keys.*: Enforce separation between user's files and the system.

[distorted-keys] / keys.keeper-cards

#! /bin/sh
###
### Issue cards containing a bunch of keeper secrets
###
### (c) 2011 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
KEEPER [INDICES ...]
Typeset cards for a set of keeper secrets.

This program writes a PostScript file to standard output which will contain
key nubs from the keeper set KEEPER, specifically the keys with the given
INDICES.  Elements of the list are either simple integers or ranges
[LOW]-[HIGH]; if LOW is omitted, it means 0, and if HIGH is omitted, it means
the highest possible index.  If no INDICES are given then all secret keys are
written.

The public keys are found in $KEYS/keeper/KEEPER/I.pub;
key nubs are read from the safe place where \`keys new-keeper' left
them.
HELP

## Parse the command line.
case $# in 0) usage_err ;; esac
keeper=$1; shift
checkword "keeper set label" "$keeper"

## Find out about the set.
if [ ! -f $KEYS/keeper/$keeper/meta ]; then
  echo >&2 "$quis: unknown keeper set \`$keeper'"
  exit 1
fi
read n hunoz <$KEYS/keeper/$keeper/meta

## Check that nubs are available for the keeper set.
reqsafe
if [ ! -d $SAFE/keys.keeper/$keeper/ ]; then
  echo >&2 "$quis: no nubs available for keeper set \`$keeper'"
  exit 1
fi
cd $SAFE/keys.keeper/$keeper/

## Build a colon-separated list of the indices we actually want.
want=:
case $# in 0) set 0- ;; esac
for range in "$@"; do
  case "$range" in
    *[!-0-9]* | *[!0-9]*-* | *-*[!0-9]*)
      echo >&2 "$quis: bad index range \`$range'"
      exit 1
      ;;
    *-*)
      low=${range%-*} high=${range#*-}
      ;;
    *)
      low=$range high=$range
      ;;
  esac
  case "$low" in ?*) ;; *) low=0 ;; esac
  case "$high" in ?*) ;; *) high=$(( $n - 1 )) ;; esac
  if [ 0 -gt $low -o $low -gt $high -o $high -ge $n ]; then
    echo >&2 "$quis: invalid index range \`$range'"
    exit 1
  fi
  i=$(( $low + 0 ))
  while [ $i -le $high ]; do
    case $want in *:"$i":*) ;; *) want=$want$i: ;; esac
    i=$(( $i + 1 ))
  done
done

## Start working on the output file.  This will contain deep secrets, so
## don't leave stuff easily readable.
mktmp
umask 077
exec 3>$tmp/$keeper.tex
cat >&3 <<'EOF'
\documentclass[a4paper, landscape, 12pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage[palatino, helvetica, courier, maths = cmr]{mdwfonts}
\usepackage{graphicx}

%% Report errors with enough context that we can debug them.
\errorcontextlines=999

%% Basic layout for the cards.  We use the paragraph filling machinery, but
%% don't actually need most of the trimmings.
\parindent=0pt
\parfillskip=0pt
\pagestyle{empty}

%% Page layout: try to use most of the page.  The document class will already
%% have set up the paper size, but we do the rest here.
\hoffset=-1in \voffset=-1in
\oddsidemargin=20mm
\textwidth=\paperwidth \advance\textwidth by -2\oddsidemargin
\topmargin=20mm
\headheight=0pt \headsep=0pt
\textheight=\paperheight \advance\textheight by -2\topmargin
\AtBeginDocument{\special{papersize=\the\paperwidth,\the\paperheight}}

%% Parameters for the cards and guide rules.
\newdimen\cardwd \cardwd=82mm
\newdimen\cardht \cardht=49mm
\newdimen\guidelen \guidelen=10mm
\newdimen\rulewd \rulewd=0.6pt

%% Typesetting the secret as text.  The macro \snarf TOKEN T0 T1 ... T7
%% gathers T0 T1 ... T7 into a single argument and passes them to TOKEN, as
%% long as T0 is not \relax.  We use this to process the secret text in a
%% continuation-passing style.
\def\snarf#1#2{%
  \ifx#2\relax\let\next\empty%
  \else\def\next{\snarfdo#1#2}%
  \fi%
  \next%
}
\def\snarfdo#1#2#3#4#5#6#7#8#9{#1{#2#3#4#5#6#7#8#9}}

%% Print the left and right halves of the line, with a separator.  Use boxes
%% for the lines so that TeX will work out the width of the enclosing vbox
%% for us.  The basic usage is \line TEXT \relax ... \relax, with eight
%% \relax tokens: this is enough to complete both \snarf calls.
\def\line{\snarf\lineleft}
\def\lineleft#1{\hbox\bgroup#1 \snarf\lineright}
\def\lineright#1{#1\egroup\line}

%% Typeset a card containing a secret.  Usage is \card{INDEX}{SECRET}.
\def\card#1#2{%
  %%
  %% Make sure we're setting a paragraph.
  \leavevmode%
  %%
  %% Initial material: a stretchy space on the left.
  \hbox{}\nobreak\hfil%
  %%
  %% An alignment for the guide markers surrounding the actual card.
  \vbox{\halign{&##\cr%
    %%
    %% Top left guides.
    \vrule width \guidelen height \rulewd depth 0pt%
    \vrule width \rulewd depth 0pt height \guidelen%
    &%
    %%
    %% Top centre gap.
    \hfil%
    &%
    %%
    %% Top right guides.
    \vrule width \rulewd depth 0pt height \guidelen%
    \vrule width \guidelen height \rulewd depth 0pt%
    \cr%
    %%
    %% Left gap.
    &%
    %%
    %% The actual card.
    \vbox to \cardht{%
      %%
      %% We actually do more or less sensible typesetting.  TeX will set the
      %% box width from the hsize, and we should leave a small margin all
      %% around.
      \parfillskip=0pt plus 1fil%
      \leftskip=1em \rightskip=1em%
      \hsize=\cardwd%
      %%
      %% The heading.
      \hrule height 0pt \prevdepth = 0pt%
      \medskip%
      {\large\bfseries\textsf{\keeper} secret #1/\total}%
      %%
      %% The QR-code and the text of the secret.
      \vfil%
      $%
      \vcenter{\hbox{\includegraphics[scale = 2.4]{#1.eps}}}%
      \hfil%
      \vcenter{\ttfamily%
        \line#2%
        \relax\relax\relax\relax\relax\relax\relax\relax%
      }%
      $%
      %%
      %% And we're done.
      \vfil%
    }%
    &%
    %%
    %% Right gap.
    \cr%
    %%
    %% Bottom left guides.
    \vrule width \guidelen depth \rulewd height 0pt%
    \vrule width \rulewd depth \guidelen height 0pt%
    &%
    %% Bottom centre gap.
    \hfil%
    &%
    %% Bottom right guides.
    \vrule width \rulewd depth \guidelen height 0pt%
    \vrule width \guidelen depth \rulewd height 0pt%
    \cr%
    %%
    %% Leave a small vertical space at the bottom to separate lines of cards.
    \strut \cr%
  }}%
  %%
  %% End material: a stretchy space to match the one at the start, and then
  %% allow a break.
  \nobreak\hfil\hbox{}%
  \penalty0%
}
EOF

## Write the basic configuration stuff.
cat >&3 <<EOF

%% General configuration for the cards.
\def\keeper{$keeper}
\def\total{$n}
EOF

## Start the document body.
cat >&3 <<'EOF'

%% The actual content.
\begin{document}
EOF

## Work through the requested indices.
i=0
while [ $i -lt $n ]; do
  case $want in
    *:"$i":*)
      read secret <$i
      tr -d '\n' <$i | qrencode -m0 -s1 -o$tmp/$i.png
      convert $tmp/$i.png $tmp/$i.eps
      cat >&3 <<EOF
\card{$i}{$secret}
EOF
  esac
  i=$(( $i + 1 ))
done

## Wrap up and build the document.
cat >&3 <<'EOF'
\end{document}
EOF
exec 3>&-
if ! (cd $tmp
    exec </dev/null >tex.out 2>&1
    latex $keeper.tex && dvips -o$keeper.ps $keeper.dvi); then
  echo >&2 "$quis: document formatting failed"
  sed >&2 's/^/| /' $tmp/tex.out
  exit 1
fi
cat $tmp/$keeper.ps

###----- That's all, folks --------------------------------------------------