Change ownership of handle to eStorageD object
Clients used to create both the CryptHandle and the eStorageD objects
using the same information. Then the client would pass the CryptHandle
into eStorageD methods in order to perform crypto methods. This change
creates the CryptHandle closer to where it is used. This makes the code
simpler and easier to understand.
Tested:
busctl call xyz.openbmc_project.eStoraged.mmcblk0 \
> /xyz/openbmc_project/inventory/storage/mmcblk0 \
> xyz.openbmc_project.Inventory.Item.Volume FormatLuks ays 3 1 2 3 \
> xyz.openbmc_project.Inventory.Item.Volume.FilesystemType.ext4 \
> --timeout=60
Change-Id: I276e97146f4498191eb19512bc244a1e8d9cd2cb
Signed-off-by: John Edward Broadbent <jebr@google.com>
diff --git a/include/cryptsetupInterface.hpp b/include/cryptsetupInterface.hpp
index 0fb0c32..5942b60 100644
--- a/include/cryptsetupInterface.hpp
+++ b/include/cryptsetupInterface.hpp
@@ -7,6 +7,7 @@
#include <xyz/openbmc_project/Common/error.hpp>
#include <string>
+#include <string_view>
namespace estoraged
{
@@ -222,7 +223,7 @@
*
* @param[in] device - path to device file
*/
- explicit CryptHandle(const char* device) : handle(init(device))
+ explicit CryptHandle(const std::string_view& device) : handle(init(device))
{}
/** @brief Get a pointer to the crypt_device struct. */
@@ -244,10 +245,10 @@
*
* @param[in] device - path to device file
*/
- struct crypt_device* init(const char* device)
+ struct crypt_device* init(const std::string_view& device)
{
struct crypt_device* cryptDev = nullptr;
- int retval = crypt_init(&cryptDev, device);
+ int retval = crypt_init(&cryptDev, device.data());
if (retval < 0)
{
lg2::error("Failed to crypt_init", "REDFISH_MESSAGE_ID",
diff --git a/include/estoraged.hpp b/include/estoraged.hpp
index c160fb1..41b589c 100644
--- a/include/estoraged.hpp
+++ b/include/estoraged.hpp
@@ -132,18 +132,15 @@
/** @brief Format LUKS encrypted device.
*
- * @param[in] cd - initialized crypt_device struct for the device.
* @param[in] password - password to set for the LUKS device.
*/
- void formatLuksDev(struct crypt_device* cd, std::vector<uint8_t> password);
+ void formatLuksDev(std::vector<uint8_t> password);
/** @brief Unlock the device.
*
- * @param[in] cd - initialized crypt_device struct for the device.
* @param[in] password - password to activate the LUKS device.
*/
- void activateLuksDev(struct crypt_device* cd,
- std::vector<uint8_t> password);
+ void activateLuksDev(std::vector<uint8_t> password);
/** @brief Create the filesystem on the LUKS device.
* @details The LUKS device should already be activated, i.e. unlocked.
diff --git a/src/erase/cryptoErase.cpp b/src/erase/cryptoErase.cpp
index 426ba01..530ed8d 100644
--- a/src/erase/cryptoErase.cpp
+++ b/src/erase/cryptoErase.cpp
@@ -26,7 +26,7 @@
void CryptErase::doErase()
{
/* get cryptHandle */
- CryptHandle cryptHandle(std::string(devPath).c_str());
+ CryptHandle cryptHandle{devPath};
/* cryptLoad */
if (cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr) != 0)
{
diff --git a/src/estoraged.cpp b/src/estoraged.cpp
index c1ac2fd..6ea2cb2 100644
--- a/src/estoraged.cpp
+++ b/src/estoraged.cpp
@@ -102,10 +102,8 @@
throw UnsupportedRequest();
}
- CryptHandle cryptHandle(devPath.c_str());
-
- formatLuksDev(cryptHandle.get(), password);
- activateLuksDev(cryptHandle.get(), password);
+ formatLuksDev(password);
+ activateLuksDev(password);
createFilesystem();
mountFilesystem();
@@ -187,9 +185,7 @@
std::string msg = "OpenBMC.0.1.DriveUnlock";
lg2::info("Starting unlock", "REDFISH_MESSAGE_ID", msg);
- CryptHandle cryptHandle(devPath.c_str());
-
- activateLuksDev(cryptHandle.get(), std::move(password));
+ activateLuksDev(std::move(password));
mountFilesystem();
}
@@ -211,8 +207,7 @@
return mountPoint;
}
-void EStoraged::formatLuksDev(struct crypt_device* cd,
- std::vector<uint8_t> password)
+void EStoraged::formatLuksDev(std::vector<uint8_t> password)
{
lg2::info("Formatting device {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
std::string("OpenBMC.0.1.FormatLuksDev"));
@@ -226,11 +221,15 @@
std::string("OpenBMC.0.1.FormatLuksDevFail"));
throw InternalFailure();
}
+
+ /* Create the handle. */
+ CryptHandle cryptHandle(devPath);
+
/* Format the LUKS encrypted device. */
- int retval =
- cryptIface->cryptFormat(cd, CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
- reinterpret_cast<const char*>(volumeKey.data()),
- volumeKey.size(), nullptr);
+ int retval = cryptIface->cryptFormat(
+ cryptHandle.get(), CRYPT_LUKS2, "aes", "xts-plain64", nullptr,
+ reinterpret_cast<const char*>(volumeKey.data()), volumeKey.size(),
+ nullptr);
if (retval < 0)
{
lg2::error("Failed to format encrypted device: {RETVAL}", "RETVAL",
@@ -244,7 +243,7 @@
/* Set the password. */
retval = cryptIface->cryptKeyslotAddByVolumeKey(
- cd, CRYPT_ANY_SLOT, nullptr, 0,
+ cryptHandle.get(), CRYPT_ANY_SLOT, nullptr, 0,
reinterpret_cast<const char*>(password.data()), password.size());
if (retval < 0)
@@ -259,13 +258,15 @@
std::string("OpenBMC.0.1.FormatLuksDevSuccess"));
}
-void EStoraged::activateLuksDev(struct crypt_device* cd,
- std::vector<uint8_t> password)
+void EStoraged::activateLuksDev(std::vector<uint8_t> password)
{
lg2::info("Activating LUKS dev {DEV}", "DEV", devPath, "REDFISH_MESSAGE_ID",
std::string("OpenBMC.0.1.ActivateLuksDev"));
- int retval = cryptIface->cryptLoad(cd, CRYPT_LUKS2, nullptr);
+ /* Create the handle. */
+ CryptHandle cryptHandle(devPath);
+
+ int retval = cryptIface->cryptLoad(cryptHandle.get(), CRYPT_LUKS2, nullptr);
if (retval < 0)
{
lg2::error("Failed to load LUKS header: {RETVAL}", "RETVAL", retval,
@@ -275,7 +276,7 @@
}
retval = cryptIface->cryptActivateByPassphrase(
- cd, containerName.c_str(), CRYPT_ANY_SLOT,
+ cryptHandle.get(), containerName.c_str(), CRYPT_ANY_SLOT,
reinterpret_cast<const char*>(password.data()), password.size(), 0);
if (retval < 0)