Compare commits
No commits in common. "e2135379d80ee4ec92a2eefb4b2a0b31249bd385" and "d42a13b5601905e9a961de03196b6bb7148b22f4" have entirely different histories.
e2135379d8
...
d42a13b560
2 changed files with 21 additions and 54 deletions
73
src/zlevis
73
src/zlevis
|
|
@ -12,64 +12,31 @@ if [ "$1" = "--summary" ]; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Function to display usage information of zlevis
|
# Function to display usage information when called
|
||||||
info() {
|
info() {
|
||||||
exec >&2
|
exec >&2
|
||||||
echo "Usage: \"zlevis {decrypt|encrypt} {pool|key}\""
|
echo "Usage: \"zlevis {decrypt|encrypt} {pool|key} [options]\""
|
||||||
exit 2
|
exit 2
|
||||||
}
|
}
|
||||||
|
|
||||||
# Function to display usage information of zlevis encrypt pool
|
# Case statement to handle the argument path
|
||||||
encrypt_pool_info() {
|
case "$1" in
|
||||||
exec >&2
|
"decrypt")
|
||||||
echo "Usage: \"zlevis encrypt pool <pool> '{\"property\":\"value\"}' < file.key\""
|
case "$2" in
|
||||||
echo
|
"pool") zfs list -Ho tpm:jwe "$3" | zlevis-decrypt;;
|
||||||
echo "This command uses the following configuration properties:"
|
"key") zlevis-decrypt;;
|
||||||
echo " hash: <string> -> Hash algorithm used in the computation of the object name (default: sha256)."
|
*) info;;
|
||||||
echo " key: <string> -> Algorithm type for the generated key (default: ecc)."
|
esac
|
||||||
echo " pcr_bank: <string> -> PCR algorithm bank to use for policy (default: first supported by TPM)."
|
;;
|
||||||
echo " pcr_ids: <string> -> PCR list used for policy. If not present, no policy is used."
|
"encrypt")
|
||||||
echo " pcr_digest: <string> -> Binary PCR hashes encoded in base64. If not present, the hash values are looked up."
|
case "$2" in
|
||||||
exit 2
|
"pool") read -r -d . key && zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt "$4") "$3";;
|
||||||
}
|
"key") zlevis-encrypt "$3";;
|
||||||
|
*) info;;
|
||||||
# Determine the argument path and execute the relevant script or function
|
esac
|
||||||
if [ -t 0]; then
|
;;
|
||||||
case "$1" in
|
*) info;;
|
||||||
"decrypt")
|
esac
|
||||||
case "$2" in
|
|
||||||
"pool") zfs list -Ho tpm:jwe "$3" | zlevis-decrypt;;
|
|
||||||
"key") zlevis-decrypt;;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
"encrypt")
|
|
||||||
case "$2" in
|
|
||||||
"pool") encrypt_pool_info;;
|
|
||||||
"key") zlevis-encrypt;;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
case "$1" in
|
|
||||||
"decrypt")
|
|
||||||
case "$2" in
|
|
||||||
"key") zlevis-decrypt;;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
"encrypt")
|
|
||||||
case "$2" in
|
|
||||||
"pool") read -r -d . key || zfs set tpm:jwe=$(printf "%s" "$key" | zlevis-encrypt "$4") "$3";;
|
|
||||||
"key") zlevis-encrypt "$3";;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
;;
|
|
||||||
*) info;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Exit with the status of the last command
|
# Exit with the status of the last command
|
||||||
exit $?
|
exit $?
|
||||||
|
|
@ -66,7 +66,7 @@ fi
|
||||||
|
|
||||||
# Validate the configuration input
|
# Validate the configuration input
|
||||||
if ! cfg="$(jose fmt -j "$1" -Oo- 2>/dev/null)"; then
|
if ! cfg="$(jose fmt -j "$1" -Oo- 2>/dev/null)"; then
|
||||||
echo "Configuration '{\"property\":\"value\"}' is not present or malformed" >&2
|
echo "Configuration '{\"property\":\"value\"}' is malformed" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue