# vim: set ft=sh:
# based on /lib/initcpio/hooks/encrypt

run_hook ()
{
    /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
    if [ -e "/sys/class/misc/device-mapper" ]; then
        if [ ! -c "/dev/mapper/control" ]; then
            read dev_t < /sys/class/misc/device-mapper/dev
            /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':')
        fi
        [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"

        # Get keyfile if specified
        ckeyfile="/crypto_keyfile.bin"
        if [ "x${cryptkey}" != "x" ]; then
            set -- $(/bin/replace "${cryptkey}" ':'); ckdev=$1; ckarg1=$2; ckarg2=$3
            if poll_device "${ckdev}" ${rootdelay}; then
                case ${ckarg1} in
                    *[!0-9]*)
                        # Use a file on the device
                        # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
                        mkdir /ckey
                        mount -r -t ${ckarg1} ${ckdev} /ckey
                        dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
                        umount /ckey
                        ;;
                    *)
                        # Read raw data from the block device
                        # ckarg1 is numeric: ckarg1=offset, ckarg2=length
                        dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
                        ;;
                esac
            fi
            [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
        fi

        if [ -z "${cryptdevices}" ]; then
	    echo "No cryptdevices argument."
	    exit 1
	fi
        set -- $(/bin/replace "${cryptdevices}" ',')
	# if first item in cryptdevices is just 'dev:fstype' instead of 'dev:fstype:/path', default to 'dev:fstype:/'
        set -- $(/bin/replace -s "/" $(/bin/replace -s ":" "${1}:/" "/" "!") ":") $*
        cryptdev=$(/bin/replace "$1" "!" "/")
	crypttype="$2"
        cryptpath=$(/bin/replace "$3" ":/" "")
        shift 4

        if  poll_device "${cryptdev}" ${rootdelay}; then
            if /bin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
                dopassphrase=1
                # If keyfile exists, try to use that
                if [ -f ${ckeyfile} ]; then
                    if eval /bin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} multicrypt ${CSQUIET}; then
                        dopassphrase=0
                    else
                        echo "Invalid keyfile. Reverting to passphrase."
                    fi
                fi
                # Ask for a passphrase
                if [ ${dopassphrase} -gt 0 ]; then
                    echo ""
                    echo "A password is required to access the multicrypt key volume:"

                    #loop until we get a real password
                    while ! eval /bin/cryptsetup luksOpen "${cryptdev}" multicrypt ${CSQUIET}; do
                        sleep 2;
                    done
                fi
                if [ ! -e "/dev/mapper/multicrypt" ]; then
                    err "Password succeeded, but multicrypt creation failed, aborting..."
                    exit 1
                fi
                # we succeeded in luksOpening the multicrypt key volume, now we have to mount it, open the remaining target volumes, then unmount and luksClose the key volume
                /bin/mount -t "${crypttype}" -n -r /dev/mapper/multicrypt /multicrypt
                for t; do
                    set -- $(replace "$t" ":"); tdev="$1"; tname="$2"
                    eval /bin/cryptsetup -d "/multicrypt/${cryptpath}/${tname}" luksOpen "${tdev}" "${tname}" ${CSQUIET} 
                done
                /bin/umount /multicrypt
                eval /bin/cryptsetup luksClose multicrypt ${CSQUIET}

            else
                err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume."
            fi
	else
	    err "Couldn't find device ${cryptdev}."
        fi
        nuke ${ckeyfile}
    fi
}