2 ##############################################
3 # Script for Secure Linux Project #
4 # Copyright(c) 2005, 2006 by Roland Haeder #
5 ##############################################
6 # Purpose: Additional functions #
7 ##############################################
8 # This software is licensed under the GNU #
9 # General Public License Version 2 or either #
10 # and comes with ABSOLUTELY NO WARRANTY #
11 # neither implied nor explicit. #
12 ##############################################
16 # Creates partitions on DEVICE
17 echo "$0: Zeroing stick on $DEVICE... (this can take loooong . . . )"
18 dd if=/dev/zero of=$DEVICE bs=1k > /dev/null 2>&1
19 echo "$0: Analysing stick size on $DEVICE..."
20 parted -s $DEVICE mklabel msdos > /dev/null 2>&1
23 # Determine maximum sectos
24 for pos in `seq 26 30`; do
25 SIZE=`cfdisk -P s $DEVICE | grep "Free Space" | cut -c$pos- | cut -f1 -d " "`
26 if test "$SIZE" != ""; then
27 #echo "$0: DEBUG: $pos=$SIZE"
32 # One secor = 512 Byte so we can calculate the maximum MBytes + some extra
33 SIZE="$(($SIZE * 512 / 1024 / 1024))"
34 echo "$0: Maximum size is $SIZE MByte"
35 echo -n "$0: Creating partitions... "
36 # This holds the encrypted filesystem with the main key
37 parted -s $DEVICE mkpartfs primary ext2 0 1 > /dev/null 2>&1
39 # This holds an encrypted filesystem for the key to unlock part1
40 parted -s $DEVICE mkpartfs primary ext2 2 3 > /dev/null 2>&1
42 # This is the last part for data you want to carry on the stick with you
43 parted -s $DEVICE mkpartfs primary fat32 4 $SIZE > /dev/null 2>&1
45 echo -n "$0: Analysing... "
46 cfdisk -P s $DEVICE > $BASEDIR/.parted
47 parted -s $DEVICE rm 1 > /dev/null 2>&1
48 parted -s $DEVICE rm 2 > /dev/null 2>&1
51 echo "$0: Press RETURN to continue or CTRL+C to abort..."
57 # Now let's analyse the stick/image...
58 echo -n "$0: Analysing $DEVICE ... "
60 START1=`cat $BASEDIR/.parted | grep "1 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
61 START1=`$AWK --assign=start=$START1 'BEGIN {print start*512}'`
64 START2=`cat $BASEDIR/.parted | grep "2 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
65 START2=`$AWK --assign=start=$START2 'BEGIN {print start*512}'`
68 START3=`cat $BASEDIR/.parted | grep "4 Primary" | awk '{print $3}' | cut -f 1 -d "*"`
69 START3=`$AWK --assign=start=$START3 'BEGIN {print start*512}'`
72 # Enough space for the image? (in Bytes)
73 SIZE_FREE=`cat $BASEDIR/.parted | grep "1 Primary" | awk '{print $6}' | cut -f 1 -d "*"`
74 SIZE_FREE=`$AWK --assign=start=$SIZE_FREE 'BEGIN {print start*512}'`
77 # Update STICK_START...
78 echo -n "$0: Updating .local.sh ... "
79 EVAL="sed 's/STICK_START=xxx/STICK_START=1024/g' $BASEDIR/.local.sh > $BASEDIR/tmp"
80 eval $EVAL > /dev/null 2>&1
83 if test -e $BASEDIR/tmp; then
84 if test "`cat $BASEDIR/tmp`" != "`cat $BASEDIR/.local.sh`"; then
85 # Move existing tmp file back to .local.sh
86 echo -n "$0: Updating .local.sh ... "
87 mv $BASEDIR/tmp $BASEDIR/.local.sh > /dev/null 2>&1
88 chmod go-rwx,u+rwx $BASEDIR/.local.sh > /dev/null 2>&1
89 chown root.root $BASEDIR/.local.sh > /dev/null 2>&1
91 echo -n "$0: Re-reading .local.sh ... "
96 echo "$0: .local.sh is up-to-date."
97 rm $VERBOSE $BASEDIR/tmp
104 # Is enough space there?
105 echo "$0: $SIZE_FREE - $SIZE_TARGET - $STICK_START ($FILE)"
106 if test $SIZE_FREE -gt $SIZE_TARGET; then
107 # Remove any existing loop-devices
108 losetup -d /dev/loop12 > /dev/null 2>&1
109 losetup -d /dev/loop11 > /dev/null 2>&1
110 # Enough space there, so let's copy FILE into STICK_DEVICE
111 echo "$0: Setting up loop-device... (Offset=$STICK_START,Dev=$DEVICE)"
112 losetup -o $STICK_START /dev/loop11 $DEVICE
113 echo "$0: Writing image ... ($SIZE_TARGET Bytes)"
114 dd if=$FILE of=/dev/loop11 bs=1 count=$SIZE_TARGET $CONVERT > /dev/null 2>&1
115 echo "$0: Verifying ... "
116 dd if=/dev/loop11 of=$BASEDIR/verify.img bs=1 count=$SIZE_TARGET $CONVERT > /dev/null 2>&1
117 M1=`md5sum -b $BASEDIR/verify.img | cut -c -32`
118 M2=`md5sum -b $FILE | cut -c -32`
119 if test "$M1" != "$M2"; then
120 echo "$0: Failed! Aborting here... ($M1/$M2)"
123 echo "$0: MD5 checksums matches."
