estoraged.cpp - OpenGrok cross reference for /openbmc/estoraged/src/estoraged.cpp

Deleted Added

sdiffudifftextold (2b5454d3..)new (b2c86be3..)

estoraged.cpp (2b5454d316b564e63b6f5afa5e0018a014d81365)	estoraged.cpp (b2c86be3b1c6bf26dbfbcf3e3a3f3322472023e9)
1 2#include "estoraged.hpp" 3 4#include "cryptErase.hpp" 5#include "cryptsetupInterface.hpp" 6#include "pattern.hpp" 7#include "sanitize.hpp" 8#include "verifyDriveGeometry.hpp" --- 88 unchanged lines hidden (view full) --- 97 98 if (type != Volume::FilesystemType::ext4) 99 { 100 lg2::error("Only ext4 filesystems are supported currently", 101 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail")); 102 throw UnsupportedRequest(); 103 } 104	1 2#include "estoraged.hpp" 3 4#include "cryptErase.hpp" 5#include "cryptsetupInterface.hpp" 6#include "pattern.hpp" 7#include "sanitize.hpp" 8#include "verifyDriveGeometry.hpp" --- 88 unchanged lines hidden (view full) --- 97 98 if (type != Volume::FilesystemType::ext4) 99 { 100 lg2::error("Only ext4 filesystems are supported currently", 101 "REDFISH_MESSAGE_ID", std::string("OpenBMC.0.1.FormatFail")); 102 throw UnsupportedRequest(); 103 } 104
105 CryptHandle cryptHandle(devPath.c_str());	105 formatLuksDev(password); 106 activateLuksDev(password);
106	107
107 formatLuksDev(cryptHandle.get(), password); 108 activateLuksDev(cryptHandle.get(), password); 109
110 createFilesystem(); 111 mountFilesystem(); 112} 113 114void EStoraged::erase(Volume::EraseMethod inEraseMethod) 115{ 116 std::cerr << "Erasing encrypted eMMC" << std::endl; 117 lg2::info("Starting erase", "REDFISH_MESSAGE_ID", --- 64 unchanged lines hidden (view full) --- 182 deactivateLuksDev(); 183} 184 185void EStoraged::unlock(std::vector<uint8_t> password) 186{ 187 std::string msg = "OpenBMC.0.1.DriveUnlock"; 188 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg); 189	108 createFilesystem(); 109 mountFilesystem(); 110} 111 112void EStoraged::erase(Volume::EraseMethod inEraseMethod) 113{ 114 std::cerr << "Erasing encrypted eMMC" << std::endl; 115 lg2::info("Starting erase", "REDFISH_MESSAGE_ID", --- 64 unchanged lines hidden (view full) --- 180 deactivateLuksDev(); 181} 182 183void EStoraged::unlock(std::vector<uint8_t> password) 184{ 185 std::string msg = "OpenBMC.0.1.DriveUnlock"; 186 lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg); 187
190 CryptHandle cryptHandle(devPath.c_str()); 191 192 activateLuksDev(cryptHandle.get(), std::move(password));	188 activateLuksDev(std::move(password));
193 mountFilesystem(); 194} 195 196void EStoraged::changePassword(const std::vector<uint8_t>& /oldPassword/, 197 const std::vector<uint8_t>& /newPassword/) 198{ 199 std::cerr << "Changing password for encrypted eMMC" << std::endl; 200 lg2::info("Starting change password", "REDFISH_MESSAGE_ID", --- 5 unchanged lines hidden (view full) --- 206 return lockedProperty; 207} 208 209std::string_view EStoraged::getMountPoint() const 210{ 211 return mountPoint; 212} 213	189 mountFilesystem(); 190} 191 192void EStoraged::changePassword(const std::vector<uint8_t>& /oldPassword/, 193 const std::vector<uint8_t>& /newPassword/) 194{ 195 std::cerr << "Changing password for encrypted eMMC" << std::endl; 196 lg2::info("Starting change password", "REDFISH_MESSAGE_ID", --- 5 unchanged lines hidden (view full) --- 202 return lockedProperty; 203} 204 205std::string_view EStoraged::getMountPoint() const 206{ 207 return mountPoint; 208} 209
214void EStoraged::formatLuksDev(struct crypt_device* cd, 215 std::vector<uint8_t> password)	210void EStoraged::formatLuksDev(std::vector<uint8_t> password)
216{ 217 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 218 std::string("OpenBMC.0.1.FormatLuksDev")); 219 220 /* Generate the volume key. */ 221 const std::size_t keySize = 64; 222 std::vector<uint8_t> volumeKey(keySize); 223 if (RAND_bytes(volumeKey.data(), keySize) != 1) 224 { 225 lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID", 226 std::string("OpenBMC.0.1.FormatLuksDevFail")); 227 throw InternalFailure(); 228 }	211{ 212 lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 213 std::string("OpenBMC.0.1.FormatLuksDev")); 214 215 /* Generate the volume key. */ 216 const std::size_t keySize = 64; 217 std::vector<uint8_t> volumeKey(keySize); 218 if (RAND_bytes(volumeKey.data(), keySize) != 1) 219 { 220 lg2::error("Failed to create volume key", "REDFISH_MESSAGE_ID", 221 std::string("OpenBMC.0.1.FormatLuksDevFail")); 222 throw InternalFailure(); 223 }
