Merge "Skip TestAesEmmcOptimizedHwWrappedKeyPolicy when not runnable" into mainHEAD master main

author: Eric Biggers <ebiggers@google.com> 2024-04-29 19:44:52 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2024-04-29 19:44:52 +0000
commit: b76e6b02d41654959b4c2222c4eee8a91dbf166a (patch)
tree: 9b05d7aa54a5fbc5689b43288c16f4e2648295c4
parent: 7f3f3523a768fed683f056c4908ac5593f60751c (diff)
parent: 84d097d452a0b4bb7e77cecf77dc9d99ca721f2b (diff)
download: kernel-master.tar.gz
1 files changed, 27 insertions, 15 deletions
diff --git a/encryption/file_based_encryption_tests.cpp b/encryption/file_based_encryption_tests.cpp
index 8f28ec16..b7717fa2 100644
--- a/encryption/file_based_encryption_tests.cpp
+++ b/encryption/file_based_encryption_tests.cpp
@@ -623,7 +623,7 @@ bool FBEPolicyTest::CreateAndSetHwWrappedKey(std::vector<uint8_t> *enc_key,
 enum {
   kSkipIfNoPolicySupport = 1 << 0,
   kSkipIfNoCryptoAPISupport = 1 << 1,
-  kSkipIfNoHardwareSupport = 1 << 2,
+  kSkipIfInlineEncryptionNotUsable = 1 << 2,
 };
 
 // Returns 0 if encryption policies that include the inode number in the IVs
@@ -682,7 +682,8 @@ bool FBEPolicyTest::SetEncryptionPolicy(int contents_mode, int filenames_mode,
                   << std::hex << flags << std::dec << Errno();
     return false;
   }
-  if (skip_flags & (kSkipIfNoCryptoAPISupport | kSkipIfNoHardwareSupport)) {
+  if (skip_flags &
+      (kSkipIfNoCryptoAPISupport | kSkipIfInlineEncryptionNotUsable)) {
     android::base::unique_fd fd(
         open(test_file_.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, 0600));
     if (fd < 0) {
@@ -696,13 +697,21 @@ bool FBEPolicyTest::SetEncryptionPolicy(int contents_mode, int filenames_mode,
                "unsupported on this kernel, due to missing crypto API support";
         return false;
       }
-      // We get EINVAL here when using a hardware-wrapped key and the inline
-      // encryption hardware supports wrapped keys but doesn't support the
-      // number of DUN bytes that the file contents encryption requires.
-      if (errno == EINVAL && (skip_flags & kSkipIfNoHardwareSupport)) {
+      // We get EINVAL here when we're using a hardware-wrapped key, the device
+      // has inline encryption hardware that supports hardware-wrapped keys, and
+      // there are hardware or kernel limitations that make it impossible for
+      // inline encryption to actually be used with the policy.  For example:
+      //
+      //   - The device's inline encryption hardware doesn't support the number
+      //     of DUN bytes needed for file contents encryption.
+      //
+      //   - The policy uses the IV_INO_LBLK_32 flag, and the filesystem block
+      //     size differs from the page size.  (Kernel limitation.)
+      if (errno == EINVAL && (skip_flags & kSkipIfInlineEncryptionNotUsable)) {
         GTEST_LOG_(INFO)
-            << "Skipping test because encryption policy is not compatible with "
-               "this device's inline encryption hardware";
+            << "Skipping test because encryption policy requires inline "
+               "encryption, but inline encryption is unsupported with this "
+               "policy on this device due to hardware or kernel limitations";
         return false;
       }
     }
@@ -960,11 +969,11 @@ TEST_F(FBEPolicyTest, TestAesInlineCryptOptimizedHwWrappedKeyPolicy) {
   std::vector<uint8_t> enc_key, sw_secret;
   if (!CreateAndSetHwWrappedKey(&enc_key, &sw_secret)) return;
 
-  if (!SetEncryptionPolicy(
-          FSCRYPT_MODE_AES_256_XTS, FSCRYPT_MODE_AES_256_CTS,
-          FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64,
-          // 64-bit DUN support is not guaranteed.
-          kSkipIfNoHardwareSupport | GetSkipFlagsForInoBasedEncryption()))
+  if (!SetEncryptionPolicy(FSCRYPT_MODE_AES_256_XTS, FSCRYPT_MODE_AES_256_CTS,
+                           FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64,
+                           // 64-bit DUN support is not guaranteed.
+                           kSkipIfInlineEncryptionNotUsable |
+                               GetSkipFlagsForInoBasedEncryption()))
     return;
 
   TestFileInfo file_info;
@@ -1102,9 +1111,12 @@ TEST_F(FBEPolicyTest, TestAesEmmcOptimizedHwWrappedKeyPolicy) {
   std::vector<uint8_t> enc_key, sw_secret;
   if (!CreateAndSetHwWrappedKey(&enc_key, &sw_secret)) return;
 
+  int skip_flags = GetSkipFlagsForInoBasedEncryption();
+  if (kFilesystemBlockSize != getpagesize())
+    skip_flags |= kSkipIfInlineEncryptionNotUsable;
+
   if (!SetEncryptionPolicy(FSCRYPT_MODE_AES_256_XTS, FSCRYPT_MODE_AES_256_CTS,
-                           FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32,
-                           GetSkipFlagsForInoBasedEncryption()))
+                           FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32, skip_flags))
     return;
 
   TestFileInfo file_info;
author	Eric Biggers <ebiggers@google.com>	2024-04-29 19:44:52 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2024-04-29 19:44:52 +0000
commit	b76e6b02d41654959b4c2222c4eee8a91dbf166a (patch)
tree	9b05d7aa54a5fbc5689b43288c16f4e2648295c4
parent	7f3f3523a768fed683f056c4908ac5593f60751c (diff)
parent	84d097d452a0b4bb7e77cecf77dc9d99ca721f2b (diff)
download	kernel-master.tar.gz