diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | INSTALL | 6 | ||||
-rw-r--r-- | Makefile.in | 13 | ||||
-rw-r--r-- | README.smartcard | 93 | ||||
-rw-r--r-- | configure.ac | 73 | ||||
-rw-r--r-- | pkcs11.h | 1356 | ||||
-rw-r--r-- | scard-opensc.c | 532 | ||||
-rw-r--r-- | scard.c | 571 | ||||
-rw-r--r-- | scard.h | 39 | ||||
-rw-r--r-- | scard/Makefile.in | 29 | ||||
-rw-r--r-- | scard/Ssh.bin.uu | 17 | ||||
-rw-r--r-- | scard/Ssh.java | 164 |
12 files changed, 1367 insertions, 1529 deletions
@@ -37,6 +37,9 @@ | |||
37 | - jmc@cvs.openbsd.org 2010/02/11 13:23:29 | 37 | - jmc@cvs.openbsd.org 2010/02/11 13:23:29 |
38 | [ssh.1] | 38 | [ssh.1] |
39 | libarary -> library; | 39 | libarary -> library; |
40 | - (djm) [INSTALL Makefile.in README.smartcard configure.ac scard-opensc.c] | ||
41 | [scard.c scard.h pkcs11.h scard/Makefile.in scard/Ssh.bin.uu scard/Ssh.java] | ||
42 | Remove obsolete smartcard support | ||
40 | 43 | ||
41 | 20100210 | 44 | 20100210 |
42 | - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for | 45 | - (djm) add -lselinux to LIBS before calling AC_CHECK_FUNCS for |
@@ -208,10 +208,6 @@ are installed. | |||
208 | --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to | 208 | --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to |
209 | real (AF_INET) IPv4 addresses. Works around some quirks on Linux. | 209 | real (AF_INET) IPv4 addresses. Works around some quirks on Linux. |
210 | 210 | ||
211 | --with-opensc=DIR | ||
212 | --with-sectok=DIR allows for OpenSC or sectok smartcard libraries to | ||
213 | be used with OpenSSH. See 'README.smartcard' for more details. | ||
214 | |||
215 | If you need to pass special options to the compiler or linker, you | 211 | If you need to pass special options to the compiler or linker, you |
216 | can specify these as environment variables before running ./configure. | 212 | can specify these as environment variables before running ./configure. |
217 | For example: | 213 | For example: |
@@ -266,4 +262,4 @@ Please refer to the "reporting bugs" section of the webpage at | |||
266 | http://www.openssh.com/ | 262 | http://www.openssh.com/ |
267 | 263 | ||
268 | 264 | ||
269 | $Id: INSTALL,v 1.84 2007/08/17 12:52:05 dtucker Exp $ | 265 | $Id: INSTALL,v 1.85 2010/02/11 22:34:22 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index 0c45bfca6..1e4f64a64 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.304 2010/02/11 22:21:02 djm Exp $ | 1 | # $Id: Makefile.in,v 1.305 2010/02/11 22:34:22 djm Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -72,8 +72,8 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | |||
72 | readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ | 72 | readpass.o rsa.o ttymodes.o xmalloc.o addrmatch.o \ |
73 | atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ | 73 | atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ |
74 | monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ | 74 | monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ |
75 | kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ | 75 | kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ |
76 | entropy.o scard-opensc.o gss-genr.o umac.o jpake.o schnorr.o \ | 76 | entropy.o gss-genr.o umac.o jpake.o schnorr.o \ |
77 | ssh-pkcs11.o | 77 | ssh-pkcs11.o |
78 | 78 | ||
79 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ | 79 | SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ |
@@ -215,7 +215,6 @@ distclean: regressclean | |||
215 | rm -f survey.sh openbsd-compat/regress/Makefile *~ | 215 | rm -f survey.sh openbsd-compat/regress/Makefile *~ |
216 | rm -rf autom4te.cache | 216 | rm -rf autom4te.cache |
217 | (cd openbsd-compat && $(MAKE) distclean) | 217 | (cd openbsd-compat && $(MAKE) distclean) |
218 | (cd scard && $(MAKE) distclean) | ||
219 | if test -d pkg ; then \ | 218 | if test -d pkg ; then \ |
220 | rm -fr pkg ; \ | 219 | rm -fr pkg ; \ |
221 | fi | 220 | fi |
@@ -238,7 +237,6 @@ catman-do: | |||
238 | distprep: catman-do | 237 | distprep: catman-do |
239 | $(AUTORECONF) | 238 | $(AUTORECONF) |
240 | -rm -rf autom4te.cache | 239 | -rm -rf autom4te.cache |
241 | (cd scard && $(MAKE) -f Makefile.in distprep) | ||
242 | 240 | ||
243 | install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config | 241 | install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config |
244 | install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf | 242 | install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf |
@@ -247,10 +245,7 @@ install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) insta | |||
247 | check-config: | 245 | check-config: |
248 | -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config | 246 | -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config |
249 | 247 | ||
250 | scard-install: | 248 | install-files: |
251 | (cd scard && env DESTDIR=$(DESTDIR) $(MAKE) DESTDIR=$(DESTDIR) install) | ||
252 | |||
253 | install-files: scard-install | ||
254 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) | 249 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) |
255 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) | 250 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) |
256 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) | 251 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) |
diff --git a/README.smartcard b/README.smartcard deleted file mode 100644 index fdf83ecab..000000000 --- a/README.smartcard +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | How to use smartcards with OpenSSH? | ||
2 | |||
3 | OpenSSH contains experimental support for authentication using | ||
4 | Cyberflex smartcards and TODOS card readers, in addition to the cards | ||
5 | with PKCS#15 structure supported by OpenSC. To enable this you | ||
6 | need to: | ||
7 | |||
8 | Using libsectok: | ||
9 | |||
10 | (1) enable sectok support in OpenSSH: | ||
11 | |||
12 | $ ./configure --with-sectok | ||
13 | |||
14 | (2) If you have used a previous version of ssh with your card, you | ||
15 | must remove the old applet and keys. | ||
16 | |||
17 | $ sectok | ||
18 | sectok> login -d | ||
19 | sectok> junload Ssh.bin | ||
20 | sectok> delete 0012 | ||
21 | sectok> delete sh | ||
22 | sectok> quit | ||
23 | |||
24 | (3) load the Java Cardlet to the Cyberflex card and set card passphrase: | ||
25 | |||
26 | $ sectok | ||
27 | sectok> login -d | ||
28 | sectok> jload /usr/libdata/ssh/Ssh.bin | ||
29 | sectok> setpass | ||
30 | Enter new AUT0 passphrase: | ||
31 | Re-enter passphrase: | ||
32 | sectok> quit | ||
33 | |||
34 | Do not forget the passphrase. There is no way to | ||
35 | recover if you do. | ||
36 | |||
37 | IMPORTANT WARNING: If you attempt to login with the | ||
38 | wrong passphrase three times in a row, you will | ||
39 | destroy your card. | ||
40 | |||
41 | (4) load a RSA key to the card: | ||
42 | |||
43 | $ ssh-keygen -f /path/to/rsakey -U 1 | ||
44 | (where 1 is the reader number, you can also try 0) | ||
45 | |||
46 | In spite of the name, this does not generate a key. | ||
47 | It just loads an already existing key on to the card. | ||
48 | |||
49 | (5) Optional: If you don't want to use a card passphrase, change the | ||
50 | acl on the private key file: | ||
51 | |||
52 | $ sectok | ||
53 | sectok> login -d | ||
54 | sectok> acl 0012 world: w | ||
55 | world: w | ||
56 | AUT0: w inval | ||
57 | sectok> quit | ||
58 | |||
59 | If you do this, anyone who has access to your card | ||
60 | can assume your identity. This is not recommended. | ||
61 | |||
62 | |||
63 | Using OpenSC: | ||
64 | |||
65 | (1) install OpenSC: | ||
66 | |||
67 | Sources and instructions are available from | ||
68 | http://www.opensc.org/ | ||
69 | |||
70 | (2) enable OpenSC support in OpenSSH: | ||
71 | |||
72 | $ ./configure --with-opensc[=/path/to/opensc] [options] | ||
73 | |||
74 | (3) load a RSA key to the card: | ||
75 | |||
76 | Not supported yet. | ||
77 | |||
78 | |||
79 | Common operations: | ||
80 | |||
81 | (1) tell the ssh client to use the card reader: | ||
82 | |||
83 | $ ssh -I 1 otherhost | ||
84 | |||
85 | (2) or tell the agent (don't forget to restart) to use the smartcard: | ||
86 | |||
87 | $ ssh-add -s 1 | ||
88 | |||
89 | |||
90 | -markus, | ||
91 | Tue Jul 17 23:54:51 CEST 2001 | ||
92 | |||
93 | $OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $ | ||
diff --git a/configure.ac b/configure.ac index 717d315fd..40b58c64f 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.441 2010/02/11 22:21:02 djm Exp $ | 1 | # $Id: configure.ac,v 1.442 2010/02/11 22:34:22 djm Exp $ |
2 | # | 2 | # |
3 | # Copyright (c) 1999-2004 Damien Miller | 3 | # Copyright (c) 1999-2004 Damien Miller |
4 | # | 4 | # |
@@ -15,7 +15,7 @@ | |||
15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | ||
17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) | 17 | AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) |
18 | AC_REVISION($Revision: 1.441 $) | 18 | AC_REVISION($Revision: 1.442 $) |
19 | AC_CONFIG_SRCDIR([ssh.c]) | 19 | AC_CONFIG_SRCDIR([ssh.c]) |
20 | 20 | ||
21 | AC_CONFIG_HEADER(config.h) | 21 | AC_CONFIG_HEADER(config.h) |
@@ -3263,73 +3263,6 @@ if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then | |||
3263 | AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) | 3263 | AC_DEFINE(HAVE_SYS_NERR, 1, [Define if your system defines sys_nerr]) |
3264 | fi | 3264 | fi |
3265 | 3265 | ||
3266 | SCARD_MSG="no" | ||
3267 | # Check whether user wants sectok support | ||
3268 | AC_ARG_WITH(sectok, | ||
3269 | [ --with-sectok Enable smartcard support using libsectok], | ||
3270 | [ | ||
3271 | if test "x$withval" != "xno" ; then | ||
3272 | if test "x$withval" != "xyes" ; then | ||
3273 | CPPFLAGS="$CPPFLAGS -I${withval}" | ||
3274 | LDFLAGS="$LDFLAGS -L${withval}" | ||
3275 | if test ! -z "$need_dash_r" ; then | ||
3276 | LDFLAGS="$LDFLAGS -R${withval}" | ||
3277 | fi | ||
3278 | if test ! -z "$blibpath" ; then | ||
3279 | blibpath="$blibpath:${withval}" | ||
3280 | fi | ||
3281 | fi | ||
3282 | AC_CHECK_HEADERS(sectok.h) | ||
3283 | if test "$ac_cv_header_sectok_h" != yes; then | ||
3284 | AC_MSG_ERROR(Can't find sectok.h) | ||
3285 | fi | ||
3286 | AC_CHECK_LIB(sectok, sectok_open) | ||
3287 | if test "$ac_cv_lib_sectok_sectok_open" != yes; then | ||
3288 | AC_MSG_ERROR(Can't find libsectok) | ||
3289 | fi | ||
3290 | AC_DEFINE(SMARTCARD, 1, | ||
3291 | [Define if you want smartcard support]) | ||
3292 | AC_DEFINE(USE_SECTOK, 1, | ||
3293 | [Define if you want smartcard support | ||
3294 | using sectok]) | ||
3295 | SCARD_MSG="yes, using sectok" | ||
3296 | fi | ||
3297 | ] | ||
3298 | ) | ||
3299 | |||
3300 | # Check whether user wants OpenSC support | ||
3301 | OPENSC_CONFIG="no" | ||
3302 | AC_ARG_WITH(opensc, | ||
3303 | [ --with-opensc[[=PFX]] Enable smartcard support using OpenSC (optionally in PATH)], | ||
3304 | [ | ||
3305 | if test "x$withval" != "xno" ; then | ||
3306 | AC_PATH_PROG(PKGCONFIG, pkg-config, no) | ||
3307 | AC_MSG_CHECKING(how to get opensc config) | ||
3308 | if test "x$withval" != "xyes" -a "x$PKGCONFIG" = "xno"; then | ||
3309 | OPENSC_CONFIG="$withval/bin/opensc-config" | ||
3310 | elif test -f "$withval/src/libopensc/libopensc.pc"; then | ||
3311 | OPENSC_CONFIG="$PKGCONFIG $withval/src/libopensc/libopensc.pc" | ||
3312 | elif test "x$PKGCONFIG" != "xno"; then | ||
3313 | OPENSC_CONFIG="$PKGCONFIG libopensc" | ||
3314 | else | ||
3315 | AC_PATH_PROG(OPENSC_CONFIG, opensc-config, no) | ||
3316 | fi | ||
3317 | AC_MSG_RESULT($OPENSC_CONFIG) | ||
3318 | if test "$OPENSC_CONFIG" != "no"; then | ||
3319 | LIBOPENSC_CFLAGS=`$OPENSC_CONFIG --cflags` | ||
3320 | LIBOPENSC_LIBS=`$OPENSC_CONFIG --libs` | ||
3321 | CPPFLAGS="$CPPFLAGS $LIBOPENSC_CFLAGS" | ||
3322 | LIBS="$LIBS $LIBOPENSC_LIBS" | ||
3323 | AC_DEFINE(SMARTCARD) | ||
3324 | AC_DEFINE(USE_OPENSC, 1, | ||
3325 | [Define if you want smartcard support | ||
3326 | using OpenSC]) | ||
3327 | SCARD_MSG="yes, using OpenSC" | ||
3328 | fi | ||
3329 | fi | ||
3330 | ] | ||
3331 | ) | ||
3332 | |||
3333 | # Check libraries needed by DNS fingerprint support | 3266 | # Check libraries needed by DNS fingerprint support |
3334 | AC_SEARCH_LIBS(getrrsetbyname, resolv, | 3267 | AC_SEARCH_LIBS(getrrsetbyname, resolv, |
3335 | [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, | 3268 | [AC_DEFINE(HAVE_GETRRSETBYNAME, 1, |
@@ -4204,7 +4137,7 @@ fi | |||
4204 | AC_EXEEXT | 4137 | AC_EXEEXT |
4205 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ | 4138 | AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ |
4206 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ | 4139 | openbsd-compat/Makefile openbsd-compat/regress/Makefile \ |
4207 | scard/Makefile ssh_prng_cmds survey.sh]) | 4140 | ssh_prng_cmds survey.sh]) |
4208 | AC_OUTPUT | 4141 | AC_OUTPUT |
4209 | 4142 | ||
4210 | # Print summary of options | 4143 | # Print summary of options |
diff --git a/pkcs11.h b/pkcs11.h new file mode 100644 index 000000000..223f20ff3 --- /dev/null +++ b/pkcs11.h | |||
@@ -0,0 +1,1356 @@ | |||
1 | /* pkcs11.h | ||
2 | Copyright 2006, 2007 g10 Code GmbH | ||
3 | Copyright 2006 Andreas Jellinghaus | ||
4 | |||
5 | This file is free software; as a special exception the author gives | ||
6 | unlimited permission to copy and/or distribute it, with or without | ||
7 | modifications, as long as this notice is preserved. | ||
8 | |||
9 | This file is distributed in the hope that it will be useful, but | ||
10 | WITHOUT ANY WARRANTY, to the extent permitted by law; without even | ||
11 | the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR | ||
12 | PURPOSE. */ | ||
13 | |||
14 | /* Please submit changes back to the Scute project at | ||
15 | http://www.scute.org/ (or send them to marcus@g10code.com), so that | ||
16 | they can be picked up by other projects from there as well. */ | ||
17 | |||
18 | /* This file is a modified implementation of the PKCS #11 standard by | ||
19 | RSA Security Inc. It is mostly a drop-in replacement, with the | ||
20 | following change: | ||
21 | |||
22 | This header file does not require any macro definitions by the user | ||
