OLD | NEW |
1 #!/bin/bash | 1 #!/bin/bash |
2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
5 # | 5 # |
6 # | 6 # |
7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory | 7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory |
8 # will contain the system salt, and three master keys for a user called | 8 # will contain the system salt, and three master keys for a user called |
9 # testuser@invalid.domain. | 9 # testuser@invalid.domain. |
10 # | 10 # |
11 # The three keys will have the passwords "zero", "one" and "two". You can use | 11 # The three keys will have the passwords "zero", "one" and "two". You can use |
12 # the check_cryptohome_data.sh script to verify that cryptohome can | 12 # the check_cryptohome_data.sh script to verify that cryptohome can |
13 # successfully decrypt these keys. The authenticator_unittest.cc testcases | 13 # successfully decrypt these keys. The authenticator_unittest.cc testcases |
14 # call this script to create their test data. | 14 # call this script to create their test data. |
15 # | 15 # |
16 | 16 |
17 # mock dmsetup because we don't have it in the chroot and don't need it here. | 17 # mock dmsetup because we don't have it in the chroot and don't need it here. |
18 function dmsetup { exit 255; } | 18 function dmsetup { exit 255; } |
19 | 19 |
20 CH_LIB="./lib" | 20 CH_LIB="./lib" |
21 source "$CH_LIB/common" | 21 source "$CH_LIB/common" |
22 source "$CH_LIB/utils/declare_commands" | 22 source "$CH_LIB/utils/declare_commands" |
23 source "$CH_LIB/cryptohome" | |
24 | 23 |
25 utils::declare_commands sha256sum | 24 utils::declare_commands sha256sum |
26 | 25 |
27 USERNAME="testuser@invalid.domain" | 26 USERNAME="testuser@invalid.domain" |
28 PASSWORDS="zero one two" | 27 PASSWORDS="zero one two" |
29 | 28 |
30 function usage { | 29 function usage { |
31 $echo "Usage: $0 [-q] <image-dir>" | 30 $echo "Usage: $0 [-q] <image-dir>" |
32 $echo | 31 $echo |
33 $echo "Initialize a directory of sample cryptohome data containing " | 32 $echo "Initialize a directory of sample cryptohome data containing " |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
83 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE | 82 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE |
84 | 83 |
85 $info "Creating user directory" | 84 $info "Creating user directory" |
86 | 85 |
87 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ | 86 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ |
88 | $openssl sha1) | 87 | $openssl sha1) |
89 | 88 |
90 $info "USERNAME: $USERNAME" | 89 $info "USERNAME: $USERNAME" |
91 $info "USERID: $USERID" | 90 $info "USERID: $USERID" |
92 | 91 |
| 92 $mkdir -p "$IMAGE_DIR/skel/sub_path" |
| 93 echo -n "testfile" > "$IMAGE_DIR/skel/sub_path/.testfile" |
| 94 |
93 $mkdir -p "$IMAGE_DIR/$USERID" | 95 $mkdir -p "$IMAGE_DIR/$USERID" |
94 | 96 |
95 $info "Creating master keys..." | 97 $info "Creating master keys..." |
96 INDEX=0 | 98 INDEX=0 |
97 for PASSWORD in $PASSWORDS; do | 99 for PASSWORD in $PASSWORDS; do |
98 HASHED_PASSWORD=$(cat <($echo -n $($xxd -p "$SYSTEM_SALT_FILE")) \ | 100 $info "PASSWORD: $PASSWORD" |
99 <($echo -n "$PASSWORD") | $sha256sum | $head -c 32) | |
100 | 101 |
101 $info "PASSWORD: $PASSWORD" | 102 ASCII_SALT=$(cat "$SYSTEM_SALT_FILE" | xxd -p) |
102 $info "HASHED_PASSWORD: $HASHED_PASSWORD" | |
103 | 103 |
104 MASTER_KEY=$(cryptohome::create_master_key "$HASHED_PASSWORD" "$USERID" \ | 104 echo -n "${ASCII_SALT}${PASSWORD}" | sha256sum | head -c 32 \ |
105 "$IMAGE_DIR/$USERID/master.$INDEX") | 105 > "$IMAGE_DIR/$USERID/pwhash.$INDEX" |
| 106 |
| 107 READABLE=$(cat "$IMAGE_DIR/$USERID/pwhash.$INDEX") |
| 108 $info "HASHED_PASSWORD: $READABLE" |
| 109 |
| 110 openssl rand -rand /dev/urandom \ |
| 111 -out "$IMAGE_DIR/$USERID/master.$INDEX.salt" 16 |
| 112 |
| 113 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" |xxd -p) |
| 114 $info "SALT: $READABLE" |
| 115 |
| 116 cat "$IMAGE_DIR/$USERID/pwhash.$INDEX" \ |
| 117 | cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" - \ |
| 118 | openssl sha1 > "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" |
| 119 |
| 120 READABLE=$(cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX") |
| 121 $info "WRAPPER: $READABLE" |
| 122 |
| 123 openssl rand -rand /dev/urandom \ |
| 124 -out "$IMAGE_DIR/$USERID/rawkey.$INDEX" 160 |
| 125 |
| 126 echo -n -e 'ch\0001\0001' | cat "$IMAGE_DIR/$USERID/rawkey.$INDEX" - \ |
| 127 > "$IMAGE_DIR/$USERID/keyvault.$INDEX" |
| 128 |
| 129 cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" | openssl aes-256-ecb \ |
| 130 -p \ |
| 131 -in "$IMAGE_DIR/$USERID/keyvault.$INDEX" \ |
| 132 -out "$IMAGE_DIR/$USERID/master.$INDEX" \ |
| 133 -pass fd:0 -md sha1 -e |
| 134 |
| 135 rm -f "$IMAGE_DIR/$USERID/pwhash.$INDEX" |
| 136 rm -f "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" |
| 137 rm -f "$IMAGE_DIR/$USERID/rawkey.$INDEX" |
| 138 rm -f "$IMAGE_DIR/$USERID/keyvault.$INDEX" |
106 | 139 |
107 EXIT=$? | 140 EXIT=$? |
108 if [ $EXIT != 0 ]; then | 141 if [ $EXIT != 0 ]; then |
109 exit $EXIT | 142 exit $EXIT |
110 fi | 143 fi |
111 | 144 |
112 $info "MASTER_KEY: $MASTER_KEY" | 145 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX" |xxd -p) |
| 146 $info "MASTER_KEY: $READABLE" |
113 | 147 |
114 INDEX=$(($INDEX + 1)) | 148 INDEX=$(($INDEX + 1)) |
115 done | 149 done |
OLD | NEW |