Move hash initiation into overonion-make-key

diff --git a/overonion b/overonion
index cd397fa041c7bcfc649bc47cfcda584c70f546c0..c54048a3351b4103544c8ee9ee345f887fa9ecb8 100755 (executable)
--- a/overonion
+++ b/overonion
@@ -2,7 +2,6 @@
 
 umask 077
 
-hashes=(sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1)
 hash_dir=$(mktemp -d)
 
 function die() {
@@ -40,10 +39,6 @@ else
   openssl_decrypt="-d"
 fi
 
-function verify_hash() {
-  (( $(wc -l < "$1") == 2 && $(uniq "$1" | wc -l) == 1 ))
-}
-
 function go() {
   layer=$1
   if (( layer == 0 || layer > num_layers ));then
@@ -56,11 +51,7 @@ function go() {
     elif [[ "$operation" == reverse ]];then
       reverse
     elif [[ "$operation" == openssl-dgst ]];then
-      tee >(sed -rn "${layer}s/^[^ ]+ [^ ]+ //p" "$keyfile" > "$hash_dir/$layer"
-            openssl dgst -binary "-$(sed -rn "${layer}s/[^ ]+ ([^ ]+) .*/\\1/p" "$keyfile")" |
-              base64 --wrap=0 | sed 's/$/\n/' >> "$hash_dir/$layer"
-            # Dying here doesn't terminate the pipeline.  :(
-            verify_hash "$hash_dir/$layer" || die "Hash check $layer failed" )
+      tee >(echo "$(sed -n "${layer}p" "$keyfile") $(openssl dgst -binary "-$(sed -rn "${layer}s/^[^ ]+ ([^ ]+).*/\\1/p" "$keyfile")" | base64 --wrap=0)" > "$hash_dir/$layer")
     else
       die "Unknown operation"
     fi |
@@ -68,34 +59,24 @@ function go() {
   fi
 }
 
-function record_hashes() {
-  if [[ "$mode" == d ]] || (( $# < 2 ));then
-    cat
+go "$first_layer"
+
+for hash_result in "$hash_dir"/*;do
+  layer=$(basename "$hash_result")
+  if [[ "$mode" == e ]];then
+    # Add the hashes to keyfile
+    key_aside_dir=$(mktemp -d "$keyfile.XXXXXXXXXX")
+    key_aside="$key_aside_dir/key.orig"
+    mv "$keyfile" "$key_aside"
+    sed "${layer}s,.*,$(< "$hash_result")," "$key_aside" > "$keyfile"
+    shred -u "$key_aside"
+    rmdir "$key_aside_dir"
   else
-    stage=$1
-    hash=$2
-    shift 2
-    tee >(openssl dgst -binary "-$hash" | base64 --wrap=0 |
-            sed "s/^/openssl-dgst $hash /;s/$/\n/" > "$hash_dir/$stage-$hash") |
-      record_hashes "$stage" "$@"
+    # Verify the hashes
+    if [[ "$(awk '{ print $3 == $4 ? "hash ok" : "mismatch" }' "$hash_result")" != "hash ok" ]];then
+      die "Hash check $layer failed"
+    fi
   fi
-}
-
-record_hashes inner "${hashes[@]}" | go "$first_layer" | record_hashes outer "${hashes[@]}"
-
-if [[ "$mode" == e ]];then
-  # Add the hashes to keyfile
-  key_aside_dir=$(mktemp -d "$keyfile.XXXXXXXXXX")
-  key_aside="$key_aside_dir/key.orig"
-  mv "$keyfile" "$key_aside"
-  cat "$hash_dir"/outer-* "$key_aside" "$hash_dir"/inner* > "$keyfile"
-  shred -u "$key_aside"
-  rmdir "$key_aside_dir"
-else
-  # Verify the hashes
-  for hash_result in "$hash_dir"/*;do
-    verify_hash "$hash_result" || die "Hash check $(basename "$hash_result") failed"
-  done
-fi
+done
 
 rm -r "$hash_dir"

diff --git a/overonion-make-key b/overonion-make-key
index 5c702757cc1b96612da927992ff3dff14e5776b5..0e588b26a09c28494cff141d5430e58247e7a5d5 100755 (executable)
--- a/overonion-make-key
+++ b/overonion-make-key
@@ -16,6 +16,9 @@ ciphers=(
   aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
   aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
 )
+hashes=(
+  sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1
+)
 
 umask 077
 
@@ -45,10 +48,18 @@ function generate_keys() {
   done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
 }
 
+function generate_hashes() {
+  while read -r hash;do
+    echo "openssl-dgst $hash"
+  done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; )
+}
+
 {
+  generate_hashes
   generate_keys
   echo "reverse"
   generate_keys
+  generate_hashes
 } > "$keyfile"
 
 echo 2>&1