23 | (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros | ||
24 | for you (if useful, some are missing, let me know if you need | ||
25 | more). | ||
26 | |||
27 | There is an additional API available that does comply better to the | ||
28 | GNU coding standard. It can be switched on by defining | ||
29 | CRYPTOKI_GNU before including this header file. For this, the | ||
30 | following changes are made to the specification: | ||
31 | |||
32 | All structure types are changed to a "struct ck_foo" where CK_FOO | ||
33 | is the type name in PKCS #11. | ||
34 | |||
35 | All non-structure types are changed to ck_foo_t where CK_FOO is the | ||
36 | lowercase version of the type name in PKCS #11. The basic types | ||
37 | (CK_ULONG et al.) are removed without substitute. | ||
38 | |||
39 | All members of structures are modified in the following way: Type | ||
40 | indication prefixes are removed, and underscore characters are | ||
41 | inserted before words. Then the result is lowercased. | ||
42 | |||
43 | Note that function names are still in the original case, as they | ||
44 | need for ABI compatibility. | ||
45 | |||
46 | CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use | ||
47 | <stdbool.h>. | ||
48 | |||
49 | If CRYPTOKI_COMPAT is defined before including this header file, | ||
50 | then none of the API changes above take place, and the API is the | ||
51 | one defined by the PKCS #11 standard. */ | ||
52 | |||
53 | #ifndef PKCS11_H | ||
54 | #define PKCS11_H 1 | ||
55 | |||
56 | #if defined(__cplusplus) | ||
57 | extern "C" { | ||
58 | #endif | ||
59 | |||
60 | |||
61 | /* The version of cryptoki we implement. The revision is changed with | ||
62 | each modification of this file. If you do not use the "official" | ||
63 | version of this file, please consider deleting the revision macro | ||
64 | (you may use a macro with a different name to keep track of your | ||
65 | versions). */ | ||
66 | #define CRYPTOKI_VERSION_MAJOR 2 | ||
67 | #define CRYPTOKI_VERSION_MINOR 20 | ||
68 | #define CRYPTOKI_VERSION_REVISION 6 | ||
69 | |||
70 | |||
71 | /* Compatibility interface is default, unless CRYPTOKI_GNU is | ||
72 | given. */ | ||
73 | #ifndef CRYPTOKI_GNU | ||
74 | #ifndef CRYPTOKI_COMPAT | ||
75 | #define CRYPTOKI_COMPAT 1 | ||
76 | #endif | ||
77 | #endif | ||
78 | |||
79 | /* System dependencies. */ | ||
80 | |||
81 | #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) | ||
82 | |||
83 | /* There is a matching pop below. */ | ||
84 | #pragma pack(push, cryptoki, 1) | ||
85 | |||
86 | #ifdef CRYPTOKI_EXPORTS | ||
87 | #define CK_SPEC __declspec(dllexport) | ||
88 | #else | ||
89 | #define CK_SPEC __declspec(dllimport) | ||
90 | #endif | ||
91 | |||
92 | #else | ||
93 | |||
94 | #define CK_SPEC | ||
95 | |||
96 | #endif | ||
97 | |||
98 | |||
99 | #ifdef CRYPTOKI_COMPAT | ||
100 | /* If we are in compatibility mode, switch all exposed names to the | ||
101 | PKCS #11 variant. There are corresponding #undefs below. */ | ||
102 | |||
103 | #define ck_flags_t CK_FLAGS | ||
104 | #define ck_version _CK_VERSION | ||
105 | |||
106 | #define ck_info _CK_INFO | ||
107 | #define cryptoki_version cryptokiVersion | ||
108 | #define manufacturer_id manufacturerID | ||
109 | #define library_description libraryDescription | ||
110 | #define library_version libraryVersion | ||
111 | |||
112 | #define ck_notification_t CK_NOTIFICATION | ||
113 | #define ck_slot_id_t CK_SLOT_ID | ||
114 | |||
115 | #define ck_slot_info _CK_SLOT_INFO | ||
116 | #define slot_description slotDescription | ||
117 | #define hardware_version hardwareVersion | ||
118 | #define firmware_version firmwareVersion | ||
119 | |||
120 | #define ck_token_info _CK_TOKEN_INFO | ||
121 | #define serial_number serialNumber | ||
122 | #define max_session_count ulMaxSessionCount | ||
123 | #define session_count ulSessionCount | ||
124 | #define max_rw_session_count ulMaxRwSessionCount | ||
125 | #define rw_session_count ulRwSessionCount | ||
126 | #define max_pin_len ulMaxPinLen | ||
127 | #define min_pin_len ulMinPinLen | ||
128 | #define total_public_memory ulTotalPublicMemory | ||
129 | #define free_public_memory ulFreePublicMemory | ||
130 | #define total_private_memory ulTotalPrivateMemory | ||
131 | #define free_private_memory ulFreePrivateMemory | ||
132 | #define utc_time utcTime | ||
133 | |||
134 | #define ck_session_handle_t CK_SESSION_HANDLE | ||
135 | #define ck_user_type_t CK_USER_TYPE | ||
136 | #define ck_state_t CK_STATE | ||
137 | |||
138 | #define ck_session_info _CK_SESSION_INFO | ||
139 | #define slot_id slotID | ||
140 | #define device_error ulDeviceError | ||
141 | |||
142 | #define ck_object_handle_t CK_OBJECT_HANDLE | ||
143 | #define ck_object_class_t CK_OBJECT_CLASS | ||
144 | #define ck_hw_feature_type_t CK_HW_FEATURE_TYPE | ||
145 | #define ck_key_type_t CK_KEY_TYPE | ||
146 | #define ck_certificate_type_t CK_CERTIFICATE_TYPE | ||
147 | #define ck_attribute_type_t CK_ATTRIBUTE_TYPE | ||
148 | |||
149 | #define ck_attribute _CK_ATTRIBUTE | ||
150 | #define value pValue | ||
151 | #define value_len ulValueLen | ||
152 | |||
153 | #define ck_date _CK_DATE | ||
154 | |||
155 | #define ck_mechanism_type_t CK_MECHANISM_TYPE | ||
156 | |||
157 | #define ck_mechanism _CK_MECHANISM | ||
158 | #define parameter pParameter | ||
159 | #define parameter_len ulParameterLen | ||
160 | |||
161 | #define ck_mechanism_info _CK_MECHANISM_INFO | ||
162 | #define min_key_size ulMinKeySize | ||
163 | #define max_key_size ulMaxKeySize | ||
164 | |||
165 | #define ck_rv_t CK_RV | ||
166 | #define ck_notify_t CK_NOTIFY | ||
167 | |||
168 | #define ck_function_list _CK_FUNCTION_LIST | ||
169 | |||
170 | #define ck_createmutex_t CK_CREATEMUTEX | ||
171 | #define ck_destroymutex_t CK_DESTROYMUTEX | ||
172 | #define ck_lockmutex_t CK_LOCKMUTEX | ||
173 | #define ck_unlockmutex_t CK_UNLOCKMUTEX | ||
174 | |||
175 | #define ck_c_initialize_args _CK_C_INITIALIZE_ARGS | ||
176 | #define create_mutex CreateMutex | ||
177 | #define destroy_mutex DestroyMutex | ||
178 | #define lock_mutex LockMutex | ||
179 | #define unlock_mutex UnlockMutex | ||
180 | #define reserved pReserved | ||
181 | |||
182 | #endif /* CRYPTOKI_COMPAT */ | ||
183 | |||
184 | |||
185 | |||
186 | typedef unsigned long ck_flags_t; | ||
187 | |||
188 | struct ck_version | ||
189 | { | ||
190 | unsigned char major; | ||
191 | unsigned char minor; | ||
192 | }; | ||
193 | |||
194 | |||
195 | struct ck_info | ||
196 | { | ||
197 | struct ck_version cryptoki_version; | ||
198 | unsigned char manufacturer_id[32]; | ||
199 | ck_flags_t flags; | ||
200 | unsigned char library_description[32]; | ||
201 | struct ck_version library_version; | ||
202 | }; | ||
203 | |||
204 | |||
205 | typedef unsigned long ck_notification_t; | ||
206 | |||
207 | #define CKN_SURRENDER (0) | ||
208 | |||
209 | |||
210 | typedef unsigned long ck_slot_id_t; | ||
211 | |||
212 | |||
213 | struct ck_slot_info | ||
214 | { | ||
215 | unsigned char slot_description[64]; | ||
216 | unsigned char manufacturer_id[32]; | ||
217 | ck_flags_t flags; | ||
218 | struct ck_version hardware_version; | ||
219 | struct ck_version firmware_version; | ||
220 | }; | ||
221 | |||
222 | |||
223 | #define CKF_TOKEN_PRESENT (1 << 0) | ||
224 | #define CKF_REMOVABLE_DEVICE (1 << 1) | ||
225 | #define CKF_HW_SLOT (1 << 2) | ||
226 | #define CKF_ARRAY_ATTRIBUTE (1 << 30) | ||
227 | |||
228 | |||
229 | struct ck_token_info | ||
230 | { | ||
231 | unsigned char label[32]; | ||
232 | unsigned char manufacturer_id[32]; | ||
233 | unsigned char model[16]; | ||
234 | unsigned char serial_number[16]; | ||
235 | ck_flags_t flags; | ||
236 | unsigned long max_session_count; | ||
237 | unsigned long session_count; | ||
238 | unsigned long max_rw_session_count; | ||
239 | unsigned long rw_session_count; | ||
240 | unsigned long max_pin_len; | ||
241 | unsigned long min_pin_len; | ||
242 | unsigned long total_public_memory; | ||
243 | unsigned long free_public_memory; | ||
244 | unsigned long total_private_memory; | ||
245 | unsigned long free_private_memory; | ||
246 | struct ck_version hardware_version; | ||
247 | struct ck_version firmware_version; | ||
248 | unsigned char utc_time[16]; | ||
249 | }; | ||
250 | |||
251 | |||
252 | #define CKF_RNG (1 << 0) | ||
253 | #define CKF_WRITE_PROTECTED (1 << 1) | ||
254 | #define CKF_LOGIN_REQUIRED (1 << 2) | ||
255 | #define CKF_USER_PIN_INITIALIZED (1 << 3) | ||
256 | #define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5) | ||
257 | #define CKF_CLOCK_ON_TOKEN (1 << 6) | ||
258 | #define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8) | ||
259 | #define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9) | ||
260 | #define CKF_TOKEN_INITIALIZED (1 << 10) | ||
261 | #define CKF_SECONDARY_AUTHENTICATION (1 << 11) | ||
262 | #define CKF_USER_PIN_COUNT_LOW (1 << 16) | ||
263 | #define CKF_USER_PIN_FINAL_TRY (1 << 17) | ||
264 | #define CKF_USER_PIN_LOCKED (1 << 18) | ||
265 | #define CKF_USER_PIN_TO_BE_CHANGED (1 << 19) | ||
266 | #define CKF_SO_PIN_COUNT_LOW (1 << 20) | ||
267 | #define CKF_SO_PIN_FINAL_TRY (1 << 21) | ||
268 | #define CKF_SO_PIN_LOCKED (1 << 22) | ||
269 | #define CKF_SO_PIN_TO_BE_CHANGED (1 << 23) | ||
270 | |||
271 | #define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1) | ||
272 | #define CK_EFFECTIVELY_INFINITE (0) | ||
273 | |||
274 | |||
275 | typedef unsigned long ck_session_handle_t; | ||
276 | |||
277 | #define CK_INVALID_HANDLE (0) | ||
278 | |||
279 | |||
280 | typedef unsigned long ck_user_type_t; | ||
281 | |||
282 | #define CKU_SO (0) | ||
283 | #define CKU_USER (1) | ||
284 | #define CKU_CONTEXT_SPECIFIC (2) | ||
285 | |||
286 | |||
287 | typedef unsigned long ck_state_t; | ||
288 | |||
289 | #define CKS_RO_PUBLIC_SESSION (0) | ||
290 | #define CKS_RO_USER_FUNCTIONS (1) | ||
291 | #define CKS_RW_PUBLIC_SESSION (2) | ||
292 | #define CKS_RW_USER_FUNCTIONS (3) | ||
293 | #define CKS_RW_SO_FUNCTIONS (4) | ||
294 | |||
295 | |||
296 | struct ck_session_info | ||
297 | { | ||
298 | ck_slot_id_t slot_id; | ||
299 | ck_state_t state; | ||
300 | ck_flags_t flags; | ||
301 | unsigned long device_error; | ||
302 | }; | ||
303 | |||
304 | #define CKF_RW_SESSION (1 << 1) | ||
305 | #define CKF_SERIAL_SESSION (1 << 2) | ||
306 | |||
307 | |||
308 | typedef unsigned long ck_object_handle_t; | ||
309 | |||
310 | |||
311 | typedef unsigned long ck_object_class_t; | ||
312 | |||
313 | #define CKO_DATA (0) | ||
314 | #define CKO_CERTIFICATE (1) | ||
315 | #define CKO_PUBLIC_KEY (2) | ||
316 | #define CKO_PRIVATE_KEY (3) | ||
317 | #define CKO_SECRET_KEY (4) | ||
318 | #define CKO_HW_FEATURE (5) | ||
319 | #define CKO_DOMAIN_PARAMETERS (6) | ||
320 | #define CKO_MECHANISM (7) | ||
321 | #define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
322 | |||
323 | |||
324 | typedef unsigned long ck_hw_feature_type_t; | ||
325 | |||
326 | #define CKH_MONOTONIC_COUNTER (1) | ||
327 | #define CKH_CLOCK (2) | ||
328 | #define CKH_USER_INTERFACE (3) | ||
329 | #define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
330 | |||
331 | |||
332 | typedef unsigned long ck_key_type_t; | ||
333 | |||
334 | #define CKK_RSA (0) | ||
335 | #define CKK_DSA (1) | ||
336 | #define CKK_DH (2) | ||
337 | #define CKK_ECDSA (3) | ||
338 | #define CKK_EC (3) | ||
339 | #define CKK_X9_42_DH (4) | ||
340 | #define CKK_KEA (5) | ||
341 | #define CKK_GENERIC_SECRET (0x10) | ||
342 | #define CKK_RC2 (0x11) | ||
343 | #define CKK_RC4 (0x12) | ||
344 | #define CKK_DES (0x13) | ||
345 | #define CKK_DES2 (0x14) | ||
346 | #define CKK_DES3 (0x15) | ||
347 | #define CKK_CAST (0x16) | ||
348 | #define CKK_CAST3 (0x17) | ||
349 | #define CKK_CAST128 (0x18) | ||
350 | #define CKK_RC5 (0x19) | ||
351 | #define CKK_IDEA (0x1a) | ||
352 | #define CKK_SKIPJACK (0x1b) | ||
353 | #define CKK_BATON (0x1c) | ||
354 | #define CKK_JUNIPER (0x1d) | ||
355 | #define CKK_CDMF (0x1e) | ||
356 | #define CKK_AES (0x1f) | ||
357 | #define CKK_BLOWFISH (0x20) | ||
358 | #define CKK_TWOFISH (0x21) | ||
359 | #define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
360 | |||
361 | typedef unsigned long ck_certificate_type_t; | ||
362 | |||
363 | #define CKC_X_509 (0) | ||
364 | #define CKC_X_509_ATTR_CERT (1) | ||
365 | #define CKC_WTLS (2) | ||
366 | #define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
367 | |||
368 | |||
369 | typedef unsigned long ck_attribute_type_t; | ||
370 | |||
371 | #define CKA_CLASS (0) | ||
372 | #define CKA_TOKEN (1) | ||
373 | #define CKA_PRIVATE (2) | ||
374 | #define CKA_LABEL (3) | ||
375 | #define CKA_APPLICATION (0x10) | ||
376 | #define CKA_VALUE (0x11) | ||
377 | #define CKA_OBJECT_ID (0x12) | ||
378 | #define CKA_CERTIFICATE_TYPE (0x80) | ||
379 | #define CKA_ISSUER (0x81) | ||
380 | #define CKA_SERIAL_NUMBER (0x82) | ||
381 | #define CKA_AC_ISSUER (0x83) | ||
382 | #define CKA_OWNER (0x84) | ||
383 | #define CKA_ATTR_TYPES (0x85) | ||
384 | #define CKA_TRUSTED (0x86) | ||
385 | #define CKA_CERTIFICATE_CATEGORY (0x87) | ||
386 | #define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88) | ||
387 | #define CKA_URL (0x89) | ||
388 | #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a) | ||
389 | #define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b) | ||
390 | #define CKA_CHECK_VALUE (0x90) | ||
391 | #define CKA_KEY_TYPE (0x100) | ||
392 | #define CKA_SUBJECT (0x101) | ||
393 | #define CKA_ID (0x102) | ||
394 | #define CKA_SENSITIVE (0x103) | ||
395 | #define CKA_ENCRYPT (0x104) | ||
396 | #define CKA_DECRYPT (0x105) | ||
397 | #define CKA_WRAP (0x106) | ||
398 | #define CKA_UNWRAP (0x107) | ||
399 | #define CKA_SIGN (0x108) | ||
400 | #define CKA_SIGN_RECOVER (0x109) | ||
401 | #define CKA_VERIFY (0x10a) | ||
402 | #define CKA_VERIFY_RECOVER (0x10b) | ||
403 | #define CKA_DERIVE (0x10c) | ||
404 | #define CKA_START_DATE (0x110) | ||
405 | #define CKA_END_DATE (0x111) | ||
406 | #define CKA_MODULUS (0x120) | ||
407 | #define CKA_MODULUS_BITS (0x121) | ||
408 | #define CKA_PUBLIC_EXPONENT (0x122) | ||
409 | #define CKA_PRIVATE_EXPONENT (0x123) | ||
