eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-17 22:00:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement erase command.

Browse Source
This commit is contained in:
Milan Broz
2014-02-05 17:17:12 +01:00
parent 75c105f853
commit cf534f3759
3 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
man/cryptsetup.8
View File

@@ -298,6 +298,15 @@ last remaining passphrase from a LUKS container. Removing
the last passphrase makes the LUKS container permanently the last passphrase makes the LUKS container permanently
inaccessible. inaccessible.
.PP .PP
\fIerase\fR <device>
.br
\fIluksErase\fR <device>
.IP
Erase all keyslots and make the LUKS container permanently inaccessible.
You do not need to provide any password for this operation.
\fBWARNING:\fR This operation is irreversible.
.PP
\fIluksUUID\fR <device> \fIluksUUID\fR <device>
.IP .IP
Print the UUID of a LUKS device. Print the UUID of a LUKS device.

45
src/cryptsetup.c
View File

@@ -1269,6 +1269,47 @@ args:
return -EINVAL; return -EINVAL;
} }
static int action_luksErase(void)
{
struct crypt_device *cd = NULL;
crypt_keyslot_info ki;
char *msg = NULL;
int i, r;
if ((r = crypt_init(&cd, uuid_or_device(action_argv[0]))))
goto out;
crypt_set_confirm_callback(cd, yesDialog, NULL);
if ((r = crypt_load(cd, CRYPT_LUKS1, NULL)))
goto out;
if(asprintf(&msg, _("This operation will erase all keyslots on device %s.\n"
"Device will become unusable after this operation."),
uuid_or_device(action_argv[0])) == -1) {
r = -ENOMEM;
goto out;
}
if (!yesDialog(msg, NULL)) {
r = -EPERM;
goto out;
}
for (i = 0; i < crypt_keyslot_max(CRYPT_LUKS1); i++) {
ki = crypt_keyslot_status(cd, i);
if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST) {
r = crypt_keyslot_destroy(cd, i);
if (r < 0)
goto out;
}
}
out:
free(msg);
crypt_free(cd);
return r;
}
static struct action_type { static struct action_type {
const char *type; const char *type;
int (*handler)(void); int (*handler)(void);
@@ -1283,6 +1324,7 @@ static struct action_type {
{ "status", action_status, 1, 0, N_("<name>"), N_("show device status") }, { "status", action_status, 1, 0, N_("<name>"), N_("show device status") },
{ "benchmark", action_benchmark, 0, 0, N_("<name>"), N_("benchmark cipher") }, { "benchmark", action_benchmark, 0, 0, N_("<name>"), N_("benchmark cipher") },
{ "repair", action_luksRepair, 1, 1, N_("<device>"), N_("try to repair on-disk metadata") }, { "repair", action_luksRepair, 1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
{ "erase", action_luksErase , 1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
{ "luksFormat", action_luksFormat, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") }, { "luksFormat", action_luksFormat, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
{ "luksAddKey", action_luksAddKey, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") }, { "luksAddKey", action_luksAddKey, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
{ "luksRemoveKey",action_luksRemoveKey,1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") }, { "luksRemoveKey",action_luksRemoveKey,1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
@@ -1534,6 +1576,9 @@ int main(int argc, const char **argv)
!strcmp(aname, "loopaesClose") || !strcmp(aname, "loopaesClose") ||
!strcmp(aname, "tcryptClose")) { !strcmp(aname, "tcryptClose")) {
aname = "close"; aname = "close";
} else if (!strcmp(aname, "luksErase")) {
aname = "erase";
opt_type = "luks";
} }
for(action = action_types; action->type; action++) for(action = action_types; action->type; action++)

9
tests/compat-test
View File

@@ -546,5 +546,14 @@ $CRYPTSETUP -q repair $LOOPDEV >/dev/null 2>&1 || fail
$CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail $CRYPTSETUP luksOpen -d $KEY1 $LOOPDEV $DEV_NAME || fail
$CRYPTSETUP luksClose $DEV_NAME || fail $CRYPTSETUP luksClose $DEV_NAME || fail
prepare "[30] LUKS erase" wipe
$CRYPTSETUP -q luksFormat -i1 $LOOPDEV $KEY5 --key-slot 5 || fail
$CRYPTSETUP luksAddKey -S 1 -d $KEY5 $LOOPDEV $KEY1 || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: ENABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: ENABLED" || fail
$CRYPTSETUP luksErase -q $LOOPDEV || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 1: DISABLED" || fail
$CRYPTSETUP luksDump $LOOPDEV | grep -q "Key Slot 5: DISABLED" || fail
remove_mapping remove_mapping
exit 0 exit 0