- (djm) [regress/Makefile regress/agent-getpeereid.sh regress/cfgmatch.sh]
[openssh-git.git] / scard.c
blob0a6ec816da84274ccf88fda044ee67eca9dd907d
1 /* $OpenBSD: scard.c,v 1.32 2006/03/25 13:17:02 djm Exp $ */
2 /*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 #include "includes.h"
27 #if defined(SMARTCARD) && defined(USE_SECTOK)
29 #include <openssl/evp.h>
30 #include <sectok.h>
32 #include "key.h"
33 #include "log.h"
34 #include "xmalloc.h"
35 #include "misc.h"
36 #include "scard.h"
38 #if OPENSSL_VERSION_NUMBER < 0x00907000L
39 #define USE_ENGINE
40 #define RSA_get_default_method RSA_get_default_openssl_method
41 #else
42 #endif
44 #ifdef USE_ENGINE
45 #include <openssl/engine.h>
46 #define sc_get_rsa sc_get_engine
47 #else
48 #define sc_get_rsa sc_get_rsa_method
49 #endif
51 #define CLA_SSH 0x05
52 #define INS_DECRYPT 0x10
53 #define INS_GET_KEYLENGTH 0x20
54 #define INS_GET_PUBKEY 0x30
55 #define INS_GET_RESPONSE 0xc0
57 #define MAX_BUF_SIZE 256
59 u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
61 static int sc_fd = -1;
62 static char *sc_reader_id = NULL;
63 static char *sc_pin = NULL;
64 static int cla = 0x00; /* class */
66 static void sc_mk_digest(const char *pin, u_char *digest);
67 static int get_AUT0(u_char *aut0);
68 static int try_AUT0(void);
70 /* interface to libsectok */
72 static int
73 sc_open(void)
75 int sw;
77 if (sc_fd >= 0)
78 return sc_fd;
80 sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
81 if (sc_fd < 0) {
82 error("sectok_open failed: %s", sectok_get_sw(sw));
83 return SCARD_ERROR_FAIL;
85 if (! sectok_cardpresent(sc_fd)) {
86 debug("smartcard in reader %s not present, skipping",
87 sc_reader_id);
88 sc_close();
89 return SCARD_ERROR_NOCARD;
91 if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
92 error("sectok_reset failed: %s", sectok_get_sw(sw));
93 sc_fd = -1;
94 return SCARD_ERROR_FAIL;
96 if ((cla = cyberflex_inq_class(sc_fd)) < 0)
97 cla = 0;
99 debug("sc_open ok %d", sc_fd);
100 return sc_fd;
103 static int
104 sc_enable_applet(void)
106 static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
107 int sw = 0;
109 /* select applet id */
110 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
111 if (!sectok_swOK(sw)) {
112 error("sectok_apdu failed: %s", sectok_get_sw(sw));
113 sc_close();
114 return -1;
116 return 0;
119 static int
120 sc_init(void)
122 int status;
124 status = sc_open();
125 if (status == SCARD_ERROR_NOCARD) {
126 return SCARD_ERROR_NOCARD;
128 if (status < 0 ) {
129 error("sc_open failed");
130 return status;
132 if (sc_enable_applet() < 0) {
133 error("sc_enable_applet failed");
134 return SCARD_ERROR_APPLET;
136 return 0;
139 static int
140 sc_read_pubkey(Key * k)
142 u_char buf[2], *n;
143 char *p;
144 int len, sw, status = -1;
146 len = sw = 0;
147 n = NULL;
149 if (sc_fd < 0) {
150 if (sc_init() < 0)
151 goto err;
154 /* get key size */
155 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
156 sizeof(buf), buf, &sw);
157 if (!sectok_swOK(sw)) {
158 error("could not obtain key length: %s", sectok_get_sw(sw));
159 goto err;
161 len = (buf[0] << 8) | buf[1];
162 len /= 8;
163 debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
165 n = xmalloc(len);
166 /* get n */
167 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
169 if (sw == 0x6982) {
170 if (try_AUT0() < 0)
171 goto err;
172 sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
174 if (!sectok_swOK(sw)) {
175 error("could not obtain public key: %s", sectok_get_sw(sw));
176 goto err;
179 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
181 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
182 error("c_read_pubkey: BN_bin2bn failed");
183 goto err;
186 /* currently the java applet just stores 'n' */
187 if (!BN_set_word(k->rsa->e, 35)) {
188 error("c_read_pubkey: BN_set_word(e, 35) failed");
189 goto err;
192 status = 0;
193 p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
194 debug("fingerprint %u %s", key_size(k), p);
195 xfree(p);
197 err:
198 if (n != NULL)
199 xfree(n);
200 sc_close();
201 return status;
204 /* private key operations */
206 static int