410 | #define CKA_PRIME_1 (0x124) | ||
411 | #define CKA_PRIME_2 (0x125) | ||
412 | #define CKA_EXPONENT_1 (0x126) | ||
413 | #define CKA_EXPONENT_2 (0x127) | ||
414 | #define CKA_COEFFICIENT (0x128) | ||
415 | #define CKA_PRIME (0x130) | ||
416 | #define CKA_SUBPRIME (0x131) | ||
417 | #define CKA_BASE (0x132) | ||
418 | #define CKA_PRIME_BITS (0x133) | ||
419 | #define CKA_SUB_PRIME_BITS (0x134) | ||
420 | #define CKA_VALUE_BITS (0x160) | ||
421 | #define CKA_VALUE_LEN (0x161) | ||
422 | #define CKA_EXTRACTABLE (0x162) | ||
423 | #define CKA_LOCAL (0x163) | ||
424 | #define CKA_NEVER_EXTRACTABLE (0x164) | ||
425 | #define CKA_ALWAYS_SENSITIVE (0x165) | ||
426 | #define CKA_KEY_GEN_MECHANISM (0x166) | ||
427 | #define CKA_MODIFIABLE (0x170) | ||
428 | #define CKA_ECDSA_PARAMS (0x180) | ||
429 | #define CKA_EC_PARAMS (0x180) | ||
430 | #define CKA_EC_POINT (0x181) | ||
431 | #define CKA_SECONDARY_AUTH (0x200) | ||
432 | #define CKA_AUTH_PIN_FLAGS (0x201) | ||
433 | #define CKA_ALWAYS_AUTHENTICATE (0x202) | ||
434 | #define CKA_WRAP_WITH_TRUSTED (0x210) | ||
435 | #define CKA_HW_FEATURE_TYPE (0x300) | ||
436 | #define CKA_RESET_ON_INIT (0x301) | ||
437 | #define CKA_HAS_RESET (0x302) | ||
438 | #define CKA_PIXEL_X (0x400) | ||
439 | #define CKA_PIXEL_Y (0x401) | ||
440 | #define CKA_RESOLUTION (0x402) | ||
441 | #define CKA_CHAR_ROWS (0x403) | ||
442 | #define CKA_CHAR_COLUMNS (0x404) | ||
443 | #define CKA_COLOR (0x405) | ||
444 | #define CKA_BITS_PER_PIXEL (0x406) | ||
445 | #define CKA_CHAR_SETS (0x480) | ||
446 | #define CKA_ENCODING_METHODS (0x481) | ||
447 | #define CKA_MIME_TYPES (0x482) | ||
448 | #define CKA_MECHANISM_TYPE (0x500) | ||
449 | #define CKA_REQUIRED_CMS_ATTRIBUTES (0x501) | ||
450 | #define CKA_DEFAULT_CMS_ATTRIBUTES (0x502) | ||
451 | #define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503) | ||
452 | #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211) | ||
453 | #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212) | ||
454 | #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600) | ||
455 | #define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
456 | |||
457 | |||
458 | struct ck_attribute | ||
459 | { | ||
460 | ck_attribute_type_t type; | ||
461 | void *value; | ||
462 | unsigned long value_len; | ||
463 | }; | ||
464 | |||
465 | |||
466 | struct ck_date | ||
467 | { | ||
468 | unsigned char year[4]; | ||
469 | unsigned char month[2]; | ||
470 | unsigned char day[2]; | ||
471 | }; | ||
472 | |||
473 | |||
474 | typedef unsigned long ck_mechanism_type_t; | ||
475 | |||
476 | #define CKM_RSA_PKCS_KEY_PAIR_GEN (0) | ||
477 | #define CKM_RSA_PKCS (1) | ||
478 | #define CKM_RSA_9796 (2) | ||
479 | #define CKM_RSA_X_509 (3) | ||
480 | #define CKM_MD2_RSA_PKCS (4) | ||
481 | #define CKM_MD5_RSA_PKCS (5) | ||
482 | #define CKM_SHA1_RSA_PKCS (6) | ||
483 | #define CKM_RIPEMD128_RSA_PKCS (7) | ||
484 | #define CKM_RIPEMD160_RSA_PKCS (8) | ||
485 | #define CKM_RSA_PKCS_OAEP (9) | ||
486 | #define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa) | ||
487 | #define CKM_RSA_X9_31 (0xb) | ||
488 | #define CKM_SHA1_RSA_X9_31 (0xc) | ||
489 | #define CKM_RSA_PKCS_PSS (0xd) | ||
490 | #define CKM_SHA1_RSA_PKCS_PSS (0xe) | ||
491 | #define CKM_DSA_KEY_PAIR_GEN (0x10) | ||
492 | #define CKM_DSA (0x11) | ||
493 | #define CKM_DSA_SHA1 (0x12) | ||
494 | #define CKM_DH_PKCS_KEY_PAIR_GEN (0x20) | ||
495 | #define CKM_DH_PKCS_DERIVE (0x21) | ||
496 | #define CKM_X9_42_DH_KEY_PAIR_GEN (0x30) | ||
497 | #define CKM_X9_42_DH_DERIVE (0x31) | ||
498 | #define CKM_X9_42_DH_HYBRID_DERIVE (0x32) | ||
499 | #define CKM_X9_42_MQV_DERIVE (0x33) | ||
500 | #define CKM_SHA256_RSA_PKCS (0x40) | ||
501 | #define CKM_SHA384_RSA_PKCS (0x41) | ||
502 | #define CKM_SHA512_RSA_PKCS (0x42) | ||
503 | #define CKM_SHA256_RSA_PKCS_PSS (0x43) | ||
504 | #define CKM_SHA384_RSA_PKCS_PSS (0x44) | ||
505 | #define CKM_SHA512_RSA_PKCS_PSS (0x45) | ||
506 | #define CKM_RC2_KEY_GEN (0x100) | ||
507 | #define CKM_RC2_ECB (0x101) | ||
508 | #define CKM_RC2_CBC (0x102) | ||
509 | #define CKM_RC2_MAC (0x103) | ||
510 | #define CKM_RC2_MAC_GENERAL (0x104) | ||
511 | #define CKM_RC2_CBC_PAD (0x105) | ||
512 | #define CKM_RC4_KEY_GEN (0x110) | ||
513 | #define CKM_RC4 (0x111) | ||
514 | #define CKM_DES_KEY_GEN (0x120) | ||
515 | #define CKM_DES_ECB (0x121) | ||
516 | #define CKM_DES_CBC (0x122) | ||
517 | #define CKM_DES_MAC (0x123) | ||
518 | #define CKM_DES_MAC_GENERAL (0x124) | ||
519 | #define CKM_DES_CBC_PAD (0x125) | ||
520 | #define CKM_DES2_KEY_GEN (0x130) | ||
521 | #define CKM_DES3_KEY_GEN (0x131) | ||
522 | #define CKM_DES3_ECB (0x132) | ||
523 | #define CKM_DES3_CBC (0x133) | ||
524 | #define CKM_DES3_MAC (0x134) | ||
525 | #define CKM_DES3_MAC_GENERAL (0x135) | ||
526 | #define CKM_DES3_CBC_PAD (0x136) | ||
527 | #define CKM_CDMF_KEY_GEN (0x140) | ||
528 | #define CKM_CDMF_ECB (0x141) | ||
529 | #define CKM_CDMF_CBC (0x142) | ||
530 | #define CKM_CDMF_MAC (0x143) | ||
531 | #define CKM_CDMF_MAC_GENERAL (0x144) | ||
532 | #define CKM_CDMF_CBC_PAD (0x145) | ||
533 | #define CKM_MD2 (0x200) | ||
534 | #define CKM_MD2_HMAC (0x201) | ||
535 | #define CKM_MD2_HMAC_GENERAL (0x202) | ||
536 | #define CKM_MD5 (0x210) | ||
537 | #define CKM_MD5_HMAC (0x211) | ||
538 | #define CKM_MD5_HMAC_GENERAL (0x212) | ||
539 | #define CKM_SHA_1 (0x220) | ||
540 | #define CKM_SHA_1_HMAC (0x221) | ||
541 | #define CKM_SHA_1_HMAC_GENERAL (0x222) | ||
542 | #define CKM_RIPEMD128 (0x230) | ||
543 | #define CKM_RIPEMD128_HMAC (0x231) | ||
544 | #define CKM_RIPEMD128_HMAC_GENERAL (0x232) | ||
545 | #define CKM_RIPEMD160 (0x240) | ||
546 | #define CKM_RIPEMD160_HMAC (0x241) | ||
547 | #define CKM_RIPEMD160_HMAC_GENERAL (0x242) | ||
548 | #define CKM_SHA256 (0x250) | ||
549 | #define CKM_SHA256_HMAC (0x251) | ||
550 | #define CKM_SHA256_HMAC_GENERAL (0x252) | ||
551 | #define CKM_SHA384 (0x260) | ||
552 | #define CKM_SHA384_HMAC (0x261) | ||
553 | #define CKM_SHA384_HMAC_GENERAL (0x262) | ||
554 | #define CKM_SHA512 (0x270) | ||
555 | #define CKM_SHA512_HMAC (0x271) | ||
556 | #define CKM_SHA512_HMAC_GENERAL (0x272) | ||
557 | #define CKM_CAST_KEY_GEN (0x300) | ||
558 | #define CKM_CAST_ECB (0x301) | ||
559 | #define CKM_CAST_CBC (0x302) | ||
560 | #define CKM_CAST_MAC (0x303) | ||
561 | #define CKM_CAST_MAC_GENERAL (0x304) | ||
562 | #define CKM_CAST_CBC_PAD (0x305) | ||
563 | #define CKM_CAST3_KEY_GEN (0x310) | ||
564 | #define CKM_CAST3_ECB (0x311) | ||
565 | #define CKM_CAST3_CBC (0x312) | ||
566 | #define CKM_CAST3_MAC (0x313) | ||
567 | #define CKM_CAST3_MAC_GENERAL (0x314) | ||
568 | #define CKM_CAST3_CBC_PAD (0x315) | ||
569 | #define CKM_CAST5_KEY_GEN (0x320) | ||
570 | #define CKM_CAST128_KEY_GEN (0x320) | ||
571 | #define CKM_CAST5_ECB (0x321) | ||
572 | #define CKM_CAST128_ECB (0x321) | ||
573 | #define CKM_CAST5_CBC (0x322) | ||
574 | #define CKM_CAST128_CBC (0x322) | ||
575 | #define CKM_CAST5_MAC (0x323) | ||
576 | #define CKM_CAST128_MAC (0x323) | ||
577 | #define CKM_CAST5_MAC_GENERAL (0x324) | ||
578 | #define CKM_CAST128_MAC_GENERAL (0x324) | ||
579 | #define CKM_CAST5_CBC_PAD (0x325) | ||
580 | #define CKM_CAST128_CBC_PAD (0x325) | ||
581 | #define CKM_RC5_KEY_GEN (0x330) | ||
582 | #define CKM_RC5_ECB (0x331) | ||
583 | #define CKM_RC5_CBC (0x332) | ||
584 | #define CKM_RC5_MAC (0x333) | ||
585 | #define CKM_RC5_MAC_GENERAL (0x334) | ||
586 | #define CKM_RC5_CBC_PAD (0x335) | ||
587 | #define CKM_IDEA_KEY_GEN (0x340) | ||
588 | #define CKM_IDEA_ECB (0x341) | ||
589 | #define CKM_IDEA_CBC (0x342) | ||
590 | #define CKM_IDEA_MAC (0x343) | ||
591 | #define CKM_IDEA_MAC_GENERAL (0x344) | ||
592 | #define CKM_IDEA_CBC_PAD (0x345) | ||
593 | #define CKM_GENERIC_SECRET_KEY_GEN (0x350) | ||
594 | #define CKM_CONCATENATE_BASE_AND_KEY (0x360) | ||
595 | #define CKM_CONCATENATE_BASE_AND_DATA (0x362) | ||
596 | #define CKM_CONCATENATE_DATA_AND_BASE (0x363) | ||
597 | #define CKM_XOR_BASE_AND_DATA (0x364) | ||
598 | #define CKM_EXTRACT_KEY_FROM_KEY (0x365) | ||
599 | #define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370) | ||
600 | #define CKM_SSL3_MASTER_KEY_DERIVE (0x371) | ||
601 | #define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372) | ||
602 | #define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373) | ||
603 | #define CKM_TLS_PRE_MASTER_KEY_GEN (0x374) | ||
604 | #define CKM_TLS_MASTER_KEY_DERIVE (0x375) | ||
605 | #define CKM_TLS_KEY_AND_MAC_DERIVE (0x376) | ||
606 | #define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377) | ||
607 | #define CKM_SSL3_MD5_MAC (0x380) | ||
608 | #define CKM_SSL3_SHA1_MAC (0x381) | ||
609 | #define CKM_MD5_KEY_DERIVATION (0x390) | ||
610 | #define CKM_MD2_KEY_DERIVATION (0x391) | ||
611 | #define CKM_SHA1_KEY_DERIVATION (0x392) | ||
612 | #define CKM_PBE_MD2_DES_CBC (0x3a0) | ||
613 | #define CKM_PBE_MD5_DES_CBC (0x3a1) | ||
614 | #define CKM_PBE_MD5_CAST_CBC (0x3a2) | ||
615 | #define CKM_PBE_MD5_CAST3_CBC (0x3a3) | ||
616 | #define CKM_PBE_MD5_CAST5_CBC (0x3a4) | ||
617 | #define CKM_PBE_MD5_CAST128_CBC (0x3a4) | ||
618 | #define CKM_PBE_SHA1_CAST5_CBC (0x3a5) | ||
619 | #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) | ||
620 | #define CKM_PBE_SHA1_RC4_128 (0x3a6) | ||
621 | #define CKM_PBE_SHA1_RC4_40 (0x3a7) | ||
622 | #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) | ||
623 | #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) | ||
624 | #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) | ||
625 | #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) | ||
626 | #define CKM_PKCS5_PBKD2 (0x3b0) | ||
627 | #define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0) | ||
628 | #define CKM_KEY_WRAP_LYNKS (0x400) | ||
629 | #define CKM_KEY_WRAP_SET_OAEP (0x401) | ||
630 | #define CKM_SKIPJACK_KEY_GEN (0x1000) | ||
631 | #define CKM_SKIPJACK_ECB64 (0x1001) | ||
632 | #define CKM_SKIPJACK_CBC64 (0x1002) | ||
633 | #define CKM_SKIPJACK_OFB64 (0x1003) | ||
634 | #define CKM_SKIPJACK_CFB64 (0x1004) | ||
635 | #define CKM_SKIPJACK_CFB32 (0x1005) | ||
636 | #define CKM_SKIPJACK_CFB16 (0x1006) | ||
637 | #define CKM_SKIPJACK_CFB8 (0x1007) | ||
638 | #define CKM_SKIPJACK_WRAP (0x1008) | ||
639 | #define CKM_SKIPJACK_PRIVATE_WRAP (0x1009) | ||
640 | #define CKM_SKIPJACK_RELAYX (0x100a) | ||
641 | #define CKM_KEA_KEY_PAIR_GEN (0x1010) | ||
642 | #define CKM_KEA_KEY_DERIVE (0x1011) | ||
643 | #define CKM_FORTEZZA_TIMESTAMP (0x1020) | ||
644 | #define CKM_BATON_KEY_GEN (0x1030) | ||
645 | #define CKM_BATON_ECB128 (0x1031) | ||
646 | #define CKM_BATON_ECB96 (0x1032) | ||
647 | #define CKM_BATON_CBC128 (0x1033) | ||
648 | #define CKM_BATON_COUNTER (0x1034) | ||
649 | #define CKM_BATON_SHUFFLE (0x1035) | ||
650 | #define CKM_BATON_WRAP (0x1036) | ||
651 | #define CKM_ECDSA_KEY_PAIR_GEN (0x1040) | ||
652 | #define CKM_EC_KEY_PAIR_GEN (0x1040) | ||
653 | #define CKM_ECDSA (0x1041) | ||
654 | #define CKM_ECDSA_SHA1 (0x1042) | ||
655 | #define CKM_ECDH1_DERIVE (0x1050) | ||
656 | #define CKM_ECDH1_COFACTOR_DERIVE (0x1051) | ||
657 | #define CKM_ECMQV_DERIVE (0x1052) | ||
658 | #define CKM_JUNIPER_KEY_GEN (0x1060) | ||
659 | #define CKM_JUNIPER_ECB128 (0x1061) | ||
660 | #define CKM_JUNIPER_CBC128 (0x1062) | ||
661 | #define CKM_JUNIPER_COUNTER (0x1063) | ||
662 | #define CKM_JUNIPER_SHUFFLE (0x1064) | ||
663 | #define CKM_JUNIPER_WRAP (0x1065) | ||
664 | #define CKM_FASTHASH (0x1070) | ||
665 | #define CKM_AES_KEY_GEN (0x1080) | ||
666 | #define CKM_AES_ECB (0x1081) | ||
667 | #define CKM_AES_CBC (0x1082) | ||
668 | #define CKM_AES_MAC (0x1083) | ||
669 | #define CKM_AES_MAC_GENERAL (0x1084) | ||
670 | #define CKM_AES_CBC_PAD (0x1085) | ||
671 | #define CKM_DSA_PARAMETER_GEN (0x2000) | ||
672 | #define CKM_DH_PKCS_PARAMETER_GEN (0x2001) | ||
673 | #define CKM_X9_42_DH_PARAMETER_GEN (0x2002) | ||
674 | #define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
675 | |||
676 | |||
677 | struct ck_mechanism | ||
678 | { | ||
679 | ck_mechanism_type_t mechanism; | ||
680 | void *parameter; | ||
681 | unsigned long parameter_len; | ||
682 | }; | ||
683 | |||
684 | |||
685 | struct ck_mechanism_info | ||
686 | { | ||
687 | unsigned long min_key_size; | ||
688 | unsigned long max_key_size; | ||
689 | ck_flags_t flags; | ||
690 | }; | ||
691 | |||
692 | #define CKF_HW (1 << 0) | ||
693 | #define CKF_ENCRYPT (1 << 8) | ||
694 | #define CKF_DECRYPT (1 << 9) | ||
695 | #define CKF_DIGEST (1 << 10) | ||
696 | #define CKF_SIGN (1 << 11) | ||
697 | #define CKF_SIGN_RECOVER (1 << 12) | ||
698 | #define CKF_VERIFY (1 << 13) | ||
699 | #define CKF_VERIFY_RECOVER (1 << 14) | ||
700 | #define CKF_GENERATE (1 << 15) | ||
701 | #define CKF_GENERATE_KEY_PAIR (1 << 16) | ||
702 | #define CKF_WRAP (1 << 17) | ||
703 | #define CKF_UNWRAP (1 << 18) | ||
704 | #define CKF_DERIVE (1 << 19) | ||
705 | #define CKF_EXTENSION ((unsigned long) (1 << 31)) | ||
706 | |||
707 | |||
708 | /* Flags for C_WaitForSlotEvent. */ | ||
709 | #define CKF_DONT_BLOCK (1) | ||
710 | |||
711 | |||
712 | typedef unsigned long ck_rv_t; | ||
713 | |||
714 | |||
715 | typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, | ||
716 | ck_notification_t event, void *application); | ||
717 | |||
718 | /* Forward reference. */ | ||
719 | struct ck_function_list; | ||
720 | |||
721 | #define _CK_DECLARE_FUNCTION(name, args) \ | ||
722 | typedef ck_rv_t (*CK_ ## name) args; \ | ||
723 | ck_rv_t CK_SPEC name args | ||
724 | |||
725 | _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); | ||
726 | _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); | ||
727 | _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); | ||
728 | _CK_DECLARE_FUNCTION (C_GetFunctionList, | ||
729 | (struct ck_function_list **function_list)); | ||
730 | |||
731 | _CK_DECLARE_FUNCTION (C_GetSlotList, | ||
732 | (unsigned char token_present, ck_slot_id_t *slot_list, | ||
733 | unsigned long *count)); | ||
734 | _CK_DECLARE_FUNCTION (C_GetSlotInfo, | ||
735 | (ck_slot_id_t slot_id, struct ck_slot_info *info)); | ||
736 | _CK_DECLARE_FUNCTION (C_GetTokenInfo, | ||
737 | (ck_slot_id_t slot_id, struct ck_token_info *info)); | ||
738 | _CK_DECLARE_FUNCTION (C_WaitForSlotEvent, | ||
739 | (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); | ||
740 | _CK_DECLARE_FUNCTION (C_GetMechanismList, | ||
741 | (ck_slot_id_t slot_id, | ||
742 | ck_mechanism_type_t *mechanism_list, | ||
743 | unsigned long *count)); | ||
744 | _CK_DECLARE_FUNCTION (C_GetMechanismInfo, | ||
745 | (ck_slot_id_t slot_id, ck_mechanism_type_t type, | ||
746 | struct ck_mechanism_info *info)); | ||
747 | _CK_DECLARE_FUNCTION (C_InitToken, | ||
748 | (ck_slot_id_t slot_id, unsigned char *pin, | ||
749 | unsigned long pin_len, unsigned char *label)); | ||
750 | _CK_DECLARE_FUNCTION (C_InitPIN, | ||
751 | (ck_session_handle_t session, unsigned char *pin, | ||
752 | unsigned long pin_len)); | ||
753 | _CK_DECLARE_FUNCTION (C_SetPIN, | ||
754 | (ck_session_handle_t session, unsigned char *old_pin, | ||
755 | unsigned long old_len, unsigned char *new_pin, | ||
756 | unsigned long new_len)); | ||
757 | |||
758 | _CK_DECLARE_FUNCTION (C_OpenSession, | ||
759 | (ck_slot_id_t slot_id, ck_flags_t flags, | ||
760 | void *application, ck_notify_t notify, | ||
761 | ck_session_handle_t *session)); | ||
762 | _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); | ||
763 | _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); | ||
764 | _CK_DECLARE_FUNCTION (C_GetSessionInfo, | ||
765 | (ck_session_handle_t session, | ||
766 | struct ck_session_info *info)); | ||
767 | _CK_DECLARE_FUNCTION (C_GetOperationState, | ||
768 | (ck_session_handle_t session, | ||
769 | unsigned char *operation_state, | ||
770 | unsigned long *operation_state_len)); | ||
771 | _CK_DECLARE_FUNCTION (C_SetOperationState, | ||
772 | (ck_session_handle_t session, | ||
773 | unsigned char *operation_state, | ||
774 | unsigned long operation_state_len, | ||
775 | ck_object_handle_t encryption_key, | ||
776 | ck_object_handle_t authentiation_key)); | ||
777 | _CK_DECLARE_FUNCTION (C_Login, | ||
778 | (ck_session_handle_t session, ck_user_type_t user_type, | ||
779 | unsigned char *pin, unsigned long pin_len)); | ||
780 | _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); | ||
781 | |||
782 | _CK_DECLARE_FUNCTION (C_CreateObject, | ||
783 | (ck_session_handle_t session, | ||
784 | struct ck_attribute *templ, | ||
785 | unsigned long count, ck_object_handle_t *object)); | ||
786 | _CK_DECLARE_FUNCTION (C_CopyObject, | ||
787 | (ck_session_handle_t session, ck_object_handle_t object, | ||
788 | struct ck_attribute *templ, unsigned long count, | ||
789 | ck_object_handle_t *new_object)); | ||
790 | _CK_DECLARE_FUNCTION (C_DestroyObject, | ||
791 | (ck_session_handle_t session, | ||
792 | ck_object_handle_t object)); | ||
793 | _CK_DECLARE_FUNCTION (C_GetObjectSize, | ||
794 | (ck_session_handle_t session, | ||
795 | ck_object_handle_t object, | ||
796 | unsigned long *size)); | ||
797 | _CK_DECLARE_FUNCTION (C_GetAttributeValue, | ||
798 | (ck_session_handle_t session, | ||
799 | ck_object_handle_t object, | ||
800 | struct ck_attribute *templ, | ||
801 | unsigned long count)); | ||
802 | _CK_DECLARE_FUNCTION (C_SetAttributeValue, | ||
803 | (ck_session_handle_t session, | ||
804 | ck_object_handle_t object, | ||
805 | struct ck_attribute *templ, | ||
806 | unsigned long count)); | ||
807 | _CK_DECLARE_FUNCTION (C_FindObjectsInit, | ||
808 | (ck_session_handle_t session, | ||
809 | struct ck_attribute *templ, | ||
810 | unsigned long count)); | ||
811 | _CK_DECLARE_FUNCTION (C_FindObjects, | ||
812 | (ck_session_handle_t session, | ||
813 | ck_object_handle_t *object, | ||
814 | unsigned long max_object_count, | ||
815 | unsigned long *object_count)); | ||
816 | _CK_DECLARE_FUNCTION (C_FindObjectsFinal, | ||
817 | (ck_session_handle_t session)); | ||
818 | |||
819 | _CK_DECLARE_FUNCTION (C_EncryptInit, | ||
820 | (ck_session_handle_t session, | ||
821 | struct ck_mechanism *mechanism, | ||
822 | ck_object_handle_t key)); | ||
823 | _CK_DECLARE_FUNCTION (C_Encrypt, | ||
824 | (ck_session_handle_t session, | ||
825 | unsigned char *data, unsigned long data_len, | ||
826 | unsigned char *encrypted_data, | ||
827 | unsigned long *encrypted_data_len)); | ||
828 | _CK_DECLARE_FUNCTION (C_EncryptUpdate, | ||
829 | (ck_session_handle_t session, | ||
830 | unsigned char *part, unsigned long part_len, | ||
831 | unsigned char *encrypted_part, | ||
832 | unsigned long *encrypted_part_len)); | ||
833 | _CK_DECLARE_FUNCTION (C_EncryptFinal, | ||
834 | (ck_session_handle_t session, | ||
835 | unsigned char *last_encrypted_part, | ||
836 | unsigned long *last_encrypted_part_len)); | ||
837 | |||
838 | _CK_DECLARE_FUNCTION (C_DecryptInit, | ||
839 | (ck_session_handle_t session, | ||
840 | struct ck_mechanism *mechanism, | ||
841 | ck_object_handle_t key)); | ||
842 | _CK_DECLARE_FUNCTION (C_Decrypt, | ||
843 | (ck_session_handle_t session, | ||
844 | unsigned char *encrypted_data, | ||
845 | unsigned long encrypted_data_len, | ||
846 | unsigned char *data, unsigned long *data_len)); | ||
847 | _CK_DECLARE_FUNCTION (C_DecryptUpdate, | ||
848 | (ck_session_handle_t session, | ||
849 | unsigned char *encrypted_part, | ||
850 | unsigned long encrypted_part_len, | ||
851 | unsigned char *part, unsigned long *part_len)); | ||
852 | _CK_DECLARE_FUNCTION (C_DecryptFinal, | ||
853 | (ck_session_handle_t session, | ||
854 | unsigned char *last_part, | ||
855 | unsigned long *last_part_len)); | ||
856 | |||
857 | _CK_DECLARE_FUNCTION (C_DigestInit, | ||
858 | (ck_session_handle_t session, | ||
859 | struct ck_mechanism *mechanism)); | ||
860 | _CK_DECLARE_FUNCTION (C_Digest, | ||
861 | (ck_session_handle_t session, | ||
862 | unsigned char *data, unsigned long data_len, | ||
863 | unsigned char *digest, | ||
864 | unsigned long *digest_len)); | ||
865 | _CK_DECLARE_FUNCTION (C_DigestUpdate, | ||
866 | (ck_session_handle_t session, | ||
867 | unsigned char *part, unsigned long part_len)); | ||
868 | _CK_DECLARE_FUNCTION (C_DigestKey, | ||
869 | (ck_session_handle_t session, ck_object_handle_t key)); | ||
870 | _CK_DECLARE_FUNCTION (C_DigestFinal, | ||
871 | (ck_session_handle_t session, | ||
872 | unsigned char *digest, | ||
873 | unsigned long *digest_len)); | ||
874 | |||
875 | _CK_DECLARE_FUNCTION (C_SignInit, | ||
876 | (ck_session_handle_t session, | ||
877 | struct ck_mechanism *mechanism, | ||
878 | ck_object_handle_t key)); | ||
879 | _CK_DECLARE_FUNCTION (C_Sign, | ||
880 | (ck_session_handle_t session, | ||
881 | unsigned char *data, unsigned long data_len, | ||
882 | unsigned char *signature, | ||
883 | unsigned long *signature_len)); | ||
884 | _CK_DECLARE_FUNCTION (C_SignUpdate, | ||
885 | (ck_session_handle_t session, | ||
886 | unsigned char *part, unsigned long part_len)); | ||
887 | _CK_DECLARE_FUNCTION (C_SignFinal, | ||
888 | (ck_session_handle_t session, | ||
889 | unsigned char *signature, | ||
890 | unsigned long *signature_len)); | ||
891 | _CK_DECLARE_FUNCTION (C_SignRecoverInit, | ||
892 | (ck_session_handle_t session, | ||
893 | struct ck_mechanism *mechanism, | ||
894 | ck_object_handle_t key)); | ||
895 | _CK_DECLARE_FUNCTION (C_SignRecover, | ||
896 | (ck_session_handle_t session, | ||
897 | unsigned char *data, unsigned long data_len, | ||
898 | unsigned char *signature, | ||
899 | unsigned long *signature_len)); | ||
900 | |||
901 | _CK_DECLARE_FUNCTION (C_VerifyInit, | ||
902 | (ck_session_handle_t session, | ||
903 | struct ck_mechanism *mechanism, | ||
904 | ck_object_handle_t key)); | ||
905 | _CK_DECLARE_FUNCTION (C_Verify, | ||
906 | (ck_session_handle_t session, | ||
907 | unsigned char *data, unsigned long data_len, | ||
908 | unsigned char *signature, | ||
909 | unsigned long signature_len)); | ||
910 | _CK_DECLARE_FUNCTION (C_VerifyUpdate, | ||
911 | (ck_session_handle_t session, | ||
912 | unsigned char *part, unsigned long part_len)); | ||
913 | _CK_DECLARE_FUNCTION (C_VerifyFinal, | ||
914 | (ck_session_handle_t session, | ||
915 | unsigned char *signature, | ||
916 | unsigned long signature_len)); | ||
917 | _CK_DECLARE_FUNCTION (C_VerifyRecoverInit, | ||
918 | (ck_session_handle_t session, | ||
919 | struct ck_mechanism *mechanism, | ||
920 | ck_object_handle_t key)); | ||
921 | _CK_DECLARE_FUNCTION (C_VerifyRecover, | ||
922 | (ck_session_handle_t session, | ||
923 | unsigned char *signature, | ||
924 | unsigned long signature_len, | ||
925 | unsigned char *data, | ||
926 | unsigned long *data_len)); | ||
927 | |||
928 | _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, | ||
929 | (ck_session_handle_t session, | ||
930 | unsigned char *part, unsigned long part_len, | ||
931 | unsigned char *encrypted_part, | ||
932 | unsigned long *encrypted_part_len)); | ||
933 | _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, | ||
934 | (ck_session_handle_t session, | ||
935 | unsigned char *encrypted_part, | ||
936 | unsigned long encrypted_part_len, | ||
937 | unsigned char *part, | ||
938 | unsigned long *part_len)); | ||
939 | _CK_DECLARE_FUNCTION (C_SignEncryptUpdate, | ||
940 | (ck_session_handle_t session, | ||
941 | unsigned char *part, unsigned long part_len, | ||
942 | unsigned char *encrypted_part, | ||
943 | unsigned long *encrypted_part_len)); | ||
944 | _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, | ||
945 | (ck_session_handle_t session, | ||
946 | unsigned char *encrypted_part, | ||
947 | unsigned long encrypted_part_len, | ||
948 | unsigned char *part, | ||
949 | unsigned long *part_len)); | ||
950 | |||
951 | _CK_DECLARE_FUNCTION (C_GenerateKey, | ||
952 | (ck_session_handle_t session, | ||
953 | struct ck_mechanism *mechanism, | ||
954 | struct ck_attribute *templ, | ||
955 | unsigned long count, | ||
956 | ck_object_handle_t *key)); | ||
957 | _CK_DECLARE_FUNCTION (C_GenerateKeyPair, | ||
958 | (ck_session_handle_t session, | ||
959 | struct ck_mechanism *mechanism, | ||
960 | struct ck_attribute *public_key_template, | ||
961 | unsigned long public_key_attribute_count, | ||
962 | struct ck_attribute *private_key_template, | ||
963 | unsigned long private_key_attribute_count, | ||
964 | ck_object_handle_t *public_key, | ||
965 | ck_object_handle_t *private_key)); | ||
966 | _CK_DECLARE_FUNCTION (C_WrapKey, | ||
967 | (ck_session_handle_t session, | ||
968 | struct ck_mechanism *mechanism, | ||
969 | ck_object_handle_t wrapping_key, | ||
970 | ck_object_handle_t key, | ||
971 | unsigned char *wrapped_key, | ||
972 | unsigned long *wrapped_key_len)); | ||
973 | _CK_DECLARE_FUNCTION (C_UnwrapKey, | ||
974 | (ck_session_handle_t session, | ||
975 | struct ck_mechanism *mechanism, | ||
976 | ck_object_handle_t unwrapping_key, | ||
977 | unsigned char *wrapped_key, | ||
978 | unsigned long wrapped_key_len, | ||
979 | struct ck_attribute *templ, | ||
980 | unsigned long attribute_count, | ||
981 | ck_object_handle_t *key)); | ||
982 | _CK_DECLARE_FUNCTION (C_DeriveKey, | ||
983 | (ck_session_handle_t session, | ||
984 | struct ck_mechanism *mechanism, | ||
985 | ck_object_handle_t base_key, | ||
986 | struct ck_attribute *templ, | ||
987 | unsigned long attribute_count, | ||
988 | ck_object_handle_t *key)); | ||
989 | |||
990 | _CK_DECLARE_FUNCTION (C_SeedRandom, | ||
991 | (ck_session_handle_t session, unsigned char *seed, | ||
992 | unsigned long seed_len)); | ||
993 | _CK_DECLARE_FUNCTION (C_GenerateRandom, | ||
994 | (ck_session_handle_t session, | ||
995 | unsigned char *random_data, | ||
996 | unsigned long random_len)); | ||
997 | |||
998 | _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); | ||
999 | _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); | ||
1000 | |||
1001 | |||
1002 | struct ck_function_list | ||
1003 | { | ||
1004 | struct ck_version version; | ||
1005 | CK_C_Initialize C_Initialize; | ||
1006 | CK_C_Finalize C_Finalize; | ||
1007 | CK_C_GetInfo C_GetInfo; | ||
1008 | CK_C_GetFunctionList C_GetFunctionList; | ||
1009 | CK_C_GetSlotList C_GetSlotList; | ||
1010 | CK_C_GetSlotInfo C_GetSlotInfo; | ||
1011 | CK_C_GetTokenInfo C_GetTokenInfo; | ||
1012 | CK_C_GetMechanismList C_GetMechanismList; | ||
1013 | CK_C_GetMechanismInfo C_GetMechanismInfo; | ||
1014 | CK_C_InitToken C_InitToken; | ||
1015 | CK_C_InitPIN C_InitPIN; | ||
1016 | CK_C_SetPIN C_SetPIN; | ||
1017 | CK_C_OpenSession C_OpenSession; | ||
1018 | CK_C_CloseSession C_CloseSession; | ||
1019 | CK_C_CloseAllSessions C_CloseAllSessions; | ||
1020 | CK_C_GetSessionInfo C_GetSessionInfo; | ||
1021 | CK_C_GetOperationState C_GetOperationState; | ||
1022 | CK_C_SetOperationState C_SetOperationState; | ||
1023 | CK_C_Login C_Login; | ||
1024 | CK_C_Logout C_Logout; | ||
1025 | CK_C_CreateObject C_CreateObject; | ||
1026 | CK_C_CopyObject C_CopyObject; | ||
1027 | CK_C_DestroyObject C_DestroyObject; | ||
1028 | CK_C_GetObjectSize C_GetObjectSize; | ||
1029 | CK_C_GetAttributeValue C_GetAttributeValue; | ||
1030 | CK_C_SetAttributeValue C_SetAttributeValue; | ||
1031 | CK_C_FindObjectsInit C_FindObjectsInit; | ||
1032 | CK_C_FindObjects C_FindObjects; | ||
1033 | CK_C_FindObjectsFinal C_FindObjectsFinal; | ||
1034 | CK_C_EncryptInit C_EncryptInit; | ||
1035 | CK_C_Encrypt C_Encrypt; | ||
1036 | CK_C_EncryptUpdate C_EncryptUpdate; | ||
1037 | CK_C_EncryptFinal C_EncryptFinal; | ||
1038 | CK_C_DecryptInit C_DecryptInit; | ||
1039 | CK_C_Decrypt C_Decrypt; | ||
1040 | CK_C_DecryptUpdate C_DecryptUpdate; | ||
1041 | CK_C_DecryptFinal C_DecryptFinal; | ||
1042 | CK_C_DigestInit C_DigestInit; | ||
1043 | CK_C_Digest C_Digest; | ||
1044 | CK_C_DigestUpdate C_DigestUpdate; | ||
1045 | CK_C_DigestKey C_DigestKey; | ||
1046 | CK_C_DigestFinal C_DigestFinal; | ||
1047 | CK_C_SignInit C_SignInit; | ||
1048 | CK_C_Sign C_Sign; | ||
1049 | CK_C_SignUpdate C_SignUpdate; | ||
1050 | CK_C_SignFinal C_SignFinal; | ||
1051 | CK_C_SignRecoverInit C_SignRecoverInit; | ||
1052 | CK_C_SignRecover C_SignRecover; | ||
1053 | CK_C_VerifyInit C_VerifyInit; | ||
1054 | CK_C_Verify C_Verify; | ||
1055 | CK_C_VerifyUpdate C_VerifyUpdate; | ||
1056 | CK_C_VerifyFinal C_VerifyFinal; | ||
1057 | CK_C_VerifyRecoverInit C_VerifyRecoverInit; | ||
1058 | CK_C_VerifyRecover C_VerifyRecover; | ||
1059 | CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; | ||
