Tomb/src/tomb

792 lines
21 KiB
Plaintext
Raw Normal View History

#!/bin/zsh
#
# Tomb, the Crypto Undertaker
#
# a tool to easily operate file encryption of private and secret data
#
2011-01-11 18:30:34 +00:00
# Copyleft (C) 2007-2011 Denis Roio <jaromil@dyne.org>
#
# This source code is free software; you can redistribute it and/or
# modify it under the terms of the GNU Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This source code is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# Please refer to the GNU Public License for more details.
#
# You should have received a copy of the GNU Public License along with
# this source code; if not, write to:
# Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
VERSION=0.9.1
DATE=Feb/2011
# PATH=/usr/bin:/usr/sbin:/bin:/sbin
# standard output message routines
# it's always useful to wrap them, in case we change behaviour later
notice() { echo "[*] $1"; }
act() { echo " . $1"; }
error() { echo "[!] $1"; }
func() { if [ $DEBUG ]; then echo "[D] $1"; fi }
# which dd command to use
which dcfldd > /dev/null
if [ $? = 0 ]; then
DD="dcfldd"
else
DD=dd
fi
2011-01-11 18:27:30 +00:00
# which wipe command to use
which wipe > /dev/null
if [ $? = 0 ]; then
WIPE=(wipe -f -s -q)
2011-01-11 18:27:30 +00:00
else
WIPE=(rm -f)
2011-01-11 18:27:30 +00:00
fi
# usb auto detect using dmesg
# tested on ubuntu 10.04 - please test and patch on other systems if you can
# TODO: use udev rules, see how archlinux folks document it - arch rox 8)
# https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt
# here we could modularize the choice of methods using function pointers,
# so that they are configurable when calling tomb.
ask_usbkey() {
notice "Waiting 1 minute for a usb key to connect"
2011-01-11 13:55:31 +00:00
echo -n " . please insert your usb key "
exec_as_user notify-send -i monmort \
-u normal -h string:App:Tomb \
-h double:Version:${VERSION} \
-t 60 \
"Insert your USB KEY" \
"Tomb is waiting 1 minute for you to insert an external key."
plugged=false
c=0
while [ "$plugged" != "true" ]; do
dmesg | tail -n 12 | grep -q 'new.*USB device'
if [ $? = 0 ]; then plugged=true; fi
echo -n "."
sleep 1
c=`expr $c + 1`
if [ $c -gt 60 ]; then
echo
error "timeout."
export usbkey_mount=none
return 1;
fi
done
echo
2011-01-11 13:55:31 +00:00
echo -n " . usb key inserted, opening "
c=0
attached=false
while [ "$attached" != "true" ]; do
dmesg | tail -n 3| grep -q 'Attached.*removable disk'
if [ $? = 0 ]; then attached=true; fi
echo -n "."
sleep 1
c=`expr $c + 1`
if [ $c -gt 15 ]; then
echo
error "timeout."
export usbkey_mount=none
return 1;
fi
done
# get the first partition
usbpart=`dmesg |tail -n 8 | grep ' sd.:' |cut -d: -f2 |tr -d ' '`
2011-01-11 13:55:31 +00:00
# wait that is mounted
c=0
mounted=false
while [ "$mounted" != "true" ]; do
cat /proc/mounts | tail -n 2 | grep -q $usbpart
if [ $? = 0 ]; then mounted=true; fi
echo -n "."
sleep .5
c=`expr $c + 1`
if [ $c -gt 30 ]; then
echo
error "timeout."
