[openssh.git] / scard.c

/*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"
#ifdef SMARTCARD
RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");

#include <openssl/engine.h>
#include <openssl/evp.h>
#include <sectok.h>

#include "key.h"
#include "log.h"
#include "xmalloc.h"
#include "readpass.h"
#include "scard.h"

#ifdef OPENSSL_VERSION_NUMBER
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
#define RSA_get_default_openssl_method RSA_get_default_method
#define DSA_get_default_openssl_method DSA_get_default_method
#define DH_get_default_openssl_method DH_get_default_method
#define ENGINE_set_BN_mod_exp(x,y)
#endif
#endif

#define CLA_SSH 0x05
#define INS_DECRYPT 0x10
#define INS_GET_KEYLENGTH 0x20
#define INS_GET_PUBKEY 0x30
#define INS_GET_RESPONSE 0xc0

#define MAX_BUF_SIZE 256

u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};

static int sc_fd = -1;
static char *sc_reader_id = NULL;
static char *sc_pin = NULL;
static int cla = 0x00;	/* class */

static void sc_mk_digest(const char *pin, u_char *digest);
static int get_AUT0(u_char *aut0);

/* interface to libsectok */

static int
sc_open(void)
{
	int sw;

	if (sc_fd >= 0)
		return sc_fd;

	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
	if (sc_fd < 0) {
		error("sectok_open failed: %s", sectok_get_sw(sw));
		return SCARD_ERROR_FAIL;
	}
	if (! sectok_cardpresent(sc_fd)) {
		debug("smartcard in reader %s not present, skipping",
		    sc_reader_id);
		sc_close();
		return SCARD_ERROR_NOCARD;
	}
	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
		error("sectok_reset failed: %s", sectok_get_sw(sw));
		sc_fd = -1;
		return SCARD_ERROR_FAIL;
	}
	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
		cla = 0;

	debug("sc_open ok %d", sc_fd);
	return sc_fd;
}

static int
sc_enable_applet(void)
{
	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
	int sw = 0;

	/* select applet id */
	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sectok_apdu failed: %s", sectok_get_sw(sw));
		sc_close();
		return -1;
	}
	return 0;
}

static int
sc_init(void)
{
	int status;

	status = sc_open();
	if (status == SCARD_ERROR_NOCARD) {
		return SCARD_ERROR_NOCARD;
	}
	if (status < 0 ) {
		error("sc_open failed");
		return status;
	}
	if (sc_enable_applet() < 0) {
		error("sc_enable_applet failed");
		return SCARD_ERROR_APPLET;
	}
	return 0;
}

static int
sc_read_pubkey(Key * k)
{
	u_char buf[2], *n;
	char *p;
	int len, sw, status = -1;

	len = sw = 0;
	n = NULL;

	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}

	/* get key size */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
	    sizeof(buf), buf, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain key length: %s", sectok_get_sw(sw));
		goto err;
	}
	len = (buf[0] << 8) | buf[1];
	len /= 8;
	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));

	n = xmalloc(len);
	/* get n */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain public key: %s", sectok_get_sw(sw));
		goto err;
	}

	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));

	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
		error("c_read_pubkey: BN_bin2bn failed");
		goto err;
	}

	/* currently the java applet just stores 'n' */
	if (!BN_set_word(k->rsa->e, 35)) {
		error("c_read_pubkey: BN_set_word(e, 35) failed");
		goto err;
	}

	status = 0;
	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	debug("fingerprint %d %s", key_size(k), p);
	xfree(p);

err:
	if (n != NULL)
		xfree(n);
	sc_close();
	return status;
}

static int
try_AUT0(void)
{
	u_char aut0[EVP_MAX_MD_SIZE];

	/* permission denied; try PIN if provided */
	if (sc_pin && strlen(sc_pin) > 0) {
		sc_mk_digest(sc_pin, aut0);
		if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
			error("smartcard passphrase incorrect");
			return (-1);
		}
	} else {
		/* try default AUT0 key */
		if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
			/* default AUT0 key failed; prompt for passphrase */
			if (get_AUT0(aut0) < 0 ||
			    cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
				error("smartcard passphrase incorrect");
				return (-1);
			}
		}
	}
	return (0);
}

