From 1f15f43355192998513caac5249fc1f5300a8c90 Mon Sep 17 00:00:00 2001
From: Harshad Sonde <harshad.sonde@windriver.com>
Date: Mon, 11 Sep 2023 07:22:50 -0400
Subject: [PATCH] Generate Passphrase for LUKS service

Implementation of auto-generation of passphrase
Code is extensible to accomodate changes of
SGX, TPM based passphrase generation code in
future.
Current implementaion is done on the basis of HWID.
It is combination of system-uuid +
baseboard-serial-number + chassis-serial-number.

TestPlan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: build-image
PASSED: Installed binary on AIO-SX
PASSED: luks-fs-mr.service is up and running

Story: 2010872
Task: 48770

Change-Id: I1486db23d02fc0dcb3a4439f81ea774cf9032284
Signed-off-by: Harshad Sonde <harshad.sonde@windriver.com>
---
 filesystem/luks/debian/meta_data.yaml         |   4 +-
 filesystem/luks/src/encryption/Makefile       |   8 +-
 .../src/encryption/PassphraseGenerator.cpp    | 115 ++++++++++++++++++
 .../luks/src/encryption/PassphraseGenerator.h |  37 ++++++
 4 files changed, 160 insertions(+), 4 deletions(-)
 create mode 100644 filesystem/luks/src/encryption/PassphraseGenerator.cpp
 create mode 100644 filesystem/luks/src/encryption/PassphraseGenerator.h

diff --git a/filesystem/luks/debian/meta_data.yaml b/filesystem/luks/debian/meta_data.yaml
index 99828aaa4..c216cb15d 100644
--- a/filesystem/luks/debian/meta_data.yaml
+++ b/filesystem/luks/debian/meta_data.yaml
@@ -3,4 +3,6 @@ debver: 1.0
 src_path: src
 revision:
   dist: $STX_DIST
-  PKG_GITREVCOUNT: true
+  GITREVCOUNT:
+    BASE_SRCREV: f1a536ad8ff52dc5eb6d74407dde1a6d70e6d6e9
+    SRC_DIR: ${MY_REPO}/stx/integ/filesystem/luks
diff --git a/filesystem/luks/src/encryption/Makefile b/filesystem/luks/src/encryption/Makefile
index 2e7dc761e..ab0a0dd52 100644
--- a/filesystem/luks/src/encryption/Makefile
+++ b/filesystem/luks/src/encryption/Makefile
@@ -7,12 +7,14 @@
 SHELL = /bin/bash
 
 CFLAGS = -Wall -Wextra -g -Werror -std=c++11
-LIBS = -lstdc++ -lstdc++ -ljson-c
+LIBS = -lstdc++ -ljson-c
 INCLUDES = -I.
 
 CC=g++
 
-SRC = luks-fs-mgr.cpp
+SRC = PassphraseGenerator.cpp luks-fs-mgr.cpp
+COMMON_OBJS = PassphraseGenerator.o
+OBJS = $(SRCS:.cpp=.o)
 EXECUTABLE = luks-fs-mgr
 
 .PHONY: all clean
@@ -20,7 +22,7 @@ EXECUTABLE = luks-fs-mgr
 all: $(EXECUTABLE)
 
 $(EXECUTABLE): $(SRC)
-	$(CC) $(CFLAGS) -o $@ $< $(LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) -o $@ $^ $(LIBS)
 
 clean:
 	rm -f $(EXECUTABLE) *.o
diff --git a/filesystem/luks/src/encryption/PassphraseGenerator.cpp b/filesystem/luks/src/encryption/PassphraseGenerator.cpp
new file mode 100644
index 000000000..47fb14db9
--- /dev/null
+++ b/filesystem/luks/src/encryption/PassphraseGenerator.cpp
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2023 Wind River Systems, Inc.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+ */
+
+/**
+  * @SourceFile
+  * Passphrase Generator.
+  *
+  */
+
+#include <string>
+#include <unistd.h>
+#include <memory>
+#include "PassphraseGenerator.h"
+using namespace std;
+
+
+// HWID passphrase generator
+class HWIDPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+      // Implementation of HWID-based passphrase generation
+      try {
+
+        string system_uuid, baseboard_serial, chassis_serial;
+
+        if (!runCmd("dmidecode -s system-uuid", system_uuid))
+            throw runtime_error("system_uuid: Command execution failed.");
+        if (!runCmd("dmidecode -s baseboard-serial-number", baseboard_serial))
+            throw runtime_error("baseboard-serial: Command execution failed.");
+        if (!runCmd("dmidecode -s chassis-serial-number", chassis_serial))
+            throw runtime_error("chassis-serial: Command execution failed.");
+
+        string concat_string = system_uuid + baseboard_serial +
+                                     chassis_serial;
+
+        // Generate SHA for the concatenated output string.
+
+        if (!runCmd("echo -n \"" + concat_string + "\" | sha256sum",
+                     shaPhrase))
+            throw runtime_error("SHA256 execution failed.");
+
+        return true;
+      } catch (const exception &ex) {
+        cerr << "Error: " << ex.what() << endl;
+        return false;
+      }
+    }
+
+ private:
+    bool runCmd(const string &cmd, string &result) {
+       const int MAX_BUF = 256;
+       char buf[MAX_BUF];
+       result = "";
+
+       FILE *fstream = popen(cmd.c_str(), "r");
+       if (!fstream)
+           return false;
+
+       if (fstream) {
+           while (!feof(fstream)) {
+               if (fgets(buf, MAX_BUF, fstream) != NULL)
+                     result.append(buf);
+           }
+           pclose(fstream);
+       }
+       if (!result.empty())
+              result = result.substr(0, result.size() - 1);
+    return true;
+    }
+};
+
+
+// SGX passphrase generator
+class SGXPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+        // Implement SGX-based passphrase generation
+        // Replace this with actual generated passphrase
+        return "sgx_generated_passphrase";
+    }
+};
+
+// TPM passphrase generator
+class TPMPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+        // Implement TPM-based passphrase generation
+        // Replace this with actual generated passphrase
+        return "tpm_generated_passphrase";
+    }
+};
+
+
+unique_ptr<PassphraseGenerator> PassphraseGeneratorFactory
+    ::createPassphraseGenerator(PassphraseMechanism mechanism) {
+        switch (mechanism) {
+            case HWID_Firmware:
+                return std::unique_ptr<HWIDPassphraseGenerator>(new
+                                       HWIDPassphraseGenerator());
+            case SGX_EncryptedFile:
+                return std::unique_ptr<SGXPassphraseGenerator>(new
+                                       SGXPassphraseGenerator());
+            case TPM_EncryptedFile:
+                return std::unique_ptr<TPMPassphraseGenerator>(new
+                                       TPMPassphraseGenerator());
+            default:
+                return std::unique_ptr<HWIDPassphraseGenerator>(new
+                                       HWIDPassphraseGenerator());
+        }
+}
+
diff --git a/filesystem/luks/src/encryption/PassphraseGenerator.h b/filesystem/luks/src/encryption/PassphraseGenerator.h
new file mode 100644
index 000000000..0cabf4954
--- /dev/null
+++ b/filesystem/luks/src/encryption/PassphraseGenerator.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2023 Wind River Systems, Inc.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+ */
+
+/**
+  * @Header File
+  * Passphrase Generator Header file.
+  *
+  */
+
+#ifndef PASSPHRASE_GENERATOR_H
+#define PASSPHRASE_GENERATOR_H
+
+#include <string>
+
+enum PassphraseMechanism {
+    HWID_Firmware,
+    SGX_EncryptedFile,
+    TPM_EncryptedFile
+};
+
+// PassphraseGenerator abstract class
+class PassphraseGenerator {
+ public:
+    virtual bool generatePassphrase(std::string &shaPhrase) = 0;
+};
+
+class PassphraseGeneratorFactory {
+ public:
+    static std::unique_ptr<PassphraseGenerator>
+           createPassphraseGenerator(PassphraseMechanism mechanism);
+};
+
+#endif  // PASSPHRASE_GENERATOR_H