/src/openssh/ssh-pkcs11.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* $OpenBSD: ssh-pkcs11.c,v 1.56 2023/03/08 05:33:53 tb Exp $ */ |
2 | | /* |
3 | | * Copyright (c) 2010 Markus Friedl. All rights reserved. |
4 | | * Copyright (c) 2014 Pedro Martelletto. All rights reserved. |
5 | | * |
6 | | * Permission to use, copy, modify, and distribute this software for any |
7 | | * purpose with or without fee is hereby granted, provided that the above |
8 | | * copyright notice and this permission notice appear in all copies. |
9 | | * |
10 | | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
11 | | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
12 | | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
13 | | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
14 | | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
15 | | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
16 | | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
17 | | */ |
18 | | |
19 | | #include "includes.h" |
20 | | |
21 | | #ifdef ENABLE_PKCS11 |
22 | | |
23 | | #ifdef HAVE_SYS_TIME_H |
24 | | # include <sys/time.h> |
25 | | #endif |
26 | | |
27 | | #include <sys/types.h> |
28 | | #include <stdarg.h> |
29 | | #include <stdio.h> |
30 | | |
31 | | #include <ctype.h> |
32 | | #include <string.h> |
33 | | #include <dlfcn.h> |
34 | | |
35 | | #include "openbsd-compat/sys-queue.h" |
36 | | #include "openbsd-compat/openssl-compat.h" |
37 | | |
38 | | #include <openssl/ecdsa.h> |
39 | | #include <openssl/x509.h> |
40 | | #include <openssl/err.h> |
41 | | |
42 | | #define CRYPTOKI_COMPAT |
43 | | #include "pkcs11.h" |
44 | | |
45 | | #include "log.h" |
46 | | #include "misc.h" |
47 | | #include "sshkey.h" |
48 | | #include "ssh-pkcs11.h" |
49 | | #include "digest.h" |
50 | | #include "xmalloc.h" |
51 | | |
52 | | struct pkcs11_slotinfo { |
53 | | CK_TOKEN_INFO token; |
54 | | CK_SESSION_HANDLE session; |
55 | | int logged_in; |
56 | | }; |
57 | | |
58 | | struct pkcs11_provider { |
59 | | char *name; |
60 | | void *handle; |
61 | | CK_FUNCTION_LIST *function_list; |
62 | | CK_INFO info; |
63 | | CK_ULONG nslots; |
64 | | CK_SLOT_ID *slotlist; |
65 | | struct pkcs11_slotinfo *slotinfo; |
66 | | int valid; |
67 | | int refcount; |
68 | | TAILQ_ENTRY(pkcs11_provider) next; |
69 | | }; |
70 | | |
71 | | TAILQ_HEAD(, pkcs11_provider) pkcs11_providers; |
72 | | |
73 | | struct pkcs11_key { |
74 | | struct pkcs11_provider *provider; |
75 | | CK_ULONG slotidx; |
76 | | char *keyid; |
77 | | int keyid_len; |
78 | | }; |
79 | | |
80 | | int pkcs11_interactive = 0; |
81 | | |
82 | | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
83 | | static void |
84 | | ossl_error(const char *msg) |
85 | 0 | { |
86 | 0 | unsigned long e; |
87 | |
|
88 | 0 | error_f("%s", msg); |
89 | 0 | while ((e = ERR_get_error()) != 0) |
90 | 0 | error_f("libcrypto error: %s", ERR_error_string(e, NULL)); |
91 | 0 | } |
92 | | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
93 | | |
94 | | int |
95 | | pkcs11_init(int interactive) |
96 | 0 | { |
97 | 0 | pkcs11_interactive = interactive; |
98 | 0 | TAILQ_INIT(&pkcs11_providers); |
99 | 0 | return (0); |
100 | 0 | } |
101 | | |
102 | | /* |
103 | | * finalize a provider shared library, it's no longer usable. |
104 | | * however, there might still be keys referencing this provider, |
105 | | * so the actual freeing of memory is handled by pkcs11_provider_unref(). |
106 | | * this is called when a provider gets unregistered. |
107 | | */ |
