Initial import from 0.5a version.

[secure-linux-project.git] / encrypt / include / functions.sh

#!/bin/sh
##############################################
# Script for Secure Linux Project            #
# Copyright(c) 2005, 2006 by Roland Haeder   #
##############################################
# Purpose: Additional functions              #
##############################################
# This software is licensed under the GNU    #
# General Public License Version 2 or either #
# and comes with ABSOLUTELY NO WARRANTY      #
# neither implied nor explicit.              #
##############################################

make_part()
{
        # Creates partitions on DEVICE
        echo "$0: Zeroing stick on $DEVICE... (this can take loooong . . . )"
        dd if=/dev/zero of=$DEVICE bs=1k > /dev/null 2>&1
        echo "$0: Analysing stick size on $DEVICE..."
        parted -s $DEVICE mklabel msdos > /dev/null 2>&1

        SIZE=""
        # Determine maximum sectos
        for pos in `seq 26 30`; do
                SIZE=`cfdisk -P s $DEVICE | grep "Free Space" | cut -c$pos- | cut -f1 -d " "`
                if test "$SIZE" != ""; then
                        #echo "$0: DEBUG: $pos=$SIZE"
                        break
                fi
        done

        # One secor = 512 Byte so we can calculate the maximum MBytes + some extra
        SIZE="$(($SIZE * 512 / 1024 / 1024))"
        echo "$0: Maximum size is $SIZE MByte"
        echo -n "$0: Creating partitions... "
        # This holds the encrypted filesystem with the main key
        parted -s $DEVICE mkpartfs primary ext2 0 1 > /dev/null 2>&1
        echo -n "."
        # This holds an encrypted filesystem for the key to unlock part1
        parted -s $DEVICE mkpartfs primary ext2 2 3 > /dev/null 2>&1
        echo -n "."
        # This is the last part for data you want to carry on the stick with you
        parted -s $DEVICE mkpartfs primary fat32 4 $SIZE > /dev/null 2>&1
        echo ". done"
        echo -n "$0: Analysing... "
        cfdisk -P s $DEVICE > $BASEDIR/.parted
        parted -s $DEVICE rm 1 > /dev/null 2>&1
        parted -s $DEVICE rm 2 > /dev/null 2>&1
        echo "done"
        cat $BASEDIR/.parted
        echo "$0: Press RETURN to continue or CTRL+C to abort..."
        read dummy
}

analyse_stick()
{
        # Now let's analyse the stick/image...
        echo -n "$0: Analysing $DEVICE ... "

        START1=`cat $BASEDIR/.parted | grep "1 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
        START1=`$AWK --assign=start=$START1 'BEGIN {print start*512}'`
        echo -n "."

        START2=`cat $BASEDIR/.parted | grep "2 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
        START2=`$AWK --assign=start=$START2 'BEGIN {print start*512}'`
        echo -n "."

        START3=`cat $BASEDIR/.parted | grep "4 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
        START3=`$AWK --assign=start=$START3 'BEGIN {print start*512}'`
        echo -n "."

        # Enough space for the image? (in Bytes)
        SIZE_FREE=`cat $BASEDIR/.parted | grep "1 Primary" | awk '{print $6}' | cut -f 1 -d "*"`
        SIZE_FREE=`$AWK --assign=start=$SIZE_FREE 'BEGIN {print start*512}'`
        echo ". done"

        # Update STICK_START...
        echo -n "$0: Updating .local.sh ... "
        EVAL="sed 's/STICK_START=xxx/STICK_START=1024/g' $BASEDIR/.local.sh > $BASEDIR/tmp"
        eval $EVAL > /dev/null 2>&1
        echo "done"

        if test -e $BASEDIR/tmp; then
                if test "`cat $BASEDIR/tmp`" != "`cat $BASEDIR/.local.sh`"; then
                        # Move existing tmp file back to .local.sh
                        echo -n "$0: Updating .local.sh ... "
                        mv $BASEDIR/tmp $BASEDIR/.local.sh > /dev/null 2>&1
                        chmod go-rwx,u+rwx $BASEDIR/.local.sh > /dev/null 2>&1
                        chown root.root $BASEDIR/.local.sh > /dev/null 2>&1
                        echo "done"
                        echo -n "$0: Re-reading .local.sh ... "
                        . ./.local.sh
                        echo "done"
                 else
                        # Remove tmp file
                        echo "$0: .local.sh is up-to-date."
                        rm $VERBOSE $BASEDIR/tmp
                fi
        fi
}

