From: Sungbae Yoo Date: Fri, 28 Oct 2016 13:08:04 +0000 (+0900) Subject: Organize initial source structure X-Git-Tag: submit/tizen/20170213.020148~49 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F87%2F94287%2F15;p=platform%2Fcore%2Fsecurity%2Fode.git Organize initial source structure Signed-off-by: Sungbae Yoo Change-Id: Ibaac06b70da27cef98d6abea2cacee4844222655 --- diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100755 index 0000000..30d02bf --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,85 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.8) + +PROJECT(ode) + +IF(NOT DEFINED VERSION) + SET(VERSION "0.0.1") +ENDIF(NOT DEFINED VERSION) + +INCLUDE(FindPkgConfig) + +IF(NOT CMAKE_BUILD_TYPE) + SET(CMAKE_BUILD_TYPE "DEBUG") +ENDIF(NOT CMAKE_BUILD_TYPE) + +SET(ODE_LIB ${PROJECT_SOURCE_DIR}/lib) +SET(ODE_SERVER ${PROJECT_SOURCE_DIR}/server) +SET(ODE_TOOLS ${PROJECT_SOURCE_DIR}/tools) +SET(ODE_TESTS ${PROJECT_SOURCE_DIR}/tests) + +IF("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.7) + SET(CXX_STD "c++0x") +else() + SET(CXX_STD "c++11") +endif() + +SET(COMPILE_BASE_FLAGS "-g -fPIC -Werror -Wall -Wl,--as-needed -Wl,--no-whole-archive") +SET(CMAKE_C_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "${COMPILE_BASE_FLAGS} -O0 -pg -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb") +SET(CMAKE_CXX_FLAGS_DEBUG "${COMPILE_BASE_FLAGS} -O0 -ggdb -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG") +SET(CMAKE_CXX_FLAGS_RELEASE "${COMPILE_BASE_FLAGS} -O2 -DNDEBUG -std=${CXX_STD} -fno-rtti") +SET(CMAKE_C_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "${COMPILE_BASE_FLAGS} -O0 --coverage -std=${CXX_STD} -fno-rtti") + +IF(NOT DEFINED LIB_DIR) + SET(LIB_DIR "${CMAKE_INSTALL_LIBDIR}") +ENDIF(NOT DEFINED LIB_DIR) + +IF(NOT DEFINED INCLUDE_DIR) + SET(INCLUDE__DIR "${CMAKE_INSTALL_INCLUDEDIR}") +ENDIF(NOT DEFINED INCLUDE_DIR) + +IF(NOT DEFINED RUN_DIR) + SET(RUN_DIR "/run") +ENDIF(NOT DEFINED RUN_DIR) + +IF(NOT DEFINED BIN_DIR) + SET(BIN_DIR "${CMAKE_INSTALL_BINDIR}") +ENDIF(NOT DEFINED BIN_DIR) + +IF(NOT DEFINED HOME_DIR) + SET(HOME_DIR "/home") +ENDIF(NOT DEFINED HOME_DIR) + +IF(NOT DEFINED PAMD_DIR) + SET(PAMD_DIR "${SYSCONF_INSTALL_DIR}/pam.d") +ENDIF(NOT DEFINED PAMD_DIR) + +IF(NOT DEFINED SYSTEMD_UNIT_DIR) + SET(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_PREFIX}/lib/systemd/system") +ENDIF(NOT DEFINED SYSTEMD_UNIT_DIR) + +ADD_DEFINITIONS(-DUG_WAYLAND) + +ADD_SUBDIRECTORY(${ODE_LIB}) +ADD_SUBDIRECTORY(${ODE_SERVER}) +ADD_SUBDIRECTORY(${ODE_TOOLS}) +ADD_SUBDIRECTORY(${ODE_TESTS}) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..26b7de6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,204 @@ +Copyright (c) 2015 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt new file mode 100755 index 0000000..24f3b26 --- /dev/null +++ b/lib/CMakeLists.txt @@ -0,0 +1,57 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(LIB_VERSION "${VERSION}") +SET(LIB_SOVERSION "0") + +SET(PC_FILE "${PROJECT_NAME}.pc") + +SET(SOURCES client.cpp + secure-erase.cpp + internal-encryption.cpp + external-encryption.cpp + ode/secure-erase.cpp + ode/internal-encryption.cpp + ode/external-encryption.cpp +) + +SET(CAPI_INCLUDE_FILES ode/common.h + ode/secure-erase.h + ode/internal-encryption.h + ode/external-encryption.h +) + + +SET (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack") + +PKG_CHECK_MODULES(LIBS_DEPS REQUIRED + klay + glib-2.0 + libtzplatform-config +) + +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SOURCES}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES COMPILE_FLAGS "-fvisibility=hidden") +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES SOVERSION ${LIB_SOVERSION}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES VERSION ${LIB_VERSION}) + +INCLUDE_DIRECTORIES(SYSTEM ${LIBS_DEPS_INCLUDE_DIRS} ${ODE_LIB} ${PROJECT_SOURCE_DIR}) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${LIBS_DEPS_LIBRARIES} pthread) + +CONFIGURE_FILE(${PC_FILE}.in ${CMAKE_BINARY_DIR}/${PC_FILE} @ONLY) + +INSTALL(FILES ${CMAKE_BINARY_DIR}/${PC_FILE} DESTINATION ${LIB_INSTALL_DIR}/pkgconfig) +INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries) +INSTALL(FILES ${CAPI_INCLUDE_FILES} DESTINATION ${INCLUDE_INSTALL_DIR}/ode) diff --git a/lib/client.cpp b/lib/client.cpp new file mode 100644 index 0000000..b9fbd1e --- /dev/null +++ b/lib/client.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "client.h" + +namespace { + +const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock"; + +} // namespace + + +ODEContext::ODEContext() noexcept +{ +} + +ODEContext::~ODEContext() noexcept +{ + disconnect(); +} + +int ODEContext::connect(const std::string& address) noexcept +{ + try { + client.reset(new rmi::Client(address)); + client->connect(); + } catch (runtime::Exception& e) { + return -1; + } + + return 0; +} + +int ODEContext::connect() noexcept +{ + return connect(ODE_MANAGER_ADDRESS); +} + +void ODEContext::disconnect() noexcept +{ + client.reset(); +} diff --git a/lib/client.h b/lib/client.h new file mode 100644 index 0000000..a512821 --- /dev/null +++ b/lib/client.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __ODE_CLIENT_H__ +#define __ODE_CLIENT_H__ + +#include +#include +#include + +#include + +class ODEContext final { +public: + typedef std::unique_ptr ODEControlContext; + + ODEContext() noexcept; + ~ODEContext() noexcept; + + int connect() noexcept; + int connect(const std::string& address) noexcept; + void disconnect() noexcept; + + template + Interface createInterface(Args&&... args) noexcept + { + return Interface(getODEControlContext(), std::forward(args)...); + } + +private: + ODEControlContext& getODEControlContext() + { + return client; + } + + ODEControlContext client; +}; + +ODEContext& GetODEContext(void* handle); +#endif //__ODE_CLIENT_H__ diff --git a/lib/context.h b/lib/context.h new file mode 100644 index 0000000..a1bc546 --- /dev/null +++ b/lib/context.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __ODE_CONTEXT__ +#define __ODE_CONTEXT__ + +#include "client.h" + +using ODEControlContext = ::ODEContext::ODEControlContext; + +#endif //!__ODE_CONTEXT__ diff --git a/lib/external-encryption.cpp b/lib/external-encryption.cpp new file mode 100644 index 0000000..1849e9c --- /dev/null +++ b/lib/external-encryption.