108 | | static void |
109 | | pkcs11_provider_finalize(struct pkcs11_provider *p) |
110 | 0 | { |
111 | 0 | CK_RV rv; |
112 | 0 | CK_ULONG i; |
113 | |
|
114 | 0 | debug_f("provider \"%s\" refcount %d valid %d", |
115 | 0 | p->name, p->refcount, p->valid); |
116 | 0 | if (!p->valid) |
117 | 0 | return; |
118 | 0 | for (i = 0; i < p->nslots; i++) { |
119 | 0 | if (p->slotinfo[i].session && |
120 | 0 | (rv = p->function_list->C_CloseSession( |
121 | 0 | p->slotinfo[i].session)) != CKR_OK) |
122 | 0 | error("C_CloseSession failed: %lu", rv); |
123 | 0 | } |
124 | 0 | if ((rv = p->function_list->C_Finalize(NULL)) != CKR_OK) |
125 | 0 | error("C_Finalize failed: %lu", rv); |
126 | 0 | p->valid = 0; |
127 | 0 | p->function_list = NULL; |
128 | 0 | dlclose(p->handle); |
129 | 0 | } |
130 | | |
131 | | /* |
132 | | * remove a reference to the provider. |
133 | | * called when a key gets destroyed or when the provider is unregistered. |
134 | | */ |
135 | | static void |
136 | | pkcs11_provider_unref(struct pkcs11_provider *p) |
137 | 0 | { |
138 | 0 | debug_f("provider \"%s\" refcount %d", p->name, p->refcount); |
139 | 0 | if (--p->refcount <= 0) { |
140 | 0 | if (p->valid) |
141 | 0 | error_f("provider \"%s\" still valid", p->name); |
142 | 0 | free(p->name); |
143 | 0 | free(p->slotlist); |
144 | 0 | free(p->slotinfo); |
145 | 0 | free(p); |
146 | 0 | } |
147 | 0 | } |
148 | | |
149 | | /* unregister all providers, keys might still point to the providers */ |
150 | | void |
151 | | pkcs11_terminate(void) |
152 | 0 | { |
153 | 0 | struct pkcs11_provider *p; |
154 | |
|
155 | 0 | while ((p = TAILQ_FIRST(&pkcs11_providers)) != NULL) { |
156 | 0 | TAILQ_REMOVE(&pkcs11_providers, p, next); |
157 | 0 | pkcs11_provider_finalize(p); |
158 | 0 | pkcs11_provider_unref(p); |
159 | 0 | } |
160 | 0 | } |
161 | | |
162 | | /* lookup provider by name */ |
163 | | static struct pkcs11_provider * |
164 | | pkcs11_provider_lookup(char *provider_id) |
165 | 0 | { |
166 | 0 | struct pkcs11_provider *p; |
167 | |
|
168 | 0 | TAILQ_FOREACH(p, &pkcs11_providers, next) { |
169 | 0 | debug("check provider \"%s\"", p->name); |
170 | 0 | if (!strcmp(provider_id, p->name)) |
171 | 0 | return (p); |
172 | 0 | } |
173 | 0 | return (NULL); |
174 | 0 | } |
175 | | |
176 | | /* unregister provider by name */ |
177 | | int |
178 | | pkcs11_del_provider(char *provider_id) |
179 | 0 | { |
180 | 0 | struct pkcs11_provider *p; |
181 | |
|
182 | 0 | if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { |
183 | 0 | TAILQ_REMOVE(&pkcs11_providers, p, next); |
184 | 0 | pkcs11_provider_finalize(p); |
185 | 0 | pkcs11_provider_unref(p); |
186 | 0 | return (0); |
187 | 0 | } |
188 | 0 | return (-1); |
189 | 0 | } |
190 | | |
191 | | static RSA_METHOD *rsa_method; |
192 | | static int rsa_idx = 0; |
193 | | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
194 | | static EC_KEY_METHOD *ec_key_method; |
195 | | static int ec_key_idx = 0; |
196 | | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
197 | | |
198 | | /* release a wrapped object */ |
199 | | static void |
200 | | pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, |
201 | | long argl, void *argp) |
202 | 0 | { |
203 | 0 | struct pkcs11_key *k11 = ptr; |
204 | |
|
205 | 0 | debug_f("parent %p ptr %p idx %d", parent, ptr, idx); |
206 | 0 | if (k11 == NULL) |
207 | 0 | return; |
208 | 0 | if (k11->provider) |
209 | 0 | pkcs11_provider_unref(k11->provider); |
210 | 0 | free(k11->keyid); |
211 | 0 | free(k11); |
212 | 0 | } |
