tfixes to --tomb-pwd and new test script - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 8f9e9f9d2afcec6a81f1efd5fba765aa4d04c44c
(DIR) parent 61362ce34e757beadd43468ef279d8b2e0dddc56
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Wed, 12 Jun 2013 00:03:36 +0200
fixes to --tomb-pwd and new test script
Diffstat:
A extras/test/dig_forge_lock_open_cl… | 48 +++++++++++++++++++++++++++++++
D extras/test/simple.test.sh | 16 ----------------
M tomb | 39 ++++++++++++++++++++-----------
3 files changed, 73 insertions(+), 30 deletions(-)
---
(DIR) diff --git a/extras/test/dig_forge_lock_open_close.sh b/extras/test/dig_forge_lock_open_close.sh
t@@ -0,0 +1,48 @@
+#/usr/bin/env zsh
+
+T="../../tomb"
+source utils.sh
+
+rm /tmp/test.tomb{,.key} -f || exit 1
+
+sudo -k
+
+${T} dig -s 10 /tmp/test.tomb
+
+sudo losetup -a
+
+${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za --use-urandom \
+ forge /tmp/test.tomb.key
+
+sudo losetup -a
+
+${T} --ignore-swap --unsecure-dev-mode --tomb-pwd f00za \
+ lock /tmp/test.tomb -k /tmp/test.tomb.key
+
+sudo losetup -a
+
+# sanity_tomb /tmp/asd.tomb
+echo
+echo trying to open with wrong password
+echo
+
+${T} --unsecure-dev-mode --tomb-pwd wrongpassword \
+ open /tmp/test.tomb
+
+sudo losetup -a
+
+echo
+echo trying to open with good password
+echo
+
+${T} --unsecure-dev-mode --tomb-pwd f00za \
+ open /tmp/test.tomb
+
+sudo losetup -a
+
+${T} --unsecure-dev-mode close test
+
+sudo losetup -a
+
+rm /tmp/test.tomb{,.key} -f || exit 1
+
(DIR) diff --git a/extras/test/simple.test.sh b/extras/test/simple.test.sh
t@@ -1,16 +0,0 @@
-rm /tmp/asd.tomb{,.key} -f || exit 1
-sudo -k
-../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za --use-urandom create /tmp/asd -s 10 >&4 2>&4 || echo error creating: $? >&3
-sanity_tomb /tmp/asd.tomb || echo error sanity checks: $? >&3
-../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd wrongpassword open /tmp/asd.tomb >&4 2>&4 && echo error: open with wrong password is successful >&3
-../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd --tomb-pwd f00za open /tmp/asd.tomb >&4 2>&4 || echo error opening: $? >&3
-../tomb --no-color list >&4 2>&4 || echo error listing: $? >&3
-../tomb --no-color list --get-mountpoint asd >&4 || echo error listing specific: $? >&3
-mountpoint=`../tomb --no-color list --get-mountpoint asd`
-df $mountpoint >&4 || echo error df: $? >&3
-
-../tomb --no-color --unsecure-dev-mode --sudo-pwd $sudo_pwd close asd >&4 2>&4 || echo error closing: $? >&3
-
-rm /tmp/asd.tomb{,.key} -f
-
-
(DIR) diff --git a/tomb b/tomb
t@@ -40,10 +40,9 @@
# {{{ Global variables
-VERSION=1.3
-DATE="May/2013"
+VERSION=1.3.1
+DATE="Jun/2013"
TOMBEXEC=$0
-TOMBOPENEXEC="${TOMBEXEC}-open"
typeset -a OLDARGS
for arg in ${argv}; do OLDARGS+=($arg); done
DD="dd"
t@@ -191,7 +190,7 @@ check_priv() {
# save original user
username=$USER
if [ $UID != 0 ]; then
- xxx "Using sudo for root execution of 'tomb ${(f)OLDARGS}'"
+ xxx "Using sudo for root execution of '${TOMBEXEC} ${(f)OLDARGS}'"
# check if sudo has a timestamp active
sudok=false
t@@ -215,8 +214,8 @@ EOF
fi # are we root already
# make sure necessary kernel modules are loaded
- modprobe dm_mod
- modprobe dm_crypt
