From: Jaemin Ryu Date: Fri, 6 Jul 2018 07:55:00 +0000 (+0900) Subject: Add ode_internal_encryption_mount_ex API X-Git-Tag: submit/tizen_4.0/20180706.094449^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0c5d81a9e197a076fb67a093a54a30eb104e5982;p=platform%2Fcore%2Fsecurity%2Fode.git Add ode_internal_encryption_mount_ex API Change-Id: I66143553b9c0b23a3989abb679e8e67f3556c7aa Signed-off-by: Jaemin Ryu --- diff --git a/lib/internal-encryption.cpp b/lib/internal-encryption.cpp index 123c8f3..0ea54f0 100644 --- a/lib/internal-encryption.cpp +++ b/lib/internal-encryption.cpp @@ -36,10 +36,10 @@ int InternalEncryptionClient::setMountPassword(const std::string& password) } } -int InternalEncryptionClient::mount() +int InternalEncryptionClient::mount(const std::vector &mk, unsigned int options) { try { - return context->methodCall("InternalEncryptionServer::mount"); + return context->methodCall("InternalEncryptionServer::mount", mk, options); } catch (runtime::Exception& e) { return error::Unknown; } diff --git a/lib/internal-encryption.h b/lib/internal-encryption.h index 882a464..15b76db 100644 --- a/lib/internal-encryption.h +++ b/lib/internal-encryption.h @@ -18,6 +18,7 @@ #define __INTERNAL_ENCRYPTION_CLIENT_H__ #include +#include #include "rmi/internal-encryption.h" #include "client.h" @@ -31,7 +32,7 @@ public: int setMountPassword(const std::string& password); - int mount(); + int mount(const std::vector &mk, unsigned int options); int umount(); int encrypt(const std::string& password, unsigned int options); diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp index 4935d07..d8b4d55 100644 --- a/lib/ode/internal-encryption.cpp +++ b/lib/ode/internal-encryption.cpp @@ -43,7 +43,18 @@ int ode_internal_encryption_mount() RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); InternalEncryptionClient internal = client.createInterface(); - return toApiError(internal.mount()); + return toApiError(internal.mount(std::vector(), 0)); +} + +int ode_internal_encryption_mount_ex(const unsigned char *mk, unsigned int options) +{ + size_t key_len = options == 0 ? 32 : 64; + std::vector key(mk, mk + key_len); + ClientContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryptionClient internal = client.createInterface(); + + return toApiError(internal.mount(key, options)); } int ode_internal_encryption_umount() diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h index c55f531..951cd99 100644 --- a/lib/ode/internal-encryption.h +++ b/lib/ode/internal-encryption.h @@ -70,6 +70,26 @@ ODE_API int ode_internal_encryption_set_mount_password(const char* password); */ ODE_API int ode_internal_encryption_mount(); +/** + * @brief Mount internal storage with encryption + * @details Administrator can use this API to mount encrypted internal + * storage. + * @since_tizen 4.0 + * @param[in] mk Master key used to mount internal storage + * @param[in] options Mount options + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_NO_SUCH_DEVICE Internal storage is not encrypted + * @retval #ODE_ERROR_NO_DATA Password isn't set + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed + * @retval #ODE_ERROR_UNKNOWN Unknown error + * @see ode_internal_encryption_umount() + */ + +ODE_API int ode_internal_encryption_mount_ex(const unsigned char *mk, int option); + /** * @brief Umount internal storage * @details Administrator can use this API to unmount internal storage. @@ -330,7 +350,6 @@ ODE_API int ode_internal_encryption_unset_mount_event_cb(); * @retval #ODE_ERROR_UNKNOWN Unknown error */ ODE_API int ode_internal_encryption_get_device_path(char** device); - /* * @} */ diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h index c20f7f9..1260214 100644 --- a/rmi/internal-encryption.h +++ b/rmi/internal-encryption.h @@ -18,6 +18,7 @@ #define __INTERNAL_ENCRYPTION_H__ #include +#include namespace ode { @@ -31,7 +32,7 @@ public: virtual int setMountPassword(const std::string& password) = 0; - virtual int mount() = 0; + virtual int mount(const std::vector& mk, unsigned int options) = 0; virtual int umount() = 0; virtual int encrypt(const std::string& password, unsigned int options) = 0; diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index 0c310f0..f0df17f 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -310,7 +310,7 @@ InternalEncryptionServer::InternalEncryptionServer(ServerContext& srv, keyServer(key) { server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::setMountPassword)(std::string)); - server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::mount)()); + server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::mount)(std::vector, unsigned int)); server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::umount)()); server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::encrypt)(std::string, unsigned int)); server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::decrypt)(std::string)); @@ -346,14 +346,14 @@ int InternalEncryptionServer::setMountPassword(const std::string& password) return keyServer.get(engine->getSource(), password, mountKey); } -int InternalEncryptionServer::mount() +int InternalEncryptionServer::mount(const std::vector &mk, unsigned int options) { - if (mountKey.empty()) { - ERROR(SINK, "You need to call set_mount_password() first."); + if (mountKey.empty() && mk.empty()) { + ERROR(SINK, "You need to set master key first."); return error::NoData; } - BinaryData key = mountKey; + BinaryData key = mk.empty() ? mountKey : mk; mountKey.clear(); if (getState() != State::Encrypted) { diff --git a/server/internal-encryption.h b/server/internal-encryption.h index f5e59ef..52d4f35 100644 --- a/server/internal-encryption.h +++ b/server/internal-encryption.h @@ -36,7 +36,7 @@ public: int setMountPassword(const std::string& password); - int mount(); + int mount(const std::vector &mk, unsigned int options); int umount(); int encrypt(const std::string& password, unsigned int options);