tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE

commit 37792ffdc5fd5d697b7e4df11428689234d361d2
parent 5f5fb06d433f384be36c61b02bc7cc45976d8558
Author: Jaromil <jaromil@dyne.org>
Date:   Sat, 25 May 2013 15:04:16 +0200

cleanup of the main script
improved binary check, made resize optional
and set aside old install command (was already unused)

Diffstat:
Aextras/desktop/install.zsh | 90+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mtomb | 169++++++++++++++++++++++---------------------------------------------------------
2 files changed, 136 insertions(+), 123 deletions(-)

diff --git a/extras/desktop/install.zsh b/extras/desktop/install.zsh @@ -0,0 +1,90 @@ +# {{{ - Install +# install mime-types, bells and whistles for the desktop +# see http://developers.sun.com/solaris/articles/integrating_gnome.html +# and freedesktop specs +install_tomb() { + +# TODO: distro package deps (for binary) +# debian: zsh, cryptsetup, sudo + _message "updating mimetypes..." + cat <<EOF > /tmp/dyne-tomb.xml +<?xml version="1.0"?> +<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'> + <mime-type type="application/x-tomb-volume"> + <comment>Tomb crypto volume</comment> + <glob pattern="*.tomb"/> + </mime-type> + <mime-type type="application/x-tomb-key"> + <comment>Tomb crypto key</comment> + <glob pattern="*.tomb.key"/> + </mime-type> +</mime-info> +EOF + xdg-mime install /tmp/dyne-tomb.xml + xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort + xdg-icon-resource install --size 32 monmort.xpm dyne-monmort + + rm /tmp/dyne-tomb.xml + + _message "updating desktop..." + cat <<EOF > /usr/share/applications/tomb.desktop +[Desktop Entry] +Version=1.0 +Type=Application +Name=Tomb crypto undertaker +GenericName=Crypto undertaker +Comment=Keep your bones safe +Exec="${TOMBOPENEXEC}" %U +TryExec=tomb-open +Icon=monmort.xpm +Terminal=true +Categories=Utility;Security;Archiving;Filesystem; +MimeType=application/x-tomb-volume; +X-AppInstall-Package=tomb +EOF + update-desktop-database + + _message "updating menus..." + cat <<EOF > /etc/menu/tomb +?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="text" \ + section="Applications/Accessories" title="Tomb" hints="Crypto" \ + hotkey="Tomb" +EOF + update-menus + + _message "updating mime info..." + cat <<EOF > /usr/share/mime-info/tomb.keys +# actions for encrypted tomb storage +application/x-tomb-volume: + open="${TOMBOPENEXEC}" %f + view=tomb-open %f + icon-filename=monmort.xpm + short_list_application_ids_for_novice_user_level=tomb +EOF + cat <<EOF > /usr/share/mime-info/tomb.mime +# mime type for encrypted tomb storage +application/x-tomb-volume + ext: tomb + +application/x-tomb-key + ext: tomb.key +EOF + cat <<EOF > /usr/lib/mime/packages/tomb +application/x-tomb-volume; tomb-open '%s'; priority=8 +EOF + update-mime + + _message "updating application entry..." + + cat <<EOF > /usr/share/application-registry/tomb.applications +tomb + command=tomb-open + name=Tomb - Crypto Undertaker + can_open_multiple_files=false + expects_uris=false + requires_terminal=true + mime-types=application/x-tomb-volume,application/x-tomb-key +EOF + _message "Tomb is now installed." +} +# }}} diff --git a/tomb b/tomb @@ -31,6 +31,7 @@ typeset -a OLDARGS for arg in ${argv}; do OLDARGS+=($arg); done STEGHIDE=1 MKTEMP=1 +RESIZER=1 MOUNTOPTS="rw,noatime,nodev" typeset -A global_opts @@ -169,33 +170,29 @@ progress() { check_bin() { # check for required programs - for req in pinentry sudo gpg; do - which $req >/dev/null || die "Cannot find $req. Please install it." 1 + for req in cryptsetup pinentry sudo gpg; do + command -v $req >/dev/null || die "Cannot find $req. It's a requirement to use Tomb, please install it." 1 done export PATH=/sbin:/usr/sbin:$PATH - which cryptsetup > /dev/null && CRYPTSETUP=cryptsetup || die "Cryptsetup not found in $PATH." 1 - # which dd command to use - which dcfldd > /dev/null && DD=dcfldd || DD=dd + command -v dcfldd > /dev/null && DD=dcfldd || DD=dd # which wipe command to use - which wipe > /dev/null && WIPE="wipe -f -s" || WIPE="rm -f" + command -v wipe > /dev/null && WIPE="wipe -f -s" || WIPE="rm -f" # check for filesystem creation progs - which mkfs.ext4 > /dev/null && \ + command -v mkfs.ext4 > /dev/null && \ MKFS="mkfs.ext4 -q -F -j -L" || \ MKFS="mkfs.ext3 -q -F -j -L" # check for mktemp - which mktemp > /dev/null || MKTEMP=0 + command -v mktemp > /dev/null || MKTEMP=0 # check for steghide - which steghide > /dev/null || STEGHIDE=0 - - # resize suite check bin! - which e2fsck > /dev/null || die "Cannot find e2fsck. Please install it." 1 - which resize2fs > /dev/null || die "Cannot find resize2fs. Please install it." 1 + command -v steghide > /dev/null || STEGHIDE=0 + # check for resize + command -v e2fsck resize2fs > /dev/null || RESIZER=0 if which tomb-kdf-pbkdf2 &> /dev/null; then KDF_PBKDF2="tomb-kdf-pbkdf2" @@ -356,6 +353,10 @@ EOF sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}" exit $? fi # are we root already + + # make sure necessary kernel modules are loaded + modprobe dm_crypt + return 0 } # }}} @@ -393,8 +394,12 @@ Commands: slam slam a TOMB killing all programs using it passwd change the password of a KEY - resize resize a TOMB to a new --size (can only grow) EOF + if [ "$RESIZER" = 1 ]; then + cat <<EOF + resize resize a TOMB to a new --size (can only grow) +EOF + fi if [ "$STEGHIDE" = 1 ]; then cat <<EOF bury hide a KEY inside a JPEG image @@ -680,7 +685,7 @@ forge_key() { _message "Commanded to forge key $1" if ! [ $1 ]; then - _warning "no key name specified for creation" + _warning "no key name specified for creation" return 1 fi @@ -759,7 +764,9 @@ forge_key() { ls -lh ${tombkey} } -# dig a tomb +# Dig a tomb, means that it will create an empty file to be formatted +# as a loopback filesystem. Initially the file is filled with random data +# taken from /dev/urandom which improves the tomb's overall security dig_tomb() { _message "Commanded to dig tomb $1" @@ -1111,8 +1118,10 @@ gen_key() { ;; esac echo -n $header - gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \ - -o - -c -a ${lukskey} <<< "${tombpass}" + + print "${tombpass}" \ + | gpg --openpgp --batch --no-options --no-tty --passphrase-fd 0 2>/dev/null \ + -o - -c -a ${lukskey} unset tombpass } @@ -1531,7 +1540,7 @@ umount_tomb() { return 0 } # }}} -# }}} + # {{{ - Change Password # $1 is the tomb key path @@ -1686,18 +1695,18 @@ resize_tomb() { _message "Password is required for key ${keyname}" for c in 1 2 3; do - if [ $c = 1 ]; then - tombpass=`exec_as_user ${TOMBEXEC} askpass ${keyname}` - else - tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"` - fi + if [ $c = 1 ]; then + tombpass=`exec_as_user ${TOMBEXEC} askpass ${keyname}` + else + tombpass=`exec_as_user ${TOMBEXEC} askpass "$keyname (retry $c)"` + fi get_lukskey "${tombpass}" ${tombkey} | \ cryptsetup --key-file - luksOpen ${nstloop} ${mapper} - + unset tombpass - if [ -r /dev/mapper/${mapper} ]; then - break; # password was correct + if [ -r /dev/mapper/${mapper} ]; then + break; # password was correct fi done @@ -1871,8 +1880,8 @@ list_tombs() { for h in ${mounted_hooks}; do print -n "$fg_no_bold[green]$tombname" print -n "$fg_no_bold[white] hooks " - print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`" - print -n "$fg_no_bold[white] on " +# print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`" +# print -n "$fg_no_bold[white] on " print "$fg_bold[white]${h[(ws:;:)2]}$fg_no_bold[white]" done done @@ -1931,98 +1940,7 @@ launch_status() { return 0 } # }}} -# {{{ - Install GUI -# install mime-types, bells and whistles for the desktop -# see http://developers.sun.com/solaris/articles/integrating_gnome.html -# and freedesktop specs -install_tomb() { - -# TODO: distro package deps (for binary) -# debian: zsh, cryptsetup, sudo - _message "updating mimetypes..." - cat <<EOF > /tmp/dyne-tomb.xml -<?xml version="1.0"?> -<mime-info xmlns='http://www.freedesktop.org/standards/shared-mime-info'> - <mime-type type="application/x-tomb-volume"> - <comment>Tomb encrypted volume</comment> - <glob pattern="*.tomb"/> - </mime-type> - <mime-type type="application/x-tomb-key"> - <comment>Tomb crypto key</comment> - <glob pattern="*.tomb.key"/> - </mime-type> -</mime-info> -EOF - xdg-mime install /tmp/dyne-tomb.xml - xdg-icon-resource install --context mimetypes --size 32 monmort.xpm monmort - xdg-icon-resource install --size 32 monmort.xpm dyne-monmort - - rm /tmp/dyne-tomb.xml - - _message "updating desktop..." - cat <<EOF > /usr/share/applications/tomb.desktop -[Desktop Entry] -Version=1.0 -Type=Application -Name=Tomb crypto undertaker -GenericName=Crypto undertaker -Comment=Keep your bones safe -Exec="${TOMBOPENEXEC}" %U -TryExec=tomb-open -Icon=monmort.xpm -Terminal=true -Categories=Utility;Security;Archiving;Filesystem; -MimeType=application/x-tomb-volume; -X-AppInstall-Package=tomb -EOF - update-desktop-database - _message "updating menus..." - cat <<EOF > /etc/menu/tomb -?package(tomb):command="tomb" icon="/usr/share/pixmaps/monmort.xpm" needs="text" \ - section="Applications/Accessories" title="Tomb" hints="Crypto" \ - hotkey="Tomb" -EOF - update-menus - - _message "updating mime info..." - cat <<EOF > /usr/share/mime-info/tomb.keys -# actions for encrypted tomb storage -application/x-tomb-volume: - open="${TOMBOPENEXEC}" %f - view=tomb-open %f - icon-filename=monmort.xpm - short_list_application_ids_for_novice_user_level=tomb -EOF - cat <<EOF > /usr/share/mime-info/tomb.mime -# mime type for encrypted tomb storage -application/x-tomb-volume - ext: tomb - -application/x-tomb-key - ext: tomb.key -EOF - cat <<EOF > /usr/lib/mime/packages/tomb -application/x-tomb-volume; tomb-open '%s'; priority=8 -EOF - update-mime - - _message "updating application entry..." - - cat <<EOF > /usr/share/application-registry/tomb.applications -tomb - command=tomb-open - name=Tomb - Crypto Undertaker - can_open_multiple_files=false - expects_uris=false - requires_terminal=true - mime-types=application/x-tomb-volume,application/x-tomb-key -EOF - _message "Tomb is now installed." -} -# }}} - -# }}} # {{{ MAIN COMMAND main() { @@ -2230,9 +2148,14 @@ main() { decode_key $PARAM[1] $PARAM[2] ;; resize) - check_priv - resize_tomb $PARAM[1] - ;; + if [ "$RESIZER" = 0 ]; then + _warning "resize2fs not installed. Cannot resize your tomb." + return 1 + fi + check_priv + resize_tomb $PARAM[1] + ;; + # internal commands useful to developers 'source') return 0 ;; install) check_priv ; install_tomb ;;