#ifndef __ODE_COMMON_H__
#define __ODE_COMMON_H__
+#include <vector>
+
namespace ode {
// TODO make it an enum when klay starts to support enum serialization in rmi
};
+typedef std::vector<unsigned char> BinaryData;
+
} // namespace ode
#endif // __ODE_COMMON_H__
#define __ODE_KEY_H__
#include <string>
-#include <vector>
#include "common.h"
DEFAULT_256BIT = 1,
DEFAULT_512BIT = 2,
};
- typedef std::vector<unsigned char> KeyData; // TODO change it to something else outside of this class
virtual ~Key() {}
return mappings_dir + name;
}
-void forkAndWrite(const char *const* argv, const CryptsetupEngine::data *d)
+void forkAndWrite(const char *const* argv, const BinaryData *d)
{
// pipe
int pipefd[2];
{
}
-void CryptsetupEngine::format(DeviceType type, const data &key)
+void CryptsetupEngine::format(DeviceType type, const BinaryData &key)
{
switch (type) {
case DeviceType::LUKS:
}
}
-std::string CryptsetupEngine::open(DeviceType type, const std::string &name, const data &key)
+std::string CryptsetupEngine::open(DeviceType type,
+ const std::string &name,
+ const BinaryData &key)
{
// create new mapping
switch (type) {
#define __CRYPTSETUP_ENGINE_H__
#include <string>
-#include <vector>
#include <klay/exception.h>
+#include "rmi/common.h"
+
namespace ode {
class CryptsetupEngine final {
CryptsetupEngine &operator=(const CryptsetupEngine &) = delete;
CryptsetupEngine &operator=(CryptsetupEngine &&) = delete;
- // TODO make it common among engines
- typedef std::vector<unsigned char> data;
-
- void format(DeviceType type, const data &key);
+ void format(DeviceType type, const BinaryData &key);
// create new mapping, returns mapping path
- std::string open(DeviceType type, const std::string &name, const data &key);
+ std::string open(DeviceType type,
+ const std::string &name,
+ const BinaryData &key);
static void close(const std::string &name);
return (blkcnt_t)size;
}
-const std::string convertToHex(const DMCryptEngine::data &binary)
+const std::string convertToHex(const BinaryData &binary)
{
std::stringstream hex;
::strncpy(io->name, name.c_str(), sizeof(io->name) - 1);
}
-const std::string createCryptoBlkDev(const std::string &realBlkDev, const std::string &mountName, const DMCryptEngine::data &key, std::string cryptoTypeName)
+const std::string createCryptoBlkDev(const std::string &realBlkDev,
+ const std::string &mountName,
+ const BinaryData &key,
+ std::string cryptoTypeName)
{
auto blockCount = getBlockCount(realBlkDev);
std::string cryptoBlkDev;
}
}
-ode::DMCryptEngine::data sanitizeKey(const ode::DMCryptEngine::data &key)
+BinaryData sanitizeKey(const BinaryData &key)
{
if (key.size() < DM_KEY_MIN_LEN_BYTE)
throw runtime::Exception("Size of key smaller than minimum 32B");
- ode::DMCryptEngine::data sanitized(key);
+ BinaryData sanitized(key);
sanitized.resize(DM_KEY_MIN_LEN_BYTE);
return sanitized;
}
{
}
-void DMCryptEngine::mount(const DMCryptEngine::data &key, unsigned int options)
+void DMCryptEngine::mount(const BinaryData &key, unsigned int options)
{
// create crypto type device mapping layer to mount the encrypted partition.
auto cryptoBlkDev = createCryptoBlkDev(source, DM_DEFAULT_LABEL_NAME, sanitizeKey(key), DM_DEFAULT_CRYPTO_NAME);
return mounted;
}
-void DMCryptEngine::encrypt(const DMCryptEngine::data &key, unsigned int options)
+void DMCryptEngine::encrypt(const BinaryData &key, unsigned int options)
{
// Force filesystem check via fcsf might be able to avoid fail situation during encryption.
Ext4Tool ext4Source(source);
progress.done();
}
-void DMCryptEngine::decrypt(const DMCryptEngine::data &key, unsigned int options)
+void DMCryptEngine::decrypt(const BinaryData &key, unsigned int options)
{
// create crypto type device mapping layer to mount the plain partition
// should be encrypted here.