213 | | |
214 | | /* find a single 'obj' for given attributes */ |
215 | | static int |
216 | | pkcs11_find(struct pkcs11_provider *p, CK_ULONG slotidx, CK_ATTRIBUTE *attr, |
217 | | CK_ULONG nattr, CK_OBJECT_HANDLE *obj) |
218 | 0 | { |
219 | 0 | CK_FUNCTION_LIST *f; |
220 | 0 | CK_SESSION_HANDLE session; |
221 | 0 | CK_ULONG nfound = 0; |
222 | 0 | CK_RV rv; |
223 | 0 | int ret = -1; |
224 | |
|
225 | 0 | f = p->function_list; |
226 | 0 | session = p->slotinfo[slotidx].session; |
227 | 0 | if ((rv = f->C_FindObjectsInit(session, attr, nattr)) != CKR_OK) { |
228 | 0 | error("C_FindObjectsInit failed (nattr %lu): %lu", nattr, rv); |
229 | 0 | return (-1); |
230 | 0 | } |
231 | 0 | if ((rv = f->C_FindObjects(session, obj, 1, &nfound)) != CKR_OK || |
232 | 0 | nfound != 1) { |
233 | 0 | debug("C_FindObjects failed (nfound %lu nattr %lu): %lu", |
234 | 0 | nfound, nattr, rv); |
235 | 0 | } else |
236 | 0 | ret = 0; |
237 | 0 | if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK) |
238 | 0 | error("C_FindObjectsFinal failed: %lu", rv); |
239 | 0 | return (ret); |
240 | 0 | } |
241 | | |
242 | | static int |
243 | | pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si, |
244 | | CK_USER_TYPE type) |
245 | 0 | { |
246 | 0 | char *pin = NULL, prompt[1024]; |
247 | 0 | CK_RV rv; |
248 | |
|
249 | 0 | if (provider == NULL || si == NULL || !provider->valid) { |
250 | 0 | error("no pkcs11 (valid) provider found"); |
251 | 0 | return (-1); |
252 | 0 | } |
253 | | |
254 | 0 | if (!pkcs11_interactive) { |
255 | 0 | error("need pin entry%s", |
256 | 0 | (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? |
257 | 0 | " on reader keypad" : ""); |
258 | 0 | return (-1); |
259 | 0 | } |
260 | 0 | if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) |
261 | 0 | verbose("Deferring PIN entry to reader keypad."); |
262 | 0 | else { |
263 | 0 | snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ", |
264 | 0 | si->token.label); |
265 | 0 | if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) { |
266 | 0 | debug_f("no pin specified"); |
267 | 0 | return (-1); /* bail out */ |
268 | 0 | } |
269 | 0 | } |
270 | 0 | rv = provider->function_list->C_Login(si->session, type, (u_char *)pin, |
271 | 0 | (pin != NULL) ? strlen(pin) : 0); |
272 | 0 | if (pin != NULL) |
273 | 0 | freezero(pin, strlen(pin)); |
274 | |
|
275 | 0 | switch (rv) { |
276 | 0 | case CKR_OK: |
277 | 0 | case CKR_USER_ALREADY_LOGGED_IN: |
278 | | /* success */ |
279 | 0 | break; |
280 | 0 | case CKR_PIN_LEN_RANGE: |
281 | 0 | error("PKCS#11 login failed: PIN length out of range"); |
282 | 0 | return -1; |
283 | 0 | case CKR_PIN_INCORRECT: |
284 | 0 | error("PKCS#11 login failed: PIN incorrect"); |
285 | 0 | return -1; |
286 | 0 | case CKR_PIN_LOCKED: |
287 | 0 | error("PKCS#11 login failed: PIN locked"); |
288 | 0 | return -1; |
289 | 0 | default: |
290 | 0 | error("PKCS#11 login failed: error %lu", rv); |
291 | 0 | return -1; |
292 | 0 | } |
293 | 0 | si->logged_in = 1; |
294 | 0 | return (0); |
295 | 0 | } |
296 | | |
297 | | static int |
298 | | pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type) |
299 | 0 | { |
300 | 0 | if (k11 == NULL || k11->provider == NULL || !k11->provider->valid) { |
301 | 0 | error("no pkcs11 (valid) provider found"); |
302 | 0 | return (-1); |
303 | 0 | } |
304 | | |
305 | 0 | return pkcs11_login_slot(k11->provider, |
306 | 0 | &k11->provider->slotinfo[k11->slotidx], type); |
307 | 0 | } |
308 | | |
309 | | |
310 | | static int |
311 | | pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj, |
312 | | CK_ATTRIBUTE_TYPE type, int *val) |
313 | 0 | { |
314 | 0 | struct pkcs11_slotinfo *si; |
315 | 0 | CK_FUNCTION_LIST *f; |
316 | 0 | CK_BBOOL flag = 0; |
317 | 0 | CK_ATTRIBUTE attr; |
318 | 0 | CK_RV rv; |
319 | |
|
320 | 0 | *val = 0; |
321 | |
|
322 | 0 | if (!k11->provider || !k11->provider->valid) { |
323 | 0 | error("no pkcs11 (valid) provider found"); |
324 | 0 | return (-1); |
325 | 0 | } |
326 | | |
327 | 0 | f = k11->provider->function_list; |
328 | 0 | si = &k11->provider->slotinfo[k11->slotidx]; |
329 | |
|
330 | 0 | attr.type = type; |
331 | 0 | attr.pValue = &flag; |
332 | 0 | attr.ulValueLen = sizeof(flag); |
333 | |
|
334 | 0 | rv = f->C_GetAttributeValue(si->session, obj, &attr, 1); |
335 | 0 | if (rv != CKR_OK) { |
336 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
337 | 0 | return (-1); |
338 | 0 | } |
339 | 0 | *val = flag != 0; |
340 | 0 | debug_f("provider \"%s\" slot %lu object %lu: attrib %lu = %d", |
341 | 0 | k11->provider->name, k11->slotidx, obj, type, *val); |
342 | 0 | return (0); |
343 | 0 | } |
344 | | |
345 | | static int |
346 | | pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type) |
347 | 0 | { |
348 | 0 | struct pkcs11_slotinfo *si; |
349 | 0 | CK_FUNCTION_LIST *f; |
350 | 0 | CK_OBJECT_HANDLE obj; |
351 | 0 | CK_RV rv; |
352 | 0 | CK_OBJECT_CLASS private_key_class; |
353 | 0 | CK_BBOOL true_val; |
354 | 0 | CK_MECHANISM mech; |
355 | 0 | CK_ATTRIBUTE key_filter[3]; |
356 | 0 | int always_auth = 0; |
357 | 0 | int did_login = 0; |
358 | |
|
359 | 0 | if (!k11->provider || !k11->provider->valid) { |
360 | 0 | error("no pkcs11 (valid) provider found"); |
361 | 0 | return (-1); |
362 | 0 | } |
363 | | |
364 | 0 | f = k11->provider->function_list; |
365 | 0 | si = &k11->provider->slotinfo[k11->slotidx]; |
366 | |
|
367 | 0 | if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) { |
368 | 0 | if (pkcs11_login(k11, CKU_USER) < 0) { |
369 | 0 | error("login failed"); |
370 | 0 | return (-1); |
371 | 0 | } |
372 | 0 | did_login = 1; |
373 | 0 | } |
374 | | |
375 | 0 | memset(&key_filter, 0, sizeof(key_filter)); |
376 | 0 | private_key_class = CKO_PRIVATE_KEY; |
377 | 0 | key_filter[0].type = CKA_CLASS; |
378 | 0 | key_filter[0].pValue = &private_key_class; |
379 | 0 | key_filter[0].ulValueLen = sizeof(private_key_class); |
380 | |
|
381 | 0 | key_filter[1].type = CKA_ID; |
382 | 0 | key_filter[1].pValue = k11->keyid; |
383 | 0 | key_filter[1].ulValueLen = k11->keyid_len; |
384 | |
|
385 | 0 | true_val = CK_TRUE; |
386 | 0 | key_filter[2].type = CKA_SIGN; |
387 | 0 | key_filter[2].pValue = &true_val; |
388 | 0 | key_filter[2].ulValueLen = sizeof(true_val); |
389 | | |
390 | | /* try to find object w/CKA_SIGN first, retry w/o */ |
391 | 0 | if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 && |
392 | 0 | pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) { |
393 | 0 | error("cannot find private key"); |
394 | 0 | return (-1); |
395 | 0 | } |
396 | | |
397 | 0 | memset(&mech, 0, sizeof(mech)); |
398 | 0 | mech.mechanism = mech_type; |
399 | 0 | mech.pParameter = NULL_PTR; |
400 | 0 | mech.ulParameterLen = 0; |
401 | |
|
402 | 0 | if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) { |
403 | 0 | error("C_SignInit failed: %lu", rv); |
404 | 0 | return (-1); |
405 | 0 | } |
406 | | |
407 | 0 | pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE, |
408 | 0 | &always_auth); /* ignore errors here */ |
409 | 0 | if (always_auth && !did_login) { |
