int InternalEncryptionServer::encrypt(const std::string& password, unsigned int options)
{
- if (getState() != State::Unencrypted) {
+ if (getState() != State::Unencrypted
+ && getState() != State::PreparedEncryption) {
ERROR(SINK, "Cannot encrypt, partition's state incorrect.");
return error::NoSuchDevice;
}
::sleep(1);
runtime::File file("/opt/etc/.odeprogress");
- file.create(MODE_0640);
-
- std::string source = engine->getSource();
- auto mntPaths = findMountPointsByDevice(source);
-
- if (!mntPaths.empty()) {
- INFO(SINK, "Closing all processes using internal storage.");
- stopSystemdUnits();
-
- INFO(SINK, "Unmounting internal storage.");
- unmountInternalStorage(source);
+ if (getState() == State::Unencrypted) {
+ /* For backward compatibility */
+ file.create(MODE_0640);
+ std::string source = engine->getSource();
+ auto mntPaths = findMountPointsByDevice(source);
+
+ if (!mntPaths.empty()) {
+ INFO(SINK, "Closing all processes using internal storage.");
+ stopSystemdUnits();
+
+ INFO(SINK, "Unmounting internal storage.");
+ unmountInternalStorage(source);
+ }
+ setOptions(options & getSupportedOptions());
}
INFO(SINK, "Encryption started.");
::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "error_partially_encrypted");
try {
- engine->encrypt(masterKey, options);
+ engine->encrypt(masterKey, getOptions());
} catch (runtime::Exception &e) {
ERROR(SINK, e.what());
if (!engine->isStarted()) {
::sync();
::reboot(RB_AUTOBOOT);
}
- setOptions(options & getSupportedOptions());
INFO(SINK, "Encryption completed.");
::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "encrypted");
int InternalEncryptionServer::decrypt(const std::string& password)
{
- if (getState() != State::Encrypted) {
+ if (getState() != State::Encrypted
+ && getState() != State::PreparedDecryption) {
ERROR(SINK, "Cannot decrypt, partition's state incorrect.");
return error::NoSuchDevice;
}
::sleep(1);
runtime::File file("/opt/etc/.odeprogress");
- file.create(MODE_0640);
+ if (getState() == State::Encrypted) {
+ /* For backward compatibility */
+ file.create(MODE_0640);
- if (engine->isMounted()) {
- INFO(SINK, "Closing all processes using internal storage.");
- stopSystemdUnits();
+ if (engine->isMounted()) {
+ INFO(SINK, "Closing all processes using internal storage.");
+ stopSystemdUnits();
- INFO(SINK, "Umounting internal storage.");
- unmountInternalStorage("/dev/mapper/userdata");
- engine->umount();
+ INFO(SINK, "Unmounting internal storage.");
+ unmountInternalStorage("/dev/mapper/userdata");
+ engine->umount();
+ }
}
INFO(SINK, "Decryption started.");
if (state == State::Unencrypted)
return error::NoSuchDevice;
+ if (state == State::PreparedEncryption) {
+ ::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "unencrypted");
+ ::sync();
+ return error::None;
+ }
+ if (state == State::PreparedDecryption) {
+ ::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "encrypted");
+ ::sync();
+ return error::None;
+ }
runtime::File file("/opt/.factoryreset");
file.create(MODE_0640);
std::cout << "Usage: " << name << " [Option]" << std::endl
<< std::endl
<< "Options :" << std::endl
- << " -m, --mount=internal|external mount" << std::endl
- << " -u, --umount=internal|external umount" << std::endl
- << " -e, --encrypt=internal|external encrypt" << std::endl
- << " -d, --decrypt=internal|external decrypt" << std::endl
- << " -l --luks=format|open|close|wait perform LUKS operation using asynchronous" << std::endl
- << " API or wait for completion. May also" << std::endl
- << " require -D and/or -M option." << std::endl
- << " -L --luks_sync=format|open|close perform LUKS operation using synchronous" << std::endl
- << " API. May also require -D and/or -M option." << std::endl
- << " -D --device=<device> device path" << std::endl
- << " -M --mapping=<mapping> mapping name required for LUKS open and" << std::endl
- << " LUKS close operations" << std::endl
- << " -k, --keys=store|remove Store/remove the master key of given device" << std::endl
- << " for the purpose of system upgrade. Requires" << std::endl
- << " -D option" << std::endl
- << " -p, --changepw=internal|external change password" << std::endl
- << " -s, --state=internal|external get state" << std::endl
- << " -w, --waitmnt=internal|external wait for mount"<< std::endl
- << " -c, --clean=DIRECTORY secure-clean" << std::endl
- << " -r, --recovery=internal|external recovery" << std::endl
- << " -h, --help show this" << std::endl
+ << " -m, --mount=internal|external mount" << std::endl
+ << " -u, --umount=internal|external umount" << std::endl
+ << " -e, --encrypt=internal_prepare|internal|external encrypt" << std::endl
+ << " -d, --decrypt=internal_prepare|internal|external decrypt" << std::endl
+ << " -l --luks=format|open|close|wait perform LUKS operation using asynchronous" << std::endl
+ << " API or wait for completion. May also" << std::endl
+ << " require -D and/or -M option." << std::endl
+ << " -L --luks_sync=format|open|close perform LUKS operation using synchronous" << std::endl
+ << " API. May also require -D and/or -M option." << std::endl
+ << " -D --device=<device> device path" << std::endl
+ << " -M --mapping=<mapping> mapping name required for LUKS open and" << std::endl
+ << " LUKS close operations" << std::endl
+ << " -k, --keys=store|remove Store/remove the master key of given device" << std::endl
+ << " for the purpose of system upgrade. Requires" << std::endl
+ << " -D option" << std::endl
+ << " -p, --changepw=internal|external change password" << std::endl
+ << " -s, --state=internal|external get state" << std::endl
+ << " -w, --waitmnt=internal|external wait for mount"<< std::endl
+ << " -c, --clean=DIRECTORY secure-clean" << std::endl
+ << " -r, --recovery=internal|external recovery" << std::endl
+ << " -h, --help show this" << std::endl
<< std::endl;
return -1;
{
int ret;
- if (name == "internal") {
+ if (name == "internal_prepare") {
+ unsigned int options = 0;
+ ode_internal_encryption_get_supported_options(&options);
+ char answer;
+ if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) {
+ std::cout << "Encrypt All (include unused region)? (y/n) ";
+ std::cin >> answer;
+ if (answer != 'Y' && answer != 'y') {
+ options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION;
+ }
+ }
+ ret = ode_internal_encryption_prepare_encryption(options);
+ } else if (name == "internal") {
bool result = false;
ode_internal_encryption_is_password_initialized(&result);
return -1;
}
+ int state;
unsigned int options = 0;
- ode_internal_encryption_get_supported_options(&options);
-
- char answer;
- if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) {
- std::cout << "Encrypt All (include unused region)? (y/n) ";
- std::cin >> answer;
- if (answer != 'Y' && answer != 'y') {
- options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION;
+ ode_internal_encryption_get_state(&state);
+ if (state == ODE_STATE_UNENCRYPTED) {
+ /* For backward compatibility */
+ ode_internal_encryption_get_supported_options(&options);
+ char answer;
+ if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) {
+ std::cout << "Encrypt All (include unused region)? (y/n) ";
+ std::cin >> answer;
+ if (answer != 'Y' && answer != 'y') {
+ options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION;
+ }
}
}
ret = ode_internal_encryption_encrypt(password.c_str(), options);
{
int ret;
- if (name == "internal") {
+ if (name == "internal_prepare") {
+ ret = ode_internal_encryption_prepare_decryption();
+ } else if (name == "internal") {
std::string password = getPassword();
ret = ode_internal_encryption_decrypt(password.c_str());
if (ret == 0) {
case ODE_STATE_CORRUPTED:
std::cout << "Corrupted";
break;
+ case ODE_STATE_PREPARED_ENCRYPTION:
+ std::cout << "Prepared for encryption";
+ break;
+ case ODE_STATE_PREPARED_DECRYPTION:
+ std::cout << "Prepared for decryption";
+ break;
default:
std::cout << "Invalid";
}
projects / platform / core / security / ode.git / commitdiff