1 files changed, 564 insertions, 0 deletions
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
new file mode 100644
index 000000000..f0192dcf1
--- /dev/null
+++ b/ssh-pkcs11.c
@@ -0,0 +1,564 @@
+/* $OpenBSD: ssh-pkcs11.c,v 1.4 2010/02/24 06:12:53 djm Exp $ */
+/*
+ * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+#ifdef ENABLE_PKCS11
+#include <sys/types.h>
+#ifdef HAVE_SYS_TIME_H
+# include <sys/time.h>
+#endif
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <dlfcn.h>
+#include "openbsd-compat/sys-queue.h"
+#define CRYPTOKI_COMPAT
+#include "pkcs11.h"
+#include "log.h"
+#include "misc.h"
+#include "key.h"
+#include "ssh-pkcs11.h"
+#include "xmalloc.h"
+struct pkcs11_slotinfo {
+        CK_TOKEN_INFO           token;
+        CK_SESSION_HANDLE       session;
+        int                     logged_in;
+};
+struct pkcs11_provider {
+        char                    *name;
+        void                    *handle;
+        CK_FUNCTION_LIST        *function_list;
+        CK_INFO                 info;
+        CK_ULONG                nslots;
+        CK_SLOT_ID              *slotlist;
+        struct pkcs11_slotinfo  *slotinfo;
+        int                     valid;
+        int                     refcount;
+        TAILQ_ENTRY(pkcs11_provider) next;
+};
+TAILQ_HEAD(, pkcs11_provider) pkcs11_providers;
+struct pkcs11_key {
+        struct pkcs11_provider  *provider;
+        CK_ULONG                slotidx;
+        int                     (*orig_finish)(RSA *rsa);
+        RSA_METHOD              rsa_method;
+        char                    *keyid;
+        int                     keyid_len;
+};
+int pkcs11_interactive = 0;
+int
+pkcs11_init(int interactive)
+{
+        pkcs11_interactive = interactive;
+        TAILQ_INIT(&pkcs11_providers);
+        return (0);
+}
+/*
+ * finalize a provider shared libarary, it's no longer usable.
+ * however, there might still be keys referencing this provider,
+ * so the actuall freeing of memory is handled by pkcs11_provider_unref().
+ * this is called when a provider gets unregistered.
+ */
+static void
+pkcs11_provider_finalize(struct pkcs11_provider *p)
+{
+        CK_RV rv;
+        CK_ULONG i;
+        debug("pkcs11_provider_finalize: %p refcount %d valid %d",
+            p, p->refcount, p->valid);
+        if (!p->valid)
+                return;
+        for (i = 0; i < p->nslots; i++) {
+                if (p->slotinfo[i].session &&
+                    (rv = p->function_list->C_CloseSession(
+                    p->slotinfo[i].session)) != CKR_OK)
+                        error("C_CloseSession failed: %lu", rv);
+        }
+        if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK)
+                error("C_Finalize failed: %lu", rv);
+        p->valid = 0;
+        p->function_list = NULL;
+        dlclose(p->handle);
+}
+/*
+ * remove a reference to the provider.
+ * called when a key gets destroyed or when the provider is unregistered.
+ */
+static void
+pkcs11_provider_unref(struct pkcs11_provider *p)
+{
+        debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
+        if (--p->refcount <= 0) {
+                if (p->valid)
+                        error("pkcs11_provider_unref: %p still valid", p);
+                xfree(p->slotlist);
+                xfree(p->slotinfo);
+                xfree(p);
+        }
+}
+/* unregister all providers, keys might still point to the providers */
+void
+pkcs11_terminate(void)
+{
+        struct pkcs11_provider *p;
+        while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) {
+                TAILQ_REMOVE(&pkcs11_providers, p, next);
+                pkcs11_provider_finalize(p);
+                pkcs11_provider_unref(p);
+        }
+}
+/* lookup provider by name */
+static struct pkcs11_provider *
+pkcs11_provider_lookup(char *provider_id)
+{
+        struct pkcs11_provider *p;
+        TAILQ_FOREACH(p, &pkcs11_providers, next) {
+                debug("check %p %s", p, p->name);
+                if (!strcmp(provider_id, p->name))
+                        return (p);
+        }
+        return (NULL);
+}
+/* unregister provider by name */
+int
+pkcs11_del_provider(char *provider_id)
+{
+        struct pkcs11_provider *p;
+        if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
+                TAILQ_REMOVE(&pkcs11_providers, p, next);
+                pkcs11_provider_finalize(p);
+                pkcs11_provider_unref(p);
+                return (0);
+        }
+        return (-1);
+}
+/* openssl callback for freeing an RSA key */
+static int
+pkcs11_rsa_finish(RSA *rsa)
+{
+        struct pkcs11_key       *k11;
+        int rv = -1;
+        if ((k11 = RSA_get_app_data(rsa)) != NULL) {
+                if (k11->orig_finish)
+                        rv = k11->orig_finish(rsa);
+                if (k11->provider)
+                        pkcs11_provider_unref(k11->provider);
+                if (k11->keyid)
+                        xfree(k11->keyid);
+                xfree(k11);
+        }
+        return (rv);
+}
