Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-27 20:29:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup and normalization of functions handling secrets

Browse Source 
also now using a dash - after print and gettext options to avoid
parsing printed strings as options.
This commit is contained in:
Jaromil 2014-08-25 23:32:32 +02:00
parent 7c55f633d6
commit 5d9caf01e0
1 changed files with 71 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
tomb
View File

@ -88,6 +88,9 @@ export TEXTDOMAIN=tomb
endgame() { endgame() {
# here clear all temp files and flush all pipes # here clear all temp files and flush all pipes
unset tomb_file
unset tomb_key
unset tomb_key_file
unset tomb_secret unset tomb_secret
unset tomb_password unset tomb_password
@ -159,7 +162,7 @@ tmp_create() {
} }
tmp_new() { tmp_new() {
# print out the latest tempfile # print out the latest tempfile
print "${tomb_tempfiles[${#tomb_tempfiles}]}" print - "${tomb_tempfiles[${#tomb_tempfiles}]}"
} }
# Check if swap is activated # Check if swap is activated
@ -363,7 +366,7 @@ lo_mount() {
} }
# print out latest loopback mounted # print out latest loopback mounted
lo_new() { print "${tomb_loopdevs[${#tomb_loopdevs}]}" } lo_new() { print - "${tomb_loopdevs[${#tomb_loopdevs}]}" }
# $1 is the path to the lodev to be preserved after quit # $1 is the path to the lodev to be preserved after quit
lo_preserve() { lo_preserve() {
@ -372,7 +375,7 @@ lo_preserve() {
tomb_loopdevs=("${(@)tomb_loopdevs:#$1}") tomb_loopdevs=("${(@)tomb_loopdevs:#$1}")
} }
# used for debugging # eventually used for debugging
dump_secrets() { dump_secrets() {
_verbose "tomb_file: $tomb_file" _verbose "tomb_file: $tomb_file"
_verbose "tomb_key: ${#tomb_key} chars long" _verbose "tomb_key: ${#tomb_key} chars long"
@ -481,12 +484,12 @@ option_is_set() {
# Get an option value # Get an option value
option_value() { option_value() {
# First argument, the commandline flag (i.e. "-s"). # First argument, the commandline flag (i.e. "-s").
print -n "${opts[$1]}" print -n - "${opts[$1]}"
} }
# Messaging function with pretty coloring # Messaging function with pretty coloring
function _msg() { function _msg() {
local msg="$(gettext -s "$2")" local msg="$(gettext -s - "$2")"
local command="print -P" local command="print -P"
local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color" local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color" local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
@ -614,9 +617,8 @@ check_bin() {
# This function retrieves a tomb key specified on commandline or from # This function retrieves a tomb key specified on commandline or from
# stdin if -k - was selected. It also runs validity checks on the # stdin if -k - was selected. It also runs validity checks on the
# file. Callers should always use drop_key() when done with all key # file. On success returns 0 and prints out the full path to
# operations. On success returns 0 and prints out the full path to # the key, setting globals: $tomb_key_file and $tomb_key
