- markus@cvs.openbsd.org 2010/02/08 10:50:20

[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
author: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
committer: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
commit: 7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree: 44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh-pkcs11.c
parent: 17751bcab25681d341442fdc2386a30a6bea345e (diff)
1 files changed, 544 insertions, 0 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
new file mode 100644
index 000000000..f82454329
--- /dev/null
+++ b/ssh-pkcs11.c
@@ -0,0 +1,544 @@
+/*
+ * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/types.h>
+#include <sys/queue.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <dlfcn.h>
+#define CRYPTOKI_COMPAT
+#include "pkcs11.h"
+#include "log.h"
+#include "misc.h"
+#include "key.h"
+#include "ssh-pkcs11.h"
+#include "xmalloc.h"
+struct pkcs11_slotinfo {
+        CK_TOKEN_INFO           token;
+        CK_SESSION_HANDLE       session;
+        int                     logged_in;
+};
+struct pkcs11_provider {
+        char                    *name;
+        void                    *handle;
+        CK_FUNCTION_LIST        *function_list;
+        CK_INFO                 info;
+        CK_ULONG                nslots;
+        CK_SLOT_ID              *slotlist;
+        struct pkcs11_slotinfo  *slotinfo;
+        int                     valid;
+        int                     refcount;
+        TAILQ_ENTRY(pkcs11_provider) next;
+};
+TAILQ_HEAD(, pkcs11_provider) pkcs11_providers;
+struct pkcs11_key {
+        struct pkcs11_provider  *provider;
+        CK_ULONG                slotidx;
+        int                     (*orig_finish)(RSA *rsa);
+        RSA_METHOD              rsa_method;
+        char                    *keyid;
+        int                     keyid_len;
+};
+int pkcs11_interactive = 0;
+int
+pkcs11_init(int interactive)
+{
+        pkcs11_interactive = interactive;
+        TAILQ_INIT(&pkcs11_providers);
+        return (0);
+}
+/*
+ * finalize a provider shared libarary, it's no longer usable.
+ * however, there might still be keys referencing this provider,
+ * so the actuall freeing of memory is handled by pkcs11_provider_unref().
+ * this is called when a provider gets unregistered.
+ */
+static void
+pkcs11_provider_finalize(struct pkcs11_provider *p)
+{
+        CK_RV rv;
+        CK_ULONG i;
+        debug("pkcs11_provider_finalize: %p refcount %d valid %d",
+            p, p->refcount, p->valid);
+        if (!p->valid)
+                return;
+        for (i = 0; i < p->nslots; i++) {
+                if (p->slotinfo[i].session &&
+                    (rv = p->function_list->C_CloseSession(
+                    p->slotinfo[i].session)) != CKR_OK)
+                        error("C_CloseSession failed: %lu", rv);
+        }
+        if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK)
+                error("C_Finalize failed: %lu", rv);
+        p->valid = 0;
+        p->function_list = NULL;
+        dlclose(p->handle);
+}
+/*
+ * remove a reference to the provider.
+ * called when a key gets destroyed or when the provider is unregistered.
+ */
+static void
+pkcs11_provider_unref(struct pkcs11_provider *p)
+{
+        debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
+        if (--p->refcount <= 0) {
+                if (p->valid)
+                        error("pkcs11_provider_unref: %p still valid", p);
+                xfree(p->slotlist);
+                xfree(p->slotinfo);
+                xfree(p);
+        }
+}
+/* unregister all providers, keys might still point to the providers */
+void
+pkcs11_terminate(void)
+{
+        struct pkcs11_provider *p;
+        while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) {
+                TAILQ_REMOVE(&pkcs11_providers, p, next);
+                pkcs11_provider_finalize(p);
+                pkcs11_provider_unref(p);
+        }
+}
+/* lookup provider by name */
+static struct pkcs11_provider *
+pkcs11_provider_lookup(char *provider_id)
+{
+        struct pkcs11_provider *p;
+        TAILQ_FOREACH(p, &pkcs11_providers, next) {
+                debug("check %p %s", p, p->name);
+                if (!strcmp(provider_id, p->name))
+                        return (p);
+        }
+        return (NULL);
+}
+/* unregister provider by name */
+int
+pkcs11_del_provider(char *provider_id)
+{
+        struct pkcs11_provider *p;
+        if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
+                TAILQ_REMOVE(&pkcs11_providers, p, next);
+                pkcs11_provider_finalize(p);
+                pkcs11_provider_unref(p);
+                return (0);
+        }
+        return (-1);
+}
+/* openssl callback for freeing an RSA key */
+static int
+pkcs11_rsa_finish(RSA *rsa)
+{
+        struct pkcs11_key       *k11;
+        int rv = -1;
+        if ((k11 = RSA_get_app_data(rsa)) != NULL) {
+                if (k11->orig_finish)
+                        rv = k11->orig_finish(rsa);
+                if (k11->provider)
