storage_isolated_driver_manager/
zxcrypt.rs1use anyhow::{Context as _, Result};
6use device_watcher::{recursive_wait_and_open, recursive_wait_and_open_directory};
7use fidl_fuchsia_device::{ControllerMarker, ControllerProxy};
8use fidl_fuchsia_hardware_block_encrypted::DeviceManagerMarker;
9use fidl_fuchsia_io as fio;
10use fuchsia_component::client::connect_to_named_protocol_at_dir_root;
11
12const ZXCRYPT_DRIVER_PATH: &str = "zxcrypt.cm";
13
14pub async fn bind_zxcrypt_driver(controller: &ControllerProxy) -> Result<()> {
17 controller
18 .bind(ZXCRYPT_DRIVER_PATH)
19 .await
20 .context("zxcrypt driver bind fidl failure")?
21 .map_err(zx::Status::from_raw)
22 .context("zxcrypt driver bind returned error")?;
23 Ok(())
24}
25
26pub async fn set_up_insecure_zxcrypt(
29 block_device: &fio::DirectoryProxy,
30) -> Result<fio::DirectoryProxy> {
31 const UNSEALED_BLOCK_PATH: &str = "unsealed/block";
32 let device_controller = connect_to_named_protocol_at_dir_root::<ControllerMarker>(
33 block_device,
34 "device_controller",
35 )?;
36 bind_zxcrypt_driver(&device_controller).await.context("zxcrypt driver bind")?;
37
38 const ZXCRYPT_DEVICE_NAME: &str = "zxcrypt";
39 let zxcrypt = recursive_wait_and_open::<DeviceManagerMarker>(block_device, ZXCRYPT_DEVICE_NAME)
40 .await
41 .context("zxcrypt device wait")?;
42
43 zx::ok(zxcrypt.format(&[0u8; 32], 0).await.context("zxcrypt format fidl failure")?)
44 .context("zxcrypt format returned error")?;
45 zx::ok(zxcrypt.unseal(&[0u8; 32], 0).await.context("zxcrypt unseal fidl failure")?)
46 .context("zxcrypt unseal returned error")?;
47
48 let zxcrypt_dir = fuchsia_fs::directory::open_directory_async(
49 block_device,
50 ZXCRYPT_DEVICE_NAME,
51 fio::Flags::empty(),
52 )?;
53
54 recursive_wait_and_open_directory(&zxcrypt_dir, UNSEALED_BLOCK_PATH)
55 .await
56 .context("zxcrypt unsealed dir wait")
57}
58
59#[cfg(test)]
60mod tests {
61 use super::*;
62 use fidl_fuchsia_hardware_block::BlockMarker;
63 use ramdevice_client::RamdiskClient;
64 use test_util::assert_lt;
65
66 const BLOCK_SIZE: u64 = 512;
67 const BLOCK_COUNT: u64 = 64 * 1024 * 1024 / BLOCK_SIZE;
68
69 #[fuchsia::test]
70 async fn set_up_insecure_zxcrypt_test() {
71 let ramdisk = RamdiskClient::create(BLOCK_SIZE, BLOCK_COUNT).await.unwrap();
72 let ramdisk_dir = ramdisk.as_dir().expect("invalid directory proxy");
73 let zxcrypt_block_dir =
74 set_up_insecure_zxcrypt(ramdisk_dir).await.expect("Failed to set up zxcrypt");
75
76 let zxcrypt_block_device =
77 connect_to_named_protocol_at_dir_root::<BlockMarker>(&zxcrypt_block_dir, ".").unwrap();
78 let info = zxcrypt_block_device.get_info().await.unwrap().unwrap();
79 assert_lt!(info.block_count, BLOCK_COUNT);
80 }
81}