/* private key operations */

static int
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
{
	u_char *padded = NULL;
	int sw, len, olen, status = -1;

	debug("sc_private_decrypt called");

	olen = len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);

	if (sw == 0x6982) {
		if (try_AUT0() < 0)
			goto err;
		sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
	}
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	    len);
err:
	if (padded)
		xfree(padded);
	sc_close();
	return (olen >= 0 ? olen : status);
}

static int
sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
    int padding)
{
	u_char *padded = NULL;
	int sw, len, status = -1;

	len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	debug("sc_private_encrypt called");
	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
		error("RSA_padding_add_PKCS1_type_1 failed");
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
	if (sw == 0x6982) {
		if (try_AUT0() < 0)
			goto err;
		sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
	}
	if (!sectok_swOK(sw)) {
		error("sc_private_encrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
err:
	if (padded)
		xfree(padded);
	sc_close();
	return (len >= 0 ? len : status);
}

/* called on free */

static int (*orig_finish)(RSA *rsa) = NULL;

static int
sc_finish(RSA *rsa)
{
	if (orig_finish)
		orig_finish(rsa);
	sc_close();
	return 1;
}


/* engine for overloading private key operations */

static ENGINE *smart_engine = NULL;
static RSA_METHOD smart_rsa;

ENGINE *
sc_get_engine(void)
{
	const RSA_METHOD *def;

	def = RSA_get_default_openssl_method();

	/* use the OpenSSL version */
	memcpy(&smart_rsa, def, sizeof(smart_rsa));

	smart_rsa.name		= "sectok";

	/* overload */
	smart_rsa.rsa_priv_enc	= sc_private_encrypt;
	smart_rsa.rsa_priv_dec	= sc_private_decrypt;

	/* save original */
	orig_finish		= def->finish;
	smart_rsa.finish	= sc_finish;

	if ((smart_engine = ENGINE_new()) == NULL)
		fatal("ENGINE_new failed");

	ENGINE_set_id(smart_engine, "sectok");
	ENGINE_set_name(smart_engine, "libsectok");

	ENGINE_set_RSA(smart_engine, &smart_rsa);
	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);

	return smart_engine;
}

void
sc_close(void)
{
	if (sc_fd >= 0) {
		sectok_close(sc_fd);
		sc_fd = -1;
	}
}

Key *
sc_get_key(const char *id, const char *pin)
{
	Key *k;
	int status;

	if (sc_reader_id != NULL)
		xfree(sc_reader_id);
	sc_reader_id = xstrdup(id);

	if (sc_pin != NULL)
		xfree(sc_pin);
	sc_pin = (pin == NULL) ? NULL : xstrdup(pin);

	k = key_new(KEY_RSA);
	if (k == NULL) {
		return NULL;
	}
	status = sc_read_pubkey(k);
	if (status == SCARD_ERROR_NOCARD) {
		key_free(k);
		return NULL;
	}
	if (status < 0 ) {
		error("sc_read_pubkey failed");
		key_free(k);
		return NULL;
	}
	return k;
}

#define NUM_RSA_KEY_ELEMENTS 5+1
#define COPY_RSA_KEY(x, i) \
	do { \
		len = BN_num_bytes(prv->rsa->x); \
		elements[i] = xmalloc(len); \
		debug("#bytes %d", len); \
		if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
			goto done; \
	} while (0)

static void
sc_mk_digest(const char *pin, u_char *digest)
{
	const EVP_MD *evp_md = EVP_sha1();
	EVP_MD_CTX md;