207 sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
208 int padding)
210 u_char *padded = NULL;
211 int sw, len, olen, status = -1;
213 debug("sc_private_decrypt called");
215 olen = len = sw = 0;
216 if (sc_fd < 0) {
217 status = sc_init();
218 if (status < 0 )
219 goto err;
221 if (padding != RSA_PKCS1_PADDING)
222 goto err;
224 len = BN_num_bytes(rsa->n);
225 padded = xmalloc(len);
227 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
229 if (sw == 0x6982) {
230 if (try_AUT0() < 0)
231 goto err;
232 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
234 if (!sectok_swOK(sw)) {
235 error("sc_private_decrypt: INS_DECRYPT failed: %s",
236 sectok_get_sw(sw));
237 goto err;
239 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
240 len);
241 err:
242 if (padded)
243 xfree(padded);
244 sc_close();
245 return (olen >= 0 ? olen : status);
248 static int
249 sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
250 int padding)
252 u_char *padded = NULL;
253 int sw, len, status = -1;
255 len = sw = 0;
256 if (sc_fd < 0) {
257 status = sc_init();
258 if (status < 0 )
259 goto err;
261 if (padding != RSA_PKCS1_PADDING)
262 goto err;
264 debug("sc_private_encrypt called");
265 len = BN_num_bytes(rsa->n);
266 padded = xmalloc(len);
268 if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
269 error("RSA_padding_add_PKCS1_type_1 failed");
270 goto err;
272 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
273 if (sw == 0x6982) {
274 if (try_AUT0() < 0)
275 goto err;
276 sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
278 if (!sectok_swOK(sw)) {
279 error("sc_private_encrypt: INS_DECRYPT failed: %s",
280 sectok_get_sw(sw));
281 goto err;
283 err:
284 if (padded)
285 xfree(padded);
286 sc_close();
287 return (len >= 0 ? len : status);
290 /* called on free */
292 static int (*orig_finish)(RSA *rsa) = NULL;
294 static int
295 sc_finish(RSA *rsa)
297 if (orig_finish)
298 orig_finish(rsa);
299 sc_close();
300 return 1;
303 /* engine for overloading private key operations */
305 static RSA_METHOD *
306 sc_get_rsa_method(void)
308 static RSA_METHOD smart_rsa;
309 const RSA_METHOD *def = RSA_get_default_method();
311 /* use the OpenSSL version */
312 memcpy(&smart_rsa, def, sizeof(smart_rsa));
314 smart_rsa.name = "sectok";
316 /* overload */
317 smart_rsa.rsa_priv_enc = sc_private_encrypt;
318 smart_rsa.rsa_priv_dec = sc_private_decrypt;
320 /* save original */
321 orig_finish = def->finish;
322 smart_rsa.finish = sc_finish;
324 return &smart_rsa;
327 #ifdef USE_ENGINE
328 static ENGINE *
329 sc_get_engine(void)
331 static ENGINE *smart_engine = NULL;
333 if ((smart_engine = ENGINE_new()) == NULL)
334 fatal("ENGINE_new failed");
336 ENGINE_set_id(smart_engine, "sectok");
337 ENGINE_set_name(smart_engine, "libsectok");
339 ENGINE_set_RSA(smart_engine, sc_get_rsa_method());
340 ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
341 ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
342 ENGINE_set_RAND(smart_engine, RAND_SSLeay());
343 ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
345 return smart_engine;
347 #endif
349 void
350 sc_close(void)
352 if (sc_fd >= 0) {
353 sectok_close(sc_fd);
354 sc_fd = -1;
358 Key **
359 sc_get_keys(const char *id, const char *pin)
361 Key *k, *n, **keys;
362 int status, nkeys = 2;
364 if (sc_reader_id != NULL)
365 xfree(sc_reader_id);
366 sc_reader_id = xstrdup(id);
368 if (sc_pin != NULL)
369 xfree(sc_pin);
370 sc_pin = (pin == NULL) ? NULL : xstrdup(pin);
372 k = key_new(KEY_RSA);
373 if (k == NULL) {
374 return NULL;
376 status = sc_read_pubkey(k);
377 if (status == SCARD_ERROR_NOCARD) {
378 key_free(k);
379 return NULL;
381 if (status < 0 ) {
382 error("sc_read_pubkey failed");
383 key_free(k);
384 return NULL;
386 keys = xcalloc((nkeys+1), sizeof(Key *));
388 n = key_new(KEY_RSA1);
389 BN_copy(n->rsa->n, k->rsa->n);
390 BN_copy(n->rsa->e, k->rsa->e);
391 RSA_set_method(n->rsa, sc_get_rsa());
392 n->flags |= KEY_FLAG_EXT;
393 keys[0] = n;
395 n = key_new(KEY_RSA);
396 BN_copy(n->rsa->n, k->rsa->n);
397 BN_copy(n->rsa->e, k->rsa->e);
398 RSA_set_method(n->rsa, sc_get_rsa());
399 n->flags |= KEY_FLAG_EXT;
