-#!/bin/sh
+#!/bin/bash
# Filename: grml-crypt
# Purpose: Program to format, mount and unmount encrypted devices/files
# Authors: Michael Gebetsroither <gebi@grml.org>
# Bug-Reports: see http://grml.org/bugs/
# License: This file is licensed under the GPL v2.
-# Latest change: Mon Aug 08 11:37:20 CEST 2005
+# Latest change: Don Jul 26 19:57:28 CEST 2007 [mika]
################################################################################
ACTION_=""
DM_PREFIX_="grml-crypt_"
FORCE_='false'
-OVERWRITE_SOURCE_DEV_='/dev/urandom'
+ENTROPY_SOURCE_='/dev/urandom'
OPTIMIZED_MODE_SET_='false'
OPTIMIZING_LEVEL_=0
-CIPHER_SIZE_="128"
+CIPHER_SIZE_="256"
CIPHER_="aes-cbc-essiv:sha256"
-ITERATION_TIME_="1"
+ITERATION_TIME_="1000"
ADDITIONAL_CRYPTSETUP_ARGS_=""
READONLY_SET_='false'
ADDITIONAL_MOUNT_ARGS_=""
cat <<EOT
Usage: "$PROG_NAME__" [OPTIONS] action <device/file> [mountpoint]
-$PROG_NAME__ is a wrapper arround cryptsetup with LUKS support to format a device
+$PROG_NAME__ is a wrapper around cryptsetup with LUKS support to format a device
OPTIONS:
-s size of the loop-filesystem to create, in MB (default=$SIZE_)
-t type of filesystem (default=$FSTYPE_)
-r read only mode (fully supported only by start)
-z insecure mode, using /dev/zero for most of the initialisation (INSECURE!)
- -o optimized initialisation mode (should be as secure as the default but faster)
+ -o optimised initialisation mode (should be as secure as the default but faster)
-y verifies the passphrase by asking for it twice
-f force file overwriting in format mode and/or disable confirmation dialog
-m additional arguments to mount
Umount the given mountpoint (umount, luksClose, losetup -d)
EOT
+
+ isGrml && cat <<EOT
+NOTICE:
+ losetup does _NOT_ work on unionfs => grml-crypt with a filesystem image does ONLY
+ work if the image is on a tmpfs (eg. in /home/grml or /tmp).
+
+EOT
+
}
function getDMName
{
device_="${1##*/}"
-
+
# first trying normal devicename
tmp_="${DM_PREFIX_}${device_}"
if [ ! -e "$tmp_" ]; then
execute "$CRYPTSETUP_ luksOpen $TARGET_ $DM_NAME_" warn \
"could not open $DM_PATH_ to create a filesystem on it!" || return 1
if [[ $type_ == 'init' && $OPTIMIZED_MODE_SET_ == 'true' ]]; then
- echo "finishing optimized initialisation (this could take some time)"
+ echo "finishing optimised initialisation (this could take some time)"
# FIXME
execute "dd if=/dev/zero of=$DM_PATH_ bs=1M &>/dev/null" # || \
- # warn "could not finish optimized initialisation properly"
+ # warn "could not finish optimised initialisation properly"
ret_=$?
# cutted out because of no space left on device error :(
#if [[ $ret_ != 0 ]]; then
echo "Successully created $FSTYPE_ on encrypted $TARGET_"
return 0
fi
-}
+}
function actionStart
{
ret_=0
-
+
# no mountpoint, by-by
if [[ "$MOUNT_POINT_" == "" ]]; then
printUsage
isExistent "$mp_" die
tmp_=`realpath $mp_` || die "could not get realpath of $mp_"
dprint "realpath_=\"$tmp_\""
-
+
dm_path_=`mount |grep "$tmp_ "` || die "$tmp_ is not mounted"
dprint "dm_path_=\"$dm_path_\""
dm_path_=`echo $dm_path_ |awk '{print $1}'` || die "could not get devicemapper name for $tmp_"
dprint "dm_path_=\"$dm_path_\""
-
+
dm_name_="${dm_path_##*/}"
dprint "dm_name_=\"$dm_name_\""
device_=`$CRYPTSETUP_ status $dm_name_ |awk '/device:/{print $2}'` || \
die "could not get underlying device of $dm_path_"
dprint "device_=\"$device_\""
-
+
execute "umount $dm_path_" die "could not unmount $device_"
execute "$CRYPTSETUP_ luksClose $dm_name_" die "could not close $dm_path_"
echo "$device_" |grep loop &>/dev/null && execute "losetup -d $device_" \
function yesDialog
{
msg_="$1"
-
+
echo "WARNING!" >&2
echo "========" >&2
echo -n "$msg_" >&2
notice "Operating on a file"
IS_IMAGE_='true'
