Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-22 12:35:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #350 from dyne/urandom-switch

Browse Source 
switch default random source to /dev/urandom
This commit is contained in:
Jaromil 2019-05-22 10:13:07 +02:00 committed by GitHub
commit bd3e3c7056
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 87 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
doc/tomb.1
View File

@ -1,4 +1,4 @@
.TH tomb 1 "April 16, 2017" "tomb" .TH tomb 1 "May 22, 2019" "tomb"
.SH NAME .SH NAME
Tomb \- the Crypto Undertaker Tomb \- the Crypto Undertaker
@ -38,18 +38,18 @@ data gathered from a non-blocking source (/dev/urandom).
.IP "forge" .IP "forge"
Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to Creates a new \fIkey\fR and prompts the user for a \fIpassword\fR to
protect its usage using symmetric encryption. This operation uses protect its usage using symmetric encryption. This operation uses
random data from a blocking source (/dev/random) and it may take long random data from a non-blocking source (/dev/urandom) and it may take
when run on a server with low entropy; to switch using a non-blocking long only in some cases; to switch using a blocking source the
source the \fI--use-urandom\fR flag can be used. The \fI-g\fR option \fI--use-random\fR flag can be used. The \fI-g\fR option switches on
switches on the use of a GPG key instead of a password (asymmetric the use of a GPG key instead of a password (asymmetric encryption),
encryption), then the \fI-r\fR option indicates the recipient key; then the \fI-r\fR option indicates the recipient key; more recipient
more recipient GPG ids can be indicated (comma separated). The default GPG ids can be indicated (comma separated). The default cipher to
cipher to protect the key is AES256, a custom one can be specified protect the key is AES256, a custom one can be specified using the
using the \fI-o\fR option, for a list of supported ciphers use \fI-o\fR option, for a list of supported ciphers use \fI-v\fR. For
\fI-v\fR. For additional protection against dictionary attacks on additional protection against dictionary attacks on keys, the
keys, the \fI--kdf\fR option can be used when forging a key, making \fI--kdf\fR option can be used when forging a key, making sure that
sure that the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were the \fItomb-kdb-pbkdf2\fR binaries in \fIextras/kdf\fR were compiled
compiled and installed on the system. and installed on the system.
.B .B
.IP "lock" .IP "lock"
@ -292,11 +292,10 @@ Enable using dev-mode arguments, i.e. to pass passwords from
commandline options. This is mostly used needed for execution by commandline options. This is mostly used needed for execution by
wrappers and testing suite. wrappers and testing suite.
.B .B
.IP "--use-urandom" .IP "--use-random"
Use a non-blocking random source to improve the speed of the Use a blocking random source. Tomb uses by default /dev/urandom since
\fIforge\fR command (key generation): tomb uses /dev/urandom instead the non-blocking source of Linux kernel doesn't degrades the quality
of /dev/random. According to some people using the non-blocking source of random.
of Linux kernel doesn't degrades the quality of random.
.B .B
.IP "--tomb-pwd <string>" .IP "--tomb-pwd <string>"
Use string as password when needed on tomb. Use string as password when needed on tomb.
@ -533,7 +532,7 @@ channel on \fIhttps://irc.dyne.org\fR.
.SH COPYING .SH COPYING
This manual is Copyright (c) 2011-2017 by Denis Roio <\fIjaromil@dyne.org\fR> This manual is Copyright (c) 2011-2019 by Denis Roio <\fIjaromil@dyne.org\fR>
This manual includes contributions by Boyska and Hellekin O. Wolf. This manual includes contributions by Boyska and Hellekin O. Wolf.

10
extras/android/tomb
View File

@ -1428,9 +1428,9 @@ forge_key() {
_warning "To make it faster you can move the mouse around." _warning "To make it faster you can move the mouse around."
_warning "If you are on a server, you can use an Entropy Generation Daemon." _warning "If you are on a server, you can use an Entropy Generation Daemon."
# Use /dev/random as the entropy source, unless --use-urandom is specified # Use /dev/random as the entropy source, unless --use-random is specified
local random_source=/dev/random local random_source=/dev/urandom
{ option_is_set --use-urandom } && random_source=/dev/urandom { option_is_set --use-random } && random_source=/dev/random
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source _verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
TOMBSECRET=$(${=DD} bs=1 count=256 if=$random_source) TOMBSECRET=$(${=DD} bs=1 count=256 if=$random_source)
@ -2474,7 +2474,7 @@ main() {
subcommands_opts[create]="" # deprecated, will issue warning subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher. # -o in forge and lock is used to pass an alternate cipher.
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom " subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-random "
subcommands_opts[dig]="-ignore-swap s: -size=s " subcommands_opts[dig]="-ignore-swap s: -size=s "
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: " subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: "
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: " subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
@ -2571,7 +2571,7 @@ main() {
{ ! option_is_set --no-color } && { autoload -Uz colors && colors } { ! option_is_set --no-color } && { autoload -Uz colors && colors }
# Some options are only available during insecure mode # Some options are only available during insecure mode
{ ! option_is_set --unsafe } && { { ! option_is_set --unsafe } && {
for opt in --tomb-pwd --use-urandom --tomb-old-pwd; do for opt in --tomb-pwd --use-random --tomb-old-pwd; do
{ option_is_set $opt } && { { option_is_set $opt } && {
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt } exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
done done

6
extras/test/90_setkey.sh Normal file → Executable file
View File

@ -7,7 +7,7 @@ source ./setup
test_export "test" # Using already generated tomb test_export "test" # Using already generated tomb
test_expect_success 'Testing set key' ' test_expect_success 'Testing set key' '
tt forge -k $tomb_key_new --tomb-pwd $DUMMYPASS \ tt forge -k $tomb_key_new --tomb-pwd $DUMMYPASS \
--ignore-swap --unsafe --use-urandom --force && --ignore-swap --unsafe --force &&
tt setkey -k $tomb_key_new $tomb_key $tomb \ tt setkey -k $tomb_key_new $tomb_key $tomb \
--unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS && --unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS &&
tt open -k $tomb_key_new $tomb \ tt open -k $tomb_key_new $tomb \
@ -20,7 +20,7 @@ test_expect_success 'Testing set key' '
test_export "recipient" # Using already generated tomb test_export "recipient" # Using already generated tomb
test_expect_success 'Testing tomb with GnuPG keys: setkey' ' test_expect_success 'Testing tomb with GnuPG keys: setkey' '
tt forge $tomb_key_new -g -r $KEY2 --ignore-swap --unsafe --use-urandom && tt forge $tomb_key_new -g -r $KEY2 --ignore-swap --unsafe &&
tt setkey -k $tomb_key_new $tomb_key $tomb -g -r $KEY2 && tt setkey -k $tomb_key_new $tomb_key $tomb -g -r $KEY2 &&
tt open -k $tomb_key_new $tomb -g && tt open -k $tomb_key_new $tomb -g &&
tt_close tt_close
@ -30,7 +30,7 @@ if test_have_prereq SPHINX ORACLE; then
test_export "sphinx_test" # Using already generated tomb test_export "sphinx_test" # Using already generated tomb
test_expect_success 'Testing set key (sphinx)' ' test_expect_success 'Testing set key (sphinx)' '
tt forge -k $tomb_key_new --tomb-pwd $DUMMYPASS \ tt forge -k $tomb_key_new --tomb-pwd $DUMMYPASS \
--ignore-swap --unsafe --use-urandom --force \ --ignore-swap --unsafe --force \
--sphx-user $DUMMYUSER --sphx-host $DUMMYHOST && --sphx-user $DUMMYUSER --sphx-host $DUMMYHOST &&
tt setkey -k $tomb_key_new $tomb_key $tomb \ tt setkey -k $tomb_key_new $tomb_key $tomb \
--unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \ --unsafe --tomb-pwd $DUMMYPASS --tomb-old-pwd $DUMMYPASS \

22
extras/test/runtests
View File

@ -92,7 +92,7 @@ test-tomb-create() {
notice "Testing creation: forge" notice "Testing creation: forge"
tt forge /tmp/test.tomb.key \ tt forge /tmp/test.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --use-urandom --ignore-swap --unsafe --tomb-pwd ${dummypass}
{ test $? = 0 } && { { test $? = 0 } && {
results+=(forge SUCCESS) results+=(forge SUCCESS)
@ -124,7 +124,7 @@ test-tomb-recip() {
{ test $? = 0 } && { results+=(recip-dig SUCCESS) } { test $? = 0 } && { results+=(recip-dig SUCCESS) }
notice "Testing tomb with recipient creation: forge" notice "Testing tomb with recipient creation: forge"
tt forge $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe --use-urandom tt forge $tomb_key -g -r $gpgid_1 --ignore-swap --unsafe
{ test $? = 0 } && { results+=(recip-forge SUCCESS) } { test $? = 0 } && { results+=(recip-forge SUCCESS) }
notice "Testing tomb with recipient creation: lock" notice "Testing tomb with recipient creation: lock"
@ -183,7 +183,7 @@ test-tomb-recip() {
sudo rm -f /tmp/new.recip.tomb.key sudo rm -f /tmp/new.recip.tomb.key
res=0 res=0
tt forge /tmp/new.recip.tomb.key -g -r $gpgid_2 \ tt forge /tmp/new.recip.tomb.key -g -r $gpgid_2 \
--ignore-swap --unsafe --use-urandom --ignore-swap --unsafe
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -g -r $gpgid_2 tt setkey -k /tmp/new.recip.tomb.key $tomb_key $tomb -g -r $gpgid_2
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
@ -202,7 +202,7 @@ test-tomb-recip-default() {
res=0 res=0
tt dig -s 20 /tmp/default.tomb tt dig -s 20 /tmp/default.tomb
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe --use-urandom tt forge /tmp/default.tomb.key -g --ignore-swap --unsafe
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt lock /tmp/default.tomb -k /tmp/default.tomb.key \ tt lock /tmp/default.tomb -k /tmp/default.tomb.key \
--ignore-swap --unsafe -g --ignore-swap --unsafe -g
@ -221,7 +221,7 @@ test-tomb-recip-hidden() {
res=0 res=0
tt dig -s 20 /tmp/hidden.tomb tt dig -s 20 /tmp/hidden.tomb
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt forge /tmp/hidden.tomb.key -g -R $gpgid_1 --ignore-swap --unsafe --use-urandom tt forge /tmp/hidden.tomb.key -g -R $gpgid_1 --ignore-swap --unsafe
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt lock /tmp/hidden.tomb -k /tmp/hidden.tomb.key \ tt lock /tmp/hidden.tomb -k /tmp/hidden.tomb.key \
--ignore-swap --unsafe -g -R $gpgid_1 --ignore-swap --unsafe -g -R $gpgid_1
@ -239,7 +239,7 @@ test-tomb-shared() {
tt dig -s 20 /tmp/shared.tomb tt dig -s 20 /tmp/shared.tomb
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 \ tt forge /tmp/shared.tomb.key -g -r $gpgid_1,$gpgid_2 \
--ignore-swap --unsafe --use-urandom --ignore-swap --unsafe
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \ tt lock /tmp/shared.tomb -k /tmp/shared.tomb.key \
--ignore-swap --unsafe -g -r $gpgid_1 --ignore-swap --unsafe -g -r $gpgid_1
@ -258,7 +258,7 @@ test-tomb-shared() {
rm -f /tmp/new.shared.tomb.key rm -f /tmp/new.shared.tomb.key
res=0 res=0
tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 \ tt forge /tmp/new.shared.tomb.key -g -r $gpgid_1,$gpgid_2 \
--ignore-swap --unsafe --use-urandom --ignore-swap --unsafe
{ test $? = 0 } || { res=1 } { test $? = 0 } || { res=1 }
tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \ tt setkey -k /tmp/new.shared.tomb.key /tmp/shared.tomb.key /tmp/shared.tomb \
-g -r $gpgid_2,$gpgid_1 -g -r $gpgid_2,$gpgid_1
@ -297,7 +297,7 @@ test-set-key() {
sudo rm -f /tmp/test.tomb.new.key sudo rm -f /tmp/test.tomb.new.key
tt forge -k /tmp/test.tomb.new.key --force --unsafe --tomb-pwd ${dummypass} --use-urandom tt forge -k /tmp/test.tomb.new.key --force --unsafe --tomb-pwd ${dummypass}
tt setkey -k /tmp/test.tomb.new.key --unsafe --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypass} /tmp/test.tomb.key /tmp/test.tomb tt setkey -k /tmp/test.tomb.new.key --unsafe --tomb-pwd ${dummypass} --tomb-old-pwd ${dummypass} /tmp/test.tomb.key /tmp/test.tomb
@ -336,7 +336,7 @@ test-regression() {
${OLDT} -D dig -s 10 /tmp/regression-test.tomb ${OLDT} -D dig -s 10 /tmp/regression-test.tomb
${OLDT} -D forge /tmp/regression-test.tomb.key \ ${OLDT} -D forge /tmp/regression-test.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --use-urandom --ignore-swap --unsafe --tomb-pwd ${dummypass}
${OLDT} -D lock /tmp/regression-test.tomb -k /tmp/regression-test.tomb.key \ ${OLDT} -D lock /tmp/regression-test.tomb -k /tmp/regression-test.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --ignore-swap --unsafe --tomb-pwd ${dummypass}
@ -368,7 +368,7 @@ test-open-read-only() {
# Create new # Create new
tt dig -s 20 /tmp/testro.tomb tt dig -s 20 /tmp/testro.tomb
tt forge /tmp/testro.tomb.key \ tt forge /tmp/testro.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --use-urandom --ignore-swap --unsafe --tomb-pwd ${dummypass}
tt lock /tmp/testro.tomb -k /tmp/testro.tomb.key \ tt lock /tmp/testro.tomb -k /tmp/testro.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --ignore-swap --unsafe --tomb-pwd ${dummypass}
@ -502,7 +502,7 @@ test-set-key
notice "Testing KDF key" notice "Testing KDF key"
sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb sudo rm -f /tmp/test.tomb.kdf /tmp/kdf.tomb
tt --unsafe --tomb-pwd ${dummypass} --use-urandom --kdf 1 forge -k /tmp/test.tomb.kdf tt --unsafe --tomb-pwd ${dummypass} --kdf 1 forge -k /tmp/test.tomb.kdf
{ test $? = 0 } && { results+=(kdforge SUCCESS) } { test $? = 0 } && { results+=(kdforge SUCCESS) }

2
extras/test/setup Normal file → Executable file
View File

@ -116,7 +116,7 @@ tt() {
} }
tt_dig() { tt dig "$tomb" "${@}"; } tt_dig() { tt dig "$tomb" "${@}"; }
tt_forge() { tt forge "$tomb_key" --ignore-swap --unsafe --use-urandom "${@}"; } tt_forge() { tt forge "$tomb_key" --ignore-swap --unsafe "${@}"; }
tt_lock() { tt lock "$tomb" -k "$tomb_key" --ignore-swap --unsafe "${@}"; } tt_lock() { tt lock "$tomb" -k "$tomb_key" --ignore-swap --unsafe "${@}"; }
tt_open() { tt open "$tomb" -k "$tomb_key" --ignore-swap --unsafe "${@}"; } tt_open() { tt open "$tomb" -k "$tomb_key" --ignore-swap --unsafe "${@}"; }
tt_close() { tt close "$testname" "${@}"; } tt_close() { tt close "$testname" "${@}"; }

10
tomb
View File

@ -1952,9 +1952,9 @@ forge_key() {
_warning "To make it faster you can move the mouse around." _warning "To make it faster you can move the mouse around."
_warning "If you are on a server, you can use an Entropy Generation Daemon." _warning "If you are on a server, you can use an Entropy Generation Daemon."
# Use /dev/random as the entropy source, unless --use-urandom is specified # Use /dev/urandom as the entropy source, unless --use-random is specified
local random_source=/dev/random local random_source=/dev/urandom
{ option_is_set --use-urandom } && random_source=/dev/urandom { option_is_set --use-random } && random_source=/dev/random
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source _verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
TOMBSECRET=$(${=DD} bs=1 count=512 if=$random_source) TOMBSECRET=$(${=DD} bs=1 count=512 if=$random_source)
@ -3108,7 +3108,7 @@ main() {
subcommands_opts[create]="" # deprecated, will issue warning subcommands_opts[create]="" # deprecated, will issue warning
# -o in forge and lock is used to pass an alternate cipher. # -o in forge and lock is used to pass an alternate cipher.
subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-urandom r: R: -sphx-host: -sphx-user: " subcommands_opts[forge]="-ignore-swap k: -kdf: o: -tomb-pwd: -use-random r: R: -sphx-host: -sphx-user: "
subcommands_opts[dig]="-ignore-swap s: -size=s " subcommands_opts[dig]="-ignore-swap s: -size=s "
subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: -sphx-host: -sphx-user: " subcommands_opts[lock]="-ignore-swap k: -kdf: o: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: " subcommands_opts[setkey]="k: -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: r: R: -sphx-host: -sphx-user: "
@ -3208,7 +3208,7 @@ main() {
{ ! option_is_set --no-color } && { autoload -Uz colors && colors } { ! option_is_set --no-color } && { autoload -Uz colors && colors }
# Some options are only available during insecure mode # Some options are only available during insecure mode
{ ! option_is_set --unsafe } && { { ! option_is_set --unsafe } && {
for opt in --tomb-pwd --use-urandom --tomb-old-pwd; do for opt in --tomb-pwd --tomb-old-pwd; do
{ option_is_set $opt } && { { option_is_set $opt } && {
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt } exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt }
done done