}
}
-int ExternalEncryption::encrypt(const std::string& password)
+int ExternalEncryption::encrypt(const std::string& password, unsigned int options)
{
try {
- return context->methodCall<int>("ExternalEncryption::encrypt", password);
+ return context->methodCall<int>("ExternalEncryption::encrypt", password, options);
} catch (runtime::Exception& e) {
return -1;
}
}
}
+unsigned int ExternalEncryption::getSupportedOptions()
+{
+ try {
+ return context->methodCall<unsigned int>("ExternalEncryption::getSupportedOptions");
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+}
+
} // namespace ode
}
}
-int InternalEncryption::encrypt(const std::string& password)
+int InternalEncryption::encrypt(const std::string& password, unsigned int options)
{
try {
- return context->methodCall<int>("InternalEncryption::encrypt", password);
+ return context->methodCall<int>("InternalEncryption::encrypt", password, options);
} catch (runtime::Exception& e) {
return -1;
}
}
}
+unsigned int InternalEncryption::getSupportedOptions()
+{
+ try {
+ return context->methodCall<unsigned int>("InternalEncryption::getSupportedOptions");
+ } catch (runtime::Exception& e) {
+ return -1;
+ }
+}
+
} // namespace ode
return external.umount();
}
-int ode_external_encryption_encrypt(const char* password)
+int ode_external_encryption_encrypt(const char* password, unsigned int options)
{
RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
ExternalEncryption external = client.createInterface<ExternalEncryption>();
- return external.encrypt(password);
+ return external.encrypt(password, options);
}
int ode_external_encryption_decrypt(const char* password)
*state = ret;
return ODE_ERROR_NONE;
}
+
+int ode_external_encryption_get_supported_options(unsigned int* options)
+{
+ RET_ON_FAILURE(options, ODE_ERROR_INVALID_PARAMETER);
+
+ ODEContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ ExternalEncryption external = client.createInterface<ExternalEncryption>();
+ *options = external.getSupportedOptions();
+ return ODE_ERROR_NONE;
+}
* @details Administrator can use this API to encrypt external storage.
* @since_tizen 3.0
* @param[in] password The password to encrypt external storage
+ * @param[in] options Encryption options
* @return #ODE_ERROR_NONE on success, otherwise a negative value
* @retval #ODE_ERROR_NONE Successful
* @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
* @retval #ODE_ERROR_KEY_REJECTED Password doen't match
* @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
* @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * @retval #ODE_ERROR_NOT_SUPPORTED Given options are not supported
* the privilege to call this API
- * @pre The handle must be created by ode_manager_create().
- * @see ode_manager_create()
- * @see ode_manager_destroy()
* @see ode_external_encryption_mount()
* @see ode_external_encryption_decrypt()
+ * @see ode_external_encryption_get_supported_options()
*/
-ODE_API int ode_external_encryption_encrypt(const char* password);
+ODE_API int ode_external_encryption_encrypt(const char* password, unsigned int options);
/**
* @brief Decrypt external storage by given password.
*/
ODE_API int ode_external_encryption_get_state(int* state);
+/*
+ * @brief Enumeration for external encryption options
+ * @since_tizen 3.0
+ */
+typedef enum {
+ ODE_OPTION_EXTERNAL_ONLY_NEW_FILE = 1 << 0, /**< Encrypt new files only */
+ ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE = 1 << 1, /**< Encrypt non-media files only */
+} ode_options_external_e;
+
+/**
+ * @brief Get supported options for encryption of external storage.
+ * @details Administrator can use this API to get which options are
+ supported for encryption of external storage.
+ * @since_tizen 3.0
+ * @param[out] option The logical OR of supported options in external storage
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_TIMED_OUT Time out
+ * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * the privilege to call this API
+ * @see ode_external_encryption_encrypt()
+ */
+ODE_API int ode_external_encryption_get_supported_options(unsigned int* options);
+
/**
* @}
*/
return internal.umount();
}
-int ode_internal_encryption_encrypt(const char* password)
+int ode_internal_encryption_encrypt(const char* password, unsigned int options)
{
RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
InternalEncryption internal = client.createInterface<InternalEncryption>();
- return internal.encrypt(password);
+ return internal.encrypt(password, options);
}
int ode_internal_encryption_decrypt(const char* password)
*state = ret;
return ODE_ERROR_NONE;
}
+
+int ode_internal_encryption_get_supported_options(unsigned int* options)
+{
+ RET_ON_FAILURE(options, ODE_ERROR_INVALID_PARAMETER);
+
+ ODEContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ InternalEncryption internal = client.createInterface<InternalEncryption>();
+ *options = internal.getSupportedOptions();
+ return ODE_ERROR_NONE;
+}
* @details Administrator can use this API to encrypt internal storage.
* @since_tizen 3.0
* @param[in] password The password to encrypt internal storage
+ * @param[in] options Encryption options
* @return #ODE_ERROR_NONE on success, otherwise a negative value
* @retval #ODE_ERROR_NONE Successful
* @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
* @retval #ODE_ERROR_KEY_REJECTED Password doen't match
* @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted
* @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * @retval #ODE_ERROR_NOT_SUPPORTED Given options are not supported
* the privilege to call this API
* @see ode_internal_encryption_mount()
* @see ode_internal_encryption_decrypt()
+ * @see ode_internal_encryption_get_supported_options()
*/
-ODE_API int ode_internal_encryption_encrypt(const char* password);
+ODE_API int ode_internal_encryption_encrypt(const char* password, unsigned int options);
/**
* @brief Decrypt internal storage by given password.
*/
ODE_API int ode_internal_encryption_get_state(int* state);
+/*
+ * @brief Enumeration for internal encryption options
+ * @since_tizen 3.0
+ */
+typedef enum {
+ ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION = 1 << 0, /**< Encrypt all include unused region */
+} ode_options_internal_e;
+
/**
+ * @brief Get supported options for encryption of internal storage.
+ * @details Administrator can use this API to get which options are
+ supported for encryption of external storage.
+ * @since_tizen 3.0
+ * @param[out] option The logical OR of supported options in internal storage
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_TIMED_OUT Time out
+ * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * the privilege to call this API
+ * @see ode_internal_encryption_encrypt()
+ */
+ODE_API int ode_internal_encryption_get_supported_options(unsigned int* options);
+
+/*
* @}
*/
ExternalEncryption(ODEControlContext& ctxt);
~ExternalEncryption();
+ unsigned int getSupportedOptions();
+
int mount(const std::string& password);
int umount();
- int encrypt(const std::string& password);
+ int encrypt(const std::string& password, unsigned int options);
int decrypt(const std::string& password);
int changePassword(const std::string& oldPW, const std::string& newPW);
int getState();
+ enum Option {
+ OnlyNewFile = 1 << 0,
+ ExceptForMediaFile = 1 << 1,
+ };
+
private:
ODEControlContext& context;
};
int mount(const std::string& password);
int umount();
- int encrypt(const std::string& password);
+ int encrypt(const std::string& password, unsigned int options);
int decrypt(const std::string& password);
int changePassword(const std::string& oldPW, const std::string& newPW);
int getState();
+ enum Option {
+ IncludeUnusedRegion = 1 << 0,
+ };
+
+ unsigned int getSupportedOptions();
+
private:
ODEControlContext& context;
};
#include "dmcrypt-engine.h"
+#define OPTION_INCLUDE_UNUSED_REGION (1 << 0)
+
namespace ode {
void CryptInfo::init(const std::string &src, const std::string &crypto_name)
return key;
}
-void DMCryptEngine::mount(const DMCryptEngine::data &key)
+void DMCryptEngine::mount(const DMCryptEngine::data &key, unsigned int options)
{
DMCryptEngine::data sanitized_key = sanitizeKey(key);
progressBar.done();
}
-void DMCryptEngine::encrypt(const DMCryptEngine::data &key)
+void DMCryptEngine::encrypt(const DMCryptEngine::data &key, unsigned int options)
{
DMCryptEngine::data sanitized_key = sanitizeKey(key);
destroyCryptoBlkDev(DM_LABEL);
}
-void DMCryptEngine::decrypt(const DMCryptEngine::data &key)
+void DMCryptEngine::decrypt(const DMCryptEngine::data &key, unsigned int options)
{
DMCryptEngine::data sanitized_key = sanitizeKey(key);
FileFooter::write(source, meta);
}
+unsigned int DMCryptEngine::getSupportedOptions()
+{
+ return OPTION_INCLUDE_UNUSED_REGION;
+}
+
} // namespace ode
typedef std::vector<unsigned char> data;
- void mount(const data &key);
+ void mount(const data &key, unsigned int options);
void umount();
- void encrypt(const data &key);
- void decrypt(const data &key);
+ void encrypt(const data &key, unsigned int options);
+ void decrypt(const data &key, unsigned int options);
const data getKeyMeta();
void setKeyMeta(const data &data);
+ unsigned int getSupportedOptions();
+
private:
void encryptInPlace(const std::string &dst_blkdev,
