From baaeb88628cd5a42786f7b3dae1ed86f25285e5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20L=C3=B3pez?= <ldotlopez@gmail.com>
Date: Wed, 9 Jan 2019 12:05:06 +0100
Subject: [PATCH] Initial support for alternative cyphers.

This patch implements an OpenSSL cypher (via openssl enc command). It has to be enabled using yadm.cypher configuration key.

Some rough edges:
- archive file refers to GPG (.gpg extension)
- no test cases
---
 yadm | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 99 insertions(+), 14 deletions(-)

diff --git a/yadm b/yadm
index e55a287..e912bda 100755
--- a/yadm
+++ b/yadm
@@ -34,6 +34,7 @@ HOOK_COMMAND=""
 FULL_COMMAND=""
 
 GPG_PROGRAM="gpg"
+OPENSSL_PROGRAM="openssl"
 GIT_PROGRAM="git"
 ENVTPL_PROGRAM="envtpl"
 LSB_RELEASE_PROGRAM="lsb_release"
@@ -388,9 +389,88 @@ EOF
 
 }
 
+function _decrypt_from() {
+
+  local output_archive
+  output_archive="$1"
+
+  local yadm_crypher
+  yadm_crypher="$(config yadm.cypher)"
+  if [ -z "$yadm_crypher" ]; then
+      yadm_crypher="gpg"
+  fi
+
+  case "$yadm_crypher" in
+    gpg)
+      require_gpg
+
+      $GPG_PROGRAM -d "$output_archive"
+      ;;
+
+    openssl)
+      require_openssl
+
+      $OPENSSL_PROGRAM enc -d -aes256 -in "$output_archive"
+      ;;
+
+    *)
+      error_out "Unknown cypher '$yadm_crypher'"
+      ;;
+
+  esac
+
+}
+
+function _encrypt_to() {
+
+  local output_archive
+  output_archive="$1"
+
+  local yadm_crypher
+  yadm_crypher="$(config yadm.cypher)"
+  if [ -z "$yadm_crypher" ]; then
+      yadm_crypher="gpg"
+  fi
+
+  case "$yadm_crypher" in
+    gpg)
+      require_gpg
+
+      #; Build gpg options for gpg
+      GPG_KEY="$(config yadm.gpg-recipient)"
+      if [ "$GPG_KEY" = "ASK" ]; then
+        GPG_OPTS=("--no-default-recipient" "-e")
+      elif [ "$GPG_KEY" != "" ]; then
+        GPG_OPTS=("-e" "-r $GPG_KEY")
+      else
+        GPG_OPTS=("-c")
+      fi
+
+      $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$output_archive"
+      ;;
+
+    openssl)
+      require_openssl
+
+      #; Build openssl options for openssl
+      OPENSSL_CIPHERNAME="$(config yadm.openssl-ciphername)"
+      if [ -z "$OPENSSL_CIPHERNAME" ]; then
+        OPENSSL_CIPHERNAME="aes256"
+      fi
+
+      $OPENSSL_PROGRAM enc -"$OPENSSL_CIPHERNAME" -e -out "$output_archive"
+      ;;
+
+    *)
+      error_out "Unknown cypher '$yadm_crypher'"
+      ;;
+
+  esac
+
+}
+
 function decrypt() {
 
-  require_gpg
   require_archive
 
   YADM_WORK=$(unix_path "$("$GIT_PROGRAM" config core.worktree)")
@@ -402,7 +482,7 @@ function decrypt() {
   fi
 
   #; decrypt the archive
-  if ($GPG_PROGRAM -d "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
+  if (_decrypt_from "$YADM_ARCHIVE" || echo 1) | tar v${tar_option}f - -C "$YADM_WORK"; then
     [ ! "$DO_LIST" = "YES" ] && echo "All files decrypted."
   else
     error_out "Unable to extract encrypted files."
@@ -414,29 +494,18 @@ function decrypt() {
 
 function encrypt() {
 
-  require_gpg
   require_encrypt
   parse_encrypt
 
   cd_work "Encryption" || return
 
-  #; Build gpg options for gpg
-  GPG_KEY="$(config yadm.gpg-recipient)"
-  if [ "$GPG_KEY" = "ASK" ]; then
-    GPG_OPTS=("--no-default-recipient" "-e")
-  elif [ "$GPG_KEY" != "" ]; then
-    GPG_OPTS=("-e" "-r $GPG_KEY")
-  else
-    GPG_OPTS=("-c")
-  fi
-
   #; report which files will be encrypted
   echo "Encrypting the following files:"
   printf '%s\n' "${ENCRYPT_INCLUDE_FILES[@]}"
   echo
 
   #; encrypt all files which match the globs
-  if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | $GPG_PROGRAM --yes "${GPG_OPTS[@]}" --output "$YADM_ARCHIVE"; then
+  if tar -f - -c "${ENCRYPT_INCLUDE_FILES[@]}" | _encrypt_to "$YADM_ARCHIVE"; then
     echo "Wrote new file: $YADM_ARCHIVE"
   else
     error_out "Unable to write $YADM_ARCHIVE"
@@ -600,10 +669,12 @@ yadm.auto-alt
 yadm.auto-perms
 yadm.auto-private-dirs
 yadm.cygwin-copy
+yadm.cypher
 yadm.git-program
 yadm.gpg-perms
 yadm.gpg-program
 yadm.gpg-recipient
+yadm.openssl-program
 yadm.ssh-perms
 EOF
 }
@@ -1041,6 +1112,20 @@ function require_gpg() {
   command -v "$GPG_PROGRAM" >/dev/null 2>&1 || \
     error_out "This functionality requires GPG to be installed, but the command '$GPG_PROGRAM' cannot be located.$more_info"
 }
+function require_openssl() {
+  local alt_openssl
+  alt_openssl="$(config yadm.openssl-program)"
+
+  local more_info
+  more_info=""
+
+  if [ "$alt_openssl" != "" ] ; then
+    OPENSSL_PROGRAM="$alt_openssl"
+    more_info="\nThis command has been set via the yadm.openssl-program configuration."
+  fi
+  command -v "$OPENSSL_PROGRAM" >/dev/null 2>&1 || \
+    error_out "This functionality requires OpenSSL to be installed, but the command '$OPENSSL_PROGRAM' cannot be located.$more_info"
+}
 function require_repo() {
   [ -d "$YADM_REPO" ] || error_out "Git repo does not exist. did you forget to run 'init' or 'clone'?"
 }