1060 | CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; | ||
1061 | CK_C_SignEncryptUpdate C_SignEncryptUpdate; | ||
1062 | CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; | ||
1063 | CK_C_GenerateKey C_GenerateKey; | ||
1064 | CK_C_GenerateKeyPair C_GenerateKeyPair; | ||
1065 | CK_C_WrapKey C_WrapKey; | ||
1066 | CK_C_UnwrapKey C_UnwrapKey; | ||
1067 | CK_C_DeriveKey C_DeriveKey; | ||
1068 | CK_C_SeedRandom C_SeedRandom; | ||
1069 | CK_C_GenerateRandom C_GenerateRandom; | ||
1070 | CK_C_GetFunctionStatus C_GetFunctionStatus; | ||
1071 | CK_C_CancelFunction C_CancelFunction; | ||
1072 | CK_C_WaitForSlotEvent C_WaitForSlotEvent; | ||
1073 | }; | ||
1074 | |||
1075 | |||
1076 | typedef ck_rv_t (*ck_createmutex_t) (void **mutex); | ||
1077 | typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); | ||
1078 | typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); | ||
1079 | typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); | ||
1080 | |||
1081 | |||
1082 | struct ck_c_initialize_args | ||
1083 | { | ||
1084 | ck_createmutex_t create_mutex; | ||
1085 | ck_destroymutex_t destroy_mutex; | ||
1086 | ck_lockmutex_t lock_mutex; | ||
1087 | ck_unlockmutex_t unlock_mutex; | ||
1088 | ck_flags_t flags; | ||
1089 | void *reserved; | ||
1090 | }; | ||
1091 | |||
1092 | |||
1093 | #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) | ||
1094 | #define CKF_OS_LOCKING_OK (1 << 1) | ||
1095 | |||
1096 | #define CKR_OK (0) | ||
1097 | #define CKR_CANCEL (1) | ||
1098 | #define CKR_HOST_MEMORY (2) | ||
1099 | #define CKR_SLOT_ID_INVALID (3) | ||
1100 | #define CKR_GENERAL_ERROR (5) | ||
1101 | #define CKR_FUNCTION_FAILED (6) | ||
1102 | #define CKR_ARGUMENTS_BAD (7) | ||
1103 | #define CKR_NO_EVENT (8) | ||
1104 | #define CKR_NEED_TO_CREATE_THREADS (9) | ||
1105 | #define CKR_CANT_LOCK (0xa) | ||
1106 | #define CKR_ATTRIBUTE_READ_ONLY (0x10) | ||
1107 | #define CKR_ATTRIBUTE_SENSITIVE (0x11) | ||
1108 | #define CKR_ATTRIBUTE_TYPE_INVALID (0x12) | ||
1109 | #define CKR_ATTRIBUTE_VALUE_INVALID (0x13) | ||
1110 | #define CKR_DATA_INVALID (0x20) | ||
1111 | #define CKR_DATA_LEN_RANGE (0x21) | ||
1112 | #define CKR_DEVICE_ERROR (0x30) | ||
1113 | #define CKR_DEVICE_MEMORY (0x31) | ||
1114 | #define CKR_DEVICE_REMOVED (0x32) | ||
1115 | #define CKR_ENCRYPTED_DATA_INVALID (0x40) | ||
1116 | #define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41) | ||
1117 | #define CKR_FUNCTION_CANCELED (0x50) | ||
1118 | #define CKR_FUNCTION_NOT_PARALLEL (0x51) | ||
1119 | #define CKR_FUNCTION_NOT_SUPPORTED (0x54) | ||
1120 | #define CKR_KEY_HANDLE_INVALID (0x60) | ||
1121 | #define CKR_KEY_SIZE_RANGE (0x62) | ||
1122 | #define CKR_KEY_TYPE_INCONSISTENT (0x63) | ||
1123 | #define CKR_KEY_NOT_NEEDED (0x64) | ||
1124 | #define CKR_KEY_CHANGED (0x65) | ||
1125 | #define CKR_KEY_NEEDED (0x66) | ||
1126 | #define CKR_KEY_INDIGESTIBLE (0x67) | ||
1127 | #define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68) | ||
1128 | #define CKR_KEY_NOT_WRAPPABLE (0x69) | ||
1129 | #define CKR_KEY_UNEXTRACTABLE (0x6a) | ||
1130 | #define CKR_MECHANISM_INVALID (0x70) | ||
1131 | #define CKR_MECHANISM_PARAM_INVALID (0x71) | ||
1132 | #define CKR_OBJECT_HANDLE_INVALID (0x82) | ||
1133 | #define CKR_OPERATION_ACTIVE (0x90) | ||
1134 | #define CKR_OPERATION_NOT_INITIALIZED (0x91) | ||
1135 | #define CKR_PIN_INCORRECT (0xa0) | ||
1136 | #define CKR_PIN_INVALID (0xa1) | ||
1137 | #define CKR_PIN_LEN_RANGE (0xa2) | ||
1138 | #define CKR_PIN_EXPIRED (0xa3) | ||
1139 | #define CKR_PIN_LOCKED (0xa4) | ||
1140 | #define CKR_SESSION_CLOSED (0xb0) | ||
1141 | #define CKR_SESSION_COUNT (0xb1) | ||
1142 | #define CKR_SESSION_HANDLE_INVALID (0xb3) | ||
1143 | #define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4) | ||
1144 | #define CKR_SESSION_READ_ONLY (0xb5) | ||
1145 | #define CKR_SESSION_EXISTS (0xb6) | ||
1146 | #define CKR_SESSION_READ_ONLY_EXISTS (0xb7) | ||
1147 | #define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8) | ||
1148 | #define CKR_SIGNATURE_INVALID (0xc0) | ||
1149 | #define CKR_SIGNATURE_LEN_RANGE (0xc1) | ||
1150 | #define CKR_TEMPLATE_INCOMPLETE (0xd0) | ||
1151 | #define CKR_TEMPLATE_INCONSISTENT (0xd1) | ||
1152 | #define CKR_TOKEN_NOT_PRESENT (0xe0) | ||
1153 | #define CKR_TOKEN_NOT_RECOGNIZED (0xe1) | ||
1154 | #define CKR_TOKEN_WRITE_PROTECTED (0xe2) | ||
1155 | #define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0) | ||
1156 | #define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1) | ||
1157 | #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2) | ||
1158 | #define CKR_USER_ALREADY_LOGGED_IN (0x100) | ||
1159 | #define CKR_USER_NOT_LOGGED_IN (0x101) | ||
1160 | #define CKR_USER_PIN_NOT_INITIALIZED (0x102) | ||
1161 | #define CKR_USER_TYPE_INVALID (0x103) | ||
1162 | #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104) | ||
1163 | #define CKR_USER_TOO_MANY_TYPES (0x105) | ||
1164 | #define CKR_WRAPPED_KEY_INVALID (0x110) | ||
1165 | #define CKR_WRAPPED_KEY_LEN_RANGE (0x112) | ||
1166 | #define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113) | ||
1167 | #define CKR_WRAPPING_KEY_SIZE_RANGE (0x114) | ||
1168 | #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115) | ||
1169 | #define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120) | ||
1170 | #define CKR_RANDOM_NO_RNG (0x121) | ||
1171 | #define CKR_DOMAIN_PARAMS_INVALID (0x130) | ||
1172 | #define CKR_BUFFER_TOO_SMALL (0x150) | ||
1173 | #define CKR_SAVED_STATE_INVALID (0x160) | ||
1174 | #define CKR_INFORMATION_SENSITIVE (0x170) | ||
1175 | #define CKR_STATE_UNSAVEABLE (0x180) | ||
1176 | #define CKR_CRYPTOKI_NOT_INITIALIZED (0x190) | ||
1177 | #define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191) | ||
1178 | #define CKR_MUTEX_BAD (0x1a0) | ||
1179 | #define CKR_MUTEX_NOT_LOCKED (0x1a1) | ||
1180 | #define CKR_FUNCTION_REJECTED (0x200) | ||
1181 | #define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31)) | ||
1182 | |||
1183 | |||
1184 | |||
1185 | /* Compatibility layer. */ | ||
1186 | |||
1187 | #ifdef CRYPTOKI_COMPAT | ||
1188 | |||
1189 | #undef CK_DEFINE_FUNCTION | ||
1190 | #define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name | ||
1191 | |||
1192 | /* For NULL. */ | ||
1193 | #include <stddef.h> | ||
1194 | |||
1195 | typedef unsigned char CK_BYTE; | ||
1196 | typedef unsigned char CK_CHAR; | ||
1197 | typedef unsigned char CK_UTF8CHAR; | ||
1198 | typedef unsigned char CK_BBOOL; | ||
1199 | typedef unsigned long int CK_ULONG; | ||
1200 | typedef long int CK_LONG; | ||
1201 | typedef CK_BYTE *CK_BYTE_PTR; | ||
1202 | typedef CK_CHAR *CK_CHAR_PTR; | ||
1203 | typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; | ||
1204 | typedef CK_ULONG *CK_ULONG_PTR; | ||
1205 | typedef void *CK_VOID_PTR; | ||
1206 | typedef void **CK_VOID_PTR_PTR; | ||
1207 | #define CK_FALSE 0 | ||
1208 | #define CK_TRUE 1 | ||
1209 | #ifndef CK_DISABLE_TRUE_FALSE | ||
1210 | #ifndef FALSE | ||
1211 | #define FALSE 0 | ||
1212 | #endif | ||
1213 | #ifndef TRUE | ||
1214 | #define TRUE 1 | ||
1215 | #endif | ||
1216 | #endif | ||
1217 | |||
1218 | typedef struct ck_version CK_VERSION; | ||
1219 | typedef struct ck_version *CK_VERSION_PTR; | ||
1220 | |||
1221 | typedef struct ck_info CK_INFO; | ||
1222 | typedef struct ck_info *CK_INFO_PTR; | ||
1223 | |||
1224 | typedef ck_slot_id_t *CK_SLOT_ID_PTR; | ||
1225 | |||
1226 | typedef struct ck_slot_info CK_SLOT_INFO; | ||
1227 | typedef struct ck_slot_info *CK_SLOT_INFO_PTR; | ||
1228 | |||
1229 | typedef struct ck_token_info CK_TOKEN_INFO; | ||
1230 | typedef struct ck_token_info *CK_TOKEN_INFO_PTR; | ||
1231 | |||
1232 | typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; | ||
1233 | |||
1234 | typedef struct ck_session_info CK_SESSION_INFO; | ||
1235 | typedef struct ck_session_info *CK_SESSION_INFO_PTR; | ||
1236 | |||
1237 | typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; | ||
1238 | |||
1239 | typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; | ||
1240 | |||
1241 | typedef struct ck_attribute CK_ATTRIBUTE; | ||
1242 | typedef struct ck_attribute *CK_ATTRIBUTE_PTR; | ||
1243 | |||
1244 | typedef struct ck_date CK_DATE; | ||
1245 | typedef struct ck_date *CK_DATE_PTR; | ||
1246 | |||
1247 | typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; | ||
1248 | |||
1249 | typedef struct ck_mechanism CK_MECHANISM; | ||
1250 | typedef struct ck_mechanism *CK_MECHANISM_PTR; | ||
1251 | |||
1252 | typedef struct ck_mechanism_info CK_MECHANISM_INFO; | ||
1253 | typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; | ||
1254 | |||
1255 | typedef struct ck_function_list CK_FUNCTION_LIST; | ||
1256 | typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; | ||
1257 | typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; | ||
1258 | |||
1259 | typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; | ||
1260 | typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; | ||
1261 | |||
1262 | #define NULL_PTR NULL | ||
1263 | |||
1264 | /* Delete the helper macros defined at the top of the file. */ | ||
1265 | #undef ck_flags_t | ||
1266 | #undef ck_version | ||
1267 | |||
1268 | #undef ck_info | ||
1269 | #undef cryptoki_version | ||
1270 | #undef manufacturer_id | ||
1271 | #undef library_description | ||
1272 | #undef library_version | ||
1273 | |||
1274 | #undef ck_notification_t | ||
1275 | #undef ck_slot_id_t | ||
1276 | |||
1277 | #undef ck_slot_info | ||
1278 | #undef slot_description | ||
1279 | #undef hardware_version | ||
1280 | #undef firmware_version | ||
1281 | |||
1282 | #undef ck_token_info | ||
1283 | #undef serial_number | ||
1284 | #undef max_session_count | ||
1285 | #undef session_count | ||
1286 | #undef max_rw_session_count | ||
1287 | #undef rw_session_count | ||
1288 | #undef max_pin_len | ||
1289 | #undef min_pin_len | ||
1290 | #undef total_public_memory | ||
1291 | #undef free_public_memory | ||
1292 | #undef total_private_memory | ||
1293 | #undef free_private_memory | ||
1294 | #undef utc_time | ||
1295 | |||
1296 | #undef ck_session_handle_t | ||
1297 | #undef ck_user_type_t | ||
1298 | #undef ck_state_t | ||
1299 | |||
1300 | #undef ck_session_info | ||
1301 | #undef slot_id | ||
1302 | #undef device_error | ||
1303 | |||
1304 | #undef ck_object_handle_t | ||
1305 | #undef ck_object_class_t | ||
1306 | #undef ck_hw_feature_type_t | ||
1307 | #undef ck_key_type_t | ||
1308 | #undef ck_certificate_type_t | ||
1309 | #undef ck_attribute_type_t | ||
1310 | |||
1311 | #undef ck_attribute | ||
1312 | #undef value | ||
1313 | #undef value_len | ||
1314 | |||
1315 | #undef ck_date | ||
1316 | |||
1317 | #undef ck_mechanism_type_t | ||
1318 | |||
1319 | #undef ck_mechanism | ||
1320 | #undef parameter | ||
1321 | #undef parameter_len | ||
1322 | |||
1323 | #undef ck_mechanism_info | ||
1324 | #undef min_key_size | ||
1325 | #undef max_key_size | ||
1326 | |||
1327 | #undef ck_rv_t | ||
1328 | #undef ck_notify_t | ||
1329 | |||
1330 | #undef ck_function_list | ||
1331 | |||
1332 | #undef ck_createmutex_t | ||
1333 | #undef ck_destroymutex_t | ||
1334 | #undef ck_lockmutex_t | ||
1335 | #undef ck_unlockmutex_t | ||
1336 | |||
1337 | #undef ck_c_initialize_args | ||
1338 | #undef create_mutex | ||
1339 | #undef destroy_mutex | ||
1340 | #undef lock_mutex | ||
1341 | #undef unlock_mutex | ||
1342 | #undef reserved | ||
1343 | |||
1344 | #endif /* CRYPTOKI_COMPAT */ | ||
1345 | |||
1346 | |||
1347 | /* System dependencies. */ | ||
1348 | #if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) | ||
1349 | #pragma pack(pop, cryptoki) | ||
1350 | #endif | ||
1351 | |||
1352 | #if defined(__cplusplus) | ||
1353 | } | ||
1354 | #endif | ||
1355 | |||
1356 | #endif /* PKCS11_H */ | ||
diff --git a/scard-opensc.c b/scard-opensc.c deleted file mode 100644 index 36dae05fd..000000000 --- a/scard-opensc.c +++ /dev/null | |||
@@ -1,532 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (c) 2002 Juha Yrjölä. All rights reserved. | ||
3 | * Copyright (c) 2001 Markus Friedl. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | #include "includes.h" | ||
27 | #if defined(SMARTCARD) && defined(USE_OPENSC) | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | |||
31 | #include <openssl/evp.h> | ||
32 | #include <openssl/x509.h> | ||
33 | |||
34 | #include <stdarg.h> | ||
35 | #include <string.h> | ||
36 | |||
37 | #include <opensc/opensc.h> | ||
38 | #include <opensc/pkcs15.h> | ||
39 | |||
40 | #include "key.h" | ||
41 | #include "log.h" | ||
42 | #include "xmalloc.h" | ||
43 | #include "misc.h" | ||
44 | #include "scard.h" | ||
45 | |||
46 | #if OPENSSL_VERSION_NUMBER < 0x00907000L && defined(CRYPTO_LOCK_ENGINE) | ||
47 | #define USE_ENGINE | ||
48 | #define RSA_get_default_method RSA_get_default_openssl_method | ||
49 | #else | ||
50 | #endif | ||
51 | |||
52 | #ifdef USE_ENGINE | ||
53 | #include <openssl/engine.h> | ||
54 | #define sc_get_rsa sc_get_engine | ||
55 | #else | ||
56 | #define sc_get_rsa sc_get_rsa_method | ||
57 | #endif | ||
58 | |||
59 | static int sc_reader_id; | ||
60 | static sc_context_t *ctx = NULL; | ||
61 | static sc_card_t *card = NULL; | ||
62 | static sc_pkcs15_card_t *p15card = NULL; | ||
63 | |||
64 | static char *sc_pin = NULL; | ||
65 | |||
66 | struct sc_priv_data | ||
67 | { | ||
68 | struct sc_pkcs15_id cert_id; | ||
69 | int ref_count; | ||
70 | }; | ||
71 | |||
72 | void | ||
73 | sc_close(void) | ||
74 | { | ||
75 | if (p15card) { | ||
76 | sc_pkcs15_unbind(p15card); | ||
77 | p15card = NULL; | ||
78 | } | ||
79 | if (card) { | ||
80 | sc_disconnect_card(card, 0); | ||
81 | card = NULL; | ||
82 | } | ||
83 | if (ctx) { | ||
84 | sc_release_context(ctx); | ||
85 | ctx = NULL; | ||
86 | } | ||
87 | } | ||
88 | |||
89 | static int | ||
90 | sc_init(void) | ||
91 | { | ||
92 | int r; | ||
93 | |||
94 | r = sc_establish_context(&ctx, "openssh"); | ||
95 | if (r) | ||
96 | goto err; | ||
97 | if (sc_reader_id >= ctx->reader_count) { | ||
98 | r = SC_ERROR_NO_READERS_FOUND; | ||
99 | error("Illegal reader number %d (max %d)", sc_reader_id, | ||
100 | ctx->reader_count -1); | ||
101 | goto err; | ||
