[openssh.git] / scard.c

/*
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#include "includes.h"
#ifdef SMARTCARD
RCSID("$OpenBSD: scard.c,v 1.17 2001/12/27 18:22:16 markus Exp $");

#include <openssl/engine.h>
#include <sectok.h>

#include "key.h"
#include "log.h"
#include "xmalloc.h"
#include "scard.h"

#define CLA_SSH 0x05
#define INS_DECRYPT 0x10
#define INS_GET_KEYLENGTH 0x20
#define INS_GET_PUBKEY 0x30
#define INS_GET_RESPONSE 0xc0

#define MAX_BUF_SIZE 256

static int sc_fd = -1;
static char *sc_reader_id = NULL;
static int cla = 0x00;	/* class */

/* interface to libsectok */

static int
sc_open(void)
{
	int sw;

	if (sc_fd >= 0)
		return sc_fd;

	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
	if (sc_fd < 0) {
		error("sectok_open failed: %s", sectok_get_sw(sw));
		return SCARD_ERROR_FAIL;
	}
	if (! sectok_cardpresent(sc_fd)) {
		debug("smartcard in reader %s not present, skipping",
		    sc_reader_id);
		sc_close();
		return SCARD_ERROR_NOCARD;
	}
	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
		error("sectok_reset failed: %s", sectok_get_sw(sw));
		sc_fd = -1;
		return SCARD_ERROR_FAIL;
	}
	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
		cla = 0;

	debug("sc_open ok %d", sc_fd);
	return sc_fd;
}

static int
sc_enable_applet(void)
{
	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
	int sw = 0;

	/* select applet id */
	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sectok_apdu failed: %s", sectok_get_sw(sw));
		sc_close();
		return -1;
	}
	return 0;
}

static int
sc_init(void)
{
	int status;

	status = sc_open();
	if (status == SCARD_ERROR_NOCARD) {
		return SCARD_ERROR_NOCARD;
	}
	if (status < 0 ) {
		error("sc_open failed");
		return status;
	}
	if (sc_enable_applet() < 0) {
		error("sc_enable_applet failed");
		return SCARD_ERROR_APPLET;
	}
	return 0;
}

static int
sc_read_pubkey(Key * k)
{
	u_char buf[2], *n;
	char *p;
	int len, sw, status = -1;

	len = sw = 0;
	n = NULL;

	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}

	/* get key size */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
	    sizeof(buf), buf, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain key length: %s", sectok_get_sw(sw));
		goto err;
	}
	len = (buf[0] << 8) | buf[1];
	len /= 8;
	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));

	n = xmalloc(len);
	/* get n */
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	if (!sectok_swOK(sw)) {
		error("could not obtain public key: %s", sectok_get_sw(sw));
		goto err;
	}

	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));

	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
		error("c_read_pubkey: BN_bin2bn failed");
		goto err;
	}

	/* currently the java applet just stores 'n' */
	if (!BN_set_word(k->rsa->e, 35)) {
		error("c_read_pubkey: BN_set_word(e, 35) failed");
		goto err;
	}

	status = 0;
	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	debug("fingerprint %d %s", key_size(k), p);
	xfree(p);

err:
	if (n != NULL)
		xfree(n);
	sc_close();
	return status;
}

/* private key operations */

static int
sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
{
	u_char *padded = NULL;
	int sw, len, olen, status = -1;

	debug("sc_private_decrypt called");

	olen = len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	    len, padded, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	    len);
err:
	if (padded)
		xfree(padded);
	sc_close();
	return (olen >= 0 ? olen : status);
}

static int
sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
{
	u_char *padded = NULL;
	int sw, len, status = -1;

	len = sw = 0;
	if (sc_fd < 0) {
		status = sc_init();
		if (status < 0 )
			goto err;
	}
	if (padding != RSA_PKCS1_PADDING)
		goto err;

	debug("sc_private_encrypt called");
	len = BN_num_bytes(rsa->n);
	padded = xmalloc(len);

	if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) {
		error("RSA_padding_add_PKCS1_type_1 failed");
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_DECRYPT failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
	    len, to, &sw);
	if (!sectok_swOK(sw)) {
		error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
		    sectok_get_sw(sw));
		goto err;
	}
err:
	if (padded)
		xfree(padded);
	sc_close();
	return (len >= 0 ? len : status);
}

/* called on free */

static int (*orig_finish)(RSA *rsa) = NULL;

static int
sc_finish(RSA *rsa)
{
	if (orig_finish)
		orig_finish(rsa);
	sc_close();
	return 1;
}


/* engine for overloading private key operations */

static ENGINE *smart_engine = NULL;
static RSA_METHOD smart_rsa =
{
	"sectok",
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	NULL,
	0,
	NULL,
};