# the key.
load_key() { load_key() {
# take the name of a tomb file as argument to option -k # take the name of a tomb file as argument to option -k
# if no argument is given, tomb{key|dir|file} are set by caller # if no argument is given, tomb{key|dir|file} are set by caller
@ -657,7 +659,7 @@ load_key() {
_key="$tomb_key" _key="$tomb_key"
tomb_key="" tomb_key=""
[[ "$_key" =~ "_KDF_" ]] && { [[ "$_key" =~ "_KDF_" ]] && {
tomb_key+=`print $_key | $head -n 1` } tomb_key+=`print - $_key | $head -n 1` }
tomb_key+="-----BEGIN PGP MESSAGE-----" tomb_key+="-----BEGIN PGP MESSAGE-----"
tomb_key+="$_key" tomb_key+="$_key"
tomb_key+="-----END PGP MESSAGE-----" tomb_key+="-----END PGP MESSAGE-----"
@ -666,7 +668,6 @@ load_key() {
tomb_key="$tomb_key" tomb_key="$tomb_key"
tomb_key_file="$tomb_key_file" tomb_key_file="$tomb_key_file"
dump_secrets
return 0 return 0
} }
@ -676,15 +677,15 @@ load_key() {
gpg_decrypt() { gpg_decrypt() {
# fix for gpg 1.4.11 where the --status-* options don't work ;^/ # fix for gpg 1.4.11 where the --status-* options don't work ;^/
gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'` gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'`
gpgpass="$tomb_password\n$tomb_key" gpgpass="$1\n$tomb_key"
if [ "$gpgver" = "1.4.11" ]; then if [ "$gpgver" = "1.4.11" ]; then
_verbose "GnuPG is version 1.4.11 - adopting status fix." _verbose "GnuPG is version 1.4.11 - adopting status fix."
tomb_secret=`print "$gpgpass" | \ tomb_secret=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options"` gpg --batch --passphrase-fd 0 --no-tty --no-options"`
ret=$? ret=$?
unset lukspass unset gpgpass
else # using status-file in gpg != 1.4.11 else # using status-file in gpg != 1.4.11
@ -694,7 +695,7 @@ gpg_decrypt() {
# unset gpgpass; # unset gpgpass;
# _failure "Fatal error creating temp file." } # _failure "Fatal error creating temp file." }
tomb_secret=`print "$gpgpass" | \ tomb_secret=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options \ gpg --batch --passphrase-fd 0 --no-tty --no-options \
--status-fd 2 --no-mdc-warning --no-permission-warning \ --status-fd 2 --no-mdc-warning --no-permission-warning \
--no-secmem-warning 2> $_status` --no-secmem-warning 2> $_status`
@ -712,18 +713,14 @@ gpg_decrypt() {
# Gets a key file and a password, prints out the decoded contents to # Gets a key file and a password, prints out the decoded contents to
# be used directly by Luks as a cryptographic key # be used directly by Luks as a cryptographic key
get_lukskey() { get_lukskey() {
# $1 is the password, $2 is the keyfile # $1 is the password
_verbose "get_lukskey" _verbose "get_lukskey"
[[ "$tomb_key" = "" ]] && {
_warning "There is no key loaded"
return 1 }
_password="$1" _password="$1"
exhumedkey="" exhumedkey=""
firstline=`awk '{print $0; exit}' <<< "$tomb_key"` firstline=`head -n1 <<< "$tomb_key"`
# key is KDF encoded # key is KDF encoded
if [[ $firstline =~ '^_KDF_' ]]; then if [[ $firstline =~ '^_KDF_' ]]; then
@ -745,7 +742,6 @@ get_lukskey() {
tmp_create tmp_create
exhumedkey=`tmp_new` exhumedkey=`tmp_new`
exhume_key "$tomb_key_file" "$_password" "$exhumedkey" exhume_key "$tomb_key_file" "$_password" "$exhumedkey"
tomb_key_file="$exhumedkey"
tomb_key=`cat $exhumedkey` tomb_key=`cat $exhumedkey`
fi fi
@ -753,9 +749,7 @@ get_lukskey() {
is_valid_key || { is_valid_key || {
_failure "This key is unusable: $tomb_key_file" } _failure "This key is unusable: $tomb_key_file" }
tomb_password="$_password" gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
gpg_decrypt # saves decrypted content into $tomb_secret
ret="$?" ret="$?"