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include "rmi/external-encryption.h" + +namespace ode { + +ExternalEncryption::ExternalEncryption(ODEControlContext& ctx) : + context(ctx) +{ +} + +ExternalEncryption::~ExternalEncryption() +{ +} + +int ExternalEncryption::mount(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::erase", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::umount() +{ + try { + return context->methodCall("ExternalEncryption::clean"); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::encrypt(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::encrypt", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::decrypt(const std::string& password) +{ + try { + return context->methodCall("ExternalEncryption::decrypt", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::changePassword(const std::string& oldPassword, + const std::string& newPassword) +{ + try { + return context->methodCall("ExternalEncryption::changePassword", + oldPassword, newPassword); + } catch (runtime::Exception& e) { + return -1; + } +} + +int ExternalEncryption::getState() +{ + try { + return context->methodCall("ExternalEncryption::getState"); + } catch (runtime::Exception& e) { + return -1; + } +} + +} // namespace ode diff --git a/lib/internal-encryption.cpp b/lib/internal-encryption.cpp new file mode 100644 index 0000000..517b378 --- /dev/null +++ b/lib/internal-encryption.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include "rmi/internal-encryption.h" + +namespace ode { + +InternalEncryption::InternalEncryption(ODEControlContext& ctx) : + context(ctx) +{ +} + +InternalEncryption::~InternalEncryption() +{ +} + +int InternalEncryption::mount(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::password", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::umount() +{ + try { + return context->methodCall("InternalEncryption::umount"); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::encrypt(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::encrypt", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::decrypt(const std::string& password) +{ + try { + return context->methodCall("InternalEncryption::decrypt", password); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::changePassword(const std::string& oldPassword, + const std::string& newPassword) +{ + try { + return context->methodCall("InternalEncryption::changePassword", + oldPassword, newPassword); + } catch (runtime::Exception& e) { + return -1; + } +} + +int InternalEncryption::getState() +{ + try { + return context->methodCall("InternalEncryption::getState"); + } catch (runtime::Exception& e) { + return -1; + } +} + +} // namespace ode diff --git a/lib/ode.pc.in b/lib/ode.pc.in new file mode 100644 index 0000000..175f23b --- /dev/null +++ b/lib/ode.pc.in @@ -0,0 +1,12 @@ +# Package Information for pkg-config + +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=@CMAKE_INSTALL_PREFIX@ +libdir=@LIB_INSTALL_DIR@ +includedir=@INCLUDE_INSTALL_DIR@ + +Name: @PROJECT_NAME@ +Description: Tizen @PROJECT_NAME@ Client library +Version: @VERSION@ +Libs: -L${libdir} -l@PROJECT_NAME@ +Cflags: -I${includedir}/@PROJECT_NAME@ diff --git a/lib/ode/common.h b/lib/ode/common.h new file mode 100644 index 0000000..201e223 --- /dev/null +++ b/lib/ode/common.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_ODE_COMMON_H__ +#define __CAPI_ODE_COMMON_H__ + +#include + +/** + * @file ode.h + * @brief This file defines common data types required to ode APIs. + */ + +#ifndef ODE_API +#define ODE_API __attribute__((visibility("default"))) +#endif // API + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup CAPI_ODE_ODE_ODE_MANAGER_MODULE + * @{ + */ + +/** + * @brief Enumeration of device encryption API errors + * @since_tizen 3.0 + */ +typedef enum { + ODE_ERROR_NONE = TIZEN_ERROR_NONE, /**< The operation was successful */ + ODE_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid parameter */ + ODE_ERROR_CONNECTION_REFUSED = TIZEN_ERROR_CONNECTION_REFUSED, /**< Connection refused */ + ODE_ERROR_TIMED_OUT = TIZEN_ERROR_TIMED_OUT, /**< Time out */ + ODE_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Access privilege is not sufficient */ + ODE_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Operation is not supported */ + ODE_ERROR_NO_SUCH_FILE = TIZEN_ERROR_NO_SUCH_FILE, /**< No such file or directory */ + ODE_ERROR_FILE_EXISTS = TIZEN_ERROR_FILE_EXISTS, /**< File exists */ + ODE_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + ODE_ERROR_NOT_PERMITTED = TIZEN_ERROR_NOT_PERMITTED, /**< Operation is not permitted */ + ODE_ERROR_KEY_REJECTED = TIZEN_ERROR_KEY_REJECTED /**< Passwor is rejected */ +} ode_error_type_e; + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_ODE_ODE_H__ */ diff --git a/lib/ode/debug.h b/lib/ode/debug.h new file mode 100644 index 0000000..f2b8a3d --- /dev/null +++ b/lib/ode/debug.h @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_ODE_ASSERT_H__ +#define __CAPI_ODE_ASSERT_H__ + +#define RET_ON_FAILURE(cond, ret) \ +{ \ + if (!(cond)) \ + return (ret); \ +} + +#endif //! __CAPI_ODE_ASSERT_H__ diff --git a/lib/ode/external-encryption.cpp b/lib/ode/external-encryption.cpp new file mode 100644 index 0000000..6647ac4 --- /dev/null +++ b/lib/ode/external-encryption.cpp @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "debug.h" +#include "external-encryption.h" + +#include "client.h" +#include "rmi/external-encryption.h" + +using namespace ode; + +int ode_external_encryption_mount(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.mount(password); +} + +int ode_external_encryption_umount() +{ + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.umount(); +} + +int ode_external_encryption_encrypt(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.encrypt(password); +} + +int ode_external_encryption_decrypt(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.decrypt(password); +} + +int ode_external_encryption_change_password(const char* old_password, + const char* new_password) +{ + RET_ON_FAILURE(old_password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(new_password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + + return external.changePassword(new_password, old_password); +} + +int ode_external_encryption_get_state(int* state) +{ + RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + ExternalEncryption external = client.createInterface(); + int ret = external.getState(); + + RET_ON_FAILURE(ret != -1, ODE_ERROR_INVALID_PARAMETER); + + *state = ret; + return ODE_ERROR_NONE; +} diff --git a/lib/ode/external-encryption.h b/lib/ode/external-encryption.h new file mode 100644 index 0000000..4f78455 --- /dev/null +++ b/lib/ode/external-encryption.