Spellcheck and remove unused files
Some minor, cosmetic cleanups.
This commit is contained in:
Johannes Bauer
parent
e0444c493e
commit
912b874f7a
12
README.md
12
README.md
@ -1,5 +1,5 @@
|
||||
# luksrku
|
||||
luksrku is a tool that allows you to remotely unlock LUKS disks during bootup
|
||||
luksrku is a tool that allows you to remotely unlock LUKS disks during boot up
|
||||
from within your initrd. The intention is to have full-disk-encryption with
|
||||
LUKS-rootfs running headlessly. You should be able to remotely unlock their
|
||||
LUKS cryptographic file systems when you know they have been (legitimately)
|
||||
@ -9,7 +9,7 @@ This works as follows: The luksrku client (which needs unlocking) and luksrku
|
||||
server (which holds all the LUKS keys) share a secret. The client either knows
|
||||
the address of the server or it can issue a broadcast in the network to find
|
||||
the correct one. With the help of the shared secret, a TLS connection is
|
||||
established betweem the client and a legitimate server (who also knows the same
|
||||
established between the client and a legitimate server (who also knows the same
|
||||
secret). The server then tells the client all the LUKS passphrases, which
|
||||
performs luksOpen on all volumes.
|
||||
|
||||
@ -51,8 +51,8 @@ While it might seem nonsensical to encrypt memory and have the key right next
|
||||
to the encrypted data, the reason for this this is to thwart cold-boot attacks.
|
||||
A successful cold-boot attack would require a complete and perfect 1 MiB
|
||||
snapshot of the pre-key (or an acquisition in the short timeframe where the
|
||||
keyvault is open) -- something that is difficult to do because of naturally
|
||||
occuring bit errors during cold boot acquisition.
|
||||
key vault is open) -- something that is difficult to do because of naturally
|
||||
occurring bit errors during cold boot acquisition.
|
||||
|
||||
## Dependencies
|
||||
OpenSSL v1.1 is required for luksrku as well as pkg-config.
|
||||
@ -69,7 +69,7 @@ Available commands:
|
||||
./luksrku server Start a key server process
|
||||
./luksrku client Unlock LUKS volumes by querying a key server
|
||||
|
||||
For futher help: ./luksrku (command) --help
|
||||
For further help: ./luksrku (command) --help
|
||||
|
||||
luksrku version v0.02-45-gf01ec97d6b-dirty
|
||||
```
|
||||
@ -80,7 +80,7 @@ Then, for each command, you have an own help page:
|
||||
$ ./luksrku edit --help
|
||||
usage: luksrku edit [-v] [filename]
|
||||
|
||||
Edits a luksrks key database.
|
||||
Edits a luksrku key database.
|
||||
|
||||
positional arguments:
|
||||
filename Database file to edit.
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:16
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:16
|
||||
*/
|
||||
|
||||
#ifndef __ARGPARSE_CLIENT_H__
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:15
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
@ -110,7 +110,7 @@ bool argparse_edit_parse(int argc, char **argv, argparse_edit_callback_t argumen
|
||||
void argparse_edit_show_syntax(void) {
|
||||
fprintf(stderr, "usage: luksrku edit [-v] [filename]\n");
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "Edits a luksrks key database.\n");
|
||||
fprintf(stderr, "Edits a luksrku key database.\n");
|
||||
fprintf(stderr, "\n");
|
||||
fprintf(stderr, "positional arguments:\n");
|
||||
fprintf(stderr, " filename Database file to edit.\n");
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:15
|
||||
*/
|
||||
|
||||
#ifndef __ARGPARSE_EDIT_H__
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:15
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
*
|
||||
* Do not edit it by hand, your changes will be overwritten.
|
||||
*
|
||||
* Generated at: 2019-10-25 11:06:30
|
||||
* Generated at: 2019-10-25 20:39:15
|
||||
*/
|
||||
|
||||
#ifndef __ARGPARSE_SERVER_H__
|
||||
|
||||
@ -1,80 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# TwoColPrint - Print text in two columns, wrap as appropriate.
|
||||
# Copyright (C) 2011-2012 Johannes Bauer
|
||||
#
|
||||
# This file is part of jpycommon.
|
||||
#
|
||||
# jpycommon is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; this program is ONLY licensed under
|
||||
# version 3 of the License, later versions are explicitly excluded.
|
||||
#
|
||||
# jpycommon is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with jpycommon; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
# Johannes Bauer <JohannesBauer@gmx.de>
|
||||
#
|
||||
# File UUID c2de9b77-c699-490d-930f-21689e04b12f
|
||||
|
||||
import sys
|
||||
import textwrap
|
||||
import collections
|
||||
|
||||
_Row = collections.namedtuple("Row", [ "left", "right", "annotation" ])
|
||||
|
||||
class TwoColPrint(object):
|
||||
def __init__(self, prefix = "", total_width = 120, spacer_width = 3, width_ratio = 0.25):
|
||||
self._rows = [ ]
|
||||
self._prefix = prefix
|
||||
self._total_width = total_width
|
||||
self._spacer_width = spacer_width
|
||||
self._width_ratio = width_ratio
|
||||
|
||||
def addrow(self, left_col, right_col, annotation = None):
|
||||
self._rows.append(_Row(left = left_col, right = right_col, annotation = annotation))
|
||||
return self
|
||||
|
||||
def __iter__(self):
|
||||
text_width = self._total_width - len(self._prefix) - self._spacer_width
|
||||
assert(text_width > 2)
|
||||
left_width = round(self._width_ratio * text_width)
|
||||
right_width = text_width - left_width
|
||||
assert(len(self._prefix) + left_width + self._spacer_width + right_width == self._total_width)
|
||||
|
||||
spacer = " " * self._spacer_width
|
||||
for row in self._rows:
|
||||
left_break = textwrap.wrap(row.left, width = left_width)
|
||||
right_break = textwrap.wrap(row.right, width = right_width)
|
||||
|
||||
if len(left_break) < len(right_break):
|
||||
left_break += [ "" ] * (len(right_break) - len(left_break))
|
||||
elif len(left_break) > len(right_break):
|
||||
right_break += [ "" ] * (len(left_break) - len(right_break))
|
||||
|
||||
for (leftline, rightline) in zip(left_break, right_break):
|
||||
|
||||
yield ("%s%-*s%s%s" % (self._prefix, left_width, leftline, spacer, rightline), row.annotation)
|
||||
|
||||
def print(self, f = None):
|
||||
if f is None:
|
||||
f = sys.stdout
|
||||
for (line, annotation) in self:
|
||||
print(line, file = f)
|
||||
|
||||
if __name__ == "__main__":
|
||||
t = TwoColPrint(prefix = " ")
|
||||
t.addrow("foobar", "This is the first piece, which is foobar. A foobar is very cool! This is the first piece, which is foobar. A foobar is very cool!")
|
||||
t.addrow("barfjdiojf", "And here's a barwhatever And here's a barwhatever And here's a barwhatever")
|
||||
t.addrow("x", "Cool, a x.")
|
||||
t.addrow("And here's a barwhatever And here's a barwhatever And here's a barwhatever", "barfjdiojf")
|
||||
t.print()
|
||||
|
||||
|
||||
|
||||
@ -1,93 +0,0 @@
|
||||
#!/usr/bin/python3
|
||||
import textwrap
|
||||
|
||||
class HelpPagePrinter(object):
|
||||
def __init__(self):
|
||||
self._entries = [ ]
|
||||
self._lcolsize = None
|
||||
|
||||
def add(self, lhs, rhs):
|
||||
if isinstance(lhs, str):
|
||||
lhs = (lhs, )
|
||||
else:
|
||||
lhs = (", ".join(lhs), )
|
||||
if isinstance(rhs, str):
|
||||
rhs = (rhs, )
|
||||
self._entries.append((lhs, rhs))
|
||||
|
||||
def _format_entry(self, entry):
|
||||
(lhs, rhs) = entry
|
||||
lhs = list(lhs)
|
||||
rhs = list(rhs)
|
||||
|
||||
right_lines = [ ]
|
||||
for block in rhs:
|
||||
right_lines += textwrap.wrap(block, width = 86 - self._lcolsize)
|
||||
|
||||
if len(lhs) < len(right_lines):
|
||||
lhs += [ "" ] * (len(right_lines) - len(lhs))
|
||||
elif len(lhs) > len(right_lines):
|
||||
right_lines += [ "" ] * (len(lhs) - len(right_lines))
|
||||
for (left, right) in zip(lhs, right_lines):
|
||||
yield "%-*s %s" % (self._lcolsize, left, right.replace("\xa0", " "))
|
||||
|
||||
def _determine_lcolsize(self):
|
||||
self._lcolsize = 0
|
||||
for (lhs, rhs) in self._entries:
|
||||
for line in lhs:
|
||||
self._lcolsize = max(self._lcolsize, len(line))
|
||||
|
||||
def format_params(self):
|
||||
lines = [ "" ]
|
||||
for (lhs, rhs) in self._entries:
|
||||
par = lhs[0].strip()
|
||||
|
||||
newline = lines[-1] + (" (%s)" % (par))
|
||||
if len(newline) < 80:
|
||||
lines[-1] = newline
|
||||
else:
|
||||
lines.append("(%s)" % (par))
|
||||
yield from lines
|
||||
|
||||
|
||||
def format_help(self):
|
||||
self._determine_lcolsize()
|
||||
for entry in self._entries:
|
||||
yield from self._format_entry(entry)
|
||||
|
||||
hpp = HelpPagePrinter()
|
||||
hpp.add([ "-c", "--client-mode" ], "Specifies client mode, i.e., that this host will unlock the LUKS disk of a different machine.")
