#!/bin/sh
# Shell functions for most initialization scripts

die() {
	echo >&2 "$*";
	exit 1;
}

warn() {
	echo >&2 "$*";
}

recovery() {
	echo >&2 "!!!!! $*"

	# Remove any temporary secret files that might be hanging around
	# but recreate the directory so that new tools can use it.
	rm -rf /tmp/secret
	mkdir -p /tmp/secret
	tpm extend -ix 4 -ic recovery

	echo >&2 "!!!!! Starting recovery shell"
	sleep 1
	exec /bin/ash
}


pcrs() {
	head -7 /sys/class/tpm/tpm0/pcrs
}

confirm_totp()
{
	last_half=X

	while true; do

		# update the TOTP code every thirty seconds
		date=`date "+%Y-%m-%d %H:%M:%S"`
		seconds=`date "+%s"`
		half=`expr \( $seconds % 60 \) / 30`
		if [ "$half" != "$last_half" ]; then
			last_half=$half;
			TOTP=`unseal-totp` \
			|| recovery "TOTP code generation failed"
		fi

		echo -n "$date $TOTP: "

		# read the first character, non-blocking
		read \
			-t 1 \
			-n 1 \
			-s \
			-p "Confirm TOTP with a 'y': " \
			totp_confirm \
		&& break

		# nothing typed, redraw the line
		echo -ne '\r'
	done

	# clean up with a newline
	echo
}

confirm_gpg_card()
{
	# setup the USB so we can reach the GPG card
	if ! lsmod | grep -q ehci_hcd; then
		insmod /lib/modules/ehci-hcd.ko \
		|| die "ehci_hcd: module load failed"
	fi
	if ! lsmod | grep -q ehci_pci; then
		insmod /lib/modules/ehci-pci.ko \
		|| die "ehci_pci: module load failed"
	fi
	if ! lsmod | grep -q xhci_hcd; then
		insmod /lib/modules/xhci-hcd.ko \
		|| die "ehci_hcd: module load failed"
	fi
	if ! lsmod | grep -q xhci_pci; then
		insmod /lib/modules/xhci-pci.ko \
		|| die "ehci_pci: module load failed"
		sleep 2
	fi

	gpg --card-status \
	|| die "gpg card read failed"
}