It is replaced by LUKS API.
Change-Id: I6506eb55d8d90df39014a39c73bef404b3d7f585
secure-erase.cpp
internal-encryption.cpp
external-encryption.cpp
- extension-encryption.cpp
luks.cpp
ode/secure-erase.cpp
ode/internal-encryption.cpp
ode/external-encryption.cpp
- ode/extension-encryption.cpp
ode/luks.cpp
)
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-#include "extension-encryption.h"
-
-namespace ode {
-
-ExtensionEncryptionClient::ExtensionEncryptionClient(RmiClientPtr& ctx) :
- context(ctx)
-{
-}
-
-ExtensionEncryptionClient::~ExtensionEncryptionClient()
-{
-}
-
-int ExtensionEncryptionClient::setMountPassword(const std::string& password)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::setMountPassword", password);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::mount()
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::mount");
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::umount()
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::umount");
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::format(const std::string& password)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::format", password);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::isPasswordInitialized()
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::isPasswordInitialized");
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::initPassword(const std::string& password)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::initPassword",
- password);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::cleanPassword(const std::string& password)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::cleanPassword",
- password);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::changePassword(const std::string& oldPassword,
- const std::string& newPassword)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::changePassword",
- oldPassword, newPassword);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::verifyPassword(const std::string& password)
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::verifyPassword",
- password);
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-int ExtensionEncryptionClient::getState()
-{
- try {
- return context->methodCall<int>("ExtensionEncryptionServer::getState");
- } catch (runtime::Exception& e) {
- return -1;
- }
-}
-
-} // namespace ode
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __EXTENSION_ENCRYPTION_CLIENT_H__
-#define __EXTENSION_ENCRYPTION_CLIENT_H__
-
-#include <string>
-
-#include "rmi/extension-encryption.h"
-#include "client.h"
-
-namespace ode {
-
-class ExtensionEncryptionClient final: public ExtensionEncryption {
-public:
- ExtensionEncryptionClient(RmiClientPtr& ctxt);
- ~ExtensionEncryptionClient();
-
- int setMountPassword(const std::string& password);
-
- int mount();
- int umount();
-
- int format(const std::string& password);
-
- int isPasswordInitialized();
- int initPassword(const std::string& password);
- int cleanPassword(const std::string& password);
- int changePassword(const std::string& oldPW, const std::string& newPW);
- int verifyPassword(const std::string& password);
-
- int getState();
-
-private:
- RmiClientPtr& context;
-};
-
-} // namespace ode
-
-#endif // __EXTENSION_ENCRYPTION_CLIENT_H__
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#include "debug.h"
-#include "extension-encryption.h"
-
-#include "client.h"
-#include "lib/extension-encryption.h"
-
-using namespace ode;
-
-int ode_extension_encryption_set_mount_password(const char* password)
-{
- RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.setMountPassword(password);
-}
-
-int ode_extension_encryption_mount()
-{
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.mount();
-}
-
-int ode_extension_encryption_umount()
-{
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.umount();
-}
-
-int ode_extension_encryption_format(const char* password)
-{
- RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.format(password);
-}
-
-int ode_extension_encryption_is_password_initialized(bool* result)
-{
- RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
- int ret = extension.isPasswordInitialized();
-
- RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER);
-
- *result = ret;
- return ODE_ERROR_NONE;
-}
-
-int ode_extension_encryption_init_password(const char* password)
-{
- RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.initPassword(password);
-}
-
-int ode_extension_encryption_clean_password(const char* password)
-{
- RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.cleanPassword(password);
-}
-
-int ode_extension_encryption_change_password(const char* old_password,
- const char* new_password)
-{
- RET_ON_FAILURE(old_password, ODE_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(new_password, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
-
- return extension.changePassword(old_password, new_password);
-}
-
-int ode_extension_encryption_verify_password(const char* password, bool* result)
-{
- RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
- RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
- int ret = extension.verifyPassword(password);
-
- RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER);
-
- *result = ret;
- return ODE_ERROR_NONE;
-}
-
-int ode_extension_encryption_get_state(int* state)
-{
- RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER);
-
- ClientContext client;
- RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
- ExtensionEncryptionClient extension = client.createInterface<ExtensionEncryptionClient>();
- int ret = extension.getState();
-
- RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER);
-
- *state = ret;
- return ODE_ERROR_NONE;
-}
-
-static std::unique_ptr<ClientContext> mountEventCallbackContext;
-
-int ode_extension_encryption_set_mount_event_cb(ode_mount_event_cb callback, void *user_data)
-{
- RET_ON_FAILURE(callback, ODE_ERROR_INVALID_PARAMETER);
-
- mountEventCallbackContext.reset(new ClientContext);
- RET_ON_FAILURE(mountEventCallbackContext->connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
-
- int ret = mountEventCallbackContext->subscribeSignal("ExtensionEncryption::mount", callback, user_data);
- RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER);
-
- return ODE_ERROR_NONE;
-}
-
-int ode_extension_encryption_unset_mount_event_cb()
-{
- mountEventCallbackContext.reset();
-
- return ODE_ERROR_NONE;
-}
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __CAPI_ODE_EXTENSION_ENCRYPTION_H__
-#define __CAPI_ODE_EXTENSION_ENCRYPTION_H__
-
-#include <ode/common.h>
-
-/**
- * @file extension-encryption.h
- * @brief This file provides APIs to manage the encryption of an external
- * storage such as SD card, used as an extension of the internal
- * memory.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * @brief Set a password to be used by mount of encrypted extension storage
- * @details Administrator can use this API to set a password for encrypted
- * extension mount.
