Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-09-28 04:39:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into gnupg-key-support

Browse Source
This commit is contained in:
Jaromil 2017-02-20 20:47:06 +01:00 committed by GitHub
commit bea7fe3f7c
5 changed files with 61 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
INSTALL.md
View File

@ -66,6 +66,7 @@ Tomb can use some optional tools to extend its functionalities:
executable | function executable | function
---------- | --------------------------------------------------- ---------- | ---------------------------------------------------
lsof | slam a tomb (close even if open programs)
dcfldd | show progress while digging tombs and keys dcfldd | show progress while digging tombs and keys
steghide | bury and exhume keys inside images steghide | bury and exhume keys inside images
resizefs | extend the size of existing tomb volumes resizefs | extend the size of existing tomb volumes

6
doc/tomb.1
View File

@ -1,4 +1,4 @@
.TH tomb 1 "November 26, 2014" "tomb" .TH tomb 1 "February 05, 2017" "tomb"
.SH NAME .SH NAME
Tomb \- the Crypto Undertaker Tomb \- the Crypto Undertaker
@ -114,9 +114,9 @@ the tomb is in use by running processes (to force close, see
.IP "slam" .IP "slam"
Closes a tomb like the command \fIclose\fR does, but it doesn't fail Closes a tomb like the command \fIclose\fR does, but it doesn't fail
even if the tomb is in use by other application processes: it looks even if the tomb is in use by other application processes: it looks
for and violently kills \-9 each of them. This command may for and closes each of them (in order: TERM, HUP, KILL). This command may
provoke unsaved data loss, but assists users to face surprise provoke unsaved data loss, but assists users to face surprise
situations. situations. It requires \fIlsof\fR else it falls back to \fIclose\fR.
.B .B

BIN
doc/tomb_manpage.pdf
View File

Binary file not shown.

35
extras/test/runtests
View File

@ -56,9 +56,11 @@ command -v qrencode > /dev/null || QRENCODE=0
typeset -A results typeset -A results
tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig tests=(dig forge lock badpass open close passwd chksum bind setkey recip-dig
recip-forge recip-lock recip-open recip-close recip-passwd recip-resize recip-forge recip-lock recip-open recip-close recip-passwd recip-resize
recip-setkey shared shared-passwd shared-setkey) recip-setkey shared shared-passwd shared-setkey)
{ test $RESIZER = 1 } && { tests+=(resize) } { test $RESIZER = 1 } && { tests+=(resize) }
{ test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) } { test $KDF = 1 } && { tests+=(kdforge kdfpass kdflock kdfopen) }
{ test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl { test $STEGHIDE = 1 } && { tests+=(stgin stgout stgopen stgpipe stgimpl
@ -322,7 +324,32 @@ test-regression() {
} }
test-open-read-only() {
notice "wiping all testro.tomb* in /tmp"
sudo rm -f /tmp/testro.tomb{,.key,.new.key}
# Create new
tt dig -s 20 /tmp/testro.tomb
tt forge /tmp/testro.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} --use-urandom
tt lock /tmp/testro.tomb -k /tmp/testro.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass}
notice "Testing open read only"
# Remove write privilege on test.tomb
chmod -w /tmp/testro.tomb
# Attempt to open the unwritable tomb with the read-only mount option
tt open /tmp/testro.tomb -k /tmp/testro.tomb.key \
--ignore-swap --unsafe --tomb-pwd ${dummypass} -o ro,noatime,nodev
{ test $? = 0 } && {
results+=(openro SUCCESS)
tt close testro
}
}
startloops=(`sudo losetup -a |cut -d: -f1`) startloops=(`sudo losetup -a |cut -d: -f1`)
@ -357,8 +384,8 @@ tt close test
{ test $? = 0 } && { results+=(close SUCCESS) } { test $? = 0 } && { results+=(close SUCCESS) }
# isolated function
test-open-read-only
notice "Testing changing tomb password" notice "Testing changing tomb password"

44
tomb
View File

@ -242,9 +242,9 @@ _plot() {
TOMBFILE=$(basename $TOMBPATH) TOMBFILE=$(basename $TOMBPATH)
# The tomb name is TOMBFILE without an extension. # The tomb name is TOMBFILE without an extension and underscores instead of spaces (for mount and cryptsetup)
# It can start with dots: ..foo.tomb -> ..foo # It can start with dots: ..foo bar baz.tomb -> ..foo_bar_baz
TOMBNAME="${TOMBFILE%\.[^\.]*}" TOMBNAME=${${TOMBFILE// /_}%.*}
[[ -z $TOMBNAME ]] && { [[ -z $TOMBNAME ]] && {
_failure "Tomb won't work without a TOMBNAME." } _failure "Tomb won't work without a TOMBNAME." }
@ -507,7 +507,8 @@ is_valid_tomb() {
_fail=0 _fail=0
# Tomb file must be a readable, writable, non-empty regular file. # Tomb file must be a readable, writable, non-empty regular file.
[[ ! -w "$1" ]] && { # If passed the "ro" mount option, the writable check is skipped.
[[ ! -w "$1" ]] && [[ $(option_value -o) != *"ro"* ]] && {
_warning "Tomb file is not writable: ::1 tomb file::" $1 _warning "Tomb file is not writable: ::1 tomb file::" $1
_fail=1 _fail=1
} }
@ -812,6 +813,8 @@ _ensure_dependencies() {
# Which wipe command to use # Which wipe command to use
command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s) command -v wipe 1>/dev/null 2>/dev/null && WIPE=(wipe -f -s)
# Check for lsof for slamming tombs
command -v lsof 1>/dev/null 2>/dev/null || LSOF=0
# Check for steghide # Check for steghide
command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0 command -v steghide 1>/dev/null 2>/dev/null || STEGHIDE=0
# Check for resize # Check for resize
@ -1159,7 +1162,7 @@ ask_key_password() {
# call cryptsetup with arguments using the currently known secret # call cryptsetup with arguments using the currently known secret
# echo flags eliminate newline and disable escape (BSD_ECHO) # echo flags eliminate newline and disable escape (BSD_ECHO)
_cryptsetup() { _cryptsetup() {
print -R -n - "$TOMBSECRET" | _sudo cryptsetup --key-file - ${=@} print -R -n - "$TOMBSECRET" | _sudo cryptsetup --key-file - ${@}
return $? return $?
} }
@ -2488,7 +2491,7 @@ search_tombs() {
# Use swish-e to search over contents # Use swish-e to search over contents
[[ $SWISH == 1 && -r $tombmount/.swish ]] && { [[ $SWISH == 1 && -r $tombmount/.swish ]] && {
_message "Searching contents in tomb ::1 tomb name::" $tombname _message "Searching contents in tomb ::1 tomb name::" $tombname
swish-e -w ${=@} -f $tombmount/.swish -H0 } swish-e -w ${@} -f $tombmount/.swish -H0 }
} || { } || {
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname _warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
_warning "Run 'tomb index' to create indexes." } _warning "Run 'tomb index' to create indexes." }
@ -2690,20 +2693,20 @@ umount_tomb() {
# Kill all processes using the tomb # Kill all processes using the tomb
slam_tomb() { slam_tomb() {
# $1 = tomb mount point # $1 = tomb mount point
if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then if [[ -z `lsof -t +D "$1" 2>/dev/null` ]]; then
return 0 return 0
fi fi
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP #Note: shells are NOT killed by INT or TERM, but they are killed by HUP
for s in TERM HUP KILL; do for s in TERM HUP KILL; do
_verbose "Sending ::1:: to processes inside the tomb:" $s _verbose "Sending ::1:: to processes inside the tomb:" $s
if option_is_set -D; then if option_is_set -D; then
ps -fp `fuser -m /media/a.tomb 2>/dev/null`| ps -fp `lsof -t +D "$1" 2>/dev/null`|
while read line; do while read line; do
_verbose $line _verbose $line
done done
fi fi
fuser -s -m "$1" -k -M -$s kill -$s `lsof -t +D "$1"`
if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then if [[ -z `lsof -t +D "$1" 2>/dev/null` ]]; then
return 0 return 0
fi fi
if ! option_is_set -f; then if ! option_is_set -f; then
@ -2893,28 +2896,33 @@ main() {
# CREATE Step 1: dig -s NN file.tomb # CREATE Step 1: dig -s NN file.tomb
dig) dig)
dig_tomb ${=PARAM} dig_tomb $PARAM
;; ;;
# CREATE Step 2: forge file.tomb.key # CREATE Step 2: forge file.tomb.key
forge) forge)
forge_key ${=PARAM} forge_key $PARAM
;; ;;
# CREATE Step 2: lock -k file.tomb.key file.tomb # CREATE Step 2: lock -k file.tomb.key file.tomb
lock) lock)
lock_tomb_with_key ${=PARAM} lock_tomb_with_key $PARAM
;; ;;
# Open the tomb # Open the tomb
mount|open) mount|open)
mount_tomb ${=PARAM} mount_tomb $PARAM
;; ;;
# Close the tomb # Close the tomb
# `slam` is used to force closing. # `slam` is used to force closing.
umount|close|slam) umount|close|slam)
[[ "$subcommand" == "slam" ]] && SLAM=1 [[ "$subcommand" == "slam" ]] && {
SLAM=1
[[ $LSOF == 0 ]] && {
unset SLAM
_warning "lsof not installed: cannot slam tombs."
_warning "Trying a regular close." }}
umount_tomb $PARAM[1] umount_tomb $PARAM[1]
;; ;;
@ -2939,7 +2947,7 @@ main() {
# Search tomb contents # Search tomb contents
search) search)
search_tombs ${=PARAM} search_tombs $PARAM
;; ;;
## Locking operations ## Locking operations
@ -2948,7 +2956,7 @@ main() {
engrave) engrave)
[[ $QRENCODE == 0 ]] && { [[ $QRENCODE == 0 ]] && {
_failure "QREncode not installed: cannot engrave keys on paper." } _failure "QREncode not installed: cannot engrave keys on paper." }
engrave_key ${=PARAM} engrave_key $PARAM
;; ;;
# Change password on existing key # Change password on existing key
@ -2958,7 +2966,7 @@ main() {
# Change tomb key # Change tomb key
setkey) setkey)
change_tomb_key ${=PARAM} change_tomb_key $PARAM
;; ;;
# STEGANOGRAPHY: hide key inside an image # STEGANOGRAPHY: hide key inside an image