search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / external / bsd / openssh / dist / scard.c
blobf12be86010d9af55c84353e36359661d5d398b6f
1 /* $NetBSD$ */
2 /* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
3 /*
4 * Copyright (c) 2001 Markus Friedl. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #ifdef SMARTCARD
28
29 #include "includes.h"
30 __RCSID("$NetBSD: scard.c,v 1.10 2007/03/10 22:52:08 christos Exp $");
31 #include <sys/types.h>
32
33 #include <openssl/evp.h>
34
35 #include <sectok.h>
36 #include <string.h>
37
38 #include "xmalloc.h"
39 #include "key.h"
40 #include "log.h"
41 #include "misc.h"
42 #include "scard.h"
43
44 #if OPENSSL_VERSION_NUMBER < 0x00907000L
45 #define USE_ENGINE
46 #define RSA_get_default_method RSA_get_default_openssl_method
47 #else
48 #endif
49
50 #ifdef USE_ENGINE
51 #include <openssl/engine.h>
52 #define sc_get_rsa sc_get_engine
53 #else
54 #define sc_get_rsa sc_get_rsa_method
55 #endif
56
57 #define CLA_SSH 0x05
58 #define INS_DECRYPT 0x10
59 #define INS_GET_KEYLENGTH 0x20
60 #define INS_GET_PUBKEY 0x30
61 #define INS_GET_RESPONSE 0xc0
62
63 #define MAX_BUF_SIZE 256
64
65 u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
66
67 static int sc_fd = -1;
68 static char *sc_reader_id = NULL;
69 static char *sc_pin = NULL;
70 static int cla = 0x00; /* class */
71
72 static void sc_mk_digest(const char *pin, u_char *digest);
73 static int get_AUT0(u_char *aut0);
74 static int try_AUT0(void);
75
76 /* interface to libsectok */
77
78 static int
79 sc_open(void)
80 {
81 int sw;
82
83 if (sc_fd >= 0)
84 return sc_fd;
85
86 sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
87 if (sc_fd < 0) {
88 error("sectok_open failed: %s", sectok_get_sw(sw));
89 return SCARD_ERROR_FAIL;
90 }
91 if (! sectok_cardpresent(sc_fd)) {
92 debug("smartcard in reader %s not present, skipping",
93 sc_reader_id);
94 sc_close();
95 return SCARD_ERROR_NOCARD;
96 }
97 if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
98 error("sectok_reset failed: %s", sectok_get_sw(sw));
99 sc_fd = -1;
100 return SCARD_ERROR_FAIL;
101 }
102 if ((cla = cyberflex_inq_class(sc_fd)) < 0)
103 cla = 0;
104
105 debug("sc_open ok %d", sc_fd);
106 return sc_fd;
107 }
108
109 static int
110 sc_enable_applet(void)
111 {
112 static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
113 int sw = 0;
114
115 /* select applet id */
116 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
117 if (!sectok_swOK(sw)) {
118 error("sectok_apdu failed: %s", sectok_get_sw(sw));
119 sc_close();
120 return -1;
121 }
122 return 0;
123 }
124
125 static int
126 sc_init(void)
127 {
128 int status;
129
130 status = sc_open();
131 if (status == SCARD_ERROR_NOCARD) {
132 return SCARD_ERROR_NOCARD;
133 }
134 if (status < 0) {
135 error("sc_open failed");
136 return status;
137 }
138 if (sc_enable_applet() < 0) {
139 error("sc_enable_applet failed");
140 return SCARD_ERROR_APPLET;
141 }
142 return 0;
143 }
144
145 static int
146 sc_read_pubkey(Key * k)
147 {
148 u_char buf[2], *n;
149 char *p;
150 int len, sw, status = -1;
151
152 len = sw = 0;
153 n = NULL;
154
155 if (sc_fd < 0) {
156 if (sc_init() < 0)
157 goto err;
158 }
159
160 /* get key size */
161 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
162 sizeof(buf), buf, &sw);
163 if (!sectok_swOK(sw)) {
164 error("could not obtain key length: %s", sectok_get_sw(sw));
165 goto err;
166 }
167 len = (buf[0] << 8) | buf[1];
168 len /= 8;
169 debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
170
171 n = xmalloc(len);
172 /* get n */
173 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
174
175 if (sw == 0x6982) {
176 if (try_AUT0() < 0)
177 goto err;
178 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
179 }
180 if (!sectok_swOK(sw)) {
181 error("could not obtain public key: %s", sectok_get_sw(sw));
182 goto err;
183 }
184
185 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
186
187 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
188 error("c_read_pubkey: BN_bin2bn failed");
189 goto err;
190 }
191
192 /* currently the java applet just stores 'n' */
193 if (!BN_set_word(k->rsa->e, 35)) {
194 error("c_read_pubkey: BN_set_word(e, 35) failed");
195 goto err;
196 }
197
198 status = 0;
199 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
200 debug("fingerprint %u %s", key_size(k), p);
201 xfree(p);
202
203 err:
204 if (n != NULL)
205 xfree(n);
206 sc_close();
207 return status;
208 }
209
210 /* private key operations */
211