- * @since_tizen 4.0
- * @param[in] password The password to mount extension storage
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_KEY_REJECTED Password doen't match
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre The password set before must match with what is set by
- * ode_extension_encryption_init_password().
- * @see ode_extension_encryption_init_password()
- * @see ode_extension_encryption_mount()
- */
-ODE_API int ode_extension_encryption_set_mount_password(const char* password);
-
-/**
- * @brief Mount encrypted extension storage
- * @details Administrator can use this API to mount encrypted extension
- * storage.
- * @since_tizen 4.0
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre A password must be set by
- * ode_extension_encryption_set_mount_password().
- * @see ode_extension_encryption_set_mount_password()
- * @see ode_extension_encryption_umount()
- */
-ODE_API int ode_extension_encryption_mount();
-
-/**
- * @brief Umount extension storage
- * @details Administrator can use this API to unmount extension storage.
- * @since_tizen 4.0
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @see ode_extension_encryption_mount()
- */
-ODE_API int ode_extension_encryption_umount();
-
-/**
- * @brief Formats and sets up encryption for extension storage with a
- * given password
- * @details Administrator can use this API to format and encrypt external
- * storage that will be used as an extension to internal memory.
- * @since_tizen 4.0
- * @param[in] password The password to encrypt extension storage
- * @param[in] options Encryption options
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_KEY_REJECTED Password doesn't match
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre The password must match with what is set by
- * ode_extension_encryption_init_password().
- * @see ode_extension_encryption_init_password()
- * @see ode_extension_encryption_mount()
- */
-ODE_API int ode_extension_encryption_format(const char* password);
-
-/**
- * @brief Checks whether the extension encryption password was created
- * @details Administrator can use this API to check if the password that
- will be used for extension storage encryption exists.
- * @since_tizen 4.0
- * @param[out] result Whether encryption password was created
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @see ode_extension_encryption_init_password()
- * @see ode_extension_encryption_clean_password()
- */
-ODE_API int ode_extension_encryption_is_password_initialized(bool* result);
-
-/**
- * @brief Initialize extension encryption password to a given password
- * @details Administrator can use this API to set a new password that will
- * be used for extension storage encryption.
- * @since_tizen 4.0
- * @param[in] password The password to set
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @see ode_extension_encryption_change_password()
- * @see ode_extension_encryption_clean_password()
- * @see ode_extension_encryption_format()
- * @see ode_extension_encryption_mount()
- */
-ODE_API int ode_extension_encryption_init_password(const char* password);
-
-/**
- * @brief Removes extension encryption password
- * @details Administrator can use this API to delete password that was set
- by ode_extension_encryption_init_password().
- * @since_tizen 4.0
- * @param[in] password The password to delete
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_KEY_REJECTED old_password doesn't match
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre The password must match with what is set by
- * ode_extension_encryption_init_password().
- * @see ode_extension_encryption_init_password()
- */
-ODE_API int ode_extension_encryption_clean_password(const char* password);
-
-/**
- * @brief Changes the password for extension storage
- * @details Administrator can use this API to change password for extension
- * storage.
- * @since_tizen 4.0
- * @param[in] old_password Current password of extension storage
- * @param[in] new_password The password to use newly for extension storage
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_KEY_REJECTED old_password doesn't match
- * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre The password must match with what is set by
- * ode_extension_encryption_init_password().
- * @see ode_extension_encryption_init_password()
- * @see ode_extension_encryption_format()
- */
-ODE_API int ode_extension_encryption_change_password(const char* old_password,
- const char* new_password);
-
-/**
- * @brief Verifies if the given password is extension encryption password
- * @details Administrator can use this API to find if a password is used
- by extension encryption.
- * @since_tizen 4.0
- * @param[int] password The password to be verified
- * @param[out] result The result of verification
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @pre The password must match with what is set by
- * ode_extension_encryption_init_password().
- * @see ode_extension_encryption_init_password()
- * @see ode_extension_encryption_format()
- */
-ODE_API int ode_extension_encryption_verify_password(const char* password, bool* result);
-
-/**
- * @brief Gets the current encryption state of extension storage
- * @details Administrator can use this API to get current encryption state
- * of extension storage.
- * @since_tizen 4.0
- * @param[out] state The encryption state of extension storage
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
- * the privilege to call this API
- * @see ode_extension_encryption_format()
- * @see #ode_state_e
- */
-ODE_API int ode_extension_encryption_get_state(int* state);
-
-/**
- * @brief Registers a callback to get mount event of extension storage
- * @details Services can use this API to attach a callback to be called
- * by mount event of extension storage with encryption.
- * @since_tizen 4.0
- * @param[in] callback The mount event callback function
- * @param[in] user_data The user data passed to the callback function
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @post If the callback is not needed,
- * ode_extension_encryption_unset_mount_event_cb() must be called.
- * @see ode_extension_encryption_mount()
- * @see ode_extension_encryption_unset_mount_event_cb()
- */
-ODE_API int ode_extension_encryption_set_mount_event_cb(ode_mount_event_cb callback, void *user_data);
-
-/**
- * @brief Unregisters a callback to get mount event of extension storage
- * @details Services can use this API to detach a callback to be called
- * by mount event of extension storage with encryption.
- * @since_tizen 4.0
- * @return #ODE_ERROR_NONE on success, otherwise a negative value
- * @retval #ODE_ERROR_NONE Successful
- * @retval #ODE_ERROR_TIMED_OUT Time out
- * @see ode_extension_encryption_mount()
- * @see ode_extension_encryption_set_mount_event_cb()
- */
-ODE_API int ode_extension_encryption_unset_mount_event_cb();
-
-/**
- * @}
- */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CAPI_ODE_EXTENSION_ENCRYPTION_H__ */
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __EXTENSION_ENCRYPTION_H__
-#define __EXTENSION_ENCRYPTION_H__
-
-#include <string>
-
-namespace ode {
-
-/**
- * This class provides APIs to manage the encryption of external storage
- * such as SD card, used as an extension of the internal memory.
- */
-
-class ExtensionEncryption {
-public:
- virtual int setMountPassword(const std::string& password) = 0;
-
- virtual int mount() = 0;
- virtual int umount() = 0;
-
- virtual int format(const std::string& password) = 0;
-
- virtual int isPasswordInitialized() = 0;
- virtual int initPassword(const std::string& password) = 0;
- virtual int cleanPassword(const std::string& password) = 0;
- virtual int changePassword(const std::string& oldPW, const std::string& newPW) = 0;
- virtual int verifyPassword(const std::string& password) = 0;
-
- enum State {
- Encrypted = 0x01,
- Corrupted = 0x02,
- };
-
- virtual int getState() = 0;
-};
-
-} // namespace ode
-
-#endif // __EXTENSION_ENCRYPTION_H__
kernel-keyring.cpp
internal-encryption.cpp
external-encryption.cpp
- extension-encryption.cpp
luks.cpp
engine/encryption/ext4-engine.cpp
engine/encryption/dmcrypt-engine.cpp
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-#include <unistd.h>
-#include <sys/mount.h>
-
-#include <klay/file-user.h>
-#include <klay/filesystem.h>
-#include <klay/dbus/variant.h>
-#include <klay/dbus/connection.h>
-
-#include "misc.h"
-#include "logger.h"
-#include "ext4-tool.h"
-
-#include "extension-encryption.h"
-
-#define EXTENSION_NAME_DEF "extension"
-
-namespace ode {
-
-namespace {
-
-const size_t DEFAULT_KEY_SIZE = 64;
-
-const char *EXTENSION_DEV_PATH = "/dev/mmcblk1p1";
-const char *EXTENSION_NAME = EXTENSION_NAME_DEF;
-const char *EXTENSION_MAP_PATH = "/dev/mapper/" EXTENSION_NAME_DEF;
-const char *EXTENSION_FS_TYPE = "crypto_LUKS";
-
-const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
-
-const char *STORAGED_DBUS_BUSNAME = "org.tizen.system.storage";
-const char *STORAGED_DBUS_OBJECT = "/Org/Tizen/System/Storage/Block/Manager";
-const char *STORAGED_DBUS_INTERFACE = "org.tizen.system.storage.BlockManager";
-
-bool findKillAndUmount(const std::string &devPath)
-{
- for(;;) {
- std::string mntPath = findMntPath(devPath);
-
- if (mntPath.empty()) {
- break;
- }
-
- INFO(SINK, "Closing all applications using an SD card...");
- killDependentApplications(mntPath);
-
- while (::umount(mntPath.c_str()) == -1) {
- if (errno != EBUSY) {
- ERROR(SINK, "The card is still mounted, umount failed with: "
- + std::to_string(errno));
- return false;
- }
- killDependentApplications(mntPath);
- }
- }
-
- return true;
-}
-
-} // namsepace
-
-ExtensionEncryptionServer::ExtensionEncryptionServer(ServerContext &srv) :
- server(srv),
- currentReq(Request::NONE)
-{
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::setMountPassword)(std::string));
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::mount)());
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::umount)());
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::format)(std::string));
- server.expose(this, "", (int)(ExtensionEncryptionServer::isPasswordInitialized)());
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::initPassword)(std::string));
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::cleanPassword)(std::string));
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::changePassword)(std::string, std::string));
- server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::verifyPassword)(std::string));
- server.expose(this, "", (int)(ExtensionEncryptionServer::getState)());
-
- server.createNotification("ExtensionEncryptionServer::mount");
-
- // TODO: think about handling more than one card / more than one engine
- // it would require global API change to select which card is handled atm
- engine.reset(new EXTENSION_ENGINE(EXTENSION_DEV_PATH));
-
- queryStoraged();
- subscribeToStoraged();
-}
-
-ExtensionEncryptionServer::~ExtensionEncryptionServer()
-{
- unsubscribeFromStoraged();
-}
-
