Support encrypted swaps

This commit is contained in:
hellekin 2013-12-16 18:23:10 -03:00
parent 15517e0141
commit 42a51c53fc

32
tomb
View File

@ -181,6 +181,22 @@ check_swap() {
return $ret return $ret
} }
# Wrapper to allow encrypted swap and remind the user about
# possible data leaks to disk if swap is on, and not to be ignored
_check_swap() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then
check_swap
case $? in
0|2) # No, or encrypted swap
return 0
;;
*) # Unencrypted swap
return 1
;;
esac
fi
}
# Ask user for a password # Ask user for a password
ask_password() { ask_password() {
# we use pinentry now # we use pinentry now
@ -619,7 +635,7 @@ ask_key_password() {
# change tomb key password # change tomb key password
change_passwd() { change_passwd() {
_message "Commanded to change password for tomb key $1" _message "Commanded to change password for tomb key $1"
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi _check_swap
local keyfile="$1" # $1 is the tomb key path local keyfile="$1" # $1 is the tomb key path
@ -991,6 +1007,8 @@ engrave_key() {
forge_key() { forge_key() {
xxx "forge_key()" xxx "forge_key()"
_check_swap
# can be specified both as simple argument or using -k # can be specified both as simple argument or using -k
local destkey="$1" local destkey="$1"
{ option_is_set -k } && { destkey="`option_value -k`" } { option_is_set -k } && { destkey="`option_value -k`" }
@ -1003,9 +1021,6 @@ forge_key() {
_warning "Forging this key would overwrite an existing file. Operation aborted." _warning "Forging this key would overwrite an existing file. Operation aborted."
die "`ls -lh $destkey`" } die "`ls -lh $destkey`" }
# if swap is on, we remind the user about possible data leaks to disk
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
# create the keyfile in tmpfs so that we leave less traces in RAM # create the keyfile in tmpfs so that we leave less traces in RAM
local keytmp=`safe_dir forge` local keytmp=`safe_dir forge`
(( $? )) && die "error creating temp dir" (( $? )) && die "error creating temp dir"
@ -1084,9 +1099,7 @@ forge_key() {
# taken from /dev/urandom which improves the tomb's overall security # taken from /dev/urandom which improves the tomb's overall security
dig_tomb() { dig_tomb() {
_message "Commanded to dig tomb $1" _message "Commanded to dig tomb $1"
_check_swap
# if swap is on, we remind the user about possible data leaks to disk
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
if ! [ $1 ]; then if ! [ $1 ]; then
_warning "no tomb name specified for creation" _warning "no tomb name specified for creation"
@ -1249,7 +1262,7 @@ lock_tomb_with_key() {
# This function changes the key that locks a tomb # This function changes the key that locks a tomb
change_tomb_key() { change_tomb_key() {
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi _check_swap
{ option_is_set -k } || { die "Specify the new key with -k" } { option_is_set -k } || { die "Specify the new key with -k" }
newkey="`option_value -k`" newkey="`option_value -k`"
@ -1370,8 +1383,7 @@ create_tomb() {
# $1 = tombfile $2(optional) = mountpoint # $1 = tombfile $2(optional) = mountpoint
mount_tomb() { mount_tomb() {
_message "Commanded to open tomb $1" _message "Commanded to open tomb $1"
_check_swap
if ! option_is_set -f && ! option_is_set --ignore-swap; then check_swap; fi
if ! [ ${1} ]; then if ! [ ${1} ]; then
_warning "no tomb name specified for creation" _warning "no tomb name specified for creation"