+/* openssl callback doing the actual signing operation */
+static int
+pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+    int padding)
+{
+        struct pkcs11_key       *k11;
+        struct pkcs11_slotinfo  *si;
+        CK_FUNCTION_LIST        *f;
+        CK_OBJECT_HANDLE        obj;
+        CK_ULONG                tlen = 0, nfound = 0;
+        CK_RV                   rv;
+        CK_OBJECT_CLASS         private_key_class = CKO_PRIVATE_KEY;
+        CK_BBOOL                true_val = CK_TRUE;
+        CK_MECHANISM            mech = {
+                CKM_RSA_PKCS, NULL_PTR, 0
+        };
+        CK_ATTRIBUTE            key_filter[] = {
+                {CKA_CLASS, NULL, sizeof(private_key_class) },
+                {CKA_ID, NULL, 0},
+                {CKA_SIGN, NULL, sizeof(true_val) }
+        };
+        char                    *pin, prompt[1024];
+        int                     rval = -1;
+        /* some compilers complain about non-constant initializer so we
+           use NULL in CK_ATTRIBUTE above and set the values here */
+        key_filter[0].pValue = &private_key_class;
+        key_filter[2].pValue = &true_val;
+        if ((k11 = RSA_get_app_data(rsa)) == NULL) {
+                error("RSA_get_app_data failed for rsa %p", rsa);
+                return (-1);
+        }
+        if (!k11->provider || !k11->provider->valid) {
+                error("no pkcs11 (valid) provider for rsa %p", rsa);
+                return (-1);
+        }
+        f = k11->provider->function_list;
+        si = &k11->provider->slotinfo[k11->slotidx];
+        if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
+                if (!pkcs11_interactive) {
+                        error("need pin");
+                        return (-1);
+                }
+                snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
+                    si->token.label);
+                pin = read_passphrase(prompt, RP_ALLOW_EOF);
+                if (pin == NULL)
+                        return (-1);    /* bail out */
+                if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
+                    != CKR_OK) {
+                        xfree(pin);
+                        error("C_Login failed: %lu", rv);
+                        return (-1);
+                }
+                xfree(pin);
+                si->logged_in = 1;
+        }
+        key_filter[1].pValue = k11->keyid;
+        key_filter[1].ulValueLen = k11->keyid_len;
+        if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) {
+                error("C_FindObjectsInit failed: %lu", rv);
+                return (-1);
+        }
+        if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK ||
+            nfound != 1) {
+                error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
+        } else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
+                error("C_SignInit failed: %lu", rv);
+        } else {
+                /* XXX handle CKR_BUFFER_TOO_SMALL */
+                tlen = RSA_size(rsa);
+                rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
+                if (rv == CKR_OK) 
+                        rval = tlen;
+                else 
+                        error("C_Sign failed: %lu", rv);
+        }
+        if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
+                error("C_FindObjectsFinal failed: %lu", rv);
+        return (rval);
+}
+static int
+pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+    int padding)
+{
+        return (-1);
+}
+/* redirect private key operations for rsa key to pkcs11 token */
+static int
+pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
+    CK_ATTRIBUTE *keyid_attrib, RSA *rsa)
+{
+        struct pkcs11_key       *k11;
+        const RSA_METHOD        *def = RSA_get_default_method();
+        k11 = xcalloc(1, sizeof(*k11));
+        k11->provider = provider;
+        provider->refcount++;   /* provider referenced by RSA key */
+        k11->slotidx = slotidx;
+        /* identify key object on smartcard */
+        k11->keyid_len = keyid_attrib->ulValueLen;
+        k11->keyid = xmalloc(k11->keyid_len);
+        memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
+        k11->orig_finish = def->finish;
+        memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
+        k11->rsa_method.name = "pkcs11";
+        k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
+        k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
+        k11->rsa_method.finish = pkcs11_rsa_finish;
+        RSA_set_method(rsa, &k11->rsa_method);
+        RSA_set_app_data(rsa, k11);
+        return (0);
+}
+/* remove trailing spaces */
+static void
+rmspace(char *buf, size_t len)
+{
+        size_t i;
+        if (!len)
+                return;
+        for (i = len - 1;  i > 0; i--)
+                if (i == len - 1 || buf[i] == ' ')
+                        buf[i] = '\0';
+                else
+                        break;
+}
+/*
+ * open a pkcs11 session and login if required.
