t[clenaup] Uppercase secrets - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 43225c790e583079d1d8efed6ba386043b98d4c4
DIR parent fe01a62467f8e815903de98c0cba17ff81a089ee
HTML Author: hellekin <hellekin@cepheide.org>
Date: Thu, 23 Oct 2014 03:44:45 -0300
t[clenaup] Uppercase secrets
Diffstat:
M tomb | 55 +++++++++++++++----------------
1 file changed, 27 insertions(+), 28 deletions(-)
---
DIR diff --git a/tomb b/tomb
t@@ -79,10 +79,10 @@ typeset -H TOMBFILE # File name of the tomb
typeset -H TOMBNAME # Name of the tomb
# Tomb secrets
-typeset -H TOMBKEY # Key contents (see forge_key(), recover_key())
-typeset -H TOMBKEYFILE # Key file (ditto)
-typeset -H tomb_secret
-typeset -H tomb_password
+typeset -H TOMBKEY # Encrypted key contents (see forge_key(), recover_key())
+typeset -H TOMBKEYFILE # Key file (ditto)
+typeset -H TOMBSECRET # Raw deciphered key (see forge_key(), gpg_decrypt())
+typeset -H TOMBPASSWORD # Raw tomb passphrase (see gen_key(), ask_key_password())
typeset -aH tomb_tempfiles
typeset -aH tomb_loopdevs
t@@ -111,8 +111,8 @@ endgame() {
TOMBNAME="$rr"; unset TOMBNAME
TOMBKEY="$rr"; unset TOMBKEY
TOMBKEYFILE="$rr"; unset TOMBKEYFILE
- tomb_secret="$rr"; unset tomb_secret
- tomb_password="$rr"; unset tomb_password
+ TOMBSECRET="$rr"; unset TOMBSECRET
+ TOMBPASSWORD="$rr"; unset TOMBPASSWORD
for f in $tomb_tempfiles; do
${=WIPE} "$f"; done
t@@ -415,8 +415,8 @@ dump_secrets() {
_verbose "TOMBFILE: ::1 tomb file::" $TOMBFILE
_verbose "TOMBKEY: ::1 key:: chars long" ${#TOMBKEY}
_verbose "TOMBKEYFILE: ::1 key file::" $TOMBKEYFILE
- _verbose "tomb_secret: ::1 secret:: chars long" ${#tomb_secret}
- _verbose "tomb_password: ::1 tomb pass::" $tomb_password
+ _verbose "TOMBSECRET: ::1 secret:: chars long" ${#TOMBSECRET}
+ _verbose "TOMBPASSWORD: ::1 tomb pass::" $TOMBPASSWORD
_verbose "tomb_tempfiles: ::1 temp files::" ${(@)tomb_tempfiles}
_verbose "tomb_loopdevs: ::1 loopdevs::" ${(@)tomb_loopdevs}
t@@ -731,7 +731,7 @@ gpg_decrypt() {
if [ "$gpgver" = "1.4.11" ]; then
_verbose "GnuPG is version 1.4.11 - adopting status fix."
- tomb_secret=`print - "$gpgpass" | \
+ TOMBSECRET=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options"`
ret=$?
unset gpgpass
t@@ -742,7 +742,7 @@ gpg_decrypt() {
tmp_create
_status=`tmp_new`
- tomb_secret=`print - "$gpgpass" | \
+ TOMBSECRET=`print - "$gpgpass" | \
gpg --batch --passphrase-fd 0 --no-tty --no-options \
--status-fd 2 --no-mdc-warning --no-permission-warning \
--no-secmem-warning 2> $_status`
t@@ -791,7 +791,7 @@ get_lukskey() {
fi
- gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
+ gpg_decrypt "$_password" # Save decrypted contents into $TOMBSECRET
ret="$?"