const std::string &src_blkdev,
#include "ecryptfs-engine.h"
-#if 0
+#define OPTION_ONLY_NEW_FILE (1 << 0)
+#define OPTION_EXCEPT_FOR_MEDIA_FILE (1 << 1)
+
+#define SUPPORTED_OPTIONS OPTION_ONLY_NEW_FILE
+
#define MEDIA_EXCLUSION_LIST "temp_video/Camera/DCIM:mp3|mpga|m4a|mp4|wav|amr|awb|wma|ogg|oga|aac|mka|flac|3gp|3ga|mid|midi|xmf|rtttl|rtx|ota|smf|spm|imy|mpeg|m4v|3gp|3gpp|3g2|3gpp2|wmv|asf|mkv|webm|ts|avi|jpg|jpeg|gif|png|bmp|wbmp|divx|flv|ac3|mov|tiff|f4v|mpeg3|voice"
-#endif
#define CIPHER_MODE "aes"
#define ENCRYPTION_CHECKER_NAME ".ecryptfs_encrypted"
}
}
-void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector<unsigned char> &key)
+void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector<unsigned char> &key, unsigned int options)
{
ecryptfs_auth_tok payload;
std::string mountOption;
}
mountOption = "ecryptfs_passthrough"
- ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
",ecryptfs_cipher=" CIPHER_MODE
+ ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
",ecryptfs_key_bytes=" + std::to_string(payload.token.password.session_key_encryption_key_bytes);
-#ifdef MEDIA_EXCLUSION_LIST
- mountOption += ",ecryptfs_enable_filtering=" MEDIA_EXCLUSION_LIST;
-#endif
+ if (options & OPTION_EXCEPT_FOR_MEDIA_FILE) {
+ mountOption += ",ecryptfs_enable_filtering=" MEDIA_EXCLUSION_LIST;
+ }
INFO("option = " + mountOption);
INFO("source = " + source);
{
}
-void EcryptfsEngine::mount(const data &key)
+void EcryptfsEngine::mount(const data &key, unsigned int options)
{
- ecryptfsMount(source, destination, key);
+ ecryptfsMount(source, destination, key, options);
}
void EcryptfsEngine::umount()
ecryptfsUmount(destination);
}
-void EcryptfsEngine::encrypt(const data &key)
+void EcryptfsEngine::encrypt(const data &key, unsigned int options)
{
if (!isEnoughToCopyInPlace(source, getDecryptedSize)) {
throw runtime::Exception("No space to encryption");
progress.update(0);
try {
- ecryptfsMount(source, destination, key);
+ ecryptfsMount(source, destination, key, options);
} catch (runtime::Exception &e) {
throw runtime::Exception("Failed to mount - " + std::string(e.what()));
}
runtime::File tempDir(destination + "/" ENCRYPTION_CHECKER_NAME);
tempDir.makeDirectory();
- copyInPlace(destination, destination, tempDir.getPath(),
+ if (!(options & OPTION_ONLY_NEW_FILE)) {
+ copyInPlace(destination, destination, tempDir.getPath(),
[](const std::string &file) {
return true;
},
current += size;
this->progress.update(current * 100 / totalSize);
});
+ }
} catch (runtime::Exception &e) {
try {
ecryptfsUmount(destination);
progress.done();
}
-void EcryptfsEngine::decrypt(const data &key)
+void EcryptfsEngine::decrypt(const data &key, unsigned int options)
{
if (!isEnoughToCopyInPlace(destination, getEncryptedSize)) {
throw runtime::Exception("No space to encryption");
runtime::File tempMountpoint(tempDir.getPath() + "/mount");
tempMountpoint.makeDirectory();
- ecryptfsMount(source, tempMountpoint.getPath(), key);
+ ecryptfsMount(source, tempMountpoint.getPath(), key, 0);
copyInPlace(tempMountpoint.getPath(), source,
tempDir.getPath(), wasEncrypted,
FileFooter::write(source, meta);
}
+unsigned int EcryptfsEngine::getSupportedOptions()
+{
+ return SUPPORTED_OPTIONS;
+}
+
} // namespace ode
typedef std::vector<unsigned char> data;
- void mount(const data& key);
+ void mount(const data& key, unsigned int);
void umount();
- void encrypt(const data& key);
- void decrypt(const data& key);
+ void encrypt(const data& key, unsigned int);
+ void decrypt(const data& key, unsigned int);
const data getKeyMeta();
void setKeyMeta(const data &data);
+ unsigned int getSupportedOptions();
+
private:
std::string source, destination;
ProgressBar progress;
{
}
-void Ext4Engine::mount(const Ext4Engine::data& key)
+void Ext4Engine::mount(const Ext4Engine::data& key, unsigned int options)
{
addKey(key);
/* mount : /dev/mmcblk0p21 /opt/usr_encrypt */
addKeyToKeyring(key);
}
-void Ext4Engine::encrypt(const Ext4Engine::data& key)
+void Ext4Engine::encrypt(const Ext4Engine::data& key, unsigned int options)
{
std::string sourceDir = getSource();
std::string destDir = getDestination();
throw runtime::Exception(runtime::GetSystemErrorMessage());
}
-void Ext4Engine::decrypt(const Ext4Engine::data& key)