400 keys[1] = n;
402 keys[2] = NULL;
404 key_free(k);
405 return keys;
408 #define NUM_RSA_KEY_ELEMENTS 5+1
409 #define COPY_RSA_KEY(x, i) \
410 do { \
411 len = BN_num_bytes(prv->rsa->x); \
412 elements[i] = xmalloc(len); \
413 debug("#bytes %d", len); \
414 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
415 goto done; \
416 } while (0)
418 static void
419 sc_mk_digest(const char *pin, u_char *digest)
421 const EVP_MD *evp_md = EVP_sha1();
422 EVP_MD_CTX md;
424 EVP_DigestInit(&md, evp_md);
425 EVP_DigestUpdate(&md, pin, strlen(pin));
426 EVP_DigestFinal(&md, digest, NULL);
429 static int
430 get_AUT0(u_char *aut0)
432 char *pass;
434 pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
435 if (pass == NULL)
436 return -1;
437 if (!strcmp(pass, "-")) {
438 memcpy(aut0, DEFAUT0, sizeof DEFAUT0);
439 return 0;
441 sc_mk_digest(pass, aut0);
442 memset(pass, 0, strlen(pass));
443 xfree(pass);
444 return 0;
447 static int
448 try_AUT0(void)
450 u_char aut0[EVP_MAX_MD_SIZE];
452 /* permission denied; try PIN if provided */
453 if (sc_pin && strlen(sc_pin) > 0) {
454 sc_mk_digest(sc_pin, aut0);
455 if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
456 error("smartcard passphrase incorrect");
457 return (-1);
459 } else {
460 /* try default AUT0 key */
461 if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
462 /* default AUT0 key failed; prompt for passphrase */
463 if (get_AUT0(aut0) < 0 ||
464 cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
465 error("smartcard passphrase incorrect");
466 return (-1);
470 return (0);
474 sc_put_key(Key *prv, const char *id)
476 u_char *elements[NUM_RSA_KEY_ELEMENTS];
477 u_char key_fid[2];
478 u_char AUT0[EVP_MAX_MD_SIZE];
479 int len, status = -1, i, fd = -1, ret;
480 int sw = 0, cla = 0x00;
482 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
483 elements[i] = NULL;
485 COPY_RSA_KEY(q, 0);
486 COPY_RSA_KEY(p, 1);
487 COPY_RSA_KEY(iqmp, 2);
488 COPY_RSA_KEY(dmq1, 3);
489 COPY_RSA_KEY(dmp1, 4);
490 COPY_RSA_KEY(n, 5);
491 len = BN_num_bytes(prv->rsa->n);
492 fd = sectok_friendly_open(id, STONOWAIT, &sw);
493 if (fd < 0) {
494 error("sectok_open failed: %s", sectok_get_sw(sw));
495 goto done;
497 if (! sectok_cardpresent(fd)) {
498 error("smartcard in reader %s not present", id);
499 goto done;
501 ret = sectok_reset(fd, 0, NULL, &sw);
502 if (ret <= 0) {
503 error("sectok_reset failed: %s", sectok_get_sw(sw));
504 goto done;
506 if ((cla = cyberflex_inq_class(fd)) < 0) {
507 error("cyberflex_inq_class failed");
508 goto done;
510 memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
511 if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
512 if (get_AUT0(AUT0) < 0 ||
513 cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
514 memset(AUT0, 0, sizeof(DEFAUT0));
515 error("smartcard passphrase incorrect");
516 goto done;
519 memset(AUT0, 0, sizeof(DEFAUT0));
520 key_fid[0] = 0x00;
521 key_fid[1] = 0x12;
522 if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
523 &sw) < 0) {
524 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
525 goto done;
527 if (!sectok_swOK(sw))
528 goto done;
529 logit("cyberflex_load_rsa_priv done");
530 key_fid[0] = 0x73;
531 key_fid[1] = 0x68;
532 if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
533 &sw) < 0) {
534 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
535 goto done;
537 if (!sectok_swOK(sw))
538 goto done;
539 logit("cyberflex_load_rsa_pub done");
540 status = 0;
542 done:
543 memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
544 memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
545 memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
546 memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
547 memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
548 memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
550 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
551 if (elements[i])
552 xfree(elements[i]);
553 if (fd != -1)
554 sectok_close(fd);
555 return (status);
558 char *
559 sc_get_key_label(Key *key)
561 return xstrdup("smartcard key");
564 #endif /* SMARTCARD && USE_SECTOK */