410 | 0 | debug_f("always-auth key"); |
411 | 0 | if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) { |
412 | 0 | error("login failed for always-auth key"); |
413 | 0 | return (-1); |
414 | 0 | } |
415 | 0 | } |
416 | | |
417 | 0 | return (0); |
418 | 0 | } |
419 | | |
420 | | /* openssl callback doing the actual signing operation */ |
421 | | static int |
422 | | pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, |
423 | | int padding) |
424 | 0 | { |
425 | 0 | struct pkcs11_key *k11; |
426 | 0 | struct pkcs11_slotinfo *si; |
427 | 0 | CK_FUNCTION_LIST *f; |
428 | 0 | CK_ULONG tlen = 0; |
429 | 0 | CK_RV rv; |
430 | 0 | int rval = -1; |
431 | |
|
432 | 0 | if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) { |
433 | 0 | error("RSA_get_ex_data failed"); |
434 | 0 | return (-1); |
435 | 0 | } |
436 | | |
437 | 0 | if (pkcs11_get_key(k11, CKM_RSA_PKCS) == -1) { |
438 | 0 | error("pkcs11_get_key failed"); |
439 | 0 | return (-1); |
440 | 0 | } |
441 | | |
442 | 0 | f = k11->provider->function_list; |
443 | 0 | si = &k11->provider->slotinfo[k11->slotidx]; |
444 | 0 | tlen = RSA_size(rsa); |
445 | | |
446 | | /* XXX handle CKR_BUFFER_TOO_SMALL */ |
447 | 0 | rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen); |
448 | 0 | if (rv == CKR_OK) |
449 | 0 | rval = tlen; |
450 | 0 | else |
451 | 0 | error("C_Sign failed: %lu", rv); |
452 | |
|
453 | 0 | return (rval); |
454 | 0 | } |
455 | | |
456 | | static int |
457 | | pkcs11_rsa_private_decrypt(int flen, const u_char *from, u_char *to, RSA *rsa, |
458 | | int padding) |
459 | 0 | { |
460 | 0 | return (-1); |
461 | 0 | } |
462 | | |
463 | | static int |
464 | | pkcs11_rsa_start_wrapper(void) |
465 | 0 | { |
466 | 0 | if (rsa_method != NULL) |
467 | 0 | return (0); |
468 | 0 | rsa_method = RSA_meth_dup(RSA_get_default_method()); |
469 | 0 | if (rsa_method == NULL) |
470 | 0 | return (-1); |
471 | 0 | rsa_idx = RSA_get_ex_new_index(0, "ssh-pkcs11-rsa", |
472 | 0 | NULL, NULL, pkcs11_k11_free); |
473 | 0 | if (rsa_idx == -1) |
474 | 0 | return (-1); |
475 | 0 | if (!RSA_meth_set1_name(rsa_method, "pkcs11") || |
476 | 0 | !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) || |
477 | 0 | !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) { |
478 | 0 | error_f("setup pkcs11 method failed"); |
479 | 0 | return (-1); |
480 | 0 | } |
481 | 0 | return (0); |
482 | 0 | } |
483 | | |
484 | | /* redirect private key operations for rsa key to pkcs11 token */ |
485 | | static int |
486 | | pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, |
487 | | CK_ATTRIBUTE *keyid_attrib, RSA *rsa) |
488 | 0 | { |
489 | 0 | struct pkcs11_key *k11; |
490 | |
|
491 | 0 | if (pkcs11_rsa_start_wrapper() == -1) |
492 | 0 | return (-1); |
493 | | |
494 | 0 | k11 = xcalloc(1, sizeof(*k11)); |
495 | 0 | k11->provider = provider; |
496 | 0 | provider->refcount++; /* provider referenced by RSA key */ |
497 | 0 | k11->slotidx = slotidx; |
498 | | /* identify key object on smartcard */ |
499 | 0 | k11->keyid_len = keyid_attrib->ulValueLen; |
500 | 0 | if (k11->keyid_len > 0) { |
501 | 0 | k11->keyid = xmalloc(k11->keyid_len); |
502 | 0 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); |
503 | 0 | } |
504 | |
|
505 | 0 | RSA_set_method(rsa, rsa_method); |
506 | 0 | RSA_set_ex_data(rsa, rsa_idx, k11); |
507 | 0 | return (0); |
508 | 0 | } |
509 | | |
510 | | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
511 | | /* openssl callback doing the actual signing operation */ |
