* See the License for the specific language governing permissions and
* limitations under the License
*/
+#include <unistd.h>
+#include <sys/mount.h>
+
#include <klay/filesystem.h>
#include <klay/audit/logger.h>
#include "rmi/external-encryption.h"
+#define EXTERNAL_STORAGE_PATH "/opt/media/SDCardA1"
+
namespace ode {
+namespace {
+
+KeyManager keyManager(EXTERNAL_STORAGE_PATH);
+EcryptfsEngine engine(EXTERNAL_STORAGE_PATH, EXTERNAL_STORAGE_PATH);
+
+void killDependedApplications()
+{
+}
+
+}
+
ExternalEncryption::ExternalEncryption(ODEControlContext& ctx) :
context(ctx)
{
int ExternalEncryption::mount(const std::string& password)
{
- //TODO
+ bool isVerified = false;
+ KeyManager::data pwData(password.begin(), password.end());
+
+ try {
+ isVerified = keyManager.verifyPassword(pwData);
+ } catch (runtime::Exception& e) {}
+
+ if (!isVerified) {
+ return -1;
+ }
+
+ engine.mount(keyManager.getDEK(pwData));
return 0;
}
int ExternalEncryption::umount()
{
- //TODO
+ INFO("Close all applications using external storage...");
+ killDependedApplications();
+ INFO("Umount internal storage...");
+ engine.umount();
+
return 0;
}
int ExternalEncryption::encrypt(const std::string& password)
{
- //TODO
+ KeyManager::data pwData(password.begin(), password.end());
+
+ if (keyManager.isInitialized()) {
+ bool isVerified = false;
+ try {
+ isVerified = keyManager.verifyPassword(pwData);
+ } catch (runtime::Exception& e) {}
+
+ if (!isVerified) {
+ return -2;
+ }
+ } else {
+ keyManager.initPassword(pwData);
+ }
+
+ KeyManager::data DEK = keyManager.getDEK(pwData);
+ auto encryptWorker = [DEK, this]() {
+ INFO("Close all applications using external storage...");
+ killDependedApplications();
+ INFO("Encryption started...");
+ engine.encrypt(DEK);
+ INFO("Sync disk...");
+ sync();
+ INFO("Encryption completed");
+ };
+
+ std::thread asyncWork(encryptWorker);
+ asyncWork.detach();
+
return 0;
}
int ExternalEncryption::decrypt(const std::string& password)
{
- //TODO
+ bool isVerified = false;
+ KeyManager::data pwData(password.begin(), password.end());
+
+ try {
+ isVerified = keyManager.verifyPassword(pwData);
+ } catch (runtime::Exception& e) {}
+
+ if (!isVerified) {
+ return -1;
+ }
+
+ KeyManager::data DEK = keyManager.getDEK(pwData);
+ auto decryptWorker = [DEK, this]() {
+ INFO("Close all applications using external storage...");
+ killDependedApplications();
+ INFO("Umount internal storage...");
+ try {
+ engine.umount();
+ } catch (runtime::Exception& e) {}
+ INFO("Decryption started...");
+ engine.decrypt(DEK);
+ INFO("Sync disk...");
+ sync();
+ INFO("Decryption completed");
+ };
+
+ std::thread asyncWork(decryptWorker);
+ asyncWork.detach();
+
+ keyManager.clearPassword();
+
return 0;
}
int ExternalEncryption::changePassword(const std::string& oldPassword,
const std::string& newPassword)
{
- //TODO
+ KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
+ KeyManager::data newPwData(newPassword.begin(), oldPassword.end());
+
+ bool isVerified = false;
+ try {
+ isVerified = keyManager.verifyPassword(newPwData);
+ } catch (runtime::Exception& e) {}
+
+ if (!isVerified) {
+ return -1;
+ }
+
+ keyManager.changePassword(oldPwData, newPwData);
return 0;
}