#!/bin/bash

#set -o errexit
#set -o nounset
#set -o pipefail
#set -o xtrace

function decrypt_key () {
  tmp0="$(eval ${zkk_crypt_passcode_cmd[0]})"
  [ ! -z "tmp0" ] || exit 21
  tmp1="$(eval ${zkk_crypt_passcode_cmd[1]})"
  [ ! -z "tmp1" ] || exit 22
  pass="${tmp0}${tmp1}"
  openssl enc -d -aes-256-cbc -pass pass:$pass -in ${enckeyfile} -out ${keyfile}
  if [ $? -ne 0 ]; then
    echo "Failed to decrypt key"
    exit 23
  fi
}

zkk_crypt_conf=/etc/zkk-crypt/zkk-crypt.conf

if [ ! -f ${zkk_crypt_conf} ] ; then
  echo "${zkk_crypt_conf} missing"
  exit 11
fi

. ${zkk_crypt_conf}

keyfile=${zkk_keysdir}/${zkk_lukskey}
enckeyfile=${zkk_encdir}/${zkk_lukskey}.enc

if [ -f ${keyfile} ] && [ -f ${enckeyfile} ] ; then
  echo "Keyfile & encryted Keyfile are already here"
  exit 0
fi

if [ -f ${keyfile} ] && [ -f ${enckeyfile} ] ; then
  echo "Decrypted keyfile must not be present, encrypted key must be"
  exit 1
fi

decrypt_key

input="/etc/ossdip-crypttab"
while IFS= read -r line
do
  dec_vol=$(echo $line | awk '{ print $1 }')
  enc_vol=$(echo $line | awk '{ print $2 }')
  keyfile=$(echo $line | awk '{ print $3 }')
  cryptsetup luksOpen $enc_vol $dec_vol --key-file $keyfile && echo "Decrypted volume ${dec_vol} successful"
  logger "decrypted volume ${dec_vol} successful"
done < "$input"