+                        pkcs11_provider_unref(k11->provider);
+                if (k11->keyid)
+                        xfree(k11->keyid);
+                xfree(k11);
+        }
+        return (rv);
+}
+/* openssl callback doing the actual signing operation */
+static int
+pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+    int padding)
+{
+        struct pkcs11_key       *k11;
+        struct pkcs11_slotinfo  *si;
+        CK_FUNCTION_LIST        *f;
+        CK_OBJECT_HANDLE        obj;
+        CK_ULONG                tlen = 0, nfound = 0;
+        CK_RV                   rv;
+        CK_OBJECT_CLASS         private_key_class = CKO_PRIVATE_KEY;
+        CK_BBOOL                true = CK_TRUE;
+        CK_MECHANISM            mech = {
+                CKM_RSA_PKCS, NULL_PTR, 0
+        };
+        CK_ATTRIBUTE            key_filter[] = {
+                {CKA_CLASS, &private_key_class, sizeof(private_key_class) },
+                {CKA_ID, NULL, 0},
+                {CKA_SIGN, &true, sizeof(true) }
+        };
+        char                    *pin, prompt[1024];
+        int                     rval = -1;
+        if ((k11 = RSA_get_app_data(rsa)) == NULL) {
+                error("RSA_get_app_data failed for rsa %p", rsa);
+                return (-1);
+        }
+        if (!k11->provider || !k11->provider->valid) {
+                error("no pkcs11 (valid) provider for rsa %p", rsa);
+                return (-1);
+        }
+        f = k11->provider->function_list;
+        si = &k11->provider->slotinfo[k11->slotidx];
+        if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
+                if (!pkcs11_interactive) {
+                        error("need pin");
+                        return (-1);
+                }
+                snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
+                    si->token.label);
+                pin = read_passphrase(prompt, RP_ALLOW_EOF);
+                if (pin == NULL)
+                        return (-1);    /* bail out */
+                if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
+                    != CKR_OK) {
+                        xfree(pin);
+                        error("C_Login failed: %lu", rv);
+                        return (-1);
+                }
+                xfree(pin);
+                si->logged_in = 1;
+        }
+        key_filter[1].pValue = k11->keyid;
+        key_filter[1].ulValueLen = k11->keyid_len;
+        if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) {
+                error("C_FindObjectsInit failed: %lu", rv);
+                return (-1);
+        }
+        if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK ||
+            nfound != 1) {
+                error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
+        } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
+                error("C_SignInit failed: %lu", rv);
+        } else {
+                /* XXX handle CKR_BUFFER_TOO_SMALL */
+                tlen = RSA_size(rsa);
+                rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
+                if (rv == CKR_OK) 
+                        rval = tlen;
+                else 
+                        error("C_Sign failed: %lu", rv);
+        }
+        if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
+                error("C_FindObjectsFinal failed: %lu", rv);
+        return (rval);
+}
+static int
+pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+    int padding)
+{
+        return (-1);
+}
+/* redirect private key operations for rsa key to pkcs11 token */
+static int
+pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
+    CK_ATTRIBUTE *keyid_attrib, RSA *rsa)
+{
+        struct pkcs11_key       *k11;
+        const RSA_METHOD        *def = RSA_get_default_method();
+        k11 = xcalloc(1, sizeof(*k11));
+        k11->provider = provider;
+        provider->refcount++;   /* provider referenced by RSA key */
+        k11->slotidx = slotidx;
+        /* identify key object on smartcard */
+        k11->keyid_len = keyid_attrib->ulValueLen;
+        k11->keyid = xmalloc(k11->keyid_len);
+        memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
+        k11->orig_finish = def->finish;
+        memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
+        k11->rsa_method.name = "pkcs11";
+        k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
+        k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
+        k11->rsa_method.finish = pkcs11_rsa_finish;
+        RSA_set_method(rsa, &k11->rsa_method);
+        RSA_set_app_data(rsa, k11);
+        return (0);
+}
+/* remove trailing spaces */
+static void
+rmspace(char *buf, size_t len)
+{
+        size_t i;
+        if (!len)
+                return;
+        for (i = len - 1;  i > 0; i--)
+                if (i == len - 1 || buf[i] == ' ')
+                        buf[i] = '\0';
+                else
+                        break;
+}
+/*
+ * open a pkcs11 session and login if required.
