genode/tool/rump_cgdconf

#!/bin/sh
#
# \brief  Create cgdconfig(8) configuration file from key or extract the key
#         from the specified configuration file
# \author Josef Soentgen
# \date   2014-04-29
#
#
# Note: This script is merely just a awk(1) wrapper and only generates a
#       aes-cbc 256 storedkey configuration and expects the given key to
#       be a proper base64 encoded key generated by cgdconfig(8).
#


#
# Print usage
#
print_usage() {
	local help=$1
	printf "usage: $PROG_NAME [-h] <-f file|-k key>\n"
	if [ "$help" != "" ]; then
		printf "\t-h       show this help screen\n"
		printf "\t-k key   generate config file from key and print "
		printf "to stdout\n"
		printf "\t-f file  extract key from config file and print "
		printf "to stdout\n"
	fi
}


#
# Parse arguments given on the commandline
#
parse_arguments() {
	local args="$(getopt hf:k: ${*})"

	[ $? != 0 ] && exit 1
	if [ $# -lt 1 ]
	then
		print_usage
		exit 1
	fi
	set -- $args
	while [ $# -ge 0 ]; do
		case "$1" in
		-h)
			print_usage "help"
			exit 0;;
		-k) ARG_KEY="$2"; shift; shift;;
		-f) ARG_FILE="$2"; shift; shift;;
		--) shift; break;;
		esac
	done
}


#
# Extract the key string from the configuration file
#
extract_key() {
	local cgd_file="$1"

	awk 'BEGIN { found=0 }
	{
		if (found == 1) key=key $1
		if ($1 == "keygen") { found=1; key=$4 }
	}
	END { sub(/;$/, "", key); print key }' $cgd_file
}


#
# Generate a proper cgd(8) configuration file from the given key
#
generate_conf() {
	local key="$1"

	printf "$key" | awk '{ key=$0 }
	END {
		printf("algorithm aes-cbc;\n")
		printf("iv-method encblkno1;\n")
		printf("keylength 256;\n")
		printf("verify_method none;\n")
		printf("keygen storedkey key ")
		printf("%s \\\n", substr(key, 1, 30))
		printf("                     %s;\n", substr(key, 31))
	}'
}


main() {
	parse_arguments "$@"

	if [ "$ARG_FILE" != "" ]; then
		extract_key "$ARG_FILE"
	fi

	if [ "$ARG_KEY" != "" ]; then
		generate_conf "$ARG_KEY"
	fi
}


PROG_NAME=$(basename $0)

ARG_FILE=
ARG_KEY=

main "$@"

exit 0

# End of file
tool: wrapper script for rumpkernel tools The rumpkernel based tools are intended to be used by executing 'tool/rump'. Since it covers the most common use cases for these tools, this script is comparatively extensive, hence giving a short tutorial seems reasonable: * Format a disk image with Ext2: To format a disk image with the Ext2 file system, first prepare the actual image by executing dd: ! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128 Second, use 'tool/rump' to format the disk image: ! rump -f -F ext2fs /path/to/disk_image Afterwards the just created file system may be populated with the content of another directory by executing ! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image The content of the file system image can be listed by executing ! rump -F ext2fs -l /path/to/disk_image * Create a encrypted disk image: Creating a cryptographic disk image based on cgd(4) is done by executing the following command: ! rump -c /path/to/disk_image This will generate a key that may be used to decrypt the image later on. Since this command will _only_ generate a key and NOT initialize the disk image, it is highly advised to prepare the disk image by using '/dev/urandom' instead of '/dev/zero' (only new blocks that will be written to the disk image are encrypted). In addition while generating the key a temporary configuration file will be created. Although this file has proper permissions, it may leak the generated key if it is created on persistent storage. To specify a more secure directory the '-t' option should be used: ! rump -c -t /path/to/secure/directory /path/to/disk_image Decrypting the disk image requires the key generated in the previous step: ! rump -c -k <key> /path/to/disk_image For now this key has to specified as command line argument. This is an issue if the shell, which is used, is maintaing a history of executed commands. For completness sake let us put all examples together by creating a encrypted Ext2 image that will contain all files of Genode's _demo_ scenario: ! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16 ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \ ! /ramfs/key # key is printed out to stdout ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \ ! -p $(BUILD_DIR)/var/run/demo /tmp/demo.img To check if the image was populated succesfully, execute the following: ! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \ ! /tmp/demo.img 2014-05-09 14:23:31 +02:00			`#!/bin/sh`
			`#`
			`# \brief Create cgdconfig(8) configuration file from key or extract the key`
			`# from the specified configuration file`
			`# \author Josef Soentgen`
			`# \date 2014-04-29`
			`#`
			`#`
			`# Note: This script is merely just a awk(1) wrapper and only generates a`
			`# aes-cbc 256 storedkey configuration and expects the given key to`
			`# be a proper base64 encoded key generated by cgdconfig(8).`
			`#`


			`#`
			`# Print usage`
			`#`
			`print_usage() {`
			`local help=$1`
			`printf "usage: $PROG_NAME [-h] <-f file\|-k key>\n"`
			`if [ "$help" != "" ]; then`
			`printf "\t-h show this help screen\n"`
			`printf "\t-k key generate config file from key and print "`
			`printf "to stdout\n"`
			`printf "\t-f file extract key from config file and print "`
			`printf "to stdout\n"`
			`fi`
			`}`


			`#`
			`# Parse arguments given on the commandline`
			`#`
			`parse_arguments() {`
			`local args="$(getopt hf:k: ${*})"`

			`[ $? != 0 ] && exit 1`
			`if [ $# -lt 1 ]`
			`then`
			`print_usage`
			`exit 1`
			`fi`
			`set -- $args`
			`while [ $# -ge 0 ]; do`
			`case "$1" in`
			`-h)`
			`print_usage "help"`
			`exit 0;;`
			`-k) ARG_KEY="$2"; shift; shift;;`
			`-f) ARG_FILE="$2"; shift; shift;;`
			`--) shift; break;;`
			`esac`
			`done`
			`}`


			`#`
			`# Extract the key string from the configuration file`
			`#`
			`extract_key() {`
			`local cgd_file="$1"`

			`awk 'BEGIN { found=0 }`
			`{`
			`if (found == 1) key=key $1`
			`if ($1 == "keygen") { found=1; key=$4 }`
			`}`
			`END { sub(/;$/, "", key); print key }' $cgd_file`
			`}`


			`#`
			`# Generate a proper cgd(8) configuration file from the given key`
			`#`
			`generate_conf() {`
			`local key="$1"`

			`printf "$key" \| awk '{ key=$0 }`
			`END {`
			`printf("algorithm aes-cbc;\n")`
			`printf("iv-method encblkno1;\n")`
			`printf("keylength 256;\n")`
			`printf("verify_method none;\n")`
			`printf("keygen storedkey key ")`
			`printf("%s \\\n", substr(key, 1, 30))`
			`printf(" %s;\n", substr(key, 31))`
			`}'`
			`}`


			`main() {`
			`parse_arguments "$@"`

			`if [ "$ARG_FILE" != "" ]; then`
			`extract_key "$ARG_FILE"`
			`fi`

			`if [ "$ARG_KEY" != "" ]; then`
			`generate_conf "$ARG_KEY"`
			`fi`
			`}`


			`PROG_NAME=$(basename $0)`

			`ARG_FILE=`
			`ARG_KEY=`

			`main "$@"`

			`exit 0`

			`# End of file`