summaryrefslogtreecommitdiff
path: root/scard.c
diff options
context:
space:
mode:
Diffstat (limited to 'scard.c')
-rw-r--r--scard.c68
1 files changed, 52 insertions, 16 deletions
diff --git a/scard.c b/scard.c
index 4f038ddac..721e021fb 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
24 24
25#ifdef SMARTCARD 25#ifdef SMARTCARD
26#include "includes.h" 26#include "includes.h"
27RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $"); 27RCSID("$OpenBSD: scard.c,v 1.5 2001/07/04 23:13:09 markus Exp $");
28 28
29#include <openssl/engine.h> 29#include <openssl/engine.h>
30#include <sectok.h> 30#include <sectok.h>
@@ -43,31 +43,31 @@ RCSID("$OpenBSD: scard.c,v 1.4 2001/07/02 22:40:17 markus Exp $");
43#define MAX_BUF_SIZE 256 43#define MAX_BUF_SIZE 256
44 44
45static int sc_fd = -1; 45static int sc_fd = -1;
46static int sc_reader_num = 0; 46static int sc_reader_num = -1;
47static int cla = 0x00; /* class */ 47static int cla = 0x00; /* class */
48 48
49/* interface to libsectok */ 49/* interface to libsectok */
50 50
51static int 51static int
52sc_open(int num) 52sc_open(void)
53{ 53{
54 u_char atr[256]; 54 u_char atr[256];
55 int sw; 55 int sw;
56 56
57 if (sc_fd >= 0) 57 if (sc_fd >= 0)
58 return sc_fd; 58 return sc_fd;
59 sc_reader_num = num;
60 59
61 sc_fd = sectok_open(sc_reader_num, 0, NULL); 60 sc_fd = sectok_open(sc_reader_num, 0, &sw);
62 if (sc_fd < 0) { 61 if (sc_fd < 0) {
63 error("sectok_open failed %d", sc_fd); 62 error("sectok_open failed: %s", sectok_get_sw(sw));
64 return sc_fd; 63 return -1;
65 } 64 }
66 if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) { 65 if (sectok_reset(sc_fd, 0, atr, &sw) <= 0) {
67 error("sectok_reset failed: %s", sectok_get_sw(sw)); 66 error("sectok_reset failed: %s", sectok_get_sw(sw));
68 sc_fd = -1; 67 sc_fd = -1;
69 return sc_fd; 68 return sc_fd;
70 } 69 }
70
71 debug("sc_open ok %d", sc_fd); 71 debug("sc_open ok %d", sc_fd);
72 return sc_fd; 72 return sc_fd;
73} 73}
@@ -85,10 +85,12 @@ sc_enable_applet(void)
85 if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) { 85 if (sectok_selectfile(sc_fd, cla, root_fid, &sw) < 0) {
86 error("sectok_selectfile root_fid failed: %s", 86 error("sectok_selectfile root_fid failed: %s",
87 sectok_get_sw(sw)); 87 sectok_get_sw(sw));
88 sc_close();
88 return -1; 89 return -1;
89 } 90 }
90 if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) { 91 if (sectok_selectfile(sc_fd, cla, contID, &sw) < 0) {
91 error("sectok_selectfile failed: %s", sectok_get_sw(sw)); 92 error("sectok_selectfile failed: %s", sectok_get_sw(sw));
93 sc_close();
92 return -1; 94 return -1;
93 } 95 }
94 /* send appled id */ 96 /* send appled id */
@@ -98,6 +100,21 @@ sc_enable_applet(void)
98 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw); 100 sectok_apdu(sc_fd, cla, 0xa4, 0x04, 0, aid_len, aid, 0, NULL, &sw);
99 if (!sectok_swOK(sw)) { 101 if (!sectok_swOK(sw)) {
100 error("sectok_apdu failed: %s", sectok_get_sw(sw)); 102 error("sectok_apdu failed: %s", sectok_get_sw(sw));
103 sc_close();
104 return -1;
105 }
106 return 0;
107}
108
109static int
110sc_init(void)
111{
112 if (sc_open() < 0) {
113 error("sc_open failed");
114 return -1;
115 }
116 if (sc_enable_applet() < 0) {
117 error("sc_enable_applet failed");
101 return -1; 118 return -1;
102 } 119 }
103 return 0; 120 return 0;
@@ -112,11 +129,16 @@ sc_read_pubkey(Key * k)
112 129
113 len = sw = 0; 130 len = sw = 0;
114 131
132 if (sc_fd < 0)
133 if (sc_init() < 0)
134 return -1;
135
115 /* get key size */ 136 /* get key size */
116 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL, 137 sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
117 sizeof(buf), buf, &sw); 138 sizeof(buf), buf, &sw);
118 if (!sectok_swOK(sw)) { 139 if (!sectok_swOK(sw)) {
119 error("could not obtain key length: %s", sectok_get_sw(sw)); 140 error("could not obtain key length: %s", sectok_get_sw(sw));
