1#! @SHELL@
2#
3# Copyright (c) 2007-2013 Zmanda Inc.  All Rights Reserved.
4#
5# This program is free software; you can redistribute it and/or
6# modify it under the terms of the GNU General Public License
7# as published by the Free Software Foundation; either version 2
8# of the License, or (at your option) any later version.
9#
10# This program is distributed in the hope that it will be useful, but
11# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13# for more details.
14#
15# You should have received a copy of the GNU General Public License along
16# with this program; if not, write to the Free Software Foundation, Inc.,
17# 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
18#
19# Contact information: Zmanda Inc, 465 S. Mathilda Ave., Suite 300
20# Sunnyvale, CA 94086, USA, or: http://www.zmanda.com
21#
22
23prefix="@prefix@"
24exec_prefix="@exec_prefix@"
25sbindir="@sbindir@"
26amlibexecdir="@amlibexecdir@"
27. "${amlibexecdir}/amanda-sh-lib.sh"
28
29# add sbin and ucb dirs
30PATH="$PATH:/usr/sbin:/sbin:/usr/ucb"
31export PATH
32
33# wrapper script to use aespipe
34# based on bz2aespipe distributed by aespipe from
35# http://loop-aes.sourceforge.net/
36# FILE FORMAT
37# 10 bytes: constant string 'bz2aespipe'
38# 10 bytes: itercountk digits
39# 1 byte: '0' = AES128, '1' = AES192, '2' = AES256
40# 1 byte: '0' = SHA256, '1' = SHA384, '2' = SHA512, '3' = RMD160
41# 24 bytes: random seed string
42# remaining bytes are aespipe encrypted
43
44# These definitions are only used when encrypting.
45# Decryption will autodetect these definitions from archive.
46ENCRYPTION=AES256
47HASHFUNC=SHA256
48ITERCOUNTK=100
49WAITSECONDS=1
50AMANDA_HOME=~@CLIENT_LOGIN@
51GPGKEY="$AMANDA_HOME/.gnupg/am_key.gpg"
52FDNUMBER=3
53
54if test x$1 = x-d ; then
55    # decrypt
56    n=`/bin/dd bs=10 count=1 2> /dev/null | tr -d -c 0-9a-zA-Z`
57    if test x${n} != xbz2aespipe ; then
58        echo "bz2aespipe: wrong magic - aborted" >/dev/tty
59        exit 1
60    fi
61    itercountk=`/bin/dd bs=10 count=1 2> /dev/null | tr -d -c 0-9`
62    if test x${itercountk} = x ; then itercountk=0; fi
63    n=`/bin/dd bs=1 count=1 2> /dev/null | tr -d -c 0-9`
64    encryption=AES128
65    if test x${n} = x1 ; then encryption=AES192; fi
66    if test x${n} = x2 ; then encryption=AES256; fi
67    n=`/bin/dd bs=1 count=1 2> /dev/null | tr -d -c 0-9`
68    hashfunc=SHA256
69    if test x${n} = x1 ; then hashfunc=SHA384; fi
70    if test x${n} = x2 ; then hashfunc=SHA512; fi
71    if test x${n} = x3 ; then hashfunc=RMD160; fi
72    seedstr=`/bin/dd bs=24 count=1 2> /dev/null | tr -d -c 0-9a-zA-Z+/`
73    aespipe -K ${GPGKEY} -p ${FDNUMBER} -e ${encryption} -H ${hashfunc} \
74	-S ${seedstr} -C ${itercountk} -d
75else
76    # encrypt
77    echo -n bz2aespipe
78    echo ${ITERCOUNTK} | awk '{printf "%10u", $1;}'
79    n=`echo ${ENCRYPTION} | tr -d -c 0-9`
80    aesstr=0
81    if test x${n} = x192 ; then aesstr=1; fi
82    if test x${n} = x256 ; then aesstr=2; fi
83    n=`echo ${HASHFUNC} | tr -d -c 0-9`
84    hashstr=0
85    if test x${n} = x384 ; then hashstr=1; fi
86    if test x${n} = x512 ; then hashstr=2; fi
87    if test x${n} = x160 ; then hashstr=3; fi
88    seedstr=`head -c 18 /dev/urandom | uuencode -m - | head -n 2 | tail -n 1`
89    echo -n ${aesstr}${hashstr}${seedstr}
90    aespipe -K ${GPGKEY} -p ${FDNUMBER} -e ${ENCRYPTION} -H ${HASHFUNC} \
91	-S ${seedstr} -C ${ITERCOUNTK} -w ${WAITSECONDS}
92fi
93exit 0
94