From: Sungbae Yoo Date: Wed, 25 Jan 2017 10:36:31 +0000 (+0900) Subject: Add APIs to managing password X-Git-Tag: submit/tizen/20170213.020148~11 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e4bacb1e69327d7876c2336c0d2787d965b982da;p=platform%2Fcore%2Fsecurity%2Fode.git Add APIs to managing password Signed-off-by: Sungbae Yoo Change-Id: Ibae77560fe68434cad0b929205d264cf4ae8c3c6 --- diff --git a/lib/external-encryption.cpp b/lib/external-encryption.cpp index 780f54e..5fd1be8 100644 --- a/lib/external-encryption.cpp +++ b/lib/external-encryption.cpp @@ -62,10 +62,29 @@ int ExternalEncryption::decrypt(const std::string& password) } } -int ExternalEncryption::verifyPassword(const std::string& password) +int ExternalEncryption::isPasswordCreated() { try { - return context->methodCall("ExternalEncryption::verifyPassword", + return context->methodCall("ExternalEncryption::isPasswordCreated"); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::createPassword(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::createPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::deletePassword(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::deletePassword", password); } catch (runtime::Exception& e) { return -1; @@ -83,6 +102,16 @@ int ExternalEncryption::changePassword(const std::string& oldPassword, } } +int ExternalEncryption::verifyPassword(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::verifyPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + int ExternalEncryption::getState() { try { diff --git a/lib/internal-encryption.cpp b/lib/internal-encryption.cpp index 48ad20c..b6ac308 100644 --- a/lib/internal-encryption.cpp +++ b/lib/internal-encryption.cpp @@ -62,10 +62,29 @@ int InternalEncryption::decrypt(const std::string& password) } } -int InternalEncryption::verifyPassword(const std::string& password) +int InternalEncryption::isPasswordCreated() { try { - return context->methodCall("InternalEncryption::verifyPassword", + return context->methodCall("InternalEncryption::isPasswordCreated"); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::createPassword(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::createPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::deletePassword(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::deletePassword", password); } catch (runtime::Exception& e) { return -1; @@ -83,6 +102,16 @@ int InternalEncryption::changePassword(const std::string& oldPassword, } } +int InternalEncryption::verifyPassword(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::verifyPassword", + password); + } catch (runtime::Exception& e) { + return -1; + } +} + int InternalEncryption::getState() { try { diff --git a/lib/ode/external-encryption.cpp b/lib/ode/external-encryption.cpp index 5c0070e..25f8dea 100644 --- a/lib/ode/external-encryption.cpp +++ b/lib/ode/external-encryption.cpp @@ -64,15 +64,14 @@ int ode_external_encryption_decrypt(const char* password) return external.decrypt(password); } -int ode_external_encryption_verify_password(const char *password, int *result) +int ode_external_encryption_is_password_created(bool *result) { - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); ODEContext client; RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); ExternalEncryption external = client.createInterface(); - int ret = external.verifyPassword(password); + int ret = external.isPasswordCreated(); RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); @@ -80,6 +79,28 @@ int ode_external_encryption_verify_password(const char *password, int *result) return ODE_ERROR_NONE; } +int ode_external_encryption_create_password(const char *password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.createPassword(password); +} + +int ode_external_encryption_delete_password(const char *password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.deletePassword(password); +} + int ode_external_encryption_change_password(const char* old_password, const char* new_password) { @@ -93,6 +114,22 @@ int ode_external_encryption_change_password(const char* old_password, return external.changePassword(old_password, new_password); } +int ode_external_encryption_verify_password(const char *password, int *result) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + int ret = external.verifyPassword(password); + + RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); + + *result = ret; + return ODE_ERROR_NONE; +} + int ode_external_encryption_get_state(int* state) { RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER); diff --git