From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Fri, 6 Jan 2017 09:43:24 +0000 (+0900)
Subject: Add get/set encryption state using vconf
X-Git-Tag: accepted/tizen/common/20170213.174442~23
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bf7a4509c2be025696be7dda80c48003ee4ee81e;p=platform%2Fcore%2Fsecurity%2Fode.git

Add get/set encryption state using vconf

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: I81c0fd84c81f5e2e2ce5f5fe677bb2bca36b6642
---

diff --git a/lib/ode/common.h b/lib/ode/common.h
index 201e223..d0f89cc 100644
--- a/lib/ode/common.h
+++ b/lib/ode/common.h
@@ -63,6 +63,16 @@ typedef enum {
 	ODE_ERROR_KEY_REJECTED         = TIZEN_ERROR_KEY_REJECTED          /**< Passwor is rejected */
 } ode_error_type_e;
 
+/*
+ * @brief       Enumeration for encryption state
+ * @since_tizen 3.0
+ */
+typedef enum {
+    ODE_STATE_UNENCRYPTED   = 0x00, /**< Device is not encrypted */
+    ODE_STATE_ENCRYPTED     = 0x01, /**< Device is encrypted  */
+    ODE_STATE_CORRUPTED     = 0x02  /**< Devoce is corrupted because of encryption error  */
+} ode_state_e;
+
 /**
  * @}
  */
diff --git a/lib/ode/external-encryption.cpp b/lib/ode/external-encryption.cpp
index 3ecd74c..2275aaa 100644
--- a/lib/ode/external-encryption.cpp
+++ b/lib/ode/external-encryption.cpp
@@ -86,7 +86,7 @@ int ode_external_encryption_get_state(int* state)
 	ExternalEncryption external = client.createInterface<ExternalEncryption>();
 	int ret = external.getState();
 
-	RET_ON_FAILURE(ret != -1, ODE_ERROR_INVALID_PARAMETER);
+	RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER);
 
 	*state = ret;
 	return ODE_ERROR_NONE;
diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp
index 696e7ae..9c3d769 100644
--- a/lib/ode/internal-encryption.cpp
+++ b/lib/ode/internal-encryption.cpp
@@ -86,7 +86,7 @@ int ode_internal_encryption_get_state(int* state)
 	InternalEncryption internal = client.createInterface<InternalEncryption>();
 	int ret = internal.getState();
 
-	RET_ON_FAILURE(ret != -1, ODE_ERROR_INVALID_PARAMETER);
+	RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER);
 
 	*state = ret;
 	return ODE_ERROR_NONE;
diff --git a/rmi/external-encryption.h b/rmi/external-encryption.h
index cd38faa..4643cd9 100644
--- a/rmi/external-encryption.h
+++ b/rmi/external-encryption.h
@@ -39,6 +39,12 @@ public:
 
 	int changePassword(const std::string& oldPW, const std::string& newPW);
 
+	enum State {
+		Unencrypted = 0x00,
+		Encrypted   = 0x01,
+		Corrupted   = 0x02,
+	};
+
 	int getState();
 
 private:
diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h
index c1986c1..59ef340 100644
--- a/rmi/internal-encryption.h
+++ b/rmi/internal-encryption.h
@@ -38,6 +38,12 @@ public:
 
 	int changePassword(const std::string& oldPW, const std::string& newPW);
 
+	enum State {
+		Unencrypted = 0x00,
+		Encrypted   = 0x01,
+		Corrupted   = 0x02,
+	};
+
 	int getState();
 
 private:
diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp
index c5eed8c..c54e5bd 100644
--- a/server/external-encryption.cpp
+++ b/server/external-encryption.cpp
@@ -17,7 +17,9 @@
 #include <unistd.h>
 #include <sys/mount.h>
 
+#include <vconf.h>
 #include <tzplatform_config.h>
+
 #include <klay/file-user.h>
 #include <klay/filesystem.h>
 #include <klay/audit/logger.h>
@@ -33,6 +35,7 @@
 
 #define EXTERNAL_STORAGE_PATH	"/opt/media/SDCardA1"
 #define DEFAULT_USER "owner"
+#define EXTERNAL_STORAGE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE
 
 namespace ode {
 
@@ -250,7 +253,22 @@ int ExternalEncryption::changePassword(const std::string& oldPassword,
 
 int ExternalEncryption::getState()
 {
-	//TODO
+	char *value = ::vconf_get_str(EXTERNAL_STORAGE_VCONF_KEY);
+	if (value == NULL) {
+		throw runtime::Exception("Failed to get vconf value");
+	}
+
+	std::string valueStr(value);
+	free(value);
+
+	if (valueStr == "encrypted") {
+		return State::Encrypted;
+	} else if (valueStr == "unencrypted") {
+		return State::Unencrypted;
+	} else {
+		return State::Corrupted;
+	}
+
 	return 0;
 }
 
diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp
index 9562530..d0c4a27 100644
--- a/server/internal-encryption.cpp
+++ b/server/internal-encryption.cpp
@@ -20,6 +20,7 @@
 #include <sys/mount.h>
 #include <sys/reboot.h>
 
