X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/dd2495cba27edd8a16dca65037ccceb7128d3509..HEAD:/scard.c diff --git a/scard.c b/scard.c index 6e6de2f3..9fd3ca1b 100644 --- a/scard.c +++ b/scard.c @@ -1,3 +1,4 @@ +/* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -22,18 +23,36 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifdef SMARTCARD #include "includes.h" -RCSID("$OpenBSD: scard.c,v 1.13 2001/08/02 16:14:05 jakob Exp $"); +#if defined(SMARTCARD) && defined(USE_SECTOK) + +#include -#include #include +#include +#include +#include + +#include "xmalloc.h" #include "key.h" #include "log.h" -#include "xmalloc.h" +#include "misc.h" #include "scard.h" +#if OPENSSL_VERSION_NUMBER < 0x00907000L +#define USE_ENGINE +#define RSA_get_default_method RSA_get_default_openssl_method +#else +#endif + +#ifdef USE_ENGINE +#include +#define sc_get_rsa sc_get_engine +#else +#define sc_get_rsa sc_get_rsa_method +#endif + #define CLA_SSH 0x05 #define INS_DECRYPT 0x10 #define INS_GET_KEYLENGTH 0x20 @@ -42,13 +61,20 @@ RCSID("$OpenBSD: scard.c,v 1.13 2001/08/02 16:14:05 jakob Exp $"); #define MAX_BUF_SIZE 256 +u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63}; + static int sc_fd = -1; static char *sc_reader_id = NULL; +static char *sc_pin = NULL; static int cla = 0x00; /* class */ +static void sc_mk_digest(const char *pin, u_char *digest); +static int get_AUT0(u_char *aut0); +static int try_AUT0(void); + /* interface to libsectok */ -static int +static int sc_open(void) { int sw; @@ -79,7 +105,7 @@ sc_open(void) return sc_fd; } -static int +static int sc_enable_applet(void) { static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e}; @@ -95,7 +121,7 @@ sc_enable_applet(void) return 0; } -static int +static int sc_init(void) { int status; @@ -104,7 +130,7 @@ sc_init(void) if (status == SCARD_ERROR_NOCARD) { return SCARD_ERROR_NOCARD; } - if (status < 0 ) { + if (status < 0) { error("sc_open failed"); return status; } @@ -115,28 +141,27 @@ sc_init(void) return 0; } -static int +static int sc_read_pubkey(Key * k) { u_char buf[2], *n; char *p; - int len, sw, status; + int len, sw, status = -1; len = sw = 0; + n = NULL; if (sc_fd < 0) { - status = sc_init(); - if (status < 0 ) - return status; + if (sc_init() < 0) + goto err; } /* get key size */ sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, - sizeof(buf), buf, &sw); + sizeof(buf), buf, &sw); if (!sectok_swOK(sw)) { error("could not obtain key length: %s", sectok_get_sw(sw)); - sc_close(); - return -1; + goto err; } len = (buf[0] << 8) | buf[1]; len /= 8; @@ -145,48 +170,57 @@ sc_read_pubkey(Key * k) n = xmalloc(len); /* get n */ sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); + + if (sw == 0x6982) { + if (try_AUT0() < 0) + goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); + } if (!sectok_swOK(sw)) { error("could not obtain public key: %s", sectok_get_sw(sw)); - xfree(n); - return -1; + goto err; } + debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw)); if (BN_bin2bn(n, len, k->rsa->n) == NULL) { error("c_read_pubkey: BN_bin2bn failed"); - xfree(n); - sc_close(); - return -1; + goto err; } - xfree(n); /* currently the java applet just stores 'n' */ if (!BN_set_word(k->rsa->e, 35)) { error("c_read_pubkey: BN_set_word(e, 35) failed"); - return -1; + goto err; } + status = 0; p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); - debug("fingerprint %d %s", key_size(k), p); + debug("fingerprint %u %s", key_size(k), p); xfree(p); - return 0; +err: + if (n != NULL) + xfree(n); + sc_close(); + return status; } /* private key operations */ static int -sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) +sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, + int padding) { u_char *padded = NULL; - int sw, len, olen, status; + int sw, len, olen, status = -1; debug("sc_private_decrypt called"); olen = len = sw = 0; if (sc_fd < 0) { status = sc_init(); - if (status < 0 ) + if (status < 0) goto err; } if (padding != RSA_PKCS1_PADDING) @@ -195,19 +229,16 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) len = BN_num_bytes(rsa->n); padded = xmalloc(len); - sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, 0, NULL, &sw); - if (!sectok_swOK(sw)) { - error("sc_private_decrypt: INS_DECRYPT failed: %s", - sectok_get_sw(sw)); - sc_close(); - goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw); + + if (sw == 0x6982) { + if (try_AUT0() < 0) + goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw); } - sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, - len, padded, &sw); if (!sectok_swOK(sw)) { - error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", + error("sc_private_decrypt: INS_DECRYPT failed: %s", sectok_get_sw(sw)); - sc_close(); goto err; } olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, @@ -215,19 +246,21 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) err: if (padded) xfree(padded); + sc_close(); return (olen >= 0 ? olen : status); } static int -sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) +sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, + int padding) { u_char *padded = NULL; - int sw, len, status; + int sw, len, status = -1; len = sw = 0; if (sc_fd < 0) { status = sc_init(); - if (status < 0 ) + if (status < 0) goto err; } if (padding != RSA_PKCS1_PADDING) @@ -237,28 +270,25 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) len = BN_num_bytes(rsa->n); padded = xmalloc(len); - if (RSA_padding_add_PKCS1_type_1(padded, len, from, flen) <= 0) { + if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) { error("RSA_padding_add_PKCS1_type_1 failed"); goto err; } - sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, 0, NULL, &sw); - if (!sectok_swOK(sw)) { - error("sc_private_decrypt: INS_DECRYPT failed: %s", - sectok_get_sw(sw)); - sc_close(); - goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); + if (sw == 0x6982) { + if (try_AUT0() < 0) + goto err; + sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); } - sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, - len, to, &sw); if (!sectok_swOK(sw)) { - error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", + error("sc_private_encrypt: INS_DECRYPT failed: %s", sectok_get_sw(sw)); - sc_close(); goto err; } err: if (padded) xfree(padded); + sc_close(); return (len >= 0 ? len : status); } @@ -275,31 +305,18 @@ sc_finish(RSA *rsa) return 1; } - /* engine for overloading private key operations */ -static ENGINE *smart_engine = NULL; -static RSA_METHOD smart_rsa = -{ - "sectok", - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - 0, - NULL, -}; - -ENGINE * -sc_get_engine(void) +static RSA_METHOD * +sc_get_rsa_method(void) { - RSA_METHOD *def; + static RSA_METHOD smart_rsa; + const RSA_METHOD *def = RSA_get_default_method(); - def = RSA_get_default_openssl_method(); + /* use the OpenSSL version */ + memcpy(&smart_rsa, def, sizeof(smart_rsa)); + + smart_rsa.name = "sectok"; /* overload */ smart_rsa.rsa_priv_enc = sc_private_encrypt; @@ -309,22 +326,22 @@ sc_get_engine(void) orig_finish = def->finish; smart_rsa.finish = sc_finish; - /* just use the OpenSSL version */ - smart_rsa.rsa_pub_enc = def->rsa_pub_enc; - smart_rsa.rsa_pub_dec = def->rsa_pub_dec; - smart_rsa.rsa_mod_exp = def->rsa_mod_exp; - smart_rsa.bn_mod_exp = def->bn_mod_exp; - smart_rsa.init = def->init; - smart_rsa.flags = def->flags; - smart_rsa.app_data = def->app_data; - smart_rsa.rsa_sign = def->rsa_sign; - smart_rsa.rsa_verify = def->rsa_verify; + return &smart_rsa; +} + +#ifdef USE_ENGINE +static ENGINE * +sc_get_engine(void) +{ + static ENGINE *smart_engine = NULL; - smart_engine = ENGINE_new(); + if ((smart_engine = ENGINE_new()) == NULL) + fatal("ENGINE_new failed"); ENGINE_set_id(smart_engine, "sectok"); ENGINE_set_name(smart_engine, "libsectok"); - ENGINE_set_RSA(smart_engine, &smart_rsa); + + ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); ENGINE_set_RAND(smart_engine, RAND_SSLeay()); @@ -332,6 +349,7 @@ sc_get_engine(void) return smart_engine; } +#endif void sc_close(void) @@ -342,16 +360,20 @@ sc_close(void) } } -Key * -sc_get_key(const char *id) +Key ** +sc_get_keys(const char *id, const char *pin) { - Key *k; - int status; + Key *k, *n, **keys; + int status, nkeys = 2; if (sc_reader_id != NULL) xfree(sc_reader_id); sc_reader_id = xstrdup(id); + if (sc_pin != NULL) + xfree(sc_pin); + sc_pin = (pin == NULL) ? NULL : xstrdup(pin); + k = key_new(KEY_RSA); if (k == NULL) { return NULL; @@ -361,12 +383,189 @@ sc_get_key(const char *id) key_free(k); return NULL; } - if (status < 0 ) { + if (status < 0) { error("sc_read_pubkey failed"); key_free(k); return NULL; } - return k; - sc_close(); + keys = xcalloc((nkeys+1), sizeof(Key *)); + + n = key_new(KEY_RSA1); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("sc_get_keys: BN_copy failed"); + RSA_set_method(n->rsa, sc_get_rsa()); + n->flags |= KEY_FLAG_EXT; + keys[0] = n; + + n = key_new(KEY_RSA); + if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || + (BN_copy(n->rsa->e, k->rsa->e) == NULL)) + fatal("sc_get_keys: BN_copy failed"); + RSA_set_method(n->rsa, sc_get_rsa()); + n->flags |= KEY_FLAG_EXT; + keys[1] = n; + + keys[2] = NULL; + + key_free(k); + return keys; +} + +#define NUM_RSA_KEY_ELEMENTS 5+1 +#define COPY_RSA_KEY(x, i) \ + do { \ + len = BN_num_bytes(prv->rsa->x); \ + elements[i] = xmalloc(len); \ + debug("#bytes %d", len); \ + if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \ + goto done; \ + } while (0) + +static void +sc_mk_digest(const char *pin, u_char *digest) +{ + const EVP_MD *evp_md = EVP_sha1(); + EVP_MD_CTX md; + + EVP_DigestInit(&md, evp_md); + EVP_DigestUpdate(&md, pin, strlen(pin)); + EVP_DigestFinal(&md, digest, NULL); } -#endif /* SMARTCARD */ + +static int +get_AUT0(u_char *aut0) +{ + char *pass; + + pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); + if (pass == NULL) + return -1; + if (!strcmp(pass, "-")) { + memcpy(aut0, DEFAUT0, sizeof DEFAUT0); + return 0; + } + sc_mk_digest(pass, aut0); + memset(pass, 0, strlen(pass)); + xfree(pass); + return 0; +} + +static int +try_AUT0(void) +{ + u_char aut0[EVP_MAX_MD_SIZE]; + + /* permission denied; try PIN if provided */ + if (sc_pin && strlen(sc_pin) > 0) { + sc_mk_digest(sc_pin, aut0); + if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { + error("smartcard passphrase incorrect"); + return (-1); + } + } else { + /* try default AUT0 key */ + if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { + /* default AUT0 key failed; prompt for passphrase */ + if (get_AUT0(aut0) < 0 || + cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { + error("smartcard passphrase incorrect"); + return (-1); + } + } + } + return (0); +} + +int +sc_put_key(Key *prv, const char *id) +{ + u_char *elements[NUM_RSA_KEY_ELEMENTS]; + u_char key_fid[2]; + u_char AUT0[EVP_MAX_MD_SIZE]; + int len, status = -1, i, fd = -1, ret; + int sw = 0, cla = 0x00; + + for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) + elements[i] = NULL; + + COPY_RSA_KEY(q, 0); + COPY_RSA_KEY(p, 1); + COPY_RSA_KEY(iqmp, 2); + COPY_RSA_KEY(dmq1, 3); + COPY_RSA_KEY(dmp1, 4); + COPY_RSA_KEY(n, 5); + len = BN_num_bytes(prv->rsa->n); + fd = sectok_friendly_open(id, STONOWAIT, &sw); + if (fd < 0) { + error("sectok_open failed: %s", sectok_get_sw(sw)); + goto done; + } + if (! sectok_cardpresent(fd)) { + error("smartcard in reader %s not present", id); + goto done; + } + ret = sectok_reset(fd, 0, NULL, &sw); + if (ret <= 0) { + error("sectok_reset failed: %s", sectok_get_sw(sw)); + goto done; + } + if ((cla = cyberflex_inq_class(fd)) < 0) { + error("cyberflex_inq_class failed"); + goto done; + } + memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0)); + if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { + if (get_AUT0(AUT0) < 0 || + cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { + memset(AUT0, 0, sizeof(DEFAUT0)); + error("smartcard passphrase incorrect"); + goto done; + } + } + memset(AUT0, 0, sizeof(DEFAUT0)); + key_fid[0] = 0x00; + key_fid[1] = 0x12; + if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements, + &sw) < 0) { + error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw)); + goto done; + } + if (!sectok_swOK(sw)) + goto done; + logit("cyberflex_load_rsa_priv done"); + key_fid[0] = 0x73; + key_fid[1] = 0x68; + if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5], + &sw) < 0) { + error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw)); + goto done; + } + if (!sectok_swOK(sw)) + goto done; + logit("cyberflex_load_rsa_pub done"); + status = 0; + +done: + memset(elements[0], '\0', BN_num_bytes(prv->rsa->q)); + memset(elements[1], '\0', BN_num_bytes(prv->rsa->p)); + memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp)); + memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1)); + memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1)); + memset(elements[5], '\0', BN_num_bytes(prv->rsa->n)); + + for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) + if (elements[i]) + xfree(elements[i]); + if (fd != -1) + sectok_close(fd); + return (status); +} + +char * +sc_get_key_label(Key *key) +{ + return xstrdup("smartcard key"); +} + +#endif /* SMARTCARD && USE_SECTOK */