Commit | Line | Data |
---|---|---|
53263601 MW |
1 | ### -*-sh-*- |
2 | ### | |
3 | ### Common key management functions. | |
4 | ### | |
5 | ### (c) 2011 Mark Wooding | |
6 | ### | |
7 | ||
8 | ###----- Licensing notice --------------------------------------------------- | |
9 | ### | |
10 | ### This program is free software; you can redistribute it and/or modify | |
11 | ### it under the terms of the GNU General Public License as published by | |
12 | ### the Free Software Foundation; either version 2 of the License, or | |
13 | ### (at your option) any later version. | |
14 | ### | |
15 | ### This program is distributed in the hope that it will be useful, | |
16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ### GNU General Public License for more details. | |
19 | ### | |
20 | ### You should have received a copy of the GNU General Public License | |
21 | ### along with this program; if not, write to the Free Software Foundation, | |
22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
23 | ||
24 | quis=${0##*/} | |
25 | ||
26 | ###-------------------------------------------------------------------------- | |
27 | ### Configuration variables. | |
28 | ||
29 | PACKAGE="@PACKAGE@" VERSION="@VERSION@" | |
30 | pkgconfdir="@pkgconfdir@" pkglibdir="@pkglibdir@" | |
31 | bindir="@bindir@" | |
32 | ||
33 | case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac | |
34 | ||
35 | ###-------------------------------------------------------------------------- | |
36 | ### Cleanup handling. | |
37 | ||
38 | cleanups="" | |
39 | cleanup () { cleanups="$cleanups $1"; } | |
40 | trap 'rc=$?; for i in $cleanups; do $i; done; exit $rc' EXIT | |
41 | trap 'exit 127' INT TERM | |
42 | ||
43 | ###-------------------------------------------------------------------------- | |
44 | ### Utility functions. | |
45 | ||
46 | ## Temporary directory. | |
47 | unset tmp | |
48 | rmtmp () { cd /; rm -rf $tmp; } | |
49 | mktmp () { | |
50 | ## Make and return the name of a temporary directory. | |
51 | ||
52 | case "${tmp+t}" in t) echo "$tmp"; return ;; esac | |
53 | mem=$(userv root claim-mem-dir) | |
54 | tmp="$mem/keys.tmp.$$" | |
55 | rm -rf "$tmp" | |
56 | mkdir -m700 "$tmp" | |
57 | echo "$tmp" | |
58 | } | |
59 | ||
60 | ###-------------------------------------------------------------------------- | |
61 | ### Input validation functions. | |
62 | ||
63 | checknumber () { | |
64 | what=$1 thing=$2 | |
65 | case "$thing" in | |
66 | "" | [!1-9]* | *[!0-9]*) | |
67 | echo >&2 "$quis: bad $what \`$thing'" | |
68 | exit 1 | |
69 | ;; | |
70 | esac | |
71 | } | |
72 | ||
73 | checkword () { | |
74 | what=$1 thing=$2 | |
75 | case "$thing" in | |
76 | "" | *[!-0-9a-zA-Z_!%@+=]*) | |
77 | echo >&2 "$quis: bad $what: \`$thing'" | |
78 | exit 1 | |
79 | ;; | |
80 | esac | |
81 | } | |
82 | ||
83 | ###-------------------------------------------------------------------------- | |
84 | ### Crypto operations. | |
85 | ### | |
86 | ### We use Seccure for this, but it's interface is Very Annoying. | |
87 | ||
88 | run_seccure () { | |
89 | op=$1; shift | |
90 | ## run_seccure OP ARG ... | |
91 | ## | |
92 | ## Run a Seccure program, ensuring that its stderr is reported if it had | |
93 | ## anything very interesting to say, but suppressed if it was boring. | |
94 | ||
95 | ## We need a temporary place for the error output. | |
96 | case ${tmp+t} in | |
97 | t) ;; | |
98 | *) | |
99 | echo >&2 "$quis (INTERNAL): run_seccure called without tmpdir" | |
100 | exit 127 | |
101 | ;; | |
102 | esac | |
103 | ||
104 | ## Run the program. | |
105 | set +e; seccure-$op "$@" 2>$tmp/seccure.out; rc=$?; set -e | |
106 | grep -v '^WARNING: Cannot obtain memory lock' $tmp/seccure.out >&2 || : | |
107 | return $rc | |
108 | } | |
109 | ||
110 | ec_public () { | |
111 | private=$1 | |
112 | ## Write the public key corresponding to PRIVATE to stdout. | |
113 | ||
114 | run_seccure key -q -cp256 -F"$private" | |
115 | } | |
116 | ||
117 | ec_keygen () { | |
118 | private=$1 public=$2 | |
119 | ## Make a new key, write private key to PRIVATE and public key to PUBLIC. | |
120 | ||
121 | dd if=/dev/random bs=1 count=512 2>/dev/null | | |
122 | openssl sha384 -binary | | |
123 | (umask 077 && openssl base64 >"$private") | |
124 | ec_public "$private" >"$public" | |
125 | } | |
126 | ||
127 | ec_encrypt () { | |
128 | public=$1; shift | |
129 | ## Encrypt stuff using the PUBLIC key. Use -i/-o or redirection. | |
130 | ||
131 | run_seccure encrypt -q -cp256 -m128 "$@" -- $(cat "$public") | |
132 | } | |
133 | ||
134 | ec_decrypt () { | |
135 | private=$1; shift | |
136 | ## Decrypt stuff using the PRIVATE key. Use -i/-o or redirection. | |
137 | ||
138 | run_seccure decrypt -q -cp256 -m128 -F"$private" "$@" | |
139 | } | |
140 | ||
141 | ###-------------------------------------------------------------------------- | |
142 | ### Help text. | |
143 | ||
144 | dohelp () { | |
145 | case "$KEYS_HELP" in t) ;; *) return ;; esac | |
146 | help; exit | |
147 | } | |
148 | ||
149 | defhelp () { read umsg; usage="usage: $quis${umsg+ }$umsg"; help=$(cat); } | |
150 | help () { showhelp; } | |
151 | showhelp () { | |
152 | cat <<EOF | |
153 | $usage | |
154 | ||
155 | $help | |
156 | EOF | |
157 | } | |
158 | ||
159 | ###----- That's all, folks -------------------------------------------------- |