|
||||
hpp.add([ "-s", "--server-mode" ], "Specifies server mode, i.e., that this host will announce its presence via UDP broadcasts and then receive the LUKS credentials from a peer.")
|
||||
hpp.add([ "-k", "--keydb=FILE" ], "Gives the binary key database file which will be used. In server mode, this contains only one entry (specifying the UUID of the host, the PSK and the UUIDs and names of the disks to be unlocked), while in client mode this may contain multiple entries (to unlock many different peers) and also contains the LUKS credentials for the respective disks.")
|
||||
hpp.add([ "-u", "--unlock=CNT" ], "Specifies the maximum number of unlocking actions that are taken. In client mode, this defaults to 1. In server mode, it defaults to infinite (or until all disks have successfully been unlocked). Zero means infinite.")
|
||||
hpp.add([ "-p", "--port=PORT" ], "Specifies the port on which is listened for UDP broadcasts and also the port on which TCP requests are sent out (the two are always identical). Default port ist 23170.")
|
||||
hpp.add([ "--max-bcast-errs=CNT" ], "This is the number of UDP broadcast attempts luksrku will make before giving up. Usually this is because sendto(2) fails when the network is configured improperly. Giving up in this case enables manual key entry. This defaults to 5 tries.")
|
||||
hpp.add([ "-v", "--verbose" ], "Increase logging verbosity.")
|
||||
for (index, line) in enumerate(hpp.format_params()):
|
||||
if index == 0:
|
||||
print(" fprintf(stderr, \"%%s%s\\n\", pgmname);" % (line))
|
||||
else:
|
||||
print(" fprintf(stderr, \" %s\\n\");" % (line))
|
||||
print(" fprintf(stderr, \"\\n\");")
|
||||
for line in hpp.format_help():
|
||||
print(" fprintf(stderr, \" %s\\n\");" % (line))
|
||||
print(" fprintf(stderr, \"\\n\");")
|
||||
|
||||
|
||||
#examples = [
|
||||
# ("--client-mode ",
|
||||
# "Converts {device} to a LUKS partition with default parameters."),
|
||||
# ("-d {device} --resume-file myresume.dat",
|
||||
# "Converts {device} to a LUKS partition with default parameters and store resume information in myresume.dat in case of an abort."),
|
||||
# ("-d {device} -k /root/secure_key/keyfile.bin --luksparams='-c,twofish-lrw-benbi,-s,320,-h,sha256'",
|
||||
# "Converts {device} to a LUKS partition and stores the initially used keyfile in /root/secure_key/keyfile.bin. Additionally some LUKS parameters are passed that specify that the Twofish cipher should be used with a 320 bit keysize and SHA-256 as a hash function."),
|
||||
# ("-d {device} --resume --resume-file /root/resume.bin",
|
||||
# "Resumes a crashed LUKS conversion of {device} using the file /root/resume.bin which was generated at the first (crashed) luksipc run."),
|
||||
# ("-d {device} --readdev /dev/mapper/oldluks",
|
||||
# "Convert the raw device {device}, which is already a LUKS container, to a new LUKS container. For example, this can be used to change the encryption parameters of the LUKS container (different cipher) or to change the bulk encryption key. In this example the old container is unlocked and accessible under /dev/mapper/oldluks."),
|
||||
#]
|
||||
#print("fprintf(stderr, \"Examples:\\n\");")
|
||||
#for (cmd, desc) in examples:
|
||||
# print("fprintf(stderr, \" %%s %s\\n\", argv[0]);" % (cmd.replace("{device}", device)))
|
||||
# for line in textwrap.wrap(desc.replace("{device}", device), width = 80):
|
||||
# print("fprintf(stderr, \" %s\\n\");" % (line))
|
||||
@ -1,4 +1,4 @@
|
||||
import argparse
|
||||
parser = argparse.ArgumentParser(prog = "luksrku edit", description = "Edits a luksrks key database.", add_help = False)
|
||||
parser = argparse.ArgumentParser(prog = "luksrku edit", description = "Edits a luksrku key database.", add_help = False)
|
||||
parser.add_argument("-v", "--verbose", action = "count", default = 0, help = "Increase verbosity. Can be specified multiple times.")
|
||||
parser.add_argument("filename", metavar = "filename", nargs = "?", type = str, help = "Database file to edit.")
|
||||
|
||||
Loading…
Reference in New Issue
Block a user