1 /* $OpenBSD: scard.c,v 1.32 2006/03/25 13:17:02 djm Exp $ */
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #if defined(SMARTCARD) && defined(USE_SECTOK)
29 #include <openssl/evp.h>
38 #if OPENSSL_VERSION_NUMBER < 0x00907000L
40 #define RSA_get_default_method RSA_get_default_openssl_method
45 #include <openssl/engine.h>
46 #define sc_get_rsa sc_get_engine
48 #define sc_get_rsa sc_get_rsa_method
52 #define INS_DECRYPT 0x10
53 #define INS_GET_KEYLENGTH 0x20
54 #define INS_GET_PUBKEY 0x30
55 #define INS_GET_RESPONSE 0xc0
57 #define MAX_BUF_SIZE 256
59 u_char DEFAUT0
[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
61 static int sc_fd
= -1;
62 static char *sc_reader_id
= NULL
;
63 static char *sc_pin
= NULL
;
64 static int cla
= 0x00; /* class */
66 static void sc_mk_digest(const char *pin
, u_char
*digest
);
67 static int get_AUT0(u_char
*aut0
);
68 static int try_AUT0(void);
70 /* interface to libsectok */
80 sc_fd
= sectok_friendly_open(sc_reader_id
, STONOWAIT
, &sw
);
82 error("sectok_open failed: %s", sectok_get_sw(sw
));
83 return SCARD_ERROR_FAIL
;
85 if (! sectok_cardpresent(sc_fd
)) {
86 debug("smartcard in reader %s not present, skipping",
89 return SCARD_ERROR_NOCARD
;
91 if (sectok_reset(sc_fd
, 0, NULL
, &sw
) <= 0) {
92 error("sectok_reset failed: %s", sectok_get_sw(sw
));
94 return SCARD_ERROR_FAIL
;
96 if ((cla
= cyberflex_inq_class(sc_fd
)) < 0)
99 debug("sc_open ok %d", sc_fd
);
104 sc_enable_applet(void)
106 static u_char aid
[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
109 /* select applet id */
110 sectok_apdu(sc_fd
, cla
, 0xa4, 0x04, 0, sizeof aid
, aid
, 0, NULL
, &sw
);
111 if (!sectok_swOK(sw
)) {
112 error("sectok_apdu failed: %s", sectok_get_sw(sw
));
125 if (status
== SCARD_ERROR_NOCARD
) {
126 return SCARD_ERROR_NOCARD
;
129 error("sc_open failed");
132 if (sc_enable_applet() < 0) {
133 error("sc_enable_applet failed");
134 return SCARD_ERROR_APPLET
;
140 sc_read_pubkey(Key
* k
)
144 int len
, sw
, status
= -1;
155 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_KEYLENGTH
, 0, 0, 0, NULL
,
156 sizeof(buf
), buf
, &sw
);
157 if (!sectok_swOK(sw
)) {
158 error("could not obtain key length: %s", sectok_get_sw(sw
));
161 len
= (buf
[0] << 8) | buf
[1];
163 debug("INS_GET_KEYLENGTH: len %d sw %s", len
, sectok_get_sw(sw
));
167 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_PUBKEY
, 0, 0, 0, NULL
, len
, n
, &sw
);
172 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_PUBKEY
, 0, 0, 0, NULL
, len
, n
, &sw
);
174 if (!sectok_swOK(sw
)) {
175 error("could not obtain public key: %s", sectok_get_sw(sw
));
179 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw
));
181 if (BN_bin2bn(n
, len
, k
->rsa
->n
) == NULL
) {
182 error("c_read_pubkey: BN_bin2bn failed");
186 /* currently the java applet just stores 'n' */
187 if (!BN_set_word(k
->rsa
->e
, 35)) {
188 error("c_read_pubkey: BN_set_word(e, 35) failed");
193 p
= key_fingerprint(k
, SSH_FP_MD5
, SSH_FP_HEX
);
194 debug("fingerprint %u %s", key_size(k
), p
);
204 /* private key operations */
207 sc_private_decrypt(int flen
, u_char
*from
, u_char
*to
, RSA
*rsa
,
210 u_char
*padded
= NULL
;
211 int sw
