From: Scott Worley Date: Mon, 23 Oct 2017 02:58:14 +0000 (-0700) Subject: Move hash initiation into overonion-make-key X-Git-Url: http://git.scottworley.com/overonion/commitdiff_plain/f5a8e270a98312d276e543807bfe66e534ca21aa?ds=inline Move hash initiation into overonion-make-key --- diff --git a/overonion b/overonion index cd397fa..c54048a 100755 --- a/overonion +++ b/overonion @@ -2,7 +2,6 @@ umask 077 -hashes=(sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1) hash_dir=$(mktemp -d) function die() { @@ -40,10 +39,6 @@ else openssl_decrypt="-d" fi -function verify_hash() { - (( $(wc -l < "$1") == 2 && $(uniq "$1" | wc -l) == 1 )) -} - function go() { layer=$1 if (( layer == 0 || layer > num_layers ));then @@ -56,11 +51,7 @@ function go() { elif [[ "$operation" == reverse ]];then reverse elif [[ "$operation" == openssl-dgst ]];then - tee >(sed -rn "${layer}s/^[^ ]+ [^ ]+ //p" "$keyfile" > "$hash_dir/$layer" - openssl dgst -binary "-$(sed -rn "${layer}s/[^ ]+ ([^ ]+) .*/\\1/p" "$keyfile")" | - base64 --wrap=0 | sed 's/$/\n/' >> "$hash_dir/$layer" - # Dying here doesn't terminate the pipeline. :( - verify_hash "$hash_dir/$layer" || die "Hash check $layer failed" ) + tee >(echo "$(sed -n "${layer}p" "$keyfile") $(openssl dgst -binary "-$(sed -rn "${layer}s/^[^ ]+ ([^ ]+).*/\\1/p" "$keyfile")" | base64 --wrap=0)" > "$hash_dir/$layer") else die "Unknown operation" fi | @@ -68,34 +59,24 @@ function go() { fi } -function record_hashes() { - if [[ "$mode" == d ]] || (( $# < 2 ));then - cat +go "$first_layer" + +for hash_result in "$hash_dir"/*;do + layer=$(basename "$hash_result") + if [[ "$mode" == e ]];then + # Add the hashes to keyfile + key_aside_dir=$(mktemp -d "$keyfile.XXXXXXXXXX") + key_aside="$key_aside_dir/key.orig" + mv "$keyfile" "$key_aside" + sed "${layer}s,.*,$(< "$hash_result")," "$key_aside" > "$keyfile" + shred -u "$key_aside" + rmdir "$key_aside_dir" else - stage=$1 - hash=$2 - shift 2 - tee >(openssl dgst -binary "-$hash" | base64 --wrap=0 | - sed "s/^/openssl-dgst $hash /;s/$/\n/" > "$hash_dir/$stage-$hash") | - record_hashes "$stage" "$@" + # Verify the hashes + if [[ "$(awk '{ print $3 == $4 ? "hash ok" : "mismatch" }' "$hash_result")" != "hash ok" ]];then + die "Hash check $layer failed" + fi fi -} - -record_hashes inner "${hashes[@]}" | go "$first_layer" | record_hashes outer "${hashes[@]}" - -if [[ "$mode" == e ]];then - # Add the hashes to keyfile - key_aside_dir=$(mktemp -d "$keyfile.XXXXXXXXXX") - key_aside="$key_aside_dir/key.orig" - mv "$keyfile" "$key_aside" - cat "$hash_dir"/outer-* "$key_aside" "$hash_dir"/inner* > "$keyfile" - shred -u "$key_aside" - rmdir "$key_aside_dir" -else - # Verify the hashes - for hash_result in "$hash_dir"/*;do - verify_hash "$hash_result" || die "Hash check $(basename "$hash_result") failed" - done -fi +done rm -r "$hash_dir" diff --git a/overonion-make-key b/overonion-make-key index 5c70275..0e588b2 100755 --- a/overonion-make-key +++ b/overonion-make-key @@ -16,6 +16,9 @@ ciphers=( aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb ) +hashes=( + sha sha1 mdc2 ripemd160 sha224 sha256 sha384 sha512 md4 md5 dss1 +) umask 077 @@ -45,10 +48,18 @@ function generate_keys() { done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; ) } +function generate_hashes() { + while read -r hash;do + echo "openssl-dgst $hash" + done < <( IFS=$'\n'; shuf <<< "${hashes[*]}"; ) +} + { + generate_hashes generate_keys echo "reverse" generate_keys + generate_hashes } > "$keyfile" echo 2>&1