#!/bin/sh
# decrypt_keyctl - to use in /etc/crypttab as keyscript
#  Allows to cache passwords for cryptdevices for 60s
#  The same password is used for for cryptdevices with the same identifier.
#  The keyfile parameter, which is the third field from /etc/crypttab, is
#  used as identifier in this keyscript.
#
# sample crypttab entries:
# test1   /dev/sda1    test_pw         luks,keyscript=decrypt_keytpm
# test2   /dev/sda2    test_pw         luks,keyscript=decrypt_keytpm
# test3   /dev/sda3    test_other_pw   luks,keyscript=decrypt_keytpm
#
#  test1 and test2 have the same identifier thus test2 does not need a password
#  typed in manually
ASKPASS_='/lib/cryptsetup/askpass'
if [ -f /scripts/lang_is_zhHK ]; then
    PROMPT_="請輸入備份金鑰解鎖磁碟$CRYPTTAB_NAME"
elif [ -f /scripts/lang_is_boCN ]; then
    PROMPT_="གཟུངས་སྣོད་ཁྲོལ་བྱེད་པའི་ཆེད་དུ་གཅོད་ལྡན་གྱི་ལྡེ་མིག་བླུག་རོགས། $CRYPTTAB_NAME"
elif [ -f /scripts/lang_is_mnMN ]; then
    PROMPT_="ᠳ᠋ᠢᠰᠺ᠋ ᠨᠡᠭᠡᠷᠡᠭᠰᠡᠨ ᠲᠣᠯᠢᠭᠠᠬᠤ ᠳ᠋ᠧᠯᠭᠡᠢ ᠲᠣᠭᠣᠷᠢᠭᠠᠯᠠᠵᠤ ᠣᠷᠢᠳᠠᠭ $CRYPTTAB_NAME"
elif [ -f /scripts/lang_is_viVN ]; then
    PROMPT_="Vui lòng nhập khóa sao lưu để mở khóa ổ đĩa $CRYPTTAB_NAME"
elif [ -f /scripts/lang_is_zh ]; then
    PROMPT_="请输入备份密钥解锁磁盘$CRYPTTAB_NAME"
else
    PROMPT_="Please enter backup key to unlock the disk $CRYPTTAB_NAME"
fi


if [ -f ".tpm2-getkey${CRYPTTAB_NAME}1.tmp" ];then
    if [ -f ".tpm2-getkey${CRYPTTAB_NAME}2.tmp" ];then
        if [ -f ".tpm2-getkey${CRYPTTAB_NAME}3.tmp" ];then
            $ASKPASS_ "$PROMPT_"
        else
            touch ".tpm2-getkey${CRYPTTAB_NAME}3.tmp"
        fi
    else
        touch ".tpm2-getkey${CRYPTTAB_NAME}2.tmp"
    fi
else
    touch ".tpm2-getkey${CRYPTTAB_NAME}1.tmp"
fi

#exit 0
