[openssh.git] / scard.c

/*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#ifdef SMARTCARD
#include "includes.h"
RCSID("$OpenBSD: scard.c,v 1.13 2001/08/02 16:14:05 jakob Exp $");

#include <openssl/engine.h>
#include <sectok.h>

#include "key.h"
#include "log.h"
#include "xmalloc.h"
#include "scard.h"

#define CLA_SSH 0x05
#define INS_DECRYPT 0x10
#define INS_GET_KEYLENGTH 0x20
#define INS_GET_PUBKEY 0x30
#define INS_GET_RESPONSE 0xc0

#define MAX_BUF_SIZE 256

static int sc_fd = -1;
static char *sc_reader_id = NULL;
static int cla = 0x00;	/* class */

/* interface to libsectok */

static int 
sc_open(void)
{
	int sw;

	if (sc_fd >= 0)
		return sc_fd;

	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
	if (sc_fd < 0) {
		error("sectok_open failed: %s", sectok_get_sw(sw));
		return SCARD_ERROR_FAIL;
	}
	if (! sectok_cardpresent(sc_fd)) {
		debug("smartcard in reader %s not present, skipping",
		    sc_reader_id);
		sc_close();
		return SCARD_ERROR_NOCARD;
	}
	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
		error("sectok_reset failed: %s", sectok_get_sw(sw));
		sc_fd = -1;
		return SCARD_ERROR_FAIL;
	}
	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
		cla = 0;

	debug("sc_open ok %d", sc_fd);
	return sc_fd;
}

static int 
sc_enable_applet(void)
{
	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
	int sw = 0;

	/* select applet id */
	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sectok_apdu failed: %s", sectok_get_sw(sw));
		sc_close();
		return -1;
	}
	return 0;
}

static int 
sc_init(void)
{
	int status;

	status = sc_open();
	if (status == SCARD_ERROR_NOCARD) {
		return SCARD_ERROR_NOCARD;
	}
	if (status < 0 ) {
		error("sc_open failed");
		return status;
	}
	if (sc_enable_applet() < 0) {
		error("sc_enable_applet failed");
		return SCARD_ERROR_APPLET;
	}
	return 0;
}

static int 
sc_read_pubkey(Key * k)
{
	u_char buf[2], *n;
	char *p;
	int len, sw, status;

	len = sw = 0;

	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			return status;
	}

	/* get key size */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
	     sizeof(buf), buf, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain key length: %s", sectok_get_sw(sw));
		sc_close();
		return -1;
	}
	len = (buf[0] << 8) | buf[1];
	len /= 8;
	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));

	n = xmalloc(len);
	/* get n */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain public key: %s", sectok_get_sw(sw));
		xfree(n);
		return -1;
	}
	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));

	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
		error("c_read_pubkey: BN_bin2bn failed");
		xfree(n);
		sc_close();
		return -1;
	}
	xfree(n);

	/* currently the java applet just stores 'n' */
	if (!BN_set_word(k->rsa->e, 35)) {
		error("c_read_pubkey: BN_set_word(e, 35) failed");
		return -1;
	}

	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	debug("fingerprint %d %s", key_size(k), p);
	xfree(p);

	return 0;
}

/* private key operations */

static int
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
{
	u_char *padded = NULL;
	int sw, len, olen, status;

	debug("sc_private_decrypt called");

	olen = len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		sc_close();
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	     len, padded, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
		    sectok_get_sw(sw));
		sc_close();
		goto err;
	}
	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	    len);
err:
	if (padded)
		xfree(padded);
	return (olen >= 0 ? olen : status);
}

static int
sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
{
	u_char *padded = NULL;
	int sw, len, status;

	len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	debug("sc_private_encrypt called");
	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) {
		error("RSA_padding_add_PKCS1_type_1 failed");
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		sc_close();
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	     len, to, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
		    sectok_get_sw(sw));
		sc_close();
		goto err;
	}
err:
	if (padded)
		xfree(padded);
	return (len >= 0 ? len : status);
}

/* called on free */

static int (*orig_finish)(RSA *rsa) = NULL;

static int
sc_finish(RSA *rsa)
{
	if (orig_finish)
		orig_finish(rsa);
	sc_close();
	return 1;
}


/* engine for overloading private key operations */

static ENGINE *smart_engine = NULL;
static RSA_METHOD smart_rsa =
{
	"sectok",
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	0,
	NULL,
};