+ * if pin == NULL we delay login until key use
+ */
+static int
+pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
+{
+        CK_RV                   rv;
+        CK_FUNCTION_LIST        *f;
+        CK_SESSION_HANDLE       session;
+        int                     login_required;
+        f = p->function_list;
+        login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
+        if (pin && login_required && !strlen(pin)) {
+                error("pin required");
+                return (-1);
+        }
+        if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
+            CKF_SERIAL_SESSION, NULL, NULL, &session))
+            != CKR_OK) {
+                error("C_OpenSession failed: %lu", rv);
+                return (-1);
+        }
+        if (login_required && pin) {
+                if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin)))
+                    != CKR_OK) {
+                        error("C_Login failed: %lu", rv);
+                        if ((rv = f->C_CloseSession(session)) != CKR_OK)
+                                error("C_CloseSession failed: %lu", rv);
+                        return (-1);
+                }
+                p->slotinfo[slotidx].logged_in = 1;
+        }
+        p->slotinfo[slotidx].session = session;
+        return (0);
+}
+/*
+ * lookup public keys for token in slot identified by slotidx,
+ * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
+ * keysp points to an (possibly empty) array with *nkeys keys.
+ */
+static int
+pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp,
+    int *nkeys)
+{
+        Key                     *key;
+        RSA                     *rsa;
+        int                     i;
+        CK_RV                   rv;
+        CK_OBJECT_HANDLE        obj;
+        CK_ULONG                nfound;
+        CK_SESSION_HANDLE       session;
+        CK_FUNCTION_LIST        *f;
+        CK_OBJECT_CLASS         pubkey_class = CKO_PUBLIC_KEY;
+        CK_ATTRIBUTE            pubkey_filter[] = {
+                { CKA_CLASS, &pubkey_class, sizeof(pubkey_class) }
+        };
+        CK_ATTRIBUTE            attribs[] = {
+                { CKA_ID, NULL, 0 },
+                { CKA_MODULUS, NULL, 0 },
+                { CKA_PUBLIC_EXPONENT, NULL, 0 }
+        };
+        f = p->function_list;
+        session = p->slotinfo[slotidx].session;
+        /* setup a filter the looks for public keys */
+        if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) {
+                error("C_FindObjectsInit failed: %lu", rv);
+                return (-1);
+        }
+        while (1) {
+                /* XXX 3 attributes in attribs[] */
+                for (i = 0; i < 3; i++) {
+                        attribs[i].pValue = NULL;
+                        attribs[i].ulValueLen = 0;
+                }
+                if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK
+                    || nfound == 0)
+                        break;
+                /* found a key, so figure out size of the attributes */
+                if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
+                    != CKR_OK) {
+                        error("C_GetAttributeValue failed: %lu", rv);
+                        continue;
+                }
+                /* allocate buffers for attributes, XXX check ulValueLen? */
+                for (i = 0; i < 3; i++)
+                        attribs[i].pValue = xmalloc(attribs[i].ulValueLen);
+                /* retrieve ID, modulus and public exponent of RSA key */
+                if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
+                    != CKR_OK) {
+                        error("C_GetAttributeValue failed: %lu", rv);
+                } else if ((rsa = RSA_new()) == NULL) {
+                        error("RSA_new failed");
+                } else {
+                        rsa->n = BN_bin2bn(attribs[1].pValue,
+                            attribs[1].ulValueLen, NULL);
+                        rsa->e = BN_bin2bn(attribs[2].pValue,
+                            attribs[2].ulValueLen, NULL);
+                        if (rsa->n && rsa->e &&
+                            pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
+                                key = key_new(KEY_UNSPEC);
+                                key->rsa = rsa;
+                                key->type = KEY_RSA;
+                                key->flags |= KEY_FLAG_EXT;
+                                /* expand key array and add key */
+                                *keysp = xrealloc(*keysp, *nkeys + 1,
+                                    sizeof(Key *));
+                                (*keysp)[*nkeys] = key;
+                                *nkeys = *nkeys + 1;
+                                debug("have %d keys", *nkeys);
+                        } else {
+                                RSA_free(rsa);
+                        }
+                }
+                for (i = 0; i < 3; i++)
+                        xfree(attribs[i].pValue);
+        }
+        if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
+                error("C_FindObjectsFinal failed: %lu", rv);
+        return (0);
+}
+/* register a new provider, fails if provider already exists */
+int
+pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp)
+{
+        int nkeys, need_finalize = 0;
+        struct pkcs11_provider *p = NULL;
+        void *handle = NULL;
+        CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **);
+        CK_RV rv;
+        CK_FUNCTION_LIST *f = NULL;
+        CK_TOKEN_INFO *token;
+        CK_ULONG i;
+        *keyp = NULL;
+        if (pkcs11_provider_lookup(provider_id) != NULL) {
+                error("provider already registered: %s", provider_id);
+                goto fail;
+        }
+        /* open shared pkcs11-libarary */
+        if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
+                error("dlopen %s failed: %s", provider_id, dlerror());
+                goto fail;
+        }
+        if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+                error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+                goto fail;
+        }
+        p = xcalloc(1, sizeof(*p));
+        p->name = xstrdup(provider_id);
+        p->handle = handle;
+        /* setup the pkcs11 callbacks */
+        if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
+                error("C_GetFunctionList failed: %lu", rv);
+                goto fail;
+        }
+        p->function_list = f;
+        if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
+                error("C_Initialize failed: %lu", rv);
+                goto fail;
+        }
+        need_finalize = 1;
+        if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) {
+                error("C_GetInfo failed: %lu", rv);
+                goto fail;
+        }
+        rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));
+        rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));
+        debug("manufacturerID <%s> cryptokiVersion %d.%d"
+            " libraryDescription <%s> libraryVersion %d.%d",
+            p->info.manufacturerID,
+            p->info.cryptokiVersion.major,
+            p->info.cryptokiVersion.minor,
+            p->info.libraryDescription,
+            p->info.libraryVersion.major,
+            p->info.libraryVersion.minor);
+        if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) {
+                error("C_GetSlotList failed: %lu", rv);
+                goto fail;
+        }
+        if (p->nslots == 0) {
+                error("no slots");
+                goto fail;
+        }
+        p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));
+        if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots))
+            != CKR_OK) {
+                error("C_GetSlotList failed: %lu", rv);
+                goto fail;
+        }
+        p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo));
+        p->valid = 1;
+        nkeys = 0;
+        for (i = 0; i < p->nslots; i++) {
+                token = &p->slotinfo[i].token;
+                if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
+                    != CKR_OK) {
+                        error("C_GetTokenInfo failed: %lu", rv);
+                        continue;
+                }
+                rmspace(token->label, sizeof(token->label));
+                rmspace(token->manufacturerID, sizeof(token->manufacturerID));
+                rmspace(token->model, sizeof(token->model));
+                rmspace(token->serialNumber, sizeof(token->serialNumber));
+                debug("label <%s> manufacturerID <%s> model <%s> serial <%s>"
+                    " flags 0x%lx",
+                    token->label, token->manufacturerID, token->model,
+                    token->serialNumber, token->flags);
+                /* open session, login with pin and retrieve public keys */
+                if (pkcs11_open_session(p, i, pin) == 0)
+                        pkcs11_fetch_keys(p, i, keyp, &nkeys);
+        }
+        if (nkeys > 0) {
+                TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
+                p->refcount++;  /* add to provider list */
+                return (nkeys);
+        }
+        error("no keys");
+        /* don't add the provider, since it does not have any keys */
+fail:
+        if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
+                error("C_Finalize failed: %lu", rv);
+        if (p) {
+                if (p->slotlist)
+                        xfree(p->slotlist);
+                if (p->slotinfo)
+                        xfree(p->slotinfo);
+                xfree(p);
+        }
+        if (handle)
+                dlclose(handle);
+        return (-1);
+}
author	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
committer	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
commit	7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree	44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh-pkcs11.c
parent	17751bcab25681d341442fdc2386a30a6bea345e (diff)

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c new file mode 100644 index 000000000..f82454329 --- /dev/null +++ b/ssh-pkcs11.c
@@ -0,0 +1,544 @@
	1	/*
	2	* Copyright (c) 2010 Markus Friedl. All rights reserved.
	3	*
	4	* Permission to use, copy, modify, and distribute this software for any
	5	* purpose with or without fee is hereby granted, provided that the above
	6	* copyright notice and this permission notice appear in all copies.
