Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 818659a163197153d511dad9fa524266df5bb86e / . / scard.c
blob: 9d044acb9557c630000fcd54d777c17f0d8b76e1 [file] [log] [blame]
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]1/*
2 * Copyright (c) 2001 Markus Friedl. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */
24
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]25#include "includes.h"
Damien Miller85de5802001-09-18 14:01:11 +1000[diff] [blame]26#ifdef SMARTCARD
Ben Lindstrom818659a2002-03-22 03:38:35 +0000[diff] [blame^]27RCSID("$OpenBSD: scard.c,v 1.21 2002/03/21 18:08:15 rees Exp $");
28
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]29#include <openssl/engine.h>
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]30#include <openssl/evp.h>
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]31#include <sectok.h>
32
33#include "key.h"
34#include "log.h"
35#include "xmalloc.h"
36#include "scard.h"
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]37#include "readpass.h"
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]38
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]39#ifdef OPENSSL_VERSION_NUMBER
40#if OPENSSL_VERSION_NUMBER >= 0x00907000L
41#define RSA_get_default_openssl_method RSA_get_default_method
42#define DSA_get_default_openssl_method DSA_get_default_method
43#define DH_get_default_openssl_method DH_get_default_method
44#define ENGINE_set_BN_mod_exp(x,y)
45#endif
46#endif
47
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]48#define CLA_SSH 0x05
49#define INS_DECRYPT 0x10
50#define INS_GET_KEYLENGTH 0x20
51#define INS_GET_PUBKEY 0x30
52#define INS_GET_RESPONSE 0xc0
53
54#define MAX_BUF_SIZE 256
55
56static int sc_fd = -1;
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]57static char *sc_reader_id = NULL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]58static int cla = 0x00; /* class */
59
60/* interface to libsectok */
61
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]62static int
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]63sc_open(void)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]64{
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]65 int sw;
66
67 if (sc_fd >= 0)
68 return sc_fd;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]69
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]70 sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]71 if (sc_fd < 0) {
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]72 error("sectok_open failed: %s", sectok_get_sw(sw));
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]73 return SCARD_ERROR_FAIL;
74 }
75 if (! sectok_cardpresent(sc_fd)) {
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]76 debug("smartcard in reader %s not present, skipping",
77 sc_reader_id);
Ben Lindstrom3ab1dfa2001-08-06 21:33:44 +0000[diff] [blame]78 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]79 return SCARD_ERROR_NOCARD;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]80 }
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]81 if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]82 error("sectok_reset failed: %s", sectok_get_sw(sw));
83 sc_fd = -1;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]84 return SCARD_ERROR_FAIL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]85 }
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]86 if ((cla = cyberflex_inq_class(sc_fd)) < 0)
87 cla = 0;
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]88
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]89 debug("sc_open ok %d", sc_fd);
90 return sc_fd;
91}
92
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]93static int
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]94sc_enable_applet(void)
95{
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]96 static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
97 int sw = 0;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]98
Ben Lindstrom60df8e42001-08-06 21:10:52 +0000[diff] [blame]99 /* select applet id */
100 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]101 if (!sectok_swOK(sw)) {
102 error("sectok_apdu failed: %s", sectok_get_sw(sw));
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]103 sc_close();
104 return -1;
105 }
106 return 0;
107}
108
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]109static int
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]110sc_init(void)
111{
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]112 int status;
113
114 status = sc_open();
115 if (status == SCARD_ERROR_NOCARD) {
116 return SCARD_ERROR_NOCARD;
117 }
118 if (status < 0 ) {
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]119 error("sc_open failed");
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]120 return status;
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]121 }
122 if (sc_enable_applet() < 0) {
123 error("sc_enable_applet failed");
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]124 return SCARD_ERROR_APPLET;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]125 }
126 return 0;
127}
128
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]129static int
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]130sc_read_pubkey(Key * k)
131{
132 u_char buf[2], *n;
133 char *p;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]134 int len, sw, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]135
136 len = sw = 0;
Damien Miller3ff36d62001-09-28 19:51:54 +1000[diff] [blame]137 n = NULL;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]138
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]139 if (sc_fd < 0) {
140 status = sc_init();
141 if (status < 0 )
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]142 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]143 }
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]144
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]145 /* get key size */
146 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]147 sizeof(buf), buf, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]148 if (!sectok_swOK(sw)) {