102 | } | ||
103 | r = sc_connect_card(ctx->reader[sc_reader_id], 0, &card); | ||
104 | if (r) | ||
105 | goto err; | ||
106 | r = sc_pkcs15_bind(card, &p15card); | ||
107 | if (r) | ||
108 | goto err; | ||
109 | return 0; | ||
110 | err: | ||
111 | sc_close(); | ||
112 | return r; | ||
113 | } | ||
114 | |||
115 | /* private key operations */ | ||
116 | |||
117 | static int | ||
118 | sc_prkey_op_init(RSA *rsa, struct sc_pkcs15_object **key_obj_out, | ||
119 | unsigned int usage) | ||
120 | { | ||
121 | int r; | ||
122 | struct sc_priv_data *priv; | ||
123 | struct sc_pkcs15_object *key_obj; | ||
124 | struct sc_pkcs15_prkey_info *key; | ||
125 | struct sc_pkcs15_object *pin_obj; | ||
126 | struct sc_pkcs15_pin_info *pin; | ||
127 | |||
128 | priv = (struct sc_priv_data *) RSA_get_app_data(rsa); | ||
129 | if (priv == NULL) | ||
130 | return -1; | ||
131 | if (p15card == NULL) { | ||
132 | sc_close(); | ||
133 | r = sc_init(); | ||
134 | if (r) { | ||
135 | error("SmartCard init failed: %s", sc_strerror(r)); | ||
136 | goto err; | ||
137 | } | ||
138 | } | ||
139 | r = sc_pkcs15_find_prkey_by_id_usage(p15card, &priv->cert_id, | ||
140 | usage, &key_obj); | ||
141 | if (r) { | ||
142 | error("Unable to find private key from SmartCard: %s", | ||
143 | sc_strerror(r)); | ||
144 | goto err; | ||
145 | } | ||
146 | key = key_obj->data; | ||
147 | r = sc_pkcs15_find_pin_by_auth_id(p15card, &key_obj->auth_id, | ||
148 | &pin_obj); | ||
149 | if (r == SC_ERROR_OBJECT_NOT_FOUND) { | ||
150 | /* no pin required */ | ||
151 | r = sc_lock(card); | ||
152 | if (r) { | ||
153 | error("Unable to lock smartcard: %s", sc_strerror(r)); | ||
154 | goto err; | ||
155 | } | ||
156 | *key_obj_out = key_obj; | ||
157 | return 0; | ||
158 | } else if (r) { | ||
159 | error("Unable to find PIN object from SmartCard: %s", | ||
160 | sc_strerror(r)); | ||
161 | goto err; | ||
162 | } | ||
163 | pin = pin_obj->data; | ||
164 | r = sc_lock(card); | ||
165 | if (r) { | ||
166 | error("Unable to lock smartcard: %s", sc_strerror(r)); | ||
167 | goto err; | ||
168 | } | ||
169 | if (sc_pin != NULL) { | ||
170 | r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, | ||
171 | strlen(sc_pin)); | ||
172 | if (r) { | ||
173 | sc_unlock(card); | ||
174 | error("PIN code verification failed: %s", | ||
175 | sc_strerror(r)); | ||
176 | goto err; | ||
177 | } | ||
178 | } | ||
179 | *key_obj_out = key_obj; | ||
180 | return 0; | ||
181 | err: | ||
182 | sc_close(); | ||
183 | return -1; | ||
184 | } | ||
185 | |||
186 | #define SC_USAGE_DECRYPT SC_PKCS15_PRKEY_USAGE_DECRYPT | \ | ||
187 | SC_PKCS15_PRKEY_USAGE_UNWRAP | ||
188 | |||
189 | static int | ||
190 | sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, | ||
191 | int padding) | ||
192 | { | ||
193 | struct sc_pkcs15_object *key_obj; | ||
194 | int r; | ||
195 | |||
196 | if (padding != RSA_PKCS1_PADDING) | ||
197 | return -1; | ||
198 | r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_DECRYPT); | ||
199 | if (r) | ||
200 | return -1; | ||
201 | r = sc_pkcs15_decipher(p15card, key_obj, SC_ALGORITHM_RSA_PAD_PKCS1, | ||
202 | from, flen, to, flen); | ||
203 | sc_unlock(card); | ||
204 | if (r < 0) { | ||
205 | error("sc_pkcs15_decipher() failed: %s", sc_strerror(r)); | ||
206 | goto err; | ||
207 | } | ||
208 | return r; | ||
209 | err: | ||
210 | sc_close(); | ||
211 | return -1; | ||
212 | } | ||
213 | |||
214 | #define SC_USAGE_SIGN SC_PKCS15_PRKEY_USAGE_SIGN | \ | ||
215 | SC_PKCS15_PRKEY_USAGE_SIGNRECOVER | ||
216 | |||
217 | static int | ||
218 | sc_sign(int type, u_char *m, unsigned int m_len, | ||
219 | unsigned char *sigret, unsigned int *siglen, RSA *rsa) | ||
220 | { | ||
221 | struct sc_pkcs15_object *key_obj; | ||
222 | int r; | ||
223 | unsigned long flags = 0; | ||
224 | |||
225 | /* XXX: sc_prkey_op_init will search for a pkcs15 private | ||
226 | * key object with the sign or signrecover usage flag set. | ||
227 | * If the signing key has only the non-repudiation flag set | ||
228 | * the key will be rejected as using a non-repudiation key | ||
229 | * for authentication is not recommended. Note: This does not | ||
230 | * prevent the use of a non-repudiation key for authentication | ||
231 | * if the sign or signrecover flag is set as well. | ||
232 | */ | ||
233 | r = sc_prkey_op_init(rsa, &key_obj, SC_USAGE_SIGN); | ||
234 | if (r) | ||
235 | return -1; | ||
236 | /* FIXME: length of sigret correct? */ | ||
237 | /* FIXME: check 'type' and modify flags accordingly */ | ||
238 | flags = SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1; | ||
239 | r = sc_pkcs15_compute_signature(p15card, key_obj, flags, | ||
240 | m, m_len, sigret, RSA_size(rsa)); | ||
241 | sc_unlock(card); | ||
242 | if (r < 0) { | ||
243 | error("sc_pkcs15_compute_signature() failed: %s", | ||
244 | sc_strerror(r)); | ||
245 | goto err; | ||
246 | } | ||
247 | *siglen = r; | ||
248 | return 1; | ||
249 | err: | ||
250 | sc_close(); | ||
251 | return 0; | ||
252 | } | ||
253 | |||
254 | static int | ||
255 | sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, | ||
256 | int padding) | ||
257 | { | ||
258 | error("Private key encryption not supported"); | ||
259 | return -1; | ||
260 | } | ||
261 | |||
262 | /* called on free */ | ||
263 | |||
264 | static int (*orig_finish)(RSA *rsa) = NULL; | ||
265 | |||
266 | static int | ||
267 | sc_finish(RSA *rsa) | ||
268 | { | ||
269 | struct sc_priv_data *priv; | ||
270 | |||
271 | priv = RSA_get_app_data(rsa); | ||
272 | priv->ref_count--; | ||
273 | if (priv->ref_count == 0) { | ||
274 | free(priv); | ||
275 | sc_close(); | ||
276 | } | ||
277 | if (orig_finish) | ||
278 | orig_finish(rsa); | ||
279 | return 1; | ||
280 | } | ||
281 | |||
282 | /* engine for overloading private key operations */ | ||
283 | |||
284 | static RSA_METHOD * | ||
285 | sc_get_rsa_method(void) | ||
286 | { | ||
287 | static RSA_METHOD smart_rsa; | ||
288 | const RSA_METHOD *def = RSA_get_default_method(); | ||
289 | |||
290 | /* use the OpenSSL version */ | ||
291 | memcpy(&smart_rsa, def, sizeof(smart_rsa)); | ||
292 | |||
293 | smart_rsa.name = "opensc"; | ||
294 | |||
295 | /* overload */ | ||
296 | smart_rsa.rsa_priv_enc = sc_private_encrypt; | ||
297 | smart_rsa.rsa_priv_dec = sc_private_decrypt; | ||
298 | smart_rsa.rsa_sign = sc_sign; | ||
299 | |||
300 | /* save original */ | ||
301 | orig_finish = def->finish; | ||
302 | smart_rsa.finish = sc_finish; | ||
303 | |||
304 | return &smart_rsa; | ||
305 | } | ||
306 | |||
307 | #ifdef USE_ENGINE | ||
308 | static ENGINE * | ||
309 | sc_get_engine(void) | ||
310 | { | ||
311 | static ENGINE *smart_engine = NULL; | ||
312 | |||
313 | if ((smart_engine = ENGINE_new()) == NULL) | ||
314 | fatal("ENGINE_new failed"); | ||
315 | |||
316 | ENGINE_set_id(smart_engine, "opensc"); | ||
317 | ENGINE_set_name(smart_engine, "OpenSC"); | ||
318 | |||
319 | ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); | ||
320 | ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); | ||
321 | ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); | ||
322 | ENGINE_set_RAND(smart_engine, RAND_SSLeay()); | ||
323 | ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp); | ||
324 | |||
325 | return smart_engine; | ||
326 | } | ||
327 | #endif | ||
328 | |||
329 | static void | ||
330 | convert_rsa_to_rsa1(Key * in, Key * out) | ||
331 | { | ||
332 | struct sc_priv_data *priv; | ||
333 | |||
334 | out->rsa->flags = in->rsa->flags; | ||
335 | out->flags = in->flags; | ||
336 | RSA_set_method(out->rsa, RSA_get_method(in->rsa)); | ||
337 | BN_copy(out->rsa->n, in->rsa->n); | ||
338 | BN_copy(out->rsa->e, in->rsa->e); | ||
339 | priv = RSA_get_app_data(in->rsa); | ||
340 | priv->ref_count++; | ||
341 | RSA_set_app_data(out->rsa, priv); | ||
342 | return; | ||
343 | } | ||
344 | |||
345 | static int | ||
346 | sc_read_pubkey(Key * k, const struct sc_pkcs15_object *cert_obj) | ||
347 | { | ||
348 | int r; | ||
349 | sc_pkcs15_cert_t *cert = NULL; | ||
350 | struct sc_priv_data *priv = NULL; | ||
351 | sc_pkcs15_cert_info_t *cinfo = cert_obj->data; | ||
352 | |||
353 | X509 *x509 = NULL; | ||
354 | EVP_PKEY *pubkey = NULL; | ||
355 | u8 *p; | ||
356 | char *tmp; | ||
357 | |||
358 | debug("sc_read_pubkey() with cert id %02X", cinfo->id.value[0]); | ||
359 | r = sc_pkcs15_read_certificate(p15card, cinfo, &cert); | ||
360 | if (r) { | ||
361 | logit("Certificate read failed: %s", sc_strerror(r)); | ||
362 | goto err; | ||
363 | } | ||
364 | x509 = X509_new(); | ||
365 | if (x509 == NULL) { | ||
366 | r = -1; | ||
367 | goto err; | ||
368 | } | ||
369 | p = cert->data; | ||
370 | if (!d2i_X509(&x509, &p, cert->data_len)) { | ||
371 | logit("Unable to parse X.509 certificate"); | ||
372 | r = -1; | ||
373 | goto err; | ||
374 | } | ||
375 | sc_pkcs15_free_certificate(cert); | ||
376 | cert = NULL; | ||
377 | pubkey = X509_get_pubkey(x509); | ||
378 | X509_free(x509); | ||
379 | x509 = NULL; | ||
380 | if (pubkey->type != EVP_PKEY_RSA) { | ||
381 | logit("Public key is of unknown type"); | ||
382 | r = -1; | ||
383 | goto err; | ||
384 | } | ||
385 | k->rsa = EVP_PKEY_get1_RSA(pubkey); | ||
386 | EVP_PKEY_free(pubkey); | ||
387 | |||
388 | k->rsa->flags |= RSA_FLAG_SIGN_VER; | ||
389 | RSA_set_method(k->rsa, sc_get_rsa_method()); | ||
390 | priv = xmalloc(sizeof(struct sc_priv_data)); | ||
391 | priv->cert_id = cinfo->id; | ||
392 | priv->ref_count = 1; | ||
393 | RSA_set_app_data(k->rsa, priv); | ||
394 | |||
395 | k->flags = KEY_FLAG_EXT; | ||
396 | tmp = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); | ||
397 | debug("fingerprint %d %s", key_size(k), tmp); | ||
398 | xfree(tmp); | ||
399 | |||
400 | return 0; | ||
401 | err: | ||
402 | if (cert) | ||
403 | sc_pkcs15_free_certificate(cert); | ||
404 | if (pubkey) | ||
405 | EVP_PKEY_free(pubkey); | ||
406 | if (x509) | ||
407 | X509_free(x509); | ||
408 | return r; | ||
409 | } | ||
410 | |||
411 | Key ** | ||
412 | sc_get_keys(const char *id, const char *pin) | ||
413 | { | ||
414 | Key *k, **keys; | ||
415 | int i, r, real_count = 0, key_count; | ||
416 | sc_pkcs15_id_t cert_id; | ||
417 | sc_pkcs15_object_t *certs[32]; | ||
418 | char *buf = xstrdup(id), *p; | ||
419 | |||
420 | debug("sc_get_keys called: id = %s", id); | ||
421 | |||
422 | if (sc_pin != NULL) | ||
423 | xfree(sc_pin); | ||
424 | sc_pin = (pin == NULL) ? NULL : xstrdup(pin); | ||
425 | |||
426 | cert_id.len = 0; | ||
427 | if ((p = strchr(buf, ':')) != NULL) { | ||
428 | *p = 0; | ||
429 | p++; | ||
430 | sc_pkcs15_hex_string_to_id(p, &cert_id); | ||
431 | } | ||
432 | r = sscanf(buf, "%d", &sc_reader_id); | ||
433 | xfree(buf); | ||
434 | if (r != 1) | ||
435 | goto err; | ||
436 | if (p15card == NULL) { | ||
437 | sc_close(); | ||
438 | r = sc_init(); | ||
439 | if (r) { | ||
440 | error("Smartcard init failed: %s", sc_strerror(r)); | ||
441 | goto err; | ||
442 | } | ||
443 | } | ||
444 | if (cert_id.len) { | ||
445 | r = sc_pkcs15_find_cert_by_id(p15card, &cert_id, &certs[0]); | ||
446 | if (r < 0) | ||
447 | goto err; | ||
448 | key_count = 1; | ||
449 | } else { | ||
450 | r = sc_pkcs15_get_objects(p15card, SC_PKCS15_TYPE_CERT_X509, | ||
451 | certs, 32); | ||
452 | if (r == 0) { | ||
453 | logit("No certificates found on smartcard"); | ||
454 | r = -1; | ||
455 | goto err; | ||
456 | } else if (r < 0) { | ||
457 | error("Certificate enumeration failed: %s", | ||
458 | sc_strerror(r)); | ||
459 | goto err; | ||
460 | } | ||
461 | key_count = r; | ||
462 | } | ||
463 | if (key_count > 1024) | ||
464 | fatal("Too many keys (%u), expected <= 1024", key_count); | ||
465 | keys = xcalloc(key_count * 2 + 1, sizeof(Key *)); | ||
466 | for (i = 0; i < key_count; i++) { | ||
467 | sc_pkcs15_object_t *tmp_obj = NULL; | ||
468 | cert_id = ((sc_pkcs15_cert_info_t *)(certs[i]->data))->id; | ||
469 | if (sc_pkcs15_find_prkey_by_id(p15card, &cert_id, &tmp_obj)) | ||
470 | /* skip the public key (certificate) if no | ||
471 | * corresponding private key is present */ | ||
472 | continue; | ||
473 | k = key_new(KEY_RSA); | ||
474 | if (k == NULL) | ||
475 | break; | ||
476 | r = sc_read_pubkey(k, certs[i]); | ||
477 | if (r) { | ||
478 | error("sc_read_pubkey failed: %s", sc_strerror(r)); | ||
479 | key_free(k); | ||
480 | continue; | ||
481 | } | ||
482 | keys[real_count] = k; | ||
483 | real_count++; | ||
484 | k = key_new(KEY_RSA1); | ||
485 | if (k == NULL) | ||
486 | break; | ||
487 | convert_rsa_to_rsa1(keys[real_count-1], k); | ||
488 | keys[real_count] = k; | ||
489 | real_count++; | ||
490 | } | ||
491 | keys[real_count] = NULL; | ||
492 | |||
493 | return keys; | ||
494 | err: | ||
495 | sc_close(); | ||
496 | return NULL; | ||
497 | } | ||
498 | |||
499 | int | ||
500 | sc_put_key(Key *prv, const char *id) | ||
501 | { | ||
502 | error("key uploading not yet supported"); | ||
503 | return -1; | ||
504 | } | ||
505 | |||
506 | char * | ||
507 | sc_get_key_label(Key *key) | ||
508 | { | ||
509 | int r; | ||
510 | const struct sc_priv_data *priv; | ||
511 | struct sc_pkcs15_object *key_obj; | ||
512 | |||
513 | priv = (const struct sc_priv_data *) RSA_get_app_data(key->rsa); | ||
514 | if (priv == NULL || p15card == NULL) { | ||
515 | logit("SmartCard key not loaded"); | ||
516 | /* internal error => return default label */ | ||
517 | return xstrdup("smartcard key"); | ||
518 | } | ||
519 | r = sc_pkcs15_find_prkey_by_id(p15card, &priv->cert_id, &key_obj); | ||
520 | if (r) { | ||
521 | logit("Unable to find private key from SmartCard: %s", | ||
522 | sc_strerror(r)); | ||
523 | return xstrdup("smartcard key"); | ||
524 | } | ||
525 | if (key_obj == NULL || key_obj->label == NULL) | ||
526 | /* the optional PKCS#15 label does not exists | ||
527 | * => return the default label */ | ||
528 | return xstrdup("smartcard key"); | ||
529 | return xstrdup(key_obj->label); | ||
530 | } | ||
531 | |||
532 | #endif /* SMARTCARD */ | ||
diff --git a/scard.c b/scard.c deleted file mode 100644 index 9fd3ca1b4..000000000 --- a/scard.c +++ /dev/null | |||
@@ -1,571 +0,0 @@ | |||
1 | /* $OpenBSD: scard.c,v 1.36 2006/11/06 21:25:28 markus Exp $ */ | ||
