From: Scott Worley <scottworley@scottworley.com>
Date: Mon, 23 Oct 2017 03:37:11 +0000 (-0700)
Subject: Refuse to re-use keys
X-Git-Url: http://git.scottworley.com/overonion/commitdiff_plain/4c2e9bc99e3d371bcc04674a5015cd208d41dda3?ds=sidebyside

Refuse to re-use keys
---

diff --git a/overonion b/overonion
index cb663fe..5eb26b6 100755
--- a/overonion
+++ b/overonion
@@ -29,14 +29,22 @@ if (( num_layers < 20 ));then
   die "Keyfile doesn't have enough layers to be an onion"
 fi
 
+hash_fields=$(awk '/^openssl-dgst / { print NF }' "$keyfile" | uniq )
+
 if [[ "$mode" == e ]];then
   first_layer=$num_layers
   next_layer=-1
   openssl_decrypt=""
+  if [[ "$hash_fields" != 4 ]];then
+    die "Refusing to encrypt with already-used key"
+  fi
 else
   first_layer=1
   next_layer=1
   openssl_decrypt="-d"
+  if [[ "$hash_fields" != 5 ]];then
+    die "Key does not appear to have been used for encryption (it has no embedded hashes).  Refusing to decrypt."
+  fi
 fi
 
 function go() {