#ifndef __DMCRYPT_ENGINE_H__
#define __DMCRYPT_ENGINE_H__
-#include <vector>
#include <string>
#include <atomic>
#include "progress-bar.h"
+#include "rmi/common.h"
namespace ode {
return destination;
}
- typedef std::vector<unsigned char> data;
-
- void mount(const data &key, unsigned int options);
+ void mount(const BinaryData &key, unsigned int options);
void umount();
bool isMounted();
- void encrypt(const data &key, unsigned int options);
- void decrypt(const data &key, unsigned int options);
+ void encrypt(const BinaryData &key, unsigned int options);
+ void decrypt(const BinaryData &key, unsigned int options);
unsigned int getSupportedOptions();
}
}
-void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector<unsigned char> &key, unsigned int options)
+void ecryptfsMount(const std::string &source, const std::string &destination, const BinaryData &key, unsigned int options)
{
EcryptfsPayload payload(EcryptfsPayload::Type::PasswordToken);
std::string mountOption;
{
}
-void EcryptfsEngine::mount(const data &key, unsigned int options)
+void EcryptfsEngine::mount(const BinaryData &key, unsigned int options)
{
ecryptfsMount(source, destination, key, options);
}
return false;
}
-void EcryptfsEngine::encrypt(const data &key, unsigned int options)
+void EcryptfsEngine::encrypt(const BinaryData &key, unsigned int options)
{
if (!isEnoughToCopyInPlace(source, getDecryptedSize)) {
throw runtime::Exception("No space to encryption");
progress.done();
}
-void EcryptfsEngine::decrypt(const data &key, unsigned int options)
+void EcryptfsEngine::decrypt(const BinaryData &key, unsigned int options)
{
if (!isEnoughToCopyInPlace(destination, getEncryptedSize)) {
throw runtime::Exception("No space to encryption");
#ifndef __ECRYPTFS_ENGINE_H__
#define __ECRYPTFS_ENGINE_H__
-#include <vector>
#include <string>
#include <atomic>
#include "progress-bar.h"
+#include "rmi/common.h"
namespace ode {
return destination;
}
- typedef std::vector<unsigned char> data;
-
- void mount(const data& key, unsigned int);
+ void mount(const BinaryData& key, unsigned int);
void umount();
bool isMounted();
- void encrypt(const data& key, unsigned int);
- void decrypt(const data& key, unsigned int);
+ void encrypt(const BinaryData& key, unsigned int);
+ void decrypt(const BinaryData& key, unsigned int);
unsigned int getSupportedOptions();
namespace {
-const Ext4Engine::data generateKeyDescriptor(const Ext4Engine::data& key)
+const BinaryData generateKeyDescriptor(const BinaryData& key)
{
auto hash = KeyGenerator::SHA512(KeyGenerator::SHA512(key));
hash.resize(EXT4_KEY_DESCRIPTOR_SIZE);
return hash;
}
-const std::string convertToHex(const Ext4Engine::data &binary)
+const std::string convertToHex(const BinaryData& binary)
{
std::stringstream hex;
return hex.str();
}
-Ext4Engine::data sanitizeKey(const Ext4Engine::data &key)
+BinaryData sanitizeKey(const BinaryData& key)
{
- Ext4Engine::data sanitized(key);
+ BinaryData sanitized(key);
sanitized.resize(EXT4_MAX_KEY_SIZE);
return sanitized;
}
-void addKeyToKeyring(const Ext4Engine::data& key)
+void addKeyToKeyring(const BinaryData& key)
{
struct ext4_encryption_key payload;
std::string keyDescriptor;
return l;
}
-void setPolicy(const std::string& path, const Ext4Engine::data& key)
+void setPolicy(const std::string& path, const BinaryData& key)
{
struct ext4_encryption_policy policy;
int pad = 4;
throw runtime::Exception("invalid path");
}
- Ext4Engine::data descriptor = generateKeyDescriptor(key);
+ BinaryData descriptor = generateKeyDescriptor(key);
policy.version = 0;
policy.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
{
}
-void Ext4Engine::mount(const Ext4Engine::data& key, unsigned int options)
+void Ext4Engine::mount(const BinaryData& key, unsigned int options)
{
std::string encryptedPath(destination + "/" ENCRYPTION_DIR);
return mounted;
}
-void Ext4Engine::encrypt(const Ext4Engine::data& key, unsigned int options)
