Generate Passphrase for LUKS service

Implementation of auto-generation of passphrase
Code is extensible to accomodate changes of
SGX, TPM based passphrase generation code in
future.
Current implementaion is done on the basis of HWID.
It is combination of system-uuid +
baseboard-serial-number + chassis-serial-number.

TestPlan:
PASSED: build-pkgs -c -p luks-fs-mgr
PASSED: build-image
PASSED: Installed binary on AIO-SX
PASSED: luks-fs-mr.service is up and running

Story: 2010872
Task: 48770

Change-Id: I1486db23d02fc0dcb3a4439f81ea774cf9032284
Signed-off-by: Harshad Sonde <harshad.sonde@windriver.com>

filesystem/luks/debian/meta_data.yaml

@@ -3,4 +3,6 @@ debver: 1.0
 src_path: src
 revision:
   dist: $STX_DIST
-  PKG_GITREVCOUNT: true
+  GITREVCOUNT:
+    BASE_SRCREV: f1a536ad8ff52dc5eb6d74407dde1a6d70e6d6e9
+    SRC_DIR: ${MY_REPO}/stx/integ/filesystem/luks

filesystem/luks/src/encryption/Makefile

@@ -7,12 +7,14 @@
 SHELL = /bin/bash
 
 CFLAGS = -Wall -Wextra -g -Werror -std=c++11
-LIBS = -lstdc++ -lstdc++ -ljson-c
+LIBS = -lstdc++ -ljson-c
 INCLUDES = -I.
 
 CC=g++
 
-SRC = luks-fs-mgr.cpp
+SRC = PassphraseGenerator.cpp luks-fs-mgr.cpp
+COMMON_OBJS = PassphraseGenerator.o
+OBJS = $(SRCS:.cpp=.o)
 EXECUTABLE = luks-fs-mgr
 
 .PHONY: all clean
@@ -20,7 +22,7 @@ EXECUTABLE = luks-fs-mgr
 all: $(EXECUTABLE)
 
 $(EXECUTABLE): $(SRC)
-	$(CC) $(CFLAGS) -o $@ $< $(LIBS)
+	$(CC) $(CFLAGS) $(INCLUDES) -o $@ $^ $(LIBS)
 
 clean:
 	rm -f $(EXECUTABLE) *.o

filesystem/luks/src/encryption/PassphraseGenerator.cpp

@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2023 Wind River Systems, Inc.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+ */
+
+/**
+  * @SourceFile
+  * Passphrase Generator.
+  *
+  */
+
+#include <string>
+#include <unistd.h>
+#include <memory>
+#include "PassphraseGenerator.h"
+using namespace std;
+
+
+// HWID passphrase generator
+class HWIDPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+      // Implementation of HWID-based passphrase generation
+      try {
+
+        string system_uuid, baseboard_serial, chassis_serial;
+
+        if (!runCmd("dmidecode -s system-uuid", system_uuid))
+            throw runtime_error("system_uuid: Command execution failed.");
+        if (!runCmd("dmidecode -s baseboard-serial-number", baseboard_serial))
+            throw runtime_error("baseboard-serial: Command execution failed.");
+        if (!runCmd("dmidecode -s chassis-serial-number", chassis_serial))
+            throw runtime_error("chassis-serial: Command execution failed.");
+
+        string concat_string = system_uuid + baseboard_serial +
+                                     chassis_serial;
+
+        // Generate SHA for the concatenated output string.
+
+        if (!runCmd("echo -n \"" + concat_string + "\" | sha256sum",
+                     shaPhrase))
+            throw runtime_error("SHA256 execution failed.");
+
+        return true;
+      } catch (const exception &ex) {
+        cerr << "Error: " << ex.what() << endl;
+        return false;
+      }
+    }
+
+ private:
+    bool runCmd(const string &cmd, string &result) {
+       const int MAX_BUF = 256;
+       char buf[MAX_BUF];
+       result = "";
+
+       FILE *fstream = popen(cmd.c_str(), "r");
+       if (!fstream)
+           return false;
+
+       if (fstream) {
+           while (!feof(fstream)) {
+               if (fgets(buf, MAX_BUF, fstream) != NULL)
+                     result.append(buf);
+           }
+           pclose(fstream);
+       }
+       if (!result.empty())
+              result = result.substr(0, result.size() - 1);
+    return true;
+    }
+};
+
+
+// SGX passphrase generator
+class SGXPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+        // Implement SGX-based passphrase generation
+        // Replace this with actual generated passphrase
+        return "sgx_generated_passphrase";
+    }
+};
+
+// TPM passphrase generator
+class TPMPassphraseGenerator : public PassphraseGenerator {
+ public:
+    bool generatePassphrase(string &shaPhrase) override {
+        // Implement TPM-based passphrase generation
+        // Replace this with actual generated passphrase
+        return "tpm_generated_passphrase";
+    }
+};
+
+
+unique_ptr<PassphraseGenerator> PassphraseGeneratorFactory
+    ::createPassphraseGenerator(PassphraseMechanism mechanism) {
+        switch (mechanism) {
+            case HWID_Firmware:
+                return std::unique_ptr<HWIDPassphraseGenerator>(new
+                                       HWIDPassphraseGenerator());
+            case SGX_EncryptedFile:
+                return std::unique_ptr<SGXPassphraseGenerator>(new
+                                       SGXPassphraseGenerator());
+            case TPM_EncryptedFile:
+                return std::unique_ptr<TPMPassphraseGenerator>(new
+                                       TPMPassphraseGenerator());
+            default:
+                return std::unique_ptr<HWIDPassphraseGenerator>(new
+                                       HWIDPassphraseGenerator());
+        }
+}
+

filesystem/luks/src/encryption/PassphraseGenerator.h

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2023 Wind River Systems, Inc.
+*
+* SPDX-License-Identifier: Apache-2.0
+*
+ */
+
+/**
+  * @Header File
+  * Passphrase Generator Header file.
+  *
+  */
+
+#ifndef PASSPHRASE_GENERATOR_H
+#define PASSPHRASE_GENERATOR_H
+
+#include <string>
+
+enum PassphraseMechanism {
+    HWID_Firmware,
+    SGX_EncryptedFile,
+    TPM_EncryptedFile
+};
+
+// PassphraseGenerator abstract class
+class PassphraseGenerator {
+ public:
+    virtual bool generatePassphrase(std::string &shaPhrase) = 0;
+};
+
+class PassphraseGeneratorFactory {
+ public:
+    static std::unique_ptr<PassphraseGenerator>
+           createPassphraseGenerator(PassphraseMechanism mechanism);
+};
+
+#endif  // PASSPHRASE_GENERATOR_H