+ * if pin == NULL we delay login until key use
+ */
+static int
+pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
+{
+        CK_RV                   rv;
+        CK_FUNCTION_LIST        *f;
+        CK_SESSION_HANDLE       session;
+        int                     login_required;
+        f = p->function_list;
+        login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
+        if (pin && login_required && !strlen(pin)) {
+                error("pin required");
+                return (-1);
+        }
+        if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
+            CKF_SERIAL_SESSION, NULL, NULL, &session))
+            != CKR_OK) {
+                error("C_OpenSession failed: %lu", rv);
+                return (-1);
+        }
+        if (login_required && pin) {
+                if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin)))
+                    != CKR_OK) {
+                        error("C_Login failed: %lu", rv);
+                        if ((rv = f->C_CloseSession(session)) != CKR_OK)
+                                error("C_CloseSession failed: %lu", rv);
+                        return (-1);
+                }
+                p->slotinfo[slotidx].logged_in = 1;
+        }
+        p->slotinfo[slotidx].session = session;
+        return (0);
+}
+/*
+ * lookup public keys for token in slot identified by slotidx,
+ * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
+ * keysp points to an (possibly empty) array with *nkeys keys.
+ */
+static int
+pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, Key ***keysp,
+    int *nkeys)
+{
+        Key                     *key;
+        RSA                     *rsa;
+        int                     i;
+        CK_RV                   rv;
+        CK_OBJECT_HANDLE        obj;
+        CK_ULONG                nfound;
+        CK_SESSION_HANDLE       session;
+        CK_FUNCTION_LIST        *f;
+        CK_OBJECT_CLASS         pubkey_class = CKO_PUBLIC_KEY;
+        CK_ATTRIBUTE            pubkey_filter[] = {
+                { CKA_CLASS, NULL, sizeof(pubkey_class) }
+        };
+        CK_ATTRIBUTE            attribs[] = {
+                { CKA_ID, NULL, 0 },
+                { CKA_MODULUS, NULL, 0 },
+                { CKA_PUBLIC_EXPONENT, NULL, 0 }
+        };
+        /* some compilers complain about non-constant initializer so we
+           use NULL in CK_ATTRIBUTE above and set the value here */
+        pubkey_filter[0].pValue = &pubkey_class;
+        f = p->function_list;
+        session = p->slotinfo[slotidx].session;
+        /* setup a filter the looks for public keys */
+        if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) {
+                error("C_FindObjectsInit failed: %lu", rv);
+                return (-1);
+        }
+        while (1) {
+                /* XXX 3 attributes in attribs[] */
+                for (i = 0; i < 3; i++) {
+                        attribs[i].pValue = NULL;
+                        attribs[i].ulValueLen = 0;
+                }
+                if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK
+                    || nfound == 0)
+                        break;
+                /* found a key, so figure out size of the attributes */
+                if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
+                    != CKR_OK) {
+                        error("C_GetAttributeValue failed: %lu", rv);
+                        continue;
+                }
+                /* allocate buffers for attributes, XXX check ulValueLen? */
+                for (i = 0; i < 3; i++)
+                        attribs[i].pValue = xmalloc(attribs[i].ulValueLen);
+                /* retrieve ID, modulus and public exponent of RSA key */
+                if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
+                    != CKR_OK) {
+                        error("C_GetAttributeValue failed: %lu", rv);
+                } else if ((rsa = RSA_new()) == NULL) {
+                        error("RSA_new failed");
+                } else {
+                        rsa->n = BN_bin2bn(attribs[1].pValue,
+                            attribs[1].ulValueLen, NULL);
+                        rsa->e = BN_bin2bn(attribs[2].pValue,
+                            attribs[2].ulValueLen, NULL);
+                        if (rsa->n && rsa->e &&
+                            pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
+                                key = key_new(KEY_UNSPEC);
+                                key->rsa = rsa;
+                                key->type = KEY_RSA;
+                                key->flags |= KEY_FLAG_EXT;
+                                /* expand key array and add key */
+                                *keysp = xrealloc(*keysp, *nkeys + 1,
+                                    sizeof(Key *));
+                                (*keysp)[*nkeys] = key;
+                                *nkeys = *nkeys + 1;
+                                debug("have %d keys", *nkeys);
+                        } else {
+                                RSA_free(rsa);
+                        }
+                }
