PortalAuth, Papers, and CursedScreech Updates (#87)

* Version 1.9 * Version 2.0 * Version 1.6 * Updated Papers to v2.0 * Replaced readKeys.sh with cfgNginx.py * Fixed PKCS12 export bug Co-authored-by: combsn <combsn@usc.edu>
2025-10-29 16:58:09 +00:00 · 2020-07-19 16:24:52 -04:00
parent f1ca07b311
commit aa43cb5e23
54 changed files with 4244 additions and 182 deletions
--- a/Papers/includes/scripts/checkDepends.sh
+++ b/Papers/includes/scripts/checkDepends.sh
@@ -2,14 +2,19 @@

 testZip=$(opkg list-installed | grep -w 'zip')
 testUnzip=$(opkg list-installed | grep -w 'unzip')
+testBase64=$(opkg list-installed | grep -w 'coreutils-base64')
 testNginxssl=$(opkg list-installed | grep -w 'nginx-ssl')

-if [ -z "$testZip" -a -z "$testNginxssl" ]; then
-	echo "Not Installed";
+if [ -z "$testBase64" ]; then
+  echo "Not Installed";
 else
-	if [ -z "$testUnzip" ]; then
-		echo "Not Installed";
-	else
-		echo "Installed";
-	fi
+  if [ -z "$testZip" -a -z "$testNginxssl" ]; then
+    echo "Not Installed";
+  else
+    if [ -z "$testUnzip" ]; then
+      echo "Not Installed";
+    else
+      echo "Installed";
+    fi
+  fi
 fi
--- a/Papers/includes/scripts/decryptRSAKeys.sh
+++ b/Papers/includes/scripts/decryptRSAKeys.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Dec 2018
+
+# Location of SSL keys
+SSL_STORE="/pineapple/modules/Papers/includes/ssl/";
+
+help() {
+	echo "Decryption script for OpenSSL keys";
+	echo "Usage: ./decryptRSAKeys.sh <opts>";
+	echo "Use './decryptRSAKeys.sh --examples' to see example commands";
+	echo '';
+	echo 'NOTE:';
+	echo "Current SSL store is at $SSL_STORE";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-k:\tFile name of key to be decrypted';
+	echo -e '\t-p:\tPassword to use to unlock the key';
+  echo -e '\t-s:\tKey store to use other than default.'
+	echo -e '\t--help:\tDisplays this help info';
+	echo '';
+}
+
+examples() {
+	echo '';
+  echo 'Examples:';
+  echo 'Decrypt private key:';
+  echo './decryptRSAKeys.sh -k keyName -p password';
+  echo '';
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+  help;
+  exit;
+fi
+
+KEYDIR=$SSL_STORE
+read PASS
+
+while [ "$#" -gt 0 ]; do
+
+  if [[ "$1" == "--examples" ]]; then
+    examples;
+    exit;
+  fi
+  if [[ "$1" == "--help" ]]; then
+    help;
+    exit;
+  fi
+  if [[ "$1" == "-k" ]]; then
+    KEY="$2";
+  fi
+  if [[ "$1" == "-p" ]]; then
+    PASS="$2";
+  fi
+  if [[ "$1" == "-s" ]]; then
+    KEYDIR="$2"
+  fi
+
+  shift
+done;
+
+# Generate a password on the private key
