1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "cryptenroll-wipe.h"
#include "cryptenroll.h"
#include "json.h"
#include "memory-util.h"
#include "parse-util.h"
#include "set.h"
#include "sort-util.h"
static int find_all_slots(struct crypt_device *cd, Set *wipe_slots, Set *keep_slots) {
int slot_max;
assert(cd);
assert(wipe_slots);
assert_se((slot_max = crypt_keyslot_max(CRYPT_LUKS2)) > 0);
/* Finds all currently assigned slots, and adds them to 'wipe_slots', except if listed already in 'keep_slots' */
for (int slot = 0; slot < slot_max; slot++) {
crypt_keyslot_info status;
/* No need to check this slot if we already know we want to wipe it or definitely keep it. */
if (set_contains(keep_slots, INT_TO_PTR(slot)) ||
set_contains(wipe_slots, INT_TO_PTR(slot)))
continue;
status = crypt_keyslot_status(cd, slot);
if (!IN_SET(status, CRYPT_SLOT_ACTIVE, CRYPT_SLOT_ACTIVE_LAST))
continue;
if (set_put(wipe_slots, INT_TO_PTR(slot)) < 0)
return log_oom();
}
return 0;
}
static int find_empty_passphrase_slots(struct crypt_device *cd, Set *wipe_slots, Set *keep_slots) {
size_t vks;
int r, slot_max;
assert(cd);
assert(wipe_slots);
assert_se((slot_max = crypt_keyslot_max(CRYPT_LUKS2)) > 0);
/* Finds all slots with an empty passphrase assigned (i.e. "") and adds them to 'wipe_slots', except
* if listed already in 'keep_slots' */
r = crypt_get_volume_key_size(cd);
if (r <= 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to determine LUKS volume key size");
vks = (size_t) r;
for (int slot = 0; slot < slot_max; slot++) {
_cleanup_(erase_and_freep) char *vk = NULL;
crypt_keyslot_info status;
/* No need to check this slot if we already know we want to wipe it or definitely keep it. */
if (set_contains(keep_slots, INT_TO_PTR(slot)) ||
set_contains(wipe_slots, INT_TO_PTR(slot)))
continue;
status = crypt_keyslot_status(cd, slot);
if (!IN_SET(status, CRYPT_SLOT_ACTIVE, CRYPT_SLOT_ACTIVE_LAST))
continue;
vk = malloc(vks);
if (!vk)
return log_oom();
r = crypt_volume_key_get(cd, slot, vk, &vks, "", 0);
if (r < 0) {
log_debug_errno(r, "Failed to acquire volume key from slot %i with empty password, ignoring: %m", slot);
continue;
}
if (set_put(wipe_slots, INT_TO_PTR(r)) < 0)
return log_oom();
}
return 0;
}
static int find_slots_by_mask(
struct crypt_device *cd,
Set *wipe_slots,
Set *keep_slots,
unsigned by_mask) {
_cleanup_(set_freep) Set *listed_slots = NULL;
int r;
assert(cd);
assert(wipe_slots);
if (by_mask == 0)
return 0;
/* Find all slots that are associated with a token of a type in the specified token type mask */
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
JsonVariant *w, *z;
EnrollType t;
r = cryptsetup_get_token_as_json(cd, token, NULL, &v);
if (IN_SET(r, -ENOENT, -EINVAL))
continue;
if (r < 0) {
log_warning_errno(r, "Failed to read JSON token data off disk, ignoring: %m");
continue;
}
w = json_variant_by_key(v, "type");
if (!w || !json_variant_is_string(w)) {
log_warning("Token JSON data lacks type field, ignoring.");
continue;
}
t = luks2_token_type_from_string(json_variant_string(w));
w = json_variant_by_key(v, "keyslots");
if (!w || !json_variant_is_array(w)) {
log_warning("Token JSON data lacks keyslots field, ignoring.");
continue;
}
JSON_VARIANT_ARRAY_FOREACH(z, w) {
int slot;
if (!json_variant_is_string(z)) {
log_warning("Token JSON data's keyslot field is not an array of strings, ignoring.");
continue;
}
r = safe_atoi(json_variant_string(z), &slot);
if (r < 0) {
log_warning_errno(r, "Token JSON data's keyslot filed is not an integer formatted as string, ignoring.");
continue;
}
if (t >= 0 && (by_mask & (1U << t)) != 0) {
/* Selected by token type */
if (set_put(wipe_slots, INT_TO_PTR(slot)) < 0)
return log_oom();
} else if ((by_mask & (1U << ENROLL_PASSWORD)) != 0) {
/* If we shall remove all plain password slots, let's maintain a list of
* slots that are listed in any tokens, since those are *NOT* plain
* passwords */
if (set_ensure_allocated(&listed_slots, NULL) < 0)
return log_oom();
if (set_put(listed_slots, INT_TO_PTR(slot)) < 0)
return log_oom();
}
}
}
/* "password" slots are those which have no token assigned. If we shall remove those, iterate through
* all slots and mark those for wiping that weren't listed in any token */
if ((by_mask & (1U << ENROLL_PASSWORD)) != 0) {
int slot_max;
assert_se((slot_max = crypt_keyslot_max(CRYPT_LUKS2)) > 0);
for (int slot = 0; slot < slot_max; slot++) {
crypt_keyslot_info status;
/* No need to check this slot if we already know we want to wipe it or definitely keep it. */
