mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-05 16:00:05 +01:00
3a27c84d98
The crypt_wipe can be used to wipe any part of the device, and also to initialize integrity based device (to reset checksum).
254 lines
6.6 KiB
C
254 lines
6.6 KiB
C
/*
|
|
* utils_wipe - wipe a device
|
|
*
|
|
* Copyright (C) 2004-2007, Clemens Fruhwirth <clemens@endorphin.org>
|
|
* Copyright (C) 2009-2017, Red Hat, Inc. All rights reserved.
|
|
* Copyright (C) 2009-2017, Milan Broz
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version 2
|
|
* of the License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*/
|
|
|
|
#include <stdlib.h>
|
|
#include <errno.h>
|
|
#include <fcntl.h>
|
|
#include "internal.h"
|
|
|
|
/*
|
|
* Wipe using Peter Gutmann method described in
|
|
* http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
|
|
* Note: used only for rotational device (and even there it is not needed today...)
|
|
*/
|
|
static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
|
|
{
|
|
unsigned int i;
|
|
|
|
unsigned char write_modes[][3] = {
|
|
{"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"},
|
|
{"\x49\x24\x92"}, {"\x24\x92\x49"}, {"\x00\x00\x00"},
|
|
{"\x11\x11\x11"}, {"\x22\x22\x22"}, {"\x33\x33\x33"},
|
|
{"\x44\x44\x44"}, {"\x55\x55\x55"}, {"\x66\x66\x66"},
|
|
{"\x77\x77\x77"}, {"\x88\x88\x88"}, {"\x99\x99\x99"},
|
|
{"\xaa\xaa\xaa"}, {"\xbb\xbb\xbb"}, {"\xcc\xcc\xcc"},
|
|
{"\xdd\xdd\xdd"}, {"\xee\xee\xee"}, {"\xff\xff\xff"},
|
|
{"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
|
|
{"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
|
|
};
|
|
|
|
for (i = 0; i < buffer_size / 3; ++i) {
|
|
memcpy(buffer, write_modes[turn], 3);
|
|
buffer += 3;
|
|
}
|
|
}
|
|
|
|
static int crypt_wipe_special(int fd, int bsize, char *buffer,
|
|
uint64_t offset, size_t size)
|
|
{
|
|
int r;
|
|
unsigned int i;
|
|
ssize_t written;
|
|
|
|
for (i = 0; i < 39; ++i) {
|
|
if (i < 5) {
|
|
r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
|
|
} else if (i >= 5 && i < 32) {
|
|
wipeSpecial(buffer, size, i - 5);
|
|
r = 0;
|
|
} else if (i >= 32 && i < 38) {
|
|
r = crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL);
|
|
} else if (i >= 38 && i < 39) {
|
|
memset(buffer, 0xFF, size);
|
|
r = 0;
|
|
}
|
|
if (r < 0)
|
|
return r;
|
|
|
|
written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
|
|
if (written < 0 || written != (ssize_t)size)
|
|
return -EIO;
|
|
}
|
|
|
|
/* Rewrite it finally with random */
|
|
if (crypt_random_get(NULL, buffer, size, CRYPT_RND_NORMAL) < 0)
|
|
return -EINVAL;
|
|
|
|
written = write_lseek_blockwise(fd, bsize, buffer, size, offset);
|
|
if (written < 0 || written != (ssize_t)size)
|
|
return -EIO;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int wipe_block(int devfd, crypt_wipe_pattern pattern, char *sf,
|
|
size_t device_block_size, size_t wipe_block_size,
|
|
uint64_t offset, bool *need_block_init)
|
|
{
|
|
int r;
|
|
|
|
if (pattern == CRYPT_WIPE_SPECIAL)
|
|
return crypt_wipe_special(devfd, device_block_size, sf, offset, wipe_block_size);
|
|
|
|
if (*need_block_init) {
|
|
if (pattern == CRYPT_WIPE_ZERO) {
|
|
memset(sf, 0, wipe_block_size);
|
|
*need_block_init = false;
|
|
r = 0;
|
|
} else if (pattern == CRYPT_WIPE_RANDOM) {
|
|
r = crypt_random_get(NULL, sf, wipe_block_size, CRYPT_RND_NORMAL);
|
|
*need_block_init = true;
|
|
} else if (pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
|
|
// FIXME
|
|