512 | | static ECDSA_SIG * |
513 | | ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, |
514 | | const BIGNUM *rp, EC_KEY *ec) |
515 | 0 | { |
516 | 0 | struct pkcs11_key *k11; |
517 | 0 | struct pkcs11_slotinfo *si; |
518 | 0 | CK_FUNCTION_LIST *f; |
519 | 0 | CK_ULONG siglen = 0, bnlen; |
520 | 0 | CK_RV rv; |
521 | 0 | ECDSA_SIG *ret = NULL; |
522 | 0 | u_char *sig; |
523 | 0 | BIGNUM *r = NULL, *s = NULL; |
524 | |
|
525 | 0 | if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) { |
526 | 0 | ossl_error("EC_KEY_get_ex_data failed for ec"); |
527 | 0 | return (NULL); |
528 | 0 | } |
529 | | |
530 | 0 | if (pkcs11_get_key(k11, CKM_ECDSA) == -1) { |
531 | 0 | error("pkcs11_get_key failed"); |
532 | 0 | return (NULL); |
533 | 0 | } |
534 | | |
535 | 0 | f = k11->provider->function_list; |
536 | 0 | si = &k11->provider->slotinfo[k11->slotidx]; |
537 | |
|
538 | 0 | siglen = ECDSA_size(ec); |
539 | 0 | sig = xmalloc(siglen); |
540 | | |
541 | | /* XXX handle CKR_BUFFER_TOO_SMALL */ |
542 | 0 | rv = f->C_Sign(si->session, (CK_BYTE *)dgst, dgst_len, sig, &siglen); |
543 | 0 | if (rv != CKR_OK) { |
544 | 0 | error("C_Sign failed: %lu", rv); |
545 | 0 | goto done; |
546 | 0 | } |
547 | 0 | if (siglen < 64 || siglen > 132 || siglen % 2) { |
548 | 0 | error_f("bad signature length: %lu", (u_long)siglen); |
549 | 0 | goto done; |
550 | 0 | } |
551 | 0 | bnlen = siglen/2; |
552 | 0 | if ((ret = ECDSA_SIG_new()) == NULL) { |
553 | 0 | error("ECDSA_SIG_new failed"); |
554 | 0 | goto done; |
555 | 0 | } |
556 | 0 | if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL || |
557 | 0 | (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) { |
558 | 0 | ossl_error("BN_bin2bn failed"); |
559 | 0 | ECDSA_SIG_free(ret); |
560 | 0 | ret = NULL; |
561 | 0 | goto done; |
562 | 0 | } |
563 | 0 | if (!ECDSA_SIG_set0(ret, r, s)) { |
564 | 0 | error_f("ECDSA_SIG_set0 failed"); |
565 | 0 | ECDSA_SIG_free(ret); |
566 | 0 | ret = NULL; |
567 | 0 | goto done; |
568 | 0 | } |
569 | 0 | r = s = NULL; /* now owned by ret */ |
570 | | /* success */ |
571 | 0 | done: |
572 | 0 | BN_free(r); |
573 | 0 | BN_free(s); |
574 | 0 | free(sig); |
575 | |
|
576 | 0 | return (ret); |
577 | 0 | } |
578 | | |
579 | | static int |
580 | | pkcs11_ecdsa_start_wrapper(void) |
581 | 0 | { |
582 | 0 | int (*orig_sign)(int, const unsigned char *, int, unsigned char *, |
583 | 0 | unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; |
584 | |
|
585 | 0 | if (ec_key_method != NULL) |
586 | 0 | return (0); |
587 | 0 | ec_key_idx = EC_KEY_get_ex_new_index(0, "ssh-pkcs11-ecdsa", |
588 | 0 | NULL, NULL, pkcs11_k11_free); |
589 | 0 | if (ec_key_idx == -1) |
590 | 0 | return (-1); |
591 | 0 | ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL()); |
592 | 0 | if (ec_key_method == NULL) |
593 | 0 | return (-1); |
594 | 0 | EC_KEY_METHOD_get_sign(ec_key_method, &orig_sign, NULL, NULL); |
595 | 0 | EC_KEY_METHOD_set_sign(ec_key_method, orig_sign, NULL, ecdsa_do_sign); |
596 | 0 | return (0); |
597 | 0 | } |
598 | | |
599 | | static int |
600 | | pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, |
601 | | CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec) |
602 | 0 | { |
603 | 0 | struct pkcs11_key *k11; |
604 | |
|
605 | 0 | if (pkcs11_ecdsa_start_wrapper() == -1) |
606 | 0 | return (-1); |
607 | | |
608 | 0 | k11 = xcalloc(1, sizeof(*k11)); |
609 | 0 | k11->provider = provider; |
610 | 0 | provider->refcount++; /* provider referenced by ECDSA key */ |
611 | 0 | k11->slotidx = slotidx; |
