cleaned up old create_tomb and updated terminal help

2024-11-26 06:46:30 +00:00 · 2013-03-22 22:31:29 +01:00 · 2013-03-22 22:31:29 +01:00 · 32cf477b58
commit 32cf477b58
parent 342c121fa2
1 changed files with 18 additions and 207 deletions
--- a/src/tomb
+++ b/src/tomb
@ -334,13 +334,11 @@ check_command() {
    #before wasting user's time
    if ! option_is_set --ignore-swap && ! option_is_set -f; then
        if [[ $1 == 'create' || $1 == 'open' ]]; then
        if ! check_swap; then
            error "Swap activated. Disable it with swapoff, or use --ignore-swap"
            exit 1
        fi
    fi
    fi
 }
 usage() {
@ -350,18 +348,24 @@ Syntax: tomb [options] command [file] [place]
 Commands:
- create     create a new tomb FILE and its keys (needs size)
+ dig     create a new empty TOMB file of --size in MB
- open       open an existing tomb FILE on PLACE
+ forge   create a new KEY file and set its password
- list       list all open tombs or the one called FILE
+ lock    installs a lock on a TOMB to use it with KEY
- close      close the open tomb called FILE (or all)
+
- slam       close tomb FILE and kill all pids using it
+ open    open an existing TOMB
- passwd     change the password of a tomb key FILE
+
- resize     resize a tomb FILE (only bigger, needs size)
+ list    list open TOMBs
 close   close a TOMB (or all)
 slam    slam a TOMB killing all programs using it
 passwd  change the password of a KEY
 resize  resize a TOMB to a new --size (can only grow)
 EOF
    if [ "$STEGHIDE" = 1 ]; then
 	cat <<EOF
- bury       hide a tomb key FILE inside a jpeg PLACE
+ bury       hide a KEY inside a JPEG image
- exhume     extract a tomb key FILE from a jpeg PLACE
+ exhume     extract a KEY from a JPEG image
 EOF
    fi
    cat <<EOF
@ -634,195 +638,6 @@ exec_safe_post_hooks() {
 # }}}
 # {{{ TOMB SUB-COMMANDS
 # {{{ - Create
 # $1 is the tomb path
 create_tomb() {
    _message "Commanded to create tomb $1"
    # we run as root, but remember the original uid:gid to drop
    # privileges when not needed anymore
    if option_is_set -U; then _uid="`option_value -U`"; fi
    if option_is_set -G; then _gid="`option_value -G`"; fi
    # if swap is on, we remind the user about possible data leaks to disk
    if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
    if ! [ $1 ]; then
        _warning "no tomb name specified for creation"
        return 1
    fi
    # the encryption cipher for a tomb can be set at creation using -o
    if ! option_is_set -o; then 
        create_cipher="`option_value -o`"
    else
 	create_cipher=aes-cbc-essiv:sha256
    fi
    tombfile=`basename $1`
    tombdir=`dirname $1`
    # make sure the file has a .tomb extension
    tombname=${tombfile%%\.*}
    tombfile=${tombname}.tomb
    # require the specification of the size of the tomb (-s) in MB
    tombsize="`option_value -s`"
    [ $tombsize ] || die "Size argument missing, use --size"
    [[ $tombsize != <-> ]] && die "Size argument is not an integer"
    if [ -e ${tombdir}/${tombfile} ]; then
 	_warning "tomb exists already. I'm not digging here:"
 	ls -lh ${tombdir}/${tombfile}
 	return 1
    fi
    # check if the key is set manually then use the one existing
    if option_is_set -k; then
        tombkey="`option_value -k`"
 	if [ -e "${tombkey}" ]; then
 	    _message "Use an existing key to lock the new tomb:"
 	    ls -lh ${tombkey}
 	fi
 	# this does a check on the file header, virtuosism by hellekin
 	# [[ `file =(awk '/^-+BEGIN/,0' $1) -bi` =~ application/pgp ]]
 	if ! is_valid_key ${tombkey}; then
 	    _warning "The key seems invalid, the application/pgp header is missing"
 	    die "Operation aborted."
 	fi	    
    else
        tombkey="new" # generate it new later
    fi
    _success "Creating a new tomb in ${tombdir}/${tombfile}"
    if [ -z $tombsize ]; then
        _message "No size specified, summoning the Tomb Undertaker to guide us in the creation."
