Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 70e3ad8231c4b93933bd2c9b05cc705c20013186 / . / scard.c
blob: 7bd72d8ec2109221d40d7016b8e9730eab49aa11 [file] [log] [blame]
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]1/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]25#include "includes.h"
Damien Miller85de5802001-09-18 14:01:11 +1000[diff] [blame]26#ifdef SMARTCARD
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]27RCSID("$OpenBSD: scard.c,v 1.20 2002/03/21 16:57:15 markus Exp $");
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]28#include <openssl/engine.h>
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]29#include <openssl/evp.h>
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]30#include <sectok.h>
31
32#include "key.h"
33#include "log.h"
34#include "xmalloc.h"
35#include "scard.h"
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]36#include "readpass.h"
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]37
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]38#ifdef OPENSSL_VERSION_NUMBER
39#if OPENSSL_VERSION_NUMBER >= 0x00907000L
40#define RSA_get_default_openssl_method RSA_get_default_method
41#define DSA_get_default_openssl_method DSA_get_default_method
42#define DH_get_default_openssl_method DH_get_default_method
43#define ENGINE_set_BN_mod_exp(x,y)
44#endif
45#endif
46
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]47#define CLA_SSH 0x05
48#define INS_DECRYPT 0x10
49#define INS_GET_KEYLENGTH 0x20
50#define INS_GET_PUBKEY 0x30
51#define INS_GET_RESPONSE 0xc0
52
53#define MAX_BUF_SIZE 256
54
55static int sc_fd = -1;
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]56static char *sc_reader_id = NULL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]57static int cla = 0x00; /* class */
58
59/* interface to libsectok */
60
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]61static int
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]62sc_open(void)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]63{
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]64 int sw;
65
66 if (sc_fd >= 0)
67 return sc_fd;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]68
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]69 sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]70 if (sc_fd < 0) {
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]71 error("sectok_open failed: %s", sectok_get_sw(sw));
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]72 return SCARD_ERROR_FAIL;
73 }
74 if (! sectok_cardpresent(sc_fd)) {
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]75 debug("smartcard in reader %s not present, skipping",
76 sc_reader_id);
Ben Lindstrom3ab1dfa2001-08-06 21:33:44 +0000[diff] [blame]77 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]78 return SCARD_ERROR_NOCARD;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]79 }
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]80 if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]81 error("sectok_reset failed: %s", sectok_get_sw(sw));
82 sc_fd = -1;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]83 return SCARD_ERROR_FAIL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]84 }
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]85 if ((cla = cyberflex_inq_class(sc_fd)) < 0)
86 cla = 0;
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]87
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]88 debug("sc_open ok %d", sc_fd);
89 return sc_fd;
90}
91
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]92static int
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]93sc_enable_applet(void)
94{
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]95 static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
96 int sw = 0;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]97
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]98 /* select applet id */
99 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]100 if (!sectok_swOK(sw)) {
101 error("sectok_apdu failed: %s", sectok_get_sw(sw));
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]102 sc_close();
103 return -1;
104 }
105 return 0;
106}
107
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]108static int
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]109sc_init(void)
110{
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]111 int status;
112
113 status = sc_open();
114 if (status == SCARD_ERROR_NOCARD) {
115 return SCARD_ERROR_NOCARD;
116 }
117 if (status < 0 ) {
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]118 error("sc_open failed");
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]119 return status;
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]120 }
121 if (sc_enable_applet() < 0) {
122 error("sc_enable_applet failed");
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]123 return SCARD_ERROR_APPLET;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]124 }
125 return 0;
126}
127
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]128static int
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]129sc_read_pubkey(Key * k)
130{
131 u_char buf[2], *n;
132 char *p;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]133 int len, sw, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]134
135 len = sw = 0;
Damien Miller3ff36d62001-09-28 19:51:54 +1000[diff] [blame]136 n = NULL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]137
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]138 if (sc_fd < 0) {
139 status = sc_init();
140 if (status < 0 )
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]141 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]142 }
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]143
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]144 /* get key size */
145 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]146 sizeof(buf), buf, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]147 if (!sectok_swOK(sw)) {
148 error("could not obtain key length: %s", sectok_get_sw(sw));
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]149 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]150 }
151 len = (buf[0] << 8) | buf[1];
152 len /= 8;
153 debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
154
155 n = xmalloc(len);
156 /* get n */
157 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
158 if (!sectok_swOK(sw)) {
159 error("could not obtain public key: %s", sectok_get_sw(sw));
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]160 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]161 }
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]162
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]163 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
164
165 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
166 error("c_read_pubkey: BN_bin2bn failed");
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]167 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]168 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]169
170 /* currently the java applet just stores 'n' */
171 if (!BN_set_word(k->rsa->e, 35)) {
172 error("c_read_pubkey: BN_set_word(e, 35) failed");
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]173 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]174 }
175
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]176 status = 0;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]177 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
178 debug("fingerprint %d %s", key_size(k), p);
179 xfree(p);
180
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]181err:
182 if (n != NULL)
183 xfree(n);
184 sc_close();
185 return status;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]186}
187
188/* private key operations */
189
190static int
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]191sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]192 int padding)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]193{
194 u_char *padded = NULL;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]195 int sw, len, olen, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]196
197 debug("sc_private_decrypt called");
198
199 olen = len = sw = 0;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]200 if (sc_fd < 0) {
201 status = sc_init();
202 if (status < 0 )
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]203 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]204 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]205 if (padding != RSA_PKCS1_PADDING)
206 goto err;
207
208 len = BN_num_bytes(rsa->n);
209 padded = xmalloc(len);
210
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]211 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, (u_char *)from,
212 0, NULL, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]213 if (!sectok_swOK(sw)) {
214 error("sc_private_decrypt: INS_DECRYPT failed: %s",
215 sectok_get_sw(sw));
216 goto err;
217 }
218 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]219 len, padded, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]220 if (!sectok_swOK(sw)) {
221 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
222 sectok_get_sw(sw));
223 goto err;
224 }
225 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
226 len);
227err:
228 if (padded)
229 xfree(padded);
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]230 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]231 return (olen >= 0 ? olen : status);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]232}
233
234static int
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]235sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]236 int padding)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]237{
238 u_char *padded = NULL;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]239 int sw, len, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]240
241 len = sw = 0;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]242 if (sc_fd < 0) {
243 status = sc_init();
244 if (status < 0 )
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]245 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]246 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]247 if (padding != RSA_PKCS1_PADDING)
248 goto err;
249
250 debug("sc_private_encrypt called");
251 len = BN_num_bytes(rsa->n);
252 padded = xmalloc(len);
253
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]254 if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]255 error("RSA_padding_add_PKCS1_type_1 failed");
256 goto err;
257 }
258 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
259 if (!sectok_swOK(sw)) {
260 error("sc_private_decrypt: INS_DECRYPT failed: %s",
261 sectok_get_sw(sw));
262 goto err;
263 }
264 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]265 len, to, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]266 if (!sectok_swOK(sw)) {
267 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
268 sectok_get_sw(sw));
269 goto err;
270 }
271err:
272 if (padded)
273 xfree(padded);
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]274 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]275 return (len >= 0 ? len : status);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]276}
277
Ben Lindstroma6c8a8d2001-08-06 21:42:00 +0000[diff] [blame]278/* called on free */
279
280static int (*orig_finish)(RSA *rsa) = NULL;
281
282static int
283sc_finish(RSA *rsa)
284{
285 if (orig_finish)
286 orig_finish(rsa);
287 sc_close();
288 return 1;
289}
290
291
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]292/* engine for overloading private key operations */
293
294static ENGINE *smart_engine = NULL;
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]295static RSA_METHOD smart_rsa;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]296
297ENGINE *
298sc_get_engine(void)
299{