+openssl rsa -in $KEYDIR/$KEY -out $KEYDIR/$KEY -passin pass:"$PASS" 2>&1 > /dev/null;
+if [[ $? != 0 ]]; then
+	echo "Bad Password";
+	exit;
+fi
+
+echo "Complete"
--- a/Papers/includes/scripts/decryptSSHKey.sh
+++ b/Papers/includes/scripts/decryptSSHKey.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   July 2020
+
+# Location of SSH keys
+SSH_STORE="/pineapple/modules/Papers/includes/ssh/";
+
+help() {
+	echo "Encrypt OpenSSH private keys";
+	echo "Usage: ./encryptSSHKey.sh <opts>";
+	echo '';
+	echo 'NOTE:';
+	echo "Current SSH store is at $SSH_STORE";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-k:\tFile name of key to be encrypted';
+	echo '';
+	echo 'Options:';
+	echo '';
+  echo -e "\t-s:\t\tUse an SSH store other than the default."
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+  help;
+  exit;
+fi
+
+# Read password from pipe input
+read PASS
+
+# Fetch arguments from command line
+while [ "$#" -gt 0 ]; do
+
+  if [[ "$1" == "-k" ]]; then
+    KEY="$2";
+  fi
+
+  if [[ "$1" == "-s" ]]; then
+    SSH_STORE="$2";
+  fi
+
+  shift
+done;
+
+# Decrypt the key
+ssh-keygen -o -p -P "$PASS" -N "" -q -f $SSH_STORE/$KEY 2>&1 > /dev/null
+
+if [[ "$?" == "0" ]]; then
+  echo "Complete"
+else
+  echo "false"
+fi
--- a/Papers/includes/scripts/encryptRSAKeys.sh
+++ b/Papers/includes/scripts/encryptRSAKeys.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   Jan 2016
+
+# Location of SSL keys
+SSL_STORE="/pineapple/modules/Papers/includes/ssl/";
+
+help() {
+	echo "Encryption/Export script for OpenSSL certificates";
+	echo "Usage: ./encryptRSAKeys.sh <opts>";
+	echo "Use './encryptRSAKeys.sh --examples' to see example commands";
+	echo '';
+	echo 'NOTE:';
+	echo "Current SSL store is at $SSL_STORE";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-k:\tFile name of key to be encrypted';
+	echo '';
+	echo 'Encryption Options:';
+	echo '';
+	echo -e '\t--encrypt:\tMust be supplied to encrypt keys';
+	echo -e '\t-a:\t\tAlgorithm to use for key encryption (aes256, 3des, camellia256, etc)';
+	echo '';
+	echo 'Container Options:';
+	echo '';
+	echo -e '\t-c:\t\tContainer type (pkcs12, pkcs8)';
+  echo -e '\t--pubkey:\tFile name of public key. Must be in selected key store.';
+	echo '';
+}
+
+examples() {
+	echo '';
+  echo 'Examples:';
+  echo 'Encrypt private key:';
+  echo 'echo $pass | ./encryptRSAKeys.sh -k keyName.key --encrypt -a aes256';
+  echo '';
+  echo 'Export keys to PKCS#12 container:';
+  echo 'echo $pass | ./encryptRSAKeys.sh -k keyName.key -c pkcs12 -a aes256';
+  echo '';
+  echo 'Encrypt private key and export to PKCS#12 container using same algo and pass:';
+  echo './encryptRSAKeys.sh -k keyName.key --encrypt -a aes256 -c pkcs12';
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+  help;
+  exit;
+fi
+
+ENCRYPT_KEYS=false;
+KEYDIR=$SSL_STORE;
+read PASS
+
+while [ "$#" -gt 0 ]; do
+
+  if [[ "$1" == "--examples" ]]; then
+    examples;
+    exit;
+  fi
+  if [[ "$1" == "--encrypt" ]]; then
+    ENCRYPT_KEYS=true;
+  fi
+  if [[ "$1" == "-a" ]]; then
+    ALGO="$2";
+  fi
+  if [[ "$1" == "-k" ]]; then
+    KEY="$2";
+  fi
+  if [[ "$1" == "-c" ]]; then
+    CONTAINER="$2";
+  fi
+  if [[ "$1" == "-s" ]]; then
+    KEYDIR="$2"
+  fi
+  if [[ "$1" == "--pubkey" ]]; then
+    PUBKEY="$2"
+  fi
+
+  shift
+done;
+
+# Generate a password on the private key
+if [ $ENCRYPT_KEYS = true ]; then
+	openssl rsa -$ALGO -in $KEYDIR/$KEY -out $KEYDIR/$KEY -passout pass:"$PASS" 2>&1 > /dev/null;
+fi
+
+# If a container type is present but not an algo or pass then use
+# the same algo and pass from the private key
+if [ -n "$CONTAINER" ]; then
+
+	# Generate a container for the public and private keys
+	openssl $CONTAINER -$ALGO -export -nodes -out $KEYDIR/${KEY%%.*}.pfx -inkey $KEYDIR/$KEY -in $KEYDIR/$PUBKEY -passin pass:"$PASS" -passout pass:"$PASS" 2>&1 > /dev/null;
+fi
+
+echo "Complete"
--- a/Papers/includes/scripts/encryptSSHKey.sh
+++ b/Papers/includes/scripts/encryptSSHKey.sh
@@ -0,0 +1,55 @@
+#!/bin/sh
+
+#  Author: sud0nick
+#  Date:   July 2020
+
+# Location of SSH keys
+SSH_STORE="/pineapple/modules/Papers/includes/ssh/";
+
+help() {
+	echo "Encrypt OpenSSH private keys";
+	echo "Usage: ./encryptSSHKey.sh <opts>";
+	echo '';
+	echo 'NOTE:';
+	echo "Current SSH store is at $SSH_STORE";
+	echo '';
+	echo 'Parameters:';
+	echo '';
+	echo -e '\t-k:\tFile name of key to be encrypted';
+	echo '';
+	echo 'Options:';
+	echo '';
+  echo -e "\t-s:\t\tUse an SSH store other than the default."
+	echo '';
+}
+
+if [ "$#" -lt 1 ]; then
+  help;
+  exit;
+fi
+
+# Read password from pipe input
+read PASS
+
+# Fetch arguments from command line
+while [ "$#" -gt 0 ]; do
+
+  if [[ "$1" == "-k" ]]; then
+    KEY="$2";
+  fi
+
+  if [[ "$1" == "-s" ]]; then
+    SSH_STORE="$2";
+  fi
+
+  shift
+done;
+
+# Encrypt the key
+ssh-keygen -o -p -N "$PASS" -q -f $SSH_STORE/$KEY 2>&1 > /dev/null
+
+if [[ "$?" == "0" ]]; then
+  echo "Complete"
+else
+  echo "false"
+fi
--- a/Papers/includes/scripts/getCertInfo.sh
+++ b/Papers/includes/scripts/getCertInfo.sh
@@ -4,14 +4,14 @@
 #  Date:   Dec 2018

