initrd_luks_pkcs/decrypt_pkcs

125 lines
3.4 KiB
Text
Raw Normal View History

2021-04-04 17:51:53 +00:00
#!/bin/sh
# Why not use "openct-tool rwait" instead of polling opensc-tool exit status?
# Well openct daemon has to be running which interferes with pcscd since both
# implement reader drivers, my particular CCID reader (SCM SCR331-LC1) doesn't
# work with the CCID driver in openct, however it does work with pcscd.
# Why not use "opensc-tool --wait" instead of polling opensc-tool exit status?
# Although opensc-tool --help reports that there is a --wait option, it doesn't
# seem to be implemented.
check_plymouth() {
plymouth=0
if [ -x /bin/plymouth ] && plymouth --ping > /dev/null ; then
plymouth=1
fi
}
check_osk_sdl() {
osk_sdl=0
if [ -f /usr/bin/osk-sdl ] ; then
osk_sdl=1
export ETNA_MESA_DEBUG=no_supertile
export SDL_VIDEODRIVER=kmsdrm
fi
}
check_card() {
cardfound=0
if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
cardfound=1
fi
}
log_message() {
if [ $plymouth = 1 ] ; then
plymouth display-message --text="$@" 2>/dev/null
else
echo "$@" >&2
fi
}
fallback() {
log_message 'Asking for passphrase'
if [ $plymouth = 1 ] ; then
if [ $osk_sdl = 1 ] ; then
plymouth hide-splash 2>/dev/null
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|| panic "Failure running osk-sdl. Good luck."
plymouth show-splash 2>/dev/null
else
plymouth ask-for-password --prompt "Try LUKS password for $CRYPTTAB_NAME: " 2>/dev/null
exit 0
fi
else
if [ $osk_sdl = 1 ] ; then
/usr/bin/osk-sdl -d ${CRYPTTAB_SOURCE} -n "${CRYPTTAB_NAME}" -c /etc/osk.conf -v \
|| panic "Failure running osk-sdl. Good luck."
else
echo </dev/console 2>/dev/console
exit 0
fi
fi
exit $?
}
wait_card() {
check_card
if [ $cardfound = 0 ] ; then
log_message "Waiting for Smart Card..."
tries=0
while [ $cardfound = 0 ] && [ $tries -lt 15 ] ; do
sleep 1
check_card
tries=$(($tries + 1))
done
if [ $cardfound = 0 ] ; then
log_message 'Failed to find Smart Card card!'
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
log_message 'Already decrypted'
exit 0
else
fallback
fi
fi
fi
}
check_plymouth
check_osk_sdl
if [ -b "/dev/mapper/${CRYPTTAB_NAME}" ] ; then
log_message 'Already decrypted'
exit 0
fi
wait_card
if [ $plymouth = 1 ] ; then
if [ $osk_sdl = 1 ] ; then
# Get pin number from osk_sdl
plymouth hide-splash 2>/dev/null
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
plymouth show-splash 2>/dev/null
else
# Get pin number from plymouth
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
--pin "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
fi
else
if [ $osk_sdl = 1 ] ; then
# Get pin number from osk_sdl
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
else
# Get pin number from console
/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw </dev/console 2>/dev/console
fi
fi
exit $?