ENGINE *
sc_get_engine(void)
{
	RSA_METHOD *def;

	def = RSA_get_default_openssl_method();

	/* overload */
	smart_rsa.rsa_priv_enc	= sc_private_encrypt;
	smart_rsa.rsa_priv_dec	= sc_private_decrypt;

	/* save original */
	orig_finish		= def->finish;
	smart_rsa.finish	= sc_finish;

	/* just use the OpenSSL version */
	smart_rsa.rsa_pub_enc   = def->rsa_pub_enc;
	smart_rsa.rsa_pub_dec   = def->rsa_pub_dec;
	smart_rsa.rsa_mod_exp	= def->rsa_mod_exp;
	smart_rsa.bn_mod_exp	= def->bn_mod_exp;
	smart_rsa.init		= def->init;
	smart_rsa.flags		= def->flags;
	smart_rsa.app_data	= def->app_data;
	smart_rsa.rsa_sign	= def->rsa_sign;
	smart_rsa.rsa_verify	= def->rsa_verify;

	if ((smart_engine = ENGINE_new()) == NULL)
		fatal("ENGINE_new failed");

	ENGINE_set_id(smart_engine, "sectok");
	ENGINE_set_name(smart_engine, "libsectok");
	ENGINE_set_RSA(smart_engine, &smart_rsa);
	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);

	return smart_engine;
}

void
sc_close(void)
{
	if (sc_fd >= 0) {
		sectok_close(sc_fd);
		sc_fd = -1;
	}
}

Key *
sc_get_key(const char *id)
{
	Key *k;
	int status;

	if (sc_reader_id != NULL)
		xfree(sc_reader_id);
	sc_reader_id = xstrdup(id);