212 static int
213 sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
214 int padding)
215 {
216 u_char *padded = NULL;
217 int sw, len, olen, status = -1;
218
219 debug("sc_private_decrypt called");
220
221 olen = len = sw = 0;
222 if (sc_fd < 0) {
223 status = sc_init();
224 if (status < 0)
225 goto err;
226 }
227 if (padding != RSA_PKCS1_PADDING)
228 goto err;
229
230 len = BN_num_bytes(rsa->n);
231 padded = xmalloc(len);
232
233 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
234
235 if (sw == 0x6982) {
236 if (try_AUT0() < 0)
237 goto err;
238 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
239 }
240 if (!sectok_swOK(sw)) {
241 error("sc_private_decrypt: INS_DECRYPT failed: %s",
242 sectok_get_sw(sw));
243 goto err;
244 }
245 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
246 len);
247 err:
248 if (padded)
249 xfree(padded);
250 sc_close();
251 return (olen >= 0 ? olen : status);
252 }
253
254 static int
255 sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
256 int padding)
257 {
258 u_char *padded = NULL;
259 int sw, len, status = -1;
260
261 len = sw = 0;
262 if (sc_fd < 0) {
263 status = sc_init();
264 if (status < 0)
265 goto err;
266 }
267 if (padding != RSA_PKCS1_PADDING)
268 goto err;
269
270 debug("sc_private_encrypt called");
271 len = BN_num_bytes(rsa->n);
272 padded = xmalloc(len);
273
274 if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
275 error("RSA_padding_add_PKCS1_type_1 failed");
276 goto err;
277 }
278 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
279 if (sw == 0x6982) {
280 if (try_AUT0() < 0)
281 goto err;
282 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
283 }
284 if (!sectok_swOK(sw)) {
285 error("sc_private_encrypt: INS_DECRYPT failed: %s",
286 sectok_get_sw(sw));
287 goto err;
288 }
289 err:
290 if (padded)
291 xfree(padded);
292 sc_close();
293 return (len >= 0 ? len : status);
294 }
295
296 /* called on free */
297
298 static int (*orig_finish)(RSA *rsa) = NULL;
299
300 static int
301 sc_finish(RSA *rsa)
302 {
303 if (orig_finish)
304 orig_finish(rsa);
305 sc_close();
306 return 1;
307 }
308
309 /* engine for overloading private key operations */
310
311 static RSA_METHOD *
312 sc_get_rsa_method(void)
313 {
314 static RSA_METHOD smart_rsa;
315 const RSA_METHOD *def = RSA_get_default_method();
316
317 /* use the OpenSSL version */
318 memcpy(&smart_rsa, def, sizeof(smart_rsa));
319
320 smart_rsa.name = "sectok";
321
322 /* overload */
323 smart_rsa.rsa_priv_enc = sc_private_encrypt;
324 smart_rsa.rsa_priv_dec = sc_private_decrypt;
325
326 /* save original */
327 orig_finish = def->finish;
328 smart_rsa.finish = sc_finish;
329
330 return &smart_rsa;
331 }
332
333 #ifdef USE_ENGINE
334 static ENGINE *
335 sc_get_engine(void)
336 {
337 static ENGINE *smart_engine = NULL;
338
339 if ((smart_engine = ENGINE_new()) == NULL)
340 fatal("ENGINE_new failed");
341
342 ENGINE_set_id(smart_engine, "sectok");
343 ENGINE_set_name(smart_engine, "libsectok");
344
345 ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
346 ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
347 ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
348 ENGINE_set_RAND(smart_engine, RAND_SSLeay());
349 ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
350
351 return smart_engine;
352 }
353 #endif
354
355 void
356 sc_close(void)
357 {
358 if (sc_fd >= 0) {
359 sectok_close(sc_fd);
360 sc_fd = -1;
361 }
362 }
363
364 Key **
365 sc_get_keys(const char *id, const char *pin)
366 {
367 Key *k, *n, **keys;
368 int status, nkeys = 2;
369
370 if (sc_reader_id != NULL)
371 xfree(sc_reader_id);
372 sc_reader_id = xstrdup(id);
373
374 if (sc_pin != NULL)
375 xfree(sc_pin);
376 sc_pin = (pin == NULL) ? NULL : xstrdup(pin);
377
378 k = key_new(KEY_RSA);
379 if (k == NULL) {
380 return NULL;
381 }
382 status = sc_read_pubkey(k);
383 if (status == SCARD_ERROR_NOCARD) {
384 key_free(k);
385 return NULL;
386 }
387 if (status < 0) {
388 error("sc_read_pubkey failed");
389 key_free(k);
390 return NULL;
391 }
392 keys = xcalloc((nkeys+1), sizeof(Key *));
393
394 n = key_new(KEY_RSA1);
395 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
396 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
397 fatal("sc_get_keys: BN_copy failed");
398 RSA_set_method(n->rsa, sc_get_rsa());
399 n->flags |= KEY_FLAG_EXT;
400 keys[0] = n;
401
402 n = key_new(KEY_RSA);
403 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
404 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
