ExtensionEncryption: add set_mount_password API call

Make this API be more like InternalEncryption where this call might be
required in the same way it is required in InternalEncryption.

Change-Id: I5e3c6fd661d899844a4a5aceaf2a91117c622d2b

diff --git a/lib/extension-encryption.cpp b/lib/extension-encryption.cpp
index 637324e..b71fcb6 100644 (file)
--- a/lib/extension-encryption.cpp
+++ b/lib/extension-encryption.cpp
@@ -27,10 +27,19 @@ ExtensionEncryption::~ExtensionEncryption()
 {
 }
 
-int ExtensionEncryption::mount(const std::string& password)
+int ExtensionEncryption::setMountPassword(const std::string& password)
 {
        try {
-               return context->methodCall<int>("ExtensionEncryption::mount", password);
+               return context->methodCall<int>("ExtensionEncryption::setMountPassword", password);
+       } catch (runtime::Exception& e) {
+               return -1;
+       }
+}
+
+int ExtensionEncryption::mount()
+{
+       try {
+               return context->methodCall<int>("ExtensionEncryption::mount");
        } catch (runtime::Exception& e) {
                return -1;
        }

diff --git a/lib/ode/extension-encryption.cpp b/lib/ode/extension-encryption.cpp
index 9fc132d..65a091e 100644 (file)
--- a/lib/ode/extension-encryption.cpp
+++ b/lib/ode/extension-encryption.cpp
@@ -22,13 +22,24 @@
 
 using namespace ode;
 
-int ode_extension_encryption_mount(const char* password)
+int ode_extension_encryption_set_mount_password(const char* password)
+{
+       RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
+
+       ODEContext client;
+       RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+       ExtensionEncryption extension = client.createInterface<ExtensionEncryption>();
+
+       return extension.setMountPassword(password);
+}
+
+int ode_extension_encryption_mount()
 {
        ODEContext client;
        RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
        ExtensionEncryption extension = client.createInterface<ExtensionEncryption>();
 
-       return extension.mount(password);
+       return extension.mount();
 }
 
 int ode_extension_encryption_umount()

diff --git a/lib/ode/extension-encryption.h b/lib/ode/extension-encryption.h
index b86af25..d2e35c4 100644 (file)
--- a/lib/ode/extension-encryption.h
+++ b/lib/ode/extension-encryption.h
@@ -31,7 +31,27 @@ extern "C" {
 #endif
 
 /**
- * @brief       Mount extension storage encrypted with a given password
+ * @brief       Set a password to be used by mount of encrypted extension storage
+ * @details     Administrator can use this API to set a password for encrypted
+ *              extension mount.
+ * @since_tizen 4.0
+ * @param[in]   password The password to mount extension storage
+ * @return      #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval      #ODE_ERROR_NONE Successful
+ * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval      #ODE_ERROR_TIMED_OUT Time out
+ * @retval      #ODE_ERROR_KEY_REJECTED Password doen't match
+ * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
+ *              the privilege to call this API
+ * @pre         The password set before must match with what is set by
+ *              ode_extension_encryption_init_password().
+ * @see         ode_extension_encryption_init_password()
+ * @see         ode_extension_encryption_mount()
+ */
+ODE_API int ode_extension_encryption_set_mount_password(const char* password);
+
+/**
+ * @brief       Mount encrypted extension storage
  * @details     Administrator can use this API to mount encrypted extension
  *              storage.
  * @since_tizen 4.0
@@ -39,16 +59,15 @@ extern "C" {
  * @retval      #ODE_ERROR_NONE Successful
  * @retval      #ODE_ERROR_INVALID_PARAMETER Invalid parameter
  * @retval      #ODE_ERROR_TIMED_OUT Time out
- * @retval      #ODE_ERROR_KEY_REJECTED Password doesn't match
  * @retval      #ODE_ERROR_NOT_PERMITTED Operation not permitted
  * @retval      #ODE_ERROR_PERMISSION_DENIED The application does not have
  *              the privilege to call this API
- * @pre         The password must match with what is set by
- *              ode_extension_encryption_init_password().
- * @see         ode_extension_encryption_init_password()
+ * @pre         A password must be set by
+ *              ode_extension_encryption_set_mount_password().
+ * @see         ode_extension_encryption_set_mount_password()
  * @see         ode_extension_encryption_umount()
  */
-ODE_API int ode_extension_encryption_mount(const char* password);
+ODE_API int ode_extension_encryption_mount();
 
 /**
  * @brief       Umount extension storage
@@ -232,7 +251,6 @@ ODE_API int ode_extension_encryption_set_mount_event_cb(ode_mount_event_cb callb
  * @return      #ODE_ERROR_NONE on success, otherwise a negative value
  * @retval      #ODE_ERROR_NONE Successful
  * @retval      #ODE_ERROR_TIMED_OUT Time out
- *              the privilege to call this API
  * @see         ode_extension_encryption_mount()
  * @see         ode_extension_encryption_set_mount_event_cb()
  */

diff --git a/rmi/extension-encryption.h b/rmi/extension-encryption.h
index 7fdac84..31f366a 100644 (file)
--- a/rmi/extension-encryption.h
+++ b/rmi/extension-encryption.h
@@ -36,7 +36,9 @@ public:
        ExtensionEncryption(ODEControlContext& ctxt);
        ~ExtensionEncryption();
 
-       int mount(const std::string& password);
+       int setMountPassword(const std::string& password);
+
+       int mount();
        int umount();
 
        int format(const std::string& password);

diff --git a/server/extension-encryption.cpp b/server/extension-encryption.cpp
index f23698f..587f1b7 100644 (file)
--- a/server/extension-encryption.cpp
+++ b/server/extension-encryption.cpp
@@ -54,6 +54,7 @@ const char *STORAGED_DBUS_OBJECT      = "/Org/Tizen/System/Storage/Block/Manager";
 const char *STORAGED_DBUS_INTERFACE    = "org.tizen.system.storage.BlockManager";
 
 std::unique_ptr<EXTENSION_ENGINE> engine;
+KeyManager::data mountKey;
 
 std::mutex apiGuard;
 std::mutex stateGuard;
@@ -108,7 +109,8 @@ ExtensionEncryption::ExtensionEncryption(ODEControlContext &ctx) :
        context(ctx),
        currentReq(Request::NONE)
 {
-       context.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryption::mount)(std::string));
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryption::setMountPassword)(std::string));
+       context.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryption::mount)());
        context.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryption::umount)());
        context.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryption::format)(std::string));
        context.expose(this, "", (int)(ExtensionEncryption::isPasswordInitialized)());
@@ -133,15 +135,9 @@ ExtensionEncryption::~ExtensionEncryption()
        unsubscribeFromStoraged();
 }
 
-int ExtensionEncryption::mount(const std::string& password)
+int ExtensionEncryption::setMountPassword(const std::string& password)
 {
        std::lock_guard<std::mutex> guardLock(apiGuard);
-       std::unique_lock<std::mutex> stateLock(stateGuard);
-
-       if (getStatePriv() != State::Encrypted) {
-               ERROR(SINK, "Cannot mount, card not inserted or corrupted");
-               return -1;
-       }
 
        KeyManager::data pwData(password.begin(), password.end());
        KeyManager keyManager(engine->getKeyMeta());
@@ -151,12 +147,26 @@ int ExtensionEncryption::mount(const std::string& password)
                return -2;
        }
 
+       mountKey = keyManager.getMasterKey(pwData);
+
+       return 0;
+}
+
+int ExtensionEncryption::mount()
+{
+       std::lock_guard<std::mutex> guardLock(apiGuard);
+       std::unique_lock<std::mutex> stateLock(stateGuard);
+
+       if (getStatePriv() != State::Encrypted) {
+               ERROR(SINK, "Cannot mount, card not inserted or corrupted");
+               return -1;
+       }
+
        if (isMounted()) {
                INFO(SINK, "Already mounted");
                return 0;
        }
 
-       KeyManager::data mountKey = keyManager.getMasterKey(pwData);
 
        INFO(SINK, "Mount extension storage...");
 
@@ -167,6 +177,7 @@ int ExtensionEncryption::mount(const std::string& password)
                try {
                        INFO(SINK, "Open the MAP of an extension storage...");
                        engine->open(CryptsetupEngine::DeviceType::LUKS, EXTENSION_NAME, mountKey);
+                       mountKey.clear();
                } catch (runtime::Exception &e) {
                        ERROR(SINK, "Open failed: " + std::string(e.what()));
                        return -3;

diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp
index 0487c41..ae9a6f9 100644 (file)
--- a/tools/cli/ode-admin-cli.cpp
+++ b/tools/cli/ode-admin-cli.cpp
@@ -127,7 +127,12 @@ static inline int mount(const std::string name)
                }
        } else if (name == "extension") {
                std::string password = getPassword();
-               ret = ode_extension_encryption_mount(password.c_str());
+               ret = ode_extension_encryption_set_mount_password(password.c_str());
+               if (ret == 0) {
+                       ret = ode_extension_encryption_mount();
+               } else {
+                       std::cerr << "Password setting failed" << std::endl;
+               }
        } else {
                printSelectableStorage();
                return -1;