#!/bin/sh # Why not use "openct-tool rwait" instead of polling opensc-tool exit status? # Well openct daemon has to be running which interferes with pcscd since both # implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't # work with the CCID driver in openct, however it does work with pcscd. # Why not use "opensc-tool --wait" instead of polling opensc-tool exit status? # Although opensc-tool --help reports that there is a --wait option, it doesn't # seem to be implemented. # Load configuration and test set default value if missing . /etc/default/decrypt_pkcs SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool} SMARTCARD_PRESENCE_ARGS=${SMARTCARD_PRESENCE_ARGS:-'-n'} DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt} DECIPHER_ARGS=${DECIPHER_ARGS:-'--decipher --pkcs1 --raw --input'} DECIPHER_ASK_PIN=${DECIPHER_ASK_PIN:-'--pin'} DECIPHER_MULTI=${DECIPHER_MULTI:-0} KEY="${1}" check_plymouth() { plymouth=0 if [ -x /bin/plymouth ] && plymouth --ping > /dev/null ; then plymouth=1 fi } check_osk_sdl() { osk_sdl=0 if [ -f /usr/bin/osk-sdl ] ; then osk_sdl=1 export ETNA_MESA_DEBUG=no_supertile export SDL_VIDEODRIVER=kmsdrm fi } check_card() { cardfound=0 if $SMARTCARD_PRESENCE_COMMAND $SMARTCARD_PRESENCE_ARGS >/dev/null 2>&1; then cardfound=1 fi } check_key() { if [ $DECIPHER_MULTI = 1 ] ; then temp=$($DECIPHER_MULTI_SCRIPT) KEY=$(echo $temp | awk '{print $1}') DECIPHER_EXTRA_ARGS=$(echo $temp | awk '{$1=""; print}') fi } log_message() { if [ $plymouth = 1 ] ; then plymouth display-message --text="$@" 2>/dev/null else echo "$@" >&2 fi } fallback() { log_message 'Asking for passphrase' if [ $plymouth = 1 ] ; then if [ $osk_sdl = 1 ] ; then plymouth hide-splash 2>/dev/null /usr/bin/osk-sdl -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf 2> /dev/null \ || panic "Failure running osk-sdl. Good luck." plymouth show-splash 2>/dev/null else plymouth ask-for-password --prompt "Try LUKS password for $CRYPTTAB_NAME: " 2>/dev/null exit 0 fi else if [ $osk_sdl = 1 ] ; then /usr/bin/osk-sdl -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf 2> /dev/null \ || panic "Failure running osk-sdl. Good luck." else echo /dev/console exit 0 fi fi exit $? } wait_card() { check_card if [ $cardfound = 0 ] ; then log_message "Waiting for Smart Card..." tries=0 while [ $cardfound = 0 ] && [ $tries -lt 15 ] ; do sleep 1 check_card tries=$(($tries + 1)) done if [ $cardfound = 0 ] ; then log_message 'Failed to find Smart Card card!' if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then log_message 'Already decrypted' exit 0 else fallback fi fi fi } check_plymouth check_osk_sdl if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then log_message 'Already decrypted' exit 0 fi wait_card check_key if [ $plymouth = 1 ] ; then if [ $osk_sdl = 1 ] ; then # Get pin number from osk_sdl plymouth hide-splash 2>/dev/null ${DECIPHER_COMMAND} $DECIPHER_ARGS "$KEY" $DECIPHER_EXTRA_ARGS \ $DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf 2> /dev/null | tail -n1)" plymouth show-splash 2>/dev/null else # Get pin number from plymouth ${DECIPHER_COMMAND} $DECIPHER_ARGS "$KEY" $DECIPHER_EXTRA_ARGS \ $DECIPHER_ASK_PIN "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME ($KEY): ")" fi else if [ $osk_sdl = 1 ] ; then # Get pin number from osk_sdl ${DECIPHER_COMMAND} $DECIPHER_ARGS "$KEY" $DECIPHER_EXTRA_ARGS \ $DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf 2> /dev/null | tail -n1)" else # Get pin number from console ${DECIPHER_COMMAND} $DECIPHER_ARGS "$KEY" $DECIPHER_EXTRA_ARGS /dev/console fi fi exit $?