export usbkey_mount=none
return 1;
fi
done
# check where it is mounted
usbmount=`cat /proc/mounts | awk -v p=$usbpart '{ if( $1 == "/dev/" p) print $2 }'`
echo
2011-01-11 13:55:31 +00:00
act "usb key mounted on $usbmount"
export usbkey_mount=$usbmount
return 0
}
# user interface (just to ask the password)
ask_password() {
exec_as_user xhost 2>&1 >/dev/null
if [ $? = 0 ]; then # we have access to the X display
exec_as_user which tomb-askpass # 2>&1 > /dev/null
if [ $? = 0 ]; then
export scolopendro="`exec_as_user tomb-askpass ${1} 2>/dev/null`"
return
fi
exec_as_user which ssh-askpass # 2>&1 > /dev/null
if [ $? = 0 ]; then
export scolopendro="`exec_as_user ssh-askpass "Tomb: provide the password to unlock"`"
return
fi
else # we'll collect the password from commandline
act "Tomb: provide the password to unlock"
echo -n " > "
read -s scolopendro
export scolopendro
fi
# just in case we'd like to have dialog supported too:
# dialog --backtitle "This file is encrypted for privacy protection" \
# --title "Security check" --insecure \
# --passwordbox "Enter password:" 10 30 2> /var/run/.scolopendro
}
# popup notification
tomb-notify() {
# look for our icon in common prefixes
if [ -r /usr/share/pixmaps/monmort.xpm ]; then icon=/usr/share/pixmaps/monmort.xpm
elif [ -r /usr/share/icons/monmort.xpm ]; then icon=/usr/share/icons/monmort.xpm
elif [ -r /usr/local/share/pixmaps/monmort.xpm ]; then icon=/usr/local/share/pixmaps/monmort.xpm
elif [ -r /usr/local/share/icons/monmort.xpm ]; then icon=/usr/local/share/icons/monmort.xpm
elif [ -r /opt/share/pixmaps/monmort.xpm ]; then icon=/opt/share/pixmaps/monmort.xpm
elif [ -r /sw/share/pixmaps/monmort.xpm ]; then icon=/sw/share/pixmaps/monmort.xpm
fi
if [ -z $1 ]; then
exec_as_user notify-send -i $icon \
-u low -h string:App:Tomb \
-h double:Version:${VERSION} \
"Tomb version $VERSION" \
"Hi, I'm the Undertaker.
Let's start setting your Crypt?"
else
exec_as_user notify-send -i $icon ${@}
fi
}
# drop privileges
exec_as_user() {
if ! [ $SUDO_USER ]; then
exec $@[@]
return $?
fi
func "executing as user '$SUDO_USER': ${(f)@}"
# which gksu > /dev/null
# if [ $? = 0 ]; then
# func "Using gksu for execution of '${(f)@}' as user $SUDO_USER"
# gksu -u $SUDO_USER "${@[@]}"
# return $?
# fi
which sudo > /dev/null
if [ $? = 0 ]; then
func "Using sudo for execution of '${(f)@}' as user $SUDO_USER"
sudo -u $SUDO_USER "${@[@]}"
return $?
else
error "Tomb requires sudo. please install it."
return 1
fi
}
# escalate privileges
check_priv() {
id | grep root > /dev/null
if [ $? != 0 ]; then
which gksu > /dev/null
if [ $? = 0 ]; then
func "Using gksu for root execution of 'tomb ${(f)ARGS}'"
gksu "tomb -q ${ARGS[@]}"
exit 0
fi
which sudo > /dev/null
if [ $? = 0 ]; then
func "Using sudo for root execution of 'tomb ${(f)ARGS}'"
sudo "tomb -q ${ARGS[@]}"
exit 0
fi
return 1
fi
return 0
}
############################
### main()
###
echo $@ | grep '\-q' 2>&1 > /dev/null
if [ $? != 0 ]; then
notice "Tomb - simple commandline tool for encrypted storage"
act "version $VERSION ($DATE) by Jaromil @ dyne.org"
fi
func "invoked with args \"${(f)@}\" "
2010-08-23 09:48:21 +00:00
func "running on `date`"
ARGS=$@[@]
OPTS=`getopt -o hvqDs:k: -n 'tomb' -- "$@"`
while true; do
case "$1" in
-h)
act ""
notice "Syntax: tomb [options] command [file] [mountpoint]"
2010-08-23 09:48:21 +00:00
act ""
notice "Options:"
act "-h print this help"
act "-v print out the version information for this tool"
act "-D print out debugging information at runtime"
act "-s size of the storage file when creating one (MB)"
2010-09-16 12:51:06 +00:00
