From: Krzysztof Jackiewicz Date: Wed, 11 Oct 2017 08:15:58 +0000 (+0200) Subject: Remove extension encryption X-Git-Tag: accepted/tizen/4.0/unified/20171018.231435~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F46%2F154746%2F5;p=platform%2Fcore%2Fsecurity%2Fode.git Remove extension encryption It is replaced by LUKS API. Change-Id: I6506eb55d8d90df39014a39c73bef404b3d7f585 --- diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 0e208ef..16a1a6a 100755 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -22,12 +22,10 @@ SET(SOURCES client.cpp secure-erase.cpp internal-encryption.cpp external-encryption.cpp - extension-encryption.cpp luks.cpp ode/secure-erase.cpp ode/internal-encryption.cpp ode/external-encryption.cpp - ode/extension-encryption.cpp ode/luks.cpp ) diff --git a/lib/extension-encryption.cpp b/lib/extension-encryption.cpp deleted file mode 100644 index 9ab36da..0000000 --- a/lib/extension-encryption.cpp +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -#include "extension-encryption.h" - -namespace ode { - -ExtensionEncryptionClient::ExtensionEncryptionClient(RmiClientPtr& ctx) : - context(ctx) -{ -} - -ExtensionEncryptionClient::~ExtensionEncryptionClient() -{ -} - -int ExtensionEncryptionClient::setMountPassword(const std::string& password) -{ - try { - return context->methodCall("ExtensionEncryptionServer::setMountPassword", password); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::mount() -{ - try { - return context->methodCall("ExtensionEncryptionServer::mount"); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::umount() -{ - try { - return context->methodCall("ExtensionEncryptionServer::umount"); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::format(const std::string& password) -{ - try { - return context->methodCall("ExtensionEncryptionServer::format", password); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::isPasswordInitialized() -{ - try { - return context->methodCall("ExtensionEncryptionServer::isPasswordInitialized"); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::initPassword(const std::string& password) -{ - try { - return context->methodCall("ExtensionEncryptionServer::initPassword", - password); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::cleanPassword(const std::string& password) -{ - try { - return context->methodCall("ExtensionEncryptionServer::cleanPassword", - password); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::changePassword(const std::string& oldPassword, - const std::string& newPassword) -{ - try { - return context->methodCall("ExtensionEncryptionServer::changePassword", - oldPassword, newPassword); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::verifyPassword(const std::string& password) -{ - try { - return context->methodCall("ExtensionEncryptionServer::verifyPassword", - password); - } catch (runtime::Exception& e) { - return -1; - } -} - -int ExtensionEncryptionClient::getState() -{ - try { - return context->methodCall("ExtensionEncryptionServer::getState"); - } catch (runtime::Exception& e) { - return -1; - } -} - -} // namespace ode diff --git a/lib/extension-encryption.h b/lib/extension-encryption.h deleted file mode 100644 index 7c3cdd5..0000000 --- a/lib/extension-encryption.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __EXTENSION_ENCRYPTION_CLIENT_H__ -#define __EXTENSION_ENCRYPTION_CLIENT_H__ - -#include - -#include "rmi/extension-encryption.h" -#include "client.h" - -namespace ode { - -class ExtensionEncryptionClient final: public ExtensionEncryption { -public: - ExtensionEncryptionClient(RmiClientPtr& ctxt); - ~ExtensionEncryptionClient(); - - int setMountPassword(const std::string& password); - - int mount(); - int umount(); - - int format(const std::string& password); - - int isPasswordInitialized(); - int initPassword(const std::string& password); - int cleanPassword(const std::string& password); - int changePassword(const std::string& oldPW, const std::string& newPW); - int verifyPassword(const std::string& password); - - int getState(); - -private: - RmiClientPtr& context; -}; - -} // namespace ode - -#endif // __EXTENSION_ENCRYPTION_CLIENT_H__ diff --git a/lib/ode/extension-encryption.cpp b/lib/ode/extension-encryption.cpp deleted file mode 100644 index 39ac413..0000000 --- a/lib/ode/extension-encryption.cpp +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include "debug.h" -#include "extension-encryption.h" - -#include "client.h" -#include "lib/extension-encryption.h" - -using namespace ode; - -int ode_extension_encryption_set_mount_password(const char* password) -{ - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.setMountPassword(password); -} - -int ode_extension_encryption_mount() -{ - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.mount(); -} - -int ode_extension_encryption_umount() -{ - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.umount(); -} - -int ode_extension_encryption_format(const char* password) -{ - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.format(password); -} - -int ode_extension_encryption_is_password_initialized(bool* result) -{ - RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - int ret = extension.isPasswordInitialized(); - - RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER); - - *result = ret; - return ODE_ERROR_NONE; -} - -int ode_extension_encryption_init_password(const char* password) -{ - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.initPassword(password); -} - -int ode_extension_encryption_clean_password(const char* password) -{ - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.cleanPassword(password); -} - -int ode_extension_encryption_change_password(const char* old_password, - const char* new_password) -{ - RET_ON_FAILURE(old_password, ODE_ERROR_INVALID_PARAMETER); - RET_ON_FAILURE(new_password, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - - return extension.changePassword(old_password, new_password); -} - -int ode_extension_encryption_verify_password(const char* password, bool* result) -{ - RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); - RET_ON_FAILURE(result, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - int ret = extension.verifyPassword(password); - - RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER); - - *result = ret; - return ODE_ERROR_NONE; -} - -int ode_extension_encryption_get_state(int* state) -{ - RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER); - - ClientContext client; - RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - ExtensionEncryptionClient extension = client.createInterface(); - int ret = extension.getState(); - - RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER); - - *state = ret; - return ODE_ERROR_NONE; -} - -static std::unique_ptr mountEventCallbackContext; - -int ode_extension_encryption_set_mount_event_cb(ode_mount_event_cb callback, void *user_data) -{ - RET_ON_FAILURE(callback, ODE_ERROR_INVALID_PARAMETER); - - mountEventCallbackContext.reset(new ClientContext); - RET_ON_FAILURE(mountEventCallbackContext->connect() == 0, ODE_ERROR_CONNECTION_REFUSED); - - int ret = mountEventCallbackContext->subscribeSignal("ExtensionEncryption::mount", callback, user_data); - RET_ON_FAILURE(ret >= 0, ODE_ERROR_INVALID_PARAMETER); - - return ODE_ERROR_NONE; -} - -int ode_extension_encryption_unset_mount_event_cb() -{ - mountEventCallbackContext.reset(); - - return ODE_ERROR_NONE; -} diff --git a/lib/ode/extension-encryption.h b/lib/ode/extension-encryption.h deleted file mode 100644 index d2e35c4..0000000 --- a/lib/ode/extension-encryption.h +++ /dev/null @@ -1,267 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __CAPI_ODE_EXTENSION_ENCRYPTION_H__ -#define __CAPI_ODE_EXTENSION_ENCRYPTION_H__ - -#include - -/** - * @file extension-encryption.h - * @brief This file provides APIs to manage the encryption of an external - * storage such as SD card, used as an extension of the internal - * memory. - */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * @brief Set a password to be used by mount of encrypted extension storage - * @details Administrator can use this API to set a password for encrypted - * extension mount. - * @since_tizen 4.0 - * @param[in] password The password to mount extension storage - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_KEY_REJECTED Password doen't match - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre The password set before must match with what is set by - * ode_extension_encryption_init_password(). - * @see ode_extension_encryption_init_password() - * @see ode_extension_encryption_mount() - */ -ODE_API int ode_extension_encryption_set_mount_password(const char* password); - -/** - * @brief Mount encrypted extension storage - * @details Administrator can use this API to mount encrypted extension - * storage. - * @since_tizen 4.0 - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre A password must be set by - * ode_extension_encryption_set_mount_password(). - * @see ode_extension_encryption_set_mount_password() - * @see ode_extension_encryption_umount() - */ -ODE_API int ode_extension_encryption_mount(); - -/** - * @brief Umount extension storage - * @details Administrator can use this API to unmount extension storage. - * @since_tizen 4.0 - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_extension_encryption_mount() - */ -ODE_API int ode_extension_encryption_umount(); - -/** - * @brief Formats and sets up encryption for extension storage with a - * given password - * @details Administrator can use this API to format and encrypt external - * storage that will be used as an extension to internal memory. - * @since_tizen 4.0 - * @param[in] password The password to encrypt extension storage - * @param[in] options Encryption options - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_KEY_REJECTED Password doesn't match - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre The password must match with what is set by - * ode_extension_encryption_init_password(). - * @see ode_extension_encryption_init_password() - * @see ode_extension_encryption_mount() - */ -ODE_API int ode_extension_encryption_format(const char* password); - -/** - * @brief Checks whether the extension encryption password was created - * @details Administrator can use this API to check if the password that - will be used for extension storage encryption exists. - * @since_tizen 4.0 - * @param[out] result Whether encryption password was created - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_extension_encryption_init_password() - * @see