From: Sungbae Yoo Date: Wed, 18 Jan 2017 11:16:47 +0000 (+0900) Subject: Add APIs for the options of each encryption X-Git-Tag: submit/tizen/20170213.020148~17 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=018ede42bcbe98295caec30ac2a756e2b82b8ac4;p=platform%2Fcore%2Fsecurity%2Fode.git Add APIs for the options of each encryption Change-Id: Id879ed8a52dadc09b571ca91a38550ecc3d0c916 Signed-off-by: Sungbae Yoo Signed-off-by: Seok Hong --- diff --git a/lib/external-encryption.cpp b/lib/external-encryption.cpp index e0cbe12..ed096c3 100644 --- a/lib/external-encryption.cpp +++ b/lib/external-encryption.cpp @@ -44,10 +44,10 @@ int ExternalEncryption::umount() } } -int ExternalEncryption::encrypt(const std::string& password) +int ExternalEncryption::encrypt(const std::string& password, unsigned int options) { try { - return context->methodCall("ExternalEncryption::encrypt", password); + return context->methodCall("ExternalEncryption::encrypt", password, options); } catch (runtime::Exception& e) { return -1; } @@ -82,4 +82,13 @@ int ExternalEncryption::getState() } } +unsigned int ExternalEncryption::getSupportedOptions() +{ + try { + return context->methodCall("ExternalEncryption::getSupportedOptions"); + } catch (runtime::Exception& e) { + return -1; + } +} + } // namespace ode diff --git a/lib/internal-encryption.cpp b/lib/internal-encryption.cpp index 6a15e00..a6e7586 100644 --- a/lib/internal-encryption.cpp +++ b/lib/internal-encryption.cpp @@ -44,10 +44,10 @@ int InternalEncryption::umount() } } -int InternalEncryption::encrypt(const std::string& password) +int InternalEncryption::encrypt(const std::string& password, unsigned int options) { try { - return context->methodCall("InternalEncryption::encrypt", password); + return context->methodCall("InternalEncryption::encrypt", password, options); } catch (runtime::Exception& e) { return -1; } @@ -82,4 +82,13 @@ int InternalEncryption::getState() } } +unsigned int InternalEncryption::getSupportedOptions() +{ + try { + return context->methodCall("InternalEncryption::getSupportedOptions"); + } catch (runtime::Exception& e) { + return -1; + } +} + } // namespace ode diff --git a/lib/ode/external-encryption.cpp b/lib/ode/external-encryption.cpp index 2275aaa..4ff6e3d 100644 --- a/lib/ode/external-encryption.cpp +++ b/lib/ode/external-encryption.cpp @@ -42,7 +42,7 @@ int ode_external_encryption_umount() return external.umount(); } -int ode_external_encryption_encrypt(const char* password) +int ode_external_encryption_encrypt(const char* password, unsigned int options) { RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); @@ -50,7 +50,7 @@ int ode_external_encryption_encrypt(const char* password) RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); ExternalEncryption external = client.createInterface(); - return external.encrypt(password); + return external.encrypt(password, options); } int ode_external_encryption_decrypt(const char* password) @@ -91,3 +91,14 @@ int ode_external_encryption_get_state(int* state) *state = ret; return ODE_ERROR_NONE; } + +int ode_external_encryption_get_supported_options(unsigned int* options) +{ + RET_ON_FAILURE(options, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + *options = external.getSupportedOptions(); + return ODE_ERROR_NONE; +} diff --git a/lib/ode/external-encryption.h b/lib/ode/external-encryption.h index 4f78455..5fc4b45 100644 --- a/lib/ode/external-encryption.h +++ b/lib/ode/external-encryption.h @@ -71,6 +71,7 @@ ODE_API int ode_external_encryption_umount(); * @details Administrator can use this API to encrypt external storage. * @since_tizen 3.0 * @param[in] password The password to encrypt external storage + * @param[in] options Encryption options * @return #ODE_ERROR_NONE on success, otherwise a negative value * @retval #ODE_ERROR_NONE Successful * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter @@ -78,14 +79,13 @@ ODE_API int ode_external_encryption_umount(); * @retval #ODE_ERROR_KEY_REJECTED Password doen't match * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * @retval #ODE_ERROR_NOT_SUPPORTED Given options are not supported * the privilege to call this API - * @pre The handle must be created by ode_manager_create(). - * @see ode_manager_create() - * @see ode_manager_destroy() * @see ode_external_encryption_mount() * @see ode_external_encryption_decrypt() + * @see ode_external_encryption_get_supported_options() */ -ODE_API int ode_external_encryption_encrypt(const char* password); +ODE_API int ode_external_encryption_encrypt(const char* password, unsigned int options); /** * @brief Decrypt external storage by given password. @@ -143,6 +143,31 @@ ODE_API int ode_external_encryption_change_password(const char* old_password, */ ODE_API int ode_external_encryption_get_state(int* state); +/* + * @brief Enumeration for external encryption options + * @since_tizen 3.0 + */ +typedef enum { + ODE_OPTION_EXTERNAL_ONLY_NEW_FILE = 1 << 0, /**< Encrypt new files only */ + ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE = 1 << 1, /**< Encrypt non-media files only */ +} ode_options_external_e; + +/** + * @brief Get supported options for encryption of external storage. + * @details Administrator can use this API to get which options are + supported for encryption of external storage. + * @since_tizen 3.0 + * @param[out] option The logical OR of supported options in external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_encrypt() + */ +ODE_API int ode_external_encryption_get_supported_options(unsigned int* options); + /** * @} */ diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp index 9c3d769..8ada3ee 100644 --- a/lib/ode/internal-encryption.cpp +++ b/lib/ode/internal-encryption.cpp @@ -42,7 +42,7 @@ int ode_internal_encryption_umount() return internal.umount(); } -int ode_internal_encryption_encrypt(const char* password) +int ode_internal_encryption_encrypt(const char* password, unsigned int options) { RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); @@ -50,7 +50,7 @@ int ode_internal_encryption_encrypt(const char* password) RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); InternalEncryption internal = client.createInterface(); - return internal.encrypt(password); + return internal.encrypt(password, options); } int ode_internal_encryption_decrypt(const char* password) @@ -91,3 +91,14 @@ int ode_internal_encryption_get_state(int* state) *state = ret; return ODE_ERROR_NONE; } + +int ode_internal_encryption_get_supported_options(unsigned int* options) +{ + RET_ON_FAILURE(options, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + *options = internal.getSupportedOptions(); + return ODE_ERROR_NONE; +} diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h index b89fd49..cb0742e 100644 --- a/lib/ode/internal-encryption.h +++ b/lib/ode/internal-encryption.h @@ -70,6 +70,7 @@ ODE_API int ode_internal_encryption_umount(); * @details Administrator can use this API to encrypt internal storage. * @since_tizen 3.0 * @param[in] password The password to encrypt internal storage + * @param[in] options Encryption options * @return #ODE_ERROR_NONE on success, otherwise a negative value * @retval #ODE_ERROR_NONE Successful * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter @@ -77,11 +78,13 @@ ODE_API int ode_internal_encryption_umount(); * @retval #ODE_ERROR_KEY_REJECTED Password doen't match * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * @retval #ODE_ERROR_NOT_SUPPORTED Given options are not supported * the privilege to call this API * @see ode_internal_encryption_mount() * @see ode_internal_encryption_decrypt() + * @see ode_internal_encryption_get_supported_options() */ -ODE_API int ode_internal_encryption_encrypt(const char* password); +ODE_API int ode_internal_encryption_encrypt(const char* password, unsigned int options); /** * @brief Decrypt internal storage by given password. @@ -139,7 +142,31 @@ ODE_API int ode_internal_encryption_change_password(const char* old_password, */ ODE_API int ode_internal_encryption_get_state(int* state); +/* + * @brief Enumeration for internal encryption options + * @since_tizen 3.0 + */ +typedef enum { + ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION = 1 << 0, /**< Encrypt all include unused region */ +} ode_options_internal_e; + /** + * @brief Get supported options for encryption of internal storage. + * @details Administrator can use this API to get which options are + supported for encryption of external storage. + * @since_tizen 3.0 + * @param[out] option The logical OR of supported options in internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_encrypt() + */ +ODE_API int ode_internal_encryption_get_supported_options(unsigned int* options); + +/* * @} */ diff --git a/rmi/external-encryption.h b/rmi/external-encryption.h index 4643cd9..dc6fc63 100644 --- a/rmi/external-encryption.h +++ b/rmi/external-encryption.h @@ -31,10 +31,12 @@ public: ExternalEncryption(ODEControlContext& ctxt); ~ExternalEncryption(); + unsigned int getSupportedOptions(); + int mount(const std::string& password); int umount(); - int encrypt(const std::string& password); + int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); @@ -47,6 +49,11 @@ public: int getState(); + enum Option { + OnlyNewFile = 1 << 0, + ExceptForMediaFile = 1 << 1, + }; + private: ODEControlContext& context; }; diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h index 59ef340..ddbe6a1 100644 --- a/rmi/internal-encryption.h +++ b/rmi/internal-encryption.h @@ -33,7 +33,7 @@ public: int mount(const std::string& password); int umount(); - int encrypt(const std::string& password); + int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); @@ -46,6 +46,12 @@ public: int getState(); + enum Option { + IncludeUnusedRegion = 1 << 0, + }; + + unsigned int getSupportedOptions(); + private: ODEControlContext& context; }; diff --git a/server/engine/dmcrypt-engine.cpp b/server/engine/dmcrypt-engine.cpp index 292d73f..eae9c16 100644 --- a/server/engine/dmcrypt-engine.cpp +++ b/server/engine/dmcrypt-engine.cpp @@ -28,6 +28,8 @@ #include "dmcrypt-engine.h" +#define OPTION_INCLUDE_UNUSED_REGION (1 << 0) + namespace ode { void CryptInfo::init(const std::string &src, const std::string &crypto_name) @@ -252,7 +254,7 @@ static ode::DMCryptEngine::data sanitizeKey(const ode::DMCryptEngine::data &key) return key; } -void DMCryptEngine::mount(const DMCryptEngine::data &key) +void DMCryptEngine::mount(const DMCryptEngine::data &key, unsigned int options) { DMCryptEngine::data sanitized_key = sanitizeKey(key); @@ -298,7 +300,7 @@ void DMCryptEngine::encryptInPlace(const std::string &dst_blkdev, progressBar.done(); } -void DMCryptEngine::encrypt(const DMCryptEngine::data &key) +void DMCryptEngine::encrypt(const DMCryptEngine::data &key, unsigned int options) { DMCryptEngine::data sanitized_key = sanitizeKey(key); @@ -313,7 +315,7 @@ void DMCryptEngine::encrypt(const DMCryptEngine::data &key) destroyCryptoBlkDev(DM_LABEL); } -void DMCryptEngine::decrypt(const DMCryptEngine::data &key) +void DMCryptEngine::decrypt(const DMCryptEngine::data &key, unsigned int options) { DMCryptEngine::data sanitized_key = sanitizeKey(key); @@ -338,4 +340,9 @@ void DMCryptEngine::setKeyMeta(const data &meta) FileFooter::write(source, meta); } +unsigned int DMCryptEngine::getSupportedOptions() +{ + return OPTION_INCLUDE_UNUSED_REGION; +} + } // namespace ode diff --git a/server/engine/dmcrypt-engine.h b/server/engine/dmcrypt-engine.h index b63a848..65472e4 100644 --- a/server/engine/dmcrypt-engine.h +++ b/server/engine/dmcrypt-engine.h @@ -62,15 +62,17 @@ public: typedef std::vector data; - void mount(const data &key); + void mount(const data &key, unsigned int options); void umount(); - void encrypt(const data &key); - void decrypt(const data &key); + void encrypt(const data &key, unsigned int options); + void decrypt(const data &key, unsigned int options); const data getKeyMeta(); void setKeyMeta(const data &data); + unsigned int getSupportedOptions(); + private: void encryptInPlace(const std::string &dst_blkdev, const std::string &src_blkdev, diff --git a/server/engine/ecryptfs-engine.cpp b/server/engine/ecryptfs-engine.cpp index 64f4eac..8dbb499 100644 --- a/server/engine/ecryptfs-engine.cpp +++ b/server/engine/ecryptfs-engine.cpp @@ -25,9 +25,12 @@ #include "ecryptfs-engine.h" -#if 0 +#define OPTION_ONLY_NEW_FILE (1 << 0) +#define OPTION_EXCEPT_FOR_MEDIA_FILE (1 << 1) + +#define SUPPORTED_OPTIONS OPTION_ONLY_NEW_FILE + #define MEDIA_EXCLUSION_LIST "temp_video/Camera/DCIM:mp3|mpga|m4a|mp4|wav|amr|awb|wma|ogg|oga|aac|mka|flac|3gp|3ga|mid|midi|xmf|rtttl|rtx|ota|smf|spm|imy|mpeg|m4v|3gp|3gpp|3g2|3gpp2|wmv|asf|mkv|webm|ts|avi|jpg|jpeg|gif|png|bmp|wbmp|divx|flv|ac3|mov|tiff|f4v|mpeg3|voice" -#endif #define CIPHER_MODE "aes" #define ENCRYPTION_CHECKER_NAME ".ecryptfs_encrypted" @@ -239,7 +242,7 @@ void copyInPlace(const std::string& source, const std::string& destination, } } -void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector &key) +void ecryptfsMount(const std::string &source, const std::string &destination, const std::vector &key, unsigned int options) { ecryptfs_auth_tok payload; std::string mountOption; @@ -277,13 +280,13 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co } mountOption = "ecryptfs_passthrough" - ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) + ",ecryptfs_cipher=" CIPHER_MODE + ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) + ",ecryptfs_key_bytes=" + std::to_string(payload.token.password.session_key_encryption_key_bytes); -#ifdef MEDIA_EXCLUSION_LIST - mountOption += ",ecryptfs_enable_filtering=" MEDIA_EXCLUSION_LIST; -#endif + if (options & OPTION_EXCEPT_FOR_MEDIA_FILE) { + mountOption += ",ecryptfs_enable_filtering=" MEDIA_EXCLUSION_LIST; + } INFO("option = " + mountOption); INFO("source = " + source); @@ -315,9 +318,9 @@ EcryptfsEngine::~EcryptfsEngine() { } -void EcryptfsEngine::mount(const data &key) +void EcryptfsEngine::mount(const data &key, unsigned int options) { - ecryptfsMount(source, destination, key); + ecryptfsMount(source, destination, key, options); } void EcryptfsEngine::umount() @@ -325,7 +328,7 @@ void EcryptfsEngine::umount() ecryptfsUmount(destination); } -void EcryptfsEngine::encrypt(const data &key) +void EcryptfsEngine::encrypt(const data &key, unsigned int options) { if (!isEnoughToCopyInPlace(source, getDecryptedSize)) { throw runtime::Exception("No space to encryption"); @@ -334,7 +337,7 @@ void EcryptfsEngine::encrypt(const data &key) progress.update(0); try { - ecryptfsMount(source, destination, key); + ecryptfsMount(source, destination, key, options); } catch (runtime::Exception &e) { throw runtime::Exception("Failed to mount - " + std::string(e.what())); } @@ -344,7 +347,8 @@ void EcryptfsEngine::encrypt(const data &key) runtime::File tempDir(destination + "/" ENCRYPTION_CHECKER_NAME); tempDir.makeDirectory(); - copyInPlace(destination, destination, tempDir.getPath(), + if (!(options & OPTION_ONLY_NEW_FILE)) { + copyInPlace(destination, destination, tempDir.getPath(), [](const std::string &file) { return true; }, @@ -352,6 +356,7 @@ void EcryptfsEngine::encrypt(const data &key) current += size; this->progress.update(current * 100 / totalSize); }); + } } catch (runtime::Exception &e) { try { ecryptfsUmount(destination); @@ -364,7 +369,7 @@ void EcryptfsEngine::encrypt(const data &key) progress.done(); } -void EcryptfsEngine::decrypt(const data &key) +void EcryptfsEngine::decrypt(const data &key, unsigned int options) { if (!isEnoughToCopyInPlace(destination, getEncryptedSize)) { throw runtime::Exception("No space to encryption"); @@ -378,7 +383,7 @@ void EcryptfsEngine::decrypt(const data &key) runtime::File tempMountpoint(tempDir.getPath() + "/mount"); tempMountpoint.makeDirectory(); - ecryptfsMount(source, tempMountpoint.getPath(), key); + ecryptfsMount(source, tempMountpoint.getPath(), key, 0); copyInPlace(tempMountpoint.getPath(), source, tempDir.getPath(), wasEncrypted, @@ -408,4 +413,9 @@ void EcryptfsEngine::setKeyMeta(const data &meta) FileFooter::write(source, meta); } +unsigned int EcryptfsEngine::getSupportedOptions() +{ + return SUPPORTED_OPTIONS; +} + } // namespace