act "-k path to the key to use for decryption"
act "-S acquire super user rights if possible"
2010-08-23 09:48:21 +00:00
act ""
notice "Commands:"
act "create create a new encrypted storage FILE and keys"
act "open open an existing tomb FILE on MOUNTPOINT"
act "close closes the tomb on MOUNTPOINT"
echo; exit 2 ;;
-v)
2010-08-23 09:48:21 +00:00
# print out the GPL license in this file
act ""
2010-08-23 09:48:21 +00:00
cat $0 | awk '
BEGIN { license=0 }
/^# This source/ { license=1 }
{ if(license==1) print " " $0 }
/MA 02139, USA.$/ { license=0 }
'
act ""
exit 0 ;;
-q) shift 1 ;;
-D) DEBUG=1; shift 1 ;;
-s) SIZE=$2; shift 2 ;;
-k) KEY=$2; shift 2 ;;
--) shift; break ;;
*) CMD=$1;
FILE=$2; MOUNT=$3; # compat with old args
CMD2=${2}; CMD3=${3}; break ;;
esac
done
2010-09-16 12:51:06 +00:00
if ! [ $CMD ]; then
error "first argument missing, use -h for help"
tomb-notify
exit 0
fi
2010-09-16 12:51:06 +00:00
func "Tomb called: $CMD $CMD2 $CMD3"
create_tomb() {
# make sure the file has a .tomb extension
FILE="${FILE%\.*}.tomb"
if [ -e "$FILE" ]; then
error "$FILE exists already. I'm not digging here."
return 1
fi
notice "Creating a new tomb"
if [ -z $SIZE ]; then
if [ $MOUNT ]; then
SIZE=$MOUNT
else
act "No size specified, summoning the Tomb Undertaker to guide us in the creation."
tomb-open &!
return 0
fi
fi
SIZE_4k=`expr $SIZE \* 1000 / 4`
act "Generating ${FILE} of ${SIZE}Mb (${SIZE_4k} blocks of 4Kb)"
$DD if=/dev/urandom bs=4k count=${SIZE_4k} of=${FILE}
if [ $? = 0 -a -e ${FILE} ]; then
act "OK: `ls -lh ${FILE}`"
else
error "Error creating the tomb ${FILE}, operation aborted."
exit 1
fi
modprobe dm-crypt
modprobe aes-i586
nstloop=`losetup -f` # get the number for next loopback device
losetup -f ${FILE} # allocates the next loopback for our file
# create the keyfile in tmpfs so that we leave less traces in RAM
keytmp=`tempfile -p tomb`
rm -f $keytmp
mkdir -p $keytmp
mount tmpfs ${keytmp} -t tmpfs -o size=1m
if [ $? != 0 ]; then
error "cannot mount tmpfs filesystem in volatile memory"
error "operation aborted."
losetup -d $nstloop
rm -r $keytmp
exit 1
fi
act "Generating secret key..."
act "this operation takes time, keep using this computer on other tasks,"
act "once done you will be asked to choose a password for your tomb."
touch ${keytmp}/tomb.tmp
chmod 0600 ${keytmp}/tomb.tmp
$DD bs=1 count=256 if=/dev/urandom of=${keytmp}/tomb.tmp
if ! [ -r ${keytmp}/tomb.tmp ]; then
error "cannot generate encryption key, operation aborted."
umount ${keytmp}
losetup -d $nstloop
rm -r $keytmp
exit 1
fi
notice "Setup your secret key file ${FILE}.gpg"
tomb-notify "The Tomb key is being forged:" "please set your password."
# here user is prompted for key password
for c in 1 2 3; do
# 3 tries to write two times a matching password
ask_password ${FILE}
scolotemp=$scolopendro
ask_password "${FILE} (again)"
if [ "$scolotemp" = "$scolopendro" ]; then
break;
fi
unset $scolotemp
unset $scolopendro
done
if [ -z $scolopendro ]; then
error "passwords don't match, aborting operation"
umount ${keytmp}
losetup -d $nstloop
rm -r $keytmp
exit 1
fi
echo "${scolopendro}" | gpg --batch --no-options --no-tty --passphrase-fd 0 \
-o "${FILE}.gpg" -c -a ${keytmp}/tomb.tmp
if [ $? = 2 ]; then
error "setting password failed: gnupg returns 2"
umount ${keytmp}
losetup -d $nstloop
rm -r $keytmp
exit 1
fi
act "formatting Luks mapped device"
# we use aes-cbc-essiv with sha256
# for security, performance and compatibility
cryptsetup --batch-mode \
--cipher aes-cbc-essiv:sha256 --key-size 256 \
luksFormat ${nstloop} ${keytmp}/tomb.tmp
if ! [ $? = 0 ]; then
act "operation aborted."
exit 0
fi
cryptsetup --key-file ${keytmp}/tomb.tmp --cipher aes luksOpen ${nstloop} tomb.tmp
${WIPE[@]} ${keytmp}/tomb.tmp
umount ${keytmp}
rm -r ${keytmp}
notice "Your tomb is ready on ${FILE} and secured with key ${FILE}.gpg"
act "Would you like to save the key on an external usb device?"
act "This is recommended for safety:"
act "always keep the key in a different place than the door!"
2011-01-29 13:26:44 +00:00
act "If you answer yes, you'll need a USB KEY now: (y/n)"
tomb-notify "Tomb has forged a key." "Would you like to save it on USB?"
echo -n " > "
read -q
if [ $? = 0 ]; then
ask_usbkey
if ! [ -e ${usbkey_mount} ]; then
error "cannot save the key in a separate place, move it yourself later."
else
mkdir -m 0700 -p ${usbkey_mount}/.tomb
cp -v ${FILE}.gpg ${usbkey_mount}/.tomb/
chmod -R go-rwx ${usbkey_mount}/.tomb
${WIPE[@]} ${FILE}.gpg
fi
fi
# cryptsetup luksDump ${nstloop}
act "formatting your Tomb with Ext4 filesystem"
mkfs.ext4 -q -F -j -L "${FILE%\.*}-`hostname`" /dev/mapper/tomb.tmp
if [ $? = 0 ]; then
act "OK, encrypted storage succesfully formatted"
else
act "error formatting Tomb"
fi
sync
cryptsetup luksClose tomb.tmp
losetup -d ${nstloop}
notice "done creating $FILE encrypted storage (using Luks dm-crypt AES/SHA256)"
tomb-notify "The Tomb is ready!" "We will now open your new Tomb for the first time."
tomb mount $FILE
}
mount_tomb() {
if ! [ $CMD2 ]; then
error "need an argument, operation aborted."
return 1
elif [ -r $CMD2 ]; then
tombfile=$CMD2
else
# try also adding a .tomb extension
tombfile="${CMD2%\.*}.tomb"
if ! [ -r $tombfile ]; then
error "cannot find a tomb named $CMD"
return 1
fi
fi
file $tombfile | grep -i 'luks encrypted.*cbc-essiv' 2>&1 >/dev/null
if [ $? != 0 ]; then
error "$CMD2 is not a valid tomb file, operation aborted"
tomb-notify "Not a tomb." "$CMD2 doesn't seems a real tomb."
return 1
fi
tombdir=`dirname $tombfile`
tombname=`echo $tombfile | cut -d. -f1`
if [ $KEY ]; then
# key manually chosen from commandline with -k
tombkey="`basename $KEY`"
tombkeypath="$KEY"
else
tombkey="`basename ${tombfile}.gpg`"
if [ -r $tombkey ]; then
tombkeypath=$tombkey
elif [ -r "$tombdir/$tombkey" ]; then
tombkeypath="$tombdir/$tombkey"
else
notice "please insert your USB KEY"
error "encryption key ${enc_key} not found on disk"
error "use -k option to specify which key to use"
error "or provide a usb key, or press ctrl-c to abort"
ask_usbkey
# returns usbkey_mount, now check if the key is there
if [ -r ${usbkey_mount}/.tomb/${tombkey} ]; then
tombkeypath=${usbkey_mount}/.tomb/${tombkey}
notice "key found on ${tombkeypath}"
else
error "key is missing, try to locate $tombkey in your files."
error "operation aborted"
return 1
fi
fi
fi
if ! [ $CMD3 ]; then
tombmount=/media/`basename ${tombfile}`
act "mountpoint not specified, using default: $tombmount"
elif ! [ -x $CMD3 ]; then
error "mountpoint $CMD2 doesn't exist, operation aborted."
return 1
else
tombmount=$CMD3
fi
notice "mounting $tombfile on mountpoint $tombmount"
# we need root from here on
mkdir -p $tombmount
nstloop=`losetup -f`
losetup -f ${tombfile}
act "check for a valid LUKS encrypted device"
cryptsetup isLuks ${nstloop}
if [ $? != 0 ]; then
# is it a LUKS encrypted nest? see cryptsetup(1)
error "$tombfile is not a valid Luks encrypted storage file"
return 1
fi
modprobe dm-crypt
modprobe aes-i586
# save date of mount in minutes since 1970
mapdate="`date +%s`"
mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
mapper="tomb.`basename $tombfile | cut -d. -f1`.$mapdate.`basename $nstloop`"
notice "Password is required for key ${tombkey}"
keyname=`basename $tombkey | cut -d. -f1`
for c in 1 2 3; do
if [ $c = 1 ]; then
ask_password ${keyname}
else
ask_password "$keyname (retry $c)"
fi
echo "${scolopendro}" \
| gpg --batch --passphrase-fd 0 --no-tty --no-options \
-d "${tombkeypath}" 2>/dev/null \
| cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
unset scolopendro
if [ -r /dev/mapper/${mapper} ]; then
break; # password was correct
fi
done
if ! [ -r /dev/mapper/${mapper} ]; then
error "failure mounting the encrypted file"
losetup -d ${nstloop}
return 1
fi
act "encrypted storage filesystem check"
fsck -p -C0 /dev/mapper/${mapper}
mount -o rw,noatime,nodev /dev/mapper/${mapper} ${tombmount}
# Ensure the user can write the disk - 10x Hellekin :)
ME=${SUDO_USER:-$(whoami)}
chmod 0750 ${tombmount}
chown $(id -u $ME):$(id -g $ME) ${tombmount}
notice "encrypted storage $tombfile succesfully mounted on $tombmount"
exec_as_user tomb-status ${mapper} ${tombfile} ${tombmount} &!
return 0
}
umount_tomb() {
if ! [ $1 ]; then
how_many_tombs="`find /dev/mapper -name 'tomb.*' | wc -w`"
if [ "$how_many_tombs" = "0" ]; then
error "there is no open tomb to be closed"
return 1
elif [ "$how_many_tombs" = "1" ]; then
mapper=`find /dev/mapper -name 'tomb.*'`
tombfile=`mount | grep $mapper | awk '{print $3}'`
else
error "too many tombs mounted, please specify which to unmount:"
ls /dev/mapper/tomb.*
error "or issue the command 'tomb close all' to clos'em all."
return 1
fi
fi
if [ "$1" = "all" ]; then
tombs=`find /dev/mapper -name 'tomb.*'`
if ! [ $tombs ]; then
error "Tombs are all closed, cemetery is quiet."
return 1
fi
for t in ${(f)tombs}; do
umount_tomb ${t}
done
return 0
fi
if [ -r "$1" ]; then # accepts relative and absolute path
mapper="$1"
elif [ -r /dev/mapper/${1} ]; then
mapper=/dev/mapper/${1}
else
error "tomb not found: $1"
error "please specify an existing /dev/mapper/tomb.*"
tomb-notify "My tomb vanished" "Crypto undertaker will rest in peace."
return 0
fi
basemap=`basename $mapper`
tombname=`echo ${basemap} | cut -d. -f2`
act "closing tomb $tombname on dm-crypt $basemap"
mount | grep $mapper 2>&1 >/dev/null
if [ $? = 0 ]; then # still mounted
errno=`umount ${mapper}`
if ! [ $? = 0 ]; then
tomb-notify "Tomb '$tombname' is too busy." \
"Close all applications and file managers, then try again."
return 1
fi
fi
cryptsetup luksClose $basemap
if ! [ $? = 0 ]; then
error "error occurred in cryptsetup luksClose ${basemap}"
return 1
fi
losetup -d "/dev/`echo $basemap | cut -d. -f4`"
2010-08-23 09:48:21 +00:00
notice "crypt storage ${mapper} unmounted"
tomb-notify "Tomb closed: $tombname" "Your bones will Rest In Peace."
return 0
}
# install mime-types, bells and whistles for the desktop
# see http://developers.sun.com/solaris/articles/integrating_gnome.html
# and freedesktop specs
install_tomb() {
# TODO: distro package deps (for binary)
# debian: zsh, cryptsetup, libgtk2.0-0, libnotify-bin
act "updating mimetypes..."
cat <<EOF > /tmp/dyne-tomb.xml
<?xml version="1.0"?>
<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'>
<mime-type type="application/x-tomb-volume">
<comment>Tomb encrypted volume</comment>
<glob pattern="*.tomb"/>
</mime-type>
<mime-type type="application/x-tomb-key">
<comment>Tomb crypto key</comment>
<glob pattern="*.tomb.gpg"/>
</mime-type>
</mime-info>
EOF
xdg-mime install /tmp/dyne-tomb.xml
xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort
xdg-icon-resource install --size 32 monmort.xpm dyne-monmort
rm /tmp/dyne-tomb.xml
act "updating desktop..."
cat <<EOF > /usr/share/applications/tomb.desktop
[Desktop Entry]
Version=1.0
Type=Application
Name=Tomb crypto undertaker
GenericName=Crypto undertaker
Comment=Keep your bones safe
Exec=tomb-open %U
TryExec=tomb-open
Icon=monmort.xpm
Terminal=false
Categories=Utility;Security;Archiving;Filesystem;
MimeType=application/x-tomb-volume;
2011-01-29 13:45:03 +00:00
X-AppInstall-Package=tomb
EOF
update-desktop-database
act "updating menus..."
cat <<EOF > /etc/menu/tomb
?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="cryptsetup" \
section="Applications/Accessories" title="Tomb" hints="Crypto" \
hotkey="Tomb"
EOF
update-menus
act "updating mime info..."
cat <<EOF > /usr/share/mime-info/tomb.keys
# actions for encrypted tomb storage
application/x-tomb-volume:
open=tomb-open %f
view=tomb-open %f
icon-filename=monmort.xpm
short_list_application_ids_for_novice_user_level=tomb
EOF
cat <<EOF > /usr/share/mime-info/tomb.mime
# mime type for encrypted tomb storage
application/x-tomb-volume
ext: tomb
application/x-tomb-key
ext: tomb.gpg
EOF
cat <<EOF > /usr/lib/mime/packages/tomb
application/x-tomb-volume; tomb-open '%s'; priority=8
EOF
update-mime
act "updating application entry..."
cat <<EOF > /usr/share/application-registry/tomb.applications
tomb
command=tomb-open
name=Tomb - Crypto Undertaker
can_open_multiple_files=false
expects_uris=false
requires_terminal=false
mime-types=application/x-tomb-volume,application/x-tomb-key
EOF
act "Tomb is now installed."
}
kill_tomb() {
# TODO: fixME - should close all tombs
umount /tmp/tomb* 2>&1 > /dev/null
# todo check which are tomb loops
losetup -d /dev/loop* 2>&1 > /dev/null
statuses=`ps ax| grep -v awk | awk "/tomb-status.$basemap/"' { print $1 }'`
for ts in ${(f)statuses}; do
kill $ts
done
}
case "$CMD" in
create) check_priv ; create_tomb ;;
mount) check_priv ; mount_tomb ;;
open) check_priv ; mount_tomb ;;
umount) check_priv ; umount_tomb ${CMD2} ;;
unmount) check_priv ; umount_tomb ${CMD2} ;;
close) check_priv ; umount_tomb ${CMD2} ;;
install) check_priv ; install_tomb ;;
kill) check_priv ; kill_tomb ;;
status) tomb-status ;;
notify) tomb-notify $CMD2 $CMD3 ;;
*) error "command \"$CMD\" not recognized"
act "try -h for help"
exit 1
;;
esac
# return codes from called functions
exit $?