	EVP_DigestInit(&md, evp_md);
	EVP_DigestUpdate(&md, pin, strlen(pin));
	EVP_DigestFinal(&md, digest, NULL);
}

static int
get_AUT0(u_char *aut0)
{
	char *pass;

	pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
	if (pass == NULL)
		return -1;
	if (!strcmp(pass, "-")) {
		memcpy(aut0, DEFAUT0, sizeof DEFAUT0);
		return 0;
	}
	sc_mk_digest(pass, aut0);
	memset(pass, 0, strlen(pass));
	xfree(pass);
	return 0;
}

int
sc_put_key(Key *prv, const char *id)
{
	u_char *elements[NUM_RSA_KEY_ELEMENTS];
	u_char key_fid[2];
	u_char AUT0[EVP_MAX_MD_SIZE];
	int len, status = -1, i, fd = -1, ret;
	int sw = 0, cla = 0x00;

	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		elements[i] = NULL;

	COPY_RSA_KEY(q, 0);
	COPY_RSA_KEY(p, 1);
	COPY_RSA_KEY(iqmp, 2);
	COPY_RSA_KEY(dmq1, 3);
	COPY_RSA_KEY(dmp1, 4);
	COPY_RSA_KEY(n, 5);
	len = BN_num_bytes(prv->rsa->n);
	fd = sectok_friendly_open(id, STONOWAIT, &sw);
	if (fd < 0) {
		error("sectok_open failed: %s", sectok_get_sw(sw));
		goto done;
	}
	if (! sectok_cardpresent(fd)) {
		error("smartcard in reader %s not present", id);
		goto done;
	}
	ret = sectok_reset(fd, 0, NULL, &sw);
	if (ret <= 0) {
		error("sectok_reset failed: %s", sectok_get_sw(sw));
		goto done;
	}
	if ((cla = cyberflex_inq_class(fd)) < 0) {
		error("cyberflex_inq_class failed");
		goto done;
	}
	memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
		if (get_AUT0(AUT0) < 0 ||
		    cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
			memset(AUT0, 0, sizeof(DEFAUT0));
			error("smartcard passphrase incorrect");
			goto done;
		}
	}
	memset(AUT0, 0, sizeof(DEFAUT0));
	key_fid[0] = 0x00;
	key_fid[1] = 0x12;
	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
	    &sw) < 0) {
		error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
		goto done;
	}
	if (!sectok_swOK(sw))
		goto done;
	log("cyberflex_load_rsa_priv done");
	key_fid[0] = 0x73;
	key_fid[1] = 0x68;
	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
	    &sw) < 0) {
		error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
		goto done;
	}
	if (!sectok_swOK(sw))
		goto done;
	log("cyberflex_load_rsa_pub done");
	status = 0;

done:
	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));

