#!/bin/sh
#################################################################
#                                                               #
#       Copyright 2010 Fidelity Information Services, Inc 	#
#                                                               #
#       This source code contains the intellectual property     #
#       of its copyright holder(s), and is made available       #
#       under a license.  If you do not know the terms of       #
#       the license, please stop and do not read further.       #
#                                                               #
#################################################################

################################################################################################
#
#       gen_sym_hash.sh - generates SHA512 hash output of the given key + Encryption parameters
#	$1 - encrypted symmetric key
#
################################################################################################

# echo and options
# Linux honors escape sequence only when run with -e
# gtmcrypt_ref.h and gen_sym_hash.sh NEED to use the same value for
# the encryption parameter string(defined below).
# This is currently determined by the OS type. If this changes,
# please verify that UNIQ_ENC_PARAM_STRING in gtmcrypt_ref.h
# and encr_param_string in this module match.

hostos=`uname -s`
# try to get a predictable which
if [ "OS/390" = "$hostos" ] ; then which=whence ;
elif [ -x "/usr/bin/which" ] ; then which=/usr/bin/which
else which=which
fi

# temporary file
if [ -x "`$which mktemp 2>&1`" ] ; then tmp_file=`mktemp`
else tmp_file=/tmp/`basename $0`_$$.tmp ; fi
touch $tmp_file
chmod go-rwx $tmp_file
trap 'rm -rf $tmp_file ; stty sane ; exit 1' HUP INT QUIT TERM TRAP

ECHO=/bin/echo
ECHO_OPTIONS=""
if [ "Linux" = $hostos ] ; then ECHO_OPTIONS="-e" ; encr_param_string="AES256CFB" ;
elif [ "AIX" = "$hostos" ]; then encr_param_string="BLOWFISHCFB"
else encr_param_string="AES256CFB"
fi

if [ $# -lt 1 ]; then
	$ECHO "Usage: `basename $0` encrypted symmetric key file" ; exit 1
fi
encrypted_key_file="$1"

$ECHO $ECHO_OPTIONS $encr_param_string\\c >$tmp_file

# Identify GnuPG - it is required
if [ -x "`$which gpg 2>&1`" ] ; then gpg=gpg
elif [ -x "`$which gpg2 2>&1`" ] ; then gpg=gpg2
else  $ECHO "Able to find neither gpg nor gpg2.  Exiting" ; exit 1 ; fi

# Get passphrase for GnuPG keyring
$ECHO $ECHO_OPTIONS Passphrase for keyring: \\c ; stty -echo ; read passphrase ; stty echo ; $ECHO ""

$ECHO $passphrase | $gpg --no-tty --batch --passphrase-fd 0 -d $encrypted_key_file | cat - $tmp_file | $gpg --print-md SHA512 | tr -d ' \n'
$ECHO

rm -f $tmp_file