xref: /openbmc/estoraged/include/estoraged.hpp (revision 605085a6319630441a71fecc897465b419675bf6) 
1 #pragma once
2 
3 #include "cryptsetupInterface.hpp"
4 #include "filesystemInterface.hpp"
5 
6 #include <libcryptsetup.h>
7 
8 #include <sdbusplus/bus.hpp>
9 #include <sdbusplus/exception.hpp>
10 #include <sdbusplus/server/object.hpp>
11 #include <util.hpp>
12 #include <xyz/openbmc_project/Inventory/Item/Drive/server.hpp>
13 #include <xyz/openbmc_project/Inventory/Item/Volume/server.hpp>
14 
15 #include <filesystem>
16 #include <memory>
17 #include <string>
18 #include <string_view>
19 #include <vector>
20 
21 namespace estoraged
22 {
23 using driveInherit = sdbusplus::server::object_t<
24     sdbusplus::xyz::openbmc_project::Inventory::Item::server::Drive>;
25 using eStoragedInherit = sdbusplus::server::object_t<
26     sdbusplus::xyz::openbmc_project::Inventory::Item::server::Volume>;
27 using estoraged::Cryptsetup;
28 using estoraged::Filesystem;
29 
30 /** @class eStoraged
31  *  @brief eStoraged object to manage a LUKS encrypted storage device.
32  */
33 class EStoraged : private eStoragedInherit, private driveInherit
34 {
35   public:
36     /** @brief Constructor for eStoraged
37      *
38      *  @param[in] bus - sdbusplus dbus object
39      *  @param[in] path - DBus object path
40      *  @param[in] devPath - path to device file, e.g. /dev/mmcblk0
41      *  @param[in] luksName - name for the LUKS container
42      *  @param[in] cryptInterface - (optional) pointer to CryptsetupInterface
43      *    object
44      *  @param[in] fsInterface - (optional) pointer to FilesystemInterface
45      *    object
46      */
47     EStoraged(sdbusplus::bus::bus& bus, const char* path,
48               const std::string& devPath, const std::string& luksName,
49               uint64_t size,
50               std::unique_ptr<CryptsetupInterface> cryptInterface =
51                   std::make_unique<Cryptsetup>(),
52               std::unique_ptr<FilesystemInterface> fsInterface =
53                   std::make_unique<Filesystem>()) :
54         eStoragedInherit(bus, path),
55         driveInherit(bus, path), devPath(devPath), containerName(luksName),
56         mountPoint("/mnt/" + luksName + "_fs"),
57         cryptIface(std::move(cryptInterface)), fsIface(std::move(fsInterface))
58     {
59         capacity(size);
60     }
61 
62     /** @brief Format the LUKS encrypted device and create empty filesystem.
63      *
64      *  @param[in] password - password to set for the LUKS device.
65      *  @param[in] type - filesystem type, e.g. ext4
66      */
67     void formatLuks(std::vector<uint8_t> password,
68                     FilesystemType type) override;
69 
70     /** @brief Erase the contents of the storage device.
71      *
72      *  @param[in] eraseType - type of erase operation.
73      */
74     void erase(EraseMethod eraseType) override;
75 
76     /** @brief Unmount filesystem and lock the LUKS device.
77      */
78     void lock() override;
79 
80     /** @brief Unlock device and mount the filesystem.
81      *
82      *  @param[in] password - password for the LUKS device.
83      */
84     void unlock(std::vector<uint8_t> password) override;
85 
86     /** @brief Change the password for the LUKS device.
87      *
88      *  @param[in] oldPassword - old password for the LUKS device.
89      *  @param[in] newPassword - new password for the LUKS device.
90      */
91     void changePassword(std::vector<uint8_t> oldPassword,
92                         std::vector<uint8_t> newPassword) override;
93 
94     /** @brief Check if the LUKS device is currently locked. */
95     bool isLocked() const;
96 
97     /** @brief Get the mount point for the filesystem on the LUKS device. */
98     std::string_view getMountPoint() const;
99 
100   private:
101     /** @brief Full path of the device file, e.g. /dev/mmcblk0. */
102     std::string devPath;
103 
104     /** @brief Name of the LUKS container. */
105     std::string containerName;
106 
107     /** @brief Mount point for the filesystem. */
108     std::string mountPoint;
109 
110     /** @brief Pointer to cryptsetup interface object.
111      *  @details This is used to mock out the cryptsetup functions.
112      */
113     std::unique_ptr<CryptsetupInterface> cryptIface;
114 
115     /** @brief Pointer to filesystem interface object.
116      *  @details This is used to mock out filesystem operations.
117      */
118     std::unique_ptr<FilesystemInterface> fsIface;
119 
120     /** @brief Format LUKS encrypted device.
121      *
122      *  @param[in] cd - initialized crypt_device struct for the device.
123      *  @param[in] password - password to set for the LUKS device.
124      */
125     void formatLuksDev(struct crypt_device* cd, std::vector<uint8_t> password);
126 
127     /** @brief Unlock the device.
128      *
129      *  @param[in] cd - initialized crypt_device struct for the device.
130      *  @param[in] password - password to activate the LUKS device.
131      */
132     void activateLuksDev(struct crypt_device* cd,
133                          std::vector<uint8_t> password);
134 
135     /** @brief Create the filesystem on the LUKS device.
136      *  @details The LUKS device should already be activated, i.e. unlocked.
137      */
138     void createFilesystem();
139 
140     /** @brief Deactivate the LUKS device.
141      *  @details The filesystem is assumed to be unmounted already.
142      */
143     void deactivateLuksDev();
144 
145     /** @brief Mount the filesystem.
146      *  @details The filesystem should already exist and the LUKS device should
147      *  be unlocked already.
148      */
149     void mountFilesystem();
150 
151     /** @brief Unmount the filesystem. */
152     void unmountFilesystem();
153 };
154 
155 } // namespace estoraged
156