	7	*
	8	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	9	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	10	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	11	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	12	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	13	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	15	*/
	16
	17	#include <sys/types.h>
	18	#include <sys/queue.h>
	19	#include <stdarg.h>
	20	#include <stdio.h>
	21
	22	#include <string.h>
	23	#include <dlfcn.h>
	24
	25	#define CRYPTOKI_COMPAT
	26	#include "pkcs11.h"
	27
	28	#include "log.h"
	29	#include "misc.h"
	30	#include "key.h"
	31	#include "ssh-pkcs11.h"
	32	#include "xmalloc.h"
	33
	34	struct pkcs11_slotinfo {
	35	CK_TOKEN_INFO token;
	36	CK_SESSION_HANDLE session;
	37	int logged_in;
	38	};
	39
	40	struct pkcs11_provider {
	41	char *name;
	42	void *handle;
	43	CK_FUNCTION_LIST *function_list;
	44	CK_INFO info;
	45	CK_ULONG nslots;
	46	CK_SLOT_ID *slotlist;
	47	struct pkcs11_slotinfo *slotinfo;
	48	int valid;
	49	int refcount;
	50	TAILQ_ENTRY(pkcs11_provider) next;
	51	};
	52
	53	TAILQ_HEAD(, pkcs11_provider) pkcs11_providers;
	54
	55	struct pkcs11_key {
	56	struct pkcs11_provider *provider;
	57	CK_ULONG slotidx;
	58	int (orig_finish)(RSA rsa);
	59	RSA_METHOD rsa_method;
	60	char *keyid;
	61	int keyid_len;
	62	};
	63
	64	int pkcs11_interactive = 0;
	65
	66	int
	67	pkcs11_init(int interactive)
	68	{
	69	pkcs11_interactive = interactive;
	70	TAILQ_INIT(&pkcs11_providers);
	71	return (0);
	72	}
	73
	74	/*
	75	* finalize a provider shared libarary, it's no longer usable.
	76	* however, there might still be keys referencing this provider,
	77	* so the actuall freeing of memory is handled by pkcs11_provider_unref().
	78	* this is called when a provider gets unregistered.
	79	*/
	80	static void
	81	pkcs11_provider_finalize(struct pkcs11_provider *p)
	82	{
	83	CK_RV rv;
	84	CK_ULONG i;
	85
	86	debug("pkcs11_provider_finalize: %p refcount %d valid %d",
	87	p, p->refcount, p->valid);
	88	if (!p->valid)
	89	return;
	90	for (i = 0; i < p->nslots; i++) {
	91	if (p->slotinfo[i].session &&
	92	(rv = p->function_list->C_CloseSession(
	93	p->slotinfo[i].session)) != CKR_OK)
	94	error("C_CloseSession failed: %lu", rv);
	95	}
	96	if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK)
	97	error("C_Finalize failed: %lu", rv);
	98	p->valid = 0;
	99	p->function_list = NULL;
	100	dlclose(p->handle);
	101	}
	102
	103	/*
	104	* remove a reference to the provider.
	105	* called when a key gets destroyed or when the provider is unregistered.
	106	*/
	107	static void
	108	pkcs11_provider_unref(struct pkcs11_provider *p)
	109	{
	110	debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
	111	if (--p->refcount <= 0) {
	112	if (p->valid)
	113	error("pkcs11_provider_unref: %p still valid", p);
	114	xfree(p->slotlist);
	115	xfree(p->slotinfo);
	116	xfree(p);
	117	}
	118	}
	119
	120	/* unregister all providers, keys might still point to the providers */
	121	void
	122	pkcs11_terminate(void)
	123	{
	124	struct pkcs11_provider *p;
	125
	126	while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) {
	127	TAILQ_REMOVE(&pkcs11_providers, p, next);
	128	pkcs11_provider_finalize(p);
	129	pkcs11_provider_unref(p);
	130	}
	131	}
	132
	133	/* lookup provider by name */
	134	static struct pkcs11_provider *
	135	pkcs11_provider_lookup(char *provider_id)
	136	{
	137	struct pkcs11_provider *p;
	138
	139	TAILQ_FOREACH(p, &pkcs11_providers, next) {
	140	debug("check %p %s", p, p->name);
	141	if (!strcmp(provider_id, p->name))
	142	return (p);
	143	}
	144	return (NULL);
	145	}
	146
	147	/* unregister provider by name */
	148	int
	149	pkcs11_del_provider(char *provider_id)
	150	{
	151	struct pkcs11_provider *p;
	152
	153	if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
	154	TAILQ_REMOVE(&pkcs11_providers, p, next);
	155	pkcs11_provider_finalize(p);
	156	pkcs11_provider_unref(p);
	157	return (0);
	158	}
	159	return (-1);
	160	}
	161
	162	/* openssl callback for freeing an RSA key */
	163	static int
	164	pkcs11_rsa_finish(RSA *rsa)
	165	{
	166	struct pkcs11_key *k11;
	167	int rv = -1;
	168
	169	if ((k11 = RSA_get_app_data(rsa)) != NULL) {
	170	if (k11->orig_finish)
