#include <ode/internal-encryption.h>
#include <ode/external-encryption.h>
#include <ode/luks.h>
+#include <ode/keys.h>
extern char** environ;
<< " require -D and/or -M option." << std::endl
<< " -L --luks_sync=format|open|close perform LUKS operation using synchronous" << std::endl
<< " API. May also require -D and/or -M option." << std::endl
- << " -D --device=<device> device path required for LUKS format and" << std::endl
- << " LUKS open operations" << std::endl
+ << " -D --device=<device> device path" << std::endl
<< " -M --mapping=<mapping> mapping name required for LUKS open and" << std::endl
<< " LUKS close operations" << std::endl
+ << " -k, --keys=store|remove Store/remove the master key of given device" << std::endl
+ << " for the purpose of system upgrade. Requires" << std::endl
+ << " -D option" << std::endl
<< " -p, --changepw=internal|external change password" << std::endl
<< " -s, --state=internal|external get state" << std::endl
<< " -w, --waitmnt=internal|external wait for mount"<< std::endl
}
}
+static inline int keys(const std::string& name, const std::string& device)
+{
+ if (name == "store") {
+ if (device.empty())
+ return usage(name);
+
+ std::string password = getPassword();
+
+ int ret = ode_key_store_master_key(device.c_str(), password.c_str());
+ if (ret != ODE_ERROR_NONE)
+ std::cerr << "Error : " << ret << std::endl;
+ return -1;
+ }
+
+ if (name == "remove") {
+ if (device.empty())
+ return usage(name);
+
+ int ret = ode_key_remove_master_key(device.c_str());
+ if (ret != ODE_ERROR_NONE)
+ std::cerr << "Error : " << ret << std::endl;
+ return -1;
+ }
+
+ std::cerr << "Wrong arguments (store|remove)" << std::endl;
+ return -1;
+}
+
static inline int change_password(const std::string name)
{
int ret;
{"decrypt", required_argument, 0, 'd'},
{"luks" , required_argument, 0, 'l'},
{"luks_sync" , required_argument, 0, 'L'},
+ {"keys" , required_argument, 0, 'k'},
{"state", required_argument, 0, 's'},
{"waitmnt", required_argument, 0, 'w'},
{"clean", required_argument, 0, 'c'},
std::string mapping, device, op;
bool sync = true;
- while ((opt = getopt_long(argc, argv, "m:u:e:d:l:L:p:s:w:c:h", options, &index)) != -1) {
+ while ((opt = getopt_long(argc, argv, "m:u:e:d:l:L:p:k:s:w:c:h", options, &index)) != -1) {
switch (opt) {
case 'm':
ret = mount(optarg);
if (ret == 0)
ret = luks(sync, op, device, mapping);
break;
+ case 'k':
+ op = optarg;
+ while ((luks_opt = getopt_long(argc, argv, "D:", luks_options, &index)) != -1) {
+ switch (luks_opt) {
+ case 'D':
+ device = optarg;
+ break;
+ default:
+ ret = usage(argv[0]);
+ }
+ }
+ if (ret == 0)
+ ret = keys(op, device);
+ break;
case 'p':
ret = change_password(optarg);
break;
projects / platform / core / security / ode.git / commitdiff