mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
fixes to key password handling
refactoring of the code using ask_key_password for better support of dev-mode password supplied from CLI. This also fixes all uses of passwd command to change a key's password.
This commit is contained in:
parent
ba9d7e03fc
commit
052a86de0c
215
tomb
215
tomb
@ -533,11 +533,11 @@ check_bin() {
|
||||
|
||||
# {{{ Key operations
|
||||
|
||||
# This function retrieves a tomb key specified on commandline or one
|
||||
# laying nearby the tomb if found, or from stdin if the option was
|
||||
# selected. It also runs validity checks on the file. Callers should
|
||||
# always use drop_key() when done with all key operations.
|
||||
# On success returns 0 and prints out the full path to the key
|
||||
# This function retrieves a tomb key specified on commandline or from
|
||||
# stdin if -k - was selected. It also runs validity checks on the
|
||||
# file. Callers should always use drop_key() when done with all key
|
||||
# operations. On success returns 0 and prints out the full path to
|
||||
# the key.
|
||||
load_key() {
|
||||
# take the name of a tomb file as argument
|
||||
if option_is_set -k ; then
|
||||
@ -587,21 +587,12 @@ load_key() {
|
||||
# it against the return code of gpg on success returns 0 and prints
|
||||
# the password (be careful about where you save it!)
|
||||
ask_key_password() {
|
||||
tombkey="$1"
|
||||
local tombkey="$1"
|
||||
local keyname=`basename $tombkey`
|
||||
_message "A password is required to use key ${keyname}"
|
||||
local passok=0
|
||||
local tombpass=""
|
||||
if option_is_set --tomb-pwd; then
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
_verbose "ask_key_password takes tombpass from CLI argument: $tombpass"
|
||||
|
||||
get_lukskey "$tombpass" ${tombkey} >/dev/null
|
||||
|
||||
if [ $? = 0 ]; then
|
||||
passok=1; _message "Password OK."; fi
|
||||
|
||||
else
|
||||
if [ "$2" = "" ]; then
|
||||
for c in 1 2 3; do
|
||||
if [ $c = 1 ]; then
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
||||
@ -613,18 +604,29 @@ ask_key_password() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
get_lukskey "$tombpass" ${tombkey} >/dev/null
|
||||
get_lukskey "$tombpass" "$tombkey" >/dev/null
|
||||
|
||||
if [ $? = 0 ]; then
|
||||
passok=1; _message "Password OK."
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
||||
else
|
||||
# if a second argument is present then the password is already known
|
||||
tombpass="$2"
|
||||
_verbose "ask_key_password with tombpass: $tombpass"
|
||||
|
||||
get_lukskey "$tombpass" "$tombkey" >/dev/null
|
||||
|
||||
if [ $? = 0 ]; then
|
||||
passok=1; _message "Password OK."; fi
|
||||
|
||||
fi
|
||||
|
||||
{ test "$passok" = "1" } || { return 1 }
|
||||
print "$tombpass"
|
||||
unset $tombpass
|
||||
unset tombpass
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -633,20 +635,7 @@ change_passwd() {
|
||||
_message "Commanded to change password for tomb key $1"
|
||||
_check_swap
|
||||
|
||||
local keyfile="$1" # $1 is the tomb key path
|
||||
|
||||
|
||||
# check the keyfile
|
||||
if ! [ -r $keyfile ]; then
|
||||
_warning "Key not found: $keyfile"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! is_valid_key $keyfile ; then
|
||||
_warning "File doesn't seems to be a tomb key: $keyfile"
|
||||
_warning "Operation aborted."
