From 8ab2270b4b80e2421a08063f8b1e7e52d49a5601 Mon Sep 17 00:00:00 2001
From: alex <alex@infiniteadaptability.org>
Date: Thu, 23 Jun 2022 18:05:18 -0700
Subject: [PATCH] ...

---
 cold-setup | 116 +++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 103 insertions(+), 13 deletions(-)

diff --git a/cold-setup b/cold-setup
index 25a3a10..ea16733 100755
--- a/cold-setup
+++ b/cold-setup
@@ -6,6 +6,10 @@ DATA_DIRECTORY=".data"
 M=3
 N=7
 MODE=
+ENCRYPTION="luks"
+USB_DIRECTORY="$DATA_DIRECTORY/.usb"
+USB_DECRYPT_NAME="cold-usb"
+USB_PATH_PRE_DECRYPT=
 
 BITCOIN_CLI="bitcoin-cli -datadir=$DATA_DIRECTORY -chain=regtest"
 
@@ -109,6 +113,7 @@ parse_arguments() {
 		case "$arg" in
 			"--help") set -- "$@" "-h" ;;
 			"--interactive") set -- "$@" "-i" ;;
+			"--no-encryption") set -- "$@" "-p" ;;
 			"--threshold") set -- "$@" "-m" ;;
 			"--wallets") set -- "$@" "-n" ;;
 			*) set -- "$@" "$arg" ;;
@@ -117,18 +122,30 @@ parse_arguments() {
 
 	# parse short options
 	OPTIND=1
-	while getopts "hm:n:i" opt
+	while getopts "hm:n:ip" opt
 	do
 		case "$opt" in
 			"h") usage ;;
 			"i") set_mode "interactive" ;;
 			"m") set_threshold "$OPTARG" ;;
 			"n") set_wallets "$OPTARG" ;;
+			"p") set_encryption "none" ;;
 			"?") usage ;;
 		esac
 	done
 }
 
+set_encryption() {
+	case "$1" in
+		"luks") ENCRYPTION="luks" ;;
+		"none") ENCRYPTION="" ;;
+		*)
+			log_error "ERROR: unknown encryption \"$1\""
+			usage
+			;;
+	esac
+}
+
 set_mode() {
 	case "$1" in
 		"interactive") MODE="interactive" ;;
@@ -168,6 +185,19 @@ usage() {
 	exit 1
 }
 
+usb_crypt_open() {
+	log_info "usb encrypted... opening..."
+	cryptsetup luksOpen "$USB_PATH" "$USB_DECRYPT_NAME"
+	USB_PATH_PRE_DECRYPT="$USB_PATH"
+	USB_PATH="/dev/mapper/$USB_DECRYPT_NAME"
+}
+
+usb_crypt_close() {
+	log_info "closing encrypted usb..."
+	cryptsetup luksClose "$USB_DECRYPT_NAME"
+	USB_PATH="$USB_PATH_PRE_DECRYPT"
+}
+
 usb_detect() {
 	local DEVNAME
 	log_msg "plug in usb drive now.\ndetecting..."
@@ -195,35 +225,94 @@ usb_detect() {
 	echo "$DEVNAME"
 }
 
+usb_encrypt() {
+	log_info "encrypting $USB_PATH..."
+	cryptsetup luksFormat --type luks2 "$USB_PATH"
+}
+
 usb_eject() {
-	exit 1
+	log_info "ejecting $USB_PATH..."
+	eject "$USB_PATH"
+	log_info "ejected $USB_PATH"
 }
 
 usb_load() {
-	exit 1
+	log_info "copying descriptors to usb..."
+	wallet_dump_descriptors $1
+
+	cp "$DATA_DIRECTORY/wallet$1.descriptors" "$USB_DIRECTORY/"
+	cp "$DATA_DIRECTORY/descriptors.txt" "$USB_DIRECTORY/"
+
+	local EXPECTED="`b2sum $DATA_DIRECTORY/wallet$1.descriptors $DATA_DIRECTORY/descriptors.txt`"
+	local RESULT="`b2sum $USB_DIRECTORY/wallet$1.descriptors $USB_DIRECTORY/descriptors.txt`"
+
+	if [[ "$EXPECTED" != "$RESULT" ]]; then
+		log_error "ERROR: failed to copy descriptors to usb correctly"
+		exit 1
+	fi
+
+	shred "$DATA_DIRECTORY/wallet$1.descriptors"
+
+	log_info "successfully copied descriptors to usb"
 }
 
 usb_mount() {
-	exit 1
+	if [[ -n "$ENCRYPTION" ]]; then
+		usb_decrypt
+	fi
+
+	log_info "mounting $USB_PATH at $USB_DIRECTORY"
+	mount "$USB_PATH" "$USB_DIRECTORY"
 }
 
 usb_setup() {
-	exit 1
+	wipefs -a "$USB_PATH"
+	log_info "filesystem wiped from $USB_PATH"
+
+	if [[ -n "$ENCRYPTION" ]]; then
+		usb_encrypt
+	fi
+
+	log_info "zero'ing $USB_PATH"
+	dd if=/dev/zero of="$USB_PATH"
+	log_info "$USB_PATH filled with zeroes"
+
+	mkfs.ext4 "$USB_PATH"
+	log_info "created new filesystem on $USB_PATH"
 }
 
 usb_unmount() {
-	exit 1
+	log_info "unmounting $USB_DIRECTORY..."
+	umount "$USB_DIRECTORY"
+
+	if [[ -n "$ENCRYPTION" ]]; then
+		usb_crypt_close
+	fi
 }
 
 usbs() {
-	local PATH
-	local MOUNTPOINT
+	log_msg "creating primary usbs..."
 	for((i = 1; i <= $N; i++)); do
-		PATH="`usb_detect`"
-		MOUNTPOINT="`usb_setup "$PATH"`"
-		usb_load "$MOUNTPOINT" "$i"
-		usb_unmount "$MOUNTPOINT"
-		usb_eject "$PATH"
+		log_msg "plug in usb stick for wallet $i..."
+		USB_PATH="`usb_detect`"
+		log_msg "found usb stick $USB_PATH"
+
+		usb_setup
+		usb_load "$i"
+		usb_unmount
+		usb_eject
+	done
+
+	log_msg "creating backup usbs..."
+	for((i = 1; i <= $N; i++)); do
+		log_msg "plug in usb stick for wallet $i..."
+		USB_PATH="`usb_detect`"
+		log_msg "found usb stick $USB_PATH"
+
+		usb_setup
+		usb_load "$i"
+		usb_unmount
+		usb_eject
 	done
 }
 
@@ -310,6 +399,7 @@ main() {
 
 	wallets
 	multisig_create
+
 	usbs
 
 	wallets_clean
-- 
2.30.2