if (set_contains(keep_slots, INT_TO_PTR(slot)) ||
set_contains(wipe_slots, INT_TO_PTR(slot)))
continue;
if (set_contains(listed_slots, INT_TO_PTR(slot))) /* This has a token, hence is not a password. */
continue;
status = crypt_keyslot_status(cd, slot);
if (!IN_SET(status, CRYPT_SLOT_ACTIVE, CRYPT_SLOT_ACTIVE_LAST)) /* Not actually assigned? */
continue;
/* Finally, we found a password, add it to the list of slots to wipe */
if (set_put(wipe_slots, INT_TO_PTR(slot)) < 0)
return log_oom();
}
}
return 0;
}
static int find_slot_tokens(struct crypt_device *cd, Set *wipe_slots, Set *keep_slots, Set *wipe_tokens) {
int r;
assert(cd);
assert(wipe_slots);
assert(keep_slots);
assert(wipe_tokens);
/* Find all tokens matching the slots we want to wipe, so that we can wipe them too. Also, for update
* the slots sets according to the token data: add any other slots listed in the tokens we act on. */
for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
bool shall_wipe = false;
JsonVariant *w, *z;
r = cryptsetup_get_token_as_json(cd, token, NULL, &v);
if (IN_SET(r, -ENOENT, -EINVAL))
continue;
if (r < 0) {
log_warning_errno(r, "Failed to read JSON token data off disk, ignoring: %m");
continue;
}
w = json_variant_by_key(v, "keyslots");
if (!w || !json_variant_is_array(w)) {
log_warning("Token JSON data lacks keyslots field, ignoring.");
continue;
}
/* Go through the slots associated with this token: if we shall keep any slot of them, the token shall stay too. */
JSON_VARIANT_ARRAY_FOREACH(z, w) {
int slot;
if (!json_variant_is_string(z)) {
log_warning("Token JSON data's keyslot field is not an array of strings, ignoring.");
continue;
}
r = safe_atoi(json_variant_string(z), &slot);
if (r < 0) {
log_warning_errno(r, "Token JSON data's keyslot filed is not an integer formatted as string, ignoring.");
continue;
}
if (set_contains(keep_slots, INT_TO_PTR(slot))) {
shall_wipe = false;
break; /* If we shall keep this slot, then this is definite: we will keep its token too */
}
/* If there's a slot associated with this token that we shall wipe, then remove the
* token too. But we are careful here: let's continue iterating, maybe there's a slot
* that we need to keep, in which case we can reverse the decision again. */
if (set_contains(wipe_slots, INT_TO_PTR(slot)))
shall_wipe = true;
}
/* Go through the slots again, and this time add them to the list of slots to keep/remove */
JSON_VARIANT_ARRAY_FOREACH(z, w) {
int slot;
if (!json_variant_is_string(z))
continue;
if (safe_atoi(json_variant_string(z), &slot) < 0)
continue;
if (set_put(shall_wipe ? wipe_slots : keep_slots, INT_TO_PTR(slot)) < 0)
return log_oom();
}
/* And of course, also remember the tokens to remove. */
if (shall_wipe)
if (set_put(wipe_tokens, INT_TO_PTR(token)) < 0)
return log_oom();
}
return 0;
}
static bool slots_remain(struct crypt_device *cd, Set *wipe_slots, Set *keep_slots) {
int slot_max;
assert(cd);
assert_se((slot_max = crypt_keyslot_max(CRYPT_LUKS2)) > 0);
/* Checks if any slots remaining in the LUKS2 header if we remove all slots listed in 'wipe_slots'
* (keeping those listed in 'keep_slots') */
for (int slot = 0; slot < slot_max; slot++) {
crypt_keyslot_info status;
status = crypt_keyslot_status(cd, slot);
if (!IN_SET(status, CRYPT_SLOT_ACTIVE, CRYPT_SLOT_ACTIVE_LAST))
continue;
/* The "keep" set wins if a slot is listed in both sets. This is important so that we can
* safely add a new slot and remove all others of the same type, which in a naive
* implementation might mean we remove what we just added — which we of course don't want. */
if (set_contains(keep_slots, INT_TO_PTR(slot)) ||
!set_contains(wipe_slots, INT_TO_PTR(slot)))
return true;
}
return false;
}
int wipe_slots(struct crypt_device *cd,
const int explicit_slots[],
size_t n_explicit_slots,
WipeScope by_scope,
unsigned by_mask,
int except_slot) {
_cleanup_(set_freep) Set *wipe_slots = NULL, *wipe_tokens = NULL, *keep_slots = NULL;
_cleanup_free_ int *ordered_slots = NULL, *ordered_tokens = NULL;
size_t n_ordered_slots = 0, n_ordered_tokens = 0;
int r, slot_max, ret;
void *e;
assert_se(cd);
/* Shortcut if nothing to wipe. */
if (n_explicit_slots == 0 && by_mask == 0 && by_scope == WIPE_EXPLICIT)
return 0;
/* So this is a bit more complicated than I'd wish, but we want support three different axis for wiping slots:
*
* 1. Wiping by slot indexes
* 2. Wiping slots of specified token types
* 3. Wiping "all" entries, or entries with an empty password (i.e. "")
*
* (or any combination of the above)
*
* Plus: We always want to remove tokens matching the slots.