ode_extension_encryption_clean_password() - */ -ODE_API int ode_extension_encryption_is_password_initialized(bool* result); - -/** - * @brief Initialize extension encryption password to a given password - * @details Administrator can use this API to set a new password that will - * be used for extension storage encryption. - * @since_tizen 4.0 - * @param[in] password The password to set - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_extension_encryption_change_password() - * @see ode_extension_encryption_clean_password() - * @see ode_extension_encryption_format() - * @see ode_extension_encryption_mount() - */ -ODE_API int ode_extension_encryption_init_password(const char* password); - -/** - * @brief Removes extension encryption password - * @details Administrator can use this API to delete password that was set - by ode_extension_encryption_init_password(). - * @since_tizen 4.0 - * @param[in] password The password to delete - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_KEY_REJECTED old_password doesn't match - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre The password must match with what is set by - * ode_extension_encryption_init_password(). - * @see ode_extension_encryption_init_password() - */ -ODE_API int ode_extension_encryption_clean_password(const char* password); - -/** - * @brief Changes the password for extension storage - * @details Administrator can use this API to change password for extension - * storage. - * @since_tizen 4.0 - * @param[in] old_password Current password of extension storage - * @param[in] new_password The password to use newly for extension storage - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_KEY_REJECTED old_password doesn't match - * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre The password must match with what is set by - * ode_extension_encryption_init_password(). - * @see ode_extension_encryption_init_password() - * @see ode_extension_encryption_format() - */ -ODE_API int ode_extension_encryption_change_password(const char* old_password, - const char* new_password); - -/** - * @brief Verifies if the given password is extension encryption password - * @details Administrator can use this API to find if a password is used - by extension encryption. - * @since_tizen 4.0 - * @param[int] password The password to be verified - * @param[out] result The result of verification - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @pre The password must match with what is set by - * ode_extension_encryption_init_password(). - * @see ode_extension_encryption_init_password() - * @see ode_extension_encryption_format() - */ -ODE_API int ode_extension_encryption_verify_password(const char* password, bool* result); - -/** - * @brief Gets the current encryption state of extension storage - * @details Administrator can use this API to get current encryption state - * of extension storage. - * @since_tizen 4.0 - * @param[out] state The encryption state of extension storage - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have - * the privilege to call this API - * @see ode_extension_encryption_format() - * @see #ode_state_e - */ -ODE_API int ode_extension_encryption_get_state(int* state); - -/** - * @brief Registers a callback to get mount event of extension storage - * @details Services can use this API to attach a callback to be called - * by mount event of extension storage with encryption. - * @since_tizen 4.0 - * @param[in] callback The mount event callback function - * @param[in] user_data The user data passed to the callback function - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #ODE_ERROR_TIMED_OUT Time out - * @post If the callback is not needed, - * ode_extension_encryption_unset_mount_event_cb() must be called. - * @see ode_extension_encryption_mount() - * @see ode_extension_encryption_unset_mount_event_cb() - */ -ODE_API int ode_extension_encryption_set_mount_event_cb(ode_mount_event_cb callback, void *user_data); - -/** - * @brief Unregisters a callback to get mount event of extension storage - * @details Services can use this API to detach a callback to be called - * by mount event of extension storage with encryption. - * @since_tizen 4.0 - * @return #ODE_ERROR_NONE on success, otherwise a negative value - * @retval #ODE_ERROR_NONE Successful - * @retval #ODE_ERROR_TIMED_OUT Time out - * @see ode_extension_encryption_mount() - * @see ode_extension_encryption_set_mount_event_cb() - */ -ODE_API int ode_extension_encryption_unset_mount_event_cb(); - -/** - * @} - */ - -#ifdef __cplusplus -} -#endif - -#endif /* __CAPI_ODE_EXTENSION_ENCRYPTION_H__ */ diff --git a/rmi/extension-encryption.h b/rmi/extension-encryption.h deleted file mode 100644 index d525ef6..0000000 --- a/rmi/extension-encryption.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __EXTENSION_ENCRYPTION_H__ -#define __EXTENSION_ENCRYPTION_H__ - -#include - -namespace ode { - -/** - * This class provides APIs to manage the encryption of external storage - * such as SD card, used as an extension of the internal memory. - */ - -class ExtensionEncryption { -public: - virtual int setMountPassword(const std::string& password) = 0; - - virtual int mount() = 0; - virtual int umount() = 0; - - virtual int format(const std::string& password) = 0; - - virtual int isPasswordInitialized() = 0; - virtual int initPassword(const std::string& password) = 0; - virtual int cleanPassword(const std::string& password) = 0; - virtual int changePassword(const std::string& oldPW, const std::string& newPW) = 0; - virtual int verifyPassword(const std::string& password) = 0; - - enum State { - Encrypted = 0x01, - Corrupted = 0x02, - }; - - virtual int getState() = 0; -}; - -} // namespace ode - -#endif // __EXTENSION_ENCRYPTION_H__ diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index b06f2b5..ab88ad6 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -25,7 +25,6 @@ SET(SERVER_SRCS main.cpp kernel-keyring.cpp internal-encryption.cpp external-encryption.cpp - extension-encryption.cpp luks.cpp engine/encryption/ext4-engine.cpp engine/encryption/dmcrypt-engine.cpp diff --git a/server/extension-encryption.cpp b/server/extension-encryption.cpp deleted file mode 100644 index 3f091fc..0000000 --- a/server/extension-encryption.cpp +++ /dev/null @@ -1,689 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -#include -#include - -#include -#include -#include -#include - -#include "misc.h" -#include "logger.h" -#include "ext4-tool.h" - -#include "extension-encryption.h" - -#define EXTENSION_NAME_DEF "extension" - -namespace ode { - -namespace { - -const size_t DEFAULT_KEY_SIZE = 64; - -const char *EXTENSION_DEV_PATH = "/dev/mmcblk1p1"; -const char *EXTENSION_NAME = EXTENSION_NAME_DEF; -const char *EXTENSION_MAP_PATH = "/dev/mapper/" EXTENSION_NAME_DEF; -const char *EXTENSION_FS_TYPE = "crypto_LUKS"; - -const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform"; - -const char *STORAGED_DBUS_BUSNAME = "org.tizen.system.storage"; -const char *STORAGED_DBUS_OBJECT = "/Org/Tizen/System/Storage/Block/Manager"; -const char *STORAGED_DBUS_INTERFACE = "org.tizen.system.storage.BlockManager"; - -bool findKillAndUmount(const std::string &devPath) -{ - for(;;) { - std::string mntPath = findMntPath(devPath); - - if (mntPath.empty()) { - break; - } - - INFO(SINK, "Closing all applications using an SD card..."); - killDependentApplications(mntPath); - - while (::umount(mntPath.c_str()) == -1) { - if (errno != EBUSY) { - ERROR(SINK, "The card is still mounted, umount failed with: " - + std::to_string(errno)); - return false; - } - killDependentApplications(mntPath); - } - } - - return true; -} - -} // namsepace - -ExtensionEncryptionServer::ExtensionEncryptionServer(ServerContext &srv) : - server(srv), - currentReq(Request::NONE) -{ - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::setMountPassword)(std::string)); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::mount)()); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::umount)()); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::format)(std::string)); - server.expose(this, "", (int)(ExtensionEncryptionServer::isPasswordInitialized)()); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::initPassword)(std::string)); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::cleanPassword)(std::string)); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::changePassword)(std::string, std::string)); - server.expose(this, PRIVILEGE_PLATFORM, (int)(ExtensionEncryptionServer::verifyPassword)(std::string)); - server.expose(this, "", (int)(ExtensionEncryptionServer::getState)()); - - server.createNotification("ExtensionEncryptionServer::mount"); - - // TODO: think about handling more than one card / more than one engine - // it would require global API change to select which card is handled atm - engine.reset(new EXTENSION_ENGINE(EXTENSION_DEV_PATH)); - - queryStoraged(); - subscribeToStoraged(); -} - -ExtensionEncryptionServer::~ExtensionEncryptionServer() -{ - unsubscribeFromStoraged(); -} - -int ExtensionEncryptionServer::setMountPassword(const std::string& password) -{ - std::lock_guard guardLock(apiGuard); - - KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager(engine->getKeyMeta()); - - if (!keyManager.verifyPassword(pwData)) { - ERROR(SINK, "Wrong password passed."); - return -2; - } - - mountKey = keyManager.getMasterKey(pwData); - - return 0; -} - -int ExtensionEncryptionServer::mount() -{ - std::lock_guard guardLock(apiGuard); - std::unique_lock stateLock(stateGuard); - - if (getStatePriv() != State::Encrypted) { - ERROR(SINK, "Cannot mount, card not inserted or corrupted"); - return -1; - } - - if (isMounted()) { - INFO(SINK, "Already mounted"); - return 0; - } - - - INFO(SINK, "Mount extension storage..."); - - if (!isOpened()) { - // Storaged will mount MAP automatically when it appears, let's prepare - currentReq = Request::MOUNT; - - try { - INFO(SINK, "Open the MAP of an extension storage..."); - engine->open(CryptsetupEngine::DeviceType::LUKS, EXTENSION_NAME, mountKey); - mountKey.clear(); - } catch (runtime::Exception &e) { - ERROR(SINK, "Open failed: " + std::string(e.what())); - return -3; - } - - INFO(SINK, "Wait for the storaged to mount the MAP automatically..."); - if (!storagedCv.wait_for(stateLock, std::chrono::seconds(1), [this] { - return currentReq == Request::NONE; - })) { - ERROR(SINK, "Storaged timed out mounting the MAP."); - return -3; - } - } else { - INFO(SINK, "Ask storaged to mount extension storage..."); - if (!storagedMount(stateLock)) { - return -3; - } - } - - server.notify("ExtensionEncryptionServer::mount"); - return 0; -} - -int ExtensionEncryptionServer::umount() -{ - std::lock_guard guardLock(apiGuard); - std::unique_lock stateLock(stateGuard); - - if (getStatePriv() != State::Encrypted) { - ERROR(SINK, "Cannot umount, card not inserted or corrupted."); - return -1; - } - - if (!isMounted() && !isOpened()) { - INFO(SINK, "Already umounted."); - return 0; - } - - INFO(SINK, "Umount extension storage..."); - - if (isMounted()) { - INFO(SINK, "Close all applications using extension storage..."); - killDependentApplications(info[Device::MAP].mntPath); - - INFO(SINK, "Ask storaged to umount extension storage..."); - if (!storagedUnmount(stateLock)) { - return -3; - } - } - - if (isOpened()) { - INFO(SINK, "Close the MAP of an extension storage..."); - try { - CryptsetupEngine::close(EXTENSION_NAME); - } catch (runtime::Exception &e) { - ERROR(SINK, "Close failed: " + std::string(e.what())); - return -3; - } - } - - return 0; -} - -int ExtensionEncryptionServer::format(const std::string &password) -{ - int status = 0; - std::condition_variable workerCv; - - auto formatWorker = [&, this]() { - try { - std::lock_guard guardLock(apiGuard); - std::unique_lock stateLock(stateGuard); - - if (!isInserted()) { - ERROR(SINK, "There is no card inserted."); - status = -1; - stateLock.unlock(); - workerCv.notify_one(); - return; - } - - if (isMounted() || isOpened()) { - ERROR(SINK, "The card is still mounted and/or opened, umount and close first."); - status = -1; - stateLock.unlock(); - workerCv.notify_one(); - return; - } - - KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager(engine->getKeyMeta()); - - if (!keyManager.verifyPassword(pwData)) { - ERROR(SINK, "Wrong password passed."); - status = -2; - stateLock.unlock(); - workerCv.notify_one(); - return; - } - - // no error, let's notify the main thread it can return - status = 1; - stateLock.unlock(); - workerCv.notify_one(); - - KeyManager::data masterKey = keyManager.getMasterKey(pwData); - - // TODO: this probably needs a rework, some sort of communication - // and/or merge with External. The use case for it might be: - // 1. The mmc is mounted by something else, somewhere else. Do we care? - // 2. We take over the (possibly mounted and/or encrypted) cd card from External. - if (!findKillAndUmount(EXTENSION_DEV_PATH)) { - return; - } - - INFO(SINK, "Creating LUKS..."); - engine->format(CryptsetupEngine::DeviceType::LUKS, masterKey); - - INFO(SINK, "Opening LUKS..."); - std::string mappingPath = engine->open(CryptsetupEngine::DeviceType::LUKS, - EXTENSION_NAME, - masterKey); - - INFO(SINK, "Creating EXT4..."); - Ext4Tool::mkfs(mappingPath); - - INFO(SINK, "Closing up the operation..."); - CryptsetupEngine::close(EXTENSION_NAME); - sync(); - - INFO(SINK, "Formatting completed"); - } catch (runtime::Exception &e) { - ERROR(SINK, "Formatting thread failed: " + std::string(e.what())); - } - }; - - std::thread asyncWork(formatWorker); - asyncWork.detach(); - - std::unique_lock stateLock(stateGuard); - if(!workerCv.wait_for(stateLock, std::chrono::seconds(1), [&status] { - return status != 0; - })) { - ERROR(SINK, "Timed out waiting for format status."); - return -4; - } - - if (status < 0) - return status; - - return 0; -} - -int ExtensionEncryptionServer::isPasswordInitialized() -{ - std::lock_guard guardLock(apiGuard); - - if (engine->isKeyMetaSet()) { - return 1; - } - - return 0; -} - -int ExtensionEncryptionServer::initPassword(const std::string& password) -{ - std::lock_guard guardLock(apiGuard); - - KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager; - - keyManager.initPassword(pwData, DEFAULT_KEY_SIZE); - engine->setKeyMeta(keyManager.serialize()); - return 0; -} - -int ExtensionEncryptionServer::cleanPassword(const std::string& password) -{ - std::lock_guard guardLock(apiGuard); - - KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager(engine->getKeyMeta()); - - if (!keyManager.verifyPassword(pwData)) { - ERROR(SINK, "Wrong password passed."); - return -2; - } - - engine->clearKeyMeta(); - return 0; -} - -int ExtensionEncryptionServer::changePassword(const std::string &oldPassword, - const std::string &newPassword) -{ - std::lock_guard guardLock(apiGuard); - - KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end()); - KeyManager::data newPwData(newPassword.begin(), newPassword.end()); - KeyManager keyManager(engine->getKeyMeta()); - - if (!keyManager.verifyPassword(oldPwData)) { - ERROR(SINK, "Wrong password passed."); - return -2; - } - - keyManager.changePassword(oldPwData, newPwData); - engine->setKeyMeta(keyManager.serialize()); - - return 0; -} - -int ExtensionEncryptionServer::verifyPassword(const std::string& password) -{ - std::lock_guard guardLock(apiGuard); - - KeyManager::data pwData(password.begin(), password.end()); - KeyManager keyManager(engine->getKeyMeta()); - - if (keyManager.verifyPassword(pwData)) { - return 1; - } - - return 0; -} - -int ExtensionEncryptionServer::getState() -{ - std::lock_guard guardLock(apiGuard); - std::unique_lock stateLock(stateGuard); - - return getStatePriv(); -} - -void ExtensionEncryptionServer::logStoragedEvent(Operation op, Device d) -{ - DEBUG(SINK, "Storaged event:"); - - switch(op) { - case