a/lib/ode/external-encryption.h b/lib/ode/external-encryption.h index e1bd2a6..b5275e0 100644 --- a/lib/ode/external-encryption.h +++ b/lib/ode/external-encryption.h @@ -44,7 +44,8 @@ extern "C" { * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. + * @pre The password must match with what is set by + * ode_external_encryption_create_password(). * @see ode_external_encryption_encrypt() * @see ode_external_encryption_umount() */ @@ -100,11 +101,72 @@ ODE_API int ode_external_encryption_encrypt(const char* password, unsigned int o * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. + * @pre The password must match with what is set by + * ode_external_encryption_create_password(). * @see ode_external_encryption_encrypt() */ ODE_API int ode_external_encryption_decrypt(const char* password); +/** + * @brief Checks whether the external encryption password was created + * @details Administrator can use this API to check if the password that + will be used for external storage encryption/decryption + exists. + * @since_tizen 3.0 + * @param[out] result Whether encryption password was created + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_created_password() + * @see ode_external_encryption_delete_password() + */ +ODE_API int ode_external_encryption_is_password_created(bool* result); + +/** + * @brief Initialize external encryption password to given password + * @details Administrator can use this API to set new password that will be + used for external storage encryption/decryption. + * @since_tizen 3.0 + * @param[in] password The password to set + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_change_password() + * @see ode_external_encryption_delete_password() + * @see ode_external_encryption_encrypt() + * @see ode_external_encryption_decrypt() + * @see ode_external_encryption_mount() + */ +ODE_API int ode_external_encryption_create_password(const char* password); + +/** + * @brief Remove external encryption password + * @details Administrator can use this API to delete password that was set + by ode_external_encryption_create_password(). + * @since_tizen 3.0 + * @param[in] password The password to delete + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED old_password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must match with what is set by + * ode_external_encryption_create_password(). + * @see ode_external_encryption_create_password() + */ +ODE_API int ode_external_encryption_delete_password(const char* password); + /** * @brief Change the password for external storage. * @details Administrator can use this API to change password for external @@ -120,12 +182,31 @@ ODE_API int ode_external_encryption_decrypt(const char* password); * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. + * @pre The password must match with what is set by + * ode_external_encryption_create_password(). * @see ode_external_encryption_encrypt() */ ODE_API int ode_external_encryption_change_password(const char* old_password, const char* new_password); +/** + * @brief Verify if given password is external encryption password. + * @details Administrator can use this API to find if a password is used + by external encryption + * @since_tizen 3.0 + * @param[out] password The password to be verified + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must match with what is set by + * ode_external_encryption_create_password(). + * @see ode_external_encryption_encrypt() + */ +ODE_API int ode_external_encryption_verify_password(const char *password); + /** * @brief Get current encryption state of external storage. * @details Administrator can use this API to get current encryption state @@ -168,22 +249,6 @@ typedef enum { */ ODE_API int ode_external_encryption_get_supported_options(unsigned int* options); -/** - * @brief Verify if given password is external encryption password. - * @details Administrator can use this API to find if a password is used - by external encryption - * @since_tizen 3.0 - * @param[out] password The password to be verified - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_external_encryption_encrypt() - */ -ODE_API int ode_external_encryption_verify_password(const char *password); - /** * @} */ diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp index 7f227cd..9f62e04 100644 --- a/lib/ode/internal-encryption.cpp +++ b/lib/ode/internal-encryption.cpp @@ -64,15 +64,14 @@ int ode_internal_encryption_decrypt(const char* password) return internal.decrypt(password); } -int ode_internal_encryption_verify_password(const char *password, int *result) +int ode_internal_encryption_is_password_created(int *result) { - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); ODEContext client; RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); InternalEncryption internal = client.createInterface(); - int ret = internal.verifyPassword(password); + int ret = internal.isPasswordCreated(); RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); @@ -80,6 +79,28 @@ int ode_internal_encryption_verify_password(const char *password, int *result) return ODE_ERROR_NONE; } +int ode_internal_encryption_create_password(const char *password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.createPassword(password); +} + +int ode_internal_encryption_delete_password(const char *password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.deletePassword(password); +} + int ode_internal_encryption_change_password(const char* old_password, const char* new_password) { @@ -93,6 +114,22 @@ int ode_internal_encryption_change_password(const char* old_password, return internal.changePassword(old_password, new_password); } +int ode_internal_encryption_verify_password(const char *password, int *result) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + int ret = internal.verifyPassword(password); + + RET_ON_FAILURE(ret < 0, ODE_ERROR_INVALID_PARAMETER); + + *result = ret; + return ODE_ERROR_NONE; +} + int ode_internal_encryption_get_state(int* state) { RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER); diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h index f905034..f29b31a 100644 --- a/lib/ode/internal-encryption.h +++ b/lib/ode/internal-encryption.h @@ -43,7 +43,8 @@ extern "C" { * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. + * @pre The password must match with what is set by + * ode_internal_encryption_create_password(). * @see ode_internal_encryption_encrypt() * @see ode_internal_encryption_umount() */ @@ -80,6 +81,8 @@ ODE_API int ode_internal_encryption_umount(); * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * @retval #ODE_ERROR_NOT_SUPPORTED Given options are not supported * the privilege to call this API + * @pre The password must match with what is set by + * ode_internal_encryption_create_password(). * @see ode_internal_encryption_mount() * @see ode_internal_encryption_decrypt() * @see ode_internal_encryption_get_supported_options() @@ -99,11 +102,72 @@ ODE_API int ode_internal_encryption_encrypt(const char* password, unsigned int o * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. + * @pre The password must match with what is set by + * ode_internal_encryption_create_password(). * @see ode_internal_encryption_encrypt() */ ODE_API int ode_internal_encryption_decrypt(const char* password); +/** + * @brief Checks whether the internal encryption password was created + * @details Administrator can use this API to check if the password that + will be used for internal storage encryption/decryption + exists. + * @since_tizen 3.0 + * @param[out] result Whether encryption password was created + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_created_password() + * @see ode_internal_encryption_delete_password() + */ +ODE_API int ode_internal_encryption_is_password_created(bool* result); + +/** + * @brief Initialize internal encryption password to given password + * @details Administrator can use this API to set new password that will be + used for internal storage encryption/decryption. + * @since_tizen 3.0 + * @param[in] password The password to set + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_change_password() + * @see ode_internal_encryption_delete_password() + * @see ode_internal_encryption_encrypt() + * @see ode_internal_encryption_decrypt() + * @see ode_internal_encryption_mount() + */ +ODE_API int ode_internal_encryption_create_password(const char* password); + +/** + * @brief Remove internal encryption password + * @details Administrator can use this API to delete password that was set + by ode_internal_encryption_create_password(). + * @since_tizen 3.0 + * @param[in] password The password to delete + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED old_password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must match with what is set by + * ode_internal_encryption_create_password(). + * @see ode_internal_encryption_create_password() + */ +ODE_API int ode_internal_encryption_delete_password(const char* password); + /** * @brief Change the password for internal storage. * @details Administrator can use this API to change password for internal @@ -119,12 +183,32 @@ ODE_API int ode_internal_encryption_decrypt(const char* password); * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have * the privilege to call this API - * @pre The password must matched with what used for encryption. - * @see ode_internal_encryption_encrypt() + * @pre Old password must match with what is set by + * ode_internal_encryption_create_password(). + * @see ode_internal_encryption_create_password() */ ODE_API int ode_internal_encryption_change_password(const char* old_password, const char* new_password); +/** + * @brief Verify if given password is internal encryption password. + * @details Administrator can use this API to find if a password is used + by internal encryption + * @since_tizen 3.0 + * @param[out] password The password to be verified + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must match with what is set by + * ode_internal_encryption_create_password(). + * @see ode_internal_encryption_create_password() + * @see ode_internal_encryption_change_password() + */ +ODE_API int ode_internal_encryption_verify_password(const char *password); + /** * @brief Get current encryption state of internal storage. * @details Administrator can use this API to get current encryption state @@ -166,22 +250,6 @@ typedef enum { */ ODE_API int ode_internal_encryption_get_supported_options(unsigned int* options); -/** - * @brief Verify if given password is internal encryption password. - * @details Administrator can use this API to find if a password is used - by internal encryption - * @since_tizen 3.0 - * @param[out] password The password to be verified - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_internal_encryption_encrypt() - */ -ODE_API int ode_internal_encryption_verify_password(const char *password); - /* * @} */ diff --git a/rmi/external-encryption.h b/rmi/external-encryption.h index c2cc199..f475842 100644 --- a/rmi/external-encryption.h +++ b/rmi/external-encryption.h @@ -39,8 +39,11 @@ public: int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); - int verifyPassword(const std::string& password); + int isPasswordCreated(); + int createPassword(const std::string& password); + int deletePassword(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); + int verifyPassword(const std::string& password); enum State { Unencrypted = 0x00, diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h index a915a16..28cb193 100644 --- a/rmi/internal-encryption.h +++ b/rmi/internal-encryption.h @@ -36,8 +36,11 @@ public: int encrypt(const std::string& password, unsigned int options); int decrypt(const std::string& password); - int verifyPassword(const std::string& password); + int isPasswordCreated(); + int createPassword(const std::string& password); + int deletePassword(const std::string& password); int changePassword(const std::string& oldPW, const std::string& newPW); + int verifyPassword(const std::string& password); enum State { Unencrypted = 0x00, diff --git a/server/engine/dmcrypt-engine.cpp b/server/engine/dmcrypt-engine.cpp index 02fefe9..5286210 100644 --- a/server/engine/dmcrypt-engine.cpp +++ b/server/engine/dmcrypt-engine.cpp @@ -344,6 +344,11 @@ void DMCryptEngine::decrypt(const DMCryptEngine::data &key, unsigned int options destroyCryptoBlkDev(DM_LABEL); } +bool DMCryptEngine::isKeyMetaCreated() +{ + return FileFooter::exist(source); +} + const DMCryptEngine::data DMCryptEngine::getKeyMeta() { return FileFooter::read(source); @@ -354,6 +359,11 @@ void DMCryptEngine::setKeyMeta(const data &meta) FileFooter::write(source, meta); } +void DMCryptEngine::clearKeyMeta() +{ + FileFooter::clear(source); +} + unsigned int DMCryptEngine::getSupportedOptions() { return OPTION_INCLUDE_UNUSED_REGION; diff --git a/server/engine/dmcrypt-engine.h b/server/engine/dmcrypt-engine.h index 3a0876c..da57559 100644 --- a/server/engine/dmcrypt-engine.h +++ b/server/engine/dmcrypt-engine.h @@ -68,8 +68,10 @@ public: void encrypt(const data &key, unsigned int options); void decrypt(const data &key, unsigned int options); + bool isKeyMetaCreated(); const data getKeyMeta(); void setKeyMeta(const data &data); + void clearKeyMeta(); unsigned int getSupportedOptions(); diff --git a/server/engine/ecryptfs-engine.cpp b/server/engine/ecryptfs-engine.cpp index 8dbb499..a3666cf 100644 --- a/server/engine/ecryptfs-engine.cpp +++ b/server/engine/ecryptfs-engine.cpp @@ -403,6 +403,11 @@ void EcryptfsEngine::decrypt(const data &key, unsigned int options) progress.done(); } +bool EcryptfsEngine::isKeyMetaCreated() +{ + return FileFooter::exist(source); +} + const