ENGINE *
sc_get_engine(void)
{
	RSA_METHOD *def;

	def = RSA_get_default_openssl_method();

	/* overload */
	smart_rsa.rsa_priv_enc	= sc_private_encrypt;
	smart_rsa.rsa_priv_dec	= sc_private_decrypt;

	/* save original */
	orig_finish		= def->finish;
	smart_rsa.finish	= sc_finish;

	/* just use the OpenSSL version */
	smart_rsa.rsa_pub_enc   = def->rsa_pub_enc;
	smart_rsa.rsa_pub_dec   = def->rsa_pub_dec;
	smart_rsa.rsa_mod_exp	= def->rsa_mod_exp;
	smart_rsa.bn_mod_exp	= def->bn_mod_exp;
	smart_rsa.init		= def->init;
	smart_rsa.flags		= def->flags;
	smart_rsa.app_data	= def->app_data;
	smart_rsa.rsa_sign	= def->rsa_sign;
	smart_rsa.rsa_verify	= def->rsa_verify;

	smart_engine = ENGINE_new();

	ENGINE_set_id(smart_engine, "sectok");
	ENGINE_set_name(smart_engine, "libsectok");
	ENGINE_set_RSA(smart_engine, &smart_rsa);
	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);

	return smart_engine;
}

void
sc_close(void)
{
	if (sc_fd >= 0) {
		sectok_close(sc_fd);
		sc_fd = -1;
	}
}

Key *
sc_get_key(const char *id)
{
	Key *k;
	int status;

	if (sc_reader_id != NULL)
		xfree(sc_reader_id);
	sc_reader_id = xstrdup(id);

	k = key_new(KEY_RSA);
	if (k == NULL) {
		return NULL;
	}
	status = sc_read_pubkey(k);
	if (status == SCARD_ERROR_NOCARD) {
		key_free(k);
		return NULL;
	}
	if (status < 0 ) {
		error("sc_read_pubkey failed");
		key_free(k);
		return NULL;
	}
	return k;
	sc_close();
}
#endif /* SMARTCARD */
Commit	Line	Data
637b033d	1	/*
	2	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
	25	#ifdef SMARTCARD
	26	#include "includes.h"
dd2495cb	27	RCSID("$OpenBSD: scard.c,v 1.13 2001/08/02 16:14:05 jakob Exp $");
637b033d	28
	29	#include <openssl/engine.h>
	30	#include <sectok.h>
	31
	32	#include "key.h"
	33	#include "log.h"
	34	#include "xmalloc.h"
	35	#include "scard.h"
	36
	37	#define CLA_SSH 0x05
	38	#define INS_DECRYPT 0x10
	39	#define INS_GET_KEYLENGTH 0x20
	40	#define INS_GET_PUBKEY 0x30
	41	#define INS_GET_RESPONSE 0xc0
	42
	43	#define MAX_BUF_SIZE 256
	44
	45	static int sc_fd = -1;
9ff6f66f	46	static char *sc_reader_id = NULL;
637b033d	47	static int cla = 0x00; /* class */
	48
	49	/* interface to libsectok */
	50
	51	static int
878b5225	52	sc_open(void)
637b033d	53	{
637b033d	54	int sw;
	55
	56	if (sc_fd >= 0)
	57	return sc_fd;
637b033d	58
9ff6f66f	59	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
637b033d	60	if (sc_fd < 0) {
878b5225	61	error("sectok_open failed: %s", sectok_get_sw(sw));
0b595937	62	return SCARD_ERROR_FAIL;
	63	}
	64	if (! sectok_cardpresent(sc_fd)) {
9ff6f66f	65	debug("smartcard in reader %s not present, skipping",
9ff6f66f	66	sc_reader_id);
2251e099	67	sc_close();
0b595937	68	return SCARD_ERROR_NOCARD;
637b033d	69	}
c42158fe	70	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
637b033d	71	error("sectok_reset failed: %s", sectok_get_sw(sw));
637b033d	72	sc_fd = -1;
0b595937	73	return SCARD_ERROR_FAIL;
637b033d	74	}
c42158fe	75	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
c42158fe	76	cla = 0;
878b5225	77
637b033d	78	debug("sc_open ok %d", sc_fd);
	79	return sc_fd;
	80	}
	81
	82	static int
	83	sc_enable_applet(void)
	84	{
c42158fe	85	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
c42158fe	86	int sw = 0;
637b033d	87
c42158fe	88	/* select applet id */
c42158fe	89	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
637b033d	90	if (!sectok_swOK(sw)) {
637b033d	91	error("sectok_apdu failed: %s", sectok_get_sw(sw));
878b5225	92	sc_close();
	93	return -1;
	94	}
	95	return 0;
	96	}
	97
	98	static int
	99	sc_init(void)
	100	{
0b595937	101	int status;
	102
	103	status = sc_open();
	104	if (status == SCARD_ERROR_NOCARD) {
	105	return SCARD_ERROR_NOCARD;
	106	}
	107	if (status < 0 ) {
878b5225	108	error("sc_open failed");
0b595937	109	return status;
878b5225	110	}
	111	if (sc_enable_applet() < 0) {
	112	error("sc_enable_applet failed");
0b595937	113	return SCARD_ERROR_APPLET;
637b033d	114	}
	115	return 0;
	116	}
	117
	118	static int
	119	sc_read_pubkey(Key * k)
	120	{
	121	u_char buf[2], *n;
	122	char *p;
0b595937	123	int len, sw, status;
637b033d	124
	125	len = sw = 0;
	126
0b595937	127	if (sc_fd < 0) {
	128	status = sc_init();
	129	if (status < 0 )
	130	return status;
	131	}
878b5225	132
637b033d	133	/* get key size */
	134	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
	135	sizeof(buf), buf, &sw);
	136	if (!sectok_swOK(sw)) {
	137	error("could not obtain key length: %s", sectok_get_sw(sw));
878b5225	138	sc_close();
637b033d	139	return -1;
	140	}
	141	len = (buf[0] << 8) \| buf[1];
	142	len /= 8;
	143	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
	144
	145	n = xmalloc(len);
	146	/* get n */
	147	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	148	if (!sectok_swOK(sw)) {
	149	error("could not obtain public key: %s", sectok_get_sw(sw));
	150	xfree(n);
	151	return -1;
	152	}
	153	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
	154
	155	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
	156	error("c_read_pubkey: BN_bin2bn failed");
	157	xfree(n);
878b5225	158	sc_close();
637b033d	159	return -1;
	160	}
	161	xfree(n);
	162
	163	/* currently the java applet just stores 'n' */
	164	if (!BN_set_word(k->rsa->e, 35)) {
	165	error("c_read_pubkey: BN_set_word(e, 35) failed");
	166	return -1;
	167	}
	168
	169	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	170	debug("fingerprint %d %s", key_size(k), p);
	171	xfree(p);
	172
	173	return 0;
	174	}
	175
	176	/* private key operations */
	177
	178	static int
	179	sc_private_decrypt(int flen, u_char from, u_char to, RSA *rsa, int padding)
	180	{
	181	u_char *padded = NULL;
0b595937	182	int sw, len, olen, status;
637b033d	183
	184	debug("sc_private_decrypt called");
	185
	186	olen = len = sw = 0;
0b595937	187	if (sc_fd < 0) {
	188	status = sc_init();
