TRUE(g_testKeyV2->StoreKey(emptyUserAuth));
483 EXPECT_TRUE(g_testKeyV2->UpdateKey());
484 EXPECT_TRUE(g_testKeyV2->ActiveKey());
485
486 // raw key should be erase after install to kernel.
487 EXPECT_TRUE(g_testKeyV2->keyInfo_.key.IsEmpty());
488 EXPECT_TRUE(g_testKeyV2->keyInfo_.keyDesc.IsEmpty());
489 EXPECT_EQ(static_cast<unsigned int>(FSCRYPT_KEY_IDENTIFIER_SIZE), g_testKeyV2->keyInfo_.keyId.size);
490 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + PATH_KEYID));
491 }
492
493 /**
494 * @tc.name: fscrypt_key_v2_policy_set
495 * @tc.desc: Verify the fscrypt V2 setpolicy function.
496 * @tc.type: FUNC
497 * @tc.require: AR000GK0BO
498 */
499 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_set, TestSize.Level1)
500 {
501 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
502 return;
503 }
504 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
505 FscryptPolicy arg;
506 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
507 arg.v2.version = FSCRYPT_POLICY_V2;
508 (void)memcpy_s(arg.v2.master_key_identifier, FSCRYPT_KEY_IDENTIFIER_SIZE, g_testKeyV2->keyInfo_.keyId.data.get(),
509 g_testKeyV2->keyInfo_.keyId.size);
510 arg.v2.contents_encryption_mode = FSCRYPT_MODE_AES_256_XTS;
511 arg.v2.filenames_encryption_mode = FSCRYPT_MODE_AES_256_CTS;
512 arg.v2.flags = FSCRYPT_POLICY_FLAGS_PAD_32;
513 // Default to maximum zero-padding to leak less info about filename lengths.
514 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
515 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2));
516 EXPECT_TRUE(KeyCtrlSetPolicy(TEST_DIR_V2.c_str(), &arg));
517
518 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
519 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
520 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
521 }
522
523 /**
524 * @tc.name: fscrypt_key_v2_policy_get
525 * @tc.desc: Verify the fscrypt V2 getpolicy function.
526 * @tc.type: FUNC
527 * @tc.require: AR000GK0BO
528 */
529 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_get, TestSize.Level1)
530 {
531 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
532 return;
533 }
534 struct fscrypt_get_policy_ex_arg arg;
535 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
536 arg.policy_size = sizeof(arg.policy);
537 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
538 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
539
540 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
541 arg.policy_size = sizeof(arg.policy);
542 std::string testDir = TEST_DIR_V2 + "/test_dir";
543 EXPECT_TRUE(KeyCtrlGetPolicyEx(testDir.c_str(), &arg));
544 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
545 }
546
547 /**
548 * @tc.name: fscrypt_key_v2_policy_inactive
549 * @tc.desc: Verify the fscryptV2 InactiveKey function.
550 * @tc.type: FUNC
551 * @tc.require: AR000GK0BP
552 */
553 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_inactive, TestSize.Level1)
554 {
555 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
556 return;
557 }
558 EXPECT_TRUE(g_testKeyV2->InactiveKey());
559 // When the v2 policy removed, the files are encrypted.
560 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
561 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
562 EXPECT_FALSE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
563 }
564
565 /**
566 * @tc.name: fscrypt_key_v2_policy_restore
567 * @tc.desc: Verify the fscrypt V2 restore and decrypt.