612 | | /* identify key object on smartcard */ |
613 | 0 | k11->keyid_len = keyid_attrib->ulValueLen; |
614 | 0 | if (k11->keyid_len > 0) { |
615 | 0 | k11->keyid = xmalloc(k11->keyid_len); |
616 | 0 | memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); |
617 | 0 | } |
618 | 0 | EC_KEY_set_method(ec, ec_key_method); |
619 | 0 | EC_KEY_set_ex_data(ec, ec_key_idx, k11); |
620 | |
|
621 | 0 | return (0); |
622 | 0 | } |
623 | | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
624 | | |
625 | | /* remove trailing spaces */ |
626 | | static void |
627 | | rmspace(u_char *buf, size_t len) |
628 | 0 | { |
629 | 0 | size_t i; |
630 | |
|
631 | 0 | if (!len) |
632 | 0 | return; |
633 | 0 | for (i = len - 1; i > 0; i--) |
634 | 0 | if (i == len - 1 || buf[i] == ' ') |
635 | 0 | buf[i] = '\0'; |
636 | 0 | else |
637 | 0 | break; |
638 | 0 | } |
639 | | |
640 | | /* |
641 | | * open a pkcs11 session and login if required. |
642 | | * if pin == NULL we delay login until key use |
643 | | */ |
644 | | static int |
645 | | pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin, |
646 | | CK_ULONG user) |
647 | 0 | { |
648 | 0 | struct pkcs11_slotinfo *si; |
649 | 0 | CK_FUNCTION_LIST *f; |
650 | 0 | CK_RV rv; |
651 | 0 | CK_SESSION_HANDLE session; |
652 | 0 | int login_required, ret; |
653 | |
|
654 | 0 | f = p->function_list; |
655 | 0 | si = &p->slotinfo[slotidx]; |
656 | |
|
657 | 0 | login_required = si->token.flags & CKF_LOGIN_REQUIRED; |
658 | | |
659 | | /* fail early before opening session */ |
660 | 0 | if (login_required && !pkcs11_interactive && |
661 | 0 | (pin == NULL || strlen(pin) == 0)) { |
662 | 0 | error("pin required"); |
663 | 0 | return (-SSH_PKCS11_ERR_PIN_REQUIRED); |
664 | 0 | } |
665 | 0 | if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION| |
666 | 0 | CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) { |
667 | 0 | error("C_OpenSession failed: %lu", rv); |
668 | 0 | return (-1); |
669 | 0 | } |
670 | 0 | if (login_required && pin != NULL && strlen(pin) != 0) { |
671 | 0 | rv = f->C_Login(session, user, (u_char *)pin, strlen(pin)); |
672 | 0 | if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { |
673 | 0 | error("C_Login failed: %lu", rv); |
674 | 0 | ret = (rv == CKR_PIN_LOCKED) ? |
675 | 0 | -SSH_PKCS11_ERR_PIN_LOCKED : |
676 | 0 | -SSH_PKCS11_ERR_LOGIN_FAIL; |
677 | 0 | if ((rv = f->C_CloseSession(session)) != CKR_OK) |
678 | 0 | error("C_CloseSession failed: %lu", rv); |
679 | 0 | return (ret); |
680 | 0 | } |
681 | 0 | si->logged_in = 1; |
682 | 0 | } |
683 | 0 | si->session = session; |
684 | 0 | return (0); |
685 | 0 | } |
686 | | |
687 | | static int |
688 | | pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key) |
689 | 0 | { |
690 | 0 | int i; |
691 | |
|
692 | 0 | for (i = 0; i < *nkeys; i++) |
693 | 0 | if (sshkey_equal(key, (*keysp)[i])) |
694 | 0 | return (1); |
695 | 0 | return (0); |
696 | 0 | } |
697 | | |
698 | | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
699 | | static struct sshkey * |
700 | | pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, |
701 | | CK_OBJECT_HANDLE *obj) |
702 | 0 | { |
703 | 0 | CK_ATTRIBUTE key_attr[3]; |
704 | 0 | CK_SESSION_HANDLE session; |
705 | 0 | CK_FUNCTION_LIST *f = NULL; |
706 | 0 | CK_RV rv; |
707 | 0 | ASN1_OCTET_STRING *octet = NULL; |
708 | 0 | EC_KEY *ec = NULL; |
709 | 0 | EC_GROUP *group = NULL; |
710 | 0 | struct sshkey *key = NULL; |
711 | 0 | const unsigned char *attrp = NULL; |
712 | 0 | int i; |
713 | 0 | int nid; |