ode diff --git a/server/engine/ecryptfs-engine.h b/server/engine/ecryptfs-engine.h index 4e5ebb5..027154a 100644 --- a/server/engine/ecryptfs-engine.h +++ b/server/engine/ecryptfs-engine.h @@ -55,15 +55,17 @@ public: typedef std::vector data; - void mount(const data& key); + void mount(const data& key, unsigned int); void umount(); - void encrypt(const data& key); - void decrypt(const data& key); + void encrypt(const data& key, unsigned int); + void decrypt(const data& key, unsigned int); const data getKeyMeta(); void setKeyMeta(const data &data); + unsigned int getSupportedOptions(); + private: std::string source, destination; ProgressBar progress; diff --git a/server/engine/ext4-engine.cpp b/server/engine/ext4-engine.cpp index c9a0d8d..4f96fce 100644 --- a/server/engine/ext4-engine.cpp +++ b/server/engine/ext4-engine.cpp @@ -419,7 +419,7 @@ Ext4Engine::~Ext4Engine() { } -void Ext4Engine::mount(const Ext4Engine::data& key) +void Ext4Engine::mount(const Ext4Engine::data& key, unsigned int options) { addKey(key); /* mount : /dev/mmcblk0p21 /opt/usr_encrypt */ @@ -442,7 +442,7 @@ void Ext4Engine::addKey(const Ext4Engine::data& key) addKeyToKeyring(key); } -void Ext4Engine::encrypt(const Ext4Engine::data& key) +void Ext4Engine::encrypt(const Ext4Engine::data& key, unsigned int options) { std::string sourceDir = getSource(); std::string destDir = getDestination(); @@ -466,7 +466,7 @@ void Ext4Engine::encrypt(const Ext4Engine::data& key) throw runtime::Exception(runtime::GetSystemErrorMessage()); } -void Ext4Engine::decrypt(const Ext4Engine::data& key) +void Ext4Engine::decrypt(const Ext4Engine::data& key, unsigned int options) { std::string destDir = getDestination(); @@ -504,4 +504,9 @@ void Ext4Engine::setKeyMeta(const data &data) FileFooter::write(source, data); } +unsigned int Ext4Engine::getSupportedOptions() +{ + return 0; +} + } // namespace ode diff --git a/server/engine/ext4-engine.h b/server/engine/ext4-engine.h index e9cdb22..ffafde8 100644 --- a/server/engine/ext4-engine.h +++ b/server/engine/ext4-engine.h @@ -46,16 +46,18 @@ public: typedef std::vector data; - void mount(const data &key); + void mount(const data &key, unsigned int options); void umount(); void addKey(const data &key); - void encrypt(const data &key); - void decrypt(const data &key); + void encrypt(const data &key, unsigned int options); + void decrypt(const data &key, unsigned int options); const data getKeyMeta(); void setKeyMeta(const data &data); + unsigned int getSupportedOptions(); + int copy(std::string& src, std::string& dest); void listDir(std::string& source, std::string& dest, bool excludeFlag); diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index 2601a35..c821c5d 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -40,7 +40,9 @@ #define EXTERNAL_STORAGE_PATH "/opt/media/SDCardA1" #define DEFAULT_USER "owner" -#define EXTERNAL_STORAGE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE +#define EXTERNAL_STATE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE +#define EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY VCONFKEY_SDE_ENCRYPT_NEWFILE +#define EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY VCONFKEY_SDE_EXCLUDE_MEDIAFILE namespace ode { @@ -102,6 +104,45 @@ void externalAddEventReceiver() externalCallback); } +unsigned int getOptions() +{ + unsigned int result = 0; + int value; + + value = 0; + ::vconf_get_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, &value); + if (value) { + result |= ExternalEncryption::Option::OnlyNewFile; + } + + value = 0; + ::vconf_get_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, &value); + if (value) { + result |= ExternalEncryption::Option::ExceptForMediaFile; + } + + return result; +} + +void setOptions(unsigned int options) +{ + bool value; + + if (options & ExternalEncryption::Option::OnlyNewFile) { + value = true; + } else { + value = false; + } + ::vconf_set_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, value); + + if (options & ExternalEncryption::Option::ExceptForMediaFile) { + value = true; + } else { + value = false; + } + ::vconf_set_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, value); +} + } // namsepace ExternalEncryption::ExternalEncryption(ODEControlContext &ctx) : @@ -109,15 +150,15 @@ ExternalEncryption::ExternalEncryption(ODEControlContext &ctx) : { context.registerParametricMethod(this, "", (int)(ExternalEncryption::mount)(std::string)); context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::umount)); - context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string, unsigned int)); context.registerParametricMethod(this, "", (int)(ExternalEncryption::decrypt)(std::string)); context.registerParametricMethod(this, "", (int)(ExternalEncryption::changePassword)(std::string, std::string)); context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::getState)); + context.registerNonparametricMethod(this, "", (unsigned int)(ExternalEncryption::getSupportedOptions)); externalAddEventReceiver(); } - ExternalEncryption::~ExternalEncryption() { } @@ -131,7 +172,7 @@ int ExternalEncryption::mount(const std::string &password) return -2; } - engine.mount(keyManager.getMasterKey(pwData)); + engine.mount(keyManager.getMasterKey(pwData), getOptions()); return 0; } @@ -145,7 +186,7 @@ int ExternalEncryption::umount() return 0; } -int ExternalEncryption::encrypt(const std::string &password) +int ExternalEncryption::encrypt(const std::string &password, unsigned int options) { KeyManager::data pwData(password.begin(), password.end()); KeyManager keyManager; @@ -154,11 +195,12 @@ int ExternalEncryption::encrypt(const std::string &password) engine.setKeyMeta(keyManager.serialize()); KeyManager::data MasterKey = keyManager.getMasterKey(pwData); - auto encryptWorker = [MasterKey, this]() { + auto encryptWorker = [&MasterKey, options, this]() { INFO("Close all applications using external storage..."); killDependedApplications(); INFO("Encryption started..."); - engine.encrypt(MasterKey); + engine.encrypt(MasterKey, options); + setOptions(options & getSupportedOptions()); INFO("Sync disk..."); sync(); INFO("Encryption completed"); @@ -189,7 +231,7 @@ int ExternalEncryption::decrypt(const std::string &password) } catch (runtime::Exception &e) {} INFO("Decryption started..."); - engine.decrypt(MasterKey); + engine.decrypt(MasterKey, getOptions()); INFO("Sync disk..."); sync(); INFO("Decryption completed"); @@ -220,7 +262,7 @@ int ExternalEncryption::changePassword(const std::string &oldPassword, int ExternalEncryption::getState() { - char *value = ::vconf_get_str(EXTERNAL_STORAGE_VCONF_KEY); + char *value = ::vconf_get_str(EXTERNAL_STATE_VCONF_KEY); if (value == NULL) { throw runtime::Exception("Failed to get vconf value"); } @@ -239,4 +281,9 @@ int ExternalEncryption::getState() return 0; } +unsigned int ExternalEncryption::getSupportedOptions() +{ + return engine.getSupportedOptions(); +} + } // namespace ode diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index fe41885..9b5d416 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -33,7 +33,8 @@ #include "rmi/internal-encryption.h" #define INTERNAL_STORAGE_PATH "/opt/usr" -#define INTERNAL_STORAGE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE +#define INTERNAL_STATE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE +#define INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY VCONFKEY_ODE_FAST_ENCRYPTION namespace ode { @@ -84,17 +85,44 @@ void showProgressUI(const std::string type) { proc.execute(); } +unsigned int getOptions() +{ + unsigned int result = 0; + int value; + + value = 0; + ::vconf_get_bool(INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY, &value); + if (value) { + result |= InternalEncryption::Option::IncludeUnusedRegion; + } + + return result; +} + +void setOptions(unsigned int options) +{ + bool value; + + if (options & InternalEncryption::Option::IncludeUnusedRegion) { + value = true; + } else { + value = false; + } + ::vconf_set_bool(INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY, value); +} + } InternalEncryption::InternalEncryption(ODEControlContext& ctx) : context(ctx) { + context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState)); + context.registerNonparametricMethod(this, "", (unsigned int)(InternalEncryption::getSupportedOptions)); context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string)); context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount)); - context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string, unsigned int)); context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string)); context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string)); - context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState)); } InternalEncryption::~InternalEncryption() @@ -114,7 +142,7 @@ int InternalEncryption::mount(const std::string& password) return -2; } - engine.mount(keyManager.getMasterKey(pwData)); + engine.mount(keyManager.getMasterKey(pwData), getOptions()); return 0; } @@ -132,7 +160,7 @@ int InternalEncryption::umount() return 0; } -int InternalEncryption::encrypt(const std::string& password) +int InternalEncryption::encrypt(const std::string& password, unsigned int options) { if (getState() != State::Unencrypted) { return -1; @@ -145,7 +173,7 @@ int InternalEncryption::encrypt(const std::string& password) engine.setKeyMeta(keyManager.serialize()); KeyManager::data MasterKey = keyManager.getMasterKey(pwData); - auto encryptWorker = [MasterKey, this]() { + auto encryptWorker = [&MasterKey, options, this]() { showProgressUI("Encrypting"); INFO("Close all processes using internal storage..."); @@ -158,13 +186,14 @@ int InternalEncryption::encrypt(const std::string& password) } INFO("Encryption started..."); - ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted"); - engine.encrypt(MasterKey); + ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted"); + engine.encrypt(MasterKey, options); + setOptions(options & getSupportedOptions()); INFO("Sync disk..."); sync(); INFO("Encryption completed"); - ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "encrypted"); + ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "encrypted"); ::reboot(RB_AUTOBOOT); }; @@ -199,13 +228,13 @@ int InternalEncryption::decrypt(const std::string& password) } catch (runtime::Exception& e) {} INFO("Decryption started..."); - ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted"); - engine.decrypt(MasterKey); + ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted"); + engine.decrypt(MasterKey, getOptions()); INFO("Sync disk..."); sync(); INFO("Decryption completed"); - ::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "unencrypted"); + ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "unencrypted"); ::reboot(RB_AUTOBOOT); }; @@ -234,7 +263,7 @@ int InternalEncryption::changePassword(const std::string& oldPassword, int InternalEncryption::getState() { - char *value = ::vconf_get_str(INTERNAL_STORAGE_VCONF_KEY); + char *value = ::vconf_get_str(INTERNAL_STATE_VCONF_KEY); if (value == NULL) { throw runtime::Exception("Failed to get vconf value"); } @@ -253,4 +282,9 @@ int InternalEncryption::getState() return 0; } +unsigned int InternalEncryption::getSupportedOptions() +{ + return engine.getSupportedOptions(); +} + } // namespace ode diff --git a/tests/dmcrypt-engine.cpp b/tests/dmcrypt-engine.cpp index ee4e44d..c790bc8 100644 --- a/tests/dmcrypt-engine.cpp +++ b/tests/dmcrypt-engine.cpp @@ -346,7 +346,7 @@ TESTCASE(DMCryptEncryptAndDecrypt) const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar); - engine.encrypt(key32bit); + engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION); // check the encryption result of test_real_blkdev(/dev/loop0) // at this time, if we mount /dev/loop0 forcely, we can't mount them... @@ -360,7 +360,7 @@ TESTCASE(DMCryptEncryptAndDecrypt) } } // decyprt - engine.decrypt(key32bit); + engine.decrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION); // check the decryption result of test_Real_Blkdev(/dev/loop0) // at this time, if we mount /dev/loop0 forcely, we can mount them, @@ -389,8 +389,8 @@ TESTCASE(DMCryptEncryptMountUnmountDecrypt) const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end()); ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar); - engine.encrypt(key32bit); - engine.mount(key32bit); + engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION); + engine.mount(key32bit, 0); { // we should find test file (file name: ABC, body: DEF) in mount-point std::string cmd = "cat " + test_real_mntpoint + "/ABC"; @@ -422,7 +422,7 @@ TESTCASE(DMCryptEncryptMountUnmountDecrypt) pclose(fp); } engine.umount(); - engine.decrypt(key32bit); + engine.decrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION); // } catch (runtime::Exception &e) { TEST_FAIL(e.what()); @@ -443,7 +443,7 @@ TESTCASE(DMCryptEncryptButDecryptWithWrongKey) const ode::DMCryptEngine::data wrongkey32bit(wrongkeystring.begin(), wrongkeystring.end()); ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar); - engine.encrypt(key32bit); + engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION); // check the encryption result of test_real_blkdev(/dev/loop0) // at this time, if we mount /dev/loop0 forcely, we can't mount them... @@ -457,7 +457,7 @@ TESTCASE(DMCryptEncryptButDecryptWithWrongKey) } } // decrypt with WRONG KEY - engine.decrypt(wrongkey32bit); + engine.decrypt(wrongkey32bit, OPTION_INCLUDE_UNUSED_REGION); // check the decryption result of test_Real_Blkdev(/dev/loop0) // at this time, if we mount /dev/loop0 forcely, we can't mount them... diff --git a/tools/apps/ode/src/ode-app-confirm.c b/tools/apps/ode/src/ode-app-confirm.c index 2dd6506..200c924 100644 --- a/tools/apps/ode/src/ode-app-confirm.c +++ b/tools/apps/ode/src/ode-app-confirm.c @@ -29,7 +29,7 @@ static void _confirm_btn_clicked_cb(void *data, Evas_Object *obj, void *event_in switch (ad->view_type) { case ENCRYPT_DEVICE: dlog_print(DLOG_DEBUG, LOG_TAG, "encrypt device confirm"); - ret = ode_internal_encryption_encrypt("tizen"); + ret = ode_internal_encryption_encrypt("tizen", 0); if (ret != 0) { dlog_print(DLOG_DEBUG, LOG_TAG, "internal encryption failed"); } @@ -47,7 +47,7 @@ static void _confirm_btn_clicked_cb(void *data, Evas_Object *obj, void *event_in dlog_print(DLOG_DEBUG, LOG_TAG, "encrypt sd card confrim"); create_base_window(); create_progress_view("Encrypting", "External"); - ret = ode_external_encryption_encrypt("tizen"); + ret = ode_external_encryption_encrypt("tizen", 0); if (ret != 0) { dlog_print(DLOG_DEBUG, LOG_TAG, "external encryption failed"); } diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp index a4dae3a..9ae66af 100644 --- a/tools/cli/ode-admin-cli.cpp +++ b/tools/cli/ode-admin-cli.cpp @@ -125,11 +125,42 @@ static inline int encrypt_storage(const std::string name) int ret; if (name == "internal") { - std::string password = getPassword(); - ret = ode_internal_encryption_encrypt(password.c_str()); + unsigned int options; + ret = ode_internal_encryption_get_supported_options(&options); + if (ret == 0) { + char answer; + if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) { + std::cout << "Encrypt All (include unused region)? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION; + } + } + std::string password = getPassword(); + ret = ode_internal_encryption_encrypt(password.c_str(), options); + } } else if (name == "external") { - std::string password = getPassword(); - ret = ode_external_encryption_encrypt(password.c_str()); + unsigned int options; + ret = ode_external_encryption_get_supported_options(&options); + if (ret == 0) { + char answer; + if (options & ODE_OPTION_EXTERNAL_ONLY_NEW_FILE) { + std::cout << "Encrypt new files only? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_EXTERNAL_ONLY_NEW_FILE; + } + } + if (options & ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE) { + std::cout << "Encrypt non-media files only? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE; + } + } + std::string password = getPassword(); + ret = ode_external_encryption_encrypt(password.c_str(), options); + } } else { printSelectableStorage(); return -1;