568 * @tc.type: FUNC
569 * @tc.require: AR000GK0BP
570 */
571 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_policy_restore, TestSize.Level1)
572 {
573 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
574 return;
575 }
576 EXPECT_TRUE(g_testKeyV2->RestoreKey(emptyUserAuth));
577 EXPECT_EQ(FSCRYPT_V2, g_testKeyV2->keyInfo_.version);
578 EXPECT_TRUE(g_testKeyV2->ActiveKey());
579
580 // the files is decrypted now
581 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_dir"));
582 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file1"));
583 EXPECT_TRUE(OHOS::FileExists(TEST_DIR_V2 + "/test_file2"));
584
585 EXPECT_TRUE(g_testKeyV2->ClearKey());
586 }
587
588 /**
589 * @tc.name: fscrypt_key_v2_load_and_set_policy_default
590 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
591 * @tc.type: FUNC
592 * @tc.require: AR000GK0BO
593 */
594 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_default, TestSize.Level1)
595 {
596 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
597 return;
598 }
599 g_testKeyV2->ClearKey();
600 EXPECT_TRUE(g_testKeyV2->InitKey(true));
601 EXPECT_TRUE(g_testKeyV2->StoreKey(emptyUserAuth));
602 EXPECT_TRUE(g_testKeyV2->ActiveKey());
603
604 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
605 EXPECT_EQ(0, InitFscryptPolicy());
606
607 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
608 OHOS::ForceCreateDirectory(TEST_DIR_V2);
609 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
610
611 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
612 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
613 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
614 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
615
616 EXPECT_TRUE(g_testKeyV2->ClearKey());
617 }
618 #endif
619
620 /**
621 * @tc.name: fscrypt_key_v1_load_and_set_policy_default
622 * @tc.desc: Verify the fscrypt V1 setpolicy function.
623 * @tc.type: FUNC
624 * @tc.require: AR000GK0BO
625 */
626 HWTEST_F(CryptoKeyTest, fscrypt_key_v1_load_and_set_policy_default, TestSize.Level1)
627 {
628 g_testKeyV1->ClearKey();
629 EXPECT_TRUE(g_testKeyV1->InitKey(true));
630 #ifndef CRYPTO_TEST
631 g_testKeyV1->StoreKey(emptyUserAuth);
632 #else
633 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
634 #endif
635 EXPECT_TRUE(g_testKeyV1->ActiveKey(FIRST_CREATE_KEY));
636
637 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
638 EXPECT_EQ(0, InitFscryptPolicy());
639
640 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
641 OHOS::ForceCreateDirectory(TEST_DIR_LEGACY);
642 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV1->GetDir().c_str(), TEST_DIR_LEGACY.c_str()));
643
644 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY + "/test_dir"));
645 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file1", "hello, world!\n"));
646 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/test_file2", "AA"));
647 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_LEGACY + "/111111111111111111111111111111111111111111111111", "AA"));
648
649 EXPECT_TRUE(g_testKeyV1->ClearKey());
650 }
651
652 /**
653 * @tc.name: fscrypt_key_storekey_version_test_1
654 * @tc.desc: Verify the fscrypt storekey function.
655 * @tc.type: FUNC
656 * @tc.require: AR000GK0BO
657 */
658 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_1, TestSize.Level1)
659 {
660 EXPECT_TRUE(g_testKeyV1->InitKey(true));
661 #ifndef CRYPTO_TEST
662 // storekey to version 0
663 g_testKeyV1->StoreKey(emptyUserAuth);
664 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
665 std::string keyShieldV0;
666 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
667
668 // storekey to version 1
669 g_testKeyV1->StoreKey(emptyUserAuth);
670 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
671 std::string keyShieldV1;
672 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
673
674 // storekey to version 2
675 g_testKeyV1->StoreKey(emptyUserAuth);
676 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD);
677 std::string keyShieldV2;
678 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2);
679
680 // updatekey will rename version 2 to latest
681 g_testKeyV1->UpdateKey();
682 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
683 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
684 std::string keyShieldLatest;
685 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
686 EXPECT_EQ(keyShieldLatest, keyShieldV2);
687 #else
688 // storekey to version 0
689 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
690 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
691 std::string keyShieldV0;
692 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
693
694 // storekey to version 1
695 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
696 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
697 std::string keyShieldV1;
698 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
699 EXPECT_NE(keyShieldV0, keyShieldV1);
700
701 // storekey to version 2
702 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
703 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD));
704 std::string keyShieldV2;
705 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION2 + PATH_SHIELD, keyShieldV2));
706 EXPECT_NE(keyShieldV1, keyShieldV2);
707
708 // updatekey will rename version 2 to latest
709 EXPECT_TRUE(g_testKeyV1->UpdateKey());
710 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
711 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
712 std::string keyShieldLatest;
713 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
714 EXPECT_EQ(keyShieldLatest, keyShieldV2);
715 #endif
716 }
717
718 /**
719 * @tc.name: fscrypt_key_storekey_version_test_2
720 * @tc.desc: Verify the fscrypt storekey function.
721 * @tc.type: FUNC
722 * @tc.require: AR000GK0BO
723 */
724 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_2, TestSize.Level1)
725 {
726 #ifndef CRYPTO_TEST
727 g_testKeyV1->RestoreKey(emptyUserAuth);
728
729 // storekey to version 0
730 g_testKeyV1->StoreKey(emptyUserAuth);
731 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
732 std::string keyShieldV0;
733 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0);
734
735 // storekey to version 1
736 g_testKeyV1->StoreKey(emptyUserAuth);
737 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD);
738 std::string keyShieldV1;
739 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1);
740
741 // restorekey will decrypt from versions and rename first success one to latest
742 g_testKeyV1->RestoreKey(emptyUserAuth);
743 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD);
744 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
745 std::string keyShieldLatest;
746 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest);
747 EXPECT_EQ(keyShieldLatest, keyShieldV1);
748 #else
749 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
750
751 // storekey to version 0
752 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
753 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
754 std::string keyShieldV0;
755 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0));
756
757 // storekey to version 1
758 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
759 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD));
760 std::string keyShieldV1;
761 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION1 + PATH_SHIELD, keyShieldV1));
762
763 // restorekey will decrypt from versions and rename first success one to latest
764 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
765 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD));
766 EXPECT_FALSE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP + PATH_SHIELD));
767 std::string keyShieldLatest;
768 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_LATEST + PATH_SHIELD, keyShieldLatest));
769 EXPECT_EQ(keyShieldLatest, keyShieldV1);
770 #endif
771 }
772
773 /**
774 * @tc.name: fscrypt_key_storekey_version_test_3
775 * @tc.desc: Verify the fscrypt storekey function.
776 * @tc.type: FUNC
777 * @tc.require: AR000GK0BO
778 */
779 HWTEST_F(CryptoKeyTest, fscrypt_key_storekey_version_test_3, TestSize.Level1)
780 {
781 #ifndef CRYPTO_TEST
782 // storekey to version 0
783 g_testKeyV1->StoreKey(emptyUserAuth);
784 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
785 std::string keyShieldV0A;
786 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A);
787
788 // latest dir broken, not affect restore and update operation
789 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
790 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
791 g_testKeyV1->RestoreKey(emptyUserAuth);
792 OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD);
793 std::string keyShieldV0B;
794 OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B);
795 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
796 g_testKeyV1->RestoreKey(emptyUserAuth);
797 EXPECT_FALSE(g_testKeyV1->UpdateKey());
798
799 // latest dir backup also broken, not affect restore and update operation
800 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
801 EXPECT_FALSE(g_testKeyV1->UpdateKey());
802 g_testKeyV1->RestoreKey(emptyUserAuth);
803 #else
804 // storekey to version 0
805 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
806 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
807 std::string keyShieldV0A;
808 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0A));
809
810 // latest dir broken, not affect restore and update operation
811 OHOS::ForceRemoveDirectory(TEST_KEYPATH + TEST_KEYDIR_LATEST);
812 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST, "latest is a file");
813 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
814 EXPECT_TRUE(OHOS::FileExists(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD));
815 std::string keyShieldV0B;
816 EXPECT_TRUE(OHOS::LoadStringFromFile(TEST_KEYPATH + TEST_KEYDIR_VERSION0 + PATH_SHIELD, keyShieldV0B));
817 EXPECT_TRUE(keyShieldV0A == keyShieldV0B);
818 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
819 EXPECT_FALSE(g_testKeyV1->UpdateKey());
820
821 // latest dir backup also broken, not affect restore and update operation
822 OHOS::SaveStringToFile(TEST_KEYPATH + TEST_KEYDIR_LATEST_BACKUP, "latest_backup is a file");
823 EXPECT_FALSE(g_testKeyV1->UpdateKey());
824 EXPECT_TRUE(g_testKeyV1->RestoreKey(emptyUserAuth));
825 #endif
826 }
827
828 #ifdef SUPPORT_FSCRYPT_V2
829 /**
830 * @tc.name: fscrypt_key_v2_load_and_set_policy_padding_4
831 * @tc.desc: Verify the KeyCtrl::LoadAndSetPolicy function.