EcryptfsEngine::data EcryptfsEngine::getKeyMeta() { return FileFooter::read(source); @@ -413,6 +418,11 @@ void EcryptfsEngine::setKeyMeta(const data &meta) FileFooter::write(source, meta); } +void EcryptfsEngine::clearKeyMeta() +{ + FileFooter::clear(source); +} + unsigned int EcryptfsEngine::getSupportedOptions() { return SUPPORTED_OPTIONS; diff --git a/server/engine/ecryptfs-engine.h b/server/engine/ecryptfs-engine.h index 027154a..9a61f18 100644 --- a/server/engine/ecryptfs-engine.h +++ b/server/engine/ecryptfs-engine.h @@ -61,8 +61,10 @@ public: void encrypt(const data& key, unsigned int); void decrypt(const data& key, unsigned int); + bool isKeyMetaCreated(); const data getKeyMeta(); void setKeyMeta(const data &data); + void clearKeyMeta(); unsigned int getSupportedOptions(); diff --git a/server/engine/ext4-engine.cpp b/server/engine/ext4-engine.cpp index 4f96fce..c4c0ce6 100644 --- a/server/engine/ext4-engine.cpp +++ b/server/engine/ext4-engine.cpp @@ -494,6 +494,11 @@ void Ext4Engine::decrypt(const Ext4Engine::data& key, unsigned int options) ::remove(secondMountPoint.c_str()); } +bool Ext4Engine::isKeyMetaCreated() +{ + return FileFooter::exist(source); +} + const Ext4Engine::data Ext4Engine::getKeyMeta() { return FileFooter::read(source); @@ -504,6 +509,11 @@ void Ext4Engine::setKeyMeta(const data &data) FileFooter::write(source, data); } +void Ext4Engine::clearKeyMeta() +{ + FileFooter::clear(source); +} + unsigned int Ext4Engine::getSupportedOptions() { return 0; diff --git a/server/engine/ext4-engine.h b/server/engine/ext4-engine.h index ffafde8..00ceb1f 100644 --- a/server/engine/ext4-engine.h +++ b/server/engine/ext4-engine.h @@ -53,8 +53,10 @@ public: void encrypt(const data &key, unsigned int options); void decrypt(const data &key, unsigned int options); + bool isKeyMetaCreated(); const data getKeyMeta(); void setKeyMeta(const data &data); + void clearKeyMeta(); unsigned int getSupportedOptions(); diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index 7ed8206..7374913 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -88,8 +88,8 @@ void externalCallback(dbus::Variant parameters) // TODO // Password Popup // std::string pw = "tizen"; -// KeyManager::data pwData(pw.begin(), pw.end()); -// engine.mount(keyManager.getDEK(pwData)); +// KeyManager::data data(pw.begin(), pw.end()); +// engine.mount(keyManager.getDEK(data)); } } @@ -152,7 +152,11 @@ ExternalEncryption::ExternalEncryption(ODEControlContext &ctx) : context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::umount)); context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string, unsigned int)); context.registerParametricMethod(this, "", (int)(ExternalEncryption::decrypt)(std::string)); + context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::isPasswordCreated)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::createPassword)(std::string)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::deletePassword)(std::string)); context.registerParametricMethod(this, "", (int)(ExternalEncryption::changePassword)(std::string, std::string)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::verifyPassword)(std::string)); context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::getState)); context.registerNonparametricMethod(this, "", (unsigned int)(ExternalEncryption::getSupportedOptions)); @@ -165,14 +169,14 @@ ExternalEncryption::~ExternalEncryption() int ExternalEncryption::mount(const std::string &password) { - KeyManager::data pwData(password.begin(), password.end()); + KeyManager::data data(password.begin(), password.end()); KeyManager keyManager(engine.getKeyMeta()); - if (!keyManager.verifyPassword(pwData)) { + if (!keyManager.verifyPassword(data)) { return -2; } - engine.mount(keyManager.getMasterKey(pwData), getOptions()); + engine.mount(keyManager.getMasterKey(data), getOptions()); return 0; } @@ -189,10 +193,11 @@ int ExternalEncryption::umount() int ExternalEncryption::encrypt(const std::string &password, unsigned int options) { KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager; + KeyManager keyManager(engine.getKeyMeta()); - keyManager.initPassword(pwData); - engine.setKeyMeta(keyManager.serialize()); + if (!keyManager.verifyPassword(pwData)) { + return -2; + } KeyManager::data MasterKey = keyManager.getMasterKey(pwData); auto encryptWorker = [&MasterKey, options, this]() { @@ -243,15 +248,40 @@ int ExternalEncryption::decrypt(const std::string &password) return 0; } -int ExternalEncryption::verifyPassword(const std::string& password) +int ExternalEncryption::isPasswordCreated() +{ + if (engine.isKeyMetaCreated()) { + return 1; + } + return 0; +} + + +int ExternalEncryption::createPassword(const std::string& password) { - KeyManager::data data(password.begin(), password.end()); - KeyManager keyManager(engine.getKeyMeta()); + KeyManager::data pwData(password.begin(), password.end()); + KeyManager keyManager; - if (!keyManager.verifyPassword(data)) { - return 1; - } - return 0; + if (engine.isKeyMetaCreated()) { + return -2; + } + + keyManager.initPassword(pwData); + engine.setKeyMeta(keyManager.serialize()); + return 0; +} + +int ExternalEncryption::deletePassword(const std::string& password) +{ + KeyManager::data pwData(password.begin(), password.end()); + KeyManager keyManager(engine.getKeyMeta()); + + if (!keyManager.verifyPassword(pwData)) { + return -2; + } + + engine.clearKeyMeta(); + return 0; } int ExternalEncryption::changePassword(const std::string &oldPassword, @@ -271,6 +301,19 @@ int ExternalEncryption::changePassword(const std::string &oldPassword, return 0; } +int ExternalEncryption::verifyPassword(const std::string& password) +{ + KeyManager::data pwData(password.begin(), password.end()); + KeyManager keyManager(engine.getKeyMeta()); + + if (!keyManager.verifyPassword(pwData)) { + return 1; + } + return 0; +} + + + int ExternalEncryption::getState() { char *value = ::vconf_get_str(EXTERNAL_STATE_VCONF_KEY); diff --git a/server/file-footer.cpp b/server/file-footer.cpp index 3fd8e1c..9ea0f6b 100644 --- a/server/file-footer.cpp +++ b/server/file-footer.cpp @@ -45,6 +45,17 @@ const std::string getFileName(const std::string &key) } // namsepace +bool FileFooter::exist(const std::string &key) +{ + std::string fileName(getFileName(key)); + + INFO("Footer file : " + fileName); + + runtime::File file(fileName); + + return file.exists(); +} + const FileFooter::data FileFooter::read(const std::string &key) { std::string fileName(getFileName(key)); @@ -72,4 +83,15 @@ void FileFooter::write(const std::string &key, const data &value) file.write(value.data(), value.size()); } +void FileFooter::clear(const std::string &key) +{ + std::string fileName(getFileName(key)); + + INFO("Footer file : " + fileName); + + runtime::File file(fileName); + + file.remove(); +} + } // namespace ode diff --git a/server/file-footer.h b/server/file-footer.h index 22fa6d0..8400162 100644 --- a/server/file-footer.h +++ b/server/file-footer.h @@ -28,8 +28,10 @@ public: typedef std::vector data; + static bool exist(const std::string &key); static const data read(const std::string &key); static void write(const std::string &key, const data &value); + static void clear(const std::string &key); }; } // namespace ode diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index 47c6ae1..8c279b0 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -116,13 +116,17 @@ void setOptions(unsigned int options) InternalEncryption::InternalEncryption(ODEControlContext& ctx) : context(ctx) { - context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState)); - context.registerNonparametricMethod(this, "", (unsigned int)(InternalEncryption::getSupportedOptions)); context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string)); context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount)); context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string, unsigned int)); context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string)); + context.registerNonparametricMethod(this, "", (int)(InternalEncryption::isPasswordCreated)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::createPassword)(std::string)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::deletePassword)(std::string)); context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::verifyPassword)(std::string)); + context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState)); + context.registerNonparametricMethod(this, "", (unsigned int)(InternalEncryption::getSupportedOptions)); } InternalEncryption::~InternalEncryption() @@ -167,10 +171,11 @@ int InternalEncryption::encrypt(const std::string& password, unsigned int option } KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager; + KeyManager keyManager(engine.getKeyMeta()); - keyManager.initPassword(pwData); - engine.setKeyMeta(keyManager.serialize()); + if (!keyManager.verifyPassword(pwData)) { + return -2; + } KeyManager::data MasterKey = keyManager.getMasterKey(pwData); auto encryptWorker = [&MasterKey, options, this]() { @@ -244,14 +249,38 @@ int InternalEncryption::decrypt(const std::string& password) return 