tomb

the crypto undertaker
git clone git://parazyd.org/tomb.git
Log | Files | Refs | README | LICENSE
commit dad9a4b7169aebf80d4be0975ff87be002a49e9c
parent f39b6e5cf7f0796a14f953e73cf8cb42b4772e84
Author: Jaromil <jaromil@dyne.org>
Date:   Tue, 11 Jan 2011 10:49:44 +0100

external usb key unlock fully functional

Diffstat:

Msrc/tomb | 121+++++++++++++++++++++++++++++++++++++++----------------------------------------


1 file changed, 60 insertions(+), 61 deletions(-)

diff --git a/src/tomb b/src/tomb
@@ -1,4 +1,4 @@
-#!/bin/zsh
+#!/bin/bash
 #
 # Tomb
 #
@@ -73,14 +73,14 @@ ask_usbkey() {
     done
 
     # get the first partition
-    usbpart=`dmesg |tail -n 4 |awk '/  sd.:/ { print $3 }'`
-
+    usbpart=`dmesg |tail -n 8 | grep '  sd.:' |cut -d: -f2`
+    usbpart=`expr substr $usbpart 1 4`
     echo
-    echo -n "usb key attached, mounting "
+    echo -n "usb key attached, mounting $usbpart "
     # what that it is mounted
     mounted=false
     while [ "$mounted" != "true" ]; do
-	cat /proc/mounts | tail -n2 | grep -q "^/dev/$usbpart"
+	cat /proc/mounts | tail -n 2 | grep -q $usbpart
 	if [ $? = 0 ]; then mounted=true; fi
 	echo -n "."
 	sleep .5
@@ -315,77 +315,76 @@ mount_tomb() {
 	exit 0
     fi
 
+    # check if key file is present
+    if ! [ -r "${enc_key}" ]; then
+	error "encryption key ${enc_key} not found on disk"
+	error "use -k option to specify which key to use"
+	error "or provide a usb key, or press ctrl-c to abort"
+	ask_usbkey ".tomb/$enc_key"
+	if ! [ -r "${enc_key}" ]; then
+	    error "key is missing."
+	    exit 0
+	fi
+    fi
+    
     nstloop=`losetup -f`
     losetup -f ${FILE}
     
     act "check for a valid LUKS encrypted device"
     cryptsetup isLuks ${nstloop}
-    if [ $? = 0 ]; then # it's a LUKS encrypted nest, see cryptsetup(1)
+    if [ $? != 0 ]; then
+ # is it a LUKS encrypted nest? see cryptsetup(1)
+	error "$FILE is not a valid Luks encrypted storage file"
+	exit 0
+    fi
 	
-        # check if key file is present
-	if ! [ -r "${enc_key}" ]; then
-	    error "encryption key ${enc_key} not found on disk"
-	    error "use -k option to specify which key to use"
-	    error "or provide a usb key, or press ctrl-c to abort"
-	    ask_usbkey ".tomb/$enc_key"
-	    if ! [ -r "${enc_key}" ]; then
-		losetup -d ${nstloop}
-		sleep 5
-		return
-	    fi
-	fi
 	
-	modprobe dm-crypt
-	modprobe aes-i586
+    modprobe dm-crypt
+    modprobe aes-i586
+    
+    # save date of mount in minutes since 1970
+    mapdate="`date +%s`"
+    mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
+    
+    mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
+    
+    notice "Password is required for key ${enc_key}"
+    for c in 1 2 3; do
 	
-	# save date of mount in minutes since 1970
-	mapdate="`date +%s`"
-	mapdate="`echo ${mapdate}/60 | bc -l | cut -d. -f1`"
-
-	mapper="tomb.`basename $FILE | cut -d. -f1`.$mapdate.`basename $nstloop`"
+	ask_password
 	
-	notice "Password is required for key ${enc_key}"
-	for c in 1 2 3; do
-	    
-	    ask_password
-
-	    echo "${scolopendro}" \
-		| gpg --passphrase-fd 0 --no-tty --no-options \
-		      -d "${enc_key}" 2>/dev/null \
-		| cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
-	    
-	    unset scolopendro
-	    
-	    if [ -r /dev/mapper/${mapper} ]; then
-		break;  # password was correct
-	    fi
-	    
-	done
+	echo "${scolopendro}" \
+	    | gpg --passphrase-fd 0 --no-tty --no-options \
+	    -d "${enc_key}" 2>/dev/null \
+	    | cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
 	
-	if ! [ -r /dev/mapper/${mapper} ]; then
-	    error "failure mounting the encrypted file"
-	    tail /var/log/messages
-	    losetup -d ${nstloop}
-	    return
+	unset scolopendro
+	
+	if [ -r /dev/mapper/${mapper} ]; then
+	    break;  # password was correct
 	fi
 	
-	act "encrypted storage filesystem check"
-	fsck.ext3 -p -C0 /dev/mapper/${mapper}
-
-
-
-	mount -t ext3 /dev/mapper/${mapper} ${MOUNT}
+    done
+    
+    if ! [ -r /dev/mapper/${mapper} ]; then
+	error "failure mounting the encrypted file"
+	tail /var/log/messages
+	losetup -d ${nstloop}
+	return
+    fi
+    
+    act "encrypted storage filesystem check"
+    fsck.ext3 -p -C0 /dev/mapper/${mapper}
+    
+    
+    
+    mount -t ext3 /dev/mapper/${mapper} ${MOUNT}
 # TODO: possible mount options to try out:
 #  -o rw,noatime,nodev,data=writeback,commit=30
 #  -o rw,noatime,nodev
-
-	notice "encrypted storage $FILE succesfully mounted on $MOUNT"
-
-    else
-	
-	error "$FILE is not a valid Luks encrypted storage file"
-
-    fi
+    
+    notice "encrypted storage $FILE succesfully mounted on $MOUNT"
+    
 }
 
 umount_tomb() {