1 files changed, 311 insertions, 0 deletions
diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
new file mode 100644
index 0000000..1df46c1
--- /dev/null
+++ b/lib/utils_wipe.c
@@ -0,0 +1,311 @@
+/*
+ * utils_wipe - wipe a device
+ *
+ * Copyright (C) 2004-2007 Clemens Fruhwirth <clemens@endorphin.org>
+ * Copyright (C) 2009-2023 Red Hat, Inc. All rights reserved.
+ * Copyright (C) 2009-2023 Milan Broz
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <sys/stat.h>
+#include <linux/fs.h>
+#include "internal.h"
+
+/* block device zeroout ioctls, introduced in Linux kernel 3.7 */
+#ifndef BLKZEROOUT
+#define BLKZEROOUT _IO(0x12,127)
+#endif
+
+static int wipe_zeroout(struct crypt_device *cd, int devfd,
+			uint64_t offset, uint64_t length)
+{
+	static bool zeroout_available = true;
+	uint64_t range[2] = { offset, length };
+	int r;
+
+	if (!zeroout_available)
+		return -ENOTSUP;
+
+	r = ioctl(devfd, BLKZEROOUT, &range);
+	if (r < 0) {
+		log_dbg(cd, "BLKZEROOUT ioctl not available (error %i), disabling.", r);
+		zeroout_available = false;
+		return -ENOTSUP;
+	}
+
+	return 0;
+}
+
+/*
+ * Wipe using Peter Gutmann method described in
+ * https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
+ * Note: used only for rotational device (and even there it is not needed today...)
+ */
+static void wipeSpecial(char *buffer, size_t buffer_size, unsigned int turn)
+{
+	unsigned int i;
+
+	unsigned char write_modes[][3] = {
+		{"\x55\x55\x55"}, {"\xaa\xaa\xaa"}, {"\x92\x49\x24"},
+		{"\x49\x24\x92"}, {"\x24\x92\x49"}, {"\x00\x00\x00"},
+		{"\x11\x11\x11"}, {"\x22\x22\x22"}, {"\x33\x33\x33"},
+		{"\x44\x44\x44"}, {"\x55\x55\x55"}, {"\x66\x66\x66"},
+		{"\x77\x77\x77"}, {"\x88\x88\x88"}, {"\x99\x99\x99"},
+		{"\xaa\xaa\xaa"}, {"\xbb\xbb\xbb"}, {"\xcc\xcc\xcc"},
+		{"\xdd\xdd\xdd"}, {"\xee\xee\xee"}, {"\xff\xff\xff"},
+		{"\x92\x49\x24"}, {"\x49\x24\x92"}, {"\x24\x92\x49"},
+		{"\x6d\xb6\xdb"}, {"\xb6\xdb\x6d"}, {"\xdb\x6d\xb6"}
+	};
+
+	for (i = 0; i < buffer_size / 3; ++i) {
+		memcpy(buffer, write_modes[turn], 3);
+		buffer += 3;
+	}
+}
+
+static int crypt_wipe_special(struct crypt_device *cd, int fd, size_t bsize,
+			      size_t alignment, char *buffer,
+			      uint64_t offset, size_t size)
+{
+	int r = 0;
+	unsigned int i;
+	ssize_t written;
+
+	for (i = 0; i < 39; ++i) {
+		if (i <  5) {
+			r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
+		} else if (i >=  5 && i < 32) {
+			wipeSpecial(buffer, size, i - 5);
+			r = 0;
+		} else if (i >= 32 && i < 38) {
+			r = crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL);
+		} else if (i >= 38 && i < 39) {
+			memset(buffer, 0xFF, size);
+			r = 0;
+		}
+		if (r < 0)
+			return -EIO;
+
+		written = write_lseek_blockwise(fd, bsize, alignment,
+						buffer, size, offset);
+		if (written < 0 || written != (ssize_t)size)
+			return -EIO;
+	}
+
+	/* Rewrite it finally with random */
+	if (crypt_random_get(cd, buffer, size, CRYPT_RND_NORMAL) < 0)
+		return -EIO;
+
+	written = write_lseek_blockwise(fd, bsize, alignment, buffer, size, offset);
+	if (written < 0 || written != (ssize_t)size)
+		return -EIO;
+
+	return 0;
+}
+
+static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pattern,
+		      char *sf, size_t device_block_size, size_t alignment,
+		      size_t wipe_block_size, uint64_t offset, bool *need_block_init,
+		      bool blockdev)
+{
+	int r;
+
+	if (pattern == CRYPT_WIPE_SPECIAL)
+		return crypt_wipe_special(cd, devfd, device_block_size, alignment,
+					  sf, offset, wipe_block_size);
+
+	if (*need_block_init) {
+		if (pattern == CRYPT_WIPE_ZERO) {
+			memset(sf, 0, wipe_block_size);
+			*need_block_init = false;
+			r = 0;
+		} else if (pattern == CRYPT_WIPE_RANDOM ||
+			   pattern == CRYPT_WIPE_ENCRYPTED_ZERO) {
+			r = crypt_random_get(cd, sf, wipe_block_size,
+					     CRYPT_RND_NORMAL) ? -EIO : 0;
+			*need_block_init = true;
+		} else
+			r = -EINVAL;
