eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-15 04:40:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Wipe all device signatures in luksFormat action.

Browse Source
This commit is contained in:
Ondrej Kozina
2018-07-04 16:14:59 +02:00
committed by Milan Broz
parent 30d109c0e9
commit 0f6b2cfd3d
1 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/cryptsetup.c
View File

@@ -921,7 +921,7 @@ static int action_luksFormat(void)
const char *header_device, *type; const char *header_device, *type;
char *msg = NULL, *key = NULL, *password = NULL; char *msg = NULL, *key = NULL, *password = NULL;
char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], integrity[MAX_CIPHER_LEN]; char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], integrity[MAX_CIPHER_LEN];
size_t passwordLen; size_t passwordLen, signatures;
struct crypt_device *cd = NULL; struct crypt_device *cd = NULL;
struct crypt_params_luks1 params1 = { struct crypt_params_luks1 params1 = {
.hash = opt_hash ?: DEFAULT_LUKS1_HASH, .hash = opt_hash ?: DEFAULT_LUKS1_HASH,
@@ -980,15 +980,19 @@ static int action_luksFormat(void)
header_device = opt_header_device ?: action_argv[0]; header_device = opt_header_device ?: action_argv[0];
/* Print all present signatures in read-only mode */
r = tools_detect_signatures(header_device, 0, &signatures);
if (r < 0)
return r;
r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device); r = asprintf(&msg, _("This will overwrite data on %s irrevocably."), header_device);
if (r == -1) { if (r == -1)
r = -ENOMEM; return -ENOMEM;
goto out;
}
r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL; r = yesDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
free(msg); free(msg);
if (r < 0) if (r < 0)
goto out; return r;
r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1), r = crypt_parse_name_and_mode(opt_cipher ?: DEFAULT_CIPHER(LUKS1),
cipher, NULL, cipher_mode); cipher, NULL, cipher_mode);
@@ -1014,7 +1018,7 @@ static int action_luksFormat(void)
if ((r = crypt_init(&cd, header_device))) { if ((r = crypt_init(&cd, header_device))) {
if (opt_header_device) if (opt_header_device)
log_err(_("Cannot use %s as on-disk header."), header_device); log_err(_("Cannot use %s as on-disk header."), header_device);
goto out; return r;
} }
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize; keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8 + integrity_keysize;
@@ -1042,6 +1046,10 @@ static int action_luksFormat(void)
goto out; goto out;
} }
/* Signature candidates found */
if (signatures && ((r = tools_wipe_all_signatures(header_device)) < 0))
goto out;
r = crypt_format(cd, type, cipher, cipher_mode, r = crypt_format(cd, type, cipher, cipher_mode,
opt_uuid, key, keysize, params); opt_uuid, key, keysize, params);
check_signal(&r); check_signal(&r);
@@ -1051,7 +1059,7 @@ static int action_luksFormat(void)
r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot, r = crypt_keyslot_add_by_volume_key(cd, opt_key_slot,
key, keysize, key, keysize,
password, passwordLen); password, passwordLen);
if (r < 0) if (r < 0) /* FIXME: call wipe signatures again */
goto out; goto out;
if (opt_integrity && !opt_integrity_no_wipe) if (opt_integrity && !opt_integrity_no_wipe)