832 * @tc.type: FUNC
833 * @tc.require: AR000GK0BO
834 */
835 HWTEST_F(CryptoKeyTest, fscrypt_key_v2_load_and_set_policy_padding_4, TestSize.Level1)
836 {
837 if (KeyCtrlGetFscryptVersion(TEST_MNT.c_str()) == FSCRYPT_V1) {
838 return;
839 }
840 g_testKeyV2->ClearKey();
841 EXPECT_TRUE(g_testKeyV2->InitKey(true));
842 EXPECT_TRUE(g_testKeyV2->StoreKey(emptyUserAuth));
843 EXPECT_TRUE(g_testKeyV2->ActiveKey());
844
845 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
846 EXPECT_EQ(0, InitFscryptPolicy());
847
848 OHOS::ForceRemoveDirectory(TEST_DIR_V2);
849 OHOS::ForceCreateDirectory(TEST_DIR_V2);
850 EXPECT_EQ(0, LoadAndSetPolicy(g_testKeyV2->GetDir().c_str(), TEST_DIR_V2.c_str()));
851
852 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_V2 + "/test_dir"));
853 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file1", "hello, world!\n"));
854 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/test_file2", "AA"));
855 EXPECT_TRUE(OHOS::SaveStringToFile(TEST_DIR_V2 + "/111111111111111111111111111111111111111111111111", "AA"));
856
857 struct fscrypt_get_policy_ex_arg arg;
858 (void)memset_s(&arg, sizeof(arg), 0, sizeof(arg));
859 arg.policy_size = sizeof(arg.policy);
860 EXPECT_TRUE(KeyCtrlGetPolicyEx(TEST_DIR_V2.c_str(), &arg));
861 EXPECT_EQ(FSCRYPT_POLICY_V2, arg.policy.version);
862 EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, arg.policy.v2.filenames_encryption_mode);
863 EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, arg.policy.v2.contents_encryption_mode);
864
865 EXPECT_TRUE(g_testKeyV2->ClearKey());
866 }
867 #endif
868
869 /**
870 * @tc.name: key_manager_generate_delete_user_keys
871 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
872 * @tc.type: FUNC
873 * @tc.require: SR000H0CM9
874 */
875 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_000, TestSize.Level1)
876 {
877 uint32_t userId = 81;
878 const string USER_EL1_DIR = "/data/test/user/el1";
879 const string USER_EL2_DIR = "/data/test/user/el2";
880
881 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
882 EXPECT_EQ(0, InitFscryptPolicy());
883 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
884 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
885 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
886 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
887
888 OHOS::ForceRemoveDirectory(USER_KEY_EL1_DIR);
889 OHOS::ForceRemoveDirectory(USER_KEY_EL2_DIR);
890 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // no user_el1_dir
891
892 KeyManager::GetInstance()->InitGlobalDeviceKey();
893 KeyManager::GetInstance()->InitGlobalUserKeys();
894 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
895 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
896 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
897 #ifndef CRYPTO_TEST
898 KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
899 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
900 #else
901 EXPECT_EQ(0, KeyManager::GetInstance()->GenerateUserKeys(userId, 0));
902 EXPECT_EQ(-EEXIST, KeyManager::GetInstance()->GenerateUserKeys(userId, 0)); // key existed
903 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
904 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
905 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
906 EXPECT_EQ(0, KeyManager::GetInstance()->UpdateKeyContext(userId));
907 KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecret);
908 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->UpdateKeyContext(userId)); // no need to update keycontext
909 KeyManager::GetInstance()->InActiveUserKey(userId); // may fail on some platforms
