LUKSUS.functions

#### FUNCTIONS ######

# SHOW LOGO, BUT DO IT OPTIMALLY BY DETERMINING TERMINAL SIZE
DISPLAYLOGO()
{
if [ $width -gt 119 ] 
then
  tail -n 12 LUKSUS.logo
  else
  head -n 6 LUKSUS.logo
fi
}

LOOPBACKMETHOD()
{
  if [[ $device = *loop* ]]
  then
    echo Running Linux
    echo Okay we are using $device ... Beginning loopbackmethod
    head -c $luksfilesize /dev/zero > $luksfile
    # block device housekeeping
    losetup -f 1>/dev/null 2>/dev/null
    losetup $device $luksfile
  elif [[ $device = *vn* ]]
    then
    echo DragonFlyBSD - Nice...
    echo Okay we are using $device ... Beginning loopbackmethod
    ghead -c $luksfilesize /dev/zero > $luksfile
    # block device housekeeping
    # vnconfig needs to run once first, it seems that the kernel
    # is initializing something on first run. Then it must run again.
    vnconfig 1>/dev/null 2>/dev/null
    vnconfig $device $luksfile
  else
    echo "Okay, not using a loopback device, proceeding in normal mode"
  fi

}  

DONTSHREDIFLOOPBACK()
{
  if [[ $device != *loop* ]]
  then
    echo "Okay we are using $device ... And we are on Linux BTW... Which is not a loopback device"
    echo Shredding ...
    # shred
    # Totally infuse the drive with random data
    # Good for paranoid and security minded people
    # This takes about 5 hours on a 3TB drive
    shred -f -v -n1 $device
  elif [[ $device = *vn* ]]
  then
    echo On DragonFlyBSD. Okay cool.
    echo in the middle of the shredding.place
    gshred -f -v -n1 $device
  else 
    echo "Okay, $device is a loopback device, not shredding. And we are on Linux BTW"
  fi
}  


ASKUSERVERIFY()
{
dialog --title "WELCOME TO $programname" \
--msgbox "\n$programname $version $date on $UNAME\n\n
Written by \n
$author
" 10 30

echo ################################################
echo DRIVE ENCRYPTION
echo THIS SCRIPT ASSUMES YOU WANT TO COMPLETELY ERASE
echo THE DEVICE YOU HAVE SPECIFIED
echo ################################################

dialog --title "DRIVE ENCRYPTION SCRIPT" \
--yesno "\nDETAILS AS SUBMITTED BY THE USER
\n \n \n
NAME: 	        $name \n
DRIVE:         $device \n
MOUNTPOINT:    $mountpoint \n
KEYFILE:       $keyfile \n
HEADER BACKUP: $headerfile\n
FILECONTAINER LOCATION: $luksfile\n
FILECONTAINER SIZE: $luksfilesize\n
ENCRYPTION USED: $ENCRYPTION\n
USING KEYFILE: $USEKEY\n
\n\n\n
ARE THESE VALUES CORRECT? \n\nIF UNSURE SAY NO.
" 50 50

case $? in
0)
    ;;
1)
  echo "You have pressed NO. LUKSUS will now close."  
  exit 1;;
255)
  echo "Box closed"   ;;
esac

DISPLAYLOGO
echo ################################################
echo DETAILS AS SUBMITTED BY THE USER
echo PLEASE VERIFY THAT THESE ARE CORRECT
echo DRIVE: $device
echo NAME: $name
echo MOUNTPOINT: $mountpoint
echo HEADER BACKUP: $headerfile
echo ENCRYPTION USED: $ENCRYPTION
echo USING KEYFILE: $USEKEY
echo KEYFILE: $keyfile
echo ################################################
echo JUST TO MAKE DOUBLY SURE THAT YOU ARE FORMATTING THE CORRECT DRIVE
echo WE ASK AGAIN. IS THIS THE CORRECT DEVICE TO FORMAT AND ENCRYPT?
echo YOU WILL NUKE YOUR DRIVE: $device
echo HIT CTRL+C NOW TO QUIT, OR HIT ANY KEY TO CONTINUE
echo ""
echo SERIOUSLY - LAST CHANCE
read || exit
}


LUKSUS1TRUECRYPT()
{
# Begin the encryption - with TrueCrypt?
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $USEKEY == false ]];
then
echo TrueCrypt mode
# had to remove --map=$name
tcplay --create --device=$device --cipher=AES-256-XTS
else
echo Continuing
fi
}


LUKSUS1TRUECRYPTKEYFILE()
{
# Begin the encryption - with TrueCrypt and with key?
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $USEKEY == TRUE ]];
then
echo TrueCrypt mode
# had to remove --map=$name
tcplay --create --device=$device --cipher=AES-256-XTS --keyfile=$keyfile
else
echo Continuing
fi
}

LUKSUS2LUKS()
{
# Begin the encryption - with LUKS and with a keyfile?
if [[ $USEKEY = true ]];
#if [[ $USEKEY == true ]] && [[ $ENCRYPTION == LUKS ]] ;
then
# generate a keyfile using completely random data
dd if=/dev/urandom of=$keyfile bs=512 count=256
# cryptsetup
# format the drive using encryption
# create an encrypted drive with aes-xts-plain cipher
# key size 512
# remember that the key size will increase the safety of the
# encryption, but the a stronger keyfile with more entropy (randomness)
# will produce the best security. 
echo Cryptsetup mode
cryptsetup --batch-mode --verbose --key-size=512 --cipher=aes-xts-plain64 luksFormat $device $keyfile
else
echo Proceeding
fi
}

LUKSUS2LUKSPASSPHRASE()
{
if [[ $ENCRYPTION == LUKS ]] && [[ $USEKEY == false ]];
then
echo LUKS with Passphrase
echo Danger Will Robinson. 
echo You will only be prompted for a password once. Type carefully.
cryptsetup --batch-mode --verbose --cipher=aes-xts-plain64 luksFormat $device
else
echo Proceeding
fi
}

LUKSUS3LUKSVERIFY()
{
if [[ $ENCRYPTION = LUKS ]];
then
# cryptsetup isLuks
# check to see if the device has got a valid LUKS container
# if it does not, then exit
echo "Checking to see if the device contains a LUKS volume"
cryptsetup isLuks $device  || "echo "The device does not contain a LUKS volume. This is a problem since it should have a LUKS volume by now. Please check commandline arguments and try again" && exit 1"
echo "The device positively contains a LUKS volume."
echo "Great!"
echo "Continuing"
# cryptsetup luksHeaderBackup
# backup the header of the luks container
# as strongly recommended by the luks FAQ
# if it does not, then exit
echo "Taking a backup of the LUKS container header"
cryptsetup luksHeaderBackup --header-backup-file=$headerfile $device --verbose || echo "Something went wrong and LUKSUS failed to backup the LUKS header. Please check commandline arguments and try again." && echo 1
echo "The LUKS container header has been backed up successfully"
echo "Great!"
echo "Continuing LUKSUS"

else 
echo NOT WITH LUKS
fi
}

LUKSUS4LUKSOPEN()
{
if [[ $ENCRYPTION = LUKS ]];
then
# cryptsetup luksOpen
# mount the encrypted drive using a keyfile
cryptsetup luksOpen $device $name --key-file=$keyfile 1>/dev/null 2>/dev/null
cryptsetup luksOpen $device $name
else 
echo Proceeding
fi
}


CREATEANDMOUNTFS()
{
# mkdir
# create mountpoint & keydirectory
# i should create an if routine here
# works for now
mkdir -p $mountpoint
mkdir -p $keydir
if [ $UNAME == DragonFly ] ;
then
echo DragonFlyBSD mode
# ON DRAGONFLY, WE MUST USE THE UFS FILESYSTEM INSTEAD
newfs /dev/mapper/$name
# mounting
mount /dev/mapper/$name /mnt/$name
else
# mkfs.ext4 - create a filesystem on top of the encrypted drive
mkfs.ext4 /dev/mapper/$name
# if [ $? -ne 0 ] ; then # retired line
    mkfs.ext4 -F $device
# mounting the newly created drive
mount -t ext4 /dev/mapper/$name $mountpoint > /dev/null 2>&1
# if [ $? -ne 0 ] ; then # retired line
    mount -t ext4 $device $mountpoint > /dev/null 2>&1

fi
}

DISPLAYSUMMARY()
{
echo ################################################
date
echo Results of LUKSUS:
echo DRIVE: $device
echo NAME: $name
echo KEYFILE: $keyfile
echo MOUNTPOINT: $mountpoint
echo HEADER BACKUP: $headerfile
echo ENCRYPTION USED: $ENCRYPTION
echo CONTAINER $luksfile $luksfilesize MB
echo Currently mounted at: `mount | grep $name`
echo `df -h | head -n 1`
echo `df -h | grep $name`
echo ################################################
time2="$(date +%s.%N)"
# This time taken needs attention - does not work anymore
# for some reason
# echo "Time taken: 0$(echo $time2-$time1 | bc) seconds"
ls -l $device
#ls -l $luksfile
}