From: Lukasz Pawelczyk Date: Thu, 14 Sep 2017 12:02:42 +0000 (+0200) Subject: *_set_mount_password() must be called before every *_mount() X-Git-Tag: submit/tizen_4.0/20171018.042033~3 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=89711e6c8406c963410cec8dc23dee19eaffa1fd;p=platform%2Fcore%2Fsecurity%2Fode.git *_set_mount_password() must be called before every *_mount() Change-Id: Ie55ee30a386a1784bff301dc5602b48978095e24 --- diff --git a/lib/ode/external-encryption.h b/lib/ode/external-encryption.h index d40fb5f..a64f561 100644 --- a/lib/ode/external-encryption.h +++ b/lib/ode/external-encryption.h @@ -63,7 +63,8 @@ ODE_API int ode_external_encryption_set_mount_password(const char* password); * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API * @pre A password must be set by - * ode_external_encryption_set_mount_password(). + * ode_external_encryption_set_mount_password() before every + * mount attempt. * @see ode_external_encryption_set_mount_password() * @see ode_external_encryption_umount() */ diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h index 885b6b6..1ecfc5b 100644 --- a/lib/ode/internal-encryption.h +++ b/lib/ode/internal-encryption.h @@ -62,7 +62,8 @@ ODE_API int ode_internal_encryption_set_mount_password(const char* password); * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API * @pre A password must be set by - * ode_internal_encryption_set_mount_password(). + * ode_internal_encryption_set_mount_password() before every + * mount attempt. * @see ode_internal_encryption_set_mount_password() * @see ode_internal_encryption_umount() */ diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index 62a9fc2..1481b1c 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -234,6 +234,14 @@ int ExternalEncryptionServer::setMountPassword(const std::string& password) int ExternalEncryptionServer::mount() { + if (mountKey.empty()) { + ERROR(SINK, "You need to call set_mount_password() first"); + return -1; + } + + KeyManager::data key = mountKey; + mountKey.clear(); + if (getState() != State::Encrypted) { return -1; } @@ -245,10 +253,8 @@ int ExternalEncryptionServer::mount() INFO(SINK, "Mount external storage..."); try { - engine->mount(mountKey, getOptions()); - mountKey.clear(); + engine->mount(key, getOptions()); } catch (runtime::Exception &e) { - mountKey.clear(); ERROR(SINK, "Failed to mount: " + std::string(e.what())); return -3; } diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index f03b006..c5e762e 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -276,6 +276,14 @@ int InternalEncryptionServer::setMountPassword(const std::string& password) int InternalEncryptionServer::mount() { + if (mountKey.empty()) { + ERROR(SINK, "You need to call set_mount_password() first"); + return -1; + } + + KeyManager::data key = mountKey; + mountKey.clear(); + if (getState() != State::Encrypted) { return -1; } @@ -287,8 +295,7 @@ int InternalEncryptionServer::mount() try { INFO(SINK, "Mount internal storage..."); - engine->mount(mountKey, getOptions()); - mountKey.clear(); + engine->mount(key, getOptions()); server.notify("InternalEncryptionServer::mount");