1.1 --- a/src/encryptionprovider.py Wed May 21 14:29:04 2014 +0200
1.2 +++ b/src/encryptionprovider.py Thu Jun 05 13:59:54 2014 +0200
1.3 @@ -117,9 +117,6 @@
1.4 listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath)
1.5 thread.start_new_thread(listener.run, (interface, port,))
1.6
1.7 - #command = [script, device, mountpoint, password];
1.8 - #result = runExternalScripts (command);
1.9 -
1.10 close = False
1.11 while (close == False):
1.12 time.sleep(1)
1.13 @@ -133,14 +130,31 @@
1.14 LOG.error ("Stick \"%s\" removed -> exit" %(device,))
1.15 sys.exit(1)
1.16
1.17 +def initDevice (script, interface, port, device, mountpoint, keyfilepath):
1.18 + listener = MyRestListener (opensecurity_urls, globals(), script = script, device = device, mountpoint = mountpoint, tries = 3, keyfilepath = keyfilepath)
1.19 + thread.start_new_thread(listener.run, (interface, port,))
1.20 +
1.21 + close = False
1.22 + while (close == False):
1.23 + time.sleep(1)
1.24 + if (os.path.ismount(mountpoint) == True):
1.25 + close = True
1.26 + LOG.info ("Stick \"%s\" was mounted sucessfully to \"%s\"" %(device, mountpoint,))
1.27 + sys.exit(0)
1.28 +
1.29 + if (os.path.exists(device) == False):
1.30 + close = True
1.31 + LOG.info ("Stick \"%s\" was removed. Exit" %(device,))
1.32 + sys.exit(0)
1.33 +
1.34
1.35 if __name__ == "__main__":
1.36
1.37 parser = argparse.ArgumentParser(epilog='--mount, --umount and --initialize are mutually exclusive')
1.38 group = parser.add_mutually_exclusive_group(required=True)
1.39 - group.add_argument('-m', '--mount', action='store', nargs=4, dest='mount', help='Mounts an encrypted device.', metavar=("interface", "port", "tcfile", "mountpoint"))
1.40 - group.add_argument('-u', '--umount', action='store', nargs=1, dest='umount', help='Unmounts an encrypted device', metavar="tcfile")
1.41 - group.add_argument('-i', '--initialize', action='store', nargs=4, dest='initialize', help='Initialize an device.', metavar=("interface", "port", "tcfile", "mountpoint"))
1.42 + group.add_argument('-m', '--mount', action='store', nargs=4, dest='mount', help='Mounts an encrypted device.', metavar=("interface", "port", "device", "mountpoint"))
1.43 + group.add_argument('-u', '--umount', action='store', nargs=1, dest='umount', help='Unmounts an encrypted device', metavar="device")
1.44 + group.add_argument('-i', '--initialize', action='store', nargs=4, dest='initialize', help='Initialize an device.', metavar=("interface", "port", "device", "mountpoint"))
1.45 group.add_argument('-g', '--getdevices', action='store_true', dest="getdevices", help='Returns a list of all mounted encrypted devices')
1.46 arguments = parser.parse_args()
1.47
1.48 @@ -158,4 +172,4 @@
1.49 mountDevice (config.get ("Main", "MountScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile"))
1.50
1.51 if (arguments.initialize):
1.52 - print ("Init: %s" %(arguments.initialize,))
1.53 + initDevice (config.get ("Main", "InitScript"), arguments.mount[0], int(arguments.mount[1]), arguments.mount[2], arguments.mount[3], config.get ("Main", "Keyfile"))
2.1 --- a/src/passwordreceiver.py Wed May 21 14:29:04 2014 +0200
2.2 +++ b/src/passwordreceiver.py Thu Jun 05 13:59:54 2014 +0200
2.3 @@ -6,12 +6,9 @@
2.4 import os
2.5 import sys
2.6
2.7 -
2.8 -# SETTINGS ====================================================================
2.9 -truecrypt_cmd = "/usr/bin/truecrypt"
2.10 -
2.11 opensecurity_urls = (
2.12 - '/password', 'os_password'
2.13 + '/password', 'os_password',
2.14 + '/init', 'os_init'
2.15 )
2.16
2.17 class os_password:
2.18 @@ -19,7 +16,7 @@
2.19 # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
2.20 def deleteKeyfile(self, keyfilepath):
2.21 filesize = os.path.getsize(keyfilepath)
2.22 - keyfile = open (keyfilepath, "wr+")
2.23 + keyfile = open (keyfilepath, "w+")
2.24 for i in range (0, 10):
2.25 keyfile.seek(0)
2.26 keyfile.write(os.urandom(filesize))