r = crypt_random_get(NULL, sf, wipe_block_size, CRYPT_RND_NORMAL);
|
|
*need_block_init = true;
|
|
} else
|
|
r = -EINVAL;
|
|
|
|
if (r)
|
|
return r;
|
|
}
|
|
|
|
if (write_blockwise(devfd, device_block_size, sf, wipe_block_size) == (ssize_t)wipe_block_size)
|
|
return 0;
|
|
|
|
return -EIO;
|
|
}
|
|
|
|
int crypt_wipe_device(struct crypt_device *cd,
|
|
struct device *device,
|
|
crypt_wipe_pattern pattern,
|
|
uint64_t offset,
|
|
uint64_t length,
|
|
size_t wipe_block_size,
|
|
int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
|
|
void *usrptr)
|
|
{
|
|
int r, devfd = -1, bsize;
|
|
char *sf = NULL;
|
|
uint64_t dev_size;
|
|
bool need_block_init = true;
|
|
|
|
/* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */
|
|
bsize = device_block_size(device);
|
|
if ((bsize <= 0) || (wipe_block_size < (size_t)bsize))
|
|
return -EINVAL;
|
|
|
|
/* Everything must be aligned to SECTOR_SIZE */
|
|
if ((offset % SECTOR_SIZE) || (length % SECTOR_SIZE) || (wipe_block_size % SECTOR_SIZE))
|
|
return -EINVAL;
|
|
|
|
devfd = device_open(device, O_RDWR);
|
|
if (devfd < 0)
|
|
return errno ? -errno : -EINVAL;
|
|
|
|
r = device_size(device, &dev_size);
|
|
if (r)
|
|
goto out;
|
|
|
|
if (length) {
|
|
if ((dev_size <= offset) || (dev_size - offset) < length) {
|
|
r = -EINVAL;
|
|
goto out;
|
|
}
|
|
dev_size = offset + length;
|
|
}
|
|
|
|
r = posix_memalign((void **)&sf, crypt_getpagesize(), wipe_block_size);
|
|
if (r)
|
|
goto out;
|
|
|
|
if (lseek64(devfd, offset, SEEK_SET) < 0) {
|
|
log_err(cd, "Cannot seek to device offset.\n");
|
|
r = -EIO;
|
|
goto out;
|
|
}
|
|
|
|
if (progress && progress(dev_size, offset, usrptr)) {
|
|
r = -EINTR;
|
|
goto out;
|
|
}
|
|
|
|
if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
|
|
log_dbg("Non-rotational device, using random data wipe mode.");
|
|
pattern = CRYPT_WIPE_RANDOM;
|
|
}
|
|
|
|
while (offset < dev_size) {
|
|
if ((offset + wipe_block_size) > dev_size)
|
|
wipe_block_size = dev_size - offset;
|
|
|
|
//log_dbg("Wipe %012" PRIu64 "-%012" PRIu64 " bytes", offset, offset + wipe_block_size);
|
|
|
|
r = wipe_block(devfd, pattern, sf, bsize, wipe_block_size, offset, &need_block_init);
|
|
if (r) {
|
|
log_err(cd, "Device wipe error, offset %" PRIu64 ".\n", offset);
|
|
break;
|
|
}
|
|
|
|
offset += wipe_block_size;
|
|
|
|
if (progress && progress(dev_size, offset, usrptr)) {
|
|
r = -EINTR;
|
|
break;
|
|
}
|
|
}
|
|
|
|
fsync(devfd);
|
|
out:
|
|
close(devfd);
|
|
free(sf);
|
|
return r;
|
|
}
|
|
|
|
int crypt_wipe(struct crypt_device *cd,
|
|
const char *dev_path,
|
|
crypt_wipe_pattern pattern,
|
|
uint64_t offset,
|
|
uint64_t length,
|
|
size_t wipe_block_size,
|
|
uint32_t flags,
|
|
int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
|
|
void *usrptr)
|
|
{
|
|
struct device *device;
|
|
int r;
|
|
|
|
if (!cd)
|
|
return -EINVAL;
|
|
|
|
if (!dev_path)
|
|
device = crypt_data_device(cd);
|
|
else {
|
|
r = device_alloc(&device, dev_path);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
if (flags & CRYPT_WIPE_NO_DIRECT_IO)
|
|
device_disable_direct_io(device);
|
|
}
|
|
|
|
if (!wipe_block_size)
|
|
wipe_block_size = 1024*1024;
|
|
|
|
log_dbg("Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
|
|
(unsigned)pattern, device_path(device), offset, length, wipe_block_size);
|
|
|
|
r = crypt_wipe_device(cd, device, pattern, offset, length,
|
|
wipe_block_size, progress, usrptr);
|
|
|
|
if (dev_path)
|
|
device_free(device);
|
|
|
|
return r;
|
|
}
|