+void Ext4Engine::encrypt(const BinaryData& key, unsigned int options)
{
if (!isEnoughToCopyInPlace(destination)) {
throw runtime::Exception("No space to encryption");
throw runtime::Exception("Mount error - " + runtime::GetSystemErrorMessage());
}
- Ext4Engine::data sanitizedKey = sanitizeKey(key);
+ BinaryData sanitizedKey = sanitizeKey(key);
addKeyToKeyring(sanitizedKey);
runtime::File encrypted(destination + "/" ENCRYPTION_DIR);
progress.done();
}
-void Ext4Engine::decrypt(const Ext4Engine::data& key, unsigned int options)
+void Ext4Engine::decrypt(const BinaryData& key, unsigned int options)
{
if (!isEnoughToCopyInPlace(destination)) {
throw runtime::Exception("No space to encryption");
#ifndef __EXT4_ENGINE_H__
#define __EXT4_ENGINE_H__
-#include <vector>
#include <string>
#include <atomic>
#include "progress-bar.h"
+#include "rmi/common.h"
namespace ode {
return destination;
}
- typedef std::vector<unsigned char> data;
-
- void mount(const data &key, unsigned int options);
+ void mount(const BinaryData &key, unsigned int options);
void umount();
bool isMounted();
- void encrypt(const data &key, unsigned int options);
- void decrypt(const data &key, unsigned int options);
+ void encrypt(const BinaryData &key, unsigned int options);
+ void decrypt(const BinaryData &key, unsigned int options);
unsigned int getSupportedOptions();
unsigned int descBlockCount = divCeilSafely(groupDescCount, descPerBlock);
// read first meta block
- data group_desc(descBlockCount * blockSize);
+ BinaryData group_desc(descBlockCount * blockSize);
device.lseek((firstDataBlock + 1) * blockSize, SEEK_SET);
device.read(group_desc.data(), (descBlockCount * blockSize));
unsigned int blk = (((struct odeExtGroupDesc *)(((unsigned char *)(group_desc.data())) + i * descSize))->blockBitmap);
try {
- data block_bitmap(blockSize);
+ BinaryData block_bitmap(blockSize);
device.lseek(blk * blockSize, SEEK_SET);
device.read(block_bitmap.data(), blockSize);
#define __EXT4_TOOL_H__
#include <string>
-#include <vector>
#include <klay/filesystem.h>
+#include "rmi/common.h"
+
namespace ode {
class Ext4Tool final {
Ext4Tool &operator=(const Ext4Tool &) = delete;
Ext4Tool &operator=(Ext4Tool &&) = delete;
- typedef std::vector<unsigned char> data;
-
unsigned int getBlockSize();
unsigned int getTotalBlockCount();
bool isUsedBlock(unsigned int blockIndex);
void readInfo();
std::string source;
unsigned int blockSize, totalBlockCount;
- data bitmap;
+ BinaryData bitmap;
};
} // namespace ode
return error::NoData;
}
- Key::KeyData key = mountKey;
+ BinaryData key = mountKey;
mountKey.clear();
if (getState() != State::Encrypted) {
return error::NoSuchDevice;
}
- Key::KeyData masterKey;
+ BinaryData masterKey;
int ret = keyServer.get(engine->getSource(), password, masterKey);
if (ret != error::None)
return ret;
return error::NoSuchDevice;
}
- Key::KeyData masterKey;
+ BinaryData masterKey;
int ret = keyServer.get(engine->getSource(), password, masterKey);
if (ret != error::None)
return ret;
ServerContext& server;
std::unique_ptr<EXTERNAL_ENGINE> engine;
- Key::KeyData mountKey;
+ BinaryData mountKey;
KeyServer& keyServer;
};
const std::string getFileName(const std::string &key)
{
- KeyGenerator::data hash = KeyGenerator::SHA256(KeyGenerator::data(key.begin(), key.end()));
+ BinaryData hash = KeyGenerator::SHA256(BinaryData(key.begin(), key.end()));
std::stringstream fileName;
fileName << "/opt/etc/.ode_";
return file.exists();
}
-const FileFooter::data FileFooter::read(const std::string &key)
+const BinaryData FileFooter::read(const std::string &key)
{
std::string fileName(getFileName(key));
INFO(SINK, "Footer file : " + fileName);
runtime::File file(fileName);
- data value(file.size());
+ BinaryData value(file.size());
file.open(O_RDONLY);
file.read(value.data(), value.size());
return value;
}
-void FileFooter::write(const std::string &key, const data &value)
