mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-29 00:06:38 +00:00
[cleanup] More test cleanups
This commit is contained in:
parent
14ed549a55
commit
788c133f94
215
tomb
215
tomb
@ -429,29 +429,38 @@ EOF
|
|||||||
# Check if a filename is a valid tomb
|
# Check if a filename is a valid tomb
|
||||||
is_valid_tomb() {
|
is_valid_tomb() {
|
||||||
_verbose "is_valid_tomb ::1 tomb file::" $1
|
_verbose "is_valid_tomb ::1 tomb file::" $1
|
||||||
# argument check
|
|
||||||
{ test "$1" = "" } && {
|
|
||||||
_warning "Tomb file is missing from arguments."; return 1 }
|
|
||||||
# file checks
|
|
||||||
{ test -r "$1" } || {
|
|
||||||
_warning "Tomb file not found: ::1 tomb file::" $1; return 1 }
|
|
||||||
{ test -f "$1" } || {
|
|
||||||
_warning "Tomb file is not a regular file: ::1 tomb file::" $1; return 1 }
|
|
||||||
{ test -s "$1" } || {
|
|
||||||
_warning "Tomb file is empty (zero length): ::1 tomb file::" $1; return 1 }
|
|
||||||
{ test -w "$1" } || {
|
|
||||||
_warning "Tomb file is not writable: ::1 tomb file::" $1; return 1 }
|
|
||||||
|
|
||||||
# check file type (if its a Luks fs)
|
# First argument must be the path to a tomb
|
||||||
|
[[ -z "$1" ]] && {
|
||||||
|
_failure "Tomb file is missing from arguments." }
|
||||||
|
|
||||||
|
# Tomb file must be a readable, writable, not-empty regular file.
|
||||||
|
[[ ! -r "$1" ]] && {
|
||||||
|
_failure "Tomb file not found: ::1 tomb file::" $1 }
|
||||||
|
[[ ! -f "$1" ]] && {
|
||||||
|
_failure "Tomb file is not a regular file: ::1 tomb file::" $1 }
|
||||||
|
[[ ! -s "$1" ]] && {
|
||||||
|
_failure "Tomb file is empty (zero length): ::1 tomb file::" $1 }
|
||||||
|
[[ ! -w "$1" ]] && {
|
||||||
|
_failure "Tomb file is not writable: ::1 tomb file::" $1 }
|
||||||
|
|
||||||
|
# TODO: split the rest of that function out.
|
||||||
|
# We already have a valid tomb, now we're checking
|
||||||
|
# whether we can alter it.
|
||||||
|
|
||||||
|
# Tomb file may be a LUKS FS (or we are creating it)
|
||||||
file "$1" | grep -i "luks encrypted file" > /dev/null || {
|
file "$1" | grep -i "luks encrypted file" > /dev/null || {
|
||||||
_warning "File is not yet a tomb: ::1 tomb file::" $1 }
|
_warning "File is not yet a tomb: ::1 tomb file::" $1 }
|
||||||
|
|
||||||
_plot $1 # Set TOMB{PATH,DIR,FILE,NAME}
|
_plot $1 # Set TOMB{PATH,DIR,FILE,NAME}
|
||||||
|
|
||||||
|
# Tomb cannot be already mounted (or we cannot alter it)
|
||||||
mount -l | grep "${TOMBFILE}.*\[$TOMBNAME\]$" > /dev/null
|
mount -l | grep "${TOMBFILE}.*\[$TOMBNAME\]$" > /dev/null
|
||||||
{ test $? = 0 } && {
|
[[ $? == 0 ]] && {
|
||||||
_warning "Tomb is currently in use: ::1 tomb name::" $TOMBNAME; return 1 }
|
_failure "Tomb is currently in use: ::1 tomb name::" $TOMBNAME }
|
||||||
|
|
||||||
_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
|
_message "Valid tomb file found: ::1 tomb path::" $TOMBPATH
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -502,6 +511,7 @@ dump_secrets() {