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]300 const RSA_METHOD *def;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]301
302 def = RSA_get_default_openssl_method();
303
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]304 /* use the OpenSSL version */
305 memcpy(&smart_rsa, def, sizeof(smart_rsa));
306
307 smart_rsa.name = "sectok";
308
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]309 /* overload */
310 smart_rsa.rsa_priv_enc = sc_private_encrypt;
311 smart_rsa.rsa_priv_dec = sc_private_decrypt;
312
Ben Lindstroma6c8a8d2001-08-06 21:42:00 +0000[diff] [blame]313 /* save original */
314 orig_finish = def->finish;
315 smart_rsa.finish = sc_finish;
316
Damien Millerda755162002-01-22 23:09:22 +1100[diff] [blame]317 if ((smart_engine = ENGINE_new()) == NULL)
318 fatal("ENGINE_new failed");
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]319
320 ENGINE_set_id(smart_engine, "sectok");
321 ENGINE_set_name(smart_engine, "libsectok");
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]322
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]323 ENGINE_set_RSA(smart_engine, &smart_rsa);
324 ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
325 ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
326 ENGINE_set_RAND(smart_engine, RAND_SSLeay());
327 ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
328
329 return smart_engine;
330}
331
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]332void
333sc_close(void)
334{
335 if (sc_fd >= 0) {
336 sectok_close(sc_fd);
337 sc_fd = -1;
338 }
339}
340
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]341Key *
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]342sc_get_key(const char *id)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]343{
344 Key *k;
Ben Lindstrom94baf302001-08-06 21:25:38 +0000[diff] [blame]345 int status;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]346
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]347 if (sc_reader_id != NULL)
348 xfree(sc_reader_id);
349 sc_reader_id = xstrdup(id);
350
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]351 k = key_new(KEY_RSA);
352 if (k == NULL) {
353 return NULL;
354 }
Ben Lindstrom94baf302001-08-06 21:25:38 +0000[diff] [blame]355 status = sc_read_pubkey(k);
356 if (status == SCARD_ERROR_NOCARD) {
357 key_free(k);
358 return NULL;
359 }
360 if (status < 0 ) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]361 error("sc_read_pubkey failed");
362 key_free(k);
363 return NULL;
364 }
365 return k;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]366}
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame^]367
368#define NUM_RSA_KEY_ELEMENTS 5+1
369#define COPY_RSA_KEY(x, i) \
370 do { \
371 len = BN_num_bytes(prv->rsa->x); \
372 elements[i] = xmalloc(len); \
373 debug("#bytes %d", len); \
374 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
375 goto done; \
376 } while (0)
377
378static int
379get_AUT0(char *aut0)
380{
381 const EVP_MD *evp_md = EVP_sha1();
382 EVP_MD_CTX md;
383 char *pass;
384
385 pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
386 if (pass == NULL)
387 return -1;
388 EVP_DigestInit(&md, evp_md);
389 EVP_DigestUpdate(&md, pass, strlen(pass));
390 EVP_DigestFinal(&md, aut0, NULL);
391 memset(pass, 0, strlen(pass));
392 xfree(pass);
393 return 0;
394}
395
396int
397sc_put_key(Key *prv, const char *id)
398{
399 u_char *elements[NUM_RSA_KEY_ELEMENTS];
400 u_char key_fid[2];
401 u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
402 u_char AUT0[EVP_MAX_MD_SIZE];
403 int len, status = -1, i, fd = -1, ret;
404 int sw = 0, cla = 0x00;
405
406 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
407 elements[i] = NULL;
408
409 COPY_RSA_KEY(q, 0);
410 COPY_RSA_KEY(p, 1);
411 COPY_RSA_KEY(iqmp, 2);
412 COPY_RSA_KEY(dmq1, 3);
413 COPY_RSA_KEY(dmp1, 4);
414 COPY_RSA_KEY(n, 5);
415 len = BN_num_bytes(prv->rsa->n);
416 fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
417 if (fd < 0) {
418 error("sectok_open failed: %s", sectok_get_sw(sw));
419 goto done;
420 }
421 if (! sectok_cardpresent(fd)) {
422 error("smartcard in reader %s not present",
423 sc_reader_id);
424 goto done;
425 }
426 ret = sectok_reset(fd, 0, NULL, &sw);
427 if (ret <= 0) {
428 error("sectok_reset failed: %s", sectok_get_sw(sw));
429 goto done;
430 }
431 if ((cla = cyberflex_inq_class(fd)) < 0) {
432 error("cyberflex_inq_class failed");
433 goto done;
434 }
435 memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
436 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
437 if (get_AUT0(AUT0) < 0 ||
438 cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
439 error("cyberflex_verify_AUT0 failed");
440 goto done;
441 }
442 }
443 key_fid[0] = 0x00;
444 key_fid[1] = 0x12;
445 if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
446 &sw) < 0) {
447 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
448 goto done;
449 }
450 if (!sectok_swOK(sw))
451 goto done;
452 log("cyberflex_load_rsa_priv done");
453 key_fid[0] = 0x73;
454 key_fid[1] = 0x68;
455 if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
456 &sw) < 0) {
457 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
458 goto done;
459 }
460 if (!sectok_swOK(sw))
461 goto done;
462 log("cyberflex_load_rsa_pub done");
463 status = 0;
464
465done:
466 memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
467 memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
468 memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
469 memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
470 memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
471 memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
472
473 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
474 if (elements[i])
475 xfree(elements[i]);
476 if (fd != -1)
477 sectok_close(fd);
478 return (status);
479}
Ben Lindstrombcc18082001-08-06 21:59:25 +0000[diff] [blame]480#endif /* SMARTCARD */