149 error("could not obtain key length: %s", sectok_get_sw(sw));
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]150 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]151 }
152 len = (buf[0] << 8) | buf[1];
153 len /= 8;
154 debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
155
156 n = xmalloc(len);
157 /* get n */
158 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
159 if (!sectok_swOK(sw)) {
160 error("could not obtain public key: %s", sectok_get_sw(sw));
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]161 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]162 }
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]163
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]164 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
165
166 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
167 error("c_read_pubkey: BN_bin2bn failed");
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]168 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]169 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]170
171 /* currently the java applet just stores 'n' */
172 if (!BN_set_word(k->rsa->e, 35)) {
173 error("c_read_pubkey: BN_set_word(e, 35) failed");
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]174 goto err;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]175 }
176
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]177 status = 0;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]178 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
179 debug("fingerprint %d %s", key_size(k), p);
180 xfree(p);
181
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]182err:
183 if (n != NULL)
184 xfree(n);
185 sc_close();
186 return status;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]187}
188
189/* private key operations */
190
191static int
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]192sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]193 int padding)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]194{
195 u_char *padded = NULL;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]196 int sw, len, olen, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]197
198 debug("sc_private_decrypt called");
199
200 olen = len = sw = 0;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]201 if (sc_fd < 0) {
202 status = sc_init();
203 if (status < 0 )
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]204 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]205 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]206 if (padding != RSA_PKCS1_PADDING)
207 goto err;
208
209 len = BN_num_bytes(rsa->n);
210 padded = xmalloc(len);
211
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]212 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, (u_char *)from,
213 0, NULL, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]214 if (!sectok_swOK(sw)) {
215 error("sc_private_decrypt: INS_DECRYPT failed: %s",
216 sectok_get_sw(sw));
217 goto err;
218 }
219 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]220 len, padded, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]221 if (!sectok_swOK(sw)) {
222 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
223 sectok_get_sw(sw));
224 goto err;
225 }
226 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
227 len);
228err:
229 if (padded)
230 xfree(padded);
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]231 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]232 return (olen >= 0 ? olen : status);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]233}
234
235static int
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]236sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]237 int padding)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]238{
239 u_char *padded = NULL;
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]240 int sw, len, status = -1;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]241
242 len = sw = 0;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]243 if (sc_fd < 0) {
244 status = sc_init();
245 if (status < 0 )
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]246 goto err;
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]247 }
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]248 if (padding != RSA_PKCS1_PADDING)
249 goto err;
250
251 debug("sc_private_encrypt called");
252 len = BN_num_bytes(rsa->n);
253 padded = xmalloc(len);
254
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]255 if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]256 error("RSA_padding_add_PKCS1_type_1 failed");
257 goto err;
258 }
259 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
260 if (!sectok_swOK(sw)) {
261 error("sc_private_decrypt: INS_DECRYPT failed: %s",
262 sectok_get_sw(sw));
263 goto err;
264 }
265 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
Damien Miller9f0f5c62001-12-21 14:45:46 +1100[diff] [blame]266 len, to, &sw);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]267 if (!sectok_swOK(sw)) {
268 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
269 sectok_get_sw(sw));
270 goto err;
271 }
272err:
273 if (padded)
274 xfree(padded);
Ben Lindstroma2fec902001-09-18 05:45:44 +0000[diff] [blame]275 sc_close();
Ben Lindstrom30b00be2001-08-06 21:22:10 +0000[diff] [blame]276 return (len >= 0 ? len : status);
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]277}
278
Ben Lindstroma6c8a8d2001-08-06 21:42:00 +0000[diff] [blame]279/* called on free */
280
281static int (*orig_finish)(RSA *rsa) = NULL;
282
283static int
284sc_finish(RSA *rsa)
285{
286 if (orig_finish)
287 orig_finish(rsa);
288 sc_close();
289 return 1;
290}
291
292
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]293/* engine for overloading private key operations */
294
295static ENGINE *smart_engine = NULL;
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]296static RSA_METHOD smart_rsa;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]297
298ENGINE *
299sc_get_engine(void)
300{
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]301 const RSA_METHOD *def;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]302