|
||||
return 1
|
||||
fi
|
||||
keyfile="`load_key`"
|
||||
|
||||
local tmpnewkey lukskey c tombpass tombpasstmp
|
||||
|
||||
@ -655,38 +644,49 @@ change_passwd() {
|
||||
|
||||
_success "Changing password for $keyfile"
|
||||
|
||||
tombpass=`ask_key_password $keyfile`
|
||||
|
||||
if option_is_set --tomb-old-pwd; then
|
||||
tomb_old_pwd="`option_value --tomb-old-pwd`"
|
||||
_verbose "--tomb-old-pwd = $tomb_old_pwd"
|
||||
tombpass=`ask_key_password "$keyfile" "$tomb_old_pwd"`
|
||||
else
|
||||
tombpass=`ask_key_password "$keyfile"`
|
||||
fi
|
||||
|
||||
{ test $? = 0 } || {
|
||||
_failure "No valid password supplied." }
|
||||
|
||||
get_lukskey "${tombpass}" ${keyfile} > ${lukskey};
|
||||
# danger zone in which the key is written in clear
|
||||
|
||||
get_lukskey "$tombpass" "$keyfile" > "$lukskey"
|
||||
|
||||
drop_key
|
||||
|
||||
{
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_new_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_new_pwd"
|
||||
gen_key "$lukskey" "$tomb_new_pwd" > "$tmpnewkey"
|
||||
else
|
||||
gen_key "$lukskey" > "$tmpnewkey"
|
||||
fi
|
||||
|
||||
local algo
|
||||
{ option_is_set -o } && { algopt="`option_value -o`" }
|
||||
${=WIPE} "$lukskey"
|
||||
|
||||
gen_key $lukskey $algopt > ${tmpnewkey}
|
||||
|
||||
if ! is_valid_key $tmpnewkey; then
|
||||
if ! is_valid_key "$tmpnewkey"; then
|
||||
_failure "Error: the newly generated keyfile does not seem valid."
|
||||
else
|
||||
# copy the new key as the original keyfile name
|
||||
cp "${tmpnewkey}" "${keyfile}"
|
||||
cp -f "${tmpnewkey}" "${keyfile}"
|
||||
_success "Your passphrase was successfully updated."
|
||||
fi
|
||||
} always {
|
||||
_verbose "Cleanup: $tmpnewkey $lukskey"
|
||||
# wipe all temp file
|
||||
${=WIPE} "${tmpnewkey}"
|
||||
${=WIPE} "${lukskey}"
|
||||
}
|
||||
|
||||
return $?
|
||||
fi
|
||||
|
||||
_verbose "Cleanup: $tmpnewkey"
|
||||
${=WIPE} "${tmpnewkey}"
|
||||
|
||||
}
|
||||
|
||||
|
||||
# To be called after load_key()
|
||||
drop_key() {
|
||||
_verbose "drop_key $tombkey"
|
||||
@ -802,14 +802,16 @@ gen_key() {
|
||||
# $1 the lukskey to encrypt
|
||||
# $2 is the --cipher-algo to use (string taken by GnuPG)
|
||||
local lukskey="$1"
|
||||
local algo="${2:-AES256}"
|
||||
local algopt="`option_value -o`"
|
||||
local algo="${algopt:-AES256}"
|
||||
# here user is prompted for key password
|
||||
local tombpass=""
|
||||
local tombpasstmp=""
|
||||
if ! option_is_set --tomb-pwd; then
|
||||
local tombpassarg="$2"
|
||||
if [ "$tombpassarg" = "" ]; then
|
||||
while true; do
|
||||
# 3 tries to write two times a matching password
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname}"`
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
@ -818,7 +820,7 @@ gen_key() {
|
||||
continue
|
||||
fi
|
||||
tombpasstmp=$tombpass
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Secure key for ${tombname} (again)"`
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_failure "User aborted."
|
||||
fi
|
||||
@ -829,7 +831,7 @@ gen_key() {
|
||||
unset tombpass
|
||||
done
|
||||
else
|
||||
tombpass="`option_value --tomb-pwd`"
|
||||
tombpass="$tombpassarg"
|
||||
_verbose "gen_key takes tombpass from CLI argument: $tombpass"
|
||||
fi
|
||||
|
||||
@ -888,13 +890,13 @@ BEGIN { ciphers=0 }
|
||||
# Steganographic function to bury a key inside an image.
|
||||
# Requires steghide(1) to be installed
|
||||
bury_key() {
|
||||
tombkey="`option_value -k`"
|
||||
tombkey="`load_key`"
|
||||
{ test "$tombkey" = "" } && {
|
||||
_failure "Bury failed: invalid key $tombkey" }
|
||||
|
||||
imagefile=$1
|
||||
|
||||
{ is_valid_key ${tombkey} } || {
|
||||
_failure "Bury failed: not a tomb key $tombkey" }
|
||||
|
||||
file $imagefile | grep JPEG > /dev/null
|
||||
file $imagefile | grep -i JPEG > /dev/null
|
||||
if [ $? != 0 ]; then
|
||||
_warning "Encode failed: $imagefile is not a jpeg image."
|
||||
return 1
|
||||
@ -902,8 +904,16 @@ bury_key() {
|
||||
|
||||
_success "Encoding key $tombkey inside image $imagefile"
|
||||
_message "Please confirm the key password for the encoding"
|
||||
tombpass=`ask_key_password $tombkey`
|
||||
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_pwd"
|
||||
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
|
||||
else
|
||||
tombpass=`ask_key_password "$tombkey"`
|
||||
fi
|
||||
{ test $? = 0 } || {
|
||||
drop_key
|
||||
_warning "Wrong password supplied."
|
||||
_failure "You shall not bury a key whose password is unknown to you."
|
||||
}
|
||||
@ -926,19 +936,20 @@ bury_key() {
|
||||
fi
|
||||
|
||||
unset tombpass
|
||||
drop_key
|
||||
|
||||
return $res
|
||||
}
|
||||
# Steganographic function to exhume a key buries into an image
|
||||
exhume_key() {
|
||||
tombkey="`option_value -k`"
|
||||
imagefile=$1
|
||||
{ test "$tombkey" = "" } && { tombkey=stdout }
|
||||
|
||||
imagefile="$1"
|
||||
res=1
|
||||
|
||||
file $imagefile | grep JPEG > /dev/null
|
||||
file $imagefile | grep -i JPEG > /dev/null
|
||||
if [ $? != 0 ]; then
|
||||
_warning "Encode failed: $imagefile is not a jpeg image."
|
||||
return 1
|
||||
_failure "Encode failed: $imagefile is not a jpeg image."
|
||||
fi
|
||||
|
||||
if [[ -e "$tombkey" ]]; then
|
||||
@ -952,11 +963,16 @@ exhume_key() {
|
||||
|
||||
_message "Trying to exhume a key out of image $imagefile"
|
||||
if option_is_set --tomb-pwd; then
|
||||
tombpass=`option_value --tomb-pwd`
|
||||
_verbose "ask_key_password takes tombpass from CLI argument: $tombpass"
|
||||
tombpass="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tombpass"
|
||||
else
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Steg password for ${tombkey}"`
|
||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
|
||||
if [[ $? != 0 ]]; then
|
||||
_warning "User aborted password dialog."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# always steghide required
|
||||
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${tombkey}
|
||||
res=$?
|
||||
@ -965,18 +981,18 @@ exhume_key() {
|
||||
|
||||
if [ $res = 0 ]; then
|
||||
_success "${tombkey} succesfully decoded."
|
||||
return 0
|
||||
else
|
||||
_warning "Nothing found in $imagefile"
|
||||
fi
|
||||
|
||||
_warning "Nothing found in $imagefile"
|
||||
return 1
|
||||
return $res
|
||||
}
|
||||
|
||||
# Produces a printable image of the key contents so that it can be
|
||||
# backuped on paper and hidden in books etc.
|
||||
engrave_key() {
|
||||
# load key from options
|
||||
tombkey="`load_key $1`"
|
||||
tombkey="`load_key`"
|
||||
{ test $? = 0 } || { _failure "No key specified." }
|
||||
keyname=`basename $tombkey`
|
||||
pngname="$keyname.qr.png"
|
||||
@ -992,6 +1008,7 @@ engrave_key() {
|
||||
_success "Operation successful:"
|
||||
_message "`ls -lh $pngname`"
|
||||
_message "`file $pngname`"
|
||||
drop_key
|
||||
}
|
||||
|
||||
# }}} - Key handling
|
||||
@ -1078,7 +1095,14 @@ forge_key() {
|
||||
|
||||
tombname="$tombkey"
|
||||
# the gen_key() function takes care of the new key's encryption
|
||||
gen_key "${keytmp}/tomb.tmp" "$algo" > ${tombkey}
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_new_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_new_pwd"
|
||||
gen_key "${keytmp}/tomb.tmp" "$tomb_new_pwd" > "$tombkey"
|
||||
else
|
||||
gen_key "${keytmp}/tomb.tmp" > "$tombkey"
|
||||
fi
|
||||
|
||||
# this does a check on the file header
|
||||
if ! is_valid_key ${tombkey}; then
|
||||
_warning "The key does not seem to be valid."
|
||||
@ -1170,12 +1194,12 @@ lock_tomb_with_key() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
tombfile="$1"
|
||||
tombpath="$1"
|
||||
_message "Commanded to lock tomb ${tombfile}"
|
||||
|
||||
tombdir=`dirname $1`
|
||||
tombfile=`basename $1`
|
||||
tombname=${tombfile%%\.*}
|
||||
tombdir=`dirname "$tombpath"`
|
||||
tombfile=`basename "$tombpath"`
|
||||
tombname="${tombfile%%\.*}"
|
||||
|
||||
{ test -f ${tombdir}/${tombfile} } || {
|
||||
_failure "There is no tomb here. You have to it dig first."
|
||||
@ -1200,10 +1224,10 @@ lock_tomb_with_key() {
|
||||
fi
|
||||
|
||||
# load key from options or file
|
||||
tombkey=`load_key ${tombdir}/${tombfile}`
|
||||
tombkey=`load_key`
|
||||
{ test $? = 0 } || {
|
||||
losetup -d $nstloop
|
||||
_failure "Aborting operations: error loading key $tombkey" }
|
||||
_failure "Aborting operations: error loading key." }
|
||||
# make sure to call drop_key later
|
||||
|
||||
# the encryption cipher for a tomb can be set when locking using -o
|
||||
@ -1217,7 +1241,13 @@ lock_tomb_with_key() {
|
||||
_message "Locking using cipher: $cipher"
|
||||
|
||||
# get the pass from the user and check it
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_pwd"
|
||||
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
|
||||
else
|
||||
tombpass=`ask_key_password "$tombkey"`
|
||||
fi
|
||||
{ test $? = 0 } || {
|
||||
losetup -d ${nstloop}
|
||||
_failure "No valid password supplied." }
|
||||
@ -1318,6 +1348,11 @@ change_tomb_key() {
|
||||
newkeyfile="`safe_filename newkey`"
|
||||
get_lukskey "$newkeypass" "$newkey" > $newkeyfile
|
||||
|
||||
# honor the -tomb-old-pwd by setting it to --tomb-pwd for the next
|
||||
# ask_key_password
|
||||
{ option_is_set --tomb-old-pwd} && {
|
||||
${opts["--tomb-pwd"]}="`option_value --tomb-old-pwd`" }
|
||||
|
||||
# load the old key
|
||||
oldkeypass="`ask_key_password $oldkey`"
|
||||
{ test $? = 0 } || {
|
||||
@ -1482,7 +1517,13 @@ mount_tomb() {
|
||||
_verbose "Tomb key: $tombkey"
|
||||
keyname=`basename $tombkey | cut -d. -f1`
|
||||
|
||||
tombpass=`ask_key_password $tombkey`
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_pwd"
|
||||
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
|
||||
else
|
||||
tombpass=`ask_key_password "$tombkey"`
|
||||
fi
|
||||
{ test $? = 0 } || {
|
||||
losetup -d ${nstloop}
|
||||
_failure "No valid password supplied." }
|
||||
@ -2005,7 +2046,13 @@ resize_tomb() {
|
||||
{ test $? = 0 } || {
|
||||
_failure "Error creating the extra resize $tmp_resize, operation aborted." }
|
||||
|
||||
tombpass=`ask_key_password $tombkey`
|
||||
if option_is_set --tomb-pwd; then
|
||||
tomb_pwd="`option_value --tomb-pwd`"
|
||||
_verbose "--tomb-pwd = $tomb_pwd"
|
||||
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"`
|
||||
else
|
||||
tombpass=`ask_key_password "$tombkey"`
|
||||
fi
|
||||
{ test $? = 0 } || {
|
||||
_failure "No valid password supplied." }
|
||||
|
||||
@ -2221,10 +2268,10 @@ main() {
|
||||
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
|
||||
subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
|
||||
subcommands_opts[lock]="f -force -ignore-swap k: -key=k o: -sudo-pwd: -tomb-pwd: "
|
||||
subcommands_opts[setkey]="f -force -ignore-swap k: -key=k -sudo-pwd: -tomb-pwd: "
|
||||
subcommands_opts[engrave]="k: -key=k "
|
||||
subcommands_opts[setkey]="k: -key=k f -force -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
|
||||
subcommands_opts[engrave]="k: -key=k -tomb-pwd: "
|
||||
|
||||
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||
subcommands_opts[passwd]="k: -key=k f -force -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
||||
subcommands_opts[close]="-sudo-pwd: "
|
||||
subcommands_opts[help]=""
|
||||
subcommands_opts[slam]=""
|
||||
|
Loading…
Reference in New Issue
Block a user