|
|||||||
_verbose "TOMBTMPFILES: ::1 temp files::" ${(@)TOMBTMPFILES}
|
_verbose "TOMBTMPFILES: ::1 temp files::" ${(@)TOMBTMPFILES}
|
||||||
_verbose "TOMBLOOPDEVS: ::1 loop devices::" ${(@)TOMBLOOPDEVS}
|
_verbose "TOMBLOOPDEVS: ::1 loop devices::" ${(@)TOMBLOOPDEVS}
|
||||||
}
|
}
|
||||||
|
|
||||||
# }}}
|
# }}}
|
||||||
|
|
||||||
# {{{ Commandline interaction
|
# {{{ Commandline interaction
|
||||||
@ -1115,19 +1125,18 @@ bury_key() {
|
|||||||
# password would enhance security). Nevertheless here we prefer
|
# password would enhance security). Nevertheless here we prefer
|
||||||
# usability.
|
# usability.
|
||||||
|
|
||||||
if option_is_set --tomb-pwd; then
|
{ option_is_set --tomb-pwd } && {
|
||||||
tomb_pwd="`option_value --tomb-pwd`"
|
local tombpwd="`option_value --tomb-pwd`"
|
||||||
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
|
_verbose "tomb-pwd = ::1 tomb pass::" $tombpwd
|
||||||
ask_key_password "$tomb_pwd"
|
ask_key_password "$tombpwd"
|
||||||
else
|
} || {
|
||||||
ask_key_password
|
ask_key_password
|
||||||
fi
|
|
||||||
{ test $? = 0 } || {
|
|
||||||
_warning "Wrong password supplied."
|
|
||||||
_failure "You shall not bury a key whose password is unknown to you."
|
|
||||||
}
|
}
|
||||||
|
[[ $? != 0 ]] && {
|
||||||
|
_warning "Wrong password supplied."
|
||||||
|
_failure "You shall not bury a key whose password is unknown to you." }
|
||||||
|
|
||||||
# we omit armor strings since having them as constants can give
|
# We omit armor strings since having them as constants can give
|
||||||
# ground to effective attacks on steganography
|
# ground to effective attacks on steganography
|
||||||
print - "$TOMBKEY" | awk '
|
print - "$TOMBKEY" | awk '
|
||||||
/^-----/ {next}
|
/^-----/ {next}
|
||||||
@ -1150,78 +1159,75 @@ bury_key() {
|
|||||||
# optional 2nd arg: the password to use (same as key, internal use)
|
# optional 2nd arg: the password to use (same as key, internal use)
|
||||||
# optional 3rd arg: the key where to save the result (- for stdout)
|
# optional 3rd arg: the key where to save the result (- for stdout)
|
||||||
exhume_key() {
|
exhume_key() {
|
||||||
|
local imagefile="$1" # The image file where to look for the key
|
||||||
|
local tombpass="$2" # (Optional) the password to use (internal use)
|
||||||
|
local destkey="$3" # (Optional) the key file where to save the
|
||||||
|
# result (- for stdout)
|
||||||
|
local r=1 # Return code (default: fail)
|
||||||
|
|
||||||
imagefile="$1"
|
# Ensure the image file is a readable JPEG
|
||||||
res=1
|
[[ ! -r $imagefile ]] && {
|
||||||
|
|
||||||
knownpass="$2"
|
|
||||||
|
|
||||||
destkey="$3"
|
|
||||||
[[ "$destkey" = "" ]] && {
|
|
||||||
destkey="`option_value -k`"
|
|
||||||
{ test "$destkey" = "" } && {
|
|
||||||
# no key output specified: fallback to stdout
|
|
||||||
destkey="-"
|
|
||||||
_message "printing exhumed key on stdout" }
|
|
||||||
}
|
|
||||||
|
|
||||||
{ test -r "$imagefile" } || {
|
|
||||||
_failure "Exhume failed, image file not found: ::1 image file::" $imagefile }
|
_failure "Exhume failed, image file not found: ::1 image file::" $imagefile }
|
||||||
|
[[ ! $(file "$imagefile") =~ "JP.G" ]] && {
|
||||||
[[ `file "$imagefile"` =~ "JP.G" ]] || {
|
|
||||||
_failure "Exhume failed: ::1 image file:: is not a jpeg image." $imagefile }
|
_failure "Exhume failed: ::1 image file:: is not a jpeg image." $imagefile }
|
||||||
|
|
||||||
# when a password is passed as argument then always print out
|
# When a password is passed as argument then always print out
|
||||||
# the exhumed key on stdout without further checks (internal use)
|
# the exhumed key on stdout without further checks (internal use)
|
||||||
{ test "$knownpass" = "" } || {
|
[[ -n "$tombpass" ]] && {
|
||||||
TOMBKEY=`steghide extract -sf "$imagefile" -p "$knownpass" -xf -`
|
TOMBKEY=$(steghide extract -sf $imagefile -p $tombpass -xf -)
|
||||||
{ test $? = 0 } || {
|
[[ $? != 0 ]] && {
|
||||||
_failure "Wrong password or no steganographic key found" }
|
_failure "Wrong password or no steganographic key found" }
|
||||||
|
|
||||||
recover_key $TOMBKEY
|
recover_key $TOMBKEY
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
{ test "$destkey" = "-" } || {
|
# Ensure we have a valid destination for the key
|
||||||
if [[ -s "$destkey" ]]; then
|
[[ -z $destkey ]] && { option_is_set -k } && destkey=$(option_value -k)
|
||||||
|
[[ -z $destkey ]] && {
|
||||||
|
destkey="-" # No key was specified: fallback to stdout
|
||||||
|
_message "printing exhumed key on stdout" }
|
||||||
|
|
||||||
|
# Bail out if destination exists, unless -f (force) was passed
|
||||||
|
[[ $destkey != "-" && -s $destkey ]] && {
|
||||||
_warning "File exists: ::1 tomb key::" $destkey
|
_warning "File exists: ::1 tomb key::" $destkey
|
||||||
{ option_is_set -f } || {
|
{ option_is_set -f } && {
|
||||||
|
_warning "Use of --force selected: overwriting."
|
||||||
|
rm -f $destkey
|
||||||
|
} || {
|
||||||
_warning "Make explicit use of --force to overwrite."
|
_warning "Make explicit use of --force to overwrite."
|
||||||
_failure "Refusing to overwrite file. Operation aborted." }
|
_failure "Refusing to overwrite file. Operation aborted." }
|
||||||
_warning "Use of --force selected: overwriting."
|
|
||||||
rm -f ${destkey}
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_message "Trying to exhume a key out of image ::1 image file::" $imagefile
|
_message "Trying to exhume a key out of image ::1 image file::" $imagefile
|
||||||
if option_is_set --tomb-pwd; then
|
{ option_is_set --tomb-pwd } && {
|
||||||
tombpass="`option_value --tomb-pwd`"
|
tombpass=$(option_value --tomb-pwd)
|
||||||
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
|
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
|
||||||
elif [[ -n $TOMBPASSWORD ]]; then
|
} || {
|
||||||
# password is known already
|
[[ -n $TOMBPASSWORD ]] && tombpass=$TOMBPASSWORD
|
||||||
tombpass=$TOMBPASSWORD
|
} || {
|
||||||
else
|
tombpass=$(exec_as_user ${TOMBEXEC} askpass \
|
||||||
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
|
"Insert password to exhume key from $imagefile")
|
||||||
if [[ $? != 0 ]]; then
|
[[ $? != 0 ]] && {
|
||||||
_warning "User aborted password dialog."
|
_warning "User aborted password dialog."
|
||||||
return 1
|
return 1
|
||||||
fi
|
}
|
||||||
fi
|
}
|
||||||
|
|
||||||
# always steghide required
|
# Extract the key from the image
|
||||||
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${destkey}
|
steghide extract -sf $imagefile -p ${tombpass} -xf $destkey
|
||||||
res=$?
|
r=$?
|
||||||
|
|
||||||
unset tombpass
|
# Report to the user
|
||||||
|
[[ "$destkey" = "-" ]] && destkey="stdout"
|
||||||
[[ "$destkey" = "-" ]] && { destkey="stdout" }
|
[[ $r == 0 ]] && {
|
||||||
if [ $res = 0 ]; then
|
|
||||||
_success "Key succesfully exhumed to ::1 key::." $destkey
|
_success "Key succesfully exhumed to ::1 key::." $destkey
|
||||||
else
|
} || {
|
||||||
_warning "Nothing found in ::1 image file::" $imagefile
|
_warning "Nothing found in ::1 image file::" $imagefile
|
||||||
fi
|
}
|
||||||
|
|
||||||
return $res
|
return $r
|
||||||
}
|
}
|
||||||
|
|
||||||
# Produces a printable image of the key contents so that it can be
|
# Produces a printable image of the key contents so that it can be
|
||||||
@ -1229,18 +1235,19 @@ exhume_key() {
|
|||||||
engrave_key() {
|
engrave_key() {
|
||||||
# load key from options
|
# load key from options
|
||||||
load_key || _failure "No key specified."
|
load_key || _failure "No key specified."
|
||||||
|
|
||||||
local keyname=$(basename $TOMBKEYFILE)
|
local keyname=$(basename $TOMBKEYFILE)
|
||||||
pngname="$keyname.qr.png"
|
local pngname="$keyname.qr.png"
|
||||||
|
|
||||||
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
|
_success "Rendering a printable QRCode for key: ::1 tomb key file::" $TOMBKEYFILE
|
||||||
# we omit armor strings to save space
|
# we omit armor strings to save space
|
||||||
awk '
|
awk '/^-----/ {next}; /^Version/ {next}; {print $0}' $TOMBKEYFILE \
|
||||||
/^-----/ {next}
|
| qrencode --size 4 --level H --casesensitive -o $pngname
|
||||||
/^Version/ {next}
|
[[ $? != 0 ]] && {
|
||||||
{print $0}' $TOMBKEYFILE | qrencode --size 4 --level H \
|
_failure "QREncode reported an error." }
|
||||||
--casesensitive -o "$pngname"
|
|
||||||
{ test $? = 0 } || { _failure "QREncode reported an error." }
|
|
||||||
_success "Operation successful:"
|
_success "Operation successful:"
|
||||||
|
# TODO: only if verbose and/or not silent
|
||||||
ls -lh $pngname
|
ls -lh $pngname
|
||||||
file $pngname
|
file $pngname
|
||||||
}
|
}
|
||||||
@ -1318,30 +1325,34 @@ dig_tomb() {
|
|||||||
|
|
||||||
forge_key() {
|
forge_key() {
|
||||||
# can be specified both as simple argument or using -k
|
# can be specified both as simple argument or using -k
|
||||||
destkey="$1"
|
local destkey="$1"
|
||||||
{ option_is_set -k } && { destkey="`option_value -k`" }
|
{ option_is_set -k } && { destkey=$(option_value -k) }
|
||||||
|
|
||||||
{ test "$destkey" = "" } && {
|
local algo="AES256" # Default encryption algorithm
|
||||||
_warning "A filename needs to be specified using -k to forge a new key."
|
|
||||||
return 1 }
|
[[ -z "$destkey" ]] && {
|
||||||
|
_failure "A filename needs to be specified using -k to forge a new key." }
|
||||||
|
|
||||||
_message "Commanded to forge key ::1 key::" $destkey
|
_message "Commanded to forge key ::1 key::" $destkey
|
||||||
_check_swap
|
|
||||||
|
|
||||||
|
_check_swap # Ensure the available memory is safe to use
|
||||||
|
|
||||||
# make sure that gnupg doesn't quits with an error before first run
|
# Ensure GnuPG won't exit with an error before first run
|
||||||
{ test -r $HOME/.gnupg/pubring.gpg } || {
|
[[ -r $HOME/.gnupg/pubring.gpg ]] || {
|
||||||
mkdir $HOME/.gnupg
|
mkdir -m 0700 $HOME/.gnupg
|
||||||
touch $HOME/.gnupg/pubring.gpg }
|
touch $HOME/.gnupg/pubring.gpg }
|
||||||
|
|
||||||
{ test -r "$destkey" } && {
|
# Do not overwrite any files accidentally
|
||||||
|
[[ -r "$destkey" ]] && {
|
||||||
_warning "Forging this key would overwrite an existing file. Operation aborted."
|
_warning "Forging this key would overwrite an existing file. Operation aborted."
|
||||||
_failure "`ls -lh $destkey`" }
|
_failure "`ls -lh $destkey`" }
|
||||||
|
|
||||||
{ option_is_set -o } && { algopt="`option_value -o`" }
|
# Update algorithm if it was passed on the command line with -o
|
||||||
algo=${algopt:-AES256}
|
{ option_is_set -o } && { algopt="$(option_value -o)" }
|
||||||
|
[[ -n "$algopt" ]] && algo=$algopt
|
||||||
|
|
||||||
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" $destkey $algo
|
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" \
|
||||||
|
$destkey $algo
|
||||||
|
|
||||||
TOMBKEYFILE="$destkey" # Set global variable
|
TOMBKEYFILE="$destkey" # Set global variable
|
||||||
|
|
||||||
@ -1350,13 +1361,12 @@ forge_key() {
|
|||||||
_message "To make it faster you can move the mouse around."
|
_message "To make it faster you can move the mouse around."
|
||||||
_message "If you are on a server, you can use an Entropy Generation Daemon."
|
_message "If you are on a server, you can use an Entropy Generation Daemon."
|
||||||
|
|
||||||
|
# Use /dev/random as the entropy source, unless --use-random is specified
|
||||||
local random_source=/dev/random
|
local random_source=/dev/random
|
||||||
if option_is_set --use-urandom; then
|
{ option_is_set --use-urandom } && random_source=/dev/urandom
|
||||||
random_source=/dev/urandom
|
|
||||||
fi
|
|
||||||
|
|
||||||
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
|
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
|
||||||
TOMBSECRET=`${=DD} bs=1 count=256 if=$random_source`
|
TOMBSECRET=$(${=DD} bs=1 count=256 if=$random_source)
|
||||||
[[ $? == 0 ]] || {
|
[[ $? == 0 ]] || {
|
||||||
_warning "Cannot generate encryption key."
|
_warning "Cannot generate encryption key."
|
||||||
_failure "Operation aborted." }
|
_failure "Operation aborted." }
|
||||||
@ -1365,19 +1375,20 @@ forge_key() {
|
|||||||
|
|
||||||
_success "Choose the password of your key: ::1 tomb key::" $TOMBKEYFILE
|
_success "Choose the password of your key: ::1 tomb key::" $TOMBKEYFILE
|
||||||
_message "(You can also change it later using 'tomb passwd'.)"
|
_message "(You can also change it later using 'tomb passwd'.)"
|
||||||
|
# _user_file $TOMBKEYFILE
|
||||||
touch $TOMBKEYFILE
|
touch $TOMBKEYFILE
|
||||||
chown $_UID:$_GID $TOMBKEYFILE
|
chown $_UID:$_GID $TOMBKEYFILE
|
||||||
chmod 0600 $TOMBKEYFILE
|
chmod 0600 $TOMBKEYFILE
|
||||||
|
|
||||||
tombname="$TOMBKEYFILE" # XXX ???
|
tombname="$TOMBKEYFILE" # XXX ???
|
||||||
# the gen_key() function takes care of the new key's encryption
|
# the gen_key() function takes care of the new key's encryption
|
||||||
if option_is_set --tomb-pwd; then
|
{ option_is_set --tomb-pwd } && {
|
||||||
tomb_new_pwd="`option_value --tomb-pwd`"
|
local tombpwd="`option_value --tomb-pwd`"
|
||||||
_verbose "tomb-pwd = ::1 new pass::" $tomb_new_pwd
|
_verbose "tomb-pwd = ::1 new pass::" $tombpwd
|
||||||
gen_key "$tomb_new_pwd" >> $TOMBKEYFILE
|
gen_key "$tombpwd" >> $TOMBKEYFILE
|
||||||
else
|
} || {
|
||||||
gen_key >> $TOMBKEYFILE
|
gen_key >> $TOMBKEYFILE
|
||||||
fi
|
}
|
||||||
|
|
||||||
# load the key contents (set global variable)
|
# load the key contents (set global variable)
|
||||||
TOMBKEY=$(cat $TOMBKEYFILE)
|
TOMBKEY=$(cat $TOMBKEYFILE)
|
||||||
|
Loading…
Reference in New Issue
Block a user