303 def = RSA_get_default_openssl_method();
304
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]305 /* use the OpenSSL version */
306 memcpy(&smart_rsa, def, sizeof(smart_rsa));
307
308 smart_rsa.name = "sectok";
309
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]310 /* overload */
311 smart_rsa.rsa_priv_enc = sc_private_encrypt;
312 smart_rsa.rsa_priv_dec = sc_private_decrypt;
313
Ben Lindstroma6c8a8d2001-08-06 21:42:00 +0000[diff] [blame]314 /* save original */
315 orig_finish = def->finish;
316 smart_rsa.finish = sc_finish;
317
Damien Millerda755162002-01-22 23:09:22 +1100[diff] [blame]318 if ((smart_engine = ENGINE_new()) == NULL)
319 fatal("ENGINE_new failed");
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]320
321 ENGINE_set_id(smart_engine, "sectok");
322 ENGINE_set_name(smart_engine, "libsectok");
Ben Lindstrom0b675b12002-03-22 03:28:11 +0000[diff] [blame]323
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]324 ENGINE_set_RSA(smart_engine, &smart_rsa);
325 ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
326 ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
327 ENGINE_set_RAND(smart_engine, RAND_SSLeay());
328 ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
329
330 return smart_engine;
331}
332
Damien Miller694be4b2001-07-14 12:13:26 +1000[diff] [blame]333void
334sc_close(void)
335{
336 if (sc_fd >= 0) {
337 sectok_close(sc_fd);
338 sc_fd = -1;
339 }
340}
341
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]342Key *
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]343sc_get_key(const char *id)
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]344{
345 Key *k;
Ben Lindstrom94baf302001-08-06 21:25:38 +0000[diff] [blame]346 int status;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]347
Ben Lindstromf7db3bb2001-08-06 21:35:51 +0000[diff] [blame]348 if (sc_reader_id != NULL)
349 xfree(sc_reader_id);
350 sc_reader_id = xstrdup(id);
351
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]352 k = key_new(KEY_RSA);
353 if (k == NULL) {
354 return NULL;
355 }
Ben Lindstrom94baf302001-08-06 21:25:38 +0000[diff] [blame]356 status = sc_read_pubkey(k);
357 if (status == SCARD_ERROR_NOCARD) {
358 key_free(k);
359 return NULL;
360 }
361 if (status < 0 ) {
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]362 error("sc_read_pubkey failed");
363 key_free(k);
364 return NULL;
365 }
366 return k;
Ben Lindstrom3133dbb2001-07-04 05:35:00 +0000[diff] [blame]367}
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]368
369#define NUM_RSA_KEY_ELEMENTS 5+1
370#define COPY_RSA_KEY(x, i) \
371 do { \
372 len = BN_num_bytes(prv->rsa->x); \
373 elements[i] = xmalloc(len); \
374 debug("#bytes %d", len); \
375 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
376 goto done; \
377 } while (0)
378
379static int
380get_AUT0(char *aut0)
381{
382 const EVP_MD *evp_md = EVP_sha1();
383 EVP_MD_CTX md;
384 char *pass;
385
386 pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
387 if (pass == NULL)
388 return -1;
389 EVP_DigestInit(&md, evp_md);
390 EVP_DigestUpdate(&md, pass, strlen(pass));
391 EVP_DigestFinal(&md, aut0, NULL);
392 memset(pass, 0, strlen(pass));
393 xfree(pass);
394 return 0;
395}
396
397int
398sc_put_key(Key *prv, const char *id)
399{
400 u_char *elements[NUM_RSA_KEY_ELEMENTS];
401 u_char key_fid[2];
402 u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
403 u_char AUT0[EVP_MAX_MD_SIZE];
404 int len, status = -1, i, fd = -1, ret;
405 int sw = 0, cla = 0x00;
406
407 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
408 elements[i] = NULL;
409
410 COPY_RSA_KEY(q, 0);
411 COPY_RSA_KEY(p, 1);
412 COPY_RSA_KEY(iqmp, 2);
413 COPY_RSA_KEY(dmq1, 3);
414 COPY_RSA_KEY(dmp1, 4);
415 COPY_RSA_KEY(n, 5);
416 len = BN_num_bytes(prv->rsa->n);
Ben Lindstrom818659a2002-03-22 03:38:35 +0000[diff] [blame^]417 fd = sectok_friendly_open(id, STONOWAIT, &sw);
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]418 if (fd < 0) {
419 error("sectok_open failed: %s", sectok_get_sw(sw));
420 goto done;
421 }
422 if (! sectok_cardpresent(fd)) {
Ben Lindstrom818659a2002-03-22 03:38:35 +0000[diff] [blame^]423 error("smartcard in reader %s not present", id);
Ben Lindstrom70e3ad82002-03-22 03:33:43 +0000[diff] [blame]424 goto done;
425 }
426 ret = sectok_reset(fd, 0, NULL, &sw);
427 if (ret <= 0) {
428 error("sectok_reset failed: %s", sectok_get_sw(sw));
429 goto done;
430 }
431 if ((cla = cyberflex_inq_class(fd)) < 0) {
432 error("cyberflex_inq_class failed");
433 goto done;
434 }
435 memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
436 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
437 if (get_AUT0(AUT0) < 0 ||
438 cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
439 error("cyberflex_verify_AUT0 failed");
440 goto done;
441 }
442 }
443 key_fid[0] = 0x00;
444 key_fid[1] = 0x12;
445 if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
446 &sw) < 0) {
447 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
448 goto done;
449 }
450 if (!sectok_swOK(sw))
451 goto done;
452 log("cyberflex_load_rsa_priv done");
453 key_fid[0] = 0x73;
454 key_fid[1] = 0x68;
455 if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
456 &sw) < 0) {
457 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
458 goto done;
459 }
460 if (!sectok_swOK(sw))
461 goto done;
462 log("cyberflex_load_rsa_pub done");
463 status = 0;
464
465done:
466 memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
467 memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
468 memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
469 memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
470 memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
471 memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
472
473 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
474 if (elements[i])
475 xfree(elements[i]);
476 if (fd != -1)
477 sectok_close(fd);
478 return (status);
479}
Ben Lindstrombcc18082001-08-06 21:59:25 +0000[diff] [blame]480#endif /* SMARTCARD */