	171	rv = k11->orig_finish(rsa);
	172	if (k11->provider)
	173	pkcs11_provider_unref(k11->provider);
	174	if (k11->keyid)
	175	xfree(k11->keyid);
	176	xfree(k11);
	177	}
	178	return (rv);
	179	}
	180
	181	/* openssl callback doing the actual signing operation */
	182	static int
	183	pkcs11_rsa_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,
	184	int padding)
	185	{
	186	struct pkcs11_key *k11;
	187	struct pkcs11_slotinfo *si;
	188	CK_FUNCTION_LIST *f;
	189	CK_OBJECT_HANDLE obj;
	190	CK_ULONG tlen = 0, nfound = 0;
	191	CK_RV rv;
	192	CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;
	193	CK_BBOOL true = CK_TRUE;
	194	CK_MECHANISM mech = {
	195	CKM_RSA_PKCS, NULL_PTR, 0
	196	};
	197	CK_ATTRIBUTE key_filter[] = {
	198	{CKA_CLASS, &private_key_class, sizeof(private_key_class) },
	199	{CKA_ID, NULL, 0},
	200	{CKA_SIGN, &true, sizeof(true) }
	201	};
	202	char *pin, prompt[1024];
	203	int rval = -1;
	204
	205	if ((k11 = RSA_get_app_data(rsa)) == NULL) {
	206	error("RSA_get_app_data failed for rsa %p", rsa);
	207	return (-1);
	208	}
	209	if (!k11->provider \|\| !k11->provider->valid) {
	210	error("no pkcs11 (valid) provider for rsa %p", rsa);
	211	return (-1);
	212	}
	213	f = k11->provider->function_list;
	214	si = &k11->provider->slotinfo[k11->slotidx];
	215	if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
	216	if (!pkcs11_interactive) {
	217	error("need pin");
	218	return (-1);
	219	}
	220	snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
	221	si->token.label);
	222	pin = read_passphrase(prompt, RP_ALLOW_EOF);
	223	if (pin == NULL)
	224	return (-1); /* bail out */
	225	if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
	226	!= CKR_OK) {
	227	xfree(pin);
	228	error("C_Login failed: %lu", rv);
	229	return (-1);
	230	}
	231	xfree(pin);
	232	si->logged_in = 1;
	233	}
	234	key_filter[1].pValue = k11->keyid;
	235	key_filter[1].ulValueLen = k11->keyid_len;
	236	if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) {
	237	error("C_FindObjectsInit failed: %lu", rv);
	238	return (-1);
	239	}
	240	if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK \|\|
	241	nfound != 1) {
	242	error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
	243	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
	244	error("C_SignInit failed: %lu", rv);
	245	} else {
	246	/* XXX handle CKR_BUFFER_TOO_SMALL */
	247	tlen = RSA_size(rsa);
	248	rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
	249	if (rv == CKR_OK)
	250	rval = tlen;
	251	else
	252	error("C_Sign failed: %lu", rv);
	253	}
	254	if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
	255	error("C_FindObjectsFinal failed: %lu", rv);
	256	return (rval);
	257	}
	258
	259	static int
	260	pkcs11_rsa_private_decrypt(int flen, const u_char from, u_char to, RSA *rsa,
	261	int padding)
	262	{
	263	return (-1);
	264	}
	265
	266	/* redirect private key operations for rsa key to pkcs11 token */
	267	static int
	268	pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
	269	CK_ATTRIBUTE keyid_attrib, RSA rsa)
	270	{
	271	struct pkcs11_key *k11;
	272	const RSA_METHOD *def = RSA_get_default_method();
	273
	274	k11 = xcalloc(1, sizeof(*k11));
	275	k11->provider = provider;
	276	provider->refcount++; /* provider referenced by RSA key */
	277	k11->slotidx = slotidx;
	278	/* identify key object on smartcard */
	279	k11->keyid_len = keyid_attrib->ulValueLen;
	280	k11->keyid = xmalloc(k11->keyid_len);
	281	memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
	282	k11->orig_finish = def->finish;
	283	memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
	284	k11->rsa_method.name = "pkcs11";
	285	k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
	286	k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
	287	k11->rsa_method.finish = pkcs11_rsa_finish;
	288	RSA_set_method(rsa, &k11->rsa_method);
	289	RSA_set_app_data(rsa, k11);
	290	return (0);
	291	}
	292
	293	/* remove trailing spaces */
	294	static void
	295	rmspace(char *buf, size_t len)
	296	{
	297	size_t i;
	298
	299	if (!len)
	300	return;
	301	for (i = len - 1; i > 0; i--)
	302	if (i == len - 1 \|\| buf[i] == ' ')
	303	buf[i] = '\0';
	304	else
	305	break;
	306	}
	307
	308	/*
	309	* open a pkcs11 session and login if required.