@ -764,17 +758,19 @@ get_lukskey() {
} }
# This function asks the user for the password to use the key it tests # This function asks the user for the password to use the key it tests
# it against the return code of gpg on success returns 0 and prints # it against the return code of gpg on success returns 0 and saves
# the password (be careful about where you save it!) # the password in the global variable $tomb_password
ask_key_password() { ask_key_password() {
dump_secrets # QUAA [[ "$tomb_key_file" = "" ]] && {
_failure "Internal error: ask_key_password() called before load_key()." }
keyname="$tomb_key_file" keyname="$tomb_key_file"
_message "A password is required to use key ${keyname}" _message "A password is required to use key ${keyname}"
passok=0 passok=0
tombpass="" tombpass=""
if [ "$2" = "" ]; then if [[ "$1" = "" ]]; then
for c in 1 2 3; do for c in 1 2 3; do
if [ $c = 1 ]; then if [[ $c = 1 ]]; then
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
else else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
@ -794,10 +790,10 @@ ask_key_password() {
else else
# if a second argument is present then the password is already known # if a second argument is present then the password is already known
tombpass="$2" tombpass="$1"
_verbose "ask_key_password with tombpass: $tombpass" _verbose "ask_key_password with tombpass: $tombpass"
get_lukskey "$tombpass" "$tombkey" get_lukskey "$tombpass"
if [ $? = 0 ]; then if [ $? = 0 ]; then
passok=1; _message "Password OK."; fi passok=1; _message "Password OK."; fi
@ -828,20 +824,20 @@ change_passwd() {
if option_is_set --tomb-old-pwd; then if option_is_set --tomb-old-pwd; then
tomb_old_pwd="`option_value --tomb-old-pwd`" tomb_old_pwd="`option_value --tomb-old-pwd`"
_verbose "--tomb-old-pwd = $tomb_old_pwd" _verbose "tomb-old-pwd = $tomb_old_pwd"
ask_key_password "$keyfile" "$tomb_old_pwd" >& - ask_key_password "$tomb_old_pwd"
else else
ask_key_password "$keyfile" >& - ask_key_password
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
# danger zone in which the key is written in clear # here $tomb_secret contains the key material in clear
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`" tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_new_pwd" _verbose "tomb-pwd = $tomb_new_pwd"
gen_key "$tomb_new_pwd" >> "$tmpnewkey" gen_key "$tomb_new_pwd" >> "$tmpnewkey"
else else
gen_key >> "$tmpnewkey" gen_key >> "$tmpnewkey"
@ -855,22 +851,7 @@ change_passwd() {
_success "Your passphrase was successfully updated." _success "Your passphrase was successfully updated."
fi fi
return 0
_verbose "Cleanup: $tmpnewkey"
${=WIPE} "${tmpnewkey}"
}
# To be called after load_key()
drop_key() {
_verbose "drop_key $tombkey"
# # delete key if temp stored from stdin
# if [[ "$tombkey" =~ "/dev/shm/tomb.load_key_stdin" ]]; then
# { test -r ${tombkey} } && {
# _message "Removing key temporarily stored from stdin"
# # ${=WIPE} ${tombkey}; rmdir `dirname ${tombkey}` }
# fi
} }
# $1 is the encrypted key contents we are checking # $1 is the encrypted key contents we are checking
@ -959,7 +940,7 @@ gen_key() {
} }
print -n $header print -n - $header
cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \ cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \
--batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \ --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
@ -972,6 +953,8 @@ EOF
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \ # --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
# -o - -c -a ${lukskey} # -o - -c -a ${lukskey}
# update global var
tomb_password="$tombpass"
unset tombpass unset tombpass
unset tombpasstmp unset tombpasstmp
} }
@ -995,9 +978,8 @@ BEGIN { ciphers=0 }
# Requires steghide(1) to be installed # Requires steghide(1) to be installed
bury_key() { bury_key() {
load_key load_key
tombkey="$tomb_key_file" [[ $? = 0 ]] || {
{ test "$tombkey" = "" } && { _failure "Bury failed for invalid key: $tomb_key_file" }
_failure "Bury failed: invalid key $tombkey" }
imagefile=$1 imagefile=$1
@ -1018,26 +1000,24 @@ bury_key() {
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`" tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd" _verbose "tomb-pwd = $tomb_pwd"
tombpass=`ask_key_password "$tombkey" "$tomb_pwd"` ask_key_password "$tomb_pwd"
else else
tombpass=`ask_key_password "$tombkey"` ask_key_password
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
drop_key
_warning "Wrong password supplied." _warning "Wrong password supplied."