405 fatal("sc_get_keys: BN_copy failed");
406 RSA_set_method(n->rsa, sc_get_rsa());
407 n->flags |= KEY_FLAG_EXT;
408 keys[1] = n;
409
410 keys[2] = NULL;
411
412 key_free(k);
413 return keys;
414 }
415
416 #define NUM_RSA_KEY_ELEMENTS 5+1
417 #define COPY_RSA_KEY(x, i) \
418 do { \
419 len = BN_num_bytes(prv->rsa->x); \
420 elements[i] = xmalloc(len); \
421 debug("#bytes %d", len); \
422 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
423 goto done; \
424 } while (0)
425
426 static void
427 sc_mk_digest(const char *pin, u_char *digest)
428 {
429 const EVP_MD *evp_md = EVP_sha1();
430 EVP_MD_CTX md;
431
432 EVP_DigestInit(&md, evp_md);
433 EVP_DigestUpdate(&md, pin, strlen(pin));
434 EVP_DigestFinal(&md, digest, NULL);
435 }
436
437 static int
438 get_AUT0(u_char *aut0)
439 {
440 char *pass;
441
442 pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
443 if (pass == NULL)
444 return -1;
445 if (!strcmp(pass, "-")) {
446 memcpy(aut0, DEFAUT0, sizeof DEFAUT0);
447 return 0;
448 }
449 sc_mk_digest(pass, aut0);
450 memset(pass, 0, strlen(pass));
451 xfree(pass);
452 return 0;
453 }
454
455 static int
456 try_AUT0(void)
457 {
458 u_char aut0[EVP_MAX_MD_SIZE];
459
460 /* permission denied; try PIN if provided */
461 if (sc_pin && strlen(sc_pin) > 0) {
462 sc_mk_digest(sc_pin, aut0);
463 if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
464 error("smartcard passphrase incorrect");
465 return (-1);
466 }
467 } else {
468 /* try default AUT0 key */
469 if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
470 /* default AUT0 key failed; prompt for passphrase */
471 if (get_AUT0(aut0) < 0 ||
472 cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
473 error("smartcard passphrase incorrect");
474 return (-1);
475 }
476 }
477 }
478 return (0);
479 }
480
481 int
482 sc_put_key(Key *prv, const char *id)
483 {
484 u_char *elements[NUM_RSA_KEY_ELEMENTS];
485 u_char key_fid[2];
486 u_char AUT0[EVP_MAX_MD_SIZE];
487 int len, status = -1, i, fd = -1, ret;
488 int sw = 0, cla = 0x00;
489
490 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
491 elements[i] = NULL;
492
493 COPY_RSA_KEY(q, 0);
494 COPY_RSA_KEY(p, 1);
495 COPY_RSA_KEY(iqmp, 2);
496 COPY_RSA_KEY(dmq1, 3);
497 COPY_RSA_KEY(dmp1, 4);
498 COPY_RSA_KEY(n, 5);
499 len = BN_num_bytes(prv->rsa->n);
500 fd = sectok_friendly_open(id, STONOWAIT, &sw);
501 if (fd < 0) {
502 error("sectok_open failed: %s", sectok_get_sw(sw));
503 goto done;
504 }
505 if (! sectok_cardpresent(fd)) {
506 error("smartcard in reader %s not present", id);
507 goto done;
508 }
509 ret = sectok_reset(fd, 0, NULL, &sw);
510 if (ret <= 0) {
511 error("sectok_reset failed: %s", sectok_get_sw(sw));
512 goto done;
513 }
514 if ((cla = cyberflex_inq_class(fd)) < 0) {
515 error("cyberflex_inq_class failed");
516 goto done;
517 }
518 memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
519 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
520 if (get_AUT0(AUT0) < 0 ||
521 cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
522 memset(AUT0, 0, sizeof(DEFAUT0));
523 error("smartcard passphrase incorrect");
524 goto done;
525 }
526 }
527 memset(AUT0, 0, sizeof(DEFAUT0));
528 key_fid[0] = 0x00;
529 key_fid[1] = 0x12;
530 if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
531 &sw) < 0) {
532 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
533 goto done;
534 }
535 if (!sectok_swOK(sw))
536 goto done;
537 logit("cyberflex_load_rsa_priv done");
538 key_fid[0] = 0x73;
539 key_fid[1] = 0x68;
540 if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
541 &sw) < 0) {
542 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
543 goto done;
544 }
545 if (!sectok_swOK(sw))
546 goto done;
547 logit("cyberflex_load_rsa_pub done");
548 status = 0;
549
550 done:
551 memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
552 memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
553 memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
554 memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
555 memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
556 memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
557
558 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
559 if (elements[i])
560 xfree(elements[i]);
561 if (fd != -1)
562 sectok_close(fd);
563 return (status);
564 }
565
566 char *
567 sc_get_key_label(Key *key)
568 {
569 return xstrdup("smartcard key");
570 }
571
572 #endif /* SMARTCARD */
NetBSD on the FriendlyARM MINI2440