, len
, olen
, status
= -1;
213 debug("sc_private_decrypt called");
221 if (padding
!= RSA_PKCS1_PADDING
)
224 len
= BN_num_bytes(rsa
->n
);
225 padded
= xmalloc(len
);
227 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, from
, len
, padded
, &sw
);
232 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, from
, len
, padded
, &sw
);
234 if (!sectok_swOK(sw
)) {
235 error("sc_private_decrypt: INS_DECRYPT failed: %s",
239 olen
= RSA_padding_check_PKCS1_type_2(to
, len
, padded
+ 1, len
- 1,
245 return (olen
>= 0 ? olen
: status
);
249 sc_private_encrypt(int flen
, u_char
*from
, u_char
*to
, RSA
*rsa
,
252 u_char
*padded
= NULL
;
253 int sw
, len
, status
= -1;
261 if (padding
!= RSA_PKCS1_PADDING
)
264 debug("sc_private_encrypt called");
265 len
= BN_num_bytes(rsa
->n
);
266 padded
= xmalloc(len
);
268 if (RSA_padding_add_PKCS1_type_1(padded
, len
, (u_char
*)from
, flen
) <= 0) {
269 error("RSA_padding_add_PKCS1_type_1 failed");
272 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, padded
, len
, to
, &sw
);
276 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, padded
, len
, to
, &sw
);
278 if (!sectok_swOK(sw
)) {
279 error("sc_private_encrypt: INS_DECRYPT failed: %s",
287 return (len
>= 0 ? len
: status
);
292 static int (*orig_finish
)(RSA
*rsa
) = NULL
;
303 /* engine for overloading private key operations */
306 sc_get_rsa_method(void)
308 static RSA_METHOD smart_rsa
;
309 const RSA_METHOD
*def
= RSA_get_default_method();
311 /* use the OpenSSL version */
312 memcpy(&smart_rsa
, def
, sizeof(smart_rsa
));
314 smart_rsa
.name
= "sectok";
317 smart_rsa
.rsa_priv_enc
= sc_private_encrypt
;
318 smart_rsa
.rsa_priv_dec
= sc_private_decrypt
;
321 orig_finish
= def
->finish
;
322 smart_rsa
.finish
= sc_finish
;
331 static ENGINE
*smart_engine
= NULL
;
333 if ((smart_engine
= ENGINE_new()) == NULL
)
334 fatal("ENGINE_new failed");
336 ENGINE_set_id(smart_engine
, "sectok");
337 ENGINE_set_name(smart_engine
, "libsectok");
339 ENGINE_set_RSA(smart_engine
, sc_get_rsa_method());
340 ENGINE_set_DSA(smart_engine
, DSA_get_default_openssl_method());
341 ENGINE_set_DH(smart_engine
, DH_get_default_openssl_method());
342 ENGINE_set_RAND(smart_engine
, RAND_SSLeay());
343 ENGINE_set_BN_mod_exp(smart_engine
, BN_mod_exp
);
359 sc_get_keys(const char *id
, const char *pin
)
362 int status
, nkeys
= 2;
364 if (sc_reader_id
!= NULL
)
366 sc_reader_id
= xstrdup(id
);
370 sc_pin
= (pin
== NULL
) ? NULL
: xstrdup(pin
);
372 k
= key_new(KEY_RSA
);
376 status
= sc_read_pubkey(k
);
377 if (status
== SCARD_ERROR_NOCARD
) {
382 error("sc_read_pubkey failed");
386 keys
= xcalloc((nkeys
+1), sizeof(Key
*));
388 n
= key_new(KEY_RSA1
);
389 BN_copy(n
->rsa
->n
, k
->rsa
->n
);
390 BN_copy(n
->rsa
->e
, k
->rsa
->e
);
391 RSA_set_method(n
->rsa
, sc_get_rsa());
392 n
->flags
|= KEY_FLAG_EXT
;
395 n
= key_new(KEY_RSA
);
396 BN_copy(n
->rsa
->n
, k
->rsa
->n
);
397 BN_copy(n
->rsa
->e
, k
->rsa
->e
);
398 RSA_set_method(n
->rsa
, sc_get_rsa());
399 n
->flags
|= KEY_FLAG_EXT
;
408 #define NUM_RSA_KEY_ELEMENTS 5+1
409 #define COPY_RSA_KEY(x, i) \
411 len = BN_num_bytes(prv->rsa->x); \
412 elements[i] = xmalloc(len); \