_failure "You shall not bury a key whose password is unknown to you." _failure "You shall not bury a key whose password is unknown to you."
} }
# we omit armor strings since having them as constants can give # we omit armor strings since having them as constants can give
# ground to effective attacks on steganography # ground to effective attacks on steganography
print - "$tomb_key" | awk '
awk '
/^-----/ {next} /^-----/ {next}
/^Version/ {next} /^Version/ {next}
{print $0}' ${tombkey} \ {print $0}' \
| steghide embed --embedfile - --coverfile ${imagefile} \ | steghide embed --embedfile - --coverfile ${imagefile} \
-p ${tombpass} -z 9 -e serpent cbc -p ${tomb_password} -z 9 -e serpent cbc
if [ $? != 0 ]; then if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems." _warning "Encoding error: steghide reports problems."
res=1 res=1
@ -1046,9 +1026,6 @@ bury_key() {
res=0 res=0
fi fi
unset tombpass
drop_key
return $res return $res
} }
@ -1096,7 +1073,10 @@ exhume_key() {
_message "Trying to exhume a key out of image $imagefile" _message "Trying to exhume a key out of image $imagefile"
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tombpass="`option_value --tomb-pwd`" tombpass="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tombpass" _verbose "tomb-pwd = $tombpass"
elif [[ "$tomb_password" != "" ]]; then
# password is known already
tombpass="$tomb_password"
else else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"` tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
if [[ $? != 0 ]]; then if [[ $? != 0 ]]; then
@ -1141,7 +1121,6 @@ engrave_key() {
_success "Operation successful:" _success "Operation successful:"
_message "`ls -lh $pngname`" _message "`ls -lh $pngname`"
_message "`file $pngname`" _message "`file $pngname`"
drop_key
} }
# }}} - Key handling # }}} - Key handling
@ -1214,7 +1193,7 @@ forge_key() {
# the gen_key() function takes care of the new key's encryption # the gen_key() function takes care of the new key's encryption
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`" tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_new_pwd" _verbose "tomb-pwd = $tomb_new_pwd"
gen_key "$tomb_new_pwd" >> "$tomb_key_file" gen_key "$tomb_new_pwd" >> "$tomb_key_file"
else else
gen_key >> "$tomb_key_file" gen_key >> "$tomb_key_file"
@ -1342,8 +1321,6 @@ lock_tomb_with_key() {
_failure "Aborting operations: error loading key." } _failure "Aborting operations: error loading key." }
# make sure to call drop_key later # make sure to call drop_key later
dump_secrets
# the encryption cipher for a tomb can be set when locking using -o # the encryption cipher for a tomb can be set when locking using -o
if option_is_set -o; then if option_is_set -o; then
cipher="`option_value -o`" cipher="`option_value -o`"
@ -1357,10 +1334,10 @@ lock_tomb_with_key() {
# get the pass from the user and check it # get the pass from the user and check it
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`" tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd" _verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tombkey" "$tomb_pwd" >& - ask_key_password "$tomb_pwd"
else else
ask_key_password "$tombkey" >& - ask_key_password
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
@ -1368,7 +1345,7 @@ lock_tomb_with_key() {
_success "Locking ${tombfile} with ${tombkey}" _success "Locking ${tombfile} with ${tombkey}"
_message "Formatting Luks mapped device." _message "Formatting Luks mapped device."
print -n "$tomb_secret" | \ print -n - "$tomb_secret" | \
cryptsetup --key-file - --batch-mode \ cryptsetup --key-file - --batch-mode \
--cipher ${cipher} --key-size 256 --key-slot 0 \ --cipher ${cipher} --key-size 256 --key-slot 0 \
luksFormat ${nstloop} luksFormat ${nstloop}
@ -1377,7 +1354,7 @@ lock_tomb_with_key() {
_failure "Operation aborted." _failure "Operation aborted."
