1 /* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */
3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #if defined(SMARTCARD) && defined(USE_SECTOK)
29 #include <sys/types.h>
35 #include <openssl/evp.h>
43 #if OPENSSL_VERSION_NUMBER < 0x00907000L
45 #define RSA_get_default_method RSA_get_default_openssl_method
50 #include <openssl/engine.h>
51 #define sc_get_rsa sc_get_engine
53 #define sc_get_rsa sc_get_rsa_method
57 #define INS_DECRYPT 0x10
58 #define INS_GET_KEYLENGTH 0x20
59 #define INS_GET_PUBKEY 0x30
60 #define INS_GET_RESPONSE 0xc0
62 #define MAX_BUF_SIZE 256
64 u_char DEFAUT0
[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63};
66 static int sc_fd
= -1;
67 static char *sc_reader_id
= NULL
;
68 static char *sc_pin
= NULL
;
69 static int cla
= 0x00; /* class */
71 static void sc_mk_digest(const char *pin
, u_char
*digest
);
72 static int get_AUT0(u_char
*aut0
);
73 static int try_AUT0(void);
75 /* interface to libsectok */
85 sc_fd
= sectok_friendly_open(sc_reader_id
, STONOWAIT
, &sw
);
87 error("sectok_open failed: %s", sectok_get_sw(sw
));
88 return SCARD_ERROR_FAIL
;
90 if (! sectok_cardpresent(sc_fd
)) {
91 debug("smartcard in reader %s not present, skipping",
94 return SCARD_ERROR_NOCARD
;
96 if (sectok_reset(sc_fd
, 0, NULL
, &sw
) <= 0) {
97 error("sectok_reset failed: %s", sectok_get_sw(sw
));
99 return SCARD_ERROR_FAIL
;
101 if ((cla
= cyberflex_inq_class(sc_fd
)) < 0)
104 debug("sc_open ok %d", sc_fd
);
109 sc_enable_applet(void)
111 static u_char aid
[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
114 /* select applet id */
115 sectok_apdu(sc_fd
, cla
, 0xa4, 0x04, 0, sizeof aid
, aid
, 0, NULL
, &sw
);
116 if (!sectok_swOK(sw
)) {
117 error("sectok_apdu failed: %s", sectok_get_sw(sw
));
130 if (status
== SCARD_ERROR_NOCARD
) {
131 return SCARD_ERROR_NOCARD
;
134 error("sc_open failed");
137 if (sc_enable_applet() < 0) {
138 error("sc_enable_applet failed");
139 return SCARD_ERROR_APPLET
;
145 sc_read_pubkey(Key
* k
)
149 int len
, sw
, status
= -1;
160 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_KEYLENGTH
, 0, 0, 0, NULL
,
161 sizeof(buf
), buf
, &sw
);
162 if (!sectok_swOK(sw
)) {
163 error("could not obtain key length: %s", sectok_get_sw(sw
));
166 len
= (buf
[0] << 8) | buf
[1];
168 debug("INS_GET_KEYLENGTH: len %d sw %s", len
, sectok_get_sw(sw
));
172 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_PUBKEY
, 0, 0, 0, NULL
, len
, n
, &sw
);
177 sectok_apdu(sc_fd
, CLA_SSH
, INS_GET_PUBKEY
, 0, 0, 0, NULL
, len
, n
, &sw
);
179 if (!sectok_swOK(sw
)) {
180 error("could not obtain public key: %s", sectok_get_sw(sw
));
184 debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw
));
186 if (BN_bin2bn(n
, len
, k
->rsa
->n
) == NULL
) {
187 error("c_read_pubkey: BN_bin2bn failed");
191 /* currently the java applet just stores 'n' */
192 if (!BN_set_word(k
->rsa
->e
, 35)) {
193 error("c_read_pubkey: BN_set_word(e, 35) failed");
198 p
= key_fingerprint(k
, SSH_FP_MD5
, SSH_FP_HEX
);
199 debug("fingerprint %u %s", key_size(k
), p
);
209 /* private key operations */
212 sc_private_decrypt(int flen
, u_char
*from
, u_char
*to
, RSA
*rsa
,
215 u_char
*padded
= NULL
;
216 int sw
, len
, olen
, status
= -1;
218 debug("sc_private_decrypt called");
226 if (padding
!= RSA_PKCS1_PADDING
)
229 len
= BN_num_bytes(rsa
->n
);
230 padded
= xmalloc(len
);
232 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, from
, len
, padded
, &sw
);
237 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, from
, len
, padded
, &sw
);
239 if (!sectok_swOK(sw
)) {
240 error("sc_private_decrypt: INS_DECRYPT failed: %s",
244 olen
= RSA_padding_check_PKCS1_type_2(to
, len
, padded
+ 1, len
- 1,
250 return (olen
>= 0 ? olen
: status
);
254 sc_private_encrypt(int flen
, u_char
*from
, u_char
*to
, RSA
*rsa
,
257 u_char
*padded
= NULL
;
258 int sw
, len
, status
= -1;
266 if (padding
!= RSA_PKCS1_PADDING
)
269 debug("sc_private_encrypt called");
270 len
= BN_num_bytes(rsa
->n
);
271 padded
= xmalloc(len
);
273 if (RSA_padding_add_PKCS1_type_1(padded
, len
, (u_char
*)from
, flen
) <= 0) {
274 error("RSA_padding_add_PKCS1_type_1 failed");
277 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, padded
, len
, to
, &sw
);
281 sectok_apdu(sc_fd
, CLA_SSH
, INS_DECRYPT
, 0, 0, len
, padded
, len
, to
, &sw
);
283 if (!sectok_swOK(sw
)) {
284 error("sc_private_encrypt: INS_DECRYPT failed: %s",
292 return (len
>= 0 ? len
: status
);
297 static int (*orig_finish
)(RSA
*rsa
) = NULL
;
308 /* engine for overloading private key operations */
311 sc_get_rsa_method(void)
313 static RSA_METHOD smart_rsa
;
314 const RSA_METHOD
*def
= RSA_get_default_method();
316 /* use the OpenSSL version */
317 memcpy(&smart_rsa
, def
, sizeof(smart_rsa
));
319 smart_rsa
.name
= "sectok";
322 smart_rsa
.rsa_priv_enc
= sc_private_encrypt
;
323 smart_rsa
.rsa_priv_dec
= sc_private_decrypt
;
326 orig_finish
= def
->finish
;
327 smart_rsa
.finish
= sc_finish
;
336 static ENGINE
*smart_engine
= NULL
;
338 if ((smart_engine
= ENGINE_new()) == NULL
)
339 fatal("ENGINE_new failed");
341 ENGINE_set_id(smart_engine
, "sectok");
342 ENGINE_set_name(smart_engine
, "libsectok");
344 ENGINE_set_RSA(smart_engine
, sc_get_rsa_method());
345 ENGINE_set_DSA(smart_engine
, DSA_get_default_openssl_method());
346 ENGINE_set_DH(smart_engine
, DH_get_default_openssl_method());
347 ENGINE_set_RAND(smart_engine
, RAND_SSLeay());
348 ENGINE_set_BN_mod_exp(smart_engine
, BN_mod_exp
);
364 sc_get_keys(const char *id
, const char *pin
)
367 int status
, nkeys
= 2;
369 if (sc_reader_id
!= NULL
)
371 sc_reader_id
= xstrdup(id
);
375 sc_pin
= (pin
== NULL
) ? NULL
: xstrdup(pin
);
377 k
= key_new(KEY_RSA
);
381 status
= sc_read_pubkey(k
);
382 if (status
== SCARD_ERROR_NOCARD
) {
387 error("sc_read_pubkey failed");
391 keys
= xcalloc((nkeys
+1), sizeof(Key
*));
393 n
= key_new(KEY_RSA1
);
394 if ((BN_copy(n
->rsa
->n
, k
->rsa
->n
) == NULL
) ||
395 (BN_copy(n
->rsa
->e
, k
->rsa
->e
) == NULL
))
396 fatal("sc_get_keys: BN_copy failed");
397 RSA_set_method(n
->rsa
, sc_get_rsa());
398 n
->flags
|= KEY_FLAG_EXT
;
401 n
= key_new(KEY_RSA
);
402 if ((BN_copy(n
->rsa
->n
, k
->rsa
->n
) == NULL
) ||
403 (BN_copy(n
->rsa
->e
, k
->rsa
->e
) == NULL
))
404 fatal("sc_get_keys: BN_copy failed");
405 RSA_set_method(n
->rsa
, sc_get_rsa());
406 n
->flags
|= KEY_FLAG_EXT
;
415 #define NUM_RSA_KEY_ELEMENTS 5+1
416 #define COPY_RSA_KEY(x, i) \
418 len = BN_num_bytes(prv->rsa->x); \