0; } -int InternalEncryption::verifyPassword(const std::string& password) +int InternalEncryption::isPasswordCreated() { - KeyManager::data data(password.begin(), password.end()); + if (engine.isKeyMetaCreated()) { + return 1; + } + return 0; +} + +int InternalEncryption::createPassword(const std::string& password) +{ + KeyManager::data pwData(password.begin(), password.end()); + KeyManager keyManager; + + if (engine.isKeyMetaCreated()) { + return -2; + } + + keyManager.initPassword(pwData); + engine.setKeyMeta(keyManager.serialize()); + return 0; +} + +int InternalEncryption::deletePassword(const std::string& password) +{ + KeyManager::data pwData(password.begin(), password.end()); KeyManager keyManager(engine.getKeyMeta()); - if (keyManager.verifyPassword(data)) { - return 1; + if (!keyManager.verifyPassword(pwData)) { + return -2; } + + engine.clearKeyMeta(); return 0; } @@ -272,6 +301,19 @@ int InternalEncryption::changePassword(const std::string& oldPassword, return 0; } +int InternalEncryption::verifyPassword(const std::string& password) +{ + KeyManager::data pwData(password.begin(), password.end()); + KeyManager keyManager(engine.getKeyMeta()); + + if (keyManager.verifyPassword(pwData)) { + return 1; + } + return 0; +} + + + int InternalEncryption::getState() { char *value = ::vconf_get_str(INTERNAL_STATE_VCONF_KEY); diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp index 9ae66af..0625f4d 100644 --- a/tools/cli/ode-admin-cli.cpp +++ b/tools/cli/ode-admin-cli.cpp @@ -125,42 +125,44 @@ static inline int encrypt_storage(const std::string name) int ret; if (name == "internal") { - unsigned int options; - ret = ode_internal_encryption_get_supported_options(&options); - if (ret == 0) { - char answer; - if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) { - std::cout << "Encrypt All (include unused region)? (y/n) "; - std::cin >> answer; - if (answer != 'Y' && answer != 'y') { - options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION; - } + std::string password = getPassword(); + ode_internal_encryption_create_password(password.c_str()); + + unsigned int options = 0; + ode_internal_encryption_get_supported_options(&options); + + char answer; + if (options & ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION) { + std::cout << "Encrypt All (include unused region)? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_INTERNAL_INCLUDE_UNUSED_REGION; } - std::string password = getPassword(); - ret = ode_internal_encryption_encrypt(password.c_str(), options); } + ret = ode_internal_encryption_encrypt(password.c_str(), options); } else if (name == "external") { + std::string password = getPassword(); + ode_external_encryption_create_password(password.c_str()); + unsigned int options; - ret = ode_external_encryption_get_supported_options(&options); - if (ret == 0) { - char answer; - if (options & ODE_OPTION_EXTERNAL_ONLY_NEW_FILE) { - std::cout << "Encrypt new files only? (y/n) "; - std::cin >> answer; - if (answer != 'Y' && answer != 'y') { - options &= ~ODE_OPTION_EXTERNAL_ONLY_NEW_FILE; - } + ode_external_encryption_get_supported_options(&options); + + char answer; + if (options & ODE_OPTION_EXTERNAL_ONLY_NEW_FILE) { + std::cout << "Encrypt new files only? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_EXTERNAL_ONLY_NEW_FILE; } - if (options & ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE) { - std::cout << "Encrypt non-media files only? (y/n) "; - std::cin >> answer; - if (answer != 'Y' && answer != 'y') { - options &= ~ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE; - } + } + if (options & ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE) { + std::cout << "Encrypt non-media files only? (y/n) "; + std::cin >> answer; + if (answer != 'Y' && answer != 'y') { + options &= ~ODE_OPTION_EXTERNAL_EXCEPT_FOR_MEDIA_FILE; } - std::string password = getPassword(); - ret = ode_external_encryption_encrypt(password.c_str(), options); } + ret = ode_external_encryption_encrypt(password.c_str(), options); } else { printSelectableStorage(); return -1; @@ -180,9 +182,11 @@ static inline int decrypt_storage(const std::string name) if (name == "internal") { std::string password = getPassword(); ret = ode_internal_encryption_decrypt(password.c_str()); + ode_internal_encryption_delete_password(password.c_str()); } else if (name == "external") { std::string password = getPassword(); ret = ode_external_encryption_decrypt(password.c_str()); + ode_external_encryption_delete_password(password.c_str()); } else { printSelectableStorage(); return -1;