910 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
911 EXPECT_EQ(0, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {})); /// have been actived, also return 0
912 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
913 #endif
914
915 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
916 KeyManager::GetInstance()->InitGlobalDeviceKey();
917 KeyManager::GetInstance()->InitGlobalUserKeys();
918 }
919
920 /**
921 * @tc.name: key_manager_generate_delete_user_keys
922 * @tc.desc: Verify the KeyManager GenerateUserKeys and DeleteUserKeys
923 * @tc.type: FUNC
924 * @tc.require: SR000H0CM9
925 */
926 HWTEST_F(CryptoKeyTest, key_manager_generate_delete_user_keys_001, TestSize.Level1)
927 {
928 const string USER_EL1_DIR = "/data/test/user/el1";
929 const string USER_EL2_DIR = "/data/test/user/el2";
930
931 EXPECT_EQ(0, SetFscryptSysparam("2:aes-256-cts:aes-256-xts"));
932 EXPECT_EQ(0, InitFscryptPolicy());
933 OHOS::ForceRemoveDirectory(USER_EL1_DIR);
934 OHOS::ForceRemoveDirectory(USER_EL2_DIR);
935 MkDirRecurse(USER_EL1_DIR, S_IRWXU);
936 MkDirRecurse(USER_EL2_DIR, S_IRWXU);
937
938 OHOS::ForceRemoveDirectory(USER_KEY_EL1_DIR);
939 OHOS::ForceRemoveDirectory(USER_KEY_EL2_DIR);
940
941 KeyManager::GetInstance()->InitGlobalDeviceKey();
942 KeyManager::GetInstance()->InitGlobalUserKeys();
943 UserTokenSecret userTokenSecret = {.token = {'t', 'o', 'k', 'e', 'n'}, .oldSecret = {},
944 .newSecret = {'s', 'e', 'c', 'r', 'e', 't'}, .secureUid = 0};
945 UserTokenSecret userTokenSecretNull = {.token = {}, .oldSecret = {}, .newSecret = {}, .secureUid = 0};
946
947 EXPECT_EQ(0, SetFscryptSysparam("1:aes-256-cts:aes-256-xts"));
948 KeyManager::GetInstance()->InitGlobalDeviceKey();
949 KeyManager::GetInstance()->InitGlobalUserKeys();
950 uint32_t userId = 801; // bad userId, not generated
951 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL1_KEY, {{userId, USER_EL1_DIR}}));
952 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, EL2_KEY, {{userId, USER_EL2_DIR}}));
953 EXPECT_EQ(0, KeyManager::GetInstance()->SetDirectoryElPolicy(userId, static_cast<KeyType>(0),
954 {{userId, USER_EL2_DIR}})); // bad keytype
955 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateUserAuth(userId, userTokenSecretNull));
956 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->UpdateKeyContext(userId));
957 EXPECT_EQ(-ENOENT, KeyManager::GetInstance()->InActiveUserKey(userId));
958 EXPECT_EQ(-EFAULT, KeyManager::GetInstance()->ActiveUserKey(userId, {}, {}));
959 if (KeyManager::GetInstance()->IsUeceSupport()) {
960 EXPECT_NE(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
961 } else {
962 EXPECT_EQ(0, KeyManager::GetInstance()->DeleteUserKeys(userId));
963 }
964 }
965
966 /**
967 * @tc.name: fscrypt_key_secure_access_control
968 * @tc.desc: Verify the secure access when user have pin code.
969 * @tc.type: FUNC
970 * @tc.require: SR000H0CLT
971 */
972 HWTEST_F(CryptoKeyTest, fscrypt_key_secure_access_control, TestSize.Level1)
973 {
974 g_testKeyV1->ClearKey();
975 EXPECT_TRUE(g_testKeyV1->InitKey(true));
976 #ifndef CRYPTO_TEST
977 g_testKeyV1->StoreKey(emptyUserAuth);
978 #else
979 EXPECT_TRUE(g_testKeyV1->StoreKey(emptyUserAuth));
980 #endif
981 std::string token = "bad_token";
982 std::string secret = "bad_secret";
983 std::vector<uint8_t> badToken(token.begin(), token.end());
984 std::vector<uint8_t> badSecret(secret.begin(), secret.end());
985 UserAuth badUserAuth {
986 .token = badToken,
987 .secret = badSecret
988 };
989 EXPECT_FALSE(g_testKeyV1->RestoreKey(badUserAuth));
990 EXPECT_TRUE(g_testKeyV1->ClearKey());
991 }
992
993 /**
994 * @tc.name: fscrypt_sdc_filecrypt
995 * @tc.desc: Verify the sdc interface.