+                for (i = 0; i < 3; i++)
+                        xfree(attribs[i].pValue);
+        }
+        if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
+                error("C_FindObjectsFinal failed: %lu", rv);
+        return (0);
+}
+/* register a new provider, fails if provider already exists */
+int
+pkcs11_add_provider(char *provider_id, char *pin, Key ***keyp)
+{
+        int nkeys, need_finalize = 0;
+        struct pkcs11_provider *p = NULL;
+        void *handle = NULL;
+        CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **);
+        CK_RV rv;
+        CK_FUNCTION_LIST *f = NULL;
+        CK_TOKEN_INFO *token;
+        CK_ULONG i;
+        *keyp = NULL;
+        if (pkcs11_provider_lookup(provider_id) != NULL) {
+                error("provider already registered: %s", provider_id);
+                goto fail;
+        }
+        /* open shared pkcs11-libarary */
+        if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
+                error("dlopen %s failed: %s", provider_id, dlerror());
+                goto fail;
+        }
+        if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+                error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+                goto fail;
+        }
+        p = xcalloc(1, sizeof(*p));
+        p->name = xstrdup(provider_id);
+        p->handle = handle;
+        /* setup the pkcs11 callbacks */
+        if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
+                error("C_GetFunctionList failed: %lu", rv);
+                goto fail;
+        }
+        p->function_list = f;
+        if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
+                error("C_Initialize failed: %lu", rv);
+                goto fail;
+        }
+        need_finalize = 1;
+        if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) {
+                error("C_GetInfo failed: %lu", rv);
+                goto fail;
+        }
+        rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));
+        rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));
+        debug("manufacturerID <%s> cryptokiVersion %d.%d"
+            " libraryDescription <%s> libraryVersion %d.%d",
+            p->info.manufacturerID,
+            p->info.cryptokiVersion.major,
+            p->info.cryptokiVersion.minor,
+            p->info.libraryDescription,
+            p->info.libraryVersion.major,
+            p->info.libraryVersion.minor);
+        if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) {
+                error("C_GetSlotList failed: %lu", rv);
+                goto fail;
+        }
+        if (p->nslots == 0) {
+                error("no slots");
+                goto fail;
+        }
+        p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));
+        if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots))
+            != CKR_OK) {
+                error("C_GetSlotList failed: %lu", rv);
+                goto fail;
+        }
+        p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo));
+        p->valid = 1;
+        nkeys = 0;
+        for (i = 0; i < p->nslots; i++) {
+                token = &p->slotinfo[i].token;
+                if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
+                    != CKR_OK) {
+                        error("C_GetTokenInfo failed: %lu", rv);
+                        continue;
+                }
+                rmspace(token->label, sizeof(token->label));
+                rmspace(token->manufacturerID, sizeof(token->manufacturerID));
+                rmspace(token->model, sizeof(token->model));
+                rmspace(token->serialNumber, sizeof(token->serialNumber));
+                debug("label <%s> manufacturerID <%s> model <%s> serial <%s>"
+                    " flags 0x%lx",
+                    token->label, token->manufacturerID, token->model,
+                    token->serialNumber, token->flags);
+                /* open session, login with pin and retrieve public keys */
+                if (pkcs11_open_session(p, i, pin) == 0)
+                        pkcs11_fetch_keys(p, i, keyp, &nkeys);
+        }
+        if (nkeys > 0) {
+                TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
+                p->refcount++;  /* add to provider list */
+                return (nkeys);
+        }
+        error("no keys");
+        /* don't add the provider, since it does not have any keys */
+fail:
+        if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
+                error("C_Finalize failed: %lu", rv);
+        if (p) {
+                if (p->slotlist)
+                        xfree(p->slotlist);
+                if (p->slotinfo)
+                        xfree(p->slotinfo);
+                xfree(p);
+        }
+        if (handle)
+                dlclose(handle);
+        return (-1);
+}
+#endif /* ENABLE_PKCS11 */

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c new file mode 100644 index 000000000..f0192dcf1 --- /dev/null +++ b/ssh-pkcs11.c
@@ -0,0 +1,564 @@
	1	/* $OpenBSD: ssh-pkcs11.c,v 1.4 2010/02/24 06:12:53 djm Exp $ */
	2	/*
	3	* Copyright (c) 2010 Markus Friedl. All rights reserved.
