Implement the changePassword method

With this commit, it is now possible to change the password for the
LUKS-encrypted volume, using the changePassword D-Bus method for
eStoraged.

Tested:
$ busctl call xyz.openbmc_project.eStoraged \
  /xyz/openbmc_project/inventory/storage/mmcblk0 \
  xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \
  xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \
  --timeout=60
$ busctl call xyz.openbmc_project.eStoraged \
  /xyz/openbmc_project/inventory/storage/mmcblk0 \
  xyz.openbmc_project.Inventory.Item.Volume ChangePassword \
  ayay 3 1 2 3 3 4 5 6
$ busctl call xyz.openbmc_project.eStoraged \
  /xyz/openbmc_project/inventory/storage/mmcblk0 \
  xyz.openbmc_project.Inventory.Item.Volume Lock
Attempted to unlock using the old password. It failed as expected.
$ busctl call xyz.openbmc_project.eStoraged \
  /xyz/openbmc_project/inventory/storage/mmcblk0 \
  xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 1 2 3
Unlocked with the new password
$ busctl call xyz.openbmc_project.eStoraged \
  /xyz/openbmc_project/inventory/storage/mmcblk0 \
  xyz.openbmc_project.Inventory.Item.Volume Unlock ay 3 4 5 6

Signed-off-by: John Wedig <johnwedig@google.com>
Change-Id: If1395fb04f51b1fb1a3d26731422d21476205207
diff --git a/src/estoraged.cpp b/src/estoraged.cpp
index 0b93b3b..ef3bd63 100644
--- a/src/estoraged.cpp
+++ b/src/estoraged.cpp
@@ -234,12 +234,28 @@
     mountFilesystem();
 }
 
-void EStoraged::changePassword(const std::vector<uint8_t>& /*oldPassword*/,
-                               const std::vector<uint8_t>& /*newPassword*/)
+void EStoraged::changePassword(const std::vector<uint8_t>& oldPassword,
+                               const std::vector<uint8_t>& newPassword)
 {
-    std::cerr << "Changing password for encrypted eMMC" << std::endl;
     lg2::info("Starting change password", "REDFISH_MESSAGE_ID",
               std::string("OpenBMC.0.1.DrivePasswordChanged"));
+
+    CryptHandle cryptHandle = loadLuksHeader();
+
+    int retval = cryptIface->cryptKeyslotChangeByPassphrase(
+        cryptHandle.get(), CRYPT_ANY_SLOT, CRYPT_ANY_SLOT,
+        reinterpret_cast<const char*>(oldPassword.data()), oldPassword.size(),
+        reinterpret_cast<const char*>(newPassword.data()), newPassword.size());
+    if (retval < 0)
+    {
+        lg2::error("Failed to change password", "REDFISH_MESSAGE_ID",
+                   std::string("OpenBMC.0.1.DrivePasswordChangeFail"));
+        throw InternalFailure();
+    }
+
+    lg2::info("Successfully changed password for {DEV}", "DEV", devPath,
+              "REDFISH_MESSAGE_ID",
+              std::string("OpenBMC.0.1.DrivePasswordChangeSuccess"));
 }
 
 bool EStoraged::isLocked() const
diff --git a/src/test/estoraged_test.cpp b/src/test/estoraged_test.cpp
index 0bbb32b..9fde533 100644
--- a/src/test/estoraged_test.cpp
+++ b/src/test/estoraged_test.cpp
@@ -452,4 +452,46 @@
     EXPECT_FALSE(esObject->isLocked());
 }
 
+/* Test case where we successfully change the password. */
+TEST_F(EStoragedTest, ChangePasswordSuccess)
+{
+    std::string newPasswordString("newPassword");
+    std::vector<uint8_t> newPassword(newPasswordString.begin(),
+                                     newPasswordString.end());
+
+    EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+    EXPECT_CALL(*mockCryptIface,
+                cryptKeyslotChangeByPassphrase(
+                    _, _, _, reinterpret_cast<const char*>(password.data()),
+                    password.size(),
+                    reinterpret_cast<const char*>(newPassword.data()),
+                    newPassword.size()))
+        .WillOnce(Return(0));
+
+    /* Change the password for the LUKS-encrypted device. */
+    esObject->changePassword(password, newPassword);
+}
+
+/* Test case where we fail to change the password. */
+TEST_F(EStoragedTest, ChangePasswordFail)
+{
+    std::string newPasswordString("newPassword");
+    std::vector<uint8_t> newPassword(newPasswordString.begin(),
+                                     newPasswordString.end());
+
+    EXPECT_CALL(*mockCryptIface, cryptLoad(_, _, _)).Times(1);
+
+    EXPECT_CALL(*mockCryptIface,
+                cryptKeyslotChangeByPassphrase(
+                    _, _, _, reinterpret_cast<const char*>(password.data()),
+                    password.size(),
+                    reinterpret_cast<const char*>(newPassword.data()),
+                    newPassword.size()))
+        .WillOnce(Return(-1));
+
+    EXPECT_THROW(esObject->changePassword(password, newPassword),
+                 InternalFailure);
+}
+
 } // namespace estoraged_test
diff --git a/src/test/include/estoraged_test.hpp b/src/test/include/estoraged_test.hpp
index ebd9e11..6809c37 100644
--- a/src/test/include/estoraged_test.hpp
+++ b/src/test/include/estoraged_test.hpp
@@ -59,6 +59,12 @@
                  void* params),
                 (override));
 
+    MOCK_METHOD(int, cryptKeyslotChangeByPassphrase,
+                (struct crypt_device * cd, int keyslotOld, int keyslotNew,
+                 const char* passphrase, size_t passphraseSize,
+                 const char* newPassphrase, size_t newPassphraseSize),
+                (override));
+
     MOCK_METHOD(int, cryptActivateByPassphrase,
                 (struct crypt_device * cd, const char* name, int keyslot,
                  const char* passphrase, size_t passphrase_size,