From 71a82e8bafbac3cdf534403db6090d35c94fe2c2 Mon Sep 17 00:00:00 2001 From: Sungbae Yoo Date: Mon, 21 Nov 2016 18:11:02 +0900 Subject: [PATCH] Add external encryption with key-manager and engine Change-Id: If94dfc9e296aba4621b70b19a4476b8633d4d0ce Signed-off-by: Sungbae Yoo --- server/external-encryption.cpp | 111 +++++++++++++++++++++++++++++++-- 1 file changed, 106 insertions(+), 5 deletions(-) diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp index a9e3800..e52bf2c 100644 --- a/server/external-encryption.cpp +++ b/server/external-encryption.cpp @@ -13,6 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License */ +#include +#include + #include #include @@ -21,8 +24,21 @@ #include "rmi/external-encryption.h" +#define EXTERNAL_STORAGE_PATH "/opt/media/SDCardA1" + namespace ode { +namespace { + +KeyManager keyManager(EXTERNAL_STORAGE_PATH); +EcryptfsEngine engine(EXTERNAL_STORAGE_PATH, EXTERNAL_STORAGE_PATH); + +void killDependedApplications() +{ +} + +} + ExternalEncryption::ExternalEncryption(ODEControlContext& ctx) : context(ctx) { @@ -41,32 +57,117 @@ ExternalEncryption::~ExternalEncryption() int ExternalEncryption::mount(const std::string& password) { - //TODO + bool isVerified = false; + KeyManager::data pwData(password.begin(), password.end()); + + try { + isVerified = keyManager.verifyPassword(pwData); + } catch (runtime::Exception& e) {} + + if (!isVerified) { + return -1; + } + + engine.mount(keyManager.getDEK(pwData)); return 0; } int ExternalEncryption::umount() { - //TODO + INFO("Close all applications using external storage..."); + killDependedApplications(); + INFO("Umount internal storage..."); + engine.umount(); + return 0; } int ExternalEncryption::encrypt(const std::string& password) { - //TODO + KeyManager::data pwData(password.begin(), password.end()); + + if (keyManager.isInitialized()) { + bool isVerified = false; + try { + isVerified = keyManager.verifyPassword(pwData); + } catch (runtime::Exception& e) {} + + if (!isVerified) { + return -2; + } + } else { + keyManager.initPassword(pwData); + } + + KeyManager::data DEK = keyManager.getDEK(pwData); + auto encryptWorker = [DEK, this]() { + INFO("Close all applications using external storage..."); + killDependedApplications(); + INFO("Encryption started..."); + engine.encrypt(DEK); + INFO("Sync disk..."); + sync(); + INFO("Encryption completed"); + }; + + std::thread asyncWork(encryptWorker); + asyncWork.detach(); + return 0; } int ExternalEncryption::decrypt(const std::string& password) { - //TODO + bool isVerified = false; + KeyManager::data pwData(password.begin(), password.end()); + + try { + isVerified = keyManager.verifyPassword(pwData); + } catch (runtime::Exception& e) {} + + if (!isVerified) { + return -1; + } + + KeyManager::data DEK = keyManager.getDEK(pwData); + auto decryptWorker = [DEK, this]() { + INFO("Close all applications using external storage..."); + killDependedApplications(); + INFO("Umount internal storage..."); + try { + engine.umount(); + } catch (runtime::Exception& e) {} + INFO("Decryption started..."); + engine.decrypt(DEK); + INFO("Sync disk..."); + sync(); + INFO("Decryption completed"); + }; + + std::thread asyncWork(decryptWorker); + asyncWork.detach(); + + keyManager.clearPassword(); + return 0; } int ExternalEncryption::changePassword(const std::string& oldPassword, const std::string& newPassword) { - //TODO + KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end()); + KeyManager::data newPwData(newPassword.begin(), oldPassword.end()); + + bool isVerified = false; + try { + isVerified = keyManager.verifyPassword(newPwData); + } catch (runtime::Exception& e) {} + + if (!isVerified) { + return -1; + } + + keyManager.changePassword(oldPwData, newPwData); return 0; } -- 2.34.1