        "$TOMBOPENEXEC" &
        wait $!
        return 0
    fi
    tombsize_4k=`expr $tombsize \* 1024 / 4`
    _message "Generating ${tombfile} of ${tombsize}Mb (${tombsize_4k} blocks of 4Kb)"
    # we will first touch the file and set permissions: this way, even if interrupted, permissions are right
    touch ${tombdir}/${tombfile}
    chown ${_uid}:${_gid} "${tombdir}/${tombfile}"
    chmod 0600 "${tombdir}/${tombfile}"
    $DD if=/dev/urandom bs=4k count=${tombsize_4k} of=${tombdir}/${tombfile}
    if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
 	_success "OK: `ls -lh ${tombdir}/${tombfile}`"
    else
 	die "Error creating the tomb ${tombdir}/${tombfile}, operation aborted." 
    fi
    nstloop=`losetup -f` # get the number for next loopback device
    losetup -f ${tombdir}/${tombfile} # allocates the next loopback for our file
    # create the keyfile in tmpfs so that we leave less traces in RAM
    keytmp=`safe_dir tomb`
    (( $? )) && die "error creating temp dir"
    xxx "safe_dir at $keytmp"
    #rm -f $keytmp
    # ?????? creo, cancello e ricreo ??????
    #mkdir -p $keytmp
    mount tmpfs "${keytmp}" -t tmpfs -o size=1m
    if [ $? != 0 ]; then
 	_warning "cannot mount tmpfs filesystem in volatile memory"
 	losetup -d $nstloop
 	rm -r "${keytmp}"
 	die "operation aborted." 
    fi
    _message "Generating secret key..."
    _message "this operation takes time, keep using this computer on other tasks,"
    _message "once done you will be asked to choose a password for your tomb."
    _message "To make it faster you can move the mouse around"
    touch ${keytmp}/tomb.tmp
    chmod 0600 ${keytmp}/tomb.tmp
    random_source=/dev/random
    if option_is_set --use-urandom; then
        random_source=/dev/urandom
    fi
    if [[ $DD = "dcfldd" ]]; then
        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp statusinterval=1
    else
        $DD bs=1 count=256 if=$random_source of=${keytmp}/tomb.tmp
    fi
    if ! [ -r ${keytmp}/tomb.tmp ]; then
 	_warning "cannot generate encryption key"
 	umount ${keytmp}
 	losetup -d $nstloop
 	rm -r $keytmp
 	die "operation aborted." 
    fi
    _success "Setup your secret key file ${tombkey}"
    if [ "$tombkey" = "new" ]; then
 	tombkey="${tombdir}/${tombfile}.key"
 	touch ${tombkey}
 	chown ${_uid}:${_gid} ${tombkey}
 	chmod 0600 ${tombkey}
 	gen_key ${keytmp}/tomb.tmp > ${tombkey}
    fi
    if ! is_valid_key ${tombkey}; then
        _warning "The key does not seem to be valid"
    fi
    # if [ $? != 0 ]; then
    # 	_warning "setting password failed: gnupg returns 2"
    # 	umount ${keytmp}
    # 	losetup -d $nstloop
    # 	rm -r $keytmp
    # 	exit 1
    # fi
    _message "formatting Luks mapped device"
 	# we use aes-cbc-essiv with sha256
 	# for security, performance and compatibility
    # XXX: More for compatibility then, because xts-plain is better nowadays.
    cryptsetup --batch-mode \
 	--cipher ${create_cipher} --key-size 256 \
 	luksFormat ${nstloop} ${keytmp}/tomb.tmp
    if ! [ $? = 0 ]; then
 	umount ${keytmp}
 	losetup -d $nstloop
 	rm -r $keytmp
 	rm ${tombdir}/${tombfile}
 	die "operation aborted." 0
    fi
    cryptsetup --key-file ${keytmp}/tomb.tmp --cipher ${create_cipher} luksOpen ${nstloop} tomb.tmp
    ${=WIPE} ${keytmp}/tomb.tmp
    umount ${keytmp}
    rm -r ${keytmp}
 #  cryptsetup luksDump ${nstloop}
    _message "formatting your Tomb with Ext3/Ext4 filesystem"
    ${=MKFS} ${tombname} /dev/mapper/tomb.tmp
    if [ $? != 0 ]; then
 	_warning "Tomb format returned an error:"
 	_warning "your tomb ${tombfile} may be corrupted."
    fi
    sync
    cryptsetup luksClose tomb.tmp
    losetup -d ${nstloop}
    _message "done creating $tombname encrypted storage (using Luks dm-crypt ${create_cipher})"
    _success "Your tomb is ready in ${tombdir}/${tombfile} and secured with key ${tombkey}"
 }
 # This is a new way to create tombs which dissects the whole create_tomb() into 3 clear steps:
 #  - dig a .tomb (the large file) using /dev/random (takes some minutes at least)
 #  - forge a .key (the small file) using /dev/urandom (good entropy needed)
@ -2191,10 +2006,6 @@ main() {
    xxx "Tomb command: $subcommand ${PARAM}"
    case "$subcommand" in
 	create)
 	    check_priv
 	    create_tomb ${=PARAM}
 	    ;;
 	# new creation in three steps
 	forge)