Implement the changePassword method
With this commit, it is now possible to change the password for the
LUKS-encrypted volume, using the changePassword D-Bus method for
eStoraged.
Tested:
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \
xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \
--timeout=60
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume ChangePassword \
ayay 3 1 2 3 3 4 5 6
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Lock
Attempted to unlock using the old password. It failed as expected.
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 1 2 3
Unlocked with the new password
$ busctl call xyz.openbmc_project.eStoraged \
/xyz/openbmc_project/inventory/storage/mmcblk0 \
xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 4 5 6
Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: If1395fb04f51b1fb1a3d26731422d21476205207
diff --git a/src/estoraged.cpp b/src/estoraged.cpp
index 0b93b3b..ef3bd63 100644
--- a/src/estoraged.cpp
+++ b/src/estoraged.cpp
@@ -234,12 +234,28 @@
mountFilesystem();
}
-void EStoraged::changePassword(const std::vector<uint8_t>& /*oldPassword*/,
- const std::vector<uint8_t>& /*newPassword*/)
+void EStoraged::changePassword(const std::vector<uint8_t>& oldPassword,
+ const std::vector<uint8_t>& newPassword)
{
- std::cerr << "Changing password for encrypted eMMC" << std::endl;
lg2::info("Starting change password", "REDFISH_MESSAGE_ID",
std::string("OpenBMC.0.1.DrivePasswordChanged"));
+
+ CryptHandle cryptHandle = loadLuksHeader();
+
+ int retval = cryptIface->cryptKeyslotChangeByPassphrase(
+ cryptHandle.get(), CRYPT_ANY_SLOT, CRYPT_ANY_SLOT,
+ reinterpret_cast<const char*>(oldPassword.data()), oldPassword.size(),
+ reinterpret_cast<const char*>(newPassword.data()), newPassword.size());
+ if (retval < 0)
+ {
+ lg2::error("Failed to change password", "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.DrivePasswordChangeFail"));
+ throw InternalFailure();
+ }
+
+ lg2::info("Successfully changed password for {DEV}", "DEV", devPath,
+ "REDFISH_MESSAGE_ID",
+ std::string("OpenBMC.0.1.DrivePasswordChangeSuccess"));
}
bool EStoraged::isLocked() const
diff --git a/src/test/estoraged_test.cpp b/src/test/estoraged_test.cpp
index 0bbb32b..9fde533 100644
--- a/src/test/estoraged_test.cpp
+++ b/src/test/estoraged_test.cpp
@@ -452,4 +452,46 @@
EXPECT_FALSE(esObject->isLocked());
}
+/* Test case where we successfully change the password. */
+TEST_F(EStoragedTest, ChangePasswordSuccess)
+{
+ std::string newPasswordString("newPassword");
+ std::vector<uint8_t> newPassword(newPasswordString.begin(),
+ newPasswordString.end());
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface,
+ cryptKeyslotChangeByPassphrase(
+ _, _, _, reinterpret_cast<const char*>(password.data()),
+ password.size(),
+ reinterpret_cast<const char*>(newPassword.data()),
+ newPassword.size()))
+ .WillOnce(Return(0));
+
+ /* Change the password for the LUKS-encrypted device. */
+ esObject->changePassword(password, newPassword);
+}
+
+/* Test case where we fail to change the password. */
+TEST_F(EStoragedTest, ChangePasswordFail)
+{
+ std::string newPasswordString("newPassword");
+ std::vector<uint8_t> newPassword(newPasswordString.begin(),
+ newPasswordString.end());
+
+ EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+ EXPECT_CALL(*mockCryptIface,
+ cryptKeyslotChangeByPassphrase(
+ _, _, _, reinterpret_cast<const char*>(password.data()),
+ password.size(),
+ reinterpret_cast<const char*>(newPassword.data()),
+ newPassword.size()))
+ .WillOnce(Return(-1));
+
+ EXPECT_THROW(esObject->changePassword(password, newPassword),
+ InternalFailure);
+}
+
} // namespace estoraged_test
diff --git a/src/test/include/estoraged_test.hpp b/src/test/include/estoraged_test.hpp
index ebd9e11..6809c37 100644
--- a/src/test/include/estoraged_test.hpp
+++ b/src/test/include/estoraged_test.hpp
@@ -59,6 +59,12 @@
void* params),
(override));
+ MOCK_METHOD(int, cryptKeyslotChangeByPassphrase,
+ (struct crypt_device * cd, int keyslotOld, int keyslotNew,
+ const char* passphrase, size_t passphraseSize,
+ const char* newPassphrase, size_t newPassphraseSize),
+ (override));
+
MOCK_METHOD(int, cryptActivateByPassphrase,
(struct crypt_device * cd, const char* name, int keyslot,
const char* passphrase, size_t passphrase_size,