[clenaup] Uppercase secrets - tomb - the crypto undertaker

commit 43225c790e583079d1d8efed6ba386043b98d4c4
parent fe01a62467f8e815903de98c0cba17ff81a089ee
Author: hellekin <hellekin@cepheide.org>
Date:   Thu, 23 Oct 2014 03:44:45 -0300

[clenaup] Uppercase secrets

Diffstat:
M tomb  | 55 +++++++++++++++++++++++++++----------------------------

1 file changed, 27 insertions(+), 28 deletions(-)
diff --git a/tomb b/tomb
@@ -79,10 +79,10 @@ typeset -H TOMBFILE           # File name of the tomb
 typeset -H TOMBNAME           # Name of the tomb
 
 # Tomb secrets
-typeset -H TOMBKEY            # Key contents (see forge_key(), recover_key())
-typeset -H TOMBKEYFILE        # Key file     (ditto)
-typeset -H tomb_secret
-typeset -H tomb_password
+typeset -H TOMBKEY            # Encrypted key contents (see forge_key(), recover_key())
+typeset -H TOMBKEYFILE        # Key file               (ditto)
+typeset -H TOMBSECRET         # Raw deciphered key     (see forge_key(), gpg_decrypt())
+typeset -H TOMBPASSWORD       # Raw tomb passphrase    (see gen_key(), ask_key_password())
 
 typeset -aH tomb_tempfiles
 typeset -aH tomb_loopdevs
@@ -111,8 +111,8 @@ endgame() {
     TOMBNAME="$rr";      unset TOMBNAME
     TOMBKEY="$rr";       unset TOMBKEY
     TOMBKEYFILE="$rr";   unset TOMBKEYFILE
-    tomb_secret="$rr";   unset tomb_secret
-    tomb_password="$rr"; unset tomb_password
+    TOMBSECRET="$rr";    unset TOMBSECRET
+    TOMBPASSWORD="$rr";  unset TOMBPASSWORD
 
     for f in $tomb_tempfiles; do
         ${=WIPE} "$f"; done
@@ -415,8 +415,8 @@ dump_secrets() {
     _verbose "TOMBFILE: ::1 tomb file::" $TOMBFILE
     _verbose "TOMBKEY: ::1 key:: chars long" ${#TOMBKEY}
     _verbose "TOMBKEYFILE: ::1 key file::" $TOMBKEYFILE
-    _verbose "tomb_secret: ::1 secret:: chars long" ${#tomb_secret}
-    _verbose "tomb_password: ::1 tomb pass::" $tomb_password
+    _verbose "TOMBSECRET: ::1 secret:: chars long" ${#TOMBSECRET}
+    _verbose "TOMBPASSWORD: ::1 tomb pass::" $TOMBPASSWORD
 
     _verbose "tomb_tempfiles: ::1 temp files::" ${(@)tomb_tempfiles}
     _verbose "tomb_loopdevs: ::1 loopdevs::" ${(@)tomb_loopdevs}
@@ -731,7 +731,7 @@ gpg_decrypt() {
     if [ "$gpgver" = "1.4.11" ]; then
         _verbose "GnuPG is version 1.4.11 - adopting status fix."
 
-        tomb_secret=`print - "$gpgpass" | \
+        TOMBSECRET=`print - "$gpgpass" | \
             gpg --batch --passphrase-fd 0 --no-tty --no-options"`
         ret=$?
         unset gpgpass
@@ -742,7 +742,7 @@ gpg_decrypt() {
         tmp_create
         _status=`tmp_new`
 
-        tomb_secret=`print - "$gpgpass" | \
+        TOMBSECRET=`print - "$gpgpass" | \
             gpg --batch --passphrase-fd 0 --no-tty --no-options \
             --status-fd 2 --no-mdc-warning --no-permission-warning \
             --no-secmem-warning 2> $_status`
@@ -791,7 +791,7 @@ get_lukskey() {
 
     fi
 
-    gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
+    gpg_decrypt "$_password" # Save decrypted contents into $TOMBSECRET
 
     ret="$?"
 