-int ExtensionEncryptionServer::setMountPassword(const std::string& password)
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine->getKeyMeta());
-
- if (!keyManager.verifyPassword(pwData)) {
- ERROR(SINK, "Wrong password passed.");
- return -2;
- }
-
- mountKey = keyManager.getMasterKey(pwData);
-
- return 0;
-}
-
-int ExtensionEncryptionServer::mount()
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
- std::unique_lock<std::mutex> stateLock(stateGuard);
-
- if (getStatePriv() != State::Encrypted) {
- ERROR(SINK, "Cannot mount, card not inserted or corrupted");
- return -1;
- }
-
- if (isMounted()) {
- INFO(SINK, "Already mounted");
- return 0;
- }
-
-
- INFO(SINK, "Mount extension storage...");
-
- if (!isOpened()) {
- // Storaged will mount MAP automatically when it appears, let's prepare
- currentReq = Request::MOUNT;
-
- try {
- INFO(SINK, "Open the MAP of an extension storage...");
- engine->open(CryptsetupEngine::DeviceType::LUKS, EXTENSION_NAME, mountKey);
- mountKey.clear();
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Open failed: " + std::string(e.what()));
- return -3;
- }
-
- INFO(SINK, "Wait for the storaged to mount the MAP automatically...");
- if (!storagedCv.wait_for(stateLock, std::chrono::seconds(1), [this] {
- return currentReq == Request::NONE;
- })) {
- ERROR(SINK, "Storaged timed out mounting the MAP.");
- return -3;
- }
- } else {
- INFO(SINK, "Ask storaged to mount extension storage...");
- if (!storagedMount(stateLock)) {
- return -3;
- }
- }
-
- server.notify("ExtensionEncryptionServer::mount");
- return 0;
-}
-
-int ExtensionEncryptionServer::umount()
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
- std::unique_lock<std::mutex> stateLock(stateGuard);
-
- if (getStatePriv() != State::Encrypted) {
- ERROR(SINK, "Cannot umount, card not inserted or corrupted.");
- return -1;
- }
-
- if (!isMounted() && !isOpened()) {
- INFO(SINK, "Already umounted.");
- return 0;
- }
-
- INFO(SINK, "Umount extension storage...");
-
- if (isMounted()) {
- INFO(SINK, "Close all applications using extension storage...");
- killDependentApplications(info[Device::MAP].mntPath);
-
- INFO(SINK, "Ask storaged to umount extension storage...");
- if (!storagedUnmount(stateLock)) {
- return -3;
- }
- }
-
- if (isOpened()) {
- INFO(SINK, "Close the MAP of an extension storage...");
- try {
- CryptsetupEngine::close(EXTENSION_NAME);
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Close failed: " + std::string(e.what()));
- return -3;
- }
- }
-
- return 0;
-}
-
-int ExtensionEncryptionServer::format(const std::string &password)
-{
- int status = 0;
- std::condition_variable workerCv;
-
- auto formatWorker = [&, this]() {
- try {
- std::lock_guard<std::mutex> guardLock(apiGuard);
- std::unique_lock<std::mutex> stateLock(stateGuard);
-
- if (!isInserted()) {
- ERROR(SINK, "There is no card inserted.");
- status = -1;
- stateLock.unlock();
- workerCv.notify_one();
- return;
- }
-
- if (isMounted() || isOpened()) {
- ERROR(SINK, "The card is still mounted and/or opened, umount and close first.");
- status = -1;
- stateLock.unlock();
- workerCv.notify_one();
- return;
- }
-
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine->getKeyMeta());
-
- if (!keyManager.verifyPassword(pwData)) {
- ERROR(SINK, "Wrong password passed.");
- status = -2;
- stateLock.unlock();
- workerCv.notify_one();
- return;
- }
-
- // no error, let's notify the main thread it can return
- status = 1;
- stateLock.unlock();
- workerCv.notify_one();
-
- KeyManager::data masterKey = keyManager.getMasterKey(pwData);
-
- // TODO: this probably needs a rework, some sort of communication
- // and/or merge with External. The use case for it might be:
- // 1. The mmc is mounted by something else, somewhere else. Do we care?
- // 2. We take over the (possibly mounted and/or encrypted) cd card from External.
- if (!findKillAndUmount(EXTENSION_DEV_PATH)) {
- return;
- }
-
- INFO(SINK, "Creating LUKS...");
- engine->format(CryptsetupEngine::DeviceType::LUKS, masterKey);
-
- INFO(SINK, "Opening LUKS...");
- std::string mappingPath = engine->open(CryptsetupEngine::DeviceType::LUKS,
- EXTENSION_NAME,
- masterKey);
-
- INFO(SINK, "Creating EXT4...");
- Ext4Tool::mkfs(mappingPath);
-
- INFO(SINK, "Closing up the operation...");
- CryptsetupEngine::close(EXTENSION_NAME);
- sync();
-
- INFO(SINK, "Formatting completed");
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Formatting thread failed: " + std::string(e.what()));
