#!/bin/bash

#set -o errexit
#set -o nounset
#set -o pipefail
#set -o xtrace

function encrypt_key () {
  tmp0="$(eval ${zkk_crypt_passcode_cmd[0]})"
  [ ! -z "tmp0" ] || exit 21
  tmp1="$(eval ${zkk_crypt_passcode_cmd[1]})"
  [ ! -z "tmp1" ] || exit 22
  pass="${tmp0}${tmp1}"
  openssl enc -e -aes-256-cbc -pass pass:$pass \
  -in ${keyfile} -out ${enckeyfile}
}

function decrypt_key () {
  tmp0="$(eval ${zkk_crypt_passcode_cmd[0]})"
  [ ! -z "tmp0" ] || exit 21
  tmp1="$(eval ${zkk_crypt_passcode_cmd[1]})"
  [ ! -z "tmp1" ] || exit 22
  pass="${tmp0}${tmp1}"
  openssl enc -d -aes-256-cbc -pass pass:$pass \
  -in ${enckeyfile} -out ${keyfile}
}

zkk_crypt_conf=/etc/zkk-crypt/zkk-crypt.conf

if [ ! -f ${zkk_crypt_conf} ] ; then
  echo "${zkk_crypt_conf} missing"
  exit 11
fi

. ${zkk_crypt_conf}

keyfile=${zkk_keysdir}/${zkk_lukskey}
enckeyfile=${zkk_encdir}/${zkk_lukskey}.enc

## check for local files

if [ -f ${keyfile} ] && [ -f ${enckeyfile} ] ; then
  echo "Keyfile & encryted Keyfile are already here"
  exit 0
fi

if [ -f ${keyfile} ] ; then
  echo "Keyfile is already here, creating encrypted Keyfile"
  encrypt_key
  exit 0
fi

if [ -f ${enckeyfile} ] ; then
  echo "Encrypted Keyfile is already here, creating Keyfile"
  decrypt_key
  exit 0
fi

## check for remote files

  echo "No keys where found ... generating a new key"
  dd if=/dev/urandom of=${zkk_keysdir}/${zkk_lukskey} bs=1 count=512

encrypt_key