141 sc_close();
120 return -1; 142 return -1;
121 } 143 }
122 len = (buf[0] << 8) | buf[1]; 144 len = (buf[0] << 8) | buf[1];
@@ -136,6 +158,7 @@ sc_read_pubkey(Key * k)
136 if (BN_bin2bn(n, len, k->rsa->n) == NULL) { 158 if (BN_bin2bn(n, len, k->rsa->n) == NULL) {
137 error("c_read_pubkey: BN_bin2bn failed"); 159 error("c_read_pubkey: BN_bin2bn failed");
138 xfree(n); 160 xfree(n);
161 sc_close();
139 return -1; 162 return -1;
140 } 163 }
141 xfree(n); 164 xfree(n);
@@ -164,6 +187,9 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
164 debug("sc_private_decrypt called"); 187 debug("sc_private_decrypt called");
165 188
166 olen = len = sw = 0; 189 olen = len = sw = 0;
190 if (sc_fd < 0)
191 if (sc_init() < 0)
192 goto err;
167 if (padding != RSA_PKCS1_PADDING) 193 if (padding != RSA_PKCS1_PADDING)
168 goto err; 194 goto err;
169 195
@@ -174,6 +200,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
174 if (!sectok_swOK(sw)) { 200 if (!sectok_swOK(sw)) {
175 error("sc_private_decrypt: INS_DECRYPT failed: %s", 201 error("sc_private_decrypt: INS_DECRYPT failed: %s",
176 sectok_get_sw(sw)); 202 sectok_get_sw(sw));
203 sc_close();
177 goto err; 204 goto err;
178 } 205 }
179 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 206 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -181,6 +208,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
181 if (!sectok_swOK(sw)) { 208 if (!sectok_swOK(sw)) {
182 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 209 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
183 sectok_get_sw(sw)); 210 sectok_get_sw(sw));
211 sc_close();
184 goto err; 212 goto err;
185 } 213 }
186 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1, 214 olen = RSA_padding_check_PKCS1_type_2(to, len, padded + 1, len - 1,
@@ -198,6 +226,9 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
198 int sw, len; 226 int sw, len;
199 227
200 len = sw = 0; 228 len = sw = 0;
229 if (sc_fd < 0)
230 if (sc_init() < 0)
231 goto err;
201 if (padding != RSA_PKCS1_PADDING) 232 if (padding != RSA_PKCS1_PADDING)
202 goto err; 233 goto err;
203 234
@@ -213,6 +244,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
213 if (!sectok_swOK(sw)) { 244 if (!sectok_swOK(sw)) {
214 error("sc_private_decrypt: INS_DECRYPT failed: %s", 245 error("sc_private_decrypt: INS_DECRYPT failed: %s",
215 sectok_get_sw(sw)); 246 sectok_get_sw(sw));
247 sc_close();
216 goto err; 248 goto err;
217 } 249 }
218 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL, 250 sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
@@ -220,6 +252,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
220 if (!sectok_swOK(sw)) { 252 if (!sectok_swOK(sw)) {
221 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s", 253 error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
222 sectok_get_sw(sw)); 254 sectok_get_sw(sw));
255 sc_close();
223 goto err; 256 goto err;
224 } 257 }
225err: 258err:
@@ -282,19 +315,21 @@ sc_get_engine(void)
282 return smart_engine; 315 return smart_engine;
283} 316}
284 317
318void
319sc_close(void)
320{
321 if (sc_fd >= 0) {
322 sectok_close(sc_fd);
323 sc_fd = -1;
324 }
325}
326
285Key * 327Key *
286sc_get_key(int sc_reader_num) 328sc_get_key(int num)
287{ 329{
288 Key *k; 330 Key *k;
289 331
290 if (sc_open(sc_reader_num) < 0) { 332 sc_reader_num = num;
291 error("sc_open failed");
292 return NULL;
293 }
294 if (sc_enable_applet() < 0) {
295 error("sc_enable_applet failed");
296 return NULL;
297 }
298 k = key_new(KEY_RSA); 333 k = key_new(KEY_RSA);
299 if (k == NULL) { 334 if (k == NULL) {
300 return NULL; 335 return NULL;
@@ -305,5 +340,6 @@ sc_get_key(int sc_reader_num)
305 return NULL; 340 return NULL;
306 } 341 }
307 return k; 342 return k;
343 sc_close();
308} 344}
309#endif 345#endif
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 12:49:11 +0000