* Plus: We always want to exclude the slots/tokens we just added.
*/
wipe_slots = set_new(NULL);
keep_slots = set_new(NULL);
wipe_tokens = set_new(NULL);
if (!wipe_slots || !keep_slots || !wipe_tokens)
return log_oom();
/* Let's maintain one set of slots for the slots we definitely want to keep */
if (except_slot >= 0)
if (set_put(keep_slots, INT_TO_PTR(except_slot)) < 0)
return log_oom();
assert_se((slot_max = crypt_keyslot_max(CRYPT_LUKS2)) > 0);
/* Maintain another set of the slots we intend to wipe */
for (size_t i = 0; i < n_explicit_slots; i++) {
if (explicit_slots[i] >= slot_max)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Slot index %i out of range.", explicit_slots[i]);
if (set_put(wipe_slots, INT_TO_PTR(explicit_slots[i])) < 0)
return log_oom();
}
/* Now, handle the "all" and "empty passphrase" cases. */
switch (by_scope) {
case WIPE_EXPLICIT:
break; /* Nothing to do here */
case WIPE_ALL:
r = find_all_slots(cd, wipe_slots, keep_slots);
if (r < 0)
return r;
break;
case WIPE_EMPTY_PASSPHRASE:
r = find_empty_passphrase_slots(cd, wipe_slots, keep_slots);
if (r < 0)
return r;
break;
default:
assert_not_reached();
}
/* Then add all slots that match a token type */
r = find_slots_by_mask(cd, wipe_slots, keep_slots, by_mask);
if (r < 0)
return r;
/* And determine tokens that we shall remove */
r = find_slot_tokens(cd, wipe_slots, keep_slots, wipe_tokens);
if (r < 0)
return r;
/* Safety check: let's make sure that after we are done there's at least one slot remaining */
if (!slots_remain(cd, wipe_slots, keep_slots))
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Wipe operation would leave no valid slots around, can't allow that, sorry.");
/* Generated ordered lists of the slots and the tokens to remove */
ordered_slots = new(int, set_size(wipe_slots));
if (!ordered_slots)
return log_oom();
SET_FOREACH(e, wipe_slots) {
int slot = PTR_TO_INT(e);
if (set_contains(keep_slots, INT_TO_PTR(slot)))
continue;
ordered_slots[n_ordered_slots++] = slot;
}
typesafe_qsort(ordered_slots, n_ordered_slots, cmp_int);
ordered_tokens = new(int, set_size(wipe_tokens));
if (!ordered_tokens)
return log_oom();
SET_FOREACH(e, wipe_tokens)
ordered_tokens[n_ordered_tokens++] = PTR_TO_INT(e);
typesafe_qsort(ordered_tokens, n_ordered_tokens, cmp_int);
if (n_ordered_slots == 0 && n_ordered_tokens == 0) {
log_full(except_slot < 0 ? LOG_NOTICE : LOG_DEBUG,
"No slots to remove selected.");
return 0;
}
if (DEBUG_LOGGING) {
for (size_t i = 0; i < n_ordered_slots; i++)
log_debug("Going to wipe slot %i.", ordered_slots[i]);
for (size_t i = 0; i < n_ordered_tokens; i++)
log_debug("Going to wipe token %i.", ordered_tokens[i]);
}
/* Now, let's actually start wiping things. (We go from back to front, to make space at the end
* first.) */
ret = 0;
for (size_t i = n_ordered_slots; i > 0; i--) {
r = crypt_keyslot_destroy(cd, ordered_slots[i - 1]);
if (r < 0) {
log_warning_errno(r, "Failed to wipe slot %i, continuing: %m", ordered_slots[i - 1]);
if (ret == 0)
ret = r;
} else
log_info("Wiped slot %i.", ordered_slots[i - 1]);
}
for (size_t i = n_ordered_tokens; i > 0; i--) {
r = crypt_token_json_set(cd, ordered_tokens[i - 1], NULL);
if (r < 0) {
log_warning_errno(r, "Failed to wipe token %i, continuing: %m", ordered_tokens[i - 1]);
if (ret == 0)
ret = r;
}
}
return ret;
}
|
