Rewrite and export crypt_wipe function.

The crypt_wipe can be used to wipe any part of the device, and also to initialize integrity based device (to reset checksum).
2025-12-05 16:00:05 +01:00 · 2017-06-07 15:31:13 +02:00
parent c6408f4b31
commit 3a27c84d98
10 changed files with 359 additions and 177 deletions
--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
@@ -20,44 +20,15 @@
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */

-#include <stdio.h>
-#include <string.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#ifdef HAVE_SYS_SYSMACROS_H
-# include <sys/sysmacros.h>     /* for major, minor */
-#endif
 #include <fcntl.h>
-
-#include "libcryptsetup.h"
 #include "internal.h"

-#define MAXIMUM_WIPE_BYTES	1024 * 1024 * 32 /* 32 MiB */
-
-static ssize_t _crypt_wipe_zero(int fd, int bsize, char *buffer,
-				uint64_t offset, uint64_t size)
-{
-	memset(buffer, 0, size);
-	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
-}
-
-static ssize_t _crypt_wipe_random(int fd, int bsize, char *buffer,
-				  uint64_t offset, uint64_t size)
-{
-	if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
-		return -EINVAL;
-
-	return write_lseek_blockwise(fd, bsize, buffer, size, offset);
-}
-
 /*
 * Wipe using Peter Gutmann method described in
 * http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
+ * Note: used only for rotational device (and even there it is not needed today...)
 */
 static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
 {
@@ -75,28 +46,28 @@ static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
 		{"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
 	};

-	for(i = 0; i < buffer_size / 3; ++i) {
+	for (i = 0; i < buffer_size / 3; ++i) {
 		memcpy(buffer, write_modes[turn], 3);
 		buffer += 3;
 	}
 }

-static ssize_t _crypt_wipe_disk(int fd, int bsize, char *buffer,
-				uint64_t offset, uint64_t size)
+static int crypt_wipe_special(int fd, int bsize, char *buffer,
+			      uint64_t offset, size_t size)
 {
 	int r;
 	unsigned int i;
 	ssize_t written;

-	for(i = 0; i < 39; ++i) {
+	for (i = 0; i < 39; ++i) {
 		if (i <  5) {
 			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
-		} else if(i >=  5 && i < 32) {
+		} else if (i >=  5 && i < 32) {
 			wipeSpecial(buffer, size, i - 5);
 			r = 0;
-		} else if(i >= 32 && i < 38) {
+		} else if (i >= 32 && i < 38) {
 			r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
-		} else if(i >= 38 && i < 39) {
+		} else if (i >= 38 && i < 39) {
 			memset(buffer, 0xFF, size);
 			r = 0;
 		}
@@ -105,96 +76,178 @@ static ssize_t _crypt_wipe_disk(int fd, int bsize, char *buffer,

 		written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
 		if (written < 0 || written != (ssize_t)size)
-			return written;
+			return -EIO;
 	}

 	/* Rewrite it finally with random */
-	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
-}
-
-static ssize_t _crypt_wipe_ssd(int fd, int bsize, char *buffer,
-			       uint64_t offset, uint64_t size)
-{
-	// FIXME: for now just rewrite it by random
-	return _crypt_wipe_random(fd, bsize, buffer, offset, size);
-}
-
-int crypt_wipe(struct device *device,
-	       uint64_t offset,
-	       uint64_t size,
-	       crypt_wipe_type type,
-	       int exclusive)
-{
-	struct stat st;
-	char *buffer;
-	int devfd, flags, bsize;
-	ssize_t written;
-
-	if (!size || size % SECTOR_SIZE || (size > MAXIMUM_WIPE_BYTES)) {
-		log_dbg("Unsupported wipe size for device %s: %ld.",
-			device_path(device), (unsigned long)size);
-		return -EINVAL;
-	}
-
-	if (stat(device_path(device), &st) < 0) {
-		log_dbg("Device %s not found.", device_path(device));
-		return -EINVAL;
-	}
-
-	if (type == CRYPT_WIPE_DISK && S_ISBLK(st.st_mode)) {
-		if (!crypt_dev_is_rotational(major(st.st_rdev),
-						minor(st.st_rdev))) {
-			type = CRYPT_WIPE_SSD;
-			log_dbg("Non-rotational device, using SSD wipe mode.");
-		} else
-			log_dbg("Rotational device, using normal wipe mode.");
-	}
-
-	bsize = device_block_size(device);
-	if (bsize <= 0)
+	if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
 		return -EINVAL;

-	buffer = malloc(size);
-	if (!buffer)
-		return -ENOMEM;
-
-	flags = O_RDWR;
-
-	/* use O_EXCL only for block devices */
-	if (exclusive && S_ISBLK(st.st_mode))
-		flags |= O_EXCL;
-
-	/* coverity[toctou] */
-	devfd = device_open(device, flags);
-	if (devfd < 0) {
-		free(buffer);
-		return errno ? -errno : -EINVAL;
-	}
-
-	// FIXME: use fixed block size and loop here
-	switch (type) {
-		case CRYPT_WIPE_ZERO:
-			written = _crypt_wipe_zero(devfd, bsize, buffer, offset, size);
-			break;
-		case CRYPT_WIPE_DISK:
-			written = _crypt_wipe_disk(devfd, bsize, buffer, offset, size);
-			break;
-		case CRYPT_WIPE_SSD:
-			written = _crypt_wipe_ssd(devfd, bsize, buffer, offset, size);
-			break;
-		case CRYPT_WIPE_RANDOM:
-			written = _crypt_wipe_random(devfd, bsize, buffer, offset, size);
-			break;
-		default:
-			log_dbg("Unsupported wipe type requested: (%d)", type);
-			written = -1;
-	}
-
-	close(devfd);
-	free(buffer);
-
-	if (written != (ssize_t)size || written < 0)
+	written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
+	if (written < 0 || written != (ssize_t)size)
 		return -EIO;

 	return 0;
 }
+
+static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
+		      size_t device_block_size, size_t wipe_block_size,
+		      uint64_t offset, bool *need_block_init)
+{
+	int r;
+
+	if (pattern == CRYPT_WIPE_SPECIAL)
+		return crypt_wipe_special(devfd, device_block_size, sf, offset, wipe_block_size);
+
+	if (*need_block_init) {
+		if (pattern == CRYPT_WIPE_ZERO) {
+			memset(sf, 0, wipe_block_size);
+			*need_block_init = false;
+			r = 0;
+		} else if (pattern == CRYPT_WIPE_RANDOM) {
+			r = crypt_random_get(NULL, sf, wipe_block_size, CRYPT_RND_NORMAL);
+			*need_block_init = true;
+		} else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
+			// FIXME
+			r = crypt_random_get(NULL, sf, wipe_block_size, CRYPT_RND_NORMAL);
+			*need_block_init = true;
+		} else
+			r = -EINVAL;
+
+		if (r)
+			return r;
+	}
+
+	if (write_blockwise(devfd, device_block_size, sf, wipe_block_size) == (ssize_t)wipe_block_size)
+		return 0;
+
+	return -EIO;
+}
+
+int crypt_wipe_device(struct crypt_device *cd,
+	struct device *device,
+	crypt_wipe_pattern pattern,
+	uint64_t offset,
+	uint64_t length,
+	size_t wipe_block_size,
+	int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+	void *usrptr)
+{
+	int r, devfd = -1, bsize;
+	char *sf = NULL;
+	uint64_t dev_size;
+	bool need_block_init = true;
+
+	/* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */
+	bsize = device_block_size(device);
+	if ((bsize <= 0) || (wipe_block_size < (size_t)bsize))
+		return -EINVAL;
+
+	/* Everything must be aligned to SECTOR_SIZE */
+	if ((offset % SECTOR_SIZE) || (length % SECTOR_SIZE) || (wipe_block_size % SECTOR_SIZE))
+		return -EINVAL;
+
+	devfd = device_open(device, O_RDWR);
+	if (devfd < 0)
+		return errno ? -errno : -EINVAL;
+
+	r = device_size(device, &dev_size);
+	if (r)
+		goto out;
+
+	if (length) {
+		if ((dev_size <= offset) || (dev_size - offset) < length) {
+			r = -EINVAL;
+			goto out;
+		}
+		dev_size = offset + length;
+	}
+
+	r = posix_memalign((void **)&sf, crypt_getpagesize(), wipe_block_size);
+	if (r)
+		goto out;
+
+	if (lseek64(devfd, offset, SEEK_SET) < 0) {
+		log_err(cd, "Cannot seek to device offset.\n");
+		r = -EIO;
+		goto out;
+	}
+
+	if (progress && progress(dev_size, offset, usrptr)) {
+		r = -EINTR;
+		goto out;
+	}
+
+	if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
+		log_dbg("Non-rotational device, using random data wipe mode.");
+		pattern = CRYPT_WIPE_RANDOM;
+	}
+
+	while (offset < dev_size) {
+		if ((offset + wipe_block_size) > dev_size)
+			wipe_block_size = dev_size - offset;
+
+		//log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size);
+
+		r = wipe_block(devfd, pattern, sf, bsize, wipe_block_size, offset, &need_block_init);
+		if (r) {
+			log_err(cd, "Device wipe error, offset %" PRIu64 ".\n", offset);
+			break;
+		}
+
+		offset += wipe_block_size;
+
+		if (progress && progress(dev_size, offset, usrptr)) {
+			r = -EINTR;
+			break;
+		}
+	}
+
+	fsync(devfd);
+out:
+	close(devfd);
+	free(sf);
+	return r;
+}
+
+int crypt_wipe(struct crypt_device *cd,
+	const char *dev_path,
+	crypt_wipe_pattern pattern,
+	uint64_t offset,
+	uint64_t length,
+	size_t wipe_block_size,
+	uint32_t flags,
+	int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+	void *usrptr)
+{
+	struct device *device;
+	int r;
+
+	if (!cd)
+		return -EINVAL;
+
+	if (!dev_path)
+		device = crypt_data_device(cd);
+	else {
+		r = device_alloc(&device, dev_path);
+		if (r < 0)
+			return r;
+
+		if (flags & CRYPT_WIPE_NO_DIRECT_IO)
+			device_disable_direct_io(device);
+	}
+
+	if (!wipe_block_size)
+		wipe_block_size = 1024*1024;
+
+	log_dbg("Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
+		(unsigned)pattern, device_path(device), offset, length, wipe_block_size);
+
+	r = crypt_wipe_device(cd, device, pattern, offset, length,
+			      wipe_block_size, progress, usrptr);
+
+	if (dev_path)
+		device_free(device);
+
+	return r;
+}