#!/bin/bash -e
# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2016 Red Hat, Inc.
# Author: Nathaniel McCallum <npmccallum@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

SUMMARY="Unlocks a LUKSv1 volume"
UUID=cb6e8904-81ff-40da-a84a-07ab9ab5715e

function usage() {
    echo >&2
    echo "Usage: clevis luks unlock -d DEV [-n NAME]" >&2
    echo >&2
    echo "$SUMMARY": >&2
    echo >&2
    echo "  -d DEV  The LUKS device on which to perform unlocking" >&2
    echo >&2
    echo "  -n NAME The name of the unlocked device node" >&2
    echo >&2
    exit 1
}

if [ $# -eq 1 -a "$1" == "--summary" ]; then
    echo "$SUMMARY"
    exit 0
fi

while getopts ":d:n:" o; do
    case "$o" in
    d) DEV=$OPTARG;;
    n) NAME=$OPTARG;;
    *) usage;;
    esac
done

if [ -z "$DEV" ]; then
    echo "Did not specify a device!" >&2
    usage
fi

NAME=${NAME:-luks-`cryptsetup luksUUID $DEV`}

while read -r slot state uuid; do
    [ "$state" != "active" ] && continue
    [ "$uuid" != "$UUID" ] && continue

    if pt="`luksmeta load -d $DEV -s $slot -u $UUID | clevis decrypt`"; then
        echo -n "$pt" | cryptsetup open -d- "$DEV" "$NAME"
        exit 0
    fi
done <<< $(luksmeta show -d "$DEV")

exit 1