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_ODE_EXTERNAL_ENCRYPTION_H__ +#define __CAPI_ODE_EXTERNAL_ENCRYPTION_H__ + +#include + +/** + * @file external-encryption.h + * @brief This file provides APIs to manage the encryption of external storage + * such as SD card. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Mount external storage with encryption by given password. + * @details Administrator can use this API to mount encrypted external + * storage. + * @since_tizen 3.0 + * @param[in] password The password to mount external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_external_encryption_encrypt() + * @see ode_external_encryption_umount() + */ +ODE_API int ode_external_encryption_mount(const char* password); + +/** + * @brief Umount external storage + * @details Administrator can use this API to unmount external storage. + * @since_tizen 3.0 + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_mount() + */ +ODE_API int ode_external_encryption_umount(); + +/** + * @brief Encrypt external storage by given password. + * @details Administrator can use this API to encrypt external storage. + * @since_tizen 3.0 + * @param[in] password The password to encrypt external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The handle must be created by ode_manager_create(). + * @see ode_manager_create() + * @see ode_manager_destroy() + * @see ode_external_encryption_mount() + * @see ode_external_encryption_decrypt() + */ +ODE_API int ode_external_encryption_encrypt(const char* password); + +/** + * @brief Decrypt external storage by given password. + * @details Administrator can use this API to decrypt external storage. + * @since_tizen 3.0 + * @param[in] password The password to decrypt external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_external_encryption_encrypt() + */ +ODE_API int ode_external_encryption_decrypt(const char* password); + +/** + * @brief Change the password for external storage. + * @details Administrator can use this API to change password for external + * storage. + * @since_tizen 3.0 + * @param[in] old_password Current password of external storage + * @param[in] new_password The password to use newly for external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED old_password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_external_encryption_encrypt() + */ +ODE_API int ode_external_encryption_change_password(const char* old_password, + const char* new_password); + +/** + * @brief Get current encryption state of external storage. + * @details Administrator can use this API to get current encryption state + * of external storage. + * @since_tizen 3.0 + * @param[out] state The encryption state of external storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_external_encryption_encrypt() + * @see ode_external_encryption_decrypt() + */ +ODE_API int ode_external_encryption_get_state(int* state); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_ODE_EXTERNAL_ENCRYPTION_H__ */ diff --git a/lib/ode/internal-encryption.cpp b/lib/ode/internal-encryption.cpp new file mode 100644 index 0000000..c626e8d --- /dev/null +++ b/lib/ode/internal-encryption.cpp @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "debug.h" +#include "internal-encryption.h" + +#include "client.h" +#include "rmi/internal-encryption.h" + +using namespace ode; + +int ode_internal_encryption_mount(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.mount(password); +} + +int ode_internal_encryption_umount() +{ + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.umount(); +} + +int ode_internal_encryption_encrypt(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.encrypt(password); +} + +int ode_internal_encryption_decrypt(const char* password) +{ + RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.decrypt(password); +} + +int ode_internal_encryption_change_password(const char* old_password, + const char* new_password) +{ + RET_ON_FAILURE(old_password, ODE_ERROR_INVALID_PARAMETER); + RET_ON_FAILURE(new_password, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + + return internal.changePassword(new_password, old_password); +} + +int ode_internal_encryption_get_state(int* state) +{ + RET_ON_FAILURE(state, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + InternalEncryption internal = client.createInterface(); + int ret = internal.getState(); + + RET_ON_FAILURE(ret != -1, ODE_ERROR_INVALID_PARAMETER); + + *state = ret; + return ODE_ERROR_NONE; +} diff --git a/lib/ode/internal-encryption.h b/lib/ode/internal-encryption.h new file mode 100644 index 0000000..b89fd49 --- /dev/null +++ b/lib/ode/internal-encryption.h @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_ODE_INTERNAL_ENCRYPTION_H__ +#define __CAPI_ODE_INTERNAL_ENCRYPTION_H__ + +#include + +/** + * @file internal-encryption.h + * @brief This file provides APIs to manage the encryption of internal storage. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Mount internal storage with encryption by given password. + * @details Administrator can use this API to mount encrypted internal + * storage. + * @since_tizen 3.0 + * @param[in] password The password to mount internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_internal_encryption_encrypt() + * @see ode_internal_encryption_umount() + */ +ODE_API int ode_internal_encryption_mount(const char* password); + +/** + * @brief Umount internal storage + * @details Administrator can use this API to unmount internal storage. + * @since_tizen 3.0 + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_mount() + */ +ODE_API int ode_internal_encryption_umount(); + +/** + * @brief Encrypt internal storage by given password. + * @details Administrator can use this API to encrypt internal storage. + * @since_tizen 3.0 + * @param[in] password The password to encrypt internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_mount() + * @see ode_internal_encryption_decrypt() + */ +ODE_API int ode_internal_encryption_encrypt(const char* password); + +/** + * @brief Decrypt internal storage by given password. + * @details Administrator can use this API to decrypt internal storage. + * @since_tizen 3.0 + * @param[in] password The password to decrypt internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED Password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_internal_encryption_encrypt() + */ +ODE_API int ode_internal_encryption_decrypt(const char* password); + +/** + * @brief Change the password for internal storage. + * @details Administrator can use this API to change password for internal + * storage. + * @since_tizen 3.0 + * @param[in] old_password Current password of internal storage + * @param[in] new_password The password to use newly for internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_KEY_REJECTED old_password doen't match + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The password must matched with what used for encryption. + * @see ode_internal_encryption_encrypt() + */ +ODE_API int ode_internal_encryption_change_password(const char* old_password, + const char* new_password); + +/** + * @brief Get current encryption state of internal storage. + * @details Administrator can use this API to get current encryption state + * of internal storage. + * @since_tizen 3.0 + * @param[out] state The encryption state of internal storage + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @see ode_internal_encryption_encrypt() + * @see ode_internal_encryption_decrypt() + */ +ODE_API int ode_internal_encryption_get_state(int* state); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_ODE_INTERNAL_ENCRYPTION_H__ */ diff --git a/lib/ode/secure-erase.cpp b/lib/ode/secure-erase.cpp new file mode 100644 index 0000000..1ad49f5 --- /dev/null +++ b/lib/ode/secure-erase.cpp @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "debug.h" +#include "secure-erase.h" + +#include "client.h" +#include "rmi/secure-erase.h" + +using namespace ode; + +int ode_secure_erase(const char* name) +{ + RET_ON_FAILURE(name, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + SecureErase secure = client.createInterface(); + + return secure.erase(name); +} + +int ode_secure_clean(const char* name) +{ + RET_ON_FAILURE(name, ODE_ERROR_INVALID_PARAMETER); + + ODEContext client; + RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED); + SecureErase secure = client.createInterface(); + + return secure.clean(name); +} diff --git a/lib/ode/secure-erase.h b/lib/ode/secure-erase.h new file mode 100644 index 0000000..3e6b4b7 --- /dev/null +++ b/lib/ode/secure-erase.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __CAPI_ODE_SECURE_ERASE_H__ +#define __CAPI_ODE_SECURE_ERASE_H__ + +#include + +/** + * @file secure-erase.h + * @brief This file provides APIs to secure actions in the ode + */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @brief Erase the file or device with given name securely. + * @details Administrator can use this API to secure-erase the files. + * @since_tizen 3.0 + * @param[in] name The file/directory or device name + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The file or device to the given name must be exists. + * @pre If the device is specified, it must be a block device. + */ +ODE_API int ode_secure_erase(const char* name); + +/** + * @brief Clean garbage in the device with given name securely. + * @details Administrator can use this API to collect garbage in the device. + * @since_tizen 3.0 + * @param[in] name The device name + * @return #ODE_ERROR_NONE on success, otherwise a negative value + * @retval #ODE_ERROR_NONE Successful + * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #ODE_ERROR_TIMED_OUT Time out + * @retval #ODE_ERROR_NO_SUCH_FILE No such file or directory + * @retval #ODE_ERROR_NOT_PERMITTED Operation not permitted + * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have + * the privilege to call this API + * @pre The device to the given name must be exists. + */ +ODE_API int ode_secure_clean(const char* name); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __CAPI_ODE_SECURE_ERASE_H__ */ diff --git a/lib/secure-erase.cpp b/lib/secure-erase.cpp new file mode 100644 index 0000000..f96ced9 --- /dev/null +++ b/lib/secure-erase.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include "rmi/secure-erase.h" + +namespace ode { + +SecureErase::SecureErase(ODEControlContext& ctx) : + context(ctx) +{ +} + +SecureErase::~SecureErase() +{ +} + +int SecureErase::erase(const std::string& name) +{ + try { + return context->methodCall("SecureErase::erase", name); + } catch (runtime::Exception& e) { + return -1; + } +} + +int SecureErase::clean(const std::string& name) +{ + try { + return context->methodCall("SecureErase::clean", name); + } catch (runtime::Exception& e) { + return -1; + } +} + +} // namespace ode diff --git a/ode.manifest b/ode.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/ode.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/ode.spec b/packaging/ode.spec new file mode 100644 index 0000000..388d9cc --- /dev/null +++ b/packaging/ode.spec @@ -0,0 +1,115 @@ +Name: ode +Version: 0.0.1 +Release: 0 +License: Apache-2.0 +Source0: file://%{name}-%{version}.tar.gz +Summary: Tizen device encryption and secure erase manager +Group: Security/Service +Requires: systemd +BuildRequires: gcc +BuildRequires: cmake +BuildRequires: gettext-tools +BuildRequires: pkgconfig(klay) +BuildRequires: pkgconfig(glib-2.0) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: pkgconfig(key-manager) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) + +%description +The ode package provides a daemon which is responsible for encrypting/decryption storages and secure erasing. + +%files +%manifest ode.manifest +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/oded +%{_unitdir}/ode.service +%{_unitdir}/multi-user.target.wants/ode.service +%attr(700,root,root) %{_sbindir}/ode-admin-cli + +%prep +%setup -q + +%build +%{!?build_type:%define build_type "RELEASE"} + +%if %{build_type} == "DEBUG" || %{build_type} == "PROFILING" || %{build_type} == "CCOV" + CFLAGS="$CFLAGS -Wp,-U_FORTIFY_SOURCE" + CXXFLAGS="$CXXFLAGS -Wp,-U_FORTIFY_SOURCE" +%endif + +%{!?profile:%define profile "mobile"} + +%cmake . -DVERSION=%{version} \ + -DCMAKE_BUILD_TYPE=%{build_type} \ + -DTIZEN_PROFILE_NAME=%{profile} \ + -DRUN_DIR=%{TZ_SYS_RUN} \ + -DBIN_DIR=%{TZ_SYS_BIN} \ + -DSYSTEMD_UNIT_DIR=%{_unitdir} + +make %{?jobs:-j%jobs} + +%install +%make_install +mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants +ln -s ../ode.service %{buildroot}/%{_unitdir}/multi-user.target.wants/ode.service + +%clean +rm -rf %{buildroot} + +%postun + +## ODE Client Package ######################################################## +%package -n libode +Summary: Library for Tizen device encryption and secure erase +Group: Security/Libraries +BuildRequires: pkgconfig(libtzplatform-config) +Requires: %{name} = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libode +The libode package contains the libraries needed to encrypt/decrypt storages and secure erasing. + +%post -n libode -p /sbin/ldconfig + +%postun -n libode -p /sbin/ldconfig + +%files -n libode +%manifest ode.manifest +%defattr(644,root,root,755) +%attr(755,root,root) %{_libdir}/libode.so.%{version} +%{_libdir}/libode.so.0 + +## Devel Package ############################################################## +%package -n libode-devel +Summary: Libraries and header files for device encryption client development +Group: Development/Libraries +Requires: libode = %{version}-%{release} + +%description -n libode-devel +The libode-devel package includes the libraries and header files necessary for +developing device encryption client program. + +%files -n libode-devel +%manifest ode.manifest +%defattr(644,root,root,755) +%{_libdir}/libode.so +%{_includedir}/ode +%{_libdir}/pkgconfig/ode.pc + +## Unittest Package ########################################################### +%package -n unit-tests +Summary: Unit tests to verify components of device encryption +Group: Security/Testing +Requires: libode = %{version}-%{release} + +%description -n unit-tests +The libode-devel package includes the libraries and header files necessary for +developing device encryption client program. + +%files -n unit-tests +%manifest ode.manifest +%defattr(644,root,root,755) +%attr(755,root,root) %{_bindir}/ode-engine-unit-tests diff --git a/rmi/external-encryption.h b/rmi/external-encryption.h new file mode 100644 index 0000000..cd38faa --- /dev/null +++ b/rmi/external-encryption.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __EXTERNAL_ENCRYPTION_H__ +#define __EXTERNAL_ENCRYPTION_H__ + +#include "context.h" + +namespace ode { + +/** + * This class provides APIs to manage the encryption of external stroage + * such as SD card. + */ + +class ExternalEncryption final { +public: + ExternalEncryption(ODEControlContext& ctxt); + ~ExternalEncryption(); + + int mount(const std::string& password); + int umount(); + + int encrypt(const std::string& password); + int decrypt(const std::string& password); + + int changePassword(const std::string& oldPW, const std::string& newPW); + + int getState(); + +private: + ODEControlContext& context; +}; + +} // namespace ode +#endif // __EXTERNAL_ENCRYPTION_H__ diff --git a/rmi/internal-encryption.h b/rmi/internal-encryption.h new file mode 100644 index 0000000..c1986c1 --- /dev/null +++ b/rmi/internal-encryption.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __INTERNAL_ENCRYPTION_H__ +#define __INTERNAL_ENCRYPTION_H__ + +#include "context.h" + +namespace ode { + +/** + * This class provides APIs to manage the encryption of internal stroage. + */ + +class InternalEncryption final { +public: + InternalEncryption(ODEControlContext& ctxt); + ~InternalEncryption(); + + int mount(const std::string& password); + int umount(); + + int encrypt(const std::string& password); + int decrypt(const std::string& password); + + int changePassword(const std::string& oldPW, const std::string& newPW); + + int getState(); + +private: + ODEControlContext& context; +}; + +} // namespace ode +#endif // __INTERNAL_ENCRYPTION_H__ diff --git a/rmi/secure-erase.h b/rmi/secure-erase.h new file mode 100644 index 0000000..2eb4735 --- /dev/null +++ b/rmi/secure-erase.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __SECURE_ERASE_H__ +#define __SECURE_ERASE_H__ + +#include "context.h" + +namespace ode { + +/** + * This class provides APIs to secure actions(erase/clean). + */ + +class SecureErase final { +public: + SecureErase(ODEControlContext& ctxt); + ~SecureErase(); + + int erase(const std::string& name); + int clean(const std::string& name); + +private: + ODEControlContext& context; +}; + +} // namespace ode +#endif // __SECURE_ERASE_H__ diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt new file mode 100644 index 0000000..1560574 --- /dev/null +++ b/server/CMakeLists.txt @@ -0,0 +1,58 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +SET(SERVER_SRCS main.cpp + server.cpp + secure-erase.cpp + internal-encryption.cpp + external-encryption.cpp + engine/ext4-engine.cpp + engine/dmcrypt-engine.cpp + engine/ecryptfs-engine.cpp + key-manager/keystore.cpp + key-manager/key-generator.cpp +) + +SET(DEPENDENCY klay + glib-2.0 + gio-2.0 + libxml-2.0 + libtzplatform-config + cynara-client + cynara-session +) + +SET(SERVER_NAME ${PROJECT_NAME}d) + +ADD_EXECUTABLE(${SERVER_NAME} ${SERVER_SRCS}) + +PKG_CHECK_MODULES(SERVER_DEPS REQUIRED ${DEPENDENCY}) + +INCLUDE_DIRECTORIES(SYSTEM ${SERVER_DEPS_INCLUDE_DIRS} ${ODE_SERVER} ${PROJECT_SOURCE_DIR}) + +TARGET_LINK_LIBRARIES(${SERVER_NAME} ${SERVER_DEPS_LIBRARIES} pthread) + +SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES COMPILE_FLAGS "-fPIE") +SET_TARGET_PROPERTIES(${SERVER_NAME} PROPERTIES LINK_FLAGS "-pie") + +TARGET_COMPILE_DEFINITIONS(${SERVER_NAME} PRIVATE + RUN_PATH="${RUN_DIR}" + ICON_PATH="${ICON_DIR}" +) + +CONFIGURE_FILE(systemd/${PROJECT_NAME}.service.in systemd/${PROJECT_NAME}.service) + +INSTALL(TARGETS ${SERVER_NAME} DESTINATION ${BIN_DIR}) +INSTALL(FILES systemd/${PROJECT_NAME}.service DESTINATION ${SYSTEMD_UNIT_DIR}) diff --git a/server/context.h b/server/context.h new file mode 100644 index 0000000..718bbab --- /dev/null +++ b/server/context.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __ODE_CONTEXT_H__ +#define __ODE_CONTEXT_H__ + +#include "server.h" + +using ODEControlContext = Server; + +#endif //__ODE_CONTEXT_H__ diff --git a/server/engine/dmcrypt-engine.cpp b/server/engine/dmcrypt-engine.cpp new file mode 100644 index 0000000..1c1ffc6 --- /dev/null +++ b/server/engine/dmcrypt-engine.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "dmcrypt-engine.h" + +namespace ode { + +DMCryptEngine::DMCryptEngine(const std::string& src, const std::string& dest) : + source(src), destination(dest) +{ +} + +DMCryptEngine::~DMCryptEngine() +{ +} + +void DMCryptEngine::mount(const DMCryptEngine::data& key) +{ + //TODO +} + +void DMCryptEngine::umount() +{ + //TODO +} + +void DMCryptEngine::encrypt(const DMCryptEngine::data& key) +{ + //TODO +} + + + +void DMCryptEngine::decrypt(const DMCryptEngine::data& key) +{ + //TODO +} + + + +} // namespace ode diff --git a/server/engine/dmcrypt-engine.h b/server/engine/dmcrypt-engine.h new file mode 100644 index 0000000..f148de0 --- /dev/null +++ b/server/engine/dmcrypt-engine.