2 | /* | ||
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
4 | * | ||
5 | * Redistribution and use in source and binary forms, with or without | ||
6 | * modification, are permitted provided that the following conditions | ||
7 | * are met: | ||
8 | * 1. Redistributions of source code must retain the above copyright | ||
9 | * notice, this list of conditions and the following disclaimer. | ||
10 | * 2. Redistributions in binary form must reproduce the above copyright | ||
11 | * notice, this list of conditions and the following disclaimer in the | ||
12 | * documentation and/or other materials provided with the distribution. | ||
13 | * | ||
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
24 | */ | ||
25 | |||
26 | #include "includes.h" | ||
27 | #if defined(SMARTCARD) && defined(USE_SECTOK) | ||
28 | |||
29 | #include <sys/types.h> | ||
30 | |||
31 | #include <sectok.h> | ||
32 | #include <stdarg.h> | ||
33 | #include <string.h> | ||
34 | |||
35 | #include <openssl/evp.h> | ||
36 | |||
37 | #include "xmalloc.h" | ||
38 | #include "key.h" | ||
39 | #include "log.h" | ||
40 | #include "misc.h" | ||
41 | #include "scard.h" | ||
42 | |||
43 | #if OPENSSL_VERSION_NUMBER < 0x00907000L | ||
44 | #define USE_ENGINE | ||
45 | #define RSA_get_default_method RSA_get_default_openssl_method | ||
46 | #else | ||
47 | #endif | ||
48 | |||
49 | #ifdef USE_ENGINE | ||
50 | #include <openssl/engine.h> | ||
51 | #define sc_get_rsa sc_get_engine | ||
52 | #else | ||
53 | #define sc_get_rsa sc_get_rsa_method | ||
54 | #endif | ||
55 | |||
56 | #define CLA_SSH 0x05 | ||
57 | #define INS_DECRYPT 0x10 | ||
58 | #define INS_GET_KEYLENGTH 0x20 | ||
59 | #define INS_GET_PUBKEY 0x30 | ||
60 | #define INS_GET_RESPONSE 0xc0 | ||
61 | |||
62 | #define MAX_BUF_SIZE 256 | ||
63 | |||
64 | u_char DEFAUT0[] = {0xad, 0x9f, 0x61, 0xfe, 0xfa, 0x20, 0xce, 0x63}; | ||
65 | |||
66 | static int sc_fd = -1; | ||
67 | static char *sc_reader_id = NULL; | ||
68 | static char *sc_pin = NULL; | ||
69 | static int cla = 0x00; /* class */ | ||
70 | |||
71 | static void sc_mk_digest(const char *pin, u_char *digest); | ||
72 | static int get_AUT0(u_char *aut0); | ||
73 | static int try_AUT0(void); | ||
74 | |||
75 | /* interface to libsectok */ | ||
76 | |||
77 | static int | ||
78 | sc_open(void) | ||
79 | { | ||
80 | int sw; | ||
81 | |||
82 | if (sc_fd >= 0) | ||
83 | return sc_fd; | ||
84 | |||
85 | sc_fd = sectok_friendly_open(sc_reader_id, STONOWAIT, &sw); | ||
86 | if (sc_fd < 0) { | ||
87 | error("sectok_open failed: %s", sectok_get_sw(sw)); | ||
88 | return SCARD_ERROR_FAIL; | ||
89 | } | ||
90 | if (! sectok_cardpresent(sc_fd)) { | ||
91 | debug("smartcard in reader %s not present, skipping", | ||
92 | sc_reader_id); | ||
93 | sc_close(); | ||
94 | return SCARD_ERROR_NOCARD; | ||
95 | } | ||
96 | if (sectok_reset(sc_fd, 0, NULL, &sw) <= 0) { | ||
97 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | ||
98 | sc_fd = -1; | ||
99 | return SCARD_ERROR_FAIL; | ||
100 | } | ||
101 | if ((cla = cyberflex_inq_class(sc_fd)) < 0) | ||
102 | cla = 0; | ||
103 | |||
104 | debug("sc_open ok %d", sc_fd); | ||
105 | return sc_fd; | ||
106 | } | ||
107 | |||
108 | static int | ||
109 | sc_enable_applet(void) | ||
110 | { | ||
111 | static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e}; | ||
112 | int sw = 0; | ||
113 | |||
114 | /* select applet id */ | ||
115 | sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, sizeof aid, aid, 0, NULL, &sw); | ||
116 | if (!sectok_swOK(sw)) { | ||
117 | error("sectok_apdu failed: %s", sectok_get_sw(sw)); | ||
118 | sc_close(); | ||
119 | return -1; | ||
120 | } | ||
121 | return 0; | ||
122 | } | ||
123 | |||
124 | static int | ||
125 | sc_init(void) | ||
126 | { | ||
127 | int status; | ||
128 | |||
129 | status = sc_open(); | ||
130 | if (status == SCARD_ERROR_NOCARD) { | ||
131 | return SCARD_ERROR_NOCARD; | ||
132 | } | ||
133 | if (status < 0) { | ||
134 | error("sc_open failed"); | ||
135 | return status; | ||
136 | } | ||
137 | if (sc_enable_applet() < 0) { | ||
138 | error("sc_enable_applet failed"); | ||
139 | return SCARD_ERROR_APPLET; | ||
140 | } | ||
141 | return 0; | ||
142 | } | ||
143 | |||
144 | static int | ||
145 | sc_read_pubkey(Key * k) | ||
146 | { | ||
147 | u_char buf[2], *n; | ||
148 | char *p; | ||
149 | int len, sw, status = -1; | ||
150 | |||
151 | len = sw = 0; | ||
152 | n = NULL; | ||
153 | |||
154 | if (sc_fd < 0) { | ||
155 | if (sc_init() < 0) | ||
156 | goto err; | ||
157 | } | ||
158 | |||
159 | /* get key size */ | ||
160 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, | ||
161 | sizeof(buf), buf, &sw); | ||
162 | if (!sectok_swOK(sw)) { | ||
163 | error("could not obtain key length: %s", sectok_get_sw(sw)); | ||
164 | goto err; | ||
165 | } | ||
166 | len = (buf[0] << 8) | buf[1]; | ||
167 | len /= 8; | ||
168 | debug("INS_GET_KEYLENGTH: len %d sw %s", len, sectok_get_sw(sw)); | ||
169 | |||
170 | n = xmalloc(len); | ||
171 | /* get n */ | ||
172 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); | ||
173 | |||
174 | if (sw == 0x6982) { | ||
175 | if (try_AUT0() < 0) | ||
176 | goto err; | ||
177 | sectok_apdu(sc_fd, CLA_SSH, INS_GET_PUBKEY, 0, 0, 0, NULL, len, n, &sw); | ||
178 | } | ||
179 | if (!sectok_swOK(sw)) { | ||
180 | error("could not obtain public key: %s", sectok_get_sw(sw)); | ||
181 | goto err; | ||
182 | } | ||
183 | |||
184 | debug("INS_GET_KEYLENGTH: sw %s", sectok_get_sw(sw)); | ||
185 | |||
186 | if (BN_bin2bn(n, len, k->rsa->n) == NULL) { | ||
187 | error("c_read_pubkey: BN_bin2bn failed"); | ||
188 | goto err; | ||
189 | } | ||
190 | |||
191 | /* currently the java applet just stores 'n' */ | ||
192 | if (!BN_set_word(k->rsa->e, 35)) { | ||
193 | error("c_read_pubkey: BN_set_word(e, 35) failed"); | ||
194 | goto err; | ||
195 | } | ||
196 | |||
197 | status = 0; | ||
198 | p = key_fingerprint(k, SSH_FP_MD5, SSH_FP_HEX); | ||
199 | debug("fingerprint %u %s", key_size(k), p); | ||
200 | xfree(p); | ||
201 | |||
202 | err: | ||
203 | if (n != NULL) | ||
204 | xfree(n); | ||
205 | sc_close(); | ||
206 | return status; | ||
207 | } | ||
208 | |||
209 | /* private key operations */ | ||
210 | |||
211 | static int | ||
212 | sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, | ||
213 | int padding) | ||
214 | { | ||
215 | u_char *padded = NULL; | ||
216 | int sw, len, olen, status = -1; | ||
217 | |||
218 | debug("sc_private_decrypt called"); | ||
219 | |||
220 | olen = len = sw = 0; | ||
221 | if (sc_fd < 0) { | ||
222 | status = sc_init(); | ||
223 | if (status < 0) | ||
224 | goto err; | ||
225 | } | ||
226 | if (padding != RSA_PKCS1_PADDING) | ||
227 | goto err; | ||
228 | |||
229 | len = BN_num_bytes(rsa->n); | ||
230 | padded = xmalloc(len); | ||
231 | |||
232 | sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw); | ||
233 | |||
234 | if (sw == 0x6982) { | ||
235 | if (try_AUT0() < 0) | ||
236 | goto err; | ||
237 | sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, from, len, padded, &sw); | ||
238 | } | ||
239 | if (!sectok_swOK(sw)) { | ||
240 | error("sc_private_decrypt: INS_DECRYPT failed: %s", | ||
241 | sectok_get_sw(sw)); | ||
242 | goto err; | ||
243 | } | ||
244 | olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, | ||
245 | len); | ||
246 | err: | ||
247 | if (padded) | ||
248 | xfree(padded); | ||
249 | sc_close(); | ||
250 | return (olen >= 0 ? olen : status); | ||
251 | } | ||
252 | |||
253 | static int | ||
254 | sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, | ||
255 | int padding) | ||
256 | { | ||
257 | u_char *padded = NULL; | ||
258 | int sw, len, status = -1; | ||
259 | |||
260 | len = sw = 0; | ||
261 | if (sc_fd < 0) { | ||
262 | status = sc_init(); | ||
263 | if (status < 0) | ||
264 | goto err; | ||
265 | } | ||
266 | if (padding != RSA_PKCS1_PADDING) | ||
267 | goto err; | ||
268 | |||
269 | debug("sc_private_encrypt called"); | ||
270 | len = BN_num_bytes(rsa->n); | ||
271 | padded = xmalloc(len); | ||
272 | |||
273 | if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) { | ||
274 | error("RSA_padding_add_PKCS1_type_1 failed"); | ||
275 | goto err; | ||
276 | } | ||
277 | sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); | ||
278 | if (sw == 0x6982) { | ||
279 | if (try_AUT0() < 0) | ||
280 | goto err; | ||
281 | sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); | ||
282 | } | ||
283 | if (!sectok_swOK(sw)) { | ||
284 | error("sc_private_encrypt: INS_DECRYPT failed: %s", | ||
285 | sectok_get_sw(sw)); | ||
286 | goto err; | ||
287 | } | ||
288 | err: | ||
289 | if (padded) | ||
290 | xfree(padded); | ||
291 | sc_close(); | ||
292 | return (len >= 0 ? len : status); | ||
293 | } | ||
294 | |||
295 | /* called on free */ | ||
296 | |||
297 | static int (*orig_finish)(RSA *rsa) = NULL; | ||
298 | |||
299 | static int | ||
300 | sc_finish(RSA *rsa) | ||
301 | { | ||
302 | if (orig_finish) | ||
303 | orig_finish(rsa); | ||
304 | sc_close(); | ||
305 | return 1; | ||
306 | } | ||
307 | |||
308 | /* engine for overloading private key operations */ | ||
309 | |||
310 | static RSA_METHOD * | ||
311 | sc_get_rsa_method(void) | ||
312 | { | ||
313 | static RSA_METHOD smart_rsa; | ||
314 | const RSA_METHOD *def = RSA_get_default_method(); | ||
315 | |||
316 | /* use the OpenSSL version */ | ||
317 | memcpy(&smart_rsa, def, sizeof(smart_rsa)); | ||
318 | |||
319 | smart_rsa.name = "sectok"; | ||
320 | |||
321 | /* overload */ | ||
322 | smart_rsa.rsa_priv_enc = sc_private_encrypt; | ||
323 | smart_rsa.rsa_priv_dec = sc_private_decrypt; | ||
324 | |||
325 | /* save original */ | ||
326 | orig_finish = def->finish; | ||
327 | smart_rsa.finish = sc_finish; | ||
328 | |||
329 | return &smart_rsa; | ||
330 | } | ||
331 | |||
332 | #ifdef USE_ENGINE | ||
333 | static ENGINE * | ||
334 | sc_get_engine(void) | ||
335 | { | ||
336 | static ENGINE *smart_engine = NULL; | ||
337 | |||
338 | if ((smart_engine = ENGINE_new()) == NULL) | ||
339 | fatal("ENGINE_new failed"); | ||
340 | |||
341 | ENGINE_set_id(smart_engine, "sectok"); | ||
342 | ENGINE_set_name(smart_engine, "libsectok"); | ||
343 | |||
344 | ENGINE_set_RSA(smart_engine, sc_get_rsa_method()); | ||
345 | ENGINE_set_DSA(smart_engine, DSA_get_default_openssl_method()); | ||
346 | ENGINE_set_DH(smart_engine, DH_get_default_openssl_method()); | ||
347 | ENGINE_set_RAND(smart_engine, RAND_SSLeay()); | ||
348 | ENGINE_set_BN_mod_exp(smart_engine, BN_mod_exp); | ||
349 | |||
350 | return smart_engine; | ||
351 | } | ||
352 | #endif | ||
353 | |||
354 | void | ||
355 | sc_close(void) | ||
356 | { | ||
357 | if (sc_fd >= 0) { | ||
358 | sectok_close(sc_fd); | ||
359 | sc_fd = -1; | ||
360 | } | ||
361 | } | ||
362 | |||
363 | Key ** | ||
364 | sc_get_keys(const char *id, const char *pin) | ||
365 | { | ||
366 | Key *k, *n, **keys; | ||
367 | int status, nkeys = 2; | ||
368 | |||
369 | if (sc_reader_id != NULL) | ||
370 | xfree(sc_reader_id); | ||
371 | sc_reader_id = xstrdup(id); | ||
372 | |||
373 | if (sc_pin != NULL) | ||
374 | xfree(sc_pin); | ||
375 | sc_pin = (pin == NULL) ? NULL : xstrdup(pin); | ||
376 | |||
377 | k = key_new(KEY_RSA); | ||
378 | if (k == NULL) { | ||
379 | return NULL; | ||
380 | } | ||
381 | status = sc_read_pubkey(k); | ||
382 | if (status == SCARD_ERROR_NOCARD) { | ||
383 | key_free(k); | ||
384 | return NULL; | ||
385 | } | ||
386 | if (status < 0) { | ||
387 | error("sc_read_pubkey failed"); | ||
388 | key_free(k); | ||
389 | return NULL; | ||
390 | } | ||
391 | keys = xcalloc((nkeys+1), sizeof(Key *)); | ||
392 | |||
393 | n = key_new(KEY_RSA1); | ||
394 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || | ||
395 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) | ||
396 | fatal("sc_get_keys: BN_copy failed"); | ||
397 | RSA_set_method(n->rsa, sc_get_rsa()); | ||
398 | n->flags |= KEY_FLAG_EXT; | ||
399 | keys[0] = n; | ||
400 | |||
401 | n = key_new(KEY_RSA); | ||
402 | if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || | ||
403 | (BN_copy(n->rsa->e, k->rsa->e) == NULL)) | ||
404 | fatal("sc_get_keys: BN_copy failed"); | ||
405 | RSA_set_method(n->rsa, sc_get_rsa()); | ||
406 | n->flags |= KEY_FLAG_EXT; | ||
407 | keys[1] = n; | ||
408 | |||
409 | keys[2] = NULL; | ||
410 | |||
411 | key_free(k); | ||
412 | return keys; | ||
413 | } | ||
414 | |||
415 | #define NUM_RSA_KEY_ELEMENTS 5+1 | ||
416 | #define COPY_RSA_KEY(x, i) \ | ||
417 | do { \ | ||
418 | len = BN_num_bytes(prv->rsa->x); \ | ||
419 | elements[i] = xmalloc(len); \ | ||
420 | debug("#bytes %d", len); \ | ||
421 | if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \ | ||
422 | goto done; \ | ||
423 | } while (0) | ||
424 | |||
425 | static void | ||
426 | sc_mk_digest(const char *pin, u_char *digest) | ||
427 | { | ||
428 | const EVP_MD *evp_md = EVP_sha1(); | ||
429 | EVP_MD_CTX md; | ||
430 | |||
431 | EVP_DigestInit(&md, evp_md); | ||
432 | EVP_DigestUpdate(&md, pin, strlen(pin)); | ||
433 | EVP_DigestFinal(&md, digest, NULL); | ||
434 | } | ||
435 | |||
436 | static int | ||
437 | get_AUT0(u_char *aut0) | ||
438 | { | ||
439 | char *pass; | ||
440 | |||
441 | pass = read_passphrase("Enter passphrase for smartcard: ", RP_ALLOW_STDIN); | ||
442 | if (pass == NULL) | ||
443 | return -1; | ||
444 | if (!strcmp(pass, "-")) { | ||
445 | memcpy(aut0, DEFAUT0, sizeof DEFAUT0); | ||
446 | return 0; | ||
447 | } | ||
448 | sc_mk_digest(pass, aut0); | ||
449 | memset(pass, 0, strlen(pass)); | ||
450 | xfree(pass); | ||
451 | return 0; | ||
452 | } | ||
453 | |||
454 | static int | ||
455 | try_AUT0(void) | ||
456 | { | ||
457 | u_char aut0[EVP_MAX_MD_SIZE]; | ||
458 | |||
459 | /* permission denied; try PIN if provided */ | ||
460 | if (sc_pin && strlen(sc_pin) > 0) { | ||
461 | sc_mk_digest(sc_pin, aut0); | ||
462 | if (cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
463 | error("smartcard passphrase incorrect"); | ||
464 | return (-1); | ||
465 | } | ||
466 | } else { | ||
467 | /* try default AUT0 key */ | ||
468 | if (cyberflex_verify_AUT0(sc_fd, cla, DEFAUT0, 8) < 0) { | ||
469 | /* default AUT0 key failed; prompt for passphrase */ | ||
