Merge "Generate Passphrase for LUKS service"
This commit is contained in:
commit
fe9f2301b5
|
@ -3,4 +3,6 @@ debver: 1.0
|
|||
src_path: src
|
||||
revision:
|
||||
dist: $STX_DIST
|
||||
PKG_GITREVCOUNT: true
|
||||
GITREVCOUNT:
|
||||
BASE_SRCREV: f1a536ad8ff52dc5eb6d74407dde1a6d70e6d6e9
|
||||
SRC_DIR: ${MY_REPO}/stx/integ/filesystem/luks
|
||||
|
|
|
@ -7,12 +7,14 @@
|
|||
SHELL = /bin/bash
|
||||
|
||||
CFLAGS = -Wall -Wextra -g -Werror -std=c++11
|
||||
LIBS = -lstdc++ -lstdc++ -ljson-c
|
||||
LIBS = -lstdc++ -ljson-c
|
||||
INCLUDES = -I.
|
||||
|
||||
CC=g++
|
||||
|
||||
SRC = luks-fs-mgr.cpp
|
||||
SRC = PassphraseGenerator.cpp luks-fs-mgr.cpp
|
||||
COMMON_OBJS = PassphraseGenerator.o
|
||||
OBJS = $(SRCS:.cpp=.o)
|
||||
EXECUTABLE = luks-fs-mgr
|
||||
|
||||
.PHONY: all clean
|
||||
|
@ -20,7 +22,7 @@ EXECUTABLE = luks-fs-mgr
|
|||
all: $(EXECUTABLE)
|
||||
|
||||
$(EXECUTABLE): $(SRC)
|
||||
$(CC) $(CFLAGS) -o $@ $< $(LIBS)
|
||||
$(CC) $(CFLAGS) $(INCLUDES) -o $@ $^ $(LIBS)
|
||||
|
||||
clean:
|
||||
rm -f $(EXECUTABLE) *.o
|
||||
|
|
|
@ -0,0 +1,115 @@
|
|||
/*
|
||||
* Copyright (c) 2023 Wind River Systems, Inc.
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @SourceFile
|
||||
* Passphrase Generator.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <string>
|
||||
#include <unistd.h>
|
||||
#include <memory>
|
||||
#include "PassphraseGenerator.h"
|
||||
using namespace std;
|
||||
|
||||
|
||||
// HWID passphrase generator
|
||||
class HWIDPassphraseGenerator : public PassphraseGenerator {
|
||||
public:
|
||||
bool generatePassphrase(string &shaPhrase) override {
|
||||
// Implementation of HWID-based passphrase generation
|
||||
try {
|
||||
|
||||
string system_uuid, baseboard_serial, chassis_serial;
|
||||
|
||||
if (!runCmd("dmidecode -s system-uuid", system_uuid))
|
||||
throw runtime_error("system_uuid: Command execution failed.");
|
||||
if (!runCmd("dmidecode -s baseboard-serial-number", baseboard_serial))
|
||||
throw runtime_error("baseboard-serial: Command execution failed.");
|
||||
if (!runCmd("dmidecode -s chassis-serial-number", chassis_serial))
|
||||
throw runtime_error("chassis-serial: Command execution failed.");
|
||||
|
||||
string concat_string = system_uuid + baseboard_serial +
|
||||
chassis_serial;
|
||||
|
||||
// Generate SHA for the concatenated output string.
|
||||
|
||||
if (!runCmd("echo -n \"" + concat_string + "\" | sha256sum",
|
||||
shaPhrase))
|
||||
throw runtime_error("SHA256 execution failed.");
|
||||
|
||||
return true;
|
||||
} catch (const exception &ex) {
|
||||
cerr << "Error: " << ex.what() << endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
private:
|
||||
bool runCmd(const string &cmd, string &result) {
|
||||
const int MAX_BUF = 256;
|
||||
char buf[MAX_BUF];
|
||||
result = "";
|
||||
|
||||
FILE *fstream = popen(cmd.c_str(), "r");
|
||||
if (!fstream)
|
||||
return false;
|
||||
|
||||
if (fstream) {
|
||||
while (!feof(fstream)) {
|
||||
if (fgets(buf, MAX_BUF, fstream) != NULL)
|
||||
result.append(buf);
|
||||
}
|
||||
pclose(fstream);
|
||||
}
|
||||
if (!result.empty())
|
||||
result = result.substr(0, result.size() - 1);
|
||||
return true;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
// SGX passphrase generator
|
||||
class SGXPassphraseGenerator : public PassphraseGenerator {
|
||||
public:
|
||||
bool generatePassphrase(string &shaPhrase) override {
|
||||
// Implement SGX-based passphrase generation
|
||||
// Replace this with actual generated passphrase
|
||||
return "sgx_generated_passphrase";
|
||||
}
|
||||
};
|
||||
|
||||
// TPM passphrase generator
|
||||
class TPMPassphraseGenerator : public PassphraseGenerator {
|
||||
public:
|
||||
bool generatePassphrase(string &shaPhrase) override {
|
||||
// Implement TPM-based passphrase generation
|
||||
// Replace this with actual generated passphrase
|
||||
return "tpm_generated_passphrase";
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
unique_ptr<PassphraseGenerator> PassphraseGeneratorFactory
|
||||
::createPassphraseGenerator(PassphraseMechanism mechanism) {
|
||||
switch (mechanism) {
|
||||
case HWID_Firmware:
|
||||
return std::unique_ptr<HWIDPassphraseGenerator>(new
|
||||
HWIDPassphraseGenerator());
|
||||
case SGX_EncryptedFile:
|
||||
return std::unique_ptr<SGXPassphraseGenerator>(new
|
||||
SGXPassphraseGenerator());
|
||||
case TPM_EncryptedFile:
|
||||
return std::unique_ptr<TPMPassphraseGenerator>(new
|
||||
TPMPassphraseGenerator());
|
||||
default:
|
||||
return std::unique_ptr<HWIDPassphraseGenerator>(new
|
||||
HWIDPassphraseGenerator());
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
/*
|
||||
* Copyright (c) 2023 Wind River Systems, Inc.
|
||||
*
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* @Header File
|
||||
* Passphrase Generator Header file.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef PASSPHRASE_GENERATOR_H
|
||||
#define PASSPHRASE_GENERATOR_H
|
||||
|
||||
#include <string>
|
||||
|
||||
enum PassphraseMechanism {
|
||||
HWID_Firmware,
|
||||
SGX_EncryptedFile,
|
||||
TPM_EncryptedFile
|
||||
};
|
||||
|
||||
// PassphraseGenerator abstract class
|
||||
class PassphraseGenerator {
|
||||
public:
|
||||
virtual bool generatePassphrase(std::string &shaPhrase) = 0;
|
||||
};
|
||||
|
||||
class PassphraseGeneratorFactory {
|
||||
public:
|
||||
static std::unique_ptr<PassphraseGenerator>
|
||||
createPassphraseGenerator(PassphraseMechanism mechanism);
|
||||
};
|
||||
|
||||
#endif // PASSPHRASE_GENERATOR_H
|
Loading…
Reference in New Issue