Operation::ADDED: - DEBUG(SINK, " Operation: ADDED"); - break; - case Operation::CHANGED: - DEBUG(SINK, " Operation: CHANGED"); - break; - case Operation::REMOVED: - DEBUG(SINK, " Operation: REMOVED"); - break; - default: - break; - } - - switch(d) { - case Device::MMC: - DEBUG(SINK, " Device: MMC"); - break; - case Device::MAP: - DEBUG(SINK, " Device: MAP"); - break; - default: - break; - } - - DEBUG(SINK, " Mnt Path: " + info[d].mntPath); - DEBUG(SINK, " Fs Type: " + info[d].fsType); - DEBUG(SINK, " Sys path: " + info[d].sysPath); - DEBUG(SINK, " Mounted: " + std::to_string(info[d].mounted)); - DEBUG(SINK, " ID: " + std::to_string(info[d].storagedId)); -} - -void ExtensionEncryptionServer::handleDevice(Operation op, - const std::vector &intparams, - const std::vector &strparams) -{ - Device d; - - if (std::string(strparams[0]) == EXTENSION_DEV_PATH && intparams[0] == 1) { - d = Device::MMC; - } else if (std::string(strparams[0]) == EXTENSION_MAP_PATH && intparams[0] == 2) { - d = Device::MAP; - } else { - DEBUG(SINK, "Storaged event: neither extension MMC nor extension mapping, ignoring"); - return; - } - - std::unique_lock stateLock(stateGuard); - - if (op == Operation::REMOVED) { - info[d].clear(); - } else { - info[d].mntPath = strparams[6]; - info[d].fsType = strparams[3]; - info[d].sysPath = strparams[1]; - info[d].mounted = intparams[2]; - info[d].storagedId = intparams[5]; - } - - logStoragedEvent(op, d); - - // removing/reformatting the SD card does not automatically close the DM crypt mapping - if (d == Device::MMC && (op == Operation::REMOVED || - (op == Operation::CHANGED && - info[d].fsType != EXTENSION_FS_TYPE))) { - if (isMounted()) { - INFO(SINK, "MMC card removed while still mounted, umounting."); - if (!findKillAndUmount(EXTENSION_MAP_PATH)) { - return; - } - } - - if (isOpened()) { - INFO(SINK, "MMC card removed while LUKS is still opened, closing."); - try { - CryptsetupEngine::close(EXTENSION_NAME); - } catch (runtime::Exception &e) { - ERROR(SINK, "Closing failed: " + std::string(e.what())); - return; - } - } - - return; - } - - if (d == Device::MMC && op == Operation::ADDED && - getStatePriv() == State::Encrypted) { - // TODO: when UI gets written it should be triggered here. - return; - } - - if (d == Device::MAP && op == Operation::CHANGED) { - if ((currentReq == Request::MOUNT && info[Device::MAP].mounted) || - (currentReq == Request::UMOUNT && !info[Device::MAP].mounted)) { - currentReq = Request::NONE; - stateLock.unlock(); - storagedCv.notify_one(); - return; - } - } -} - -void ExtensionEncryptionServer::parseVariant(Operation op, dbus::Variant parameters) -{ - std::vector intparams(6); - std::vector strparams(7); - - parameters.get("(issssssisibii)", - &intparams[0], // block type: 0 - scsi, 1 : mmc, 2 : mapper - &strparams[0], // devnode - &strparams[1], // syspath - &strparams[2], // usage - &strparams[3], // fs type - &strparams[4], // fs version - &strparams[5], // fs uuid enc - &intparams[1], // readonly: 0 - rw, 1 - ro - &strparams[6], // mount point - &intparams[2], // state: 0 - unmount, 1 - mount - &intparams[3], // primary: 0 - false, 1 - true - &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly - &intparams[5]); // storage id - - handleDevice(op, intparams, strparams); -} - -void ExtensionEncryptionServer::queryStoraged() -{ - INFO(SINK, "Querying the storaged for devices..."); - - dbus::VariantIterator vi; - - try { - dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME, - STORAGED_DBUS_OBJECT, - STORAGED_DBUS_INTERFACE, - "GetDeviceList", - -1, - "(a(issssssisibii))", - "(s)", - "all").get("(a(issssssisibii))", &vi); - } catch (runtime::Exception &e) { - ERROR(SINK, "Failed to query storaged: " + std::string(e.what())); - } - - std::vector intparams(6); - std::vector strparams(7); - - while(vi.get("(issssssisibii)", - &intparams[0], // block type: 0 - scsi, 1 : mmc, 2 : mapper - &strparams[0], // devnode - &strparams[1], // syspath - &strparams[2], // usage - &strparams[3], // fs type - &strparams[4], // fs version - &strparams[5], // fs uuid enc - &intparams[1], // readonly: 0 - rw, 1 - ro - &strparams[6], // mount point - &intparams[2], // state: 0 - unmount, 1 - mount - &intparams[3], // primary: 0 - false, 1 - true - &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly - &intparams[5])) // storage id - { - handleDevice(Operation::ADDED, intparams, strparams); - } -} - -void ExtensionEncryptionServer::subscribeToStoraged() -{ - dbus::Connection &systemDBus = dbus::Connection::getSystem(); - - auto subscribe = [&systemDBus, this](Operation op, const std::string &method) { - dbus::Connection::SignalCallback callback = - std::bind(&ExtensionEncryptionServer::parseVariant, - this, - op, - std::placeholders::_1); - - subId[op] = systemDBus.subscribeSignal("", - STORAGED_DBUS_OBJECT, - STORAGED_DBUS_INTERFACE, - method.c_str(), - callback); - }; - - subscribe(Operation::ADDED, "DeviceAdded"); - subscribe(Operation::CHANGED, "DeviceChanged"); - subscribe(Operation::REMOVED, "DeviceRemoved"); -} - -void ExtensionEncryptionServer::unsubscribeFromStoraged() -{ - dbus::Connection &systemDBus = dbus::Connection::getSystem(); - - systemDBus.unsubscribeSignal(subId[Operation::ADDED]); - systemDBus.unsubscribeSignal(subId[Operation::CHANGED]); - systemDBus.unsubscribeSignal(subId[Operation::REMOVED]); -} - -bool ExtensionEncryptionServer::storagedMount(std::unique_lock &lock) -{ - currentReq = Request::MOUNT; - - int ret = -1; - try { - dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME, - STORAGED_DBUS_OBJECT, - STORAGED_DBUS_INTERFACE, - "Mount", - -1, - "(i)", - "(is)", - info[Device::MAP].storagedId, - info[Device::MAP].mntPath.c_str()).get("(i)", &ret); - } catch (runtime::Exception &e) { - ERROR(SINK, "Failed to call mount in storaged: " + std::string(e.what())); - currentReq = Request::NONE; - return false; - } - - if (ret != 0) { - ERROR(SINK, "Storaged failed to mount: " + std::to_string(ret)); - currentReq = Request::NONE; - return false; - } - - if (!storagedCv.wait_for(lock, std::chrono::seconds(1), [this] { - return currentReq == Request::NONE; - })) { - ERROR(SINK, "Storaged timed out mounting the MAP."); - currentReq = Request::NONE; - return false; - } - - return true; -} - -bool ExtensionEncryptionServer::storagedUnmount(std::unique_lock &lock) -{ - currentReq = Request::UMOUNT; - - int ret = -1; - try { - dbus::Connection::getSystem().methodcall(STORAGED_DBUS_BUSNAME, - STORAGED_DBUS_OBJECT, - STORAGED_DBUS_INTERFACE, - "Unmount", - -1, - "(i)", - "(ii)", - info[Device::MAP].storagedId, - 0).get("(i)", &ret); - } catch (runtime::Exception &e) { - ERROR(SINK, "Failed to call unmount in storaged: " + std::string(e.what())); - currentReq = Request::NONE; - return false; - } - - if (ret != 0) { - ERROR(SINK, "Storaged failed to unmount: " + std::to_string(ret)); - currentReq = Request::NONE; - return false; - } - - if (!storagedCv.wait_for(lock, std::chrono::seconds(1), [this] { - return currentReq == Request::NONE; - })) { - ERROR(SINK, "Storaged timed out unmounting the MAP."); - currentReq = Request::NONE; - return false; - } - - return true; -} - -int ExtensionEncryptionServer::getStatePriv() const -{ - if (!isInserted()) { - ERROR(SINK, "Cannot check state, card not inserted"); - return -1; - } - - if (info[Device::MMC].fsType == EXTENSION_FS_TYPE) - return State::Encrypted; - - return State::Corrupted; -} - -bool ExtensionEncryptionServer::isInserted() const -{ - return info[Device::MMC].storagedId >= 0; -} - -bool ExtensionEncryptionServer::isOpened() const -{ - return info[Device::MAP].storagedId >= 0; -} - -bool ExtensionEncryptionServer::isMounted() const -{ - return info[Device::MAP].mounted; -} - -} // namespace ode diff --git a/server/extension-encryption.h b/server/extension-encryption.h deleted file mode 100644 index ede4249..0000000 --- a/server/extension-encryption.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#ifndef __EXTENSION_ENCRYPTION_SERVER_H__ -#define __EXTENSION_ENCRYPTION_SERVER_H__ - -#include -#include -#include -#include - -#include "rmi/extension-encryption.h" -#include "key-manager/key-manager.h" -#include "engine/encryption/cryptsetup-engine.h" -#include "server.h" - -namespace ode { - -typedef CryptsetupEngine EXTENSION_ENGINE; - -class ExtensionEncryptionServer final: public ExtensionEncryption { -public: - ExtensionEncryptionServer(ServerContext& srv); - ~ExtensionEncryptionServer(); - - int setMountPassword(const std::string& password); - - int mount(); - int umount(); - - int format(const std::string& password); - - int isPasswordInitialized(); - int initPassword(const std::string& password); - int cleanPassword(const std::string& password); - int changePassword(const std::string& oldPW, const std::string& newPW); - int verifyPassword(const std::string& password); - - int getState(); - -private: - enum Operation { - ADDED = 0, - CHANGED, - REMOVED, - - OPERATION_MAX - }; - - enum Device { - MMC = 0, - MAP, - - DEVICE_MAX - }; - - enum Request { - NONE = 0, - MOUNT, - UMOUNT - }; - - struct DevInfo { - std::string mntPath; - std::string fsType; - std::string sysPath; - bool mounted; - int storagedId; - - DevInfo() : mounted(false), storagedId(-1) {} - ~DevInfo() {} - - void clear() { - mntPath.clear(); - fsType.clear(); - sysPath.clear(); - mounted = false; - storagedId = -1; - } - }; - - void logStoragedEvent(Operation op, Device d); - void handleDevice(Operation op, - const std::vector &intparams, - const std::vector &strparams); - - void parseVariant(Operation op, dbus::Variant parameters); - void queryStoraged(); - void subscribeToStoraged(); - void unsubscribeFromStoraged(); - - bool storagedMount(std::unique_lock &lock); - bool storagedUnmount(std::unique_lock &lock); - - int getStatePriv() const; - bool isInserted() const; - bool isOpened() const; - bool isMounted() const; - - ServerContext& server; - - // currently inserted card information, empty if no card: - DevInfo info[DEVICE_MAX]; - - dbus::Connection::SubscriptionId subId[OPERATION_MAX]; - - Request currentReq; - - std::unique_ptr engine; - KeyManager::data mountKey; - - std::mutex apiGuard; - std::mutex stateGuard; - std::condition_variable storagedCv; -}; - -} // namespace ode - -#endif // __EXTENSION_ENCRYPTION_SERVER_H__ diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index 886ce6b..62a9fc2 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -67,8 +67,6 @@ void externalCallback(dbus::Variant parameters) &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly &intparams[5]); // strage id - // TODO: this implementation probably would do better if it was on par with - // ExtensionEncryption in terms of how it detects and reacts to card events if (intparams[0] != 1 || (std::string(strparams[3]) != "vfat" && std::string(strparams[3]) != "ext4")) { DEBUG(SINK, "Storaged says it's not a regular SD card. Ignoring."); diff --git a/server/server.cpp b/server/server.cpp index 0c2b453..90ab266 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -23,7 +23,6 @@ #include "secure-erase.h" #include "internal-encryption.h" #include "external-encryption.h" -#include "extension-encryption.h" #include "luks.h" #include "key-manager/key-generator.h" #include "server.h" @@ -56,7 +55,6 @@ ServerContext::ServerContext() : rmi::Service(ODE_MANAGER_ADDRESS) secureErase.reset(new SecureEraseServer(*this)); internalEncryption.reset(new InternalEncryptionServer(*this)); externalEncryption.reset(new ExternalEncryptionServer(*this)); - extensionEncryption.reset(new ExtensionEncryptionServer(*this)); luks.reset(new LuksServer(*this)); KeyGenerator::init(); diff --git a/server/server.h b/server/server.h index 00b7f1f..18b5870 100644 --- a/server/server.h +++ b/server/server.h @@ -28,7 +28,6 @@ namespace ode { class SecureEraseServer; class InternalEncryptionServer; class ExternalEncryptionServer; -class ExtensionEncryptionServer; class LuksServer; class ServerContext final: public rmi::Service { @@ -45,7 +44,6 @@ private: std::unique_ptr secureErase; std::unique_ptr internalEncryption; std::unique_ptr externalEncryption; - std::unique_ptr extensionEncryption; std::unique_ptr luks; }; diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp index 83b01cf..5ab8edb 100644 --- a/tools/cli/ode-admin-cli.cpp +++ b/tools/cli/ode-admin-cli.cpp @@ -32,7 +32,6 @@ #include #include #include -#include #include extern char** environ; @@ -42,17 +41,16 @@ static inline int usage(const std::string name) std::cout << "Usage: " << name << " [Option]" << std::endl << std::endl << "Options :" << std::endl - << " -m, --mount=internal|external|extension mount" << std::endl - << " -u, --umount=internal|external|extension umount" << std::endl + << " -m, --mount=internal|external mount" << std::endl + << " -u, --umount=internal|external umount" << std::endl << " -e, --encrypt=internal|external encrypt" << std::endl << " -d, --decrypt=internal|external decrypt" << std::endl - << " -f, --format=extension format and setup encryption" << std::endl - << " -l --luks=format|open|close|wait perform LUKS operation or wait for completion. May also require -D and/or -M option." << std::endl + << " -l --luks=format|open|close|wait perform LUKS operation or wait for completion. May also require -D and/or -M option." << std::endl << " -D --device= device path required for LUKS format and LUKS open operations" << std::endl << " -M --mapping= mapping name required for LUKS open and LUKS close operations" << std::endl - << " -p, --changepw=internal|external|extension change password" << std::endl - << " -s, --state=internal|external|extension get state" << std::endl - << " -w, --waitmnt=internal|external|extension wait for mount"<< std::endl + << " -p, --changepw=internal|external change password" << std::endl + << " -s, --state=internal|external get state" << std::endl + << " -w, --waitmnt=internal|external wait for mount"<< std::endl << " -c, --clean=DIRECTORY secure-clean" << std::endl << " -h, --help show this" << std::endl << std::endl; @@ -81,8 +79,7 @@ static inline std::string getPassword() { } static inline void printSelectableStorage(bool internal = true, - bool external = true, - bool extension = true) + bool external = true) { bool firstDone = false; std::cerr << "Just choose one among followings :" << std::endl; @@ -98,13 +95,6 @@ static inline void printSelectableStorage(bool internal = true, std::cerr << "external"; firstDone = true; } - if (extension) { - if (firstDone) { - std::cerr << ", "; - } - std::cerr << "extension"; - firstDone = true; - } std::cerr << std::endl; } @@ -129,14 +119,6 @@ static inline int mount(const std::string name) } else { std::cerr << "Password setting failed" << std::endl; } - } else if (name == "extension") { - std::string password = getPassword(); - ret = ode_extension_encryption_set_mount_password(password.c_str()); - if (ret == 0) { - ret = ode_extension_encryption_mount(); - } else { - std::cerr << "Password setting failed" << std::endl; - } } else { printSelectableStorage(); return -1; @@ -157,8 +139,6 @@ static inline int umount(const std::string name) ret = ode_internal_encryption_umount(); } else if (name == "external") { ret = ode_external_encryption_umount(); - } else if (name == "extension") { - ret = ode_extension_encryption_umount(); } else { printSelectableStorage(); return -1; @@ -247,7 +227,7 @@ static inline int encrypt_storage(const std::string name) } ret = ode_external_encryption_encrypt(password.c_str(), options); } else { - printSelectableStorage(true, true, false); + printSelectableStorage(true, true); return -1; } @@ -275,45 +255,7 @@ static inline int decrypt_storage(const std::string name) ode_external_encryption_clean_password(password.c_str()); } } else { - printSelectableStorage(true, true, false); - return -1; - } - - if (ret != 0) { - std::cerr << "Error : " << ret <