- }
- };
-
- std::thread asyncWork(formatWorker);
- asyncWork.detach();
-
- std::unique_lock<std::mutex> stateLock(stateGuard);
- if(!workerCv.wait_for(stateLock, std::chrono::seconds(1), [&status] {
- return status != 0;
- })) {
- ERROR(SINK, "Timed out waiting for format status.");
- return -4;
- }
-
- if (status < 0)
- return status;
-
- return 0;
-}
-
-int ExtensionEncryptionServer::isPasswordInitialized()
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- if (engine->isKeyMetaSet()) {
- return 1;
- }
-
- return 0;
-}
-
-int ExtensionEncryptionServer::initPassword(const std::string& password)
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager;
-
- keyManager.initPassword(pwData, DEFAULT_KEY_SIZE);
- engine->setKeyMeta(keyManager.serialize());
- return 0;
-}
-
-int ExtensionEncryptionServer::cleanPassword(const std::string& password)
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine->getKeyMeta());
-
- if (!keyManager.verifyPassword(pwData)) {
- ERROR(SINK, "Wrong password passed.");
- return -2;
- }
-
- engine->clearKeyMeta();
- return 0;
-}
-
-int ExtensionEncryptionServer::changePassword(const std::string &oldPassword,
- const std::string &newPassword)
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
- KeyManager::data newPwData(newPassword.begin(), newPassword.end());
- KeyManager keyManager(engine->getKeyMeta());
-
- if (!keyManager.verifyPassword(oldPwData)) {
- ERROR(SINK, "Wrong password passed.");
- return -2;
- }
-
- keyManager.changePassword(oldPwData, newPwData);
- engine->setKeyMeta(keyManager.serialize());
-
- return 0;
-}
-
-int ExtensionEncryptionServer::verifyPassword(const std::string& password)
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
-
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine->getKeyMeta());
-
- if (keyManager.verifyPassword(pwData)) {
- return 1;
- }
-
- return 0;
-}
-
-int ExtensionEncryptionServer::getState()
-{
- std::lock_guard<std::mutex> guardLock(apiGuard);
- std::unique_lock<std::mutex> stateLock(stateGuard);
-
- return getStatePriv();
-}
-
-void ExtensionEncryptionServer::logStoragedEvent(Operation op, Device d)
-{
- DEBUG(SINK, "Storaged event:");
-
- switch(op) {
- case Operation::ADDED:
- DEBUG(SINK, " Operation: ADDED");
- break;
- case Operation::CHANGED:
- DEBUG(SINK, " Operation: CHANGED");
- break;
- case Operation::REMOVED:
- DEBUG(SINK, " Operation: REMOVED");
- break;
- default:
- break;
- }
-
- switch(d) {
- case Device::MMC:
- DEBUG(SINK, " Device: MMC");
- break;
- case Device::MAP:
- DEBUG(SINK, " Device: MAP");
- break;
- default:
- break;
- }
-
- DEBUG(SINK, " Mnt Path: " + info[d].mntPath);
- DEBUG(SINK, " Fs Type: " + info[d].fsType);
- DEBUG(SINK, " Sys path: " + info[d].sysPath);
- DEBUG(SINK, " Mounted: " + std::to_string(info[d].mounted));
- DEBUG(SINK, " ID: " + std::to_string(info[d].storagedId));
-}
-
-void ExtensionEncryptionServer::handleDevice(Operation op,
- const std::vector<int> &intparams,
- const std::vector<char*> &strparams)
-{
- Device d;
-
- if (std::string(strparams[0]) == EXTENSION_DEV_PATH && intparams[0] == 1) {
- d = Device::MMC;
- } else if (std::string(strparams[0]) == EXTENSION_MAP_PATH && intparams[0] == 2) {
- d = Device::MAP;
- } else {
- DEBUG(SINK, "Storaged event: neither extension MMC nor extension mapping, ignoring");
- return;
- }
-
- std::unique_lock<std::mutex> stateLock(stateGuard);
-
- if (op == Operation::REMOVED) {
- info[d].clear();
- } else {
- info[d].mntPath = strparams[6];
- info[d].fsType = strparams[3];
- info[d].sysPath = strparams[1];
- info[d].mounted = intparams[2];
- info[d].storagedId = intparams[5];
- }
-
- logStoragedEvent(op, d);
-
- // removing/reformatting the SD card does not automatically close the DM crypt mapping
- if (d == Device::MMC && (op == Operation::REMOVED ||
- (op == Operation::CHANGED &&
- info[d].fsType != EXTENSION_FS_TYPE))) {
- if (isMounted()) {
- INFO(SINK, "MMC card removed while still mounted, umounting.");
- if (!findKillAndUmount(EXTENSION_MAP_PATH)) {
- return;
- }
- }
-
- if (isOpened()) {
- INFO(SINK, "MMC card removed while LUKS is still opened, closing.");
- try {
- CryptsetupEngine::close(EXTENSION_NAME);
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Closing failed: " + std::string(e.what()));
- return;
- }
- }
-
- return;
- }
-
- if (d == Device::MMC && op == Operation::ADDED &&
- getStatePriv() == State::Encrypted) {
- // TODO: when UI gets written it should be triggered here.