	310	* if pin == NULL we delay login until key use
	311	*/
	312	static int
	313	pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin)
	314	{
	315	CK_RV rv;
	316	CK_FUNCTION_LIST *f;
	317	CK_SESSION_HANDLE session;
	318	int login_required;
	319
	320	f = p->function_list;
	321	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
	322	if (pin && login_required && !strlen(pin)) {
	323	error("pin required");
	324	return (-1);
	325	}
	326	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|
	327	CKF_SERIAL_SESSION, NULL, NULL, &session))
	328	!= CKR_OK) {
	329	error("C_OpenSession failed: %lu", rv);
	330	return (-1);
	331	}
	332	if (login_required && pin) {
	333	if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin)))
	334	!= CKR_OK) {
	335	error("C_Login failed: %lu", rv);
	336	if ((rv = f->C_CloseSession(session)) != CKR_OK)
	337	error("C_CloseSession failed: %lu", rv);
	338	return (-1);
	339	}
	340	p->slotinfo[slotidx].logged_in = 1;
	341	}
	342	p->slotinfo[slotidx].session = session;
	343	return (0);
	344	}
	345
	346	/*
	347	* lookup public keys for token in slot identified by slotidx,
	348	* add 'wrapped' public keys to the 'keysp' array and increment nkeys.
	349	* keysp points to an (possibly empty) array with *nkeys keys.
	350	*/
	351	static int
	352	pkcs11_fetch_keys(struct pkcs11_provider p, CK_ULONG slotidx, Key **keysp,
	353	int *nkeys)
	354	{
	355	Key *key;
	356	RSA *rsa;
	357	int i;
	358	CK_RV rv;
	359	CK_OBJECT_HANDLE obj;
	360	CK_ULONG nfound;
	361	CK_SESSION_HANDLE session;
	362	CK_FUNCTION_LIST *f;
	363	CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
	364	CK_ATTRIBUTE pubkey_filter[] = {
	365	{ CKA_CLASS, &pubkey_class, sizeof(pubkey_class) }
	366	};
	367	CK_ATTRIBUTE attribs[] = {
	368	{ CKA_ID, NULL, 0 },
	369	{ CKA_MODULUS, NULL, 0 },
	370	{ CKA_PUBLIC_EXPONENT, NULL, 0 }
	371	};
	372
	373	f = p->function_list;
	374	session = p->slotinfo[slotidx].session;
	375	/* setup a filter the looks for public keys */
	376	if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) {
	377	error("C_FindObjectsInit failed: %lu", rv);
	378	return (-1);
	379	}
	380	while (1) {
	381	/* XXX 3 attributes in attribs[] */
	382	for (i = 0; i < 3; i++) {
	383	attribs[i].pValue = NULL;
	384	attribs[i].ulValueLen = 0;
	385	}
	386	if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK
	387	\|\| nfound == 0)
	388	break;
	389	/* found a key, so figure out size of the attributes */
	390	if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
	391	!= CKR_OK) {
	392	error("C_GetAttributeValue failed: %lu", rv);
	393	continue;
	394	}
	395	/* allocate buffers for attributes, XXX check ulValueLen? */
	396	for (i = 0; i < 3; i++)
	397	attribs[i].pValue = xmalloc(attribs[i].ulValueLen);
	398	/* retrieve ID, modulus and public exponent of RSA key */
	399	if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
	400	!= CKR_OK) {
	401	error("C_GetAttributeValue failed: %lu", rv);
	402	} else if ((rsa = RSA_new()) == NULL) {
	403	error("RSA_new failed");
	404	} else {
	405	rsa->n = BN_bin2bn(attribs[1].pValue,
	406	attribs[1].ulValueLen, NULL);
	407	rsa->e = BN_bin2bn(attribs[2].pValue,
	408	attribs[2].ulValueLen, NULL);
	409	if (rsa->n && rsa->e &&
	410	pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
	411	key = key_new(KEY_UNSPEC);
	412	key->rsa = rsa;
	413	key->type = KEY_RSA;
	414	key->flags \|= KEY_FLAG_EXT;
	415	/* expand key array and add key */
	416	keysp = xrealloc(keysp, *nkeys + 1,
	417	sizeof(Key *));
	418	(keysp)[nkeys] = key;
	419	nkeys = nkeys + 1;
	420	debug("have %d keys", *nkeys);
	421	} else {
	422	RSA_free(rsa);
	423	}
	424	}
	425	for (i = 0; i < 3; i++)
	426	xfree(attribs[i].pValue);
	427	}
	428	if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
	429	error("C_FindObjectsFinal failed: %lu", rv);