	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
		if (elements[i])
			xfree(elements[i]);
	if (fd != -1)
		sectok_close(fd);
	return (status);
}
#endif /* SMARTCARD */
Commit	Line	Data
637b033d	1	/*
	2	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
637b033d	25	#include "includes.h"
d0b19c95	26	#ifdef SMARTCARD
9fc0407d	27	RCSID("$OpenBSD: scard.c,v 1.23 2002/03/24 18:05:29 markus Exp $");
514b94dc	28
637b033d	29	#include <openssl/engine.h>
b9f62352	30	#include <openssl/evp.h>
637b033d	31	#include <sectok.h>
	32
	33	#include "key.h"
	34	#include "log.h"
	35	#include "xmalloc.h"
b9f62352	36	#include "readpass.h"
86c4f63d	37	#include "scard.h"
637b033d	38
7649bbfe	39	#ifdef OPENSSL_VERSION_NUMBER
	40	#if OPENSSL_VERSION_NUMBER >= 0x00907000L
	41	#define RSA_get_default_openssl_method RSA_get_default_method
	42	#define DSA_get_default_openssl_method DSA_get_default_method
	43	#define DH_get_default_openssl_method DH_get_default_method
	44	#define ENGINE_set_BN_mod_exp(x,y)
	45	#endif
	46	#endif
	47
637b033d	48	#define CLA_SSH 0x05
	49	#define INS_DECRYPT 0x10
	50	#define INS_GET_KEYLENGTH 0x20
	51	#define INS_GET_PUBKEY 0x30
	52	#define INS_GET_RESPONSE 0xc0
	53
	54	#define MAX_BUF_SIZE 256
	55
86c4f63d	56	u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
86c4f63d	57
637b033d	58	static int sc_fd = -1;
9ff6f66f	59	static char *sc_reader_id = NULL;
86c4f63d	60	static char *sc_pin = NULL;
637b033d	61	static int cla = 0x00; /* class */
637b033d	62
86c4f63d	63	static void sc_mk_digest(const char pin, u_char digest);
	64	static int get_AUT0(u_char *aut0);
	65
637b033d	66	/* interface to libsectok */
637b033d	67
184eed6a	68	static int
878b5225	69	sc_open(void)
637b033d	70	{
637b033d	71	int sw;
	72
	73	if (sc_fd >= 0)
	74	return sc_fd;
637b033d	75
9ff6f66f	76	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
637b033d	77	if (sc_fd < 0) {
878b5225	78	error("sectok_open failed: %s", sectok_get_sw(sw));
0b595937	79	return SCARD_ERROR_FAIL;
	80	}
	81	if (! sectok_cardpresent(sc_fd)) {
9ff6f66f	82	debug("smartcard in reader %s not present, skipping",
9ff6f66f	83	sc_reader_id);
2251e099	84	sc_close();
0b595937	85	return SCARD_ERROR_NOCARD;
637b033d	86	}
c42158fe	87	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
637b033d	88	error("sectok_reset failed: %s", sectok_get_sw(sw));
637b033d	89	sc_fd = -1;
0b595937	90	return SCARD_ERROR_FAIL;
637b033d	91	}
c42158fe	92	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
c42158fe	93	cla = 0;
878b5225	94
637b033d	95	debug("sc_open ok %d", sc_fd);
	96	return sc_fd;
	97	}
	98
184eed6a	99	static int
637b033d	100	sc_enable_applet(void)
637b033d	101	{
c42158fe	102	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
c42158fe	103	int sw = 0;
637b033d	104
c42158fe	105	/* select applet id */
c42158fe	106	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
637b033d	107	if (!sectok_swOK(sw)) {
637b033d	108	error("sectok_apdu failed: %s", sectok_get_sw(sw));
878b5225	109	sc_close();
	110	return -1;
	111	}
	112	return 0;
	113	}
	114
184eed6a	115	static int
878b5225	116	sc_init(void)
878b5225	117	{
0b595937	118	int status;
	119
	120	status = sc_open();
	121	if (status == SCARD_ERROR_NOCARD) {
	122	return SCARD_ERROR_NOCARD;
	123	}
	124	if (status < 0 ) {
878b5225	125	error("sc_open failed");
0b595937	126	return status;
878b5225	127	}
	128	if (sc_enable_applet() < 0) {
	129	error("sc_enable_applet failed");
0b595937	130	return SCARD_ERROR_APPLET;
637b033d	131	}
	132	return 0;
	133	}
	134
184eed6a	135	static int
637b033d	136	sc_read_pubkey(Key * k)
	137	{
	138	u_char buf[2], *n;
