tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE

commit e48c7c4a85079042aceca3d3697122b6e9f41bfe
parent b7f4e3a7fd39ad03bcd58e5f5bfbb41a3969f0a5
Author: Jaromil <jaromil@dyne.org>
Date:   Fri, 21 Nov 2014 22:25:43 +0100

Added new --unsafe mode: -k cleartext

Using the 'cleartext' name for a key will read it from stdin and
expect it to be unencrypted. This is an unsafe mode of operation,
but useful i.e. to open remote tombs by piping the key over ssh,
or using a different software than Tomb to de/crypt keys.

This commit also renames the flag --unsecure-dev-mode into --unsafe
and includes a minor fix to the last opened date shown on open.

Addressing issue #161

Diffstat:
Mtomb | 42+++++++++++++++++++++++++++++++-----------
1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/tomb b/tomb @@ -772,6 +772,14 @@ is_valid_key() { _verbose "is_valid_key" [[ -z $key ]] && key=$TOMBKEY + [[ "$key" = "cleartext" ]] && { + { option_is_set --unsafe } || { + _warning "cleartext key from stdin selected: this is unsafe." + exitv=127 _failure "please use --unsafe if you really want to do this." + } + _warning "received key in cleartext from stdin (unsafe mode)" + return 0 } + [[ -z $key ]] && { _warning "is_valid_key() called without an argument." return 1 @@ -819,25 +827,31 @@ _load_key() { [[ -z $keyfile ]] && { _failure "This operation requires a key file to be specified using the -k option." } - [[ $keyfile == "-" ]] && { + if [[ $keyfile == "-" ]]; then _verbose "load_key reading from stdin." _message "Waiting for the key to be piped from stdin... " TOMBKEYFILE=stdin TOMBKEY=$(cat) - } || { + elif [[ $keyfile == "cleartext" ]]; then + _verbose "load_key reading SECRET from stdin" + _message "Waiting for the key to be piped from stdin... " + TOMBKEYFILE=cleartext + TOMBKEY=cleartext + TOMBSECRET=$(cat) + else _verbose "load_key argument: ::1 key file::" $keyfile - [[ -r $keyfile ]] || _failure "Key not found, specify one using -k." + [[ -r $keyfile ]] || _failure "Key not found, specify one using -k." TOMBKEYFILE=$keyfile TOMBKEY="${mapfile[$TOMBKEYFILE]}" - } + fi _verbose "load_key: ::1 key::" $TOMBKEYFILE - + is_valid_key $TOMBKEY || { _warning "The key seems invalid or its format is not known by this version of Tomb." _tomb_key_recover $TOMBKEY } - + # Declared TOMBKEYFILE (path) # Declared TOMBKEY (contents) @@ -933,6 +947,10 @@ ask_key_password() { [[ -z $TOMBKEYFILE ]] && { _failure "Internal error: ask_key_password() called before _load_key()." } + [[ "$TOMBKEYFILE" = "cleartext" ]] && { + _verbose "no password needed, using secret bytes from stdin" + return 0 } + _message "A password is required to use key ::1 key::" $TOMBKEYFILE passok=0 tombpass="" @@ -979,7 +997,7 @@ ask_key_password() { # call cryptsetup with arguments using the currently known secret # echo flags eliminate newline and disable escape (BSD_ECHO) _cryptsetup() { - print -R -n - "$TOMBSECRET" | cryptsetup --key-file - ${=@} + print -R - "$TOMBSECRET" | cryptsetup --key-file - ${=@} return $? } @@ -1729,6 +1747,8 @@ mount_tomb() { _success "Success opening ::1 tomb file:: on ::2 mount point::" $TOMBFILE $tombmount + local tombtty tombhost tombuid tombuser + # print out when was opened the last time, by whom and where [[ -r ${tombmount}/.last ]] && { tombtty=$(_cat ${tombmount}/.tty | tr -d ' ') @@ -1740,7 +1760,7 @@ mount_tomb() { tombuser="${e[(ws@:@)1]}" } done _message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost - _message "on date ::1 date::" $(date --date @$tomblast +%c) + _message "on date ::1 date::" "`date --date=@${tomblast} +%c`" } # write down the UID and TTY that opened the tomb rm -f ${tombmount}/.uid @@ -2409,7 +2429,7 @@ main() { # can only use the non-abbreviated long-option version like: # -force and NOT -f # - main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsecure-dev-mode) + main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsafe) subcommands_opts[__default]="" subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: " subcommands_opts[mount]=${subcommands_opts[open]} @@ -2512,10 +2532,10 @@ main() { # Use colors unless told not to { ! option_is_set --no-color } && { autoload -Uz colors && colors } # Some options are only available during insecure mode - { ! option_is_set --unsecure-dev-mode } && { + { ! option_is_set --unsafe } && { for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do { option_is_set $opt } && { - exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" $opt } + exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsafe" $opt } done }