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include "includes.h"
	19
	20	#ifdef ENABLE_PKCS11
	21
	22	#include <sys/types.h>
	23	#ifdef HAVE_SYS_TIME_H
	24	# include <sys/time.h>
	25	#endif
	26	#include <stdarg.h>
	27	#include <stdio.h>
	28
	29	#include <string.h>
	30	#include <dlfcn.h>
	31
	32	#include "openbsd-compat/sys-queue.h"
	33
	34	#define CRYPTOKI_COMPAT
	35	#include "pkcs11.h"
	36
	37	#include "log.h"
	38	#include "misc.h"
	39	#include "key.h"
	40	#include "ssh-pkcs11.h"
	41	#include "xmalloc.h"
	42
	43	struct pkcs11_slotinfo {
	44	CK_TOKEN_INFO token;
	45	CK_SESSION_HANDLE session;
	46	int logged_in;
	47	};
	48
	49	struct pkcs11_provider {
	50	char *name;
	51	void *handle;
	52	CK_FUNCTION_LIST *function_list;
	53	CK_INFO info;
	54	CK_ULONG nslots;
	55	CK_SLOT_ID *slotlist;
	56	struct pkcs11_slotinfo *slotinfo;
	57	int valid;
	58	int refcount;
	59	TAILQ_ENTRY(pkcs11_provider) next;
	60	};
	61
	62	TAILQ_HEAD(, pkcs11_provider) pkcs11_providers;
	63
	64	struct pkcs11_key {
	65	struct pkcs11_provider *provider;
	66	CK_ULONG slotidx;
	67	int (orig_finish)(RSA rsa);
	68	RSA_METHOD rsa_method;
	69	char *keyid;
	70	int keyid_len;
	71	};
	72
	73	int pkcs11_interactive = 0;
	74
	75	int
	76	pkcs11_init(int interactive)
	77	{
	78	pkcs11_interactive = interactive;
	79	TAILQ_INIT(&pkcs11_providers);
	80	return (0);
	81	}
	82
	83	/*
	84	* finalize a provider shared libarary, it's no longer usable.
	85	* however, there might still be keys referencing this provider,
	86	* so the actuall freeing of memory is handled by pkcs11_provider_unref().
	87	* this is called when a provider gets unregistered.
	88	*/
	89	static void
	90	pkcs11_provider_finalize(struct pkcs11_provider *p)
	91	{
	92	CK_RV rv;
	93	CK_ULONG i;
	94
	95	debug("pkcs11_provider_finalize: %p refcount %d valid %d",
	96	p, p->refcount, p->valid);
	97	if (!p->valid)
	98	return;
	99	for (i = 0; i < p->nslots; i++) {
	100	if (p->slotinfo[i].session &&
	101	(rv = p->function_list->C_CloseSession(
	102	p->slotinfo[i].session)) != CKR_OK)
	103	error("C_CloseSession failed: %lu", rv);
	104	}
	105	if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK)
	106	error("C_Finalize failed: %lu", rv);
	107	p->valid = 0;
	108	p->function_list = NULL;
	109	dlclose(p->handle);
	110	}
	111
	112	/*
	113	* remove a reference to the provider.
	114	* called when a key gets destroyed or when the provider is unregistered.
	115	*/
	116	static void
	117	pkcs11_provider_unref(struct pkcs11_provider *p)
	118	{
	119	debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
	120	if (--p->refcount <= 0) {
	121	if (p->valid)
	122	error("pkcs11_provider_unref: %p still valid", p);
	123	xfree(p->slotlist);
	124	xfree(p->slotinfo);
	125	xfree(p);
	126	}
	127	}
	128
	129	/* unregister all providers, keys might still point to the providers */
	130	void
	131	pkcs11_terminate(void)
	132	{
	133	struct pkcs11_provider *p;
	134
	135	while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) {
	136	TAILQ_REMOVE(&pkcs11_providers, p, next);
	137	pkcs11_provider_finalize(p);
	138	pkcs11_provider_unref(p);
	139	}
	140	}
	141
	142	/* lookup provider by name */
	143	static struct pkcs11_provider *
	144	pkcs11_provider_lookup(char *provider_id)
	145	{
	146	struct pkcs11_provider *p;
	147
	148	TAILQ_FOREACH(p, &pkcs11_providers, next) {
	149	debug("check %p %s", p, p->name);
	150	if (!strcmp(provider_id, p->name))
	151	return (p);
	152	}
	153	return (NULL);
	154	}
	155
	156	/* unregister provider by name */
	157	int
	158	pkcs11_del_provider(char *provider_id)
	159	{
	160	struct pkcs11_provider *p;
	161
	162	if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
	163	TAILQ_REMOVE(&pkcs11_providers, p, next);
	164	pkcs11_provider_finalize(p);
	165	pkcs11_provider_unref(p);
	166	return (0);
	167	}
	168	return (-1);
	169	}
	170
	171	/* openssl callback for freeing an RSA key */
	172	static int
	173	pkcs11_rsa_finish(RSA *rsa)
	174	{
	175	struct pkcs11_key *k11;
	176	int rv = -1;
	177
	178	if ((k11 = RSA_get_app_data(rsa)) != NULL) {
	179	if (k11->orig_finish)
	180	rv = k11->orig_finish(rsa);
	181	if (k11->provider)
	182	pkcs11_provider_unref(k11->provider);
	183	if (k11->keyid)
	184	xfree(k11->keyid);
	185	xfree(k11);
	186	}
	187	return (rv);
	188	}
	189
	190	/* openssl callback doing the actual signing operation */
	191	static int
	192	pkcs11_rsa_private_encrypt(int flen, const u_char from, u_char to, RSA *rsa,
	193	int padding)
	194	{
	195	struct pkcs11_key *k11;
	196	struct pkcs11_slotinfo *si;
	197	CK_FUNCTION_LIST *f;
	198	CK_OBJECT_HANDLE obj;
	199	CK_ULONG tlen = 0, nfound = 0;
	200	CK_RV rv;
	201	CK_OBJECT_CLASS private_key_class = CKO_PRIVATE_KEY;
	202	CK_BBOOL true_val = CK_TRUE;
	203	CK_MECHANISM mech = {
	204	CKM_RSA_PKCS, NULL_PTR, 0
	205	};
	206	CK_ATTRIBUTE key_filter[] = {
	207	{CKA_CLASS, NULL, sizeof(private_key_class) },
	208	{CKA_ID, NULL, 0},
	209	{CKA_SIGN, NULL, sizeof(true_val) }
	210	};
	211	char *pin, prompt[1024];
	212	int rval = -1;
	213
	214	/* some compilers complain about non-constant initializer so we
	215	use NULL in CK_ATTRIBUTE above and set the values here */
	216	key_filter[0].pValue = &private_key_class;
	217	key_filter[2].pValue = &true_val;
	218
	219	if ((k11 = RSA_get_app_data(rsa)) == NULL) {
	220	error("RSA_get_app_data failed for rsa %p", rsa);
	221	return (-1);
	222	}
	223	if (!k11->provider \|\| !k11->provider->valid) {
	224	error("no pkcs11 (valid) provider for rsa %p", rsa);
	225	return (-1);
	226	}
	227	f = k11->provider->function_list;
	228	si = &k11->provider->slotinfo[k11->slotidx];
	229	if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
	230	if (!pkcs11_interactive) {
	231	error("need pin");
	232	return (-1);
	233	}
	234	snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
	235	si->token.label);
	236	pin = read_passphrase(prompt, RP_ALLOW_EOF);
	237	if (pin == NULL)
	238	return (-1); /* bail out */
	239	if ((rv = f->C_Login(si->session, CKU_USER, pin, strlen(pin)))
	240	!= CKR_OK) {
	241	xfree(pin);
	242	error("C_Login failed: %lu", rv);
	243	return (-1);
	244	}
	245	xfree(pin);
	246	si->logged_in = 1;
	247	}
	248	key_filter[1].pValue = k11->keyid;
	249	key_filter[1].ulValueLen = k11->keyid_len;
	250	if ((rv = f->C_FindObjectsInit(si->session, key_filter, 3)) != CKR_OK) {
	251	error("C_FindObjectsInit failed: %lu", rv);
	252	return (-1);
	253	}
	254	if ((rv = f->C_FindObjects(si->session, &obj, 1, &nfound)) != CKR_OK \|\|
	255	nfound != 1) {
	256	error("C_FindObjects failed (%lu nfound): %lu", nfound, rv);
	257	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
	258	error("C_SignInit failed: %lu", rv);
	259	} else {
	260	/* XXX handle CKR_BUFFER_TOO_SMALL */
	261	tlen = RSA_size(rsa);
	262	rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
	263	if (rv == CKR_OK)
	264	rval = tlen;
	265	else
	266	error("C_Sign failed: %lu", rv);
	267	}
	268	if ((rv = f->C_FindObjectsFinal(si->session)) != CKR_OK)
	269	error("C_FindObjectsFinal failed: %lu", rv);
	270	return (rval);
	271	}
	272
	273	static int
	274	pkcs11_rsa_private_decrypt(int flen, const u_char from, u_char to, RSA *rsa,
	275	int padding)
	276	{
	277	return (-1);
	278	}
	279
	280	/* redirect private key operations for rsa key to pkcs11 token */
	281	static int
	282	pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
	283	CK_ATTRIBUTE keyid_attrib, RSA rsa)
	284	{
	285	struct pkcs11_key *k11;
	286	const RSA_METHOD *def = RSA_get_default_method();
	287
	288	k11 = xcalloc(1, sizeof(*k11));
	289	k11->provider = provider;
	290	provider->refcount++; /* provider referenced by RSA key */
	291	k11->slotidx = slotidx;
	292	/* identify key object on smartcard */
	293	k11->keyid_len = keyid_attrib->ulValueLen;
	294	k11->keyid = xmalloc(k11->keyid_len);
	295	memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
	296	k11->orig_finish = def->finish;
	297	memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
	298	k11->rsa_method.name = "pkcs11";
	299	k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
	300	k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
	301	k11->rsa_method.finish = pkcs11_rsa_finish;
	302	RSA_set_method(rsa, &k11->rsa_method);
	303	RSA_set_app_data(rsa, k11);
	304	return (0);
	305	}
	306
	307	/* remove trailing spaces */
	308	static void
	309	rmspace(char *buf, size_t len)
	310	{
	311	size_t i;
	312
	313	if (!len)
	314	return;
	315	for (i = len - 1; i > 0; i--)
	316	if (i == len - 1 \|\| buf[i] == ' ')
	317	buf[i] = '\0';
	318	else
	319	break;
	320	}
	321
	322	/*
	323	* open a pkcs11 session and login if required.
	324	* if pin == NULL we delay login until key use
	325	*/
	326	static int
	327	pkcs11_open_session(struct pkcs11_provider p, CK_ULONG slotidx, char pin)
	328	{
	329	CK_RV rv;
	330	CK_FUNCTION_LIST *f;
	331	CK_SESSION_HANDLE session;
	332	int login_required;
	333
	334	f = p->function_list;
	335	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
	336	if (pin && login_required && !strlen(pin)) {
	337	error("pin required");
	338	return (-1);
	339	}
	340	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION\|
	341	CKF_SERIAL_SESSION, NULL, NULL, &session))
	342	!= CKR_OK) {
	343	error("C_OpenSession failed: %lu", rv);
	344	return (-1);
	345	}
	346	if (login_required && pin) {
	347	if ((rv = f->C_Login(session, CKU_USER, pin, strlen(pin)))
	348	!= CKR_OK) {
	349	error("C_Login failed: %lu", rv);
	350	if ((rv = f->C_CloseSession(session)) != CKR_OK)
	351	error("C_CloseSession failed: %lu", rv);
	352	return (-1);
	353	}
	354	p->slotinfo[slotidx].logged_in = 1;
	355	}
	356	p->slotinfo[slotidx].session = session;
	357	return (0);
	358	}
	359
	360	/*
	361	* lookup public keys for token in slot identified by slotidx,
	362	* add 'wrapped' public keys to the 'keysp' array and increment nkeys.
	363	* keysp points to an (possibly empty) array with *nkeys keys.
	364	*/
	365	static int
	366	pkcs11_fetch_keys(struct pkcs11_provider p, CK_ULONG slotidx, Key **keysp,
	367	int *nkeys)
	368	{
	369	Key *key;
	370	RSA *rsa;
	371	int i;
	372	CK_RV rv;
	373	CK_OBJECT_HANDLE obj;
	374	CK_ULONG nfound;
	375	CK_SESSION_HANDLE session;
	376	CK_FUNCTION_LIST *f;
	377	CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
	378	CK_ATTRIBUTE pubkey_filter[] = {
	379	{ CKA_CLASS, NULL, sizeof(pubkey_class) }
	380	};
	381	CK_ATTRIBUTE attribs[] = {
	382	{ CKA_ID, NULL, 0 },
	383	{ CKA_MODULUS, NULL, 0 },
	384	{ CKA_PUBLIC_EXPONENT, NULL, 0 }
	385	};
	386
	387	/* some compilers complain about non-constant initializer so we
	388	use NULL in CK_ATTRIBUTE above and set the value here */
	389	pubkey_filter[0].pValue = &pubkey_class;
	390
	391	f = p->function_list;
	392	session = p->slotinfo[slotidx].session;
	393	/* setup a filter the looks for public keys */
	394	if ((rv = f->C_FindObjectsInit(session, pubkey_filter, 1)) != CKR_OK) {
	395	error("C_FindObjectsInit failed: %lu", rv);
	396	return (-1);
	397	}
	398	while (1) {
	399	/* XXX 3 attributes in attribs[] */
	400	for (i = 0; i < 3; i++) {
	401	attribs[i].pValue = NULL;
	402	attribs[i].ulValueLen = 0;
	403	}
	404	if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK
	405	\|\| nfound == 0)
	406	break;
	407	/* found a key, so figure out size of the attributes */
	408	if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
	409	!= CKR_OK) {
	410	error("C_GetAttributeValue failed: %lu", rv);
	411	continue;
	412	}
	413	/* allocate buffers for attributes, XXX check ulValueLen? */
	414	for (i = 0; i < 3; i++)
	415	attribs[i].pValue = xmalloc(attribs[i].ulValueLen);
	416	/* retrieve ID, modulus and public exponent of RSA key */
	417	if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
	418	!= CKR_OK) {
	419	error("C_GetAttributeValue failed: %lu", rv);
	420	} else if ((rsa = RSA_new()) == NULL) {
	421	error("RSA_new failed");
	422	} else {
	423	rsa->n = BN_bin2bn(attribs[1].pValue,
	424	attribs[1].ulValueLen, NULL);
	425	rsa->e = BN_bin2bn(attribs[2].pValue,
	426	attribs[2].ulValueLen, NULL);
	427	if (rsa->n && rsa->e &&
	428	pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
	429	key = key_new(KEY_UNSPEC);
	430	key->rsa = rsa;
	431	key->type = KEY_RSA;
	432	key->flags \|= KEY_FLAG_EXT;
	433	/* expand key array and add key */
	434	keysp = xrealloc(keysp, *nkeys + 1,
	435	sizeof(Key *));
	436	(keysp)[nkeys] = key;
	437	nkeys = nkeys + 1;
	438	debug("have %d keys", *nkeys);
	439	} else {
	440	RSA_free(rsa);
	441	}
	442	}
	443	for (i = 0; i < 3; i++)
	444	xfree(attribs[i].pValue);
	445	}