2.27 @@ -40,7 +37,7 @@
2.28 raise web.badrequest()
2.29
2.30 if "keyfile" in args:
2.31 - keyfile = open (settings["keyfilepath"], "rw+")
2.32 + keyfile = open (settings["keyfilepath"], "w+")
2.33 keyfile.write(args["keyfile"])
2.34 keyfile.close()
2.35 command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
2.36 @@ -59,6 +56,50 @@
2.37
2.38 return "Success: Encrypted Stick is mounted"
2.39
2.40 +class os_init:
2.41 + # delete the key file in a secure way (will not working on ssd's :/ ,but ram only vm -> should be ok)
2.42 + def deleteKeyfile(self, keyfilepath):
2.43 + filesize = os.path.getsize(keyfilepath)
2.44 + keyfile = open (keyfilepath, "w+")
2.45 + for i in range (0, 10):
2.46 + keyfile.seek(0)
2.47 + keyfile.write(os.urandom(filesize))
2.48 + keyfile.flush()
2.49 + keyfile.close()
2.50 + os.remove(keyfilepath)
2.51 +
2.52 +
2.53 + def GET(self, settings):
2.54 + return self.POST(settings)
2.55 +
2.56 + def POST(self, settings):
2.57 +
2.58 + # pick the arguments
2.59 + args = web.input()
2.60 +
2.61 + if not "password" in args:
2.62 + raise web.badrequest()
2.63 +
2.64 + if "keyfile" in args:
2.65 + keyfile = open (settings["keyfilepath"], "w+")
2.66 + keyfile.write(args["keyfile"])
2.67 + keyfile.close()
2.68 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"], settings["keyfilepath"]]
2.69 + else:
2.70 + command = [settings["script"], settings["device"], settings["mountpoint"], args["password"]]
2.71 +
2.72 + process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
2.73 + retval = process.wait()
2.74 + ( stdout, stderr ) = process.communicate()
2.75 +
2.76 + if "keyfile" in args:
2.77 + self.deleteKeyfile(settings["keyfilepath"])
2.78 +
2.79 + if (retval != 0):
2.80 + raise web.badrequest(stderr)
2.81 +
2.82 + return "Success: Stick is initialized and mounted"
2.83 +
2.84 class MyRestListener(web.application):
2.85 def __init__(self, mapping=(), fvars={}, autoreload=None, script=None, device=None, mountpoint=None, tries=None, keyfilepath=None):
2.86 web.application.__init__(self, mapping, fvars, autoreload)
3.1 --- a/truecrypt_scripts/truecrypt_init.sh Wed May 21 14:29:04 2014 +0200
3.2 +++ b/truecrypt_scripts/truecrypt_init.sh Thu Jun 05 13:59:54 2014 +0200
3.3 @@ -1,8 +1,5 @@
3.4 #!/bin/sh
3.5
3.6 -# ToDo implement me
3.7 -exit 1
3.8 -
3.9 BASEDIR="$(dirname $0)"
3.10 DEVICE="$1"
3.11 MOUNTPOINT="$2"
3.12 @@ -17,17 +14,43 @@
3.13 exit 1
3.14 fi
3.15
3.16 +if [ -z "$KEYFILE" ]
3.17 +then
3.18 + message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" "$DEVICE")"
3.19 + result="$?"
3.20 +else
3.21 + message="$($tc_cmd -c --non-interactive --quick --filesystem=none --encryption=AES --hash=RIPEMD-160 -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")"
3.22 + result="$?"
3.23 +fi
3.24 +
3.25 +if [ "$result" != "0" ]
3.26 +then
3.27 + exit 1
3.28 +fi
3.29
3.30
3.31 -truecrypt -c /dev/sdb /tmp/mnt/ --quick -p 'Test1234!' -k /home/spawn/mytestkey.key --filesystem=none --encryption=AES --hash=RIPEMD-160 --non-interactive
3.32
3.33 if [ -z "$KEYFILE" ]
3.34 then
3.35 - message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD")"
3.36 + message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" "$DEVICE")"
3.37 + result="$?"
3.38 else
3.39 - message="$($tc_cmd --non-interactive "$DEVICE" "$MOUNTPOINT" -p "$PASSWORD" -k "$KEYFILE")"
3.40 + message="$message\n$($tc_cmd --non-interactive --filesystem=none -p "$PASSWORD" -k "$KEYFILE" "$DEVICE")"
3.41 + result="$?"
3.42 fi
3.43
3.44 +if [ "$result" != "0" ]
3.45 +then
3.46 + exit 1
3.47 +fi
3.48 +
3.49 +
3.50 +
3.51 +
3.52 +
3.53 +TC_DEVICE=$(truecrypt -l | awk '{print $3}')
3.54 +
3.55 +message="$message\n$(mkfs.ntfs --quick "$TC_DEVICE")"
3.56 result="$?"
3.57
3.58 if [ "$result" != "0" ]
3.59 @@ -35,5 +58,7 @@
3.60 exit 1
3.61 fi
3.62
3.63 +mount "$TC_DEVICE" "$MOUNTPOINT"
3.64 +
3.65 echo "$message"
3.66 exit 0
3.67 \ No newline at end of file