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __DMCRYPT_ENGINE_H__ +#define __DMCRYPT_ENGINE_H__ + +#include +#include + +namespace ode { + +class DMCryptEngine final { +public: + DMCryptEngine(const std::string& src, const std::string& dest); + DMCryptEngine(const DMCryptEngine&) = delete; + DMCryptEngine(DMCryptEngine&&) = delete; + ~DMCryptEngine(); + + DMCryptEngine& operator=(const DMCryptEngine&) = delete; + DMCryptEngine& operator=(DMCryptEngine&&) = delete; + + const std::string& getSource() + { + return source; + } + + const std::string& getDestination() + { + return destination; + } + + typedef std::vector data; + + void mount(const data& key); + void umount(); + + void encrypt(const data& key); + void decrypt(const data& key); + +private: + std::string source, destination; +}; + +} // namespace ode +#endif // __DMCRYPT_ENGINE_H__ diff --git a/server/engine/ecryptfs-engine.cpp b/server/engine/ecryptfs-engine.cpp new file mode 100644 index 0000000..c7f97ff --- /dev/null +++ b/server/engine/ecryptfs-engine.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "ecryptfs-engine.h" + +namespace ode { + +EcryptfsEngine::EcryptfsEngine(const std::string& src, const std::string& dest) : + source(src), destination(dest) +{ +} + +EcryptfsEngine::~EcryptfsEngine() +{ +} + +void EcryptfsEngine::mount(const EcryptfsEngine::data& key) +{ + //TODO +} + +void EcryptfsEngine::umount() +{ + //TODO +} + +void EcryptfsEngine::encrypt(const EcryptfsEngine::data& key) +{ + //TODO +} + + + +void EcryptfsEngine::decrypt(const EcryptfsEngine::data& key) +{ + //TODO +} + + + +} // namespace ode diff --git a/server/engine/ecryptfs-engine.h b/server/engine/ecryptfs-engine.h new file mode 100644 index 0000000..cc55c1f --- /dev/null +++ b/server/engine/ecryptfs-engine.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __ECRYPTFS_ENGINE_H__ +#define __ECRYPTFS_ENGINE_H__ + +#include +#include + +namespace ode { + +class EcryptfsEngine final { +public: + EcryptfsEngine(const std::string& src, const std::string& dest); + EcryptfsEngine(const EcryptfsEngine&) = delete; + EcryptfsEngine(EcryptfsEngine&&) = delete; + ~EcryptfsEngine(); + + EcryptfsEngine& operator=(const EcryptfsEngine&) = delete; + EcryptfsEngine& operator=(EcryptfsEngine&&) = delete; + + const std::string& getSource() + { + return source; + } + + const std::string& getDestination() + { + return destination; + } + + typedef std::vector data; + + void mount(const data& key); + void umount(); + + void encrypt(const data& key); + void decrypt(const data& key); + +private: + std::string source, destination; +}; + +} // namespace ode +#endif // __ECRYPTFS_ENGINE_H__ diff --git a/server/engine/ext4-engine.cpp b/server/engine/ext4-engine.cpp new file mode 100644 index 0000000..ce17296 --- /dev/null +++ b/server/engine/ext4-engine.cpp @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "ext4-engine.h" + +namespace ode { + +Ext4Engine::Ext4Engine(const std::string& src, const std::string& dest) : + source(src), destination(dest) +{ +} + +Ext4Engine::~Ext4Engine() +{ +} + +void Ext4Engine::mount(const Ext4Engine::data& key) +{ + //TODO +} + +void Ext4Engine::umount() +{ + //TODO +} + +void Ext4Engine::encrypt(const Ext4Engine::data& key) +{ + //TODO +} + + + +void Ext4Engine::decrypt(const Ext4Engine::data& key) +{ + //TODO +} + + + +} // namespace ode diff --git a/server/engine/ext4-engine.h b/server/engine/ext4-engine.h new file mode 100644 index 0000000..a90e260 --- /dev/null +++ b/server/engine/ext4-engine.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __EXT4_ENGINE_H__ +#define __EXT4_ENGINE_H__ + +#include +#include + +namespace ode { + +class Ext4Engine final { +public: + Ext4Engine(const std::string& src, const std::string& dest); + Ext4Engine(const Ext4Engine&) = delete; + Ext4Engine(Ext4Engine&&) = delete; + ~Ext4Engine(); + + Ext4Engine& operator=(const Ext4Engine&) = delete; + Ext4Engine& operator=(Ext4Engine&&) = delete; + + const std::string& getSource() + { + return source; + } + + const std::string& getDestination() + { + return destination; + } + + typedef std::vector data; + + void mount(const data& key); + void umount(); + + void encrypt(const data& key); + void decrypt(const data& key); + +private: + std::string source, destination; +}; + +} // namespace ode +#endif // __EXT4_ENGINE_H__ diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp new file mode 100644 index 0000000..e538119 --- /dev/null +++ b/server/external-encryption.cpp @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "engine/ecryptfs-engine.h" +#include "key-manager/keystore.h" +#include "key-manager/key-generator.h" + +#include "rmi/external-encryption.h" + +namespace ode { + +ExternalEncryption::ExternalEncryption(ODEControlContext& ctx) : + context(ctx) +{ + context.registerParametricMethod(this, "", (int)(ExternalEncryption::mount)(std::string)); + context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::umount)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::decrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(ExternalEncryption::changePassword)(std::string, std::string)); + context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::getState)); +} + + +ExternalEncryption::~ExternalEncryption() +{ +} + +int ExternalEncryption::mount(const std::string& password) +{ + //TODO + return 0; +} + +int ExternalEncryption::umount() +{ + //TODO + return 0; +} + +int ExternalEncryption::encrypt(const std::string& password) +{ + //TODO + return 0; +} + +int ExternalEncryption::decrypt(const std::string& password) +{ + //TODO + return 0; +} + +int ExternalEncryption::changePassword(const std::string& oldPassword, + const std::string& newPassword) +{ + //TODO + return 0; +} + +int ExternalEncryption::getState() +{ + //TODO + return 0; +} + +} // namespace ode diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp new file mode 100644 index 0000000..a4956e3 --- /dev/null +++ b/server/internal-encryption.cpp @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "engine/dmcrypt-engine.h" +#include "key-manager/keystore.h" +#include "key-manager/key-generator.h" + +#include "rmi/internal-encryption.h" + +namespace ode { + +InternalEncryption::InternalEncryption(ODEControlContext& ctx) : + context(ctx) +{ + context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string)); + context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string)); + context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string)); + context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState)); +} + + +InternalEncryption::~InternalEncryption() +{ +} + +int InternalEncryption::mount(const std::string& password) +{ + //TODO + return 0; +} + +int InternalEncryption::umount() +{ + //TODO + return 0; +} + +int InternalEncryption::encrypt(const std::string& password) +{ + //TODO + return 0; +} + +int InternalEncryption::decrypt(const std::string& password) +{ + //TODO + return 0; +} + +int InternalEncryption::changePassword(const std::string& oldPassword, + const std::string& newPassword) +{ + //TODO + return 0; +} + +int InternalEncryption::getState() +{ + //TODO + return 0; +} + +} // namespace ode diff --git a/server/key-manager/key-generator.cpp b/server/key-manager/key-generator.cpp new file mode 100644 index 0000000..ccb5934 --- /dev/null +++ b/server/key-manager/key-generator.