t@@ -801,7 +801,7 @@ get_lukskey() {
# This function asks the user for the password to use the key it tests
# it against the return code of gpg on success returns 0 and saves
-# the password in the global variable $tomb_password
+# the password in the global variable $TOMBPASSWORD
ask_key_password() {
[[ -z $TOMBKEYFILE ]] && {
_failure "Internal error: ask_key_password() called before load_key()." }
t@@ -875,7 +875,7 @@ change_passwd() {
_success "Changing password for ::1 key file::" $TOMBKEYFILE
- # here $tomb_secret contains the key material in clear
+ # Here $TOMBSECRET contains the key material in clear
if option_is_set --tomb-pwd; then
tomb_new_pwd="`option_value --tomb-pwd`"
t@@ -971,15 +971,14 @@ gen_key() {
--batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
-o - -c -a
${tombpass}
-${tomb_secret}
+$TOMBSECRET
EOF
# print -n "${tombpass}" \
# | gpg --openpgp --force-mdc --cipher-algo ${algo} \
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
# -o - -c -a ${lukskey}
- # update global var
- tomb_password="$tombpass"
+ TOMBPASSWORD="$tombpass" # Set global variable
unset tombpass
unset tombpasstmp
}
t@@ -1042,7 +1041,7 @@ bury_key() {
/^Version/ {next}
{print $0}' \
| steghide embed --embedfile - --coverfile ${imagefile} \
- -p ${tomb_password} -z 9 -e serpent cbc
+ -p $TOMBPASSWORD -z 9 -e serpent cbc
if [ $? != 0 ]; then
_warning "Encoding error: steghide reports problems."
res=1
t@@ -1105,9 +1104,9 @@ exhume_key() {
if option_is_set --tomb-pwd; then
tombpass="`option_value --tomb-pwd`"
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
- elif [[ "$tomb_password" != "" ]]; then
+ elif [[ -n $TOMBPASSWORD ]]; then
# password is known already
- tombpass="$tomb_password"
+ tombpass=$TOMBPASSWORD
else
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
if [[ $? != 0 ]]; then
t@@ -1264,12 +1263,12 @@ forge_key() {
fi
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
- tomb_secret=`${=DD} bs=1 count=256 if=$random_source`
- { test $? = 0 } || {
+ TOMBSECRET=`${=DD} bs=1 count=256 if=$random_source`
+ [[ $? == 0 ]] || {
_warning "Cannot generate encryption key."
_failure "Operation aborted." }
- # here the global var tomb_secret contains the nude secret
+ # Here the global variable TOMBSECRET contains the naked secret
_success "Choose the password of your key: ::1 tomb key::" $TOMBKEYFILE
_message "(You can also change it later using 'tomb passwd'.)"
t@@ -1379,7 +1378,7 @@ lock_tomb_with_key() {
_success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE
_message "Formatting Luks mapped device."
- print -n - "$tomb_secret" | \
+ print -n - $TOMBSECRET | \
cryptsetup --key-file - --batch-mode \
--cipher ${cipher} --key-size 256 --key-slot 0 \
luksFormat ${nstloop}
t@@ -1388,7 +1387,7 @@ lock_tomb_with_key() {
_failure "Operation aborted."
fi
- print -n - "$tomb_secret" | \
+ print -n - $TOMBSECRET | \
cryptsetup --key-file - \
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
if ! [ $? = 0 ]; then
t@@ -1463,7 +1462,7 @@ change_tomb_key() {
fi
{ test $? = 0 } || {
_failure "No valid password supplied for the old key." }
- old_secret="$tomb_secret"
+ old_secret=$TOMBSECRET
# luksOpen the tomb (not really mounting, just on the loopback)
print -n - "$old_secret" | \
t@@ -1486,7 +1485,7 @@ change_tomb_key() {
fi
{ test $? = 0 } || {
_failure "No valid password supplied for the new key." }
- new_secret="$tomb_secret"
+ new_secret=$TOMBSECRET
# danger zone: due to cryptsetup limitations, in setkey we need
# to write the bare unencrypted key on the tmpfs.
t@@ -1631,7 +1630,7 @@ mount_tomb() {
{ test $? = 0 } || {
_failure "No valid password supplied." }
- print -n - "$tomb_secret" | \
+ print -n - $TOMBSECRET | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
if ! [ -r /dev/mapper/${mapper} ]; then
t@@ -2156,7 +2155,7 @@ resize_tomb() {
mapdate=`date +%s`
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
- print -n - "$tomb_secret" | \
+ print -n - $TOMBSECRET | \
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
if ! [ -r /dev/mapper/${mapper} ]; then