	139	char *p;
4e842b5e	140	int len, sw, status = -1;
637b033d	141
637b033d	142	len = sw = 0;
fc1fc39e	143	n = NULL;
637b033d	144
0b595937	145	if (sc_fd < 0) {
	146	status = sc_init();
	147	if (status < 0 )
4e842b5e	148	goto err;
0b595937	149	}
878b5225	150
637b033d	151	/* get key size */
637b033d	152	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
184eed6a	153	sizeof(buf), buf, &sw);
637b033d	154	if (!sectok_swOK(sw)) {
637b033d	155	error("could not obtain key length: %s", sectok_get_sw(sw));
4e842b5e	156	goto err;
637b033d	157	}
	158	len = (buf[0] << 8) \| buf[1];
	159	len /= 8;
	160	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
	161
	162	n = xmalloc(len);
	163	/* get n */
	164	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	165	if (!sectok_swOK(sw)) {
	166	error("could not obtain public key: %s", sectok_get_sw(sw));
4e842b5e	167	goto err;
637b033d	168	}
4e842b5e	169
637b033d	170	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
	171
	172	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
	173	error("c_read_pubkey: BN_bin2bn failed");
4e842b5e	174	goto err;
637b033d	175	}
637b033d	176
	177	/* currently the java applet just stores 'n' */
	178	if (!BN_set_word(k->rsa->e, 35)) {
	179	error("c_read_pubkey: BN_set_word(e, 35) failed");
4e842b5e	180	goto err;
637b033d	181	}
637b033d	182
4e842b5e	183	status = 0;
637b033d	184	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	185	debug("fingerprint %d %s", key_size(k), p);
	186	xfree(p);
	187
4e842b5e	188	err:
	189	if (n != NULL)
	190	xfree(n);
	191	sc_close();
	192	return status;
637b033d	193	}
637b033d	194
9fc0407d	195	static int
	196	try_AUT0(void)
	197	{
	198	u_char aut0[EVP_MAX_MD_SIZE];
	199
	200	/* permission denied; try PIN if provided */
	201	if (sc_pin && strlen(sc_pin) > 0) {
	202	sc_mk_digest(sc_pin, aut0);
	203	if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
	204	error("smartcard passphrase incorrect");
	205	return (-1);
	206	}
	207	} else {
	208	/* try default AUT0 key */
	209	if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) {
	210	/* default AUT0 key failed; prompt for passphrase */
	211	if (get_AUT0(aut0) < 0 \|\|
	212	cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) {
	213	error("smartcard passphrase incorrect");
	214	return (-1);
	215	}
	216	}
	217	}
	218	return (0);
	219	}
	220
637b033d	221	/* private key operations */
	222
	223	static int
b9f62352	224	sc_private_decrypt(int flen, u_char from, u_char to, RSA *rsa,
7649bbfe	225	int padding)
637b033d	226	{
637b033d	227	u_char *padded = NULL;
4e842b5e	228	int sw, len, olen, status = -1;
637b033d	229
	230	debug("sc_private_decrypt called");
	231
	232	olen = len = sw = 0;
0b595937	233	if (sc_fd < 0) {
	234	status = sc_init();
	235	if (status < 0 )
878b5225	236	goto err;
0b595937	237	}
637b033d	238	if (padding != RSA_PKCS1_PADDING)
	239	goto err;
	240
	241	len = BN_num_bytes(rsa->n);
	242	padded = xmalloc(len);
	243
86c4f63d	244	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
	245
	246	if (sw == 0x6982) {
9fc0407d	247	if (try_AUT0() < 0)
9fc0407d	248	goto err;
86c4f63d	249	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw);
637b033d	250	}
637b033d	251	if (!sectok_swOK(sw)) {
86c4f63d	252	error("sc_private_decrypt: INS_DECRYPT failed: %s",
637b033d	253	sectok_get_sw(sw));
	254	goto err;
	255	}
	256	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	257	len);
	258	err:
	259	if (padded)
	260	xfree(padded);
4e842b5e	261	sc_close();
0b595937	262	return (olen >= 0 ? olen : status);
637b033d	263	}
	264
	265	static int
b9f62352	266	sc_private_encrypt(int flen, u_char from, u_char to, RSA *rsa,
