OLD | NEW |
| (Empty) |
1 #!/bin/bash | |
2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | |
3 # Use of this source code is governed by a BSD-style license that can be | |
4 # found in the LICENSE file. | |
5 | |
6 CHLIB="$HOME/trunk/src/platform/cryptohome/lib" | |
7 source "$CHLIB/common" | |
8 source "$CHLIB/utils/declare_commands" | |
9 source "$CHLIB/cryptohome" | |
10 | |
11 utils::declare_commands sha256sum | |
12 | |
13 USERNAME="testuser@invalid.domain" | |
14 PASSWORDS="zero one two" | |
15 | |
16 function usage { | |
17 $echo "Usage: $0 [-q] <image-dir>" | |
18 $echo | |
19 $echo "Verifies that the cryptohome script is able to decrypt" | |
20 $echo "the sample data created by init_cryptohome_data.sh." | |
21 $echo | |
22 $echo "Returns an exit code of 0 on success, nonzero otherwise." | |
23 $echo | |
24 $echo " -q Quiet mode" | |
25 $echo " <image-dir> Directory to store cryptohome data" | |
26 exit 1 | |
27 } | |
28 | |
29 QUIET=0 | |
30 IMAGE_DIR="" | |
31 | |
32 while [ ! -z "$1" ]; do | |
33 if [ "$1" == "-q" ]; then | |
34 QUIET=1; shift | |
35 elif [ -z "$IMAGE_DIR" ]; then | |
36 IMAGE_DIR="$1"; shift | |
37 else | |
38 # we only take two arguments, one of which is optional | |
39 usage | |
40 fi | |
41 done | |
42 | |
43 if [[ -z "$IMAGE_DIR" || ${IMAGE_DIR:0:1} == "-" ]]; then | |
44 usage | |
45 fi | |
46 | |
47 if [ "$QUIET" == "0" ]; then | |
48 info=$echo | |
49 else | |
50 function no_echo { | |
51 echo -n | |
52 } | |
53 | |
54 info="no_echo" | |
55 fi | |
56 | |
57 SYSTEM_SALT_FILE="$IMAGE_DIR/salt" | |
58 | |
59 USERID=$(cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ | |
60 | $openssl sha1) | |
61 | |
62 $info "USERNAME: $USERNAME" | |
63 $info "USERID: $USERID" | |
64 | |
65 RESULT=0 | |
66 INDEX=0 | |
67 for PASSWORD in $PASSWORDS; do | |
68 HASHED_PASSWORD=$(cat <(echo -n $($xxd -p "$SYSTEM_SALT_FILE")) \ | |
69 <($echo -n "$PASSWORD") | $sha256sum | $head -c 32) | |
70 | |
71 $info "Checking master.$INDEX..." | |
72 $info "PASSWORD: $PASSWORD" | |
73 $info "HASHED_PASSWORD: $HASHED_PASSWORD" | |
74 | |
75 WRAPPER=$(cryptohome::password_to_wrapper "$HASHED_PASSWORD" \ | |
76 "$IMAGE_DIR/$USERID/master.$INDEX.salt") | |
77 | |
78 $info "WRAPPER: $WRAPPER" | |
79 | |
80 # uncomment if you want to see the computed salt, key, and iv | |
81 # $openssl aes-256-ecb \ | |
82 # -in "$IMAGE_DIR/$USERID/master.$INDEX" \ | |
83 # -kfile <($echo -n "$WRAPPER") -md sha1 -d -P | |
84 | |
85 PLAINTEXT=$(cryptohome::unwrap_master_key "$HASHED_PASSWORD" "$USERID" \ | |
86 "$IMAGE_DIR/$USERID/master.$INDEX") | |
87 | |
88 EXIT=$? | |
89 | |
90 if [ $EXIT != 0 ]; then | |
91 RESULT=$EXIT | |
92 fi | |
93 | |
94 if [ $QUIET == 0 ]; then | |
95 $info "MASTER_KEY:" | |
96 $xxd <(echo -n "$PLAINTEXT") | |
97 fi | |
98 | |
99 INDEX=$(($INDEX + 1)) | |
100 done | |
101 | |
102 if [ $RESULT != 0 ]; then | |
103 $info "*** At least one decrypt failed!" | |
104 fi | |
105 | |
106 exit $RESULT | |
OLD | NEW |