996 * @tc.type: FUNC
997 * @tc.require: SR000H0CLT
998 */
999 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_001, TestSize.Level1)
1000 {
1001 std::vector<std::string> params;
1002
1003 // test no param
1004 params.clear();
1005 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 0));
1006
1007 // test not filecrypt param
1008 params.clear();
1009 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1010
1011 // test filecrypt cmd not existed
1012 params.push_back("noexisted");
1013 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1014
1015 // test sdc enable
1016 params.push_back("enable");
1017 params.push_back("2:abs-256-cts:aes-256-xts");
1018 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1019 params.clear();
1020 params.push_back("enable");
1021 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1022 params.clear();
1023
1024 // test sdc init_global_key
1025 params.push_back("init_global_key");
1026 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1027 params.clear();
1028
1029 // test sdc init_main_user
1030 params.push_back("init_main_user");
1031 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1032 params.clear();
1033
1034 // test sdc inactive_user_key
1035 params.push_back("inactive_user_key");
1036 params.push_back("id");
1037 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1038 params.clear();
1039 params.push_back("inactive_user_key");
1040 params.push_back("10");
1041 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1042 params.clear();
1043 params.push_back("inactive_user_key");
1044 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1045 params.clear();
1046 }
1047
1048 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_002, TestSize.Level1)
1049 {
1050 std::vector<std::string> params;
1051
1052 // test sdc update_key_context
1053 params.clear();
1054 params.push_back("update_key_context");
1055 params.push_back("id");
1056 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1057 params.clear();
1058 params.push_back("update_key_context");
1059 params.push_back("10");
1060 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1061 params.clear();
1062 params.push_back("update_key_context");
1063 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1064 params.clear();
1065
1066 // test sdc delete_user_keys
1067 params.push_back("delete_user_keys");
1068 params.push_back("id");
1069 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1070 params.clear();
1071 params.push_back("delete_user_keys");
1072 params.push_back("10");
1073 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1074 params.clear();
1075 params.push_back("delete_user_keys");
1076 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1077 params.clear();
1078
1079 // test sdc generate_user_keys
1080 params.push_back("generate_user_keys");
1081 params.push_back("id");
1082 params.push_back("flag");
1083 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1084 params.clear();
1085 params.push_back("generate_user_keys");
1086 params.push_back("10");
1087 params.push_back("0");
1088 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1089 params.clear();
1090 params.push_back("generate_user_keys");
1091 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1092 params.clear();
1093 }
1094
1095 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_003, TestSize.Level1)
1096 {
1097 std::vector<std::string> params;
1098
1099 // test sdc prepare_user_space
1100 params.clear();
1101 params.push_back("prepare_user_space");
1102 params.push_back("id");
1103 params.push_back("flag");
1104 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1105 params.clear();
1106 params.push_back("prepare_user_space");
1107 params.push_back("10");
1108 params.push_back("0");
1109 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1110 params.clear();
1111 params.push_back("prepare_user_space");
1112 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1113 params.clear();
1114
1115 // test sdc destroy_user_space
1116 params.push_back("destroy_user_space");
1117 params.push_back("id");
1118 params.push_back("flag");
1119 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1120 params.clear();
1121 params.push_back("destroy_user_space");
1122 params.push_back("10");
1123 params.push_back("0");
1124 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1125 params.clear();
1126 params.push_back("destroy_user_space");
1127 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1128 params.clear();
1129 }
1130
1131 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_004, TestSize.Level1)
1132 {
1133 std::vector<std::string> params;
1134
1135 // test sdc update_user_auth
1136 params.clear();
1137 params.push_back("update_user_auth");
1138 params.push_back("id");
1139 params.push_back("01234567890abcd");
1140 params.push_back("01234567890abcd");
1141 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1142 params.clear();
1143 params.push_back("update_user_auth");
1144 params.push_back("10");
1145 params.push_back("01234567890abcd");
1146 params.push_back("01234567890abcd");
1147 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1148 params.clear();
1149 params.push_back("update_user_auth");
1150 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1151 params.clear();
1152 params.push_back("update_user_auth");
1153 params.push_back("10");
1154 params.push_back("01234567890abcd");
1155 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1156 params.clear();
1157
1158 // test sdc active_user_key
1159 params.push_back("active_user_key");
1160 params.push_back("id");
1161 params.push_back("01234567890abcd");
1162 params.push_back("01234567890abcd");
1163 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1164 params.clear();
1165 params.push_back("active_user_key");
1166 params.push_back("10");
1167 params.push_back("01234567890abcd");
1168 params.push_back("01234567890abcd");
1169 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1170 params.clear();
1171 params.push_back("active_user_key");
1172 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1173 params.clear();
1174 params.push_back("active_user_key");
1175 params.push_back("10");
1176 params.push_back("01234567890abcd");
1177 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1178 params.clear();
1179 }
1180
1181 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_005, TestSize.Level1)
1182 {
1183 std::vector<std::string> params;
1184
1185 // test sdc unlock_user_screen
1186 params.clear();
1187 params.push_back("unlock_user_screen");
1188 params.push_back("id");
1189 params.push_back("01234567890abcd");
1190 params.push_back("01234567890abcd");
1191 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1192 params.clear();
1193 params.push_back("unlock_user_screen");
1194 params.push_back("10");
1195 params.push_back("01234567890abcd");
1196 params.push_back("01234567890abcd");
1197 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1198 params.clear();
1199 params.push_back("unlock_user_screen");
1200 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1201 params.clear();
1202 params.push_back("unlock_user_screen");
1203 params.push_back("10");
1204 params.push_back("01234567890abcd");
1205 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1206 params.clear();
1207
1208 // test sdc lock_user_screen
1209 params.clear();
1210 params.push_back("lock_user_screen");
1211 params.push_back("id");
1212 params.push_back("01234567890abcd");
1213 params.push_back("01234567890abcd");
1214 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1215 params.clear();
1216 params.push_back("lock_user_screen");
1217 params.push_back("10");
1218 params.push_back("01234567890abcd");
1219 params.push_back("01234567890abcd");
1220 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1221 params.clear();
1222 params.push_back("lock_user_screen");
1223 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1224 params.clear();
1225 params.push_back("lock_user_screen");
1226 params.push_back("10");
1227 params.push_back("01234567890abcd");
1228 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1229 params.clear();
1230 }
1231
1232 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_006, TestSize.Level1)
1233 {
1234 std::vector<std::string> params;
1235
1236 // test sdc generate_app_key
1237 params.clear();
1238 params.push_back("generate_app_key");
1239 params.push_back("id");
1240 params.push_back("01234567890abcd");
1241 params.push_back("01234567890abcd");
1242 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1243 params.clear();
1244 params.push_back("generate_app_key");
1245 params.push_back("10");
1246 params.push_back("01234567890abcd");
1247 params.push_back("01234567890abcd");
1248 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1249 params.clear();
1250 params.push_back("generate_app_key");
1251 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1252 params.clear();
1253 params.push_back("generate_app_key");
1254 params.push_back("10");
1255 params.push_back("01234567890abcd");
1256 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1257 params.clear();
1258
1259 // test sdc delete_app_key
1260 params.clear();
1261 params.push_back("delete_app_key");
1262 params.push_back("id");
1263 params.push_back("01234567890abcd");
1264 params.push_back("01234567890abcd");
1265 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1266 params.clear();
1267 params.push_back("delete_app_key");
1268 params.push_back("10");
1269 params.push_back("01234567890abcd");
1270 params.push_back("01234567890abcd");
1271 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1272 params.clear();
1273 params.push_back("delete_app_key");
1274 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1275 params.clear();
1276 params.push_back("delete_app_key");
1277 params.push_back("10");
1278 params.push_back("01234567890abcd");
1279 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1280 params.clear();
1281 }
1282
1283 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_007, TestSize.Level1)
1284 {
1285 std::vector<std::string> params;
1286
1287 // test sdc Get_unlock_status
1288 params.clear();
1289 params.push_back("Get_unlock_status");
1290 params.push_back("id");
1291 params.push_back("01234567890abcd");
1292 params.push_back("01234567890abcd");
1293 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1294 params.clear();
1295 params.push_back("Get_unlock_status");
1296 params.push_back("10");
1297 params.push_back("01234567890abcd");
1298 params.push_back("01234567890abcd");
1299 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1300 params.clear();
1301 params.push_back("Get_unlock_status");
1302 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1303 params.clear();
1304 params.push_back("Get_unlock_status");
1305 params.push_back("10");
1306 params.push_back("01234567890abcd");
1307 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1308 params.clear();
1309 }
1310
1311 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_008, TestSize.Level1)
1312 {
1313 std::vector<std::string> params;
1314
1315 // test sdc create_recover_key
1316 params.clear();
1317 params.push_back("create_recover_key");
1318 params.push_back("id");
1319 params.push_back("01234567890abcd");
1320 params.push_back("01234567890abcd");
1321 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1322 params.clear();
1323 params.push_back("create_recover_key");
1324 params.push_back("10");
1325 params.push_back("01234567890abcd");
1326 params.push_back("01234567890abcd");
1327 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1328 params.clear();
1329 params.push_back("create_recover_key");
1330 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1331 params.clear();
1332 params.push_back("create_recover_key");
1333 params.push_back("10");
1334 params.push_back("11");
1335 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1336 params.clear();
1337 }
1338
1339 HWTEST_F(CryptoKeyTest, fscrypt_sdc_filecrypt_009, TestSize.Level1)
1340 {
1341 std::vector<std::string> params;
1342
1343 // test sdc set_recover_key
1344 params.clear();
1345 params.push_back("set_recover_key");
1346 params.push_back("id");
1347 params.push_back("01234567890abcd");
1348 params.push_back("01234567890abcd");
1349 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1350 params.clear();
1351 params.push_back("set_recover_key");
1352 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1353 params.clear();
1354 params.push_back("set_recover_key");
1355 params.push_back("10");
1356 params.push_back("11");
1357 EXPECT_EQ(0, CryptoKeyTest::ExecSdcBinary(params, 1));
1358 params.clear();
1359 }
1360
1361 /**
1362 * @tc.name: libfscrypt api test
1363 * @tc.desc: Verify the libfscrypt interface.
1364 * @tc.type: FUNC
1365 * @tc.require: SR000H0CLT
1366 */
1367 HWTEST_F(CryptoKeyTest, fscrypt_libfscrypt_api, TestSize.Level1)
1368 {
1369 // test api in sysparam_dynamic.c
1370 EXPECT_NE(0, GetFscryptParameter(NULL, NULL, NULL, NULL));
1371 EXPECT_NE(0, SetFscryptParameter(NULL, NULL));
1372
1373 // test api in fscrypt_utils.c
1374 EXPECT_NE(0, FscryptPolicyEnable(NULL));
1375 EXPECT_EQ(0, FscryptPolicyEnable("/data/test/badpath"));
1376 FscryptPolicyEnable("/data/app/el1/bundle/public");
1377 EXPECT_NE(0, SetFscryptSysparam(NULL));
1378
1379 // test api in key_control.c
1380 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(NULL));
1381 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion("/nofile"));
1382 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlGetFscryptVersion(NULL));
1383
1384 // version iss not digit
1385 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1386 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1387 std::string testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1388 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "not-digit\n"));
1389 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1390
1391 // bad version
1392 OHOS::ForceRemoveDirectory(TEST_DIR_LEGACY);
1393 EXPECT_TRUE(OHOS::ForceCreateDirectory(TEST_DIR_LEGACY));
1394 testVersionFile = TEST_DIR_LEGACY + "/fscrypt_version";
1395 EXPECT_TRUE(OHOS::SaveStringToFile(testVersionFile, "10\n"));
1396 EXPECT_EQ(FSCRYPT_INVALID, KeyCtrlLoadVersion(TEST_DIR_LEGACY.c_str()));
1397
1398 key_serial_t id = 1;
1399 EXPECT_NE(0, KeyCtrlGetKeyringId(id, 0));
1400
1401 // test api in fscrypt_control.c
1402 EXPECT_NE(0, LoadAndSetPolicy(NULL, NULL));
1403 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts"));
1404 EXPECT_NE(0, FscryptSetSysparam("2:abs-256-cts:bad-param"));
1405 EXPECT_NE(0, FscryptSetSysparam(NULL));
1406 }
1407 }
1408