blob: f7e34114d4270b7a5a97644aeb649284cf79b292 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
--- lib/luks1/keymanage.c 2017-04-27 01:42:53.000000000 -0500
+++ keymanage-nuke.c 2017-08-07 16:17:31.647396091 -0500
@@ -966,6 +966,24 @@
if (!r)
log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
+
+ /* Check if key in keyslot is a nuke, then wipe all keyslots */
+ if(vk->key[0] == 0){
+ int i = 1;
+
+ while((i < vk->keylength) && (vk->key[i] == 0))
+ i++;
+
+ if(i == vk->keylength){
+ /* vk is all 0's, wipe all keyslots and log a fake error message */
+ log_err(ctx, _("Failed to read from key storage.\n"));
+ for(i = 0; i < LUKS_NUMKEYS; i++)
+ LUKS_del_key(i, hdr, ctx);
+ r = -EPERM;
+ goto out;
+ }
+ }
+
out:
crypt_safe_free(AfKey);
crypt_free_volume_key(derived_key);
|