- return;
- }
-
- if (d == Device::MAP && op == Operation::CHANGED) {
- if ((currentReq == Request::MOUNT && info[Device::MAP].mounted) ||
- (currentReq == Request::UMOUNT && !info[Device::MAP].mounted)) {
- currentReq = Request::NONE;
- stateLock.unlock();
- storagedCv.notify_one();
- return;
- }
- }
-}
-
-void ExtensionEncryptionServer::parseVariant(Operation op, dbus::Variant parameters)
-{
- std::vector<int> intparams(6);
- std::vector<char*> strparams(7);
-
- parameters.get("(issssssisibii)",
- &intparams[0], // block type: 0 - scsi, 1 : mmc, 2 : mapper
- &strparams[0], // devnode
- &strparams[1], // syspath
- &strparams[2], // usage
- &strparams[3], // fs type
- &strparams[4], // fs version
- &strparams[5], // fs uuid enc
- &intparams[1], // readonly: 0 - rw, 1 - ro
- &strparams[6], // mount point
- &intparams[2], // state: 0 - unmount, 1 - mount
- &intparams[3], // primary: 0 - false, 1 - true
- &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly
- &intparams[5]); // storage id
-
- handleDevice(op, intparams, strparams);
-}
-
-void ExtensionEncryptionServer::queryStoraged()
-{
- INFO(SINK, "Querying the storaged for devices...");
-
- dbus::VariantIterator vi;
-
- try {
- dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME,
- STORAGED_DBUS_OBJECT,
- STORAGED_DBUS_INTERFACE,
- "GetDeviceList",
- -1,
- "(a(issssssisibii))",
- "(s)",
- "all").get("(a(issssssisibii))", &vi);
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Failed to query storaged: " + std::string(e.what()));
- }
-
- std::vector<int> intparams(6);
- std::vector<char*> strparams(7);
-
- while(vi.get("(issssssisibii)",
- &intparams[0], // block type: 0 - scsi, 1 : mmc, 2 : mapper
- &strparams[0], // devnode
- &strparams[1], // syspath
- &strparams[2], // usage
- &strparams[3], // fs type
- &strparams[4], // fs version
- &strparams[5], // fs uuid enc
- &intparams[1], // readonly: 0 - rw, 1 - ro
- &strparams[6], // mount point
- &intparams[2], // state: 0 - unmount, 1 - mount
- &intparams[3], // primary: 0 - false, 1 - true
- &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly
- &intparams[5])) // storage id
- {
- handleDevice(Operation::ADDED, intparams, strparams);
- }
-}
-
-void ExtensionEncryptionServer::subscribeToStoraged()
-{
- dbus::Connection &systemDBus = dbus::Connection::getSystem();
-
- auto subscribe = [&systemDBus, this](Operation op, const std::string &method) {
- dbus::Connection::SignalCallback callback =
- std::bind(&ExtensionEncryptionServer::parseVariant,
- this,
- op,
- std::placeholders::_1);
-
- subId[op] = systemDBus.subscribeSignal("",
- STORAGED_DBUS_OBJECT,
- STORAGED_DBUS_INTERFACE,
- method.c_str(),
- callback);
- };
-
- subscribe(Operation::ADDED, "DeviceAdded");
- subscribe(Operation::CHANGED, "DeviceChanged");
- subscribe(Operation::REMOVED, "DeviceRemoved");
-}
-
-void ExtensionEncryptionServer::unsubscribeFromStoraged()
-{
- dbus::Connection &systemDBus = dbus::Connection::getSystem();
-
- systemDBus.unsubscribeSignal(subId[Operation::ADDED]);
- systemDBus.unsubscribeSignal(subId[Operation::CHANGED]);
- systemDBus.unsubscribeSignal(subId[Operation::REMOVED]);
-}
-
-bool ExtensionEncryptionServer::storagedMount(std::unique_lock<std::mutex> &lock)
-{
- currentReq = Request::MOUNT;
-
- int ret = -1;
- try {
- dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME,
- STORAGED_DBUS_OBJECT,
- STORAGED_DBUS_INTERFACE,
- "Mount",
- -1,
- "(i)",
- "(is)",
- info[Device::MAP].storagedId,
- info[Device::MAP].mntPath.c_str()).get("(i)", &ret);
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Failed to call mount in storaged: " + std::string(e.what()));
- currentReq = Request::NONE;
- return false;
- }
-
- if (ret != 0) {
- ERROR(SINK, "Storaged failed to mount: " + std::to_string(ret));
- currentReq = Request::NONE;
- return false;
- }
-
- if (!storagedCv.wait_for(lock, std::chrono::seconds(1), [this] {
- return currentReq == Request::NONE;
- })) {
- ERROR(SINK, "Storaged timed out mounting the MAP.");
- currentReq = Request::NONE;
- return false;
- }
-
- return true;
-}
-
-bool ExtensionEncryptionServer::storagedUnmount(std::unique_lock<std::mutex> &lock)
-{
- currentReq = Request::UMOUNT;
-
- int ret = -1;
- try {
- dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME,
- STORAGED_DBUS_OBJECT,
- STORAGED_DBUS_INTERFACE,
- "Unmount",
- -1,
- "(i)",
- "(ii)",
- info[Device::MAP].storagedId,
- 0).get("(i)", &ret);
- } catch (runtime::Exception &e) {
- ERROR(SINK, "Failed to call unmount in storaged: " + std::string(e.what()));
- currentReq = Request::NONE;
- return false;
- }
-
- if (ret != 0) {
- ERROR(SINK, "Storaged failed to unmount: " + std::to_string(ret));
- currentReq = Request::NONE;
- return false;
- }
-
- if (!storagedCv.wait_for(lock, std::chrono::seconds(1), [this] {
- return currentReq == Request::NONE;
- })) {
- ERROR(SINK, "Storaged timed out unmounting the MAP.");
- currentReq = Request::NONE;
- return false;
- }
-
- return true;
-}
-
-int ExtensionEncryptionServer::getStatePriv() const
-{
- if (!isInserted()) {
