]> git.scottworley.com Git - overonion/commitdiff
Refuse to re-use keys
authorScott Worley <scottworley@scottworley.com>
Mon, 23 Oct 2017 03:37:11 +0000 (20:37 -0700)
committerScott Worley <scottworley@scottworley.com>
Mon, 23 Oct 2017 03:41:52 +0000 (20:41 -0700)
overonion

index cb663fe62fe6424d76e4896990f9721e55d70e81..5eb26b68f42c23335cb2ef6dfa9690a3452973ff 100755 (executable)
--- a/overonion
+++ b/overonion
@@ -29,14 +29,22 @@ if (( num_layers < 20 ));then
   die "Keyfile doesn't have enough layers to be an onion"
 fi
 
   die "Keyfile doesn't have enough layers to be an onion"
 fi
 
+hash_fields=$(awk '/^openssl-dgst / { print NF }' "$keyfile" | uniq )
+
 if [[ "$mode" == e ]];then
   first_layer=$num_layers
   next_layer=-1
   openssl_decrypt=""
 if [[ "$mode" == e ]];then
   first_layer=$num_layers
   next_layer=-1
   openssl_decrypt=""
+  if [[ "$hash_fields" != 4 ]];then
+    die "Refusing to encrypt with already-used key"
+  fi
 else
   first_layer=1
   next_layer=1
   openssl_decrypt="-d"
 else
   first_layer=1
   next_layer=1
   openssl_decrypt="-d"
+  if [[ "$hash_fields" != 5 ]];then
+    die "Key does not appear to have been used for encryption (it has no embedded hashes).  Refusing to decrypt."
+  fi
 fi
 
 function go() {
 fi
 
 function go() {