fi fi
print -n "$tomb_secret" | \ print -n - "$tomb_secret" | \
cryptsetup --key-file - \ cryptsetup --key-file - \
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
if ! [ $? = 0 ]; then if ! [ $? = 0 ]; then
@ -1439,37 +1416,37 @@ change_tomb_key() {
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`" tomb_new_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_new_pwd" _verbose "tomb-pwd = $tomb_new_pwd"
ask_key_password "$newkey" "$tomb_new_pwd" >& - ask_key_password "$newkey" "$tomb_new_pwd"
else else
ask_key_password "$newkey" >& - ask_key_password "$newkey"
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied for the new key." } _failure "No valid password supplied for the new key." }
tmp_create tmp_create
newkeyfile=`tmp_new` newkeyfile=`tmp_new`
print -n "$tomb_secret" > $newkeyfile print -n - "$tomb_secret" > $newkeyfile
# load the old key # load the old key
if option_is_set --tomb-old-pwd; then if option_is_set --tomb-old-pwd; then
tomb_old_pwd="`option_value --tomb-old-pwd`" tomb_old_pwd="`option_value --tomb-old-pwd`"
_verbose "--tomb-old-pwd = $tomb_old_pwd" _verbose "tomb-old-pwd = $tomb_old_pwd"
ask_key_password "$oldkey" "$tomb_old_pwd" >& - ask_key_password "$oldkey" "$tomb_old_pwd"
else else
ask_key_password "$oldkey" >& - ask_key_password "$oldkey"
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied for the old key." } _failure "No valid password supplied for the old key." }
# luksOpen the tomb (not really mounting, just on the loopback) # luksOpen the tomb (not really mounting, just on the loopback)
print -n "$tomb_secret" | \ print -n - "$tomb_secret" | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper} cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
{ test $? = 0 } || { { test $? = 0 } || {
_failure "Unexpected error in luksOpen." } _failure "Unexpected error in luksOpen." }
print -n "$tomb_secret"| \ print -n - "$tomb_secret"| \
cryptsetup --key-file - luksChangeKey "$nstloop" "$newkeyfile" cryptsetup --key-file - luksChangeKey "$nstloop" "$newkeyfile"
{ test $? = 0 } || { { test $? = 0 } || {
_failure "Unexpected error in luksChangeKey." } _failure "Unexpected error in luksChangeKey." }
@ -1610,15 +1587,15 @@ mount_tomb() {
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`" tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd" _verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tombkey" "$tomb_pwd" >& - ask_key_password "$tomb_pwd"
else else
ask_key_password "$tombkey" >& - ask_key_password
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
print -n "$tomb_secret" | \ print -n - "$tomb_secret" | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper} cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
if ! [ -r /dev/mapper/${mapper} ]; then if ! [ -r /dev/mapper/${mapper} ]; then
@ -2137,10 +2114,10 @@ resize_tomb() {
if option_is_set --tomb-pwd; then if option_is_set --tomb-pwd; then
tomb_pwd="`option_value --tomb-pwd`" tomb_pwd="`option_value --tomb-pwd`"
_verbose "--tomb-pwd = $tomb_pwd" _verbose "tomb-pwd = $tomb_pwd"
ask_key_password "$tombkey" "$tomb_pwd" >& - ask_key_password "$tomb_pwd"
else else
ask_key_password "$tombkey" >& - ask_key_password
fi fi
{ test $? = 0 } || { { test $? = 0 } || {
_failure "No valid password supplied." } _failure "No valid password supplied." }
@ -2151,7 +2128,7 @@ resize_tomb() {
mapdate=`date +%s` mapdate=`date +%s`
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`" mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
print -n "$tomb_secret" | \ print -n - "$tomb_secret" | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper} cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
if ! [ -r /dev/mapper/${mapper} ]; then if ! [ -r /dev/mapper/${mapper} ]; then