[feat] Allow custom commands

* Decipher command
  * Smartcard presence test

README.md

@@ -66,6 +66,8 @@ The OSK-SDL parts are inspired by Mobian package https://salsa.debian.org/Debian
 
     ```sudo cp decrypt_pkcs_hook /etc/initramfs-tools/hooks && chmod +x /etc/initramfs-tools/hooks/decrypt_pkcs_hook ```
     
+    ```sudo cp decrypt_pkcs_default /etc/default/decrypt_pkcs ```
+
     ```sudo update-initramfs -u```
 
 10. Test smartcard (without USB Key)

decrypt_pkcs

@@ -9,6 +9,14 @@
 # Although opensc-tool --help reports that there is a --wait option, it doesn't
 # seem to be implemented.
 
+# Load configuration and test set default value if missing
+. /etc/default/decrypt_pkcs
+SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool}
+SMARTCARD_PRESENCE_ARGS=${SMARTCARD_PRESENCE_ARGS:-'-n'}
+DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt}
+DECIPHER_ARGS=${DECIPHER_ARGS:-'--decipher --pkcs1 --raw --input'}
+DECIPHER_ASK_PIN=${DECIPHER_ASK_PIN:-'--pin'}
+
 check_plymouth() {
     plymouth=0
     if [ -x /bin/plymouth ] && plymouth --ping > /dev/null ; then
@@ -27,7 +35,7 @@ check_osk_sdl() {
 
 check_card() {
     cardfound=0
-    if /usr/bin/opensc-tool -n >/dev/null 2>&1; then
+    if $SMARTCARD_PRESENCE_COMMAND $SMARTCARD_PRESENCE_ARGS >/dev/null 2>&1; then
         cardfound=1
     fi
 }
@@ -102,22 +110,22 @@ if [ $plymouth = 1 ] ; then
     if [ $osk_sdl = 1 ] ; then
 	# Get pin number from osk_sdl
 	plymouth hide-splash 2>/dev/null
-	/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
+	${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
-		--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
+		$DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
 	plymouth show-splash 2>/dev/null
     else
 	# Get pin number from plymouth
-        /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
+	${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
-                --pin "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
+                $DECIPHER_ASK_PIN "$(plymouth ask-for-password --prompt "Enter pin for $CRYPTTAB_NAME: ")"
     fi
 else
     if [ $osk_sdl = 1 ] ; then
 	# Get pin number from osk_sdl
-	/usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw \
+	${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS \
-		--pin "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
+		$DECIPHER_ASK_PIN "$(/usr/bin/osk-sdl -v -k -d "${CRYPTTAB_SOURCE}" -n "${CRYPTTAB_NAME}" -c /etc/osk.conf)"
     else
 	# Get pin number from console
-        /usr/bin/pkcs15-crypt --decipher --input "$1" --pkcs1 --raw </dev/console 2>/dev/console
+	${DECIPHER_COMMAND} $DECIPHER_ARGS "$1" $DECIPHER_EXTRA_ARGS </dev/console 2>/dev/console
     fi
 fi
 

decrypt_pkcs_default

@@ -0,0 +1,27 @@
+# Decrypt_PKCS initramfs configuration 
+
+# Smartcard presence test 
+SMARTCARD_PRESENCE_COMMAND=/usr/bin/opensc-tool
+SMARTCARD_PRESENCE_ARGS='-n'
+
+# PKCS decipher command default to pkcs15-crypt
+#DECIPHER_COMMAND=/usr/bin/pkcs15-crypt
+DECIPHER_COMMAND=/usr/bin/pkcs15-crypt
+
+# PKCS decipher extra library (usefull with pkcs11 or custom command)
+# The initramfs hook will search in the multiarch default library path 
+# eg where the libc is stored and its subfolders.
+# Wildcard is allowed by using the find command
+DECIPHER_EXTRA_LIBS=
+
+# Define command parameters
+# DECIPHER_ARGS is followed by the data to decipher
+# DECIPHER_EXTRA_ARGS allow customization
+# DECIPHER_ASKPIN is followed by the PIN input from user
+# Default value for pkcs15-crypt 
+#DECIPHER_ARGS='--decipher --pkcs1 --raw --input'
+#DECIPHER_EXTRA_ARGS=
+#DECIPHER_ASK_PIN='--pin'
+DECIPHER_ARGS='--decipher --pkcs1 --raw --input'
+DECIPHER_EXTRA_ARGS=
+DECIPHER_ASK_PIN='--pin'

decrypt_pkcs_hook

@@ -23,6 +23,13 @@ if [ ! -x "$DESTDIR/lib/cryptsetup/scripts/decrypt_pkcs" ] || [ ! -f "$TABFILE"
     exit 0
 fi
 
+# Fetching local parameters
+if [ -f /etc/default/decrypt_pkcs ] ; then
+    . /etc/default/decrypt_pkcs
+fi 
+DECIPHER_COMMAND=${DECIPHER_COMMAND:-/usr/bin/pkcs15-crypt}
+SMARTCARD_PRESENCE_COMMAND=${SMARTCARD_PRESENCE_COMMAND:-/usr/bin/opensc-tool}
+
 # Hooks for loading smartcard reading software into the initramfs
 copy_keys() {
     crypttab_parse_options
@@ -45,7 +52,7 @@ crypttab_foreach_entry copy_keys
 
 # Install directories needed by smartcard reading daemon, command, and
 # key-script
-mkdir -p -- "$DESTDIR/etc/opensc" "$DESTDIR/usr/lib/pcsc" "$DESTDIR/var/run" "$DESTDIR/tmp"
+mkdir -p -- "$DESTDIR/etc/opensc" "$DESTDIR/usr/lib/pcsc" "$DESTDIR/var/run" "$DESTDIR/tmp" "$DESTDIR/etc/default"
 
 # Install pcscd daemon, drivers, conf file
 copy_exec /usr/sbin/pcscd
@@ -60,7 +67,9 @@ cp -t "$DESTDIR/etc" /etc/libccid_Info.plist
 
 # Install opensc commands and conf file
 copy_exec /usr/bin/opensc-tool
-copy_exec /usr/bin/pkcs15-crypt
+copy_exec $SMARTCARD_PRESENCE_COMMAND
+copy_exec $DECIPHER_COMMAND
 cp -t "$DESTDIR/etc/opensc" /etc/opensc/opensc.conf
+cp -t "$DESTDIR/etc/default" /etc/default/decrypt_pkcs 
 
 exit $RV