+#include <vconf.h>
 #include <klay/process.h>
 #include <klay/file-user.h>
 #include <klay/filesystem.h>
@@ -32,6 +33,7 @@
 #include "rmi/internal-encryption.h"
 
 #define INTERNAL_STORAGE_PATH	"/opt/usr"
+#define INTERNAL_STORAGE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE
 
 namespace ode {
 
@@ -98,6 +100,10 @@ InternalEncryption::~InternalEncryption()
 
 int InternalEncryption::mount(const std::string& password)
 {
+	if (getState() != State::Encrypted) {
+		return -1;
+	}
+
 	KeyManager::data pwData(password.begin(), password.end());
 	KeyManager keyManager(engine.getKeyMeta());
 
@@ -111,6 +117,10 @@ int InternalEncryption::mount(const std::string& password)
 
 int InternalEncryption::umount()
 {
+	if (getState() != State::Encrypted) {
+		return -1;
+	}
+
 	INFO("Close all processes using internal storage...");
 	stopDependedSystemdServices();
 	INFO("Umount internal storage...");
@@ -121,6 +131,10 @@ int InternalEncryption::umount()
 
 int InternalEncryption::encrypt(const std::string& password)
 {
+	if (getState() != State::Unencrypted) {
+		return -1;
+	}
+
 	KeyManager::data pwData(password.begin(), password.end());
 	KeyManager keyManager;
 
@@ -141,10 +155,13 @@ int InternalEncryption::encrypt(const std::string& password)
 		}
 
 		INFO("Encryption started...");
+		::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted");
 		engine.encrypt(MasterKey);
 		INFO("Sync disk...");
 		sync();
 		INFO("Encryption completed");
+
+		::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "encrypted");
 		::reboot(RB_AUTOBOOT);
 	};
 
@@ -156,6 +173,10 @@ int InternalEncryption::encrypt(const std::string& password)
 
 int InternalEncryption::decrypt(const std::string& password)
 {
+	if (getState() != State::Encrypted) {
+		return -1;
+	}
+
 	KeyManager::data pwData(password.begin(), password.end());
 	KeyManager keyManager(engine.getKeyMeta());
 
@@ -175,10 +196,13 @@ int InternalEncryption::decrypt(const std::string& password)
 		} catch (runtime::Exception& e) {}
 
 		INFO("Decryption started...");
+		::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "error_partially_encrypted");
 		engine.decrypt(MasterKey);
 		INFO("Sync disk...");
 		sync();
 		INFO("Decryption completed");
+
+		::vconf_set_str(INTERNAL_STORAGE_VCONF_KEY, "unencrypted");
 		::reboot(RB_AUTOBOOT);
 	};
 
@@ -207,7 +231,22 @@ int InternalEncryption::changePassword(const std::string& oldPassword,
 
 int InternalEncryption::getState()
 {
-	//TODO
+	char *value = ::vconf_get_str(INTERNAL_STORAGE_VCONF_KEY);
+	if (value == NULL) {
+		throw runtime::Exception("Failed to get vconf value");
+	}
+
+	std::string valueStr(value);
+	free(value);
+
+	if (valueStr == "encrypted") {
+		return State::Encrypted;
+	} else if (valueStr == "unencrypted") {
+		return State::Unencrypted;
+	} else {
+		return State::Corrupted;
+	}
+
 	return 0;
 }
 
diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp
index d6abe1c..a4dae3a 100644
--- a/tools/cli/ode-admin-cli.cpp
+++ b/tools/cli/ode-admin-cli.cpp
@@ -205,7 +205,22 @@ static inline int get_state(const std::string name)
 
 	if (ret != 0) {
 		std::cerr << "Error : " << ret <<std::endl;
+		return -1;
+	}
+
+	switch (state) {
+	case ODE_STATE_ENCRYPTED:
+		std::cout << "Encrypted";
+		break;
+	case ODE_STATE_UNENCRYPTED:
+		std::cout << "Unencrypted";
+		break;
+	case ODE_STATE_CORRUPTED:
+		std::cout << "Corrupted";
+		break;
 	}
+	std::cout << std::endl;
+
 
 	return ret;
 }