	446	if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
	447	error("C_FindObjectsFinal failed: %lu", rv);
	448	return (0);
	449	}
	450
	451	/* register a new provider, fails if provider already exists */
	452	int
	453	pkcs11_add_provider(char provider_id, char pin, Key ***keyp)
	454	{
	455	int nkeys, need_finalize = 0;
	456	struct pkcs11_provider *p = NULL;
	457	void *handle = NULL;
	458	CK_RV (getfunctionlist)(CK_FUNCTION_LIST *);
	459	CK_RV rv;
	460	CK_FUNCTION_LIST *f = NULL;
	461	CK_TOKEN_INFO *token;
	462	CK_ULONG i;
	463
	464	*keyp = NULL;
	465	if (pkcs11_provider_lookup(provider_id) != NULL) {
	466	error("provider already registered: %s", provider_id);
	467	goto fail;
	468	}
	469	/* open shared pkcs11-libarary */
	470	if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
	471	error("dlopen %s failed: %s", provider_id, dlerror());
	472	goto fail;
	473	}
	474	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
	475	error("dlsym(C_GetFunctionList) failed: %s", dlerror());
	476	goto fail;
	477	}
	478	p = xcalloc(1, sizeof(*p));
	479	p->name = xstrdup(provider_id);
	480	p->handle = handle;
	481	/* setup the pkcs11 callbacks */
	482	if ((rv = (*getfunctionlist)(&f)) != CKR_OK) {
	483	error("C_GetFunctionList failed: %lu", rv);
	484	goto fail;
	485	}
	486	p->function_list = f;
	487	if ((rv = f->C_Initialize(NULL)) != CKR_OK) {
	488	error("C_Initialize failed: %lu", rv);
	489	goto fail;
	490	}
	491	need_finalize = 1;
	492	if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) {
	493	error("C_GetInfo failed: %lu", rv);
	494	goto fail;
	495	}
	496	rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID));
	497	rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription));
	498	debug("manufacturerID <%s> cryptokiVersion %d.%d"
	499	" libraryDescription <%s> libraryVersion %d.%d",
	500	p->info.manufacturerID,
	501	p->info.cryptokiVersion.major,
	502	p->info.cryptokiVersion.minor,
	503	p->info.libraryDescription,
	504	p->info.libraryVersion.major,
	505	p->info.libraryVersion.minor);
	506	if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) {
	507	error("C_GetSlotList failed: %lu", rv);
	508	goto fail;
	509	}
	510	if (p->nslots == 0) {
	511	error("no slots");
	512	goto fail;
	513	}
	514	p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));
	515	if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots))
	516	!= CKR_OK) {
	517	error("C_GetSlotList failed: %lu", rv);
	518	goto fail;
	519	}
	520	p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo));
	521	p->valid = 1;
	522	nkeys = 0;
	523	for (i = 0; i < p->nslots; i++) {
	524	token = &p->slotinfo[i].token;
	525	if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
	526	!= CKR_OK) {
	527	error("C_GetTokenInfo failed: %lu", rv);
	528	continue;
	529	}
	530	rmspace(token->label, sizeof(token->label));
	531	rmspace(token->manufacturerID, sizeof(token->manufacturerID));
	532	rmspace(token->model, sizeof(token->model));
	533	rmspace(token->serialNumber, sizeof(token->serialNumber));
	534	debug("label <%s> manufacturerID <%s> model <%s> serial <%s>"
	535	" flags 0x%lx",
	536	token->label, token->manufacturerID, token->model,
	537	token->serialNumber, token->flags);
	538	/* open session, login with pin and retrieve public keys */
	539	if (pkcs11_open_session(p, i, pin) == 0)
	540	pkcs11_fetch_keys(p, i, keyp, &nkeys);
	541	}
	542	if (nkeys > 0) {
	543	TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
	544	p->refcount++; /* add to provider list */
	545	return (nkeys);
	546	}
	547	error("no keys");
	548	/* don't add the provider, since it does not have any keys */
	549	fail:
	550	if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
	551	error("C_Finalize failed: %lu", rv);
	552	if (p) {
	553	if (p->slotlist)
	554	xfree(p->slotlist);
	555	if (p->slotinfo)
	556	xfree(p->slotinfo);
	557	xfree(p);
	558	}
	559	if (handle)
	560	dlclose(handle);
	561	return (-1);
	562	}
	563
	564	#endif /* ENABLE_PKCS11 */