	k = key_new(KEY_RSA);
	if (k == NULL) {
		return NULL;
	}
	status = sc_read_pubkey(k);
	if (status == SCARD_ERROR_NOCARD) {
		key_free(k);
		return NULL;
	}
	if (status < 0 ) {
		error("sc_read_pubkey failed");
		key_free(k);
		return NULL;
	}
	return k;
}
#endif /* SMARTCARD */
Commit	Line	Data
637b033d	1	/*
	2	* Copyright (c) 2001 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	23	*/
	24
637b033d	25	#include "includes.h"
d0b19c95	26	#ifdef SMARTCARD
b775c6f2	27	RCSID("$OpenBSD: scard.c,v 1.17 2001/12/27 18:22:16 markus Exp $");
637b033d	28
	29	#include <openssl/engine.h>
	30	#include <sectok.h>
	31
	32	#include "key.h"
	33	#include "log.h"
	34	#include "xmalloc.h"
	35	#include "scard.h"
	36
	37	#define CLA_SSH 0x05
	38	#define INS_DECRYPT 0x10
	39	#define INS_GET_KEYLENGTH 0x20
	40	#define INS_GET_PUBKEY 0x30
	41	#define INS_GET_RESPONSE 0xc0
	42
	43	#define MAX_BUF_SIZE 256
	44
	45	static int sc_fd = -1;
9ff6f66f	46	static char *sc_reader_id = NULL;
637b033d	47	static int cla = 0x00; /* class */
	48
	49	/* interface to libsectok */
	50
184eed6a	51	static int
878b5225	52	sc_open(void)
637b033d	53	{
637b033d	54	int sw;
	55
	56	if (sc_fd >= 0)
	57	return sc_fd;
637b033d	58
9ff6f66f	59	sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw);
637b033d	60	if (sc_fd < 0) {
878b5225	61	error("sectok_open failed: %s", sectok_get_sw(sw));
0b595937	62	return SCARD_ERROR_FAIL;
	63	}
	64	if (! sectok_cardpresent(sc_fd)) {
9ff6f66f	65	debug("smartcard in reader %s not present, skipping",
9ff6f66f	66	sc_reader_id);
2251e099	67	sc_close();
0b595937	68	return SCARD_ERROR_NOCARD;
637b033d	69	}
c42158fe	70	if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) {
637b033d	71	error("sectok_reset failed: %s", sectok_get_sw(sw));
637b033d	72	sc_fd = -1;
0b595937	73	return SCARD_ERROR_FAIL;
637b033d	74	}
c42158fe	75	if ((cla = cyberflex_inq_class(sc_fd)) < 0)
c42158fe	76	cla = 0;
878b5225	77
637b033d	78	debug("sc_open ok %d", sc_fd);
	79	return sc_fd;
	80	}
	81
184eed6a	82	static int
637b033d	83	sc_enable_applet(void)
637b033d	84	{
c42158fe	85	static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
c42158fe	86	int sw = 0;
637b033d	87
c42158fe	88	/* select applet id */
c42158fe	89	sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw);
637b033d	90	if (!sectok_swOK(sw)) {
637b033d	91	error("sectok_apdu failed: %s", sectok_get_sw(sw));
878b5225	92	sc_close();
	93	return -1;
	94	}
	95	return 0;
	96	}
	97
184eed6a	98	static int
878b5225	99	sc_init(void)
878b5225	100	{
0b595937	101	int status;
	102
	103	status = sc_open();
	104	if (status == SCARD_ERROR_NOCARD) {
	105	return SCARD_ERROR_NOCARD;
	106	}
	107	if (status < 0 ) {
878b5225	108	error("sc_open failed");
0b595937	109	return status;
878b5225	110	}
	111	if (sc_enable_applet() < 0) {
	112	error("sc_enable_applet failed");
0b595937	113	return SCARD_ERROR_APPLET;
637b033d	114	}
	115	return 0;
	116	}
	117
184eed6a	118	static int
637b033d	119	sc_read_pubkey(Key * k)
	120	{
	121	u_char buf[2], *n;
	122	char *p;
4e842b5e	123	int len, sw, status = -1;
637b033d	124
637b033d	125	len = sw = 0;
fc1fc39e	126	n = NULL;
637b033d	127
0b595937	128	if (sc_fd < 0) {
	129	status = sc_init();
	130	if (status < 0 )
4e842b5e	131	goto err;
0b595937	132	}
878b5225	133
637b033d	134	/* get key size */
637b033d	135	sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
184eed6a	136	sizeof(buf), buf, &sw);
637b033d	137	if (!sectok_swOK(sw)) {
637b033d	138	error("could not obtain key length: %s", sectok_get_sw(sw));
4e842b5e	139	goto err;
637b033d	140	}
	141	len = (buf[0] << 8) \| buf[1];
	142	len /= 8;
	143	debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw));
	144
	145	n = xmalloc(len);
	146	/* get n */
	147	sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw);
	148	if (!sectok_swOK(sw)) {
	149	error("could not obtain public key: %s", sectok_get_sw(sw));
4e842b5e	150	goto err;
637b033d	151	}
4e842b5e	152
637b033d	153	debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw));
	154
	155	if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
	156	error("c_read_pubkey: BN_bin2bn failed");
4e842b5e	157	goto err;
637b033d	158	}
637b033d	159
	160	/* currently the java applet just stores 'n' */
	161	if (!BN_set_word(k->rsa->e, 35)) {
	162	error("c_read_pubkey: BN_set_word(e, 35) failed");
4e842b5e	163	goto err;
637b033d	164	}
637b033d	165
4e842b5e	166	status = 0;
637b033d	167	p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX);
	168	debug("fingerprint %d %s", key_size(k), p);
	169	xfree(p);
	170
4e842b5e	171	err:
	172	if (n != NULL)
	173	xfree(n);
	174	sc_close();
	175	return status;
637b033d	176	}
	177
	178	/* private key operations */
	179
	180	static int
	181	sc_private_decrypt(int flen, u_char from, u_char to, RSA *rsa, int padding)
	182	{
	183	u_char *padded = NULL;
4e842b5e	184	int sw, len, olen, status = -1;
