luc/zlevis
1
1
Fork 0
Code Issues Pull requests Releases 5 Wiki Activity

Compare commits

base: luc:6f2a1051883ee2b1a0cc9ba814c9954b6223fa8e
Branches Tags
luc:master
luc:2.0
luc:1.3
luc:1.2
luc:1.1
luc:1.0
..
compare: luc:f022b1fe3c0d98cd7a2b75e08353dd25bc8a3516
Branches Tags
luc:master
luc:2.0
luc:1.3
luc:1.2
luc:1.1
luc:1.0

No commits in common. "6f2a1051883ee2b1a0cc9ba814c9954b6223fa8e" and "f022b1fe3c0d98cd7a2b75e08353dd25bc8a3516" have entirely different histories.
6f2a105188 ... f022b1fe3c

3 changed files with 23 additions and 23 deletions
Show stats Expand all files Collapse all files

36
src/zlevis
View file

@ -12,24 +12,6 @@ if [ "$1" = "--summary" ]; then
exit 0 exit 0
fi fi
case "$1" in
"decrypt")
case "$2" in
"pool") zfs list -Ho tpm:jwe "$3" | zlevis-decrypt;;
"key") zlevis-decrypt;;
*) exit 1;;
esac
;;
"encrypt")
case "$2" in
"pool") read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt "$4") "$3";;
"key") zlevis-encrypt "$3";;
*) exit 1;;
esac
;;
*) exit 1;;
esac
# Display usage information if input is from a terminal # Display usage information if input is from a terminal
if [ -t 0 ]; then if [ -t 0 ]; then
exec >&2 exec >&2
@ -37,5 +19,23 @@ if [ -t 0 ]; then
exit 2 exit 2
fi fi
case "$1" in
decrypt)
case "$2" in
pool) zfs list -Ho tpm:jwe $3 | zlevis-decrypt;;
key) zlevis-decrypt;;
*) exit 1;;
esac
;;
encrypt)
case "$2" in
pool) read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt $4) $3;;
key) zlevis-encrypt $3;;
*) exit 1;;
esac
;;
*) exit 1;;
esac
# Exit with the status of the last command # Exit with the status of the last command
exit $? exit $?

8
src/zlevis-decrypt
View file

@ -48,19 +48,19 @@ fi
# Extract required parameters from the JWE header # Extract required parameters from the JWE header
if ! hash="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g hash -Su-)"; then if ! hash="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g hash -Su-)"; then
echo "JWE missing required 'hash' header parameter" >&2 echo "JWE missing required 'hash' header parameter!" >&2
exit 1 exit 1
fi fi
if ! key="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g key -Su-)"; then if ! key="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g key -Su-)"; then
echo "JWE missing required 'key' header parameter" >&2 echo "JWE missing required 'key' header parameter!" >&2
exit 1 exit 1
fi fi
if ! jwk_pub="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g jwk_pub -Su-)"; then if ! jwk_pub="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g jwk_pub -Su-)"; then
echo "JWE missing required 'jwk_pub' header parameter" >&2 echo "JWE missing required 'jwk_pub' header parameter!" >&2
exit 1 exit 1
fi fi
if ! jwk_priv="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g jwk_priv -Su-)"; then if ! jwk_priv="$(printf "%s" "$jhd" | jose fmt -j- -Og zlevis -g tpm2 -g jwk_priv -Su-)"; then
echo "JWE missing required 'jwk_priv' header parameter" >&2 echo "JWE missing required 'jwk_priv' header parameter!" >&2
exit 1 exit 1
fi fi

2
src/zlevis-encrypt
View file

@ -66,7 +66,7 @@ fi
# Validate the configuration input # Validate the configuration input
if ! cfg="$(jose fmt -j "$1" -Oo- 2>/dev/null)"; then if ! cfg="$(jose fmt -j "$1" -Oo- 2>/dev/null)"; then
echo "Configuration '{\"property\":\"value\"}' is malformed" >&2 echo "Configuration is malformed" >&2
exit 1 exit 1
fi fi