From 19d3fdb8842106b11d68e9c8dbd5889ff5ded871 Mon Sep 17 00:00:00 2001
From: Arie Peterson <arie@greenhost.nl>
Date: Thu, 20 Jul 2017 15:57:11 +0200
Subject: [PATCH] Add endpoint for deleting encryption key

---
 src/api/encryption_keys_delete.c | 56 ++++++++++++++++++++++++++++++++
 src/cryptops-api.c               |  4 +++
 2 files changed, 60 insertions(+)
 create mode 100644 src/api/encryption_keys_delete.c

diff --git a/src/api/encryption_keys_delete.c b/src/api/encryption_keys_delete.c
new file mode 100644
index 0000000..e4b660a
--- /dev/null
+++ b/src/api/encryption_keys_delete.c
@@ -0,0 +1,56 @@
+/**
+ * Callback function to delete a luks encryption password.
+ * @param[in]   request   incoming HTTP request
+ * @param[out]  response  HTTP response to the request
+ * @param[in]   user_data extra data to pass between main thread and callbacks
+ * @return                internal status code
+ */
+int callback_encryption_keys_delete(const struct _u_request * request,
+    struct _u_response * response, void * user_data)
+{
+    int r;
+
+    // Read keyslot from request URI.
+    const char * keyslot_string = u_map_get(request->map_url, "slot");
+    if (keyslot_string == NULL)
+    {
+        return send_simple_response(response, 400, "error",
+            "missing url parameter `slot`");
+    }
+    int keyslot;
+    r = parse_int(keyslot_string, &keyslot);
+    if (r != 0)
+    {
+        printf("invalid url parameter `slot`: %s\n", keyslot_string);
+        return send_simple_response(response, 400, "error",
+            "invalid url parameter `slot`");
+    }
+
+    // Initialise encrypted container.
+    struct crypt_device * cd = NULL;
+    r = container_initialise(&cd, DATA_PARTITION_DEVICE, true);
+    if (r < 0)
+    {
+        crypt_free(cd);
+    }
+    if (r != 0)
+    {
+        printf("container_initialise failed with status %d\n", r);
+        return send_simple_response(response, 500, "error",
+            "initialising encrypted container failed");
+    }
+
+    // Delete encryption password.
+    r = crypt_keyslot_destroy(cd, keyslot);
+  
+    if (r < 0)
+    {
+        // Something else went wrong.
+        printf("crypt_keyslot_destroy failed with status %d\n", r);
+        return send_simple_response(response, 500, "error",
+            "error deleting encryption password");
+    }
+  
+    // If we reach this point, apparently everything went well.
+    return send_simple_response(response, 200, "status", "ok");
+}
diff --git a/src/cryptops-api.c b/src/cryptops-api.c
index 58ac3dd..0c2c2ad 100644
--- a/src/cryptops-api.c
+++ b/src/cryptops-api.c
@@ -12,6 +12,7 @@
 #include <api/encryption_unlock_post.c>
 #include <api/encryption_keys_get.c>
 #include <api/encryption_keys_put.c>
+#include <api/encryption_keys_delete.c>
 #include <api/ssh_keys_get.c>
 #include <api/ssh_keys_put.c>
 #include <api/ssh_keys_post.c>
@@ -61,6 +62,9 @@ int main(int argc, char ** argv)
     ulfius_add_endpoint_by_val(&instance, "PUT" , PREFIX,
         "/encryption/keys/:slot",
         0, &callback_encryption_keys_put, NULL);
+    ulfius_add_endpoint_by_val(&instance, "DELETE" , PREFIX,
+        "/encryption/keys/:slot",
+        0, &callback_encryption_keys_delete, NULL);
     ulfius_add_endpoint_by_val(&instance, "GET" , PREFIX,
         "/ssh/keys",
         0, &callback_ssh_keys_get, NULL);
-- 
GitLab