tcleanup implicitly exhumed key and move get_lukskey() closer to caller funcs - tomb - the crypto undertaker
HTML git clone git://parazyd.org/tomb.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit f7b83de6cab8f78ad1adb234ed06971709237ce7
DIR parent 5158c380fefa46396ce3f2ec6ca6b994384de7d2
HTML Author: Jaromil <jaromil@dyne.org>
Date: Wed, 6 Aug 2014 11:21:08 +0200
cleanup implicitly exhumed key and move get_lukskey() closer to caller funcs
Diffstat:
M tomb | 101 ++++++++++++++++---------------
1 file changed, 52 insertions(+), 49 deletions(-)
---
DIR diff --git a/tomb b/tomb
t@@ -634,6 +634,58 @@ gpg_decrypt() {
}
+
+# Gets a key file and a password, prints out the decoded contents to
+# be used directly by Luks as a cryptographic key
+get_lukskey() {
+# $1 is the password, $2 is the keyfile
+
+ local lukspass="$1"
+ local keyfile="$2"
+ local exhumedkey
+
+ firstline=`head -n1 $keyfile`
+ _verbose "get_lukskey XXX $keyfile"
+
+ # key is KDF encoded
+ if [[ $firstline =~ '^_KDF_' ]]; then
+ _verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
+ case `cut -d_ -f 3 <<<$firstline` in
+ pbkdf2sha1)
+ pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
+ lukspass=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2> /dev/null <<<$lukspass)
+ ;;
+ *)
+ _failure "No suitable program for KDF `cut -f 3 <<<$firstline`."
+ unset lukspass
+ return 1
+ ;;
+ esac
+
+ # key needs to be exhumed from an image
+ elif [[ `file "$keyfile"` =~ "JP.G" ]]; then
+ exhumedkey="`safe_filename exhumedkey`"
+ _verbose "lukspass in get_lukskey: $lukspass"
+
+ exhume_key "$keyfile" "$lukspass" "$exhumedkey"
+ keyfile="$exhumedkey"
+ fi
+ _verbose "lukspass in get_lukskey: $lukspass"
+
+ # check validity, eventually repair adding headers
+ is_valid_key "$keyfile" || {
+ _failure "This key is unusable: $keyfile" }
+
+ # saves decrypted content into $tomb_secret
+ gpg_decrypt "$lukspass" "$keyfile"
+ ret="$?"
+
+ { test "$exhumedkey" = "" } || { ${=WIPE} "$exhumedkey" }
+
+ _verbose "get_lukskey returns $ret"
+ return $ret
+}
+
# This function asks the user for the password to use the key it tests
# it against the return code of gpg on success returns 0 and prints
# the password (be careful about where you save it!)
t@@ -794,55 +846,6 @@ print "-----END PGP MESSAGE-----"
-# Gets a key file and a password, prints out the decoded contents to
-# be used directly by Luks as a cryptographic key
-get_lukskey() {
-# $1 is the password, $2 is the keyfile
-
- local lukspass="$1"
- local keyfile="$2"
- local exhumedkey
-
- firstline=`head -n1 $keyfile`
- _verbose "get_lukskey XXX $keyfile"
-
- # key is KDF encoded
- if [[ $firstline =~ '^_KDF_' ]]; then
- _verbose "KDF: `cut -d_ -f 3 <<<$firstline`"
- case `cut -d_ -f 3 <<<$firstline` in
- pbkdf2sha1)
- pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
- lukspass=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2> /dev/null <<<$lukspass)
- ;;
- *)
- _failure "No suitable program for KDF `cut -f 3 <<<$firstline`."
- unset lukspass
- return 1
- ;;
- esac
-
- # key needs to be exhumed from an image
- elif [[ `file "$keyfile"` =~ "JP.G" ]]; then
- exhumedkey="`safe_filename exhumedkey`"
- _verbose "lukspass in get_lukskey: $lukspass"
-
- exhume_key "$keyfile" "$lukspass" "$exhumedkey"
- keyfile="$exhumedkey"
- fi
- _verbose "lukspass in get_lukskey: $lukspass"
-
- # check validity, eventually repair adding headers
- is_valid_key "$keyfile" || {
- _failure "This key is unusable: $keyfile" }
-
- # saves decrypted content into $tomb_secret
- gpg_decrypt "$lukspass" "$keyfile"
-
- ret="$?"
- _verbose "get_lukskey returns $ret"
- return $ret
-}
-
# takes care to encrypt a key
# honored options: --kdf --tomb-pwd