+void FileFooter::write(const std::string &key, const BinaryData &value)
{
std::string fileName(getFileName(key));
#ifndef __FILE_FOOTER_H__
#define __FILE_FOOTER_H__
-#include <vector>
#include <string>
+#include "rmi/common.h"
+
namespace ode {
class FileFooter final {
public:
FileFooter() = delete;
- typedef std::vector<unsigned char> data;
-
static bool exist(const std::string &key);
- static const data read(const std::string &key);
- static void write(const std::string &key, const data &value);
+ static const BinaryData read(const std::string &key);
+ static void write(const std::string &key, const BinaryData &value);
static void clear(const std::string &key);
};
return error::NoData;
}
- Key::KeyData key = mountKey;
+ BinaryData key = mountKey;
mountKey.clear();
if (getState() != State::Encrypted) {
return error::NoSuchDevice;
}
- Key::KeyData masterKey;
+ BinaryData masterKey;
int ret = keyServer.get(engine->getSource(), password, masterKey);
if (ret != error::None)
return ret;
return error::NoSuchDevice;
}
- Key::KeyData masterKey;
+ BinaryData masterKey;
int ret = keyServer.get(engine->getSource(), password, masterKey);
if (ret != error::None)
return ret;
ServerContext& server;
std::unique_ptr<INTERNAL_ENGINE> engine;
- Key::KeyData mountKey;
+ BinaryData mountKey;
KeyServer& keyServer;
};
}
}
-AntiForensics::data AntiForensics::AFSplit(const AntiForensics::data &src,
- uint32_t blockSize, uint32_t blockNumbers)
+BinaryData AntiForensics::AFSplit(const BinaryData &src,
+ uint32_t blockSize,
+ uint32_t blockNumbers)
{
if (blockSize != src.size())
throw runtime::Exception("Source size check failed");
- data buf(blockSize + 1, 0);
- data dst(blockSize * blockNumbers, 0);
+ BinaryData buf(blockSize + 1, 0);
+ BinaryData dst(blockSize * blockNumbers, 0);
uint32_t i;
for (i = 0; i < blockNumbers - 1; i++) {
return dst;
}
-AntiForensics::data AntiForensics::AFMerge(const AntiForensics::data &src,
- uint32_t blockSize, uint32_t blockNumbers)
+BinaryData AntiForensics::AFMerge(const BinaryData &src,
+ uint32_t blockSize,
+ uint32_t blockNumbers)
{
if (blockSize * blockNumbers != src.size())
throw runtime::Exception("Source size check failed");
- data buf(blockSize, 0);
- data dst(blockSize, 0);
+ BinaryData buf(blockSize, 0);
+ BinaryData dst(blockSize, 0);
uint32_t i;
for (i = 0; i < blockNumbers - 1; i++) {
#define __ANTI_FORENSICS_H__
#include <stdint.h>
-#include <vector>
+
+#include "rmi/common.h"
namespace ode {
public:
AntiForensics() = delete;
- typedef std::vector<unsigned char> data;
-
- static data AFSplit(const data &src, uint32_t blockSize, uint32_t blockNumbers);
- static data AFMerge(const data &src, uint32_t blockSize, uint32_t blockNumbers);
+ static BinaryData AFSplit(const BinaryData &src,
+ uint32_t blockSize,
+ uint32_t blockNumbers);
+ static BinaryData AFMerge(const BinaryData &src,
+ uint32_t blockSize,
+ uint32_t blockNumbers);
};
} // namespace ode
const size_t LUKS_STRIPES = 3;
} // anonymous namespace
-EncryptedKey::EncryptedKey(const Key::KeyData& masterKey,
+EncryptedKey::EncryptedKey(const BinaryData& masterKey,
const std::string& password)
{
/*
encrypt(masterKey, password);
}
-Key::KeyData EncryptedKey::decrypt(const std::string& password) const
+BinaryData EncryptedKey::decrypt(const std::string& password) const
{
- Key::KeyData pwData(password.begin(), password.end());
+ BinaryData pwData(password.begin(), password.end());
auto derivedPassword = KeyGenerator::PBKDF(pwData,
store.getPasswordSalt(),
return masterKeyCandidate;
// TODO consider using an exception when we have more than one type
- return Key::KeyData();
+ return BinaryData();
}
-void EncryptedKey::encrypt(const Key::KeyData& masterKey,
+void EncryptedKey::encrypt(const BinaryData& masterKey,
const std::string& password)
{
- Key::KeyData pwData(password.begin(), password.end());
+ BinaryData pwData(password.begin(), password.end());
auto passwordSalt = KeyGenerator::RNG(store.getPasswordSaltLength());
store.setPasswordSalt(passwordSalt);
class EncryptedKey {
public:
- EncryptedKey(const Key::KeyData& masterKey, const std::string& password);
- explicit EncryptedKey(const FileFooter::data& footer) : store(footer) {}
+ EncryptedKey(const BinaryData& masterKey, const std::string& password);
+ explicit EncryptedKey(const BinaryData& footer) : store(footer) {}
- void encrypt(const Key::KeyData& masterKey, const std::string& password);
- Key::KeyData decrypt(const std::string& password) const;
+ void encrypt(const BinaryData& masterKey, const std::string& password);
+ BinaryData decrypt(const std::string& password) const;
- FileFooter::data serialize() const { return store.serialize(); }
+ BinaryData serialize() const { return store.serialize(); }
private:
KeyStore store;
};
{
}
-KeyStore::KeyStore(const data &raw)
+KeyStore::KeyStore(const BinaryData &raw)
{
if (raw.size() <= sizeof(luks)) {
throw runtime::Exception("the size of raw data is not enough");
}
::memcpy(&luks, raw.data(), sizeof(luks));
- keyMaterial = data(raw.begin() + sizeof(luks), raw.end());
+ keyMaterial = BinaryData(raw.begin() + sizeof(luks), raw.end());
}
KeyStore::~KeyStore()
{
}
-const KeyStore::data KeyStore::serialize() const
+const BinaryData KeyStore::serialize() const
{
- data result((unsigned char *)&luks,
+ BinaryData result((unsigned char *)&luks,
((unsigned char *)&luks) + sizeof(LUKSHeader));
result.insert(result.end(), keyMaterial.begin(), keyMaterial.end());
luks.keyBytes = ::htonl(length);
}
-void KeyStore::setEncryptedMasterKey(const data key)
+void KeyStore::setEncryptedMasterKey(const BinaryData key)
{
keyMaterial = key;
luks.keyslot[0].active = ::htonl(0x00AC71F3);
luks.payloadOffset = ::htonl(luks.payloadOffset);
}
-const KeyStore::data& KeyStore::getEncryptedMasterKey() const
+const BinaryData& KeyStore::getEncryptedMasterKey() const
{
return keyMaterial;
}
-const KeyStore::data KeyStore::getPasswordSalt() const
+const BinaryData KeyStore::getPasswordSalt() const
{
unsigned char *buf = (unsigned char *)luks.keyslot[0].passwordSalt;
- return data(buf, buf + sizeof(luks.keyslot[0].passwordSalt));
+ return BinaryData(buf, buf + sizeof(luks.keyslot[0].passwordSalt));
}
unsigned int KeyStore::getPasswordIteration() const
return sizeof(luks.keyslot[0].passwordSalt);
}
-void KeyStore::setPasswordSalt(const data salt)
+void KeyStore::setPasswordSalt(const BinaryData salt)
{
::memcpy(luks.keyslot[0].passwordSalt, salt.data(),
sizeof(luks.keyslot[0].passwordSalt));
luks.keyslot[0].passwordIteration = ::htonl(count);
}
-const KeyStore::data KeyStore::getMasterKeyDigest() const
+const BinaryData KeyStore::getMasterKeyDigest() const
{
unsigned char *buf = (unsigned char *)luks.mkDigest;
- return data(buf, buf + sizeof(luks.mkDigest));
+ return BinaryData(buf, buf + sizeof(luks.mkDigest));
}
-const KeyStore::data KeyStore::getMasterKeyDigestSalt() const
+const BinaryData KeyStore::getMasterKeyDigestSalt() const
{
unsigned char *buf = (unsigned char *)luks.mkDigestSalt;
- return data(buf, buf + sizeof(luks.mkDigestSalt));
+ return BinaryData(buf, buf + sizeof(luks.mkDigestSalt));
}
unsigned int KeyStore::getMasterKeyDigestIteration() const
return sizeof(luks.mkDigestSalt);
}
-void KeyStore::setMasterKeyDigest(const data digest)
+void KeyStore::setMasterKeyDigest(const BinaryData digest)
{
::memcpy(luks.mkDigest, digest.data(), sizeof(luks.mkDigest));
}
-void KeyStore::setMasterKeyDigestSalt(const data salt)
+void KeyStore::setMasterKeyDigestSalt(const BinaryData salt)
{
::memcpy(luks.mkDigestSalt, salt.data(), sizeof(luks.mkDigestSalt));
}
#ifndef __KEY_STORE_H__
#define __KEY_STORE_H__
-#include <vector>
#include <string>
#include <klay/filesystem.h>
#include "luks.h"
+#include "rmi/common.h"
namespace ode {
class KeyStore final {
public:
- typedef std::vector<unsigned char> data;
-
KeyStore();
- KeyStore(const data &raw);
+ KeyStore(const BinaryData &raw);
KeyStore(const KeyStore &) = delete;
KeyStore(KeyStore &&) = delete;
~KeyStore();
KeyStore &operator=(const KeyStore &) = delete;
KeyStore &operator=(KeyStore &&) = delete;
- const data serialize() const;
+ const BinaryData serialize() const;
const std::string getCipherName() const;
const std::string getCipherMode() const;
unsigned int getMasterKeyLength() const;
void setMasterKeyLength(unsigned int length);
- const data& getEncryptedMasterKey() const;
- void setEncryptedMasterKey(const data salt);
+ const BinaryData& getEncryptedMasterKey() const;
+ void setEncryptedMasterKey(const BinaryData salt);
- const data getPasswordSalt() const;
+ const BinaryData getPasswordSalt() const;
unsigned int getPasswordIteration() const;
unsigned int getPasswordSaltLength() const;
- void setPasswordSalt(const data salt);
+ void setPasswordSalt(const BinaryData salt);
void setPasswordIteration(unsigned int count);
- const data getMasterKeyDigest() const;
- const data getMasterKeyDigestSalt() const;
+ const BinaryData getMasterKeyDigest() const;
+ const BinaryData getMasterKeyDigestSalt() const;
unsigned int getMasterKeyDigestLength() const;
unsigned int getMasterKeyDigestSaltLength() const;
unsigned int getMasterKeyDigestIteration() const;
- void setMasterKeyDigest(const data digest);
- void setMasterKeyDigestSalt(const data salt);
+ void setMasterKeyDigest(const BinaryData digest);
+ void setMasterKeyDigestSalt(const BinaryData salt);
void setMasterKeyDigestIteration(unsigned int count);
private:
LUKSHeader luks;
- data keyMaterial;
+ BinaryData keyMaterial;
};
} // namespace ode
const std::string& password,
int params)
{
- KeyData dummy;
+ BinaryData dummy;
return initAndGet(dev, password, params, dummy);
}
int KeyServer::initAndGet(const std::string& dev,
const std::string& password,
int params,
- KeyData& masterKey)
+ BinaryData& masterKey)
{
if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
return error::InvalidParameter;
int KeyServer::get(const std::string& dev,
const std::string& password,
- KeyData& masterKey) const
+ BinaryData& masterKey) const
{
if (dev.empty() || password.empty())
return error::InvalidParameter;
int initAndGet(const std::string& dev,
const std::string& password,
int params,
- KeyData& masterKey);
+ BinaryData& masterKey);
int remove(const std::string& dev, const std::string& password);
int changePassword(const std::string& dev,
const std::string& curPW,
int verifyPassword(const std::string& dev, const std::string& password);
int get(const std::string& dev,
const std::string& password,
- KeyData& masterKey) const;
+ BinaryData& masterKey) const;
void removePassword(const std::string& dev);
private:
const std::string& password)
{
return execute(sync, Luks::Format, [=](){
- Key::KeyData key;
+ BinaryData key;
int ret = keyServer.initAndGet(device, password, Key::DEFAULT_512BIT, key);
if (ret != error::None)
return ret;
return execute(sync, Luks::Open, [=](){
CryptsetupEngine engine(device);
- Key::KeyData key;
+ BinaryData key;
int ret = keyServer.get(device, password, key);
if (ret != error::None)
return ret;
#include <string>
#include <algorithm>
-#include <vector>
#include <memory>
#include <mutex>
#include <klay/filesystem.h>
#include <klay/exception.h>
+#include <rmi/common.h>
namespace ode {
static KeyStoragePlugin& Instance();
- typedef std::vector<unsigned char> Data;
-
- Data store(const Data& key);
- Data load(const Data& token);
- void remove(const Data& token);
+ BinaryData store(const BinaryData& key);
+ BinaryData load(const BinaryData& token);
+ void remove(const BinaryData& token);
private:
void* so;
::dlclose(so);
}
-KeyStoragePlugin::Data KeyStoragePlugin::store(const KeyStoragePlugin::Data& key)
+BinaryData KeyStoragePlugin::store(const BinaryData& key)
{
