enclave-cli

#!/usr/bin/env sh
#
#
#
ENCLAVE_FILE="encl.rnd"
ENCLAVE_LOOP="$(sudo losetup -f)"

echo "~****~**~~*~*~*~*~**~**~*~*~****~*~*~*~*~***~*~*~***~*~*~***~**~*~*~****~*~*~*~*~***~*~*~*~**~*~*~**"
help () {
	echo "		This is the enclave cli help panel
			usage:
				 enclave-cli -f [ <path_to_encl.rnd> ]
				 
				 options:
				  -f, --file  FILE
				  -h, --help "
}

generate_rnd_file () {
	read -p "            desired size? 
                    enter e.g. '1' for 1*(2^10)^2 Bytes (=1MiB) or '4K' (=4000) for 4GiB
                    enter now: " input

			if [ ! -w $PWD ];
		  		then twd=$HOME ;
				else twd=$PWD
			fi
		  	outfile=$twd/encl.rnd
			echo "writing random (indeciferable) data to $twd/encl.rnd"
	dd if=/dev/urandom of=$outfile bs=1024 count="$input"x1024 status=progress
}

add_to_lvm () {
	read -p "		would you like to add $USER to the logical volume management (lvm) group?
					if yes then you will only need to authenticate now and to decrypt the first time.
					[Y/n]" input
		case $input in 
			'Y'|'y'|'') sudo usermod -a -G lvm $USER 
						echo "added to lvm group" ;;
			'N'|'n') echo "dnot adding to lvm group" ;;
		esac
}

make_fs_on_rnd () {
	if [ ! -z $($1 | grep .rnd) ] ;
		then mkfs.btrfs $1 ;
	fi
}


activate_rnd_fs () {
	sudo bash -c "
	     losetup --direct-io=on $ENCLAVE_LOOP $ENCLAVE_FILE
	     cryptsetup open $ENCLAVE_LOOP --type=luks2 rnd
	     lvscan
	     "
}

setup_logical_volume () {
	if [ -z "$(sudo pvs)" ];
		 then sudo pvcreate /dev/mapper/rnd ;
	fi
	if [ -z "$(sudo vgs)" ];
		then sudo vgcreate rnd /dev/mapper/rnd ;
	fi
	if [ -z "$(sudo lvs)" ];
    		then sudo lvcreate -n benclave -l 100%FREE rnd ;
	fi
}

deactivate_benclave () {
   sudo bash -c "lvchange -an rnd
   		 cryptsetup close rnd
   		 losetup -D"
}