	189	if (status < 0 )
878b5225	190	goto err;
0b595937	191	}
637b033d	192	if (padding != RSA_PKCS1_PADDING)
	193	goto err;
	194
	195	len = BN_num_bytes(rsa->n);
	196	padded = xmalloc(len);
	197
	198	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw);
	199	if (!sectok_swOK(sw)) {
	200	error("sc_private_decrypt: INS_DECRYPT failed: %s",
	201	sectok_get_sw(sw));
878b5225	202	sc_close();
637b033d	203	goto err;
	204	}
	205	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	206	len, padded, &sw);
	207	if (!sectok_swOK(sw)) {
	208	error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
	209	sectok_get_sw(sw));
878b5225	210	sc_close();
637b033d	211	goto err;
	212	}
	213	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	214	len);
	215	err:
	216	if (padded)
	217	xfree(padded);
0b595937	218	return (olen >= 0 ? olen : status);
637b033d	219	}
	220
	221	static int
	222	sc_private_encrypt(int flen, u_char from, u_char to, RSA *rsa, int padding)
	223	{
	224	u_char *padded = NULL;
0b595937	225	int sw, len, status;
637b033d	226
637b033d	227	len = sw = 0;
0b595937	228	if (sc_fd < 0) {
	229	status = sc_init();
	230	if (status < 0 )
878b5225	231	goto err;
0b595937	232	}
637b033d	233	if (padding != RSA_PKCS1_PADDING)
	234	goto err;
	235
	236	debug("sc_private_encrypt called");
	237	len = BN_num_bytes(rsa->n);
	238	padded = xmalloc(len);
	239
	240	if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) {
	241	error("RSA_padding_add_PKCS1_type_1 failed");
	242	goto err;
	243	}
	244	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
	245	if (!sectok_swOK(sw)) {
	246	error("sc_private_decrypt: INS_DECRYPT failed: %s",
	247	sectok_get_sw(sw));
878b5225	248	sc_close();
637b033d	249	goto err;
	250	}
	251	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	252	len, to, &sw);
	253	if (!sectok_swOK(sw)) {
	254	error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
	255	sectok_get_sw(sw));
878b5225	256	sc_close();
637b033d	257	goto err;
	258	}
	259	err:
	260	if (padded)
	261	xfree(padded);
0b595937	262	return (len >= 0 ? len : status);
637b033d	263	}
637b033d	264
05b7537a	265	/* called on free */
	266
	267	static int (orig_finish)(RSA rsa) = NULL;
	268
	269	static int
	270	sc_finish(RSA *rsa)
	271	{
	272	if (orig_finish)
	273	orig_finish(rsa);
	274	sc_close();
	275	return 1;
	276	}
	277
	278
637b033d	279	/* engine for overloading private key operations */
	280
	281	static ENGINE *smart_engine = NULL;
	282	static RSA_METHOD smart_rsa =
	283	{
	284	"sectok",
	285	NULL,
	286	NULL,
	287	NULL,
	288	NULL,
	289	NULL,
	290	NULL,
	291	NULL,
	292	NULL,
	293	0,
	294	NULL,
	295	};
	296
	297	ENGINE *
	298	sc_get_engine(void)
	299	{
	300	RSA_METHOD *def;
	301
	302	def = RSA_get_default_openssl_method();
	303
	304	/* overload */
	305	smart_rsa.rsa_priv_enc = sc_private_encrypt;
	306	smart_rsa.rsa_priv_dec = sc_private_decrypt;
	307
05b7537a	308	/* save original */
	309	orig_finish = def->finish;
	310	smart_rsa.finish = sc_finish;
	311
637b033d	312	/* just use the OpenSSL version */
	313	smart_rsa.rsa_pub_enc = def->rsa_pub_enc;
	314	smart_rsa.rsa_pub_dec = def->rsa_pub_dec;
	315	smart_rsa.rsa_mod_exp = def->rsa_mod_exp;
	316	smart_rsa.bn_mod_exp = def->bn_mod_exp;
	317	smart_rsa.init = def->init;
637b033d	318	smart_rsa.flags = def->flags;
	319	smart_rsa.app_data = def->app_data;
	320	smart_rsa.rsa_sign = def->rsa_sign;
	321	smart_rsa.rsa_verify = def->rsa_verify;
	322
	323	smart_engine = ENGINE_new();
	324
	325	ENGINE_set_id(smart_engine, "sectok");
	326	ENGINE_set_name(smart_engine, "libsectok");
	327	ENGINE_set_RSA(smart_engine, &smart_rsa);
	328	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	329	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	330	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	331	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
	332
	333	return smart_engine;
	334	}
	335
878b5225	336	void
	337	sc_close(void)
	338	{
	339	if (sc_fd >= 0) {
	340	sectok_close(sc_fd);
	341	sc_fd = -1;
	342	}
	343	}
	344
637b033d	345	Key *
9ff6f66f	346	sc_get_key(const char *id)
637b033d	347	{
637b033d	348	Key *k;
71b7a18e	349	int status;
637b033d	350
9ff6f66f	351	if (sc_reader_id != NULL)
	352	xfree(sc_reader_id);
	353	sc_reader_id = xstrdup(id);
	354
637b033d	355	k = key_new(KEY_RSA);
	356	if (k == NULL) {
	357	return NULL;
	358	}
71b7a18e	359	status = sc_read_pubkey(k);
	360	if (status == SCARD_ERROR_NOCARD) {
	361	key_free(k);
	362	return NULL;
	363	}
	364	if (status < 0 ) {
637b033d	365	error("sc_read_pubkey failed");
	366	key_free(k);
	367	return NULL;
	368	}
	369	return k;
878b5225	370	sc_close();
637b033d	371	}
dd2495cb	372	#endif /* SMARTCARD */