static int _wipe_data_device(struct crypt_device *cd, const char *integrity_key) { char tmp_name[64], tmp_path[128], tmp_uuid[40]; uuid_t tmp_uuid_bin; int r; if (!opt_batch_mode) log_std(_("Wiping device to initialize integrity checksum.\n" "You can interrupt this by pressing CTRL+c " "(rest of not wiped device will contain invalid checksum).\n")); /* Activate the device a temporary one */ uuid_generate(tmp_uuid_bin); uuid_unparse(tmp_uuid_bin, tmp_uuid); if (snprintf(tmp_name, sizeof(tmp_name), "temporary-cryptsetup-%s", tmp_uuid) < 0) return -EINVAL; if (snprintf(tmp_path, sizeof(tmp_path), "%s/%s", crypt_get_dir(), tmp_name) < 0) return -EINVAL; r = crypt_activate_by_volume_key(cd, tmp_name, integrity_key, opt_integrity_key_size, CRYPT_ACTIVATE_PRIVATE | CRYPT_ACTIVATE_NO_JOURNAL); if (r < 0) return r; /* Wipe the device */ set_int_handler(0); r = crypt_wipe(cd, tmp_path, CRYPT_WIPE_ZERO, 0, 0, DEFAULT_WIPE_BLOCK, 0, &tools_wipe_progress, NULL); if (crypt_deactivate(cd, tmp_name)) log_err(_("Cannot deactivate temporary device %s."), tmp_path); set_int_block(0); return r; }
int LUKS_del_key(unsigned int keyIndex, struct luks_phdr *hdr, struct crypt_device *ctx) { struct device *device = crypt_metadata_device(ctx); unsigned int startOffset, endOffset; int r; r = LUKS_read_phdr(hdr, 1, 0, ctx); if (r) return r; r = LUKS_keyslot_set(hdr, keyIndex, 0); if (r) { log_err(ctx, _("Key slot %d is invalid, please select keyslot between 0 and %d.\n"), keyIndex, LUKS_NUMKEYS - 1); return r; } /* secure deletion of key material */ startOffset = hdr->keyblock[keyIndex].keyMaterialOffset; endOffset = startOffset + AF_split_sectors(hdr->keyBytes, hdr->keyblock[keyIndex].stripes); r = crypt_wipe(device, startOffset * SECTOR_SIZE, (endOffset - startOffset) * SECTOR_SIZE, CRYPT_WIPE_DISK, 0); if (r) { if (r == -EACCES) { log_err(ctx, _("Cannot write to device %s, permission denied.\n"), device_path(device)); r = -EINVAL; } else log_err(ctx, _("Cannot wipe device %s.\n"), device_path(device)); return r; } /* Wipe keyslot info */ memset(&hdr->keyblock[keyIndex].passwordSalt, 0, LUKS_SALTSIZE); hdr->keyblock[keyIndex].passwordIterations = 0; r = LUKS_write_phdr(hdr, ctx); return r; }