7649bbfe	267	int padding)
637b033d	268	{
637b033d	269	u_char *padded = NULL;
4e842b5e	270	int sw, len, status = -1;
637b033d	271
637b033d	272	len = sw = 0;
0b595937	273	if (sc_fd < 0) {
	274	status = sc_init();
	275	if (status < 0 )
878b5225	276	goto err;
0b595937	277	}
637b033d	278	if (padding != RSA_PKCS1_PADDING)
	279	goto err;
	280
	281	debug("sc_private_encrypt called");
	282	len = BN_num_bytes(rsa->n);
	283	padded = xmalloc(len);
	284
7649bbfe	285	if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
637b033d	286	error("RSA_padding_add_PKCS1_type_1 failed");
	287	goto err;
	288	}
86c4f63d	289	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
9fc0407d	290	if (sw == 0x6982) {
	291	if (try_AUT0() < 0)
	292	goto err;
	293	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
	294	}
637b033d	295	if (!sectok_swOK(sw)) {
9fc0407d	296	error("sc_private_encrypt: INS_DECRYPT failed: %s",
637b033d	297	sectok_get_sw(sw));
	298	goto err;
	299	}
637b033d	300	err:
	301	if (padded)
	302	xfree(padded);
4e842b5e	303	sc_close();
0b595937	304	return (len >= 0 ? len : status);
637b033d	305	}
637b033d	306
05b7537a	307	/* called on free */
	308
	309	static int (orig_finish)(RSA rsa) = NULL;
	310
	311	static int
	312	sc_finish(RSA *rsa)
	313	{
	314	if (orig_finish)
	315	orig_finish(rsa);
	316	sc_close();
	317	return 1;
	318	}
	319
	320
637b033d	321	/* engine for overloading private key operations */
	322
	323	static ENGINE *smart_engine = NULL;
7649bbfe	324	static RSA_METHOD smart_rsa;
637b033d	325
	326	ENGINE *
	327	sc_get_engine(void)
	328	{
7649bbfe	329	const RSA_METHOD *def;
637b033d	330
	331	def = RSA_get_default_openssl_method();
	332
7649bbfe	333	/* use the OpenSSL version */
	334	memcpy(&smart_rsa, def, sizeof(smart_rsa));
	335
	336	smart_rsa.name = "sectok";
	337
637b033d	338	/* overload */
	339	smart_rsa.rsa_priv_enc = sc_private_encrypt;
	340	smart_rsa.rsa_priv_dec = sc_private_decrypt;
	341
05b7537a	342	/* save original */
	343	orig_finish = def->finish;
	344	smart_rsa.finish = sc_finish;
	345
b775c6f2	346	if ((smart_engine = ENGINE_new()) == NULL)
b775c6f2	347	fatal("ENGINE_new failed");
637b033d	348
	349	ENGINE_set_id(smart_engine, "sectok");
	350	ENGINE_set_name(smart_engine, "libsectok");
7649bbfe	351
637b033d	352	ENGINE_set_RSA(smart_engine, &smart_rsa);
	353	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	354	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	355	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	356	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
	357
	358	return smart_engine;
	359	}
	360
878b5225	361	void
	362	sc_close(void)
	363	{
	364	if (sc_fd >= 0) {
	365	sectok_close(sc_fd);
	366	sc_fd = -1;
	367	}
	368	}
	369
637b033d	370	Key *
86c4f63d	371	sc_get_key(const char id, const char pin)
637b033d	372	{
637b033d	373	Key *k;
71b7a18e	374	int status;
637b033d	375
9ff6f66f	376	if (sc_reader_id != NULL)
	377	xfree(sc_reader_id);
	378	sc_reader_id = xstrdup(id);
	379
86c4f63d	380	if (sc_pin != NULL)
	381	xfree(sc_pin);
	382	sc_pin = (pin == NULL) ? NULL : xstrdup(pin);
	383
637b033d	384	k = key_new(KEY_RSA);
	385	if (k == NULL) {
	386	return NULL;
	387	}
71b7a18e	388	status = sc_read_pubkey(k);
	389	if (status == SCARD_ERROR_NOCARD) {
	390	key_free(k);
	391	return NULL;
	392	}
	393	if (status < 0 ) {
637b033d	394	error("sc_read_pubkey failed");
	395	key_free(k);
	396	return NULL;
	397	}
	398	return k;
	399	}
b9f62352	400
	401	#define NUM_RSA_KEY_ELEMENTS 5+1
	402	#define COPY_RSA_KEY(x, i) \
	403	do { \
	404	len = BN_num_bytes(prv->rsa->x); \
