#!/bin/sh
#------------------------------------------------------------------
#
# clickfipspost - Run CLICK Crypto CBC POST if in FIPS mode
#
# Jan 2019 Xinggang Zhou
#
# Copyright (c) 2018 by cisco Systems, Inc.
# All rights reserved.
#------------------------------------------------------------------
source /etc/reboot_reason.sh

if [ -f /usr/bin/platformfunc.sh ]; then
. /usr/bin/platformfunc.sh
fi
if [ -f /usr/bin/modulefunc.sh ]; then
. /usr/bin/modulefunc.sh
fi

click_post_fail_reboot() {
    echo "Rebooting now!"
    reboot -r $BOOT_REASON_NSS_HW_POST_RESET
    sleep 5
}
is_fips_enabled
if [ $? = 1 ]; then
    #echo 1 > /click/post_crypto_cbc/debug
    echo 1 > /click/post_dtls_decrypt/no_capwap_hdr
    sleep 1
    echo 1 > /click/post_crypto_cbc/run_aes128_sha1
    sleep 1
    post_passed=`cat /click/post_crypto_cbc/aes128_sha1_post_passed`
    if [ "$post_passed" != "true" ]; then
        echo "CLICK AES128-CBC_SHA1 POST Failed!"
        click_post_fail_reboot
    else
        echo "CLICK AES128-CBC_SHA1 POST Passed."
    fi

    echo 1 > /click/post_crypto_cbc/run_aes256_sha1
    sleep 1
    post_passed=`cat /click/post_crypto_cbc/aes256_sha1_post_passed`
    if [ "$post_passed" != "true" ]; then
        echo "CLICK AES256-CBC_SHA1 POST Failed!"
        click_post_fail_reboot
    else
        echo "CLICK AES256-CBC_SHA1 POST Passed."
    fi

    echo 1 > /click/post_crypto_cbc/run_aes256_sha256
    sleep 1
    post_passed=`cat /click/post_crypto_cbc/aes256_sha256_post_passed`
    if [ "$post_passed" != "true" ]; then
        echo "CLICK AES256-CBC_SHA256 POST Failed!"
        click_post_fail_reboot
    else
        echo "CLICK AES256-CBC_SHA256 POST Passed."
    fi
    echo 0 > /click/post_dtls_decrypt/no_capwap_hdr
fi
