xref: /openbmc/estoraged/include/estoraged.hpp (revision 0c2808f0) 
1 #pragma once
2 
3 #include "cryptsetupInterface.hpp"
4 #include "filesystemInterface.hpp"
5 
6 #include <libcryptsetup.h>
7 
8 #include <sdbusplus/bus.hpp>
9 #include <sdbusplus/exception.hpp>
10 #include <sdbusplus/server/object.hpp>
11 #include <xyz/openbmc_project/Inventory/Item/Volume/server.hpp>
12 
13 #include <filesystem>
14 #include <memory>
15 #include <string>
16 #include <string_view>
17 #include <vector>
18 
19 namespace estoraged
20 {
21 using eStoragedInherit = sdbusplus::server::object_t<
22     sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume>;
23 using estoraged::Cryptsetup;
24 using estoraged::Filesystem;
25 
26 /** @class eStoraged
27  *  @brief eStoraged object to manage a LUKS encrypted storage device.
28  */
29 class eStoraged : eStoragedInherit
30 {
31   public:
32     /** @brief Constructor for eStoraged
33      *
34      *  @param[in] bus - sdbusplus dbus object
35      *  @param[in] path - DBus object path
36      *  @param[in] devPath - path to device file, e.g. /dev/mmcblk0
37      *  @param[in] luksName - name for the LUKS container
38      *  @param[in] cryptInterface - (optional) pointer to CryptsetupInterface
39      *    object
40      *  @param[in] fsInterface - (optional) pointer to FilesystemInterface
41      *    object
42      */
43     eStoraged(sdbusplus::bus::bus& bus, const char* path,
44               const std::string& devPath, const std::string& luksName,
45               std::unique_ptr<CryptsetupInterface> cryptInterface =
46                   std::make_unique<Cryptsetup>(),
47               std::unique_ptr<FilesystemInterface> fsInterface =
48                   std::make_unique<Filesystem>()) :
49         eStoragedInherit(bus, path),
50         devPath(devPath), containerName(luksName),
51         mountPoint("/mnt/" + luksName + "_fs"),
52         cryptIface(std::move(cryptInterface)), fsIface(std::move(fsInterface))
53     {}
54 
55     /** @brief Format the LUKS encrypted device and create empty filesystem.
56      *
57      *  @param[in] password - password to set for the LUKS device.
58      *  @param[in] type - filesystem type, e.g. ext4
59      */
60     void formatLuks(std::vector<uint8_t> password,
61                     FilesystemType type) override;
62 
63     /** @brief Erase the contents of the storage device.
64      *
65      *  @param[in] eraseType - type of erase operation.
66      */
67     void erase(EraseMethod eraseType) override;
68 
69     /** @brief Unmount filesystem and lock the LUKS device.
70      */
71     void lock() override;
72 
73     /** @brief Unlock device and mount the filesystem.
74      *
75      *  @param[in] password - password for the LUKS device.
76      */
77     void unlock(std::vector<uint8_t> password) override;
78 
79     /** @brief Change the password for the LUKS device.
80      *
81      *  @param[in] oldPassword - old password for the LUKS device.
82      *  @param[in] newPassword - new password for the LUKS device.
83      */
84     void changePassword(std::vector<uint8_t> oldPassword,
85                         std::vector<uint8_t> newPassword) override;
86 
87     /** @brief Check if the LUKS device is currently locked. */
88     bool isLocked() const;
89 
90     /** @brief Get the mount point for the filesystem on the LUKS device. */
91     std::string_view getMountPoint() const;
92 
93   private:
94     /** @brief Full path of the device file, e.g. /dev/mmcblk0. */
95     std::string devPath;
96 
97     /** @brief Name of the LUKS container. */
98     std::string containerName;
99 
100     /** @brief Mount point for the filesystem. */
101     std::string mountPoint;
102 
103     /** @brief Pointer to cryptsetup interface object.
104      *  @details This is used to mock out the cryptsetup functions.
105      */
106     std::unique_ptr<CryptsetupInterface> cryptIface;
107 
108     /** @brief Pointer to filesystem interface object.
109      *  @details This is used to mock out filesystem operations.
110      */
111     std::unique_ptr<FilesystemInterface> fsIface;
112 
113     /** @brief Format LUKS encrypted device.
114      *
115      *  @param[in] cd - initialized crypt_device struct for the device.
116      *  @param[in] password - password to set for the LUKS device.
117      */
118     void formatLuksDev(struct crypt_device* cd, std::vector<uint8_t> password);
119 
120     /** @brief Unlock the device.
121      *
122      *  @param[in] cd - initialized crypt_device struct for the device.
123      *  @param[in] password - password to activate the LUKS device.
124      */
125     void activateLuksDev(struct crypt_device* cd,
126                          std::vector<uint8_t> password);
127 
128     /** @brief Create the filesystem on the LUKS device.
129      *  @details The LUKS device should already be activated, i.e. unlocked.
130      */
131     void createFilesystem();
132 
133     /** @brief Deactivate the LUKS device.
134      *  @details The filesystem is assumed to be unmounted already.
135      */
136     void deactivateLuksDev();
137 
138     /** @brief Mount the filesystem.
139      *  @details The filesystem should already exist and the LUKS device should
140      *  be unlocked already.
141      */
142     void mountFilesystem();
143 
144     /** @brief Unmount the filesystem. */
145     void unmountFilesystem();
146 };
147 
148 } // namespace estoraged
149