	405	elements[i] = xmalloc(len); \
	406	debug("#bytes %d", len); \
	407	if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
	408	goto done; \
	409	} while (0)
	410
86c4f63d	411	static void
86c4f63d	412	sc_mk_digest(const char pin, u_char digest)
b9f62352	413	{
	414	const EVP_MD *evp_md = EVP_sha1();
	415	EVP_MD_CTX md;
86c4f63d	416
	417	EVP_DigestInit(&md, evp_md);
	418	EVP_DigestUpdate(&md, pin, strlen(pin));
	419	EVP_DigestFinal(&md, digest, NULL);
	420	}
	421
	422	static int
	423	get_AUT0(u_char *aut0)
	424	{
b9f62352	425	char *pass;
	426
	427	pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN);
	428	if (pass == NULL)
	429	return -1;
86c4f63d	430	if (!strcmp(pass, "-")) {
	431	memcpy(aut0, DEFAUT0, sizeof DEFAUT0);
	432	return 0;
	433	}
	434	sc_mk_digest(pass, aut0);
b9f62352	435	memset(pass, 0, strlen(pass));
	436	xfree(pass);
	437	return 0;
	438	}
	439
	440	int
	441	sc_put_key(Key prv, const char id)
	442	{
	443	u_char *elements[NUM_RSA_KEY_ELEMENTS];
	444	u_char key_fid[2];
b9f62352	445	u_char AUT0[EVP_MAX_MD_SIZE];
	446	int len, status = -1, i, fd = -1, ret;
	447	int sw = 0, cla = 0x00;
	448
	449	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
	450	elements[i] = NULL;
	451
	452	COPY_RSA_KEY(q, 0);
	453	COPY_RSA_KEY(p, 1);
	454	COPY_RSA_KEY(iqmp, 2);
	455	COPY_RSA_KEY(dmq1, 3);
	456	COPY_RSA_KEY(dmp1, 4);
	457	COPY_RSA_KEY(n, 5);
	458	len = BN_num_bytes(prv->rsa->n);
514b94dc	459	fd = sectok_friendly_open(id, STONOWAIT, &sw);
b9f62352	460	if (fd < 0) {
	461	error("sectok_open failed: %s", sectok_get_sw(sw));
	462	goto done;
	463	}
	464	if (! sectok_cardpresent(fd)) {
514b94dc	465	error("smartcard in reader %s not present", id);
b9f62352	466	goto done;
	467	}
	468	ret = sectok_reset(fd, 0, NULL, &sw);
	469	if (ret <= 0) {
	470	error("sectok_reset failed: %s", sectok_get_sw(sw));
	471	goto done;
	472	}
	473	if ((cla = cyberflex_inq_class(fd)) < 0) {
	474	error("cyberflex_inq_class failed");
	475	goto done;
	476	}
	477	memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0));
	478	if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
	479	if (get_AUT0(AUT0) < 0 \|\|
	480	cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) {
86c4f63d	481	memset(AUT0, 0, sizeof(DEFAUT0));
86c4f63d	482	error("smartcard passphrase incorrect");
b9f62352	483	goto done;
	484	}
	485	}
86c4f63d	486	memset(AUT0, 0, sizeof(DEFAUT0));
b9f62352	487	key_fid[0] = 0x00;
	488	key_fid[1] = 0x12;
	489	if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements,
	490	&sw) < 0) {
	491	error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw));
	492	goto done;
	493	}
	494	if (!sectok_swOK(sw))
	495	goto done;
	496	log("cyberflex_load_rsa_priv done");
	497	key_fid[0] = 0x73;
	498	key_fid[1] = 0x68;
	499	if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5],
	500	&sw) < 0) {
	501	error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw));
	502	goto done;
	503	}
	504	if (!sectok_swOK(sw))
	505	goto done;
	506	log("cyberflex_load_rsa_pub done");
	507	status = 0;
	508
	509	done:
	510	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
	511	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
	512	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
	513	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
	514	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
	515	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
	516
	517	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
	518	if (elements[i])
	519	xfree(elements[i]);
	520	if (fd != -1)
	521	sectok_close(fd);
	522	return (status);
	523	}
dd2495cb	524	#endif /* SMARTCARD */