write_image()
{
        # Is enough space there?
        echo "$0: $SIZE_FREE - $SIZE_TARGET - $STICK_START ($FILE)"
        if test $SIZE_FREE -gt $SIZE_TARGET; then
                # Remove any existing loop-devices
                losetup -d /dev/loop12 > /dev/null 2>&1
                losetup -d /dev/loop11 > /dev/null 2>&1
                # Enough space there, so let's copy FILE into STICK_DEVICE
                echo "$0: Setting up loop-device... (Offset=$STICK_START,Dev=$DEVICE)"
                losetup -o $STICK_START /dev/loop11 $DEVICE
                echo "$0: Writing image ... ($SIZE_TARGET Bytes)"
                dd if=$FILE of=/dev/loop11 bs=1 count=$SIZE_TARGET $CONVERT > /dev/null 2>&1
                echo "$0: Verifying ... "
                dd if=/dev/loop11 of=$BASEDIR/verify.img bs=1 count=$SIZE_TARGET $CONVERT > /dev/null 2>&1
                M1=`md5sum -b $BASEDIR/verify.img | cut -c -32`
                M2=`md5sum -b $FILE | cut -c -32`
                if test "$M1" != "$M2"; then
                        echo "$0: Failed! Aborting here... ($M1/$M2)"
                        exit 6
                else
                        echo "$0: MD5 checksums matches."
                fi
                # Remove verify.img
                rm $VERBOSE $BASEDIR/verify.img
                # Testing it...
                echo "$0: Will now test the written image."
                echo -n "$0: Enter $user's "
                losetup -e $CIPHER -K $BASEDIR/setup/keys/$user-$MULTI_KEY_SUFFIX /dev/loop12 /dev/loop11 || exit 1
                #losetup -a
                mount -t $FS_STICK /dev/loop12 $BASEDIR/keys || exit 1
                # Copy the seed to the stick/image
                cp $VERBOSE $BASEDIR/.seed $BASEDIR/keys
                echo "$0: Free space: `df | grep /dev/loop12 | awk '{print $4}'` kByte"
                mount | grep /dev/loop12
                umount /dev/loop12
                sync
                SIZE_MD5="$(($SIZE_TARGET-1024))"
                echo -n "$0: Generating new MD5... (first $SIZE_MD5 Bytes) "
                dd if=/dev/loop12 bs=1 count=$SIZE_MD5 > $BASEDIR/md5.img 2>/dev/null
                MD5=`md5sum -b $BASEDIR/md5.img`
                echo -n `basename $FILE` >> $BASEDIR/initrd/.md5sums
                echo -n " " >> $BASEDIR/initrd/.md5sums
                echo $MD5 | cut -c -32 >> $BASEDIR/initrd/.md5sums
                echo "done"
                rm $VERBOSE $BASEDIR/md5.img
                losetup -d /dev/loop12
                losetup -d /dev/loop11
                umount /dev/loop13 > /dev/null 2>&1
                losetup -d /dev/loop13 > /dev/null 2>&1
                echo "$0: Test is PASSED. (MD5=`echo $MD5 | cut -c -32`)"
                # Prepare master image which holds the .seed and .pass files
                echo "$0: Preparing master-image on $BOOT_MOUNT ($BOOT_DEVICE)... "
                mkdir --parents $VERBOSE $BOOT_MOUNT
                umount $BOOT_DEVICE
                mount $BOOT_DEVICE $BOOT_MOUNT
                if test "$user" == "$MASTER_USER"; then
                        # Create master image on first user
                        MASTER_SEED=`head -c $SEED_LEN $RAND | uuencode -m - | head -2 | tail -1`
                        MASTER_PASS=`head -c $PASS_LEN $RAND | uuencode -m - | head -2 | tail -1`
                        dd if=/dev/zero of=$BOOT_MOUNT/master.img bs=1k count=2048 > /dev/null 2>&1
                        echo $MASTER_PASS | losetup -p 0 -S $MASTER_SEED -C $ITER -e $CIPHER /dev/loop13 $BOOT_MOUNT/master.img || exit 2
                        mkfs -t $FS_STICK -b 1024 /dev/loop13 > /dev/null 2>&1
                        echo $MASTER_SEED > $BASEDIR/.seed_master
                        echo $MASTER_PASS > $BASEDIR/.pass_master
                        cp $VERBOSE $BASEDIR/.????_master $BASEDIR/initrd/
                else
                        MASTER_SEED=`cat $BASEDIR/.seed_master`
                        MASTER_PASS=`cat $BASEDIR/.pass_master`
                        echo $MASTER_PASS | losetup -p 0 -S $MASTER_SEED -C $ITER -e $CIPHER /dev/loop13 $BOOT_MOUNT/master.img || exit 2
                fi
                mount /dev/loop13 $BASEDIR/initrd/mnt/stick
                echo "START2=$START2" > $BASEDIR/initrd/mnt/stick/.start2_$user.sh
                chmod -c u+x,go-rwx $BASEDIR/initrd/mnt/stick/.start2_$user.sh
                echo "$0: done"
                # Prepare second partition which holds the secret key
                echo "$0: Preparing 2nd part. on $DEVICE... "
                USER_SEED=`head -c $SEED_LEN $RAND | uuencode -m - | head -2 | tail -1`
                USER_PASS=`head -c $PASS_LEN $RAND | uuencode -m - | head -2 | tail -1`
                losetup -o $START2 /dev/loop12 "$DEVICE"
                echo $USER_PASS | losetup -p 0 -S $USER_SEED -C $ITER -e $CIPHER /dev/loop11 /dev/loop12
                dd if=/dev/zero of=/dev/loop11 bs=1k count=1024 > /dev/null 2>&1
                mkfs -t $FS_STICK -b 1024 /dev/loop11 || exit 1
                mount /dev/loop11 $BASEDIR/secrets || exit 1
                gpg --export-secret-keys -a "$user" > $BASEDIR/secrets/$user-secret.gpg
                umount /dev/loop11
                losetup -d /dev/loop11
                losetup -d /dev/loop12
                echo $USER_SEED > $BASEDIR/initrd/mnt/stick/.seed_$user
                echo $USER_PASS > $BASEDIR/initrd/mnt/stick/.pass_$user
                umount /dev/loop13
                losetup -d /dev/loop13
                echo "$0: done"
         else
                # SIZE_TARGET is small than SIZE_FREE!
                echo "$0: Image is bigger than allocated space!"
                exit 4
        fi
}