	224 225 /* Create the handle. */ 226 CryptHandle cryptHandle(devPath); 227
229 /* Format the LUKS encrypted device. */	228 /* Format the LUKS encrypted device. */
230 int retval = 231 cryptIface->cryptFormat(cd, CRYPT_LUKS2, "aes", "xts-plain64", nullptr, 232 reinterpret_cast<const char*>(volumeKey.data()), 233 volumeKey.size(), nullptr);	229 int retval = cryptIface->cryptFormat( 230 cryptHandle.get(), CRYPT_LUKS2, "aes", "xts-plain64", nullptr, 231 reinterpret_cast<const char*>(volumeKey.data()), volumeKey.size(), 232 nullptr);
234 if (retval < 0) 235 { 236 lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL", 237 retval, "REDFISH_MESSAGE_ID", 238 std::string("OpenBMC.0.1.FormatLuksDevFail")); 239 throw InternalFailure(); 240 } 241 242 /* Device is now encrypted. / 243 locked(true); 244 245 / Set the password. */ 246 retval = cryptIface->cryptKeyslotAddByVolumeKey(	233 if (retval < 0) 234 { 235 lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL", 236 retval, "REDFISH_MESSAGE_ID", 237 std::string("OpenBMC.0.1.FormatLuksDevFail")); 238 throw InternalFailure(); 239 } 240 241 /* Device is now encrypted. / 242 locked(true); 243 244 / Set the password. */ 245 retval = cryptIface->cryptKeyslotAddByVolumeKey(
247 cd, CRYPT_ANY_SLOT, nullptr, 0,	246 cryptHandle.get(), CRYPT_ANY_SLOT, nullptr, 0,
248 reinterpret_cast<const char*>(password.data()), password.size()); 249 250 if (retval < 0) 251 { 252 lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID", 253 std::string("OpenBMC.0.1.FormatLuksDevFail")); 254 throw InternalFailure(); 255 } 256 257 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath, 258 "REDFISH_MESSAGE_ID", 259 std::string("OpenBMC.0.1.FormatLuksDevSuccess")); 260} 261	247 reinterpret_cast<const char*>(password.data()), password.size()); 248 249 if (retval < 0) 250 { 251 lg2::error("Failed to set encryption password", "REDFISH_MESSAGE_ID", 252 std::string("OpenBMC.0.1.FormatLuksDevFail")); 253 throw InternalFailure(); 254 } 255 256 lg2::info("Encrypted device {DEV} successfully formatted", "DEV", devPath, 257 "REDFISH_MESSAGE_ID", 258 std::string("OpenBMC.0.1.FormatLuksDevSuccess")); 259} 260
262void EStoraged::activateLuksDev(struct crypt_device* cd, 263 std::vector<uint8_t> password)	261void EStoraged::activateLuksDev(std::vector<uint8_t> password)
264{ 265 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 266 std::string("OpenBMC.0.1.ActivateLuksDev")); 267	262{ 263 lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID", 264 std::string("OpenBMC.0.1.ActivateLuksDev")); 265
268 int retval = cryptIface->cryptLoad(cd, CRYPT_LUKS2, nullptr);	266 /* Create the handle. */ 267 CryptHandle cryptHandle(devPath); 268 269 int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
269 if (retval < 0) 270 { 271 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval, 272 "REDFISH_MESSAGE_ID", 273 std::string("OpenBMC.0.1.ActivateLuksDevFail")); 274 throw InternalFailure(); 275 } 276 277 retval = cryptIface->cryptActivateByPassphrase(	270 if (retval < 0) 271 { 272 lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval, 273 "REDFISH_MESSAGE_ID", 274 std::string("OpenBMC.0.1.ActivateLuksDevFail")); 275 throw InternalFailure(); 276 } 277 278 retval = cryptIface->cryptActivateByPassphrase(
278 cd, containerName.c_str(), CRYPT_ANY_SLOT,	279 cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
279 reinterpret_cast<const char>(password.data()), password.size(), 0); 280 281 if (retval < 0) 282 { 283 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval, 284 "REDFISH_MESSAGE_ID", 285 std::string("OpenBMC.0.1.ActivateLuksDevFail")); 286 throw InternalFailure(); --- 126 unchanged lines hidden* ---	280 reinterpret_cast<const char>(password.data()), password.size(), 0); 281 282 if (retval < 0) 283 { 284 lg2::error("Failed to activate LUKS dev: {RETVAL}", "RETVAL", retval, 285 "REDFISH_MESSAGE_ID", 286 std::string("OpenBMC.0.1.ActivateLuksDevFail")); 287 throw InternalFailure(); --- 126 unchanged lines hidden* ---