#!/bin/bash

key_size=99

ciphers=(
  bf-cbc bf-cfb bf-ecb bf-ofb
  cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
  des-cbc des-cfb des-ofb des-ecb
  des-ede-cbc des-ede des-ede-cfb des-ede-ofb
  des-ede3-cbc des-ede3 des-ede3-cfb des-ede3-ofb
  idea-cbc idea-cfb idea-ecb idea-ofb
  rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc2-64-cbc rc2-40-cbc
  rc4 rc4-40
  rc5-cbc rc5-cfb rc5-ecb rc5-ofb
  aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 aes-128-ecb aes-128-ofb
  aes-192-cbc aes-192-cfb aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
  aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 aes-256-ecb aes-256-ofb
)

umask 077

random_source="/dev/random"
if [[ "$1" == '--make_INSECURE_key' ]];then
  shift
  random_source="/dev/urandom"
fi

if (( $# != 1));then
  echo "usage: overonion-make-key keyfile" >&2
  exit 1
fi
keyfile=$1
if [[ -e "$keyfile" ]];then
  echo "That keyfile already exists.  I refuse to overwrite it." >&2
  exit 1
fi

keys_needed=$((${#ciphers[*]} * 2))
keys_generated=0

function generate_keys() {
  while read -r cipher;do
    echo -n $'\r'"Generating key $((++keys_generated))/$keys_needed" >&2
    echo "openssl-enc $cipher $(head -c "$key_size" "$random_source" | base64 --wrap=0 )"
  done < <( IFS=$'\n'; shuf <<< "${ciphers[*]}"; )
}

{
  generate_keys
  echo "reverse"
  generate_keys
} > "$keyfile"

echo 2>&1