413 debug("#bytes %d", len); \
414 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
419 sc_mk_digest(const char *pin
, u_char
*digest
)
421 const EVP_MD
*evp_md
= EVP_sha1();
424 EVP_DigestInit(&md
, evp_md
);
425 EVP_DigestUpdate(&md
, pin
, strlen(pin
));
426 EVP_DigestFinal(&md
, digest
, NULL
);
430 get_AUT0(u_char
*aut0
)
434 pass
= read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN
);
437 if (!strcmp(pass
, "-")) {
438 memcpy(aut0
, DEFAUT0
, sizeof DEFAUT0
);
441 sc_mk_digest(pass
, aut0
);
442 memset(pass
, 0, strlen(pass
));
450 u_char aut0
[EVP_MAX_MD_SIZE
];
452 /* permission denied; try PIN if provided */
453 if (sc_pin
&& strlen(sc_pin
) > 0) {
454 sc_mk_digest(sc_pin
, aut0
);
455 if (cyberflex_verify_AUT0(sc_fd
, cla
, aut0
, 8) < 0) {
456 error("smartcard passphrase incorrect");
460 /* try default AUT0 key */
461 if (cyberflex_verify_AUT0(sc_fd
, cla
, DEFAUT0
, 8) < 0) {
462 /* default AUT0 key failed; prompt for passphrase */
463 if (get_AUT0(aut0
) < 0 ||
464 cyberflex_verify_AUT0(sc_fd
, cla
, aut0
, 8) < 0) {
465 error("smartcard passphrase incorrect");
474 sc_put_key(Key
*prv
, const char *id
)
476 u_char
*elements
[NUM_RSA_KEY_ELEMENTS
];
478 u_char AUT0
[EVP_MAX_MD_SIZE
];
479 int len
, status
= -1, i
, fd
= -1, ret
;
480 int sw
= 0, cla
= 0x00;
482 for (i
= 0; i
< NUM_RSA_KEY_ELEMENTS
; i
++)
487 COPY_RSA_KEY(iqmp
, 2);
488 COPY_RSA_KEY(dmq1
, 3);
489 COPY_RSA_KEY(dmp1
, 4);
491 len
= BN_num_bytes(prv
->rsa
->n
);
492 fd
= sectok_friendly_open(id
, STONOWAIT
, &sw
);
494 error("sectok_open failed: %s", sectok_get_sw(sw
));
497 if (! sectok_cardpresent(fd
)) {
498 error("smartcard in reader %s not present", id
);
501 ret
= sectok_reset(fd
, 0, NULL
, &sw
);
503 error("sectok_reset failed: %s", sectok_get_sw(sw
));
506 if ((cla
= cyberflex_inq_class(fd
)) < 0) {
507 error("cyberflex_inq_class failed");
510 memcpy(AUT0
, DEFAUT0
, sizeof(DEFAUT0
));
511 if (cyberflex_verify_AUT0(fd
, cla
, AUT0
, sizeof(DEFAUT0
)) < 0) {
512 if (get_AUT0(AUT0
) < 0 ||
513 cyberflex_verify_AUT0(fd
, cla
, AUT0
, sizeof(DEFAUT0
)) < 0) {
514 memset(AUT0
, 0, sizeof(DEFAUT0
));
515 error("smartcard passphrase incorrect");
519 memset(AUT0
, 0, sizeof(DEFAUT0
));
522 if (cyberflex_load_rsa_priv(fd
, cla
, key_fid
, 5, 8*len
, elements
,
524 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw
));
527 if (!sectok_swOK(sw
))
529 logit("cyberflex_load_rsa_priv done");
532 if (cyberflex_load_rsa_pub(fd
, cla
, key_fid
, len
, elements
[5],
534 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw
));
537 if (!sectok_swOK(sw
))
539 logit("cyberflex_load_rsa_pub done");
543 memset(elements
[0], '\0', BN_num_bytes(prv
->rsa
->q
));
544 memset(elements
[1], '\0', BN_num_bytes(prv
->rsa
->p
));
545 memset(elements
[2], '\0', BN_num_bytes(prv
->rsa
->iqmp
));
546 memset(elements
[3], '\0', BN_num_bytes(prv
->rsa
->dmq1
));
547 memset(elements
[4], '\0', BN_num_bytes(prv
->rsa
->dmp1
));
548 memset(elements
[5], '\0', BN_num_bytes(prv
->rsa
->n
));
550 for (i
= 0; i
< NUM_RSA_KEY_ELEMENTS
; i
++)
559 sc_get_key_label(Key
*key
)
561 return xstrdup("smartcard key");
564 #endif /* SMARTCARD && USE_SECTOK */