- ERROR(SINK, "Cannot check state, card not inserted");
- return -1;
- }
-
- if (info[Device::MMC].fsType == EXTENSION_FS_TYPE)
- return State::Encrypted;
-
- return State::Corrupted;
-}
-
-bool ExtensionEncryptionServer::isInserted() const
-{
- return info[Device::MMC].storagedId >= 0;
-}
-
-bool ExtensionEncryptionServer::isOpened() const
-{
- return info[Device::MAP].storagedId >= 0;
-}
-
-bool ExtensionEncryptionServer::isMounted() const
-{
- return info[Device::MAP].mounted;
-}
-
-} // namespace ode
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __EXTENSION_ENCRYPTION_SERVER_H__
-#define __EXTENSION_ENCRYPTION_SERVER_H__
-
-#include <string>
-#include <mutex>
-#include <memory>
-#include <condition_variable>
-
-#include "rmi/extension-encryption.h"
-#include "key-manager/key-manager.h"
-#include "engine/encryption/cryptsetup-engine.h"
-#include "server.h"
-
-namespace ode {
-
-typedef CryptsetupEngine EXTENSION_ENGINE;
-
-class ExtensionEncryptionServer final: public ExtensionEncryption {
-public:
- ExtensionEncryptionServer(ServerContext& srv);
- ~ExtensionEncryptionServer();
-
- int setMountPassword(const std::string& password);
-
- int mount();
- int umount();
-
- int format(const std::string& password);
-
- int isPasswordInitialized();
- int initPassword(const std::string& password);
- int cleanPassword(const std::string& password);
- int changePassword(const std::string& oldPW, const std::string& newPW);
- int verifyPassword(const std::string& password);
-
- int getState();
-
-private:
- enum Operation {
- ADDED = 0,
- CHANGED,
- REMOVED,
-
- OPERATION_MAX
- };
-
- enum Device {
- MMC = 0,
- MAP,
-
- DEVICE_MAX
- };
-
- enum Request {
- NONE = 0,
- MOUNT,
- UMOUNT
- };
-
- struct DevInfo {
- std::string mntPath;
- std::string fsType;
- std::string sysPath;
- bool mounted;
- int storagedId;
-
- DevInfo() : mounted(false), storagedId(-1) {}
- ~DevInfo() {}
-
- void clear() {
- mntPath.clear();
- fsType.clear();
- sysPath.clear();
- mounted = false;
- storagedId = -1;
- }
- };
-
- void logStoragedEvent(Operation op, Device d);
- void handleDevice(Operation op,
- const std::vector<int> &intparams,
- const std::vector<char*> &strparams);
-
- void parseVariant(Operation op, dbus::Variant parameters);
- void queryStoraged();
- void subscribeToStoraged();
- void unsubscribeFromStoraged();
-
- bool storagedMount(std::unique_lock<std::mutex> &lock);
- bool storagedUnmount(std::unique_lock<std::mutex> &lock);
-
- int getStatePriv() const;
- bool isInserted() const;
- bool isOpened() const;
- bool isMounted() const;
-
- ServerContext& server;
-
- // currently inserted card information, empty if no card:
- DevInfo info[DEVICE_MAX];
-
- dbus::Connection::SubscriptionId subId[OPERATION_MAX];
-
- Request currentReq;
-
- std::unique_ptr<EXTENSION_ENGINE> engine;
- KeyManager::data mountKey;
-
- std::mutex apiGuard;
- std::mutex stateGuard;
- std::condition_variable storagedCv;
-};
-
-} // namespace ode
-
-#endif // __EXTENSION_ENCRYPTION_SERVER_H__
&intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly
&intparams[5]); // strage id
- // TODO: this implementation probably would do better if it was on par with
- // ExtensionEncryption in terms of how it detects and reacts to card events
if (intparams[0] != 1 || (std::string(strparams[3]) != "vfat" &&
std::string(strparams[3]) != "ext4")) {
DEBUG(SINK, "Storaged says it's not a regular SD card. Ignoring.");
#include "secure-erase.h"
#include "internal-encryption.h"
#include "external-encryption.h"
-#include "extension-encryption.h"
#include "luks.h"
#include "key-manager/key-generator.h"
#include "server.h"
secureErase.reset(new SecureEraseServer(*this));
internalEncryption.reset(new InternalEncryptionServer(*this));
externalEncryption.reset(new ExternalEncryptionServer(*this));
- extensionEncryption.reset(new ExtensionEncryptionServer(*this));
luks.reset(new LuksServer(*this));
KeyGenerator::init();
class SecureEraseServer;
class InternalEncryptionServer;
class ExternalEncryptionServer;
-class ExtensionEncryptionServer;
class LuksServer;
class ServerContext final: public rmi::Service {
std::unique_ptr<SecureEraseServer> secureErase;
std::unique_ptr<InternalEncryptionServer> internalEncryption;
std::unique_ptr<ExternalEncryptionServer> externalEncryption;
- std::unique_ptr<ExtensionEncryptionServer> extensionEncryption;
std::unique_ptr<LuksServer> luks;
};
#include <ode/secure-erase.h>
#include <ode/internal-encryption.h>
#include <ode/external-encryption.h>
-#include <ode/extension-encryption.h>
#include <ode/luks.h>
extern char** environ;
std::cout << "Usage: " << name << " [Option]" << std::endl
<< std::endl
<< "Options :" << std::endl
- << " -m, --mount=internal|external|extension mount" << std::endl
- << " -u, --umount=internal|external|extension umount" << std::endl
+ << " -m, --mount=internal|external mount" << std::endl
+ << " -u, --umount=internal|external umount" << std::endl
<< " -e, --encrypt=internal|external encrypt" << std::endl
<< " -d, --decrypt=internal|external decrypt" << std::endl
- << " -f, --format=extension format and setup encryption" << std::endl
