Add endpoint for deleting encryption key

19d3fdb8 · Arie Peterson · 5e8bac28 · 19d3fdb8 · 19d3fdb8
Commit 19d3fdb8 authored 7 years ago by Arie Peterson
--- a/src/api/encryption_keys_delete.c
+++ b/src/api/encryption_keys_delete.c
+/**
+ * Callback function to delete a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_delete(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    int r;
+
+    // Read keyslot from request URI.
+    const char * keyslot_string = u_map_get(request->map_url, "slot");
+    if (keyslot_string == NULL)
+    {
+        return send_simple_response(response, 400, "error",
+            "missing url parameter `slot`");
+    }
+    int keyslot;
+    r = parse_int(keyslot_string, &keyslot);
+    if (r != 0)
+    {
+        printf("invalid url parameter `slot`: %s\n", keyslot_string);
+        return send_simple_response(response, 400, "error",
+            "invalid url parameter `slot`");
+    }
+
+    // Initialise encrypted container.
+    struct crypt_device * cd = NULL;
+    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
+    if (r < 0)
+    {
+        crypt_free(cd);
+    }
+    if (r != 0)
+    {
+        printf("container_initialise failed with status %d\n", r);
+        return send_simple_response(response, 500, "error",
+            "initialising encrypted container failed");
+    }
+
+    // Delete encryption password.
+    r = crypt_keyslot_destroy(cd, keyslot);
+  
+    if (r < 0)
+    {
+        // Something else went wrong.
+        printf("crypt_keyslot_destroy failed with status %d\n", r);
+        return send_simple_response(response, 500, "error",
+            "error deleting encryption password");
+    }
+  
+    // If we reach this point, apparently everything went well.
+    return send_simple_response(response, 200, "status", "ok");
+}
--- a/src/cryptops-api.c
+++ b/src/cryptops-api.c
@@ -12,6 +12,7 @@
 #include <api/encryption_unlock_post.c>
 #include <api/encryption_keys_get.c>
 #include <api/encryption_keys_put.c>
+#include <api/encryption_keys_delete.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
 #include <api/ssh_keys_post.c>
@@ -61,6 +62,9 @@ int main(int argc, char ** argv)
    ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
        "/encryption/keys/:slot",
        0, &callback_encryption_keys_put, NULL);
+    ulfius_add_endpoint_by_val(&instance, "DELETE" , PREFIX,
+        "/encryption/keys/:slot",
+        0, &callback_encryption_keys_delete, NULL);
    ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
        "/ssh/keys",
        0, &callback_ssh_keys_get, NULL);