+ modprobe dm_mod 2>/dev/null
+ modprobe dm_crypt 2>/dev/null
return 0
}
t@@ -496,6 +495,13 @@ ask_key_password() {
local tombpass=""
if option_is_set --tomb-pwd; then
tombpass=`option_value --tomb-pwd`
+ xxx "ask_key_password takes tombpass from CLI argument: $tombpass"
+
+ get_lukskey "$tombpass" ${tombkey} >/dev/null
+
+ if [ $? = 0 ]; then
+ passok=1; _message "Password OK."; fi
+
else
for c in 1 2 3; do
if [ $c = 1 ]; then
t@@ -679,7 +685,8 @@ gen_key() {
unset tombpass
done
else
- tombpass=`option_value --tomb-pwd`
+ tombpass="`option_value --tomb-pwd`"
+ xxx "gen_key takes tombpass from CLI argument: $tombpass"
fi
t@@ -1046,7 +1053,7 @@ lock_tomb_with_key() {
fi
# load key from options or file
- tombkey=`load_key ${tombdir}/${tombfile}`
+ tombkey=`load_key ${tombdir}/${tombfile}.key`
{ test $? = 0 } || {
losetup -d $nstloop
die "Aborting operations: error loading key $tombkey" }
t@@ -1115,6 +1122,7 @@ lock_tomb_with_key() {
# backward compatibility
create_tomb() {
+ xxx "create_tomb(): ${=@} ${=OLDARGS}"
if ! [ $1 ]; then
_warning "no tomb name specified for creation"
return 1
t@@ -1125,19 +1133,20 @@ create_tomb() {
_warning "Creating this tomb would overwrite an existing file. Operation aborted."
die "`ls -lh $1`" }
- dig_tomb ${=PARAM}
{ test $? = 0 } || { die "Failed to dig tomb, operation aborted." }
+
tombfile=`basename $1`
tombdir=`dirname $1`
# make sure the file has a .tomb extension
tombname=${tombfile%%\.*}
tombfile=${tombname}.tomb
- forge_key ${tombfile}.key
+ ${TOMBEXEC} dig ${=PARAM}
+ ${TOMBEXEC} forge ${tombdir}/${tombfile}.key
{ test $? = 0 } || { die "Failed to forge key, operation aborted." }
- lock_tomb_with_key ${tombfile} -l ${tombfile}.key
+ ${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
{ test $? = 0 } || { die "Failed to lock tomb with key, operation aborted." }
yes "Tomb $tombname succesfully created"
t@@ -1212,6 +1221,7 @@ mount_tomb() {
if [ $? != 0 ]; then
# is it a LUKS encrypted nest? see cryptsetup(1)
_warning "$tombfile is not a valid Luks encrypted storage file"
+ losetup -d ${nstloop}
return 1
fi
say "this tomb is a valid LUKS encrypted device"
t@@ -1238,6 +1248,7 @@ mount_tomb() {
tombpass=`ask_key_password $tombkey`
{ test $? = 0 } || {
+ losetup -d ${nstloop}
die "No valid password supplied" }
get_lukskey "${tombpass}" ${tombkey} | \
t@@ -1884,10 +1895,10 @@ main() {
subcommands_opts[open]="f n -nohook=n k: -key=k o: -mount-options=o -ignore-swap -sudo-pwd: -tomb-pwd:"
subcommands_opts[mount]=${subcommands_opts[open]}
- subcommands_opts[create]="f s: -size=s -force k: -key=k -ignore-swap -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
+ subcommands_opts[create]="f -force -ignore-swap s: -size=s k: -key=k -kdf: -sudo-pwd: -tomb-pwd: -use-urandom"
- subcommands_opts[forge]="f -ignore-swap k: -key=k -kdf: -use-urandom"
- subcommands_opts[dig]="f -ignore-swap s: -size=s"
+ subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: -tomb-pwd: -use-urandom"
+ subcommands_opts[dig]="f -forge -ignore-swap s: -size=s"
subcommands_opts[lock]="f -force -ignore-swap s: -size=s k: -key=k -sudo-pwd: -tomb-pwd:"
subcommands_opts[passwd]="f -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "