-
Notifications
You must be signed in to change notification settings - Fork 4
/
LUKSUS.functions
executable file
·277 lines (254 loc) · 7.24 KB
/
LUKSUS.functions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
#### FUNCTIONS ######
# SHOW LOGO, BUT DO IT OPTIMALLY BY DETERMINING TERMINAL SIZE
DISPLAYLOGO()
{
if [ $width -gt 119 ]
then
tail -n 12 LUKSUS.logo
else
head -n 6 LUKSUS.logo
fi
}
LOOPBACKMETHOD()
{
if [[ $device = *loop* ]]
then
echo Running Linux
echo Okay we are using $device ... Beginning loopbackmethod
head -c $luksfilesize /dev/zero > $luksfile
# block device housekeeping
losetup -f 1>/dev/null 2>/dev/null
losetup $device $luksfile
elif [[ $device = *vn* ]]
then
echo DragonFlyBSD - Nice...
echo Okay we are using $device ... Beginning loopbackmethod
ghead -c $luksfilesize /dev/zero > $luksfile
# block device housekeeping
# vnconfig needs to run once first, it seems that the kernel
# is initializing something on first run. Then it must run again.
vnconfig 1>/dev/null 2>/dev/null
vnconfig $device $luksfile
else
echo "Okay, not using a loopback device, proceeding in normal mode"
fi
}
DONTSHREDIFLOOPBACK()
{
if [[ $device != *loop* ]]
then
echo "Okay we are using $device ... And we are on Linux BTW... Which is not a loopback device"
echo Shredding ...
# shred
# Totally infuse the drive with random data
# Good for paranoid and security minded people
# This takes about 5 hours on a 3TB drive
shred -f -v -n1 $device
elif [[ $device = *vn* ]]
then
echo On DragonFlyBSD. Okay cool.
echo in the middle of the shredding.place
gshred -f -v -n1 $device
else
echo "Okay, $device is a loopback device, not shredding. And we are on Linux BTW"
fi
}
ASKUSERVERIFY()
{
dialog --title "WELCOME TO $programname" \
--msgbox "\n$programname $version $date on $UNAME\n\n
Written by \n
$author
" 10 30
echo ################################################
echo DRIVE ENCRYPTION
echo THIS SCRIPT ASSUMES YOU WANT TO COMPLETELY ERASE
echo THE DEVICE YOU HAVE SPECIFIED
echo ################################################
dialog --title "DRIVE ENCRYPTION SCRIPT" \
--yesno "\nDETAILS AS SUBMITTED BY THE USER
\n \n \n
NAME: $name \n
DRIVE: $device \n
MOUNTPOINT: $mountpoint \n
KEYFILE: $keyfile \n
HEADER BACKUP: $headerfile\n
FILECONTAINER LOCATION: $luksfile\n
FILECONTAINER SIZE: $luksfilesize\n
ENCRYPTION USED: $ENCRYPTION\n
USING KEYFILE: $USEKEY\n
\n\n\n
ARE THESE VALUES CORRECT? \n\nIF UNSURE SAY NO.
" 50 50
case $? in
0)
;;
1)
echo "You have pressed NO. LUKSUS will now close."
exit 1;;
255)
echo "Box closed" ;;
esac
DISPLAYLOGO
echo ################################################
echo DETAILS AS SUBMITTED BY THE USER
echo PLEASE VERIFY THAT THESE ARE CORRECT
echo DRIVE: $device
echo NAME: $name
echo MOUNTPOINT: $mountpoint
echo HEADER BACKUP: $headerfile
echo ENCRYPTION USED: $ENCRYPTION
echo USING KEYFILE: $USEKEY
echo KEYFILE: $keyfile
echo ################################################
echo JUST TO MAKE DOUBLY SURE THAT YOU ARE FORMATTING THE CORRECT DRIVE
echo WE ASK AGAIN. IS THIS THE CORRECT DEVICE TO FORMAT AND ENCRYPT?
echo YOU WILL NUKE YOUR DRIVE: $device
echo HIT CTRL+C NOW TO QUIT, OR HIT ANY KEY TO CONTINUE
echo ""
echo SERIOUSLY - LAST CHANCE
read || exit
}
LUKSUS1TRUECRYPT()
{
# Begin the encryption - with TrueCrypt?
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $USEKEY == false ]];
then
echo TrueCrypt mode
# had to remove --map=$name
tcplay --create --device=$device --cipher=AES-256-XTS
else
echo Continuing
fi
}
LUKSUS1TRUECRYPTKEYFILE()
{
# Begin the encryption - with TrueCrypt and with key?
if [[ $ENCRYPTION == TRUECRYPT ]] && [[ $USEKEY == TRUE ]];
then
echo TrueCrypt mode
# had to remove --map=$name
tcplay --create --device=$device --cipher=AES-256-XTS --keyfile=$keyfile
else
echo Continuing
fi
}
LUKSUS2LUKS()
{
# Begin the encryption - with LUKS and with a keyfile?
if [[ $USEKEY = true ]];
#if [[ $USEKEY == true ]] && [[ $ENCRYPTION == LUKS ]] ;
then
# generate a keyfile using completely random data
dd if=/dev/urandom of=$keyfile bs=512 count=256
# cryptsetup
# format the drive using encryption
# create an encrypted drive with aes-xts-plain cipher
# key size 512
# remember that the key size will increase the safety of the
# encryption, but the a stronger keyfile with more entropy (randomness)
# will produce the best security.
echo Cryptsetup mode
cryptsetup --batch-mode --verbose --key-size=512 --cipher=aes-xts-plain64 luksFormat $device $keyfile
else
echo Proceeding
fi
}
LUKSUS2LUKSPASSPHRASE()
{
if [[ $ENCRYPTION == LUKS ]] && [[ $USEKEY == false ]];
then
echo LUKS with Passphrase
echo Danger Will Robinson.
echo You will only be prompted for a password once. Type carefully.
cryptsetup --batch-mode --verbose --cipher=aes-xts-plain64 luksFormat $device
else
echo Proceeding
fi
}
LUKSUS3LUKSVERIFY()
{
if [[ $ENCRYPTION = LUKS ]];
then
# cryptsetup isLuks
# check to see if the device has got a valid LUKS container
# if it does not, then exit
echo "Checking to see if the device contains a LUKS volume"
cryptsetup isLuks $device || "echo "The device does not contain a LUKS volume. This is a problem since it should have a LUKS volume by now. Please check commandline arguments and try again" && exit 1"
echo "The device positively contains a LUKS volume."
echo "Great!"
echo "Continuing"
# cryptsetup luksHeaderBackup
# backup the header of the luks container
# as strongly recommended by the luks FAQ
# if it does not, then exit
echo "Taking a backup of the LUKS container header"
cryptsetup luksHeaderBackup --header-backup-file=$headerfile $device --verbose || echo "Something went wrong and LUKSUS failed to backup the LUKS header. Please check commandline arguments and try again." && echo 1
echo "The LUKS container header has been backed up successfully"
echo "Great!"
echo "Continuing LUKSUS"
else
echo NOT WITH LUKS
fi
}
LUKSUS4LUKSOPEN()
{
if [[ $ENCRYPTION = LUKS ]];
then
# cryptsetup luksOpen
# mount the encrypted drive using a keyfile
cryptsetup luksOpen $device $name --key-file=$keyfile 1>/dev/null 2>/dev/null
cryptsetup luksOpen $device $name
else
echo Proceeding
fi
}
CREATEANDMOUNTFS()
{
# mkdir
# create mountpoint & keydirectory
# i should create an if routine here
# works for now
mkdir -p $mountpoint
mkdir -p $keydir
if [ $UNAME == DragonFly ] ;
then
echo DragonFlyBSD mode
# ON DRAGONFLY, WE MUST USE THE UFS FILESYSTEM INSTEAD
newfs /dev/mapper/$name
# mounting
mount /dev/mapper/$name /mnt/$name
else
# mkfs.ext4 - create a filesystem on top of the encrypted drive
mkfs.ext4 /dev/mapper/$name
# if [ $? -ne 0 ] ; then # retired line
mkfs.ext4 -F $device
# mounting the newly created drive
mount -t ext4 /dev/mapper/$name $mountpoint > /dev/null 2>&1
# if [ $? -ne 0 ] ; then # retired line
mount -t ext4 $device $mountpoint > /dev/null 2>&1
fi
}
DISPLAYSUMMARY()
{
echo ################################################
date
echo Results of LUKSUS:
echo DRIVE: $device
echo NAME: $name
echo KEYFILE: $keyfile
echo MOUNTPOINT: $mountpoint
echo HEADER BACKUP: $headerfile
echo ENCRYPTION USED: $ENCRYPTION
echo CONTAINER $luksfile $luksfilesize MB
echo Currently mounted at: `mount | grep $name`
echo `df -h | head -n 1`
echo `df -h | grep $name`
echo ################################################
time2="$(date +%s.%N)"
# This time taken needs attention - does not work anymore
# for some reason
# echo "Time taken: 0$(echo $time2-$time1 | bc) seconds"
ls -l $device
#ls -l $luksfile
}