@@ -801,7 +801,7 @@ get_lukskey() {
 
 # This function asks the user for the password to use the key it tests
 # it against the return code of gpg on success returns 0 and saves
-# the password in the global variable $tomb_password
+# the password in the global variable $TOMBPASSWORD
 ask_key_password() {
     [[ -z $TOMBKEYFILE ]] && {
         _failure "Internal error: ask_key_password() called before load_key()." }
@@ -875,7 +875,7 @@ change_passwd() {
 
     _success "Changing password for ::1 key file::" $TOMBKEYFILE
 
-    # here $tomb_secret contains the key material in clear
+    # Here $TOMBSECRET contains the key material in clear
 
     if option_is_set --tomb-pwd; then
         tomb_new_pwd="`option_value --tomb-pwd`"
@@ -971,15 +971,14 @@ gen_key() {
         --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
         -o - -c -a
 ${tombpass}
-${tomb_secret}
+$TOMBSECRET
 EOF
     # print -n "${tombpass}" \
     #     | gpg --openpgp --force-mdc --cipher-algo ${algo} \
     #     --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
     #     -o - -c -a ${lukskey}
 
-    # update global var
-    tomb_password="$tombpass"
+    TOMBPASSWORD="$tombpass"    # Set global variable
     unset tombpass
     unset tombpasstmp
 }
@@ -1042,7 +1041,7 @@ bury_key() {
 /^Version/ {next}
 {print $0}' \
     | steghide embed --embedfile - --coverfile ${imagefile} \
-    -p ${tomb_password} -z 9 -e serpent cbc
+    -p $TOMBPASSWORD -z 9 -e serpent cbc
     if [ $? != 0 ]; then
        _warning "Encoding error: steghide reports problems."
        res=1
@@ -1105,9 +1104,9 @@ exhume_key() {
     if option_is_set --tomb-pwd; then
         tombpass="`option_value --tomb-pwd`"
         _verbose "tomb-pwd = ::1 tomb pass::" $tombpass
-    elif [[ "$tomb_password" != "" ]]; then
+    elif [[ -n $TOMBPASSWORD ]]; then
         # password is known already
-        tombpass="$tomb_password"
+        tombpass=$TOMBPASSWORD
     else
         tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
         if [[ $? != 0 ]]; then
@@ -1264,12 +1263,12 @@ forge_key() {
     fi
 
     _verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
-    tomb_secret=`${=DD} bs=1 count=256 if=$random_source`
-    { test $? = 0 } || {
+    TOMBSECRET=`${=DD} bs=1 count=256 if=$random_source`
+    [[ $? == 0 ]] || {
         _warning "Cannot generate encryption key."
         _failure "Operation aborted." }
 
-    # here the global var tomb_secret contains the nude secret
+    # Here the global variable TOMBSECRET contains the naked secret
 
     _success "Choose the  password of your key: ::1 tomb key::" $TOMBKEYFILE
     _message "(You can also change it later using 'tomb passwd'.)"
@@ -1379,7 +1378,7 @@ lock_tomb_with_key() {
     _success "Locking ::1 tomb file:: with ::2 tomb key file::" $TOMBFILE $TOMBKEYFILE
 
     _message "Formatting Luks mapped device."
-    print -n - "$tomb_secret" | \
+    print -n - $TOMBSECRET | \
         cryptsetup --key-file -   --batch-mode \
         --cipher ${cipher} --key-size 256 --key-slot 0 \
         luksFormat ${nstloop}
@@ -1388,7 +1387,7 @@ lock_tomb_with_key() {
         _failure "Operation aborted."
     fi
 
-    print -n - "$tomb_secret" | \
+    print -n - $TOMBSECRET | \
         cryptsetup --key-file - \
         --cipher ${cipher} luksOpen ${nstloop} tomb.tmp
     if ! [ $? = 0 ]; then
@@ -1463,7 +1462,7 @@ change_tomb_key() {
     fi
     { test $? = 0 } || {
         _failure "No valid password supplied for the old key." }
-    old_secret="$tomb_secret"
+    old_secret=$TOMBSECRET
 
     # luksOpen the tomb (not really mounting, just on the loopback)
     print -n - "$old_secret" | \
@@ -1486,7 +1485,7 @@ change_tomb_key() {
     fi
     { test $? = 0 } || {
         _failure "No valid password supplied for the new key." }
-    new_secret="$tomb_secret"
+    new_secret=$TOMBSECRET
 
     # danger zone: due to cryptsetup limitations, in setkey we need
     # to write the bare unencrypted key on the tmpfs.
@@ -1631,7 +1630,7 @@ mount_tomb() {
     { test $? = 0 } || {
         _failure "No valid password supplied." }
 
-    print -n - "$tomb_secret" | \
+    print -n - $TOMBSECRET | \
         cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
 
     if ! [ -r /dev/mapper/${mapper} ]; then
@@ -2156,7 +2155,7 @@ resize_tomb() {
     mapdate=`date +%s`
     mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
 
-    print -n - "$tomb_secret" | \
+    print -n - $TOMBSECRET | \
         cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
 
     if ! [ -r /dev/mapper/${mapper} ]; then

	tomb the crypto undertaker
	git clone git://parazyd.org/tomb.git
	Log \| Files \| Refs \| README \| LICENSE