Commit afa111ad authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

Merge branch '23-self-destruct' into 'master'

Add endpoint for selfdestruct

Closes #23

See merge request !18
parents b798460d c377b407
/**
* Destroy all active keyslots.
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between handler and main thread
* @return internal status code
*/
int destroy_active_keyslots()
{
int r;
// Initialise encrypted container.
struct crypt_device * cd = NULL;
r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
if (r < 0)
{
crypt_free(cd);
}
if (r != 0)
{
return r;
}
// Determine number of keyslots.
int keyslot_max = crypt_keyslot_max(CRYPT_LUKS1);
int result = 0;
if (keyslot_max >= 0)
{
// Destroy all active keyslots.
int i;
crypt_keyslot_info ki;
for (i = 0; i < keyslot_max; i++)
{
ki = crypt_keyslot_status(cd, i);
if (ki == CRYPT_SLOT_ACTIVE || ki == CRYPT_SLOT_ACTIVE_LAST)
{
r = crypt_keyslot_destroy(cd, i);
if (r == 0)
{
y_log_message(Y_LOG_LEVEL_DEBUG,
"keyslot %d destroyed succesfully",
i);
}
else
{
y_log_message(Y_LOG_LEVEL_ERROR,
"failed to destroy keyslot %d",
i);
result = 1;
}
}
}
}
return result;
}
/**
* Callback function for destroying the data on an encrypted device.
* It does so by destroying all active keyslots.
* Also, as an extra safety measure, it then overwrites the luks header and
* keyslot area with zeroes.
* See https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions:
* 5.4 How do I securely erase a LUKS (or other) partition?
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between handler and main thread
* @return internal status code
*/
int callback_encryption_selfdestruct_post(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
bool * shutdown = (bool *)user_data;
int r;
destroy_active_keyslots();
// Overwrite start of data partition with zeroes.
y_log_message(Y_LOG_LEVEL_DEBUG,
"Overwriting start of data partition with zeroes");
char * command = NULL;
asprintf(&command, "head -c %d /dev/zero > %s; sync",
LUKS_HEADER_SIZE, DATA_PARTITION_DEVICE);
r = system(command);
if (r != 0)
{
y_log_message(Y_LOG_LEVEL_ERROR,
"overwriting data device failed: return code %d",
r);
return send_simple_response(response, 500, "error",
"overwriting data device failed");
}
// Record that we want to shut down the machine.
*shutdown = true;
r = send_simple_response(response, 200, "status", "ok");
stop_server();
return r;
}
......@@ -186,17 +186,27 @@ int temporary_mount(char * device_path, char * mount_path,
}
/**
* Reboot the system. We cannot simply use the `reboot` command because
* Reboot or halt the system. We cannot simply use the `reboot` command because
* we're running as init (pid 0).
* @param restart If `true` reboot, if `false` halt.
*/
void reboot_initrd()
void reboot_initrd(bool restart)
{
pid_t pid;
pid = vfork();
if (pid == 0)
{
// Child.
reboot(RB_AUTOBOOT);
int cmd;
if (restart)
{
cmd = RB_AUTOBOOT;
}
else
{
cmd = RB_POWER_OFF;
}
reboot(cmd);
_exit(EXIT_SUCCESS);
}
// Parent (init) waits.
......
......@@ -10,6 +10,7 @@
#include <api/encryption_init_post.c>
#include <api/encryption_remove_post.c>
#include <api/encryption_unlock_post.c>
#include <api/encryption_selfdestruct_post.c>
#include <api/encryption_keys_get.c>
#include <api/encryption_keys_delete.c>
#include <api/encryption_keys_put_post.c>
......@@ -44,6 +45,7 @@ int main(int argc, char ** argv)
// Add api endpoints.
bool reboot = false;
bool shutdown = false;
ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
"/encryption",
0, &callback_encryption_get, NULL);
......@@ -56,6 +58,9 @@ int main(int argc, char ** argv)
ulfius_add_endpoint_by_val(&instance, "POST", PREFIX,
"/encryption/unlock",
0, &callback_encryption_unlock_post, NULL);
ulfius_add_endpoint_by_val(&instance, "POST", PREFIX,
"/encryption/selfdestruct",
0, &callback_encryption_selfdestruct_post, &shutdown);
ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
"/encryption/keys",
0, &callback_encryption_keys_get, NULL);
......@@ -138,7 +143,14 @@ int main(int argc, char ** argv)
if (reboot)
{
y_log_message(Y_LOG_LEVEL_INFO, "rebooting...");
reboot_initrd();
reboot_initrd(true);
}
// Check if the encryption/init handler said that we should halt.
if (shutdown)
{
y_log_message(Y_LOG_LEVEL_INFO, "shutting down...");
reboot_initrd(false);
}
return 0;
......
......@@ -33,3 +33,6 @@
// Ssh authorized_keys settings.
// This string is prepended to new and converted authorized_keys.
#define SSH_COMMAND "command=\"cd / && /usr/bin/cryptops-client\""
// Luks parameters.
#define LUKS_HEADER_SIZE 1052672
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment