fixes to key password handling

refactoring of the code using ask_key_password for better support
of dev-mode password supplied from CLI. This also fixes all uses of
passwd command to change a key's password.
This commit is contained in:
Jaromil 2014-06-08 19:33:35 +02:00
parent ba9d7e03fc
commit 052a86de0c

241
tomb
View File

@ -533,11 +533,11 @@ check_bin() {
# {{{ Key operations # {{{ Key operations
# This function retrieves a tomb key specified on commandline or one # This function retrieves a tomb key specified on commandline or from
# laying nearby the tomb if found, or from stdin if the option was # stdin if -k - was selected. It also runs validity checks on the
# selected. It also runs validity checks on the file. Callers should # file. Callers should always use drop_key() when done with all key
# always use drop_key() when done with all key operations. # operations. On success returns 0 and prints out the full path to
# On success returns 0 and prints out the full path to the key # the key.
load_key() { load_key() {
# take the name of a tomb file as argument # take the name of a tomb file as argument
if option_is_set -k ; then if option_is_set -k ; then
@ -587,21 +587,12 @@ load_key() {
# it against the return code of gpg on success returns 0 and prints # it against the return code of gpg on success returns 0 and prints
# the password (be careful about where you save it!) # the password (be careful about where you save it!)
ask_key_password() { ask_key_password() {
tombkey="$1" local tombkey="$1"
local keyname=`basename $tombkey` local keyname=`basename $tombkey`
_message "A password is required to use key ${keyname}" _message "A password is required to use key ${keyname}"
local passok=0 local passok=0
local tombpass="" local tombpass=""
if option_is_set --tomb-pwd; then if [ "$2" = "" ]; then
tombpass=`option_value --tomb-pwd`
_verbose "ask_key_password takes tombpass from CLI argument: $tombpass"
get_lukskey "$tombpass" ${tombkey} >/dev/null
if [ $? = 0 ]; then
passok=1; _message "Password OK."; fi
else
for c in 1 2 3; do for c in 1 2 3; do
if [ $c = 1 ]; then if [ $c = 1 ]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
@ -613,18 +604,29 @@ ask_key_password() {
return 1 return 1
fi fi
get_lukskey "$tombpass" ${tombkey} >/dev/null get_lukskey "$tombpass" "$tombkey" >/dev/null
if [ $? = 0 ]; then if [ $? = 0 ]; then
passok=1; _message "Password OK." passok=1; _message "Password OK."
break; break;
fi fi
done done
else
# if a second argument is present then the password is already known
tombpass="$2"
_verbose "ask_key_password with tombpass: $tombpass"
get_lukskey "$tombpass" "$tombkey" >/dev/null
if [ $? = 0 ]; then
passok=1; _message "Password OK."; fi
fi fi
{ test "$passok" = "1" } || { return 1 } { test "$passok" = "1" } || { return 1 }
print "$tombpass" print "$tombpass"
unset $tombpass unset tombpass
return 0 return 0
} }
@ -633,20 +635,7 @@ change_passwd() {
_message "Commanded to change password for tomb key $1" _message "Commanded to change password for tomb key $1"
_check_swap _check_swap
local keyfile="$1" # $1 is the tomb key path keyfile="`load_key`"
# check the keyfile
if ! [ -r $keyfile ]; then
_warning "Key not found: $keyfile"
return 1
fi
if ! is_valid_key $keyfile ; then
_warning "File doesn't seems to be a tomb key: $keyfile"
_warning "Operation aborted."
return 1
fi
local tmpnewkey lukskey c tombpass tombpasstmp local tmpnewkey lukskey c tombpass tombpasstmp
@ -655,38 +644,49 @@ change_passwd() {
_success "Changing password for $keyfile" _success "Changing password for $keyfile"
tombpass=`ask_key_password $keyfile`
if option_is_set --tomb-old-pwd; then
tomb_old_pwd="`option_value --tomb-old-pwd`"
_verbose "--tomb-old-pwd = $tomb_old_pwd"
tombpass=`ask_key_password "$keyfile" "$tomb_old_pwd"`
else
tombpass=`ask_key_password "$keyfile"`
fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
get_lukskey "${tombpass}" ${keyfile} > ${lukskey}; # danger zone in which the key is written in clear
get_lukskey "$tombpass" "$keyfile" > "$lukskey"
drop_key drop_key
{ if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_new_pwd"
gen_key "$lukskey" "$tomb_new_pwd" > "$tmpnewkey"
else
gen_key "$lukskey" > "$tmpnewkey"
fi
local algo ${=WIPE} "$lukskey"
{ option_is_set -o } && { algopt="`option_value -o`" }
gen_key $lukskey $algopt > ${tmpnewkey} if ! is_valid_key "$tmpnewkey"; then
_failure "Error: the newly generated keyfile does not seem valid."
else
# copy the new key as the original keyfile name
cp -f "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
if ! is_valid_key $tmpnewkey; then fi
_failure "Error: the newly generated keyfile does not seem valid."
else _verbose "Cleanup: $tmpnewkey"
# copy the new key as the original keyfile name ${=WIPE} "${tmpnewkey}"
cp "${tmpnewkey}" "${keyfile}"
_success "Your passphrase was successfully updated."
fi
} always {
_verbose "Cleanup: $tmpnewkey $lukskey"
# wipe all temp file
${=WIPE} "${tmpnewkey}"
${=WIPE} "${lukskey}"
}
return $?
} }
# To be called after load_key() # To be called after load_key()
drop_key() { drop_key() {
_verbose "drop_key $tombkey" _verbose "drop_key $tombkey"
@ -802,14 +802,16 @@ gen_key() {
# $1 the lukskey to encrypt # $1 the lukskey to encrypt
# $2 is the --cipher-algo to use (string taken by GnuPG) # $2 is the --cipher-algo to use (string taken by GnuPG)
local lukskey="$1" local lukskey="$1"
local algo="${2:-AES256}" local algopt="`option_value -o`"
local algo="${algopt:-AES256}"
# here user is prompted for key password # here user is prompted for key password
local tombpass="" local tombpass=""
local tombpasstmp="" local tombpasstmp=""
if ! option_is_set --tomb-pwd; then local tombpassarg="$2"
if [ "$tombpassarg" = "" ]; then
while true; do while true; do
# 3 tries to write two times a matching password # 3 tries to write two times a matching password
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
_failure "User aborted." _failure "User aborted."
fi fi
@ -818,7 +820,7 @@ gen_key() {
continue continue
fi fi
tombpasstmp=$tombpass tombpasstmp=$tombpass
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
_failure "User aborted." _failure "User aborted."
fi fi
@ -829,7 +831,7 @@ gen_key() {
unset tombpass unset tombpass
done done
else else
tombpass="`option_value --tomb-pwd`" tombpass="$tombpassarg"
_verbose "gen_key takes tombpass from CLI argument: $tombpass" _verbose "gen_key takes tombpass from CLI argument: $tombpass"
fi fi
@ -888,24 +890,32 @@ BEGIN { ciphers=0 }
# Steganographic function to bury a key inside an image. # Steganographic function to bury a key inside an image.
# Requires steghide(1) to be installed # Requires steghide(1) to be installed
bury_key() { bury_key() {
tombkey="`option_value -k`" tombkey="`load_key`"
{ test "$tombkey" = "" } && {
_failure "Bury failed: invalid key $tombkey" }
imagefile=$1 imagefile=$1
{ is_valid_key ${tombkey} } || { file $imagefile | grep -i JPEG > /dev/null
_failure "Bury failed: not a tomb key $tombkey" }
file $imagefile | grep JPEG > /dev/null
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encode failed: $imagefile is not a jpeg image." _warning "Encode failed: $imagefile is not a jpeg image."
return 1 return 1
fi fi
_success "Encoding key $tombkey inside image $imagefile" _success "Encoding key $tombkey inside image $imagefile"
_message "Please confirm the key password for the encoding" _message "Please confirm the key password for the encoding"
tombpass=`ask_key_password $tombkey`
if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd"
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
else
tombpass=`ask_key_password "$tombkey"`
fi
{ test $? = 0 } || { { test $? = 0 } || {
_warning "Wrong password supplied." drop_key
_failure "You shall not bury a key whose password is unknown to you." _warning "Wrong password supplied."
_failure "You shall not bury a key whose password is unknown to you."
} }
# we omit armor strings since having them as constants can give # we omit armor strings since having them as constants can give
@ -918,27 +928,28 @@ bury_key() {
| steghide embed --embedfile - --coverfile ${imagefile} \ | steghide embed --embedfile - --coverfile ${imagefile} \
-p ${tombpass} -z 9 -e serpent cbc -p ${tombpass} -z 9 -e serpent cbc
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems." _warning "Encoding error: steghide reports problems."
res=1 res=1
else else
_success "Tomb key encoded succesfully into image ${imagefile}" _success "Tomb key encoded succesfully into image ${imagefile}"
res=0 res=0
fi fi
unset tombpass unset tombpass
drop_key
return $res return $res
} }
# Steganographic function to exhume a key buries into an image
exhume_key() { exhume_key() {
tombkey="`option_value -k`" tombkey="`option_value -k`"
imagefile=$1 { test "$tombkey" = "" } && { tombkey=stdout }
imagefile="$1"
res=1 res=1
file $imagefile | grep JPEG > /dev/null file $imagefile | grep -i JPEG > /dev/null
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encode failed: $imagefile is not a jpeg image." _failure "Encode failed: $imagefile is not a jpeg image."
return 1
fi fi
if [[ -e "$tombkey" ]]; then if [[ -e "$tombkey" ]]; then
@ -952,12 +963,17 @@ exhume_key() {
_message "Trying to exhume a key out of image $imagefile" _message "Trying to exhume a key out of image $imagefile"
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd` tombpass="`option_value --tomb-pwd`"
_verbose "ask_key_password takes tombpass from CLI argument: $tombpass" _verbose "--tomb-pwd = $tombpass"
else else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Steg password for ${tombkey}"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
if [[ $? != 0 ]]; then
_warning "User aborted password dialog."
return 1
fi
fi fi
# always steghide required
# always steghide required
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${tombkey} steghide extract -sf ${imagefile} -p ${tombpass} -xf ${tombkey}
res=$? res=$?
@ -965,18 +981,18 @@ exhume_key() {
if [ $res = 0 ]; then if [ $res = 0 ]; then
_success "${tombkey} succesfully decoded." _success "${tombkey} succesfully decoded."
return 0 else
_warning "Nothing found in $imagefile"
fi fi
_warning "Nothing found in $imagefile" return $res
return 1
} }
# Produces a printable image of the key contents so that it can be # Produces a printable image of the key contents so that it can be
# backuped on paper and hidden in books etc. # backuped on paper and hidden in books etc.
engrave_key() { engrave_key() {
# load key from options # load key from options
tombkey="`load_key $1`" tombkey="`load_key`"
{ test $? = 0 } || { _failure "No key specified." } { test $? = 0 } || { _failure "No key specified." }
keyname=`basename $tombkey` keyname=`basename $tombkey`
pngname="$keyname.qr.png" pngname="$keyname.qr.png"
@ -992,6 +1008,7 @@ engrave_key() {
_success "Operation successful:" _success "Operation successful:"
_message "`ls -lh $pngname`" _message "`ls -lh $pngname`"
_message "`file $pngname`" _message "`file $pngname`"
drop_key
} }
# }}} - Key handling # }}} - Key handling
@ -1078,7 +1095,14 @@ forge_key() {
tombname="$tombkey" tombname="$tombkey"
# the gen_key() function takes care of the new key's encryption # the gen_key() function takes care of the new key's encryption
gen_key "${keytmp}/tomb.tmp" "$algo" > ${tombkey} if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_new_pwd"
gen_key "${keytmp}/tomb.tmp" "$tomb_new_pwd" > "$tombkey"
else
gen_key "${keytmp}/tomb.tmp" > "$tombkey"
fi
# this does a check on the file header # this does a check on the file header
if ! is_valid_key ${tombkey}; then if ! is_valid_key ${tombkey}; then
_warning "The key does not seem to be valid." _warning "The key does not seem to be valid."
@ -1170,12 +1194,12 @@ lock_tomb_with_key() {
return 1 return 1
fi fi
tombfile="$1" tombpath="$1"
_message "Commanded to lock tomb ${tombfile}" _message "Commanded to lock tomb ${tombfile}"
tombdir=`dirname $1` tombdir=`dirname "$tombpath"`
tombfile=`basename $1` tombfile=`basename "$tombpath"`
tombname=${tombfile%%\.*} tombname="${tombfile%%\.*}"
{ test -f ${tombdir}/${tombfile} } || { { test -f ${tombdir}/${tombfile} } || {
_failure "There is no tomb here. You have to it dig first." _failure "There is no tomb here. You have to it dig first."
@ -1200,10 +1224,10 @@ lock_tomb_with_key() {
fi fi
# load key from options or file # load key from options or file
tombkey=`load_key ${tombdir}/${tombfile}` tombkey=`load_key`
{ test $? = 0 } || { { test $? = 0 } || {
losetup -d $nstloop losetup -d $nstloop
_failure "Aborting operations: error loading key $tombkey" } _failure "Aborting operations: error loading key." }
# make sure to call drop_key later # make sure to call drop_key later
# the encryption cipher for a tomb can be set when locking using -o # the encryption cipher for a tomb can be set when locking using -o
@ -1217,7 +1241,13 @@ lock_tomb_with_key() {
_message "Locking using cipher: $cipher" _message "Locking using cipher: $cipher"
# get the pass from the user and check it # get the pass from the user and check it
tombpass=`ask_key_password "$tombkey"` if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd"
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
else
tombpass=`ask_key_password "$tombkey"`
fi
{ test $? = 0 } || { { test $? = 0 } || {
losetup -d ${nstloop} losetup -d ${nstloop}
_failure "No valid password supplied." } _failure "No valid password supplied." }
@ -1318,6 +1348,11 @@ change_tomb_key() {
newkeyfile="`safe_filename newkey`" newkeyfile="`safe_filename newkey`"
get_lukskey "$newkeypass" "$newkey" > $newkeyfile get_lukskey "$newkeypass" "$newkey" > $newkeyfile
# honor the -tomb-old-pwd by setting it to --tomb-pwd for the next
# ask_key_password
{ option_is_set --tomb-old-pwd} && {
${opts["--tomb-pwd"]}="`option_value --tomb-old-pwd`" }
# load the old key # load the old key
oldkeypass="`ask_key_password $oldkey`" oldkeypass="`ask_key_password $oldkey`"
{ test $? = 0 } || { { test $? = 0 } || {
@ -1482,7 +1517,13 @@ mount_tomb() {
_verbose "Tomb key: $tombkey" _verbose "Tomb key: $tombkey"
keyname=`basename $tombkey | cut -d. -f1` keyname=`basename $tombkey | cut -d. -f1`
tombpass=`ask_key_password $tombkey` if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd"
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
else
tombpass=`ask_key_password "$tombkey"`
fi
{ test $? = 0 } || { { test $? = 0 } || {
losetup -d ${nstloop} losetup -d ${nstloop}
_failure "No valid password supplied." } _failure "No valid password supplied." }
@ -2005,7 +2046,13 @@ resize_tomb() {
{ test $? = 0 } || { { test $? = 0 } || {
_failure "Error creating the extra resize $tmp_resize, operation aborted." } _failure "Error creating the extra resize $tmp_resize, operation aborted." }
tombpass=`ask_key_password $tombkey` if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd"
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
else
tombpass=`ask_key_password "$tombkey"`
fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
@ -2221,10 +2268,10 @@ main() {
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom " subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
subcommands_opts[dig]="f -force -ignore-swap s: -size=s " subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
subcommands_opts[lock]="f -force -ignore-swap k: -key=k o: -sudo-pwd: -tomb-pwd: " subcommands_opts[lock]="f -force -ignore-swap k: -key=k o: -sudo-pwd: -tomb-pwd: "
subcommands_opts[setkey]="f -force -ignore-swap k: -key=k -sudo-pwd: -tomb-pwd: " subcommands_opts[setkey]="k: -key=k f -force -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
subcommands_opts[engrave]="k: -key=k " subcommands_opts[engrave]="k: -key=k -tomb-pwd: "
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: " subcommands_opts[passwd]="k: -key=k f -force -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
subcommands_opts[close]="-sudo-pwd: " subcommands_opts[close]="-sudo-pwd: "
subcommands_opts[help]="" subcommands_opts[help]=""
subcommands_opts[slam]="" subcommands_opts[slam]=""