+void Ext4Engine::decrypt(const Ext4Engine::data& key, unsigned int options)
{
std::string destDir = getDestination();
FileFooter::write(source, data);
}
+unsigned int Ext4Engine::getSupportedOptions()
+{
+ return 0;
+}
+
} // namespace ode
typedef std::vector<unsigned char> data;
- void mount(const data &key);
+ void mount(const data &key, unsigned int options);
void umount();
void addKey(const data &key);
- void encrypt(const data &key);
- void decrypt(const data &key);
+ void encrypt(const data &key, unsigned int options);
+ void decrypt(const data &key, unsigned int options);
const data getKeyMeta();
void setKeyMeta(const data &data);
+ unsigned int getSupportedOptions();
+
int copy(std::string& src, std::string& dest);
void listDir(std::string& source, std::string& dest, bool excludeFlag);
#define EXTERNAL_STORAGE_PATH "/opt/media/SDCardA1"
#define DEFAULT_USER "owner"
-#define EXTERNAL_STORAGE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE
+#define EXTERNAL_STATE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE
+#define EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY VCONFKEY_SDE_ENCRYPT_NEWFILE
+#define EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY VCONFKEY_SDE_EXCLUDE_MEDIAFILE
namespace ode {
externalCallback);
}
+unsigned int getOptions()
+{
+ unsigned int result = 0;
+ int value;
+
+ value = 0;
+ ::vconf_get_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, &value);
+ if (value) {
+ result |= ExternalEncryption::Option::OnlyNewFile;
+ }
+
+ value = 0;
+ ::vconf_get_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, &value);
+ if (value) {
+ result |= ExternalEncryption::Option::ExceptForMediaFile;
+ }
+
+ return result;
+}
+
+void setOptions(unsigned int options)
+{
+ bool value;
+
+ if (options & ExternalEncryption::Option::OnlyNewFile) {
+ value = true;
+ } else {
+ value = false;
+ }
+ ::vconf_set_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, value);
+
+ if (options & ExternalEncryption::Option::ExceptForMediaFile) {
+ value = true;
+ } else {
+ value = false;
+ }
+ ::vconf_set_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, value);
+}
+
} // namsepace
ExternalEncryption::ExternalEncryption(ODEControlContext &ctx) :
{
context.registerParametricMethod(this, "", (int)(ExternalEncryption::mount)(std::string));
context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::umount));
- context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string));
+ context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string, unsigned int));
context.registerParametricMethod(this, "", (int)(ExternalEncryption::decrypt)(std::string));
context.registerParametricMethod(this, "", (int)(ExternalEncryption::changePassword)(std::string, std::string));
context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::getState));
+ context.registerNonparametricMethod(this, "", (unsigned int)(ExternalEncryption::getSupportedOptions));
externalAddEventReceiver();
}
-
ExternalEncryption::~ExternalEncryption()
{
}
return -2;
}
- engine.mount(keyManager.getMasterKey(pwData));
+ engine.mount(keyManager.getMasterKey(pwData), getOptions());
return 0;
}
return 0;
}
-int ExternalEncryption::encrypt(const std::string &password)
+int ExternalEncryption::encrypt(const std::string &password, unsigned int options)
{
KeyManager::data pwData(password.begin(), password.end());
KeyManager keyManager;
engine.setKeyMeta(keyManager.serialize());
KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
- auto encryptWorker = [MasterKey, this]() {
+ auto encryptWorker = [&MasterKey, options, this]() {
INFO("Close all applications using external storage...");
killDependedApplications();
INFO("Encryption started...");
- engine.encrypt(MasterKey);
+ engine.encrypt(MasterKey, options);
+ setOptions(options & getSupportedOptions());
INFO("Sync disk...");
sync();
INFO("Encryption completed");
} catch (runtime::Exception &e) {}
INFO("Decryption started...");
- engine.decrypt(MasterKey);
+ engine.decrypt(MasterKey, getOptions());
INFO("Sync disk...");
sync();
INFO("Decryption completed");
int ExternalEncryption::getState()
{
- char *value = ::vconf_get_str(EXTERNAL_STORAGE_VCONF_KEY);
+ char *value = ::vconf_get_str(EXTERNAL_STATE_VCONF_KEY);
if (value == NULL) {
throw runtime::Exception("Failed to get vconf value");
}
return 0;
}
+unsigned int ExternalEncryption::getSupportedOptions()
+{
+ return engine.getSupportedOptions();
+}
+
} // namespace ode
#include "rmi/internal-encryption.h"
#define INTERNAL_STORAGE_PATH "/opt/usr"
-#define INTERNAL_STORAGE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE
+#define INTERNAL_STATE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE
+#define INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY VCONFKEY_ODE_FAST_ENCRYPTION
namespace ode {
proc.execute();
}
+unsigned int getOptions()
+{
+ unsigned int result = 0;
+ int value;
+
+ value = 0;
+ ::vconf_get_bool(INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY, &value);
+ if (value) {
+ result |= InternalEncryption::Option::IncludeUnusedRegion;
+ }
+
+ return result;
+}
+
+void setOptions(unsigned int options)
+{
+ bool value;
+
+ if (options & InternalEncryption::Option::IncludeUnusedRegion) {
+ value = true;
+ } else {
+ value = false;
+ }
+ ::vconf_set_bool(INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY, value);
+}
+
}
InternalEncryption::InternalEncryption(ODEControlContext& ctx) :
context(ctx)
{
+ context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState));
+ context.registerNonparametricMethod(this, "", (unsigned int)(InternalEncryption::getSupportedOptions));
context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string));
context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount));
- context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string));
+ context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string, unsigned int));
context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string));
context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string));
- context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState));
}
InternalEncryption::~InternalEncryption()
return -2;
}
- engine.mount(keyManager.getMasterKey(pwData));
+ engine.mount(keyManager.getMasterKey(pwData), getOptions());
return 0;
}
return 0;
}
-int InternalEncryption::encrypt(const std::string& password)
+int InternalEncryption::encrypt(const std::string& password, unsigned int options)
{
if (getState() != State::Unencrypted) {
return -1;
engine.setKeyMeta(keyManager.serialize());
KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
- auto encryptWorker = [MasterKey, this]() {
+ auto encryptWorker = [&MasterKey, options, this]() {
showProgressUI("Encrypting");
INFO("Close all processes using internal storage...");
}
INFO("Encryption started...");
- ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted");
- engine.encrypt(MasterKey);
+ ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
+ engine.encrypt(MasterKey, options);
+ setOptions(options & getSupportedOptions());
INFO("Sync disk...");
sync();
INFO("Encryption completed");
- ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "encrypted");
+ ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "encrypted");
::reboot(RB_AUTOBOOT);
};
} catch (runtime::Exception& e) {}
INFO("Decryption started...");
- ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted");
- engine.decrypt(MasterKey);
+ ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
+ engine.decrypt(MasterKey, getOptions());
INFO("Sync disk...");
sync();
INFO("Decryption completed");
- ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "unencrypted");
+ ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "unencrypted");
::reboot(RB_AUTOBOOT);
};
int InternalEncryption::getState()
{
- char *value = ::vconf_get_str(INTERNAL_STORAGE_VCONF_KEY);
+ char *value = ::vconf_get_str(INTERNAL_STATE_VCONF_KEY);
if (value == NULL) {
throw runtime::Exception("Failed to get vconf value");
}
return 0;
}
+unsigned int InternalEncryption::getSupportedOptions()
+{
+ return engine.getSupportedOptions();
+}
+
} // namespace ode
const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
- engine.encrypt(key32bit);
+ engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
// check the encryption result of test_real_blkdev(/dev/loop0)
// at this time, if we mount /dev/loop0 forcely, we can't mount them...
}
}
// decyprt
- engine.decrypt(key32bit);
+ engine.decrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
// check the decryption result of test_Real_Blkdev(/dev/loop0)
// at this time, if we mount /dev/loop0 forcely, we can mount them,
const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
- engine.encrypt(key32bit);
- engine.mount(key32bit);
+ engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
+ engine.mount(key32bit, 0);
{
// we should find test file (file name: ABC, body: DEF) in mount-point
std::string cmd = "cat " + test_real_mntpoint + "/ABC";
pclose(fp);
}
engine.umount();
- engine.decrypt(key32bit);
+ engine.decrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
//
} catch (runtime::Exception &e) {
TEST_FAIL(e.what());
const ode::DMCryptEngine::data wrongkey32bit(wrongkeystring.begin(), wrongkeystring.end());
ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
- engine.encrypt(key32bit);
+ engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
// check the encryption result of test_real_blkdev(/dev/loop0)
// at this time, if we mount /dev/loop0 forcely, we can't mount them...
}
}
// decrypt with WRONG KEY
- engine.decrypt(wrongkey32bit);
+ engine.decrypt(wrongkey32bit, OPTION_INCLUDE_UNUSED_REGION);
// check the decryption result of test_Real_Blkdev(/dev/loop0)
// at this time, if we mount /dev/loop0 forcely, we can't mount them...
switch (ad->view_type) {
case ENCRYPT_DEVICE:
dlog_print(DLOG_DEBUG, LOG_TAG, "encrypt device confirm");
- ret = ode_internal_encryption_encrypt("tizen");
+ ret = ode_internal_encryption_encrypt("tizen", 0);
if (ret != 0) {
dlog_print(DLOG_DEBUG, LOG_TAG, "internal encryption failed");
}
dlog_print(DLOG_DEBUG, LOG_TAG, "encrypt sd card confrim");
create_base_window();
create_progress_view("Encrypting", "External");
- ret = ode_external_encryption_encrypt("tizen");
+ ret = ode_external_encryption_encrypt("tizen", 0);
if (ret != 0) {
dlog_print(DLOG_DEBUG, LOG_TAG, "external encryption failed");
}
int ret;
if (name == "internal") {
- std::string password = getPassword();
- ret = ode_internal_encryption_encrypt(password.c_str());
+ unsigned int options;
+ ret = ode_internal_encryption_get_supported_options(&options);
+ if (ret == 0) {
+ char answer;
+ if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) {
+ std::cout << "Encrypt All (include unused region)? (y/n) ";
+ std::cin >> answer;
+ if (answer != 'Y' && answer != 'y') {
+ options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION;
+ }
+ }
+ std::string password = getPassword();
+ ret = ode_internal_encryption_encrypt(password.c_str(), options);
+ }
} else if (name == "external") {
- std::string password = getPassword();
- ret = ode_external_encryption_encrypt(password.c_str());
+ unsigned int options;
+ ret = ode_external_encryption_get_supported_options(&options);
+ if (ret == 0) {
+ char answer;
+ if (options & ODE_OPTION_EXTERNAL_ONLY_NEW_FILE) {
+ std::cout << "Encrypt new files only? (y/n) ";
+ std::cin >> answer;
+ if (answer != 'Y' && answer != 'y') {
+ options &= ~ODE_OPTION_EXTERNAL_ONLY_NEW_FILE;
+ }
+ }
+ if (options & ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE) {
+ std::cout << "Encrypt non-media files only? (y/n) ";
+ std::cin >> answer;
+ if (answer != 'Y' && answer != 'y') {
+ options &= ~ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE;
+ }
+ }
+ std::string password = getPassword();
+ ret = ode_external_encryption_encrypt(password.c_str(), options);
+ }
} else {
printSelectableStorage();
return -1;
projects / platform / core / security / ode.git / commitdiff