if [ -e "$TARGET_" ]; then
- $FORCE_ || die "file $TARGET_ does allready exist"
+ $FORCE_ || die "$TARGET_ does already exist"
warn "overwriting file $TARGET_"
init_='donothing'
else
echo -n "Initialising file with "
if [[ $OPTIMIZED_MODE_SET_ == 'true' ]]; then
- echo "optimized SECURE mode"
+ echo "optimised SECURE mode"
execute "dd if=/dev/zero of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" \
die "could not initialise $TARGET_ with /dev/zero"
else
- if [[ $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+ if [[ $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
echo "INSERCURE mode"
else
echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
fi
- execute "dd if=$OVERWRITE_SOURCE_DEV_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
- die "could not initialise $TARGET_ with $OVERWRITE_SOURCE_DEV_"
+ execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M count=${SIZE_} &>/dev/null" ||\
+ die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
fi
fi
# TARGET_ is now /dev/loop<x>
execute "losetup $TARGET_ $ORIG_TARGET_" die
- if [[ $OPTIMIZED_MODE_SET_ == 'true' || $OVERWRITE_SOURCE_DEV_ == '/dev/zero' ]]; then
+ if [[ $OPTIMIZED_MODE_SET_ == 'true' || $ENTROPY_SOURCE_ == '/dev/zero' ]]; then
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
die "could not initialise the fist 2MB of $TARGET_ with /dev/urandom"
fi
echo "optimised SECURE mode"
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" ||\
die "could not initialise the first 2MB of $TARGET_ with /dev/urandom"
- elif [[ $OVERWRITE_SOURCE_DEV_ != '/dev/zero' ]]; then
+ elif [[ $ENTROPY_SOURCE_ != '/dev/zero' ]]; then
# default mode
- echo "SECURE mode (taking /dev/urandom as source, this could take some time)"
- execute "dd if=/dev/urandom of=$TARGET_ bs=1M &>/dev/null" ||\
- die "could not initialise $TARGET_ with /dev/zero"
+ echo "SECURE mode (taking $ENTROPY_SOURCE_ as source, this could take some time)"
+ execute "dd if=$ENTROPY_SOURCE_ of=$TARGET_ bs=1M &>/dev/null" #||\
+ # skipped because "no space left on device" from dd
+ # die "could not initialise $TARGET_ with $ENTROPY_SOURCE_"
else
echo 'INSECURE mode (only initialising the fist 2MB with /dev/urandom)'
execute "dd if=/dev/urandom of=$TARGET_ bs=1M count=2 &>/dev/null" \
local mount_point_exists_='true'
test -d "$MOUNT_POINT_" || mount_point_exists_='false'
- if [[ "$MOUNT_POINT_" != "" && "$mount_point_exists_" == 'true' ]]; then
+ if [[ $MOUNT_POINT_ != "" && "$mount_point_exists_" == 'true' ]]; then
$READONLY_SET_ && margs_='-r'
execute "mount $margs_ $ADDITIONAL_MOUNT_ARGS_ $DM_PATH_ $MOUNT_POINT_" die
else
- $mount_point_exists_ || warn "mountpoint $MOUNT_POINT_ does not exist, not mounting. please use \"grml-crypt start $ORIG_TARGET_ <mountpoint>\" to start the device"
+ if [[ $MOUNT_POINT_ != "" ]]; then
+ $mount_point_exists_ || warn "mountpoint $MOUNT_POINT_ does not exist, not mounting. please use \"grml-crypt start $ORIG_TARGET_ <mountpoint>\" to start the device"
+ fi
execute "$CRYPTSETUP_ luksClose $DM_NAME_" warn
$IS_IMAGE_ && execute "losetup -d $TARGET_" warn
fi
else
+ execute "$CRYPTSETUP_ luksClose $DM_NAME_" warn
$IS_IMAGE_ && execute "losetup -d $TARGET_" warn
fi
}
t) FSTYPE_="$OPTARG" ;;
r) READONLY_SET_='true' ;;
z) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
- OVERWRITE_SOURCE_DEV_='/dev/zero'
+ ENTROPY_SOURCE_='/dev/zero'
warn 'initialising from INSECURE source /dev/zero' ;;
o) let OPTIMIZING_LEVEL_=$OPTIMIZING_LEVEL_+1
OPTIMIZED_MODE_SET_='true' ;;
# END OF FILE
################################################################################
-# vim:foldmethod=marker
+# vim:foldmethod=marker tabstop=2 expandtab shiftwidth=2
projects / grml-crypt.git / blobdiff