126 rm $VERBOSE $BASEDIR/verify.img
128 echo "$0: Will now test the written image."
129 echo -n "$0: Enter $user's "
130 losetup -e $CIPHER -K $BASEDIR/setup/keys/$user-$MULTI_KEY_SUFFIX /dev/loop12 /dev/loop11 || exit 1
132 mount -t $FS_STICK /dev/loop12 $BASEDIR/keys || exit 1
133 # Copy the seed to the stick/image
134 cp $VERBOSE $BASEDIR/.seed $BASEDIR/keys
135 echo "$0: Free space: `df | grep /dev/loop12 | awk '{print $4}'` kByte"
136 mount | grep /dev/loop12
139 SIZE_MD5="$(($SIZE_TARGET-1024))"
140 echo -n "$0: Generating new MD5... (first $SIZE_MD5 Bytes) "
141 dd if=/dev/loop12 bs=1 count=$SIZE_MD5 > $BASEDIR/md5.img 2>/dev/null
142 MD5=`md5sum -b $BASEDIR/md5.img`
143 echo -n `basename $FILE` >> $BASEDIR/initrd/.md5sums
144 echo -n " " >> $BASEDIR/initrd/.md5sums
145 echo $MD5 | cut -c -32 >> $BASEDIR/initrd/.md5sums
147 rm $VERBOSE $BASEDIR/md5.img
148 losetup -d /dev/loop12
149 losetup -d /dev/loop11
150 umount /dev/loop13 > /dev/null 2>&1
151 losetup -d /dev/loop13 > /dev/null 2>&1
152 echo "$0: Test is PASSED. (MD5=`echo $MD5 | cut -c -32`)"
153 # Prepare master image which holds the .seed and .pass files
154 echo "$0: Preparing master-image on $BOOT_MOUNT ($BOOT_DEVICE)... "
155 mkdir --parents $VERBOSE $BOOT_MOUNT
157 mount $BOOT_DEVICE $BOOT_MOUNT
158 if test "$user" == "$MASTER_USER"; then
159 # Create master image on first user
160 MASTER_SEED=`head -c $SEED_LEN $RAND | uuencode -m - | head -2 | tail -1`
161 MASTER_PASS=`head -c $PASS_LEN $RAND | uuencode -m - | head -2 | tail -1`
162 dd if=/dev/zero of=$BOOT_MOUNT/master.img bs=1k count=2048 > /dev/null 2>&1
163 echo $MASTER_PASS | losetup -p 0 -S $MASTER_SEED -C $ITER -e $CIPHER /dev/loop13 $BOOT_MOUNT/master.img || exit 2
164 mkfs -t $FS_STICK -b 1024 /dev/loop13 > /dev/null 2>&1
165 echo $MASTER_SEED > $BASEDIR/.seed_master
166 echo $MASTER_PASS > $BASEDIR/.pass_master
167 cp $VERBOSE $BASEDIR/.????_master $BASEDIR/initrd/
169 MASTER_SEED=`cat $BASEDIR/.seed_master`
170 MASTER_PASS=`cat $BASEDIR/.pass_master`
171 echo $MASTER_PASS | losetup -p 0 -S $MASTER_SEED -C $ITER -e $CIPHER /dev/loop13 $BOOT_MOUNT/master.img || exit 2
173 mount /dev/loop13 $BASEDIR/initrd/mnt/stick
174 echo "START2=$START2" > $BASEDIR/initrd/mnt/stick/.start2_$user.sh
175 chmod -c u+x,go-rwx $BASEDIR/initrd/mnt/stick/.start2_$user.sh
177 # Prepare second partition which holds the secret key
178 echo "$0: Preparing 2nd part. on $DEVICE... "
179 USER_SEED=`head -c $SEED_LEN $RAND | uuencode -m - | head -2 | tail -1`
180 USER_PASS=`head -c $PASS_LEN $RAND | uuencode -m - | head -2 | tail -1`
181 losetup -o $START2 /dev/loop12 "$DEVICE"
182 echo $USER_PASS | losetup -p 0 -S $USER_SEED -C $ITER -e $CIPHER /dev/loop11 /dev/loop12
183 dd if=/dev/zero of=/dev/loop11 bs=1k count=1024 > /dev/null 2>&1
184 mkfs -t $FS_STICK -b 1024 /dev/loop11 || exit 1
185 mount /dev/loop11 $BASEDIR/secrets || exit 1
186 gpg --export-secret-keys -a "$user" > $BASEDIR/secrets/$user-secret.gpg
188 losetup -d /dev/loop11
189 losetup -d /dev/loop12
190 echo $USER_SEED > $BASEDIR/initrd/mnt/stick/.seed_$user
191 echo $USER_PASS > $BASEDIR/initrd/mnt/stick/.pass_$user
193 losetup -d /dev/loop13
196 # SIZE_TARGET is small than SIZE_FREE!
197 echo "$0: Image is bigger than allocated space!"