+
+		if (r)
+			return r;
+	}
+
+	if (blockdev && pattern == CRYPT_WIPE_ZERO &&
+	    !wipe_zeroout(cd, devfd, offset, wipe_block_size)) {
+		/* zeroout ioctl does not move offset */
+		if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
+			log_err(cd, _("Cannot seek to device offset."));
+			return -EINVAL;
+		}
+		return 0;
+	}
+
+	if (write_blockwise(devfd, device_block_size, alignment, sf,
+			    wipe_block_size) == (ssize_t)wipe_block_size)
+		return 0;
+
+	return -EIO;
+}
+
+int crypt_wipe_device(struct crypt_device *cd,
+	struct device *device,
+	crypt_wipe_pattern pattern,
+	uint64_t offset,
+	uint64_t length,
+	size_t wipe_block_size,
+	int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+	void *usrptr)
+{
+	int r, devfd;
+	struct stat st;
+	size_t bsize, alignment;
+	char *sf = NULL;
+	uint64_t dev_size;
+	bool need_block_init = true;
+
+	/* Note: LUKS1 calls it with wipe_block not aligned to multiple of bsize */
+	bsize = device_block_size(cd, device);
+	alignment = device_alignment(device);
+	if (!bsize || !alignment || !wipe_block_size)
+		return -EINVAL;
+
+	/* if wipe_block_size < bsize, then a wipe is highly ineffective */
+
+	/* Everything must be aligned to SECTOR_SIZE */
+	if (MISALIGNED_512(offset) || MISALIGNED_512(length) || MISALIGNED_512(wipe_block_size))
+		return -EINVAL;
+
+	if (device_is_locked(device))
+		devfd = device_open_locked(cd, device, O_RDWR);
+	else
+		devfd = device_open(cd, device, O_RDWR);
+	if (devfd < 0)
+		return errno ? -errno : -EINVAL;
+
+	if (fstat(devfd, &st) < 0) {
+		r = -EINVAL;
+		goto out;
+	}
+
+	if (length)
+		dev_size = offset + length;
+	else {
+		r = device_size(device, &dev_size);
+		if (r)
+			goto out;
+
+		if (dev_size <= offset) {
+			r = -EINVAL;
+			goto out;
+		}
+	}
+
+	r = posix_memalign((void **)&sf, alignment, wipe_block_size);
+	if (r)
+		goto out;
+
+	if (lseek(devfd, offset, SEEK_SET) < 0) {
+		log_err(cd, _("Cannot seek to device offset."));
+		r = -EINVAL;
+		goto out;
+	}
+
+	if (progress && progress(dev_size, offset, usrptr)) {
+		r = -EINVAL; /* No change yet, treat this as a parameter error */
+		goto out;
+	}
+
+	if (pattern == CRYPT_WIPE_SPECIAL && !device_is_rotational(device)) {
+		log_dbg(cd, "Non-rotational device, using random data wipe mode.");
+		pattern = CRYPT_WIPE_RANDOM;
+	}
+
+	while (offset < dev_size) {
+		if ((offset + wipe_block_size) > dev_size)
+			wipe_block_size = dev_size - offset;
+
+		r = wipe_block(cd, devfd, pattern, sf, bsize, alignment,
+			       wipe_block_size, offset, &need_block_init, S_ISBLK(st.st_mode));
+		if (r) {
+			log_err(cd,_("Device wipe error, offset %" PRIu64 "."), offset);
+			break;
+		}
+
+		offset += wipe_block_size;
+
+		if (progress && progress(dev_size, offset, usrptr)) {
+			r = -EINTR;
+			break;
+		}
+	}
+
+	device_sync(cd, device);
+out:
+	free(sf);
+	return r;
+}
+
+int crypt_wipe(struct crypt_device *cd,
+	const char *dev_path,
+	crypt_wipe_pattern pattern,
+	uint64_t offset,
+	uint64_t length,
+	size_t wipe_block_size,
+	uint32_t flags,
+	int (*progress)(uint64_t size, uint64_t offset, void *usrptr),
+	void *usrptr)
+{
+	struct device *device;
+	int r;
+
+	if (!cd)
+		return -EINVAL;
+
+	r = init_crypto(cd);
+	if (r < 0)
+		return r;
+
+	if (!dev_path)
+		device = crypt_data_device(cd);
+	else {
+		r = device_alloc_no_check(&device, dev_path);
+		if (r < 0)
+			return r;
+
+		if (flags & CRYPT_WIPE_NO_DIRECT_IO)
+			device_disable_direct_io(device);
+	}
+	if (!device)
+		return -EINVAL;
+
+	if (!wipe_block_size)
+		wipe_block_size = 1024*1024;
+
+	log_dbg(cd, "Wipe [%u] device %s, offset %" PRIu64 ", length %" PRIu64 ", block %zu.",
+		(unsigned)pattern, device_path(device), offset, length, wipe_block_size);
+
+	r = crypt_wipe_device(cd, device, pattern, offset, length,
+			      wipe_block_size, progress, usrptr);
+
+	if (dev_path)
+		device_free(cd, device);
+
+	return r;
+}