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "key-generator.h" + +#define PBKDF_DEFAULT_ITERATION 8 + +namespace ode { + +KeyGenerator::KeyGenerator() +{ +} + +KeyGenerator::~KeyGenerator() +{ +} + +const KeyGenerator::data KeyGenerator::PBKDF(const KeyGenerator::data& pass, const KeyGenerator::data& salt) +{ + data ret; + + //TODO + + return ret; +} + +const KeyGenerator::data KeyGenerator::AES(const KeyGenerator::data& in1, const KeyGenerator::data& in2) +{ + data ret; + + //TODO + + return ret; +} + +const KeyGenerator::data KeyGenerator::HMAC(const KeyGenerator::data& original, const KeyGenerator::data& key) +{ + data ret; + + //TODO + + return ret; +} + +const KeyGenerator::data KeyGenerator::RNG() +{ + data ret; + + //TODO + + return ret; +} + +} // namespace ode diff --git a/server/key-manager/key-generator.h b/server/key-manager/key-generator.h new file mode 100644 index 0000000..5a1a4b6 --- /dev/null +++ b/server/key-manager/key-generator.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __KEY_GENERATOR_H__ +#define __KEY_GENERATOR_H__ + +#include + +namespace ode { + +class KeyGenerator final { +public: + KeyGenerator(); + KeyGenerator(const KeyGenerator&) = delete; + KeyGenerator(KeyGenerator&&) = delete; + ~KeyGenerator(); + + KeyGenerator& operator=(const KeyGenerator&) = delete; + KeyGenerator& operator=(KeyGenerator&&) = delete; + + typedef std::vector data; + + const data PBKDF(const data& pass, const data& salt); + const data AES(const data& in1, const data& in2); + const data HMAC(const data& original, const data& key); + const data RNG(); +}; + +} // namespace ode +#endif // __KEY_GENERATOR_H__ diff --git a/server/key-manager/keystore.cpp b/server/key-manager/keystore.cpp new file mode 100644 index 0000000..20de6de --- /dev/null +++ b/server/key-manager/keystore.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "keystore.h" + +namespace ode { + +KeyStore::KeyStore(const std::string& name) : + file(name) +{ +} + +KeyStore::~KeyStore() +{ +} + +KeyStore::data KeyStore::getEncryptedDeviceKey() +{ + data ret; + + //TODO + + return ret; +} + +KeyStore::data KeyStore::getEncryptedMasterKey() +{ + data ret; + + //TODO + + return ret; +} + +void KeyStore::setEncryptedDeviceKey(const KeyStore::data& key) +{ + //TODO +} + +void KeyStore::setEncryptedMasterKey(const KeyStore::data& key) +{ + //TODO +} + +} // namespace ode diff --git a/server/key-manager/keystore.h b/server/key-manager/keystore.h new file mode 100644 index 0000000..d6d0e5e --- /dev/null +++ b/server/key-manager/keystore.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __KEY_STORAGE_H__ +#define __KEY_STORAGE_H__ + +#include +#include + +#include + +namespace ode { + +class KeyStore final { +public: + KeyStore(const std::string& name); + KeyStore(const KeyStore&) = delete; + KeyStore(KeyStore&&) = delete; + ~KeyStore(); + + KeyStore& operator=(const KeyStore&) = delete; + KeyStore& operator=(KeyStore&&) = delete; + + typedef std::vector data; + + data getEncryptedDeviceKey(); + data getEncryptedMasterKey(); + + void setEncryptedDeviceKey(const data& key); + void setEncryptedMasterKey(const data& key); + +private: + runtime::File file; +}; + +} // namespace ode + +#endif // __KEY_STORAGE_H__ diff --git a/server/main.cpp b/server/main.cpp new file mode 100644 index 0000000..448df58 --- /dev/null +++ b/server/main.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "server.h" + +void signalHandler(int signum) +{ + exit(0); +} + +int main(int argc, char *argv[]) +{ + ::signal(SIGINT, signalHandler); + + ::umask(0); + + try { + Server server; + server.run(); + } catch (std::exception &e) { + std::cerr << e.what() << std::endl; + return 1; + } + + return 0; +} diff --git a/server/secure-erase.cpp b/server/secure-erase.cpp new file mode 100644 index 0000000..a0afbec --- /dev/null +++ b/server/secure-erase.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "rmi/secure-erase.h" + +namespace ode { + +SecureErase::SecureErase(ODEControlContext& ctx) : + context(ctx) +{ + context.registerParametricMethod(this, "", (int)(SecureErase::erase)(std::string)); + context.registerParametricMethod(this, "", (int)(SecureErase::clean)(std::string)); +} + +SecureErase::~SecureErase() +{ +} + +int SecureErase::erase(const std::string& name) +{ + return -1; +} + +int SecureErase::clean(const std::string& name) +{ + return -1; +} + + + +} // namespace ode diff --git a/server/server.cpp b/server/server.cpp new file mode 100644 index 0000000..86c673a --- /dev/null +++ b/server/server.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +#include "server.h" + +using namespace std::placeholders; + +namespace { + +const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock"; + +} // namespace + +Server::Server() +{ + service.reset(new rmi::Service(ODE_MANAGER_ADDRESS)); + + service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2)); +} + +Server::~Server() +{ +} + +void Server::run() +{ + // Prepare execution environment + service->start(true); +} + +void Server::terminate() +{ + service->stop(); +} + +bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege) +{ + cynara *p_cynara; + + if (privilege.empty()) { + return true; + } + + if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) { + ERROR("Failure in cynara API"); + return false; + } + + if (::cynara_check(p_cynara, cred.security.c_str(), "", + std::to_string(cred.uid).c_str(), + privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) { + ::cynara_finish(p_cynara); + ERROR("Access denied: " + cred.security + " : " + privilege); + return false; + } + + ::cynara_finish(p_cynara); + + return true; +} diff --git a/server/server.h b/server/server.h new file mode 100644 index 0000000..9b21e68 --- /dev/null +++ b/server/server.h @@ -0,0 +1,64 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#ifndef __ODE_SERVER_H__ +#define __ODE_SERVER_H__ + +#include +#include + +#include +#include +#include + +class Server final { +public: + Server(); + ~Server(); + + void run(); + void terminate(); + + template + void setMethodHandler(const std::string& privilege, const std::string& method, + const typename rmi::MethodHandler::type& handler) + { + service->setMethodHandler(privilege, method, handler); + } + + uid_t getPeerUid() const + { + return service->getPeerUid(); + } + + gid_t getPeerGid() const + { + return service->getPeerGid(); + } + + pid_t getPeerPid() const + { + return service->getPeerPid(); + } + + bool checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege); + +private: + std::string securityLabel; + std::unique_ptr service; +}; + +#endif //__ODE_SERVER_H__ diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in new file mode 100644 index 0000000..922e17c --- /dev/null +++ b/server/systemd/ode.service.in @@ -0,0 +1,15 @@ +[Unit] +Description=@PROJECT_NAME@ management daemon + +[Service] +Type=simple +SmackProcessLabel=System +ExecStart=@BIN_DIR@/@PROJECT_NAME@d +Restart=on-failure +ExecReload=/bin/kill -HUP $MAINPID +CapabilityBoundingSet=~CAP_MAC_ADMIN +CapabilityBoundingSet=~CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_DAC_OVERRIDE + +[Install] +WantedBy=multi-user.target diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100755 index 0000000..5c85168 --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,38 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +PROJECT(${PROJECT_NAME}-engine-unit-tests) + +SET(TEST_SRC main.cpp + ext4-engine.cpp + dmcrypt-engine.cpp + ecryptfs-engine.cpp + ../server/engine/ext4-engine.cpp + ../server/engine/dmcrypt-engine.cpp + ../server/engine/ecryptfs-engine.cpp +) + +ADD_EXECUTABLE(${PROJECT_NAME} ${TEST_SRC}) + +PKG_CHECK_MODULES(TEST_DEPS REQUIRED klay + glib-2.0 + gio-2.0 +) + +INCLUDE_DIRECTORIES(SYSTEM ${TEST_DEPS_INCLUDE_DIRS}) + +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${TEST_DEPS_LIBRARIES}) + +INSTALL(TARGETS ${PROJECT_NAME} DESTINATION bin) diff --git a/tests/dmcrypt-engine.cpp b/tests/dmcrypt-engine.cpp new file mode 100644 index 0000000..86f542b --- /dev/null +++ b/tests/dmcrypt-engine.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include + +#include "../server/engine/dmcrypt-engine.h" + +#define TEST_PATH "/opt/usr" + +TESTCASE(DMCryptGetPathTest) +{ + try { + ode::DMCryptEngine engine("/dev/mmcblkp0", "/opt/usr"); + if (engine.getDestination() != "/dev/mmcblkp0") { + throw runtime::Exception("Source doen't match"); + } + if (engine.getDestination() != "/opt/usr") { + throw runtime::Exception("Destination doen't match"); + } + } catch (runtime::Exception& e) { + TEST_FAIL(e.what()); + } +} diff --git a/tests/ecryptfs-engine.cpp b/tests/ecryptfs-engine.cpp new file mode 100644 index 0000000..cd00460 --- /dev/null +++ b/tests/ecryptfs-engine.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include + +#include "../server/engine/ecryptfs-engine.h" + +#define TEST_PATH "/opt/usr" + +TESTCASE(EcryptfsGetPathTest) +{ + try { + ode::EcryptfsEngine engine("/dev/mmcblkp0", "/opt/usr"); + if (engine.getDestination() != "/dev/mmcblkp0") { + throw runtime::Exception("Source doen't match"); + } + if (engine.getDestination() != "/opt/usr") { + throw runtime::Exception("Destination doen't match"); + } + } catch (runtime::Exception& e) { + TEST_FAIL(e.what()); + } +} diff --git a/tests/ext4-engine.cpp b/tests/ext4-engine.cpp new file mode 100644 index 0000000..7f6627d --- /dev/null +++ b/tests/ext4-engine.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include +#include +#include + +#include "../server/engine/ext4-engine.h" + +#define TEST_PATH "/opt/usr" + +TESTCASE(Ext4GetPathTest) +{ + try { + ode::Ext4Engine engine("/dev/mmcblkp0", "/opt/usr"); + if (engine.getDestination() != "/dev/mmcblkp0") { + throw runtime::Exception("Source doen't match"); + } + if (engine.getDestination() != "/opt/usr") { + throw runtime::Exception("Destination doen't match"); + } + } catch (runtime::Exception& e) { + TEST_FAIL(e.what()); + } +} diff --git a/tests/main.cpp b/tests/main.cpp new file mode 100644 index 0000000..c578255 --- /dev/null +++ b/tests/main.cpp @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +#include +#include + +int main(int argc, char** argv) +{ + audit::Logger::setLogLevel(audit::LogLevel::Trace); + testbench::Testbench::runAllTestSuites(); + + return 0; +} diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt new file mode 100755 index 0000000..9262bb2 --- /dev/null +++ b/tools/CMakeLists.txt @@ -0,0 +1,21 @@ +# +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#SET(ODE_APPS ${ODE_TOOLS}/apps) +SET(ODE_CLI ${ODE_TOOLS}/cli) + +#ADD_SUBDIRECTORY(${ODE_APPS}) +ADD_SUBDIRECTORY(${ODE_CLI}) diff --git a/tools/cli/CMakeLists.txt b/tools/cli/CMakeLists.txt new file mode 100644 index 0000000..ae42a87 --- /dev/null +++ b/tools/cli/CMakeLists.txt @@ -0,0 +1,37 @@ +# +# Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +FILE(GLOB CLI_SRCS ode-admin-cli.cpp +) + +SET(CLI_NAME ${PROJECT_NAME}-admin-cli) + +ADD_EXECUTABLE(${CLI_NAME} ${CLI_SRCS}) +SET_TARGET_PROPERTIES(${CLI_NAME} PROPERTIES PREFIX "" + COMPILE_DEFINITIONS PID_FILE_PATH="${RUN_DIR}/ode" + COMPILE_FLAGS "-fPIE" + LINK_FLAGS "-pie" +) + +PKG_CHECK_MODULES(CLI_DEPS REQUIRED + klay + glib-2.0 +) + +INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${ODE_LIB}) +TARGET_LINK_LIBRARIES(${CLI_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} ode) + +INSTALL(TARGETS ${CLI_NAME} DESTINATION sbin) diff --git a/tools/cli/ode-admin-cli.cpp b/tools/cli/ode-admin-cli.cpp new file mode 100644 index 0000000..9c8f0e2 --- /dev/null +++ b/tools/cli/ode-admin-cli.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/** + * @file + * @brief CLI tool to encrypt/decrypt storage and secure erase + */ +#include + +#include +#include +#include + +#include +#include + +extern char** environ; + +static inline void usage(const std::string name) +{ + std::cout << "Usage: " << name << " [Option]" << std::endl + << std::endl + << "Options :" << std::endl + << " -h, --help show this" << std::endl + << std::endl; +} + +int main(int argc, char* argv[]) +{ + int opt = 0, index, ret = 0; + + struct option options[] = { + {"help", no_argument, 0, 'h'}, + {0, 0, 0, 0} + }; + + if (argc <= 1) { + usage(argv[0]); + return EXIT_SUCCESS; + } + + while ((opt = getopt_long(argc, argv, "e:h", options, &index)) != -1) { + switch (opt) { + case 'h': + usage(argv[0]); + break; + default: + usage(argv[0]); + ret = -1; + } + } + + return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE; +}