 # Location of SSL keys
-ssl_store="/pineapple/modules/Papers/includes/ssl/";
+SSL_STORE="/pineapple/modules/Papers/includes/ssl/";

 help() {
 	echo "Get certificate properties via OpenSSL";
 	echo "Usage: ./getCertInfo.sh <opts>";
 	echo '';
 	echo 'NOTE:';
-	echo "Current SSL store is at $ssl_store";
+	echo "Current SSL store is at $SSL_STORE";
 	echo '';
 	echo 'Parameters:';
 	echo '';
@@ -28,7 +28,7 @@ while [ "$#" -gt 0 ]
 do

 if [[ "$1" == "-k" ]]; then
-	KEY="$ssl_store$2.cer";
+	KEY="$SSL_STORE/$2";
 fi

 shift
--- a/Papers/includes/scripts/installDepends.sh
+++ b/Papers/includes/scripts/installDepends.sh
@@ -1,11 +1,9 @@
 #!/bin/sh

 #  Author: sud0nick & adde88
-#  Date:   18.10.2019
+#  Date:   July 17, 2020

 opkg update > /dev/null;
-/etc/init.d/nginx stop > /dev/null;
 opkg remove nginx > /dev/null;
-opkg install zip unzip nginx-ssl > /dev/null;
-/etc/init.d/nginx restart > /dev/null;
+opkg install zip unzip coreutils-base64 nginx-ssl > /dev/null;
 echo "Complete"
--- a/Papers/includes/scripts/isEncrypted.sh
+++ b/Papers/includes/scripts/isEncrypted.sh
@@ -0,0 +1,89 @@
+#!/bin/sh
+
+SSL_STORE="/pineapple/modules/Papers/includes/ssl/";
+SSH_STORE="/pineapple/modules/Papers/includes/ssh/";
+
+help() {
+  echo "Usage: ./testEncrypt.sh <opts>";
+  echo '';
+	echo 'NOTE:';
+	echo "Current SSL store is at $SSL_STORE";
+  echo "Current SSH store is at $SSH_STORE";
+  echo '';
+  echo 'Parameters:';
+  echo '';
+  echo -e '\t-k:\tName of key to test.';
+  echo -e '\t-t:\tType of key: RSA|SSH.';
+  echo -e "\t-s:\tKey store to use other than default."
+  echo '';
+}
+
+if  [ "$#" -lt 2 ]; then
+  help;
+  exit;
+fi
+
+KEYDIR=''
+
+# Get arguments
+while [ "$#" -gt 0 ]; do
+
+  if [[ "$1" == "-k" ]]; then
+    KEY="$2"
+  fi
+  if [[ "$1" == "-s" ]]; then
+    KEYDIR="$2"
+  fi
+  if [[ "$1" == "-t" ]]; then
+    TYPE="$2"
+  fi
+
+  shift
+done;
+
+# If the type selected is SSH...
+if [[ "$TYPE" == "SSH" ]]; then
+
+  if [[ "$KEYDIR" == "" ]]; then
+    KEYDIR=$SSH_STORE
+  fi
+
+  # Pull the header from the key file
+  HEADER=$(sed '1d;$d' $KEYDIR/$KEY | base64 -d | head -c 32)
+  FORMAT=$(echo $HEADER | cut -c 0-14)
+  ENC=$(echo $HEADER | cut -c 16-19)
+
+  # Ensure the key is in OpenSSH private key format
+  if [[ "$FORMAT" == "openssh-key-v1" ]]; then
+
+    # Check if the key is encrypted
+    if [[ "$ENC" == "none" ]]; then
+      echo "false"
+    else
+      echo "true"
+    fi
+
+  else
+    # This should never happen...
+    echo "Invalid OpenSSH key"
+  fi
+else
+  if [[ "$TYPE" == "RSA" ]]; then
+
+    if [[ "$KEYDIR" == "" ]]; then
+      KEYDIR=$SSL_STORE
+    fi
+
+    # Check if the RSA key is encrypted
+    RES=$(openssl rsa -in $KEYDIR/$KEY -passin pass:_ 2>&1 > /dev/null)
+    
+    if [[ "$?" == "1" ]]; then
+      echo "true"
+    else
+      echo "false"
+    fi
+  else
+    # This should never happen when called from the module.
+    echo "Invalid option: $TYPE"
+  fi
+fi
--- a/Papers/includes/scripts/readKeys.sh
+++ b/Papers/includes/scripts/readKeys.sh
@@ -1,18 +0,0 @@
-#!/bin/bash
-
-# Author: sud0nick
-#   Date: April 6, 2016
-
-IN_SERVER_BLOCK=false;
-
-while read p; do
-	if [[ $IN_SERVER_BLOCK == false ]]; then
-		if [[ $p == *"listen"* && $p == *"1471"* ]]; then
-			IN_SERVER_BLOCK=true;
-		fi
-	else
-		if [[ $p == *".cer;" || $p == *".key;" ]]; then
-			echo $p | cut -d '/' -f 5 | tr -d ';';
-		fi
-	fi
-done < /etc/nginx/nginx.conf
--- a/Papers/includes/scripts/removeDepends.sh
+++ b/Papers/includes/scripts/removeDepends.sh
@@ -1,8 +1,8 @@
 #!/bin/sh

 #  Author: sud0nick & adde88
-#  Date:   18.10.2019
+#  Date:   July 17, 2020

-/etc/init.d/nginx stop > /dev/null;
-opkg remove zip unzip nginx-ssl > /dev/null;
+opkg update > /dev/null;
+opkg remove zip unzip coreutils-base64 nginx-ssl > /dev/null;
 opkg install nginx > /dev/null;
--- a/Papers/includes/scripts/testEncrypt.sh
+++ b/Papers/includes/scripts/testEncrypt.sh
@@ -32,4 +32,4 @@ fi
 shift
 done;

-openssl rsa -in $KEYDIR$KEY -passin pass: | awk 'NR==0;'
+openssl rsa -in $KEYDIR$KEY -passin pass:_ | awk 'NR==0;'