unsigned char* token = NULL;
size_t token_len = 0;
throw runtime::Exception(std::string("Storing the key failed with ") +
std::to_string(ret));
- Data tokenVector(token, token + token_len);
+ BinaryData tokenVector(token, token + token_len);
free(token);
return tokenVector;
}
-KeyStoragePlugin::Data KeyStoragePlugin::load(const KeyStoragePlugin::Data& token)
+BinaryData KeyStoragePlugin::load(const BinaryData& token)
{
unsigned char* key = NULL;
size_t key_len = 0;
throw runtime::Exception(std::string("Loading the key failed with ") +
std::to_string(ret));
- Data keyVector(key, key + key_len);
+ BinaryData keyVector(key, key + key_len);
free(key);
return keyVector;
}
-void KeyStoragePlugin::remove(const KeyStoragePlugin::Data& token)
+void KeyStoragePlugin::remove(const BinaryData& token)
{
int ret = removeFn(token.data(), token.size());
if (ret != 0)
return std::string("/opt/etc/.ode_token") + filename;
}
-void readToken(runtime::File &file, KeyStoragePlugin::Data& token)
+void readToken(runtime::File &file, BinaryData& token)
{
size_t tokenSize;
file.close();
}
-void writeToken(runtime::File &file, const KeyStoragePlugin::Data& token)
+void writeToken(runtime::File &file, const BinaryData& token)
{
size_t tokenSize(token.size());
namespace UpgradeSupport {
-void storeMasterKey(const std::string &device, const KeyStoragePlugin::Data& key)
+void storeMasterKey(const std::string &device, const BinaryData& key)
{
std::lock_guard<std::mutex> lock(opGuard);
writeToken(file, token);
}
-KeyStoragePlugin::Data loadMasterKey(const std::string &device)
+BinaryData loadMasterKey(const std::string &device)
{
- KeyStoragePlugin::Data token;
+ BinaryData token;
std::lock_guard<std::mutex> lock(opGuard);
void removeMasterKey(const std::string &device)
{
- KeyStoragePlugin::Data token;
+ BinaryData token;
std::lock_guard<std::mutex> lock(opGuard);
#include <string>
-#include <rmi/key.h>
+#include "rmi/common.h"
namespace ode {
namespace UpgradeSupport {
-void storeMasterKey(const std::string &device, const Key::KeyData& key);
-Key::KeyData loadMasterKey(const std::string &device);
+void storeMasterKey(const std::string &device, const BinaryData& key);
+BinaryData loadMasterKey(const std::string &device);
void removeMasterKey(const std::string &device);
} // namespace UpgradeSupport
vconf
)
-INCLUDE_DIRECTORIES(SYSTEM ${TEST_DEPS_INCLUDE_DIRS} ../server)
+INCLUDE_DIRECTORIES(SYSTEM ${TEST_DEPS_INCLUDE_DIRS} ../server ../)
TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${TEST_DEPS_LIBRARIES})
#include <klay/testbench.h>
#include <klay/process.h>
-#include "../server/key-manager/anti-forensics.h"
+#include "server/key-manager/anti-forensics.h"
#define LUKS_STRIPES 3 // this constans will be placed in key-manager
+using namespace ode;
+
TESTCASE(AntiForensics)
{
try {
- typedef ode::AntiForensics::data data;
-
std::string Key = "Master_Key";
- data MasterKey(Key.begin(), Key.end());
- data SplittedMasterKey = ode::AntiForensics::AFSplit(MasterKey, MasterKey.size(), LUKS_STRIPES);
- data UnSplittedMasterKey = ode::AntiForensics::AFMerge(SplittedMasterKey, MasterKey.size(), LUKS_STRIPES);
+ BinaryData MasterKey(Key.begin(), Key.end());
+ BinaryData SplittedMasterKey = AntiForensics::AFSplit(MasterKey, MasterKey.size(), LUKS_STRIPES);
+ BinaryData UnSplittedMasterKey = AntiForensics::AFMerge(SplittedMasterKey, MasterKey.size(), LUKS_STRIPES);
// check size
TEST_EXPECT(MasterKey.size(), UnSplittedMasterKey.size());
} catch (...) {
TEST_FAIL("UNKNOWN ERROR");
}
-}
\ No newline at end of file
+}
#include <klay/process.h>
#include "../server/engine/encryption/dmcrypt-engine.cpp"
+#include "rmi/common.h"
#define TEST_USERDATA_NAME "userdata"
#define TEST_USERDATA_PATH "/opt/usr"
+using namespace ode;
+
namespace {
-ode::ProgressBar progress([](int v) {});
+ProgressBar progress([](int v) {});
}
TESTCASE(DMCryptConvertKeyToHexAsciiSingle16byte)
{
try {
- const ode::DMCryptEngine::data master_key = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
- const std::string master_key_ascii = ode::convertToHex(master_key);
+ const BinaryData master_key = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+ const std::string master_key_ascii = convertToHex(master_key);
// the string master_key_ascii is equal to "000102030405060708090a0b0c0d0e0f" after conversion
- ode::DMCryptEngine::data answer = {0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30, 0x37,
- 0x30, 0x38, 0x30, 0x39, 0x30, 0x61, 0x30, 0x62, 0x30, 0x63, 0x30, 0x64, 0x30, 0x65, 0x30, 0x66
- };
+ BinaryData answer = {0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30, 0x37,
+ 0x30, 0x38, 0x30, 0x39, 0x30, 0x61, 0x30, 0x62, 0x30, 0x63, 0x30, 0x64, 0x30, 0x65, 0x30, 0x66
+ };
// the answer is a set of hex codes of ASCII symbols in master_key_ascii string, e.g. hex(a) = 0x61
// check
TESTCASE(DMCryptConvertKeyToHexAsciiDouble16byte)
{
try {
- const ode::DMCryptEngine::data master_key = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87, 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F};
- const std::string master_key_ascii = ode::convertToHex(master_key);
- // the string master_key_ascii is equal to "f0e1d2c3b4a5968778695a4b3c2d1e0f" after conversion
-
- ode::DMCryptEngine::data answer = {0x66, 0x30, 0x65, 0x31, 0x64, 0x32, 0x63, 0x33, 0x62, 0x34, 0x61, 0x35, 0x39, 0x36, 0x38, 0x37,
- 0x37, 0x38, 0x36, 0x39, 0x35, 0x61, 0x34, 0x62, 0x33, 0x63, 0x32, 0x64, 0x31, 0x65, 0x30, 0x66
- };
- // the answer is a set of hex codes of ASCII symbols in master_key_ascii string, e.g. hex(a) = 0x61
+ const BinaryData master_key = {0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87, 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F};
+ BinaryData answer = {0x46, 0x30, 0x45, 0x31, 0x44, 0x32, 0x43, 0x33, 0x42, 0x34, 0x41, 0x35, 0x39, 0x36, 0x38, 0x37,
+ 0x37, 0x38, 0x36, 0x39, 0x35, 0x41, 0x34, 0x42, 0x33, 0x43, 0x32, 0x44, 0x31, 0x45, 0x30, 0x46
+ };
+ const std::string master_key_ascii = convertToHex(master_key);
// check
for (unsigned int i = 0; i < master_key.size() * 2; i++)
// -- expected: cause exception
{
const std::string keystring = "SMALLER_THAN_32BYTES______";
- const ode::DMCryptEngine::data shortKey(keystring.begin(), keystring.end());
+ const BinaryData keySmall32bit(keystring.begin(), keystring.end());
try {
- ode::sanitizeKey(shortKey);
- TEST_FAIL("small key should cause an exception");
+ sanitizeKey(keySmall32bit);
+ //
+ TEST_FAIL("small key should be cause exception");
} catch (runtime::Exception &e) {
// expected result: it's good
}
// -- expected: returned key data is same with 32 elements from first of big key
{
const std::string keystring = "01020304050607080910111213141516";
- const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
- const ode::DMCryptEngine::data sanitized_key = ode::sanitizeKey(key32bit);
+ const BinaryData key32bit(keystring.begin(), keystring.end());
+ const BinaryData sanitized_key = sanitizeKey(key32bit);
// check size
TEST_EXPECT(sanitized_key.size(), key32bit.size());
// -- expected: returned key data is same with 32 elements from first of big key
{
const std::string keystring = "01020304050607080910111213141516_MAKES_BIG";
- const ode::DMCryptEngine::data keyBig(keystring.begin(), keystring.end());
- const ode::DMCryptEngine::data sanitized_key = ode::sanitizeKey(keyBig);
+ const BinaryData keyBig(keystring.begin(), keystring.end());
+ const BinaryData sanitized_key = sanitizeKey(keyBig);
// check size
TEST_EXPECT(sanitized_key.size(), (unsigned)DM_KEY_MIN_LEN_BYTE);
TESTCASE(DMCryptGetPathTest)
{
try {
- ode::DMCryptEngine engine("/dev/mmcblk0p1", TEST_USERDATA_PATH, progress);
+ DMCryptEngine engine("/dev/mmcblk0p1", TEST_USERDATA_PATH, progress);
if (engine.getSource() != "/dev/mmcblk0p1") {
throw runtime::Exception("Source doen't match");
}