637b033d	185
	186	debug("sc_private_decrypt called");
	187
	188	olen = len = sw = 0;
0b595937	189	if (sc_fd < 0) {
	190	status = sc_init();
	191	if (status < 0 )
878b5225	192	goto err;
0b595937	193	}
637b033d	194	if (padding != RSA_PKCS1_PADDING)
	195	goto err;
	196
	197	len = BN_num_bytes(rsa->n);
	198	padded = xmalloc(len);
	199
	200	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw);
	201	if (!sectok_swOK(sw)) {
	202	error("sc_private_decrypt: INS_DECRYPT failed: %s",
	203	sectok_get_sw(sw));
	204	goto err;
	205	}
	206	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
184eed6a	207	len, padded, &sw);
637b033d	208	if (!sectok_swOK(sw)) {
	209	error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
	210	sectok_get_sw(sw));
	211	goto err;
	212	}
	213	olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
	214	len);
	215	err:
	216	if (padded)
	217	xfree(padded);
4e842b5e	218	sc_close();
0b595937	219	return (olen >= 0 ? olen : status);
637b033d	220	}
	221
	222	static int
	223	sc_private_encrypt(int flen, u_char from, u_char to, RSA *rsa, int padding)
	224	{
	225	u_char *padded = NULL;
4e842b5e	226	int sw, len, status = -1;
637b033d	227
637b033d	228	len = sw = 0;
0b595937	229	if (sc_fd < 0) {
	230	status = sc_init();
	231	if (status < 0 )
878b5225	232	goto err;
0b595937	233	}
637b033d	234	if (padding != RSA_PKCS1_PADDING)
	235	goto err;
	236
	237	debug("sc_private_encrypt called");
	238	len = BN_num_bytes(rsa->n);
	239	padded = xmalloc(len);
	240
	241	if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) {
	242	error("RSA_padding_add_PKCS1_type_1 failed");
	243	goto err;
	244	}
	245	sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw);
	246	if (!sectok_swOK(sw)) {
	247	error("sc_private_decrypt: INS_DECRYPT failed: %s",
	248	sectok_get_sw(sw));
	249	goto err;
	250	}
	251	sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
184eed6a	252	len, to, &sw);
637b033d	253	if (!sectok_swOK(sw)) {
	254	error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
	255	sectok_get_sw(sw));
	256	goto err;
	257	}
	258	err:
	259	if (padded)
	260	xfree(padded);
4e842b5e	261	sc_close();
0b595937	262	return (len >= 0 ? len : status);
637b033d	263	}
637b033d	264
05b7537a	265	/* called on free */
	266
	267	static int (orig_finish)(RSA rsa) = NULL;
	268
	269	static int
	270	sc_finish(RSA *rsa)
	271	{
	272	if (orig_finish)
	273	orig_finish(rsa);
	274	sc_close();
	275	return 1;
	276	}
	277
	278
637b033d	279	/* engine for overloading private key operations */
	280
	281	static ENGINE *smart_engine = NULL;
	282	static RSA_METHOD smart_rsa =
	283	{
	284	"sectok",
	285	NULL,
	286	NULL,
	287	NULL,
	288	NULL,
	289	NULL,
	290	NULL,
	291	NULL,
	292	NULL,
	293	0,
	294	NULL,
	295	};
	296
	297	ENGINE *
	298	sc_get_engine(void)
	299	{
	300	RSA_METHOD *def;
	301
	302	def = RSA_get_default_openssl_method();
	303
	304	/* overload */
	305	smart_rsa.rsa_priv_enc = sc_private_encrypt;
	306	smart_rsa.rsa_priv_dec = sc_private_decrypt;
	307
05b7537a	308	/* save original */
	309	orig_finish = def->finish;
	310	smart_rsa.finish = sc_finish;
	311
637b033d	312	/* just use the OpenSSL version */
	313	smart_rsa.rsa_pub_enc = def->rsa_pub_enc;
	314	smart_rsa.rsa_pub_dec = def->rsa_pub_dec;
	315	smart_rsa.rsa_mod_exp = def->rsa_mod_exp;
	316	smart_rsa.bn_mod_exp = def->bn_mod_exp;
	317	smart_rsa.init = def->init;
637b033d	318	smart_rsa.flags = def->flags;
	319	smart_rsa.app_data = def->app_data;
	320	smart_rsa.rsa_sign = def->rsa_sign;
	321	smart_rsa.rsa_verify = def->rsa_verify;
	322
b775c6f2	323	if ((smart_engine = ENGINE_new()) == NULL)
b775c6f2	324	fatal("ENGINE_new failed");
637b033d	325
	326	ENGINE_set_id(smart_engine, "sectok");
	327	ENGINE_set_name(smart_engine, "libsectok");
	328	ENGINE_set_RSA(smart_engine, &smart_rsa);
	329	ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method());
	330	ENGINE_set_DH(smart_engine, DH_get_default_openssl_method());
	331	ENGINE_set_RAND(smart_engine, RAND_SSLeay());
	332	ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp);
	333
	334	return smart_engine;
	335	}
	336
878b5225	337	void
	338	sc_close(void)
	339	{
	340	if (sc_fd >= 0) {
	341	sectok_close(sc_fd);
	342	sc_fd = -1;
	343	}
	344	}
	345
637b033d	346	Key *
9ff6f66f	347	sc_get_key(const char *id)
637b033d	348	{
637b033d	349	Key *k;
71b7a18e	350	int status;
637b033d	351
9ff6f66f	352	if (sc_reader_id != NULL)
	353	xfree(sc_reader_id);
	354	sc_reader_id = xstrdup(id);
	355
637b033d	356	k = key_new(KEY_RSA);
	357	if (k == NULL) {
	358	return NULL;
	359	}
71b7a18e	360	status = sc_read_pubkey(k);
	361	if (status == SCARD_ERROR_NOCARD) {
	362	key_free(k);
	363	return NULL;
	364	}
	365	if (status < 0 ) {
637b033d	366	error("sc_read_pubkey failed");
	367	key_free(k);
	368	return NULL;
	369	}
	370	return k;
	371	}
dd2495cb	372	#endif /* SMARTCARD */