tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit 12f49bf2ff6f5ce6cfad43acba83893519179cfd
parent 7fb404d97c42dc3018e8b67d61c42d90d6ff7122
Author: Jaromil <jaromil@dyne.org>
Date:   Fri, 21 Feb 2014 22:40:06 +0100

another fix to key handling

ultimately removing the case in which we guess if the key is near
the tomb: that is not anymore in documentation and we stop encouraging
to keep the key near the tomb.

Diffstat:

Mtomb | 32+++++++++++++-------------------


1 file changed, 13 insertions(+), 19 deletions(-)

diff --git a/tomb b/tomb
@@ -540,22 +540,17 @@ check_bin() {
 # On success returns 0 and prints out the full path to the key
 load_key() {
     # take the name of a tomb file as argument
-    # this is used for guessing if the key is nearby
-    { test "$1" = "" } || {
-	tombdir=`dirname $1`
-	tombfile=`basename $1`
-	tombname=${tombfile%%\.*}
-    }
-
     if option_is_set -k ; then
 	if [[ "`option_value -k`" == "-" ]]; then
 	    xxx "load_key reading from stdin"
 	    # take key from stdin
 	    tombkeydir=`safe_dir load_key_stdin` # global used to check if key from stdin
 	    xxx "tempdir is $tombkeydir"
+	    act "waiting for the key to be piped from stdin... "
 	    cat > ${tombkeydir}/stdin.tmp.key
+	    print ok >&2
 	    tombdir=${tombkeydir}
-	    tombfile=stdin.tmp
+	    tombfile=stdin.tmp.key
 	    tombname="stdin"
 	elif [[ "`option_value -k`" != "" ]]; then
 	    xxx "load_key argument: `option_value -k`"
@@ -564,23 +559,19 @@ load_key() {
 	    tombdir=`dirname $tombkey`
 	    tombfile=`basename $tombkey`
 	fi
+
+    else # no -k specified
+	die "this operation requires a key file to be specified using the -k option"
+	return 1
     fi
 
-    tombkey=${tombdir}/${tombfile}.key
+    tombkey=${tombdir}/${tombfile}
 
     xxx "load_key: ${tombkey}"
-
-    if [ -r "${tombkey}" ]; then
-	if [ "$tombkeydir" = "" ]; then
-	    _message "We'll use this key: ${tombkey}"
-        else
-	    _message "We'll use the key piped from stdin"
-        fi
-    else
+    { test -r "${tombkey}" } || {
 	_warning "Key not found, specify one using -k"
 	drop_key
-	return 1
-    fi
+	return 1 }
 
     # this does a check on the file header
     if ! is_valid_key ${tombkey}; then
@@ -1452,6 +1443,7 @@ mount_tomb() {
     if [ $? = 255 ]; then
 	die "too many tomb opened. Please close any of them to open another tomb"
     fi
+    xxx "next free loop device: $nstloop"
     losetup -f ${tombdir}/${tombfile}
 
     cryptsetup isLuks ${nstloop}
@@ -1481,6 +1473,8 @@ mount_tomb() {
     mapdate=`date +%s`
 
     mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
+    xxx "dev mapper device: $mapper"
+    xxx "tomb key: $tombkey"
     keyname=`basename $tombkey | cut -d. -f1`
 
     tombpass=`ask_key_password $tombkey`