Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-21 17:29:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disable escapes when piping secrets

Browse Source 
Switched to use echo with -E flag to disable escapes in keys: escape
strings were discarded cryptsetup tomb operations when they were present
in the decoded key random passphrase. Issue #154

The solution adopted here includes wrapping all cryptsetup operations to
unify the behaviour adopted.

Worth noting that this problem possibly breaks all tombs and keys
created using the unstable Tomb from git development in the past 2
months. Regression tests with previous stable releases are OK.
This commit is contained in:
Jaromil 2014-11-20 09:59:11 +01:00
parent 9180b214af
commit 489b3582cb
2 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AUTHORS.md
View File

@ -13,7 +13,7 @@ German translation by x3nu.
Testing, reviews and documentation are contributed by Dreamer, Shining Testing, reviews and documentation are contributed by Dreamer, Shining
the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq, the Translucent, Mancausoft, Asbesto Molesto, Nignux, Vlax, The Grugq,
Reiven, GDrooid and the Linux Action Show! Reiven, GDrooid, Alphazo and the Linux Action Show!
Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth. Cryptsetup was developed by Christophe Saout and Clemens Fruhwirth.

20
tomb
View File

@ -976,6 +976,13 @@ ask_key_password() {
return 0 return 0
} }
# call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() {
echo -n -E - "$TOMBSECRET" | cryptsetup --key-file - ${=@}
return $?
}
# change tomb key password # change tomb key password
change_passwd() { change_passwd() {
local tmpnewkey lukskey c tombpass tombpasstmp local tmpnewkey lukskey c tombpass tombpasstmp
@ -1496,17 +1503,14 @@ lock_tomb_with_key() {
_success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE _success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE
_message "Formatting Luks mapped device." _message "Formatting Luks mapped device."
print -n - $TOMBSECRET | \ _cryptsetup --batch-mode \
cryptsetup --key-file - --batch-mode \
--cipher ${cipher} --key-size 256 --key-slot 0 \ --cipher ${cipher} --key-size 256 --key-slot 0 \
luksFormat ${nstloop} luksFormat ${nstloop}
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_warning "cryptsetup luksFormat returned an error." _warning "cryptsetup luksFormat returned an error."
_failure "Operation aborted." } _failure "Operation aborted." }
print -n - $TOMBSECRET | \ _cryptsetup --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
cryptsetup --key-file - \
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
[[ $? == 0 ]] || { [[ $? == 0 ]] || {
_warning "cryptsetup luksOpen returned an error." _warning "cryptsetup luksOpen returned an error."
_failure "Operation aborted." } _failure "Operation aborted." }
@ -1694,8 +1698,7 @@ mount_tomb() {
} }
[[ $? == 0 ]] || _failure "No valid password supplied." [[ $? == 0 ]] || _failure "No valid password supplied."
print -n - $TOMBSECRET | \ _cryptsetup luksOpen ${nstloop} ${mapper}
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }
@ -2233,8 +2236,7 @@ resize_tomb() {
mapdate=`date +%s` mapdate=`date +%s`
mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)" mapper="tomb.$TOMBNAME.$mapdate.$(basename $nstloop)"
print -n - $TOMBSECRET | \ _cryptsetup luksOpen ${nstloop} ${mapper}
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
[[ -r /dev/mapper/${mapper} ]] || { [[ -r /dev/mapper/${mapper} ]] || {
_failure "Failure mounting the encrypted file." } _failure "Failure mounting the encrypted file." }