// mount options are ignored by mount()
dmcrypt.mount(masterKey, 0);
+ UpgradeSupport::createUpgradeFlag();
} else if (UMOUNT == argv[1]) {
std::string path = INTERNAL_PATH;
if (argc == 3)
#include "ext4-tool.h"
#include "internal-encryption.h"
#include "internal-encryption-common.h"
+#include "upgrade-support.h"
namespace ode {
int InternalEncryptionServer::setMountPassword(const std::string& password)
{
- return keyServer.get(engine->getSource(), password, mountKey);
+ const std::string& dev = engine->getSource();
+
+ // check if upgrade flag exists
+ if(UpgradeSupport::removeUpgradeFlag()) {
+ INFO("Upgrade flag detected.");
+ // try to load the master key
+ try {
+ mountKey = UpgradeSupport::loadMasterKey(dev);
+
+ // encrypt the master key with given password
+ return keyServer.changePassword2(dev, mountKey, password);
+ } catch (const runtime::Exception&) {
+ INFO("Failed to load the master key stored during upgrade.");
+ }
+ }
+
+ return keyServer.get(dev, password, mountKey);
}
int InternalEncryptionServer::mount(const std::vector<unsigned char> &mk, unsigned int options)
return error::NoSuchFile;
}
+ UpgradeSupport::removeUpgradeFlag();
+
EncryptedKey ek(FileFooter::read(dev));
auto key = ek.decrypt(curPassword);
return error::None;
}
+int KeyServer::changePassword2(const std::string& dev,
+ const BinaryData& masterKey,
+ const std::string& newPassword)
+{
+ if (dev.empty() || masterKey.empty() || newPassword.empty())
+ return error::InvalidParameter;
+
+ std::lock_guard<std::mutex> lock(footerLock);
+ EncryptedKey ek(masterKey, newPassword);
+
+ FileFooter::write(dev, ek.serialize());
+ return error::None;
+}
+
int KeyServer::verifyPassword(const std::string& dev,
const std::string& password)
{
return error::NoSuchFile;
}
+ UpgradeSupport::removeUpgradeFlag();
+
EncryptedKey ek(FileFooter::read(dev));
key = ek.decrypt(password);
int changePassword(const std::string& dev,
const std::string& curPW,
const std::string& newPW);
+ int changePassword2(const std::string& dev,
+ const BinaryData& masterKey,
+ const std::string& newPW);
int verifyPassword(const std::string& dev, const std::string& password);
int get(const std::string& dev,
const std::string& password,
typedef int(*KeyStoragePluginRemoveFn)(const unsigned char*, size_t);
}
+const std::string UPGRADE_FLAG_PATH = "/opt/etc/.ode_upgrade_started";
+
std::mutex opGuard;
// not thread-safe because of static member
}
}
+void createUpgradeFlag()
+{
+ runtime::File file(UPGRADE_FLAG_PATH);
+ file.create(S_IRUSR | S_IWUSR); // 0600
+}
+
+bool removeUpgradeFlag()
+{
+ runtime::File file(UPGRADE_FLAG_PATH);
+ bool exists = file.exists();
+ if (exists)
+ file.remove();
+
+ return exists;
+}
+
} // namespace UpgradeSupport
} // namespace ode
void storeMasterKey(const std::string &device, const BinaryData& key);
BinaryData loadMasterKey(const std::string &device);
void removeMasterKey(const std::string &device);
+void createUpgradeFlag();
+bool removeUpgradeFlag();
} // namespace UpgradeSupport