	430	return (0);
	431	}
	432
	433	/* register a new provider, fails if provider already exists */
	434	int
	435	pkcs11_add_provider(char provider_id, char pin, Key ***keyp)
	436	{
	437	int nkeys, need_finalize = 0;
	438	struct pkcs11_provider *p = NULL;
	439	void *handle = NULL;
	440	CK_RV (getfunctionlist)(CK_FUNCTION_LIST *);
	441	CK_RV rv;
	442	CK_FUNCTION_LIST *f = NULL;
	443	CK_TOKEN_INFO *token;
	444	CK_ULONG i;
	445
	446	*keyp = NULL;
	447	if (pkcs11_provider_lookup(provider_id) != NULL) {
	448	error("provider already registered: %s", provider_id);
	449	goto fail;
	450	}
	451	/* open shared pkcs11-libarary */
	452	if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
	453	error("dlopen %s failed: %s", provider_id, dlerror());
	454	goto fail;
	455	}
	456	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
	457	error("dlsym(C_GetFunctionList) failed: %s", dlerror());
	458	goto fail;
	459	}
	460	p = xcalloc(1, sizeof(*p));
	461	p->name = xstrdup(provider_id);
	462	p->handle = handle;
	463	/* setup the pkcs11 callbacks */
	464	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
	465	error("C_GetFunctionList failed: %lu", rv);
	466	goto fail;
	467	}
	468	p->function_list = f;
	469	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
	470	error("C_Initialize failed: %lu", rv);
	471	goto fail;
	472	}
	473	need_finalize = 1;
	474	if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) {
	475	error("C_GetInfo failed: %lu", rv);
	476	goto fail;
	477	}
	478	rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));
	479	rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));
	480	debug("manufacturerID <%s> cryptokiVersion %d.%d"
	481	" libraryDescription <%s> libraryVersion %d.%d",
	482	p->info.manufacturerID,
	483	p->info.cryptokiVersion.major,
	484	p->info.cryptokiVersion.minor,
	485	p->info.libraryDescription,
	486	p->info.libraryVersion.major,
	487	p->info.libraryVersion.minor);
	488	if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) {
	489	error("C_GetSlotList failed: %lu", rv);
	490	goto fail;
	491	}
	492	if (p->nslots == 0) {
	493	error("no slots");
	494	goto fail;
	495	}
	496	p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));
	497	if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots))
	498	!= CKR_OK) {
	499	error("C_GetSlotList failed: %lu", rv);
	500	goto fail;
	501	}
	502	p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo));
	503	p->valid = 1;
	504	nkeys = 0;
	505	for (i = 0; i < p->nslots; i++) {
	506	token = &p->slotinfo[i].token;
	507	if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
	508	!= CKR_OK) {
	509	error("C_GetTokenInfo failed: %lu", rv);
	510	continue;
	511	}
	512	rmspace(token->label, sizeof(token->label));
	513	rmspace(token->manufacturerID, sizeof(token->manufacturerID));
	514	rmspace(token->model, sizeof(token->model));
	515	rmspace(token->serialNumber, sizeof(token->serialNumber));
	516	debug("label <%s> manufacturerID <%s> model <%s> serial <%s>"
	517	" flags 0x%lx",
	518	token->label, token->manufacturerID, token->model,
	519	token->serialNumber, token->flags);
	520	/* open session, login with pin and retrieve public keys */
	521	if (pkcs11_open_session(p, i, pin) == 0)
	522	pkcs11_fetch_keys(p, i, keyp, &nkeys);
	523	}
	524	if (nkeys > 0) {
	525	TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
	526	p->refcount++; /* add to provider list */
	527	return (nkeys);
	528	}
	529	error("no keys");
	530	/* don't add the provider, since it does not have any keys */
	531	fail:
	532	if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
	533	error("C_Finalize failed: %lu", rv);
	534	if (p) {
	535	if (p->slotlist)
	536	xfree(p->slotlist);
	537	if (p->slotinfo)
	538	xfree(p->slotinfo);
	539	xfree(p);
	540	}
	541	if (handle)
	542	dlclose(handle);
	543	return (-1);
	544	}