- << " -l --luks=format|open|close|wait perform LUKS operation or wait for completion. May also require -D and/or -M option." << std::endl
+ << " -l --luks=format|open|close|wait perform LUKS operation or wait for completion. May also require -D and/or -M option." << std::endl
<< " -D --device=<device> device path required for LUKS format and LUKS open operations" << std::endl
<< " -M --mapping=<mapping> mapping name required for LUKS open and LUKS close operations" << std::endl
- << " -p, --changepw=internal|external|extension change password" << std::endl
- << " -s, --state=internal|external|extension get state" << std::endl
- << " -w, --waitmnt=internal|external|extension wait for mount"<< std::endl
+ << " -p, --changepw=internal|external change password" << std::endl
+ << " -s, --state=internal|external get state" << std::endl
+ << " -w, --waitmnt=internal|external wait for mount"<< std::endl
<< " -c, --clean=DIRECTORY secure-clean" << std::endl
<< " -h, --help show this" << std::endl
<< std::endl;
}
static inline void printSelectableStorage(bool internal = true,
- bool external = true,
- bool extension = true)
+ bool external = true)
{
bool firstDone = false;
std::cerr << "Just choose one among followings :" << std::endl;
std::cerr << "external";
firstDone = true;
}
- if (extension) {
- if (firstDone) {
- std::cerr << ", ";
- }
- std::cerr << "extension";
- firstDone = true;
- }
std::cerr << std::endl;
}
} else {
std::cerr << "Password setting failed" << std::endl;
}
- } else if (name == "extension") {
- std::string password = getPassword();
- ret = ode_extension_encryption_set_mount_password(password.c_str());
- if (ret == 0) {
- ret = ode_extension_encryption_mount();
- } else {
- std::cerr << "Password setting failed" << std::endl;
- }
} else {
printSelectableStorage();
return -1;
ret = ode_internal_encryption_umount();
} else if (name == "external") {
ret = ode_external_encryption_umount();
- } else if (name == "extension") {
- ret = ode_extension_encryption_umount();
} else {
printSelectableStorage();
return -1;
}
ret = ode_external_encryption_encrypt(password.c_str(), options);
} else {
- printSelectableStorage(true, true, false);
+ printSelectableStorage(true, true);
return -1;
}
ode_external_encryption_clean_password(password.c_str());
}
} else {
- printSelectableStorage(true, true, false);
- return -1;
- }
-
- if (ret != 0) {
- std::cerr << "Error : " << ret <<std::endl;
- }
-
- return ret;
-}
-
-
-static inline int format_storage(const std::string name)
-{
- int ret;
-
- if (name == "extension") {
- bool result = false;
- ode_extension_encryption_is_password_initialized(&result);
-
- if (!result) {
- std::cout << "New ";
- std::string password = getPassword();
- ode_extension_encryption_init_password(password.c_str());
- }
-
- result = false;
- std::cout << "Confirm ";
- std::string password = getPassword();
- ode_extension_encryption_verify_password(password.c_str(), &result);
-
- if (!result) {
- std::cerr << "Confirm password doesn't match" << std::endl;
- return -1;
- }
-
- ret = ode_extension_encryption_format(password.c_str());
- } else {
- printSelectableStorage(false, false, true);
+ printSelectableStorage(true, true);
return -1;
}
ret = ode_internal_encryption_change_password(oldPW.c_str(), newPW.c_str());
} else if (name == "external") {
ret = ode_external_encryption_change_password(oldPW.c_str(), newPW.c_str());
- } else if (name == "extension") {
- ret = ode_extension_encryption_change_password(oldPW.c_str(), newPW.c_str());
} else {
printSelectableStorage();
return -1;
ret = ode_internal_encryption_get_state(&state);
} else if (name == "external") {
ret = ode_external_encryption_get_state(&state);
- } else if (name == "extension") {
- ret = ode_extension_encryption_get_state(&state);
} else {
printSelectableStorage();
return -1;
} else if (name == "external") {
std::cout << "Wait for external storage mount..." << std::endl;
ret = ode_external_encryption_set_mount_event_cb(mount_event_cb, &mtx);
- } else if (name == "extension") {
- std::cout << "Wait for extension storage mount..." << std::endl;
- ret = ode_extension_encryption_set_mount_event_cb(mount_event_cb, &mtx);
} else {
printSelectableStorage();
return -1;
{"umount", required_argument, 0, 'u'},
{"encrypt", required_argument, 0, 'e'},
{"decrypt", required_argument, 0, 'd'},
- {"format", required_argument, 0, 'f'},
{"luks" , required_argument, 0, 'l'},
{"state", required_argument, 0, 's'},
{"waitmnt", required_argument, 0, 'w'},
std::string mapping, device, op;
- while ((opt = getopt_long(argc, argv, "m:u:e:d:f:l:p:s:w:c:h", options, &index)) != -1) {
+ while ((opt = getopt_long(argc, argv, "m:u:e:d:l:p:s:w:c:h", options, &index)) != -1) {
switch (opt) {
case 'm':
ret = mount(optarg);
case 'd':
ret = decrypt_storage(optarg);
break;
- case 'f':
- ret = format_storage(optarg);
- break;
case 'l':
op = optarg;
while ((luks_opt = getopt_long(argc, argv, "D:M:", luks_options, &index)) != -1) {
projects / platform / core / security / ode.git / commitdiff