419 elements[i] = xmalloc(len); \
420 debug("#bytes %d", len); \
421 if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
426 sc_mk_digest(const char *pin
, u_char
*digest
)
428 const EVP_MD
*evp_md
= EVP_sha1();
431 EVP_DigestInit(&md
, evp_md
);
432 EVP_DigestUpdate(&md
, pin
, strlen(pin
));
433 EVP_DigestFinal(&md
, digest
, NULL
);
437 get_AUT0(u_char
*aut0
)
441 pass
= read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN
);
444 if (!strcmp(pass
, "-")) {
445 memcpy(aut0
, DEFAUT0
, sizeof DEFAUT0
);
448 sc_mk_digest(pass
, aut0
);
449 memset(pass
, 0, strlen(pass
));
457 u_char aut0
[EVP_MAX_MD_SIZE
];
459 /* permission denied; try PIN if provided */
460 if (sc_pin
&& strlen(sc_pin
) > 0) {
461 sc_mk_digest(sc_pin
, aut0
);
462 if (cyberflex_verify_AUT0(sc_fd
, cla
, aut0
, 8) < 0) {
463 error("smartcard passphrase incorrect");
467 /* try default AUT0 key */
468 if (cyberflex_verify_AUT0(sc_fd
, cla
, DEFAUT0
, 8) < 0) {
469 /* default AUT0 key failed; prompt for passphrase */
470 if (get_AUT0(aut0
) < 0 ||
471 cyberflex_verify_AUT0(sc_fd
, cla
, aut0
, 8) < 0) {
472 error("smartcard passphrase incorrect");
481 sc_put_key(Key
*prv
, const char *id
)
483 u_char
*elements
[NUM_RSA_KEY_ELEMENTS
];
485 u_char AUT0
[EVP_MAX_MD_SIZE
];
486 int len
, status
= -1, i
, fd
= -1, ret
;
487 int sw
= 0, cla
= 0x00;
489 for (i
= 0; i
< NUM_RSA_KEY_ELEMENTS
; i
++)
494 COPY_RSA_KEY(iqmp
, 2);
495 COPY_RSA_KEY(dmq1
, 3);
496 COPY_RSA_KEY(dmp1
, 4);
498 len
= BN_num_bytes(prv
->rsa
->n
);
499 fd
= sectok_friendly_open(id
, STONOWAIT
, &sw
);
501 error("sectok_open failed: %s", sectok_get_sw(sw
));
504 if (! sectok_cardpresent(fd
)) {
505 error("smartcard in reader %s not present", id
);
508 ret
= sectok_reset(fd
, 0, NULL
, &sw
);
510 error("sectok_reset failed: %s", sectok_get_sw(sw
));
513 if ((cla
= cyberflex_inq_class(fd
)) < 0) {
514 error("cyberflex_inq_class failed");
517 memcpy(AUT0
, DEFAUT0
, sizeof(DEFAUT0
));
518 if (cyberflex_verify_AUT0(fd
, cla
, AUT0
, sizeof(DEFAUT0
)) < 0) {
519 if (get_AUT0(AUT0
) < 0 ||
520 cyberflex_verify_AUT0(fd
, cla
, AUT0
, sizeof(DEFAUT0
)) < 0) {
521 memset(AUT0
, 0, sizeof(DEFAUT0
));
522 error("smartcard passphrase incorrect");
526 memset(AUT0
, 0, sizeof(DEFAUT0
));
529 if (cyberflex_load_rsa_priv(fd
, cla
, key_fid
, 5, 8*len
, elements
,
531 error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw
));
534 if (!sectok_swOK(sw
))
536 logit("cyberflex_load_rsa_priv done");
539 if (cyberflex_load_rsa_pub(fd
, cla
, key_fid
, len
, elements
[5],
541 error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw
));
544 if (!sectok_swOK(sw
))
546 logit("cyberflex_load_rsa_pub done");
550 memset(elements
[0], '\0', BN_num_bytes(prv
->rsa
->q
));
551 memset(elements
[1], '\0', BN_num_bytes(prv
->rsa
->p
));
552 memset(elements
[2], '\0', BN_num_bytes(prv
->rsa
->iqmp
));
553 memset(elements
[3], '\0', BN_num_bytes(prv
->rsa
->dmq1
));
554 memset(elements
[4], '\0', BN_num_bytes(prv
->rsa
->dmp1
));
555 memset(elements
[5], '\0', BN_num_bytes(prv
->rsa
->n
));
557 for (i
= 0; i
< NUM_RSA_KEY_ELEMENTS
; i
++)
566 sc_get_key_label(Key
*key
)
568 return xstrdup("smartcard key");
571 #endif /* SMARTCARD && USE_SECTOK */