470 | if (get_AUT0(aut0) < 0 || | ||
471 | cyberflex_verify_AUT0(sc_fd, cla, aut0, 8) < 0) { | ||
472 | error("smartcard passphrase incorrect"); | ||
473 | return (-1); | ||
474 | } | ||
475 | } | ||
476 | } | ||
477 | return (0); | ||
478 | } | ||
479 | |||
480 | int | ||
481 | sc_put_key(Key *prv, const char *id) | ||
482 | { | ||
483 | u_char *elements[NUM_RSA_KEY_ELEMENTS]; | ||
484 | u_char key_fid[2]; | ||
485 | u_char AUT0[EVP_MAX_MD_SIZE]; | ||
486 | int len, status = -1, i, fd = -1, ret; | ||
487 | int sw = 0, cla = 0x00; | ||
488 | |||
489 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
490 | elements[i] = NULL; | ||
491 | |||
492 | COPY_RSA_KEY(q, 0); | ||
493 | COPY_RSA_KEY(p, 1); | ||
494 | COPY_RSA_KEY(iqmp, 2); | ||
495 | COPY_RSA_KEY(dmq1, 3); | ||
496 | COPY_RSA_KEY(dmp1, 4); | ||
497 | COPY_RSA_KEY(n, 5); | ||
498 | len = BN_num_bytes(prv->rsa->n); | ||
499 | fd = sectok_friendly_open(id, STONOWAIT, &sw); | ||
500 | if (fd < 0) { | ||
501 | error("sectok_open failed: %s", sectok_get_sw(sw)); | ||
502 | goto done; | ||
503 | } | ||
504 | if (! sectok_cardpresent(fd)) { | ||
505 | error("smartcard in reader %s not present", id); | ||
506 | goto done; | ||
507 | } | ||
508 | ret = sectok_reset(fd, 0, NULL, &sw); | ||
509 | if (ret <= 0) { | ||
510 | error("sectok_reset failed: %s", sectok_get_sw(sw)); | ||
511 | goto done; | ||
512 | } | ||
513 | if ((cla = cyberflex_inq_class(fd)) < 0) { | ||
514 | error("cyberflex_inq_class failed"); | ||
515 | goto done; | ||
516 | } | ||
517 | memcpy(AUT0, DEFAUT0, sizeof(DEFAUT0)); | ||
518 | if (cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { | ||
519 | if (get_AUT0(AUT0) < 0 || | ||
520 | cyberflex_verify_AUT0(fd, cla, AUT0, sizeof(DEFAUT0)) < 0) { | ||
521 | memset(AUT0, 0, sizeof(DEFAUT0)); | ||
522 | error("smartcard passphrase incorrect"); | ||
523 | goto done; | ||
524 | } | ||
525 | } | ||
526 | memset(AUT0, 0, sizeof(DEFAUT0)); | ||
527 | key_fid[0] = 0x00; | ||
528 | key_fid[1] = 0x12; | ||
529 | if (cyberflex_load_rsa_priv(fd, cla, key_fid, 5, 8*len, elements, | ||
530 | &sw) < 0) { | ||
531 | error("cyberflex_load_rsa_priv failed: %s", sectok_get_sw(sw)); | ||
532 | goto done; | ||
533 | } | ||
534 | if (!sectok_swOK(sw)) | ||
535 | goto done; | ||
536 | logit("cyberflex_load_rsa_priv done"); | ||
537 | key_fid[0] = 0x73; | ||
538 | key_fid[1] = 0x68; | ||
539 | if (cyberflex_load_rsa_pub(fd, cla, key_fid, len, elements[5], | ||
540 | &sw) < 0) { | ||
541 | error("cyberflex_load_rsa_pub failed: %s", sectok_get_sw(sw)); | ||
542 | goto done; | ||
543 | } | ||
544 | if (!sectok_swOK(sw)) | ||
545 | goto done; | ||
546 | logit("cyberflex_load_rsa_pub done"); | ||
547 | status = 0; | ||
548 | |||
549 | done: | ||
550 | memset(elements[0], '\0', BN_num_bytes(prv->rsa->q)); | ||
551 | memset(elements[1], '\0', BN_num_bytes(prv->rsa->p)); | ||
552 | memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp)); | ||
553 | memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1)); | ||
554 | memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1)); | ||
555 | memset(elements[5], '\0', BN_num_bytes(prv->rsa->n)); | ||
556 | |||
557 | for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) | ||
558 | if (elements[i]) | ||
559 | xfree(elements[i]); | ||
560 | if (fd != -1) | ||
561 | sectok_close(fd); | ||
562 | return (status); | ||
563 | } | ||
564 | |||
565 | char * | ||
566 | sc_get_key_label(Key *key) | ||
567 | { | ||
568 | return xstrdup("smartcard key"); | ||
569 | } | ||
570 | |||
571 | #endif /* SMARTCARD && USE_SECTOK */ | ||
diff --git a/scard.h b/scard.h deleted file mode 100644 index 82efe4839..000000000 --- a/scard.h +++ /dev/null | |||
@@ -1,39 +0,0 @@ | |||
1 | /* $OpenBSD: scard.h,v 1.14 2006/08/03 03:34:42 deraadt Exp $ */ | ||
2 | |||
3 | /* | ||
4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | ||
5 | * | ||
6 | * Redistribution and use in source and binary forms, with or without | ||
7 | * modification, are permitted provided that the following conditions | ||
8 | * are met: | ||
9 | * 1. Redistributions of source code must retain the above copyright | ||
10 | * notice, this list of conditions and the following disclaimer. | ||
11 | * 2. Redistributions in binary form must reproduce the above copyright | ||
12 | * notice, this list of conditions and the following disclaimer in the | ||
13 | * documentation and/or other materials provided with the distribution. | ||
14 | * | ||
15 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | ||
16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | ||
17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | ||
18 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | ||
19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||
24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
25 | */ | ||
26 | |||
27 | #ifndef SCARD_H | ||
28 | #define SCARD_H | ||
29 | |||
30 | #define SCARD_ERROR_FAIL -1 | ||
31 | #define SCARD_ERROR_NOCARD -2 | ||
32 | #define SCARD_ERROR_APPLET -3 | ||
33 | |||
34 | Key **sc_get_keys(const char *, const char *); | ||
35 | void sc_close(void); | ||
36 | int sc_put_key(Key *, const char *); | ||
37 | char *sc_get_key_label(Key *); | ||
38 | |||
39 | #endif | ||
diff --git a/scard/Makefile.in b/scard/Makefile.in deleted file mode 100644 index 8519e208b..000000000 --- a/scard/Makefile.in +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | # $Id: Makefile.in,v 1.5 2006/10/23 21:44:47 tim Exp $ | ||
2 | |||
3 | prefix=@prefix@ | ||
4 | datadir=@datadir@ | ||
5 | datarootdir=@datarootdir@ | ||
6 | srcdir=@srcdir@ | ||
7 | top_srcdir=@top_srcdir@ | ||
8 | |||
9 | INSTALL=@INSTALL@ | ||
10 | |||
11 | VPATH=@srcdir@ | ||
12 | |||
13 | all: | ||
14 | |||
15 | #Ssh.bin: Ssh.bin.uu | ||
16 | # uudecode Ssh.bin.uu | ||
17 | |||
18 | clean: | ||
19 | # rm -rf Ssh.bin | ||
20 | |||
21 | distprep: | ||
22 | uudecode Ssh.bin.uu | ||
23 | |||
24 | distclean: clean | ||
25 | rm -f Makefile *~ | ||
26 | |||
27 | install: $(srcdir)/Ssh.bin | ||
28 | $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir) | ||
29 | $(INSTALL) -m 0644 $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin | ||
diff --git a/scard/Ssh.bin.uu b/scard/Ssh.bin.uu deleted file mode 100644 index ea3986a69..000000000 --- a/scard/Ssh.bin.uu +++ /dev/null | |||
@@ -1,17 +0,0 @@ | |||
1 | begin 644 Ssh.bin | ||
2 | M`P)!&P`801X`>``!`E@"`/Y@\`4`_J'P!0!!&T$=`?Z@\`4`01M!'`'^>/,! | ||
3 | M`4$;01X!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$;L`4`_F'3``#^8=,% | ||
4 | M`/ZAT`$!_J#0)P'^H],*`?ZCTPD`_G/5"P7^8=,'`OZAT`H`_J#0$@3^:-,@ | ||
5 | M`T$;`P`%`/Y@`<P``$$<\@\``$$=\B$``$$>\A```/`0__(%`@8!`0H``&`` | ||
6 | M0205!!D)I$L`"0J0`&``*!4$&58``````.P````%____P````.D````0```` | ||
7 | M,P```"````#'````,````(T````R````V!4#&0A*``D*;@!@`"@5!QD*`/\] | ||
8 | M(6``1A)*``D*9P!@`"@*/P!@`$LK"1)@`$LK!6``4!P$#00#2@`.#01@`%5@ | ||
9 | M`%I@`"@37``>%0@2%0A>`%\($F``9%(`:`H_`&``2RL*<VA@`$LK8`!I"1`U | ||
10 | M(14#`Q)@`&X<!`T$`TL`"P,28`!D4@`.#01@`%5@`%I@`"A2`"X5`PH$`&`` | ||
11 | M<RL#!6``9%(`'14#"@$"8`!S*P,%8`!D4@`,4@`)"FT`8``H60``\`+_\@$! | ||
12 | M`0D`"```"I``8``H60#P$__R`0$""0`,``!B01LM7P`\*UD```#P$O_V`0$# | ||
13 | M`0`8```37``>7@`R10`/$UP`'@H`R`D07@`W!%>P!?_R`0$$`@`\```37P`` | ||
14 | M$V+^H2U?``5=``H38OZ@+5\`#UT`%!-B_G@M"@0`7P`970`>"@0`8``C10`) | ||
15 | /"F<`8``H$UX`+5D````` | ||
16 | ` | ||
17 | end | ||
diff --git a/scard/Ssh.java b/scard/Ssh.java deleted file mode 100644 index 6418957c2..000000000 --- a/scard/Ssh.java +++ /dev/null | |||
@@ -1,164 +0,0 @@ | |||
1 | // $Id: Ssh.java,v 1.3 2002/05/22 04:24:02 djm Exp $ | ||
2 | // | ||
3 | // Ssh.java | ||
4 | // SSH / smartcard integration project, smartcard side | ||
5 | // | ||
6 | // Tomoko Fukuzawa, created, Feb., 2000 | ||
7 | // | ||
8 | // Naomaru Itoi, modified, Apr., 2000 | ||
9 | // | ||
10 | |||
11 | // copyright 2000 | ||
12 | // the regents of the university of michigan | ||
13 | // all rights reserved | ||
14 | // | ||
15 | // permission is granted to use, copy, create derivative works | ||
16 | // and redistribute this software and such derivative works | ||
17 | // for any purpose, so long as the name of the university of | ||
18 | // michigan is not used in any advertising or publicity | ||
19 | // pertaining to the use or distribution of this software | ||
20 | // without specific, written prior authorization. if the | ||
21 | // above copyright notice or any other identification of the | ||
22 | // university of michigan is included in any copy of any | ||
23 | // portion of this software, then the disclaimer below must | ||
24 | // also be included. | ||
25 | // | ||
26 | // this software is provided as is, without representation | ||
27 | // from the university of michigan as to its fitness for any | ||
28 | // purpose, and without warranty by the university of | ||
29 | // michigan of any kind, either express or implied, including | ||
30 | // without limitation the implied warranties of | ||
31 | // merchantability and fitness for a particular purpose. the | ||
32 | // regents of the university of michigan shall not be liable | ||
33 | // for any damages, including special, indirect, incidental, or | ||
34 | // consequential damages, with respect to any claim arising | ||
35 | // out of or in connection with the use of the software, even | ||
36 | // if it has been or is hereafter advised of the possibility of | ||
37 | // such damages. | ||
38 | |||
39 | import javacard.framework.*; | ||
40 | import javacardx.framework.*; | ||
41 | import javacardx.crypto.*; | ||
42 | |||
43 | public class Ssh extends javacard.framework.Applet | ||
44 | { | ||
45 | // Change this when the applet changes; hi byte is major, low byte is minor | ||
46 | static final short applet_version = (short)0x0102; | ||
47 | |||
48 | /* constants declaration */ | ||
49 | // code of CLA byte in the command APDU header | ||
50 | static final byte Ssh_CLA =(byte)0x05; | ||
51 | |||
52 | // codes of INS byte in the command APDU header | ||
53 | static final byte DECRYPT = (byte) 0x10; | ||
54 | static final byte GET_KEYLENGTH = (byte) 0x20; | ||
55 | static final byte GET_PUBKEY = (byte) 0x30; | ||
56 | static final byte GET_VERSION = (byte) 0x32; | ||
57 | static final byte GET_RESPONSE = (byte) 0xc0; | ||
58 | |||
59 | static final short keysize = 1024; | ||
60 | static final short root_fid = (short)0x3f00; | ||
61 | static final short privkey_fid = (short)0x0012; | ||
62 | static final short pubkey_fid = (short)(('s'<<8)|'h'); | ||
63 | |||
64 | /* instance variables declaration */ | ||
65 | AsymKey rsakey; | ||
66 | CyberflexFile file; | ||
67 | CyberflexOS os; | ||
68 | |||
69 | private Ssh() | ||
70 | { | ||
71 | file = new CyberflexFile(); | ||
72 | os = new CyberflexOS(); | ||
73 | |||
74 | rsakey = new RSA_CRT_PrivateKey (keysize); | ||
75 | |||
76 | if ( ! rsakey.isSupportedLength (keysize) ) | ||
77 | ISOException.throwIt (ISO.SW_WRONG_LENGTH); | ||
78 | |||
79 | register(); | ||
80 | } // end of the constructor | ||
81 | |||
82 | public boolean select() { | ||
83 | if (!rsakey.isInitialized()) | ||
84 | rsakey.setKeyInstance ((short)0xc8, (short)0x10); | ||
85 | |||
86 | return true; | ||
87 | } | ||
88 | |||
89 | public static void install(APDU apdu) | ||
90 | { | ||
91 | new Ssh(); // create a Ssh applet instance (card) | ||
92 | } // end of install method | ||
93 | |||
94 | public static void main(String args[]) { | ||
95 | ISOException.throwIt((short) 0x9000); | ||
96 | } | ||
97 | |||
98 | public void process(APDU apdu) | ||
99 | { | ||
100 | // APDU object carries a byte array (buffer) to | ||
101 | // transfer incoming and outgoing APDU header | ||
102 | // and data bytes between card and CAD | ||
103 | byte buffer[] = apdu.getBuffer(); | ||
104 | short size, st; | ||
105 | |||
106 | // verify that if the applet can accept this | ||
107 | // APDU message | ||
108 | // NI: change suggested by Wayne Dyksen, Purdue | ||
109 | if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT) | ||
110 | ISOException.throwIt(ISO.SW_NO_ERROR); | ||
111 | |||
112 | switch (buffer[ISO.OFFSET_INS]) { | ||
113 | case DECRYPT: | ||
114 | if (buffer[ISO.OFFSET_CLA] != Ssh_CLA) | ||
115 | ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED); | ||
116 | //decrypt (apdu); | ||
117 | size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF); | ||
118 | |||
119 | if (apdu.setIncomingAndReceive() != size) | ||
120 | ISOException.throwIt (ISO.SW_WRONG_LENGTH); | ||
121 | |||
122 | // check access; depends on bit 2 (x/a) | ||
123 | file.selectFile(root_fid); | ||
124 | file.selectFile(privkey_fid); | ||
125 | st = os.checkAccess(ACL.EXECUTE); | ||
126 | if (st != ST.ACCESS_CLEARED) { | ||
127 | CyberflexAPDU.prepareSW1SW2(st); | ||
128 | ISOException.throwIt(CyberflexAPDU.getSW1SW2()); | ||
129 | } | ||
130 | |||
131 | rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, | ||
132 | buffer, (short) ISO.OFFSET_CDATA); | ||
133 | |||
134 | apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size); | ||
135 | break; | ||
136 | case GET_PUBKEY: | ||
137 | file.selectFile(root_fid); // select root | ||
138 | file.selectFile(pubkey_fid); // select public key file | ||
139 | size = (short)(file.getFileSize() - 16); | ||
140 | st = os.readBinaryFile(buffer, (short)0, (short)0, size); | ||
141 | if (st == ST.SUCCESS) | ||
142 | apdu.setOutgoingAndSend((short)0, size); | ||
143 | else { | ||
144 | CyberflexAPDU.prepareSW1SW2(st); | ||
145 | ISOException.throwIt(CyberflexAPDU.getSW1SW2()); | ||
146 | } | ||
147 | break; | ||
148 | case GET_KEYLENGTH: | ||
149 | Util.setShort(buffer, (short)0, keysize); | ||
150 | apdu.setOutgoingAndSend ((short)0, (short)2); | ||
151 | break; | ||
152 | case GET_VERSION: | ||
153 | Util.setShort(buffer, (short)0, applet_version); | ||
154 | apdu.setOutgoingAndSend ((short)0, (short)2); | ||
155 | break; | ||
156 | case GET_RESPONSE: | ||
157 | break; | ||
158 | default: | ||
159 | ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED); | ||
160 | } | ||
161 | |||
162 | } // end of process method | ||
163 | |||
164 | } // end of class Ssh | ||