714 | |
|
715 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
716 | 0 | key_attr[0].type = CKA_ID; |
717 | 0 | key_attr[1].type = CKA_EC_POINT; |
718 | 0 | key_attr[2].type = CKA_EC_PARAMS; |
719 | |
|
720 | 0 | session = p->slotinfo[slotidx].session; |
721 | 0 | f = p->function_list; |
722 | | |
723 | | /* figure out size of the attributes */ |
724 | 0 | rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); |
725 | 0 | if (rv != CKR_OK) { |
726 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
727 | 0 | return (NULL); |
728 | 0 | } |
729 | | |
730 | | /* |
731 | | * Allow CKA_ID (always first attribute) to be empty, but |
732 | | * ensure that none of the others are zero length. |
733 | | * XXX assumes CKA_ID is always first. |
734 | | */ |
735 | 0 | if (key_attr[1].ulValueLen == 0 || |
736 | 0 | key_attr[2].ulValueLen == 0) { |
737 | 0 | error("invalid attribute length"); |
738 | 0 | return (NULL); |
739 | 0 | } |
740 | | |
741 | | /* allocate buffers for attributes */ |
742 | 0 | for (i = 0; i < 3; i++) |
743 | 0 | if (key_attr[i].ulValueLen > 0) |
744 | 0 | key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen); |
745 | | |
746 | | /* retrieve ID, public point and curve parameters of EC key */ |
747 | 0 | rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); |
748 | 0 | if (rv != CKR_OK) { |
749 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
750 | 0 | goto fail; |
751 | 0 | } |
752 | | |
753 | 0 | ec = EC_KEY_new(); |
754 | 0 | if (ec == NULL) { |
755 | 0 | error("EC_KEY_new failed"); |
756 | 0 | goto fail; |
757 | 0 | } |
758 | | |
759 | 0 | attrp = key_attr[2].pValue; |
760 | 0 | group = d2i_ECPKParameters(NULL, &attrp, key_attr[2].ulValueLen); |
761 | 0 | if (group == NULL) { |
762 | 0 | ossl_error("d2i_ECPKParameters failed"); |
763 | 0 | goto fail; |
764 | 0 | } |
765 | | |
766 | 0 | if (EC_KEY_set_group(ec, group) == 0) { |
767 | 0 | ossl_error("EC_KEY_set_group failed"); |
768 | 0 | goto fail; |
769 | 0 | } |
770 | | |
771 | 0 | if (key_attr[1].ulValueLen <= 2) { |
772 | 0 | error("CKA_EC_POINT too small"); |
773 | 0 | goto fail; |
774 | 0 | } |
775 | | |
776 | 0 | attrp = key_attr[1].pValue; |
777 | 0 | octet = d2i_ASN1_OCTET_STRING(NULL, &attrp, key_attr[1].ulValueLen); |
778 | 0 | if (octet == NULL) { |
779 | 0 | ossl_error("d2i_ASN1_OCTET_STRING failed"); |
780 | 0 | goto fail; |
781 | 0 | } |
782 | 0 | attrp = octet->data; |
783 | 0 | if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) { |
784 | 0 | ossl_error("o2i_ECPublicKey failed"); |
785 | 0 | goto fail; |
786 | 0 | } |
787 | | |
788 | 0 | nid = sshkey_ecdsa_key_to_nid(ec); |
789 | 0 | if (nid < 0) { |
790 | 0 | error("couldn't get curve nid"); |
791 | 0 | goto fail; |
792 | 0 | } |
793 | | |
794 | 0 | if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec)) |
795 | 0 | goto fail; |
796 | | |
797 | 0 | key = sshkey_new(KEY_UNSPEC); |
798 | 0 | if (key == NULL) { |
799 | 0 | error("sshkey_new failed"); |
800 | 0 | goto fail; |
801 | 0 | } |
802 | | |
803 | 0 | key->ecdsa = ec; |
804 | 0 | key->ecdsa_nid = nid; |
805 | 0 | key->type = KEY_ECDSA; |
806 | 0 | key->flags |= SSHKEY_FLAG_EXT; |
807 | 0 | ec = NULL; /* now owned by key */ |
808 | |
|
809 | 0 | fail: |
810 | 0 | for (i = 0; i < 3; i++) |
811 | 0 | free(key_attr[i].pValue); |
812 | 0 | if (ec) |
813 | 0 | EC_KEY_free(ec); |
814 | 0 | if (group) |
815 | 0 | EC_GROUP_free(group); |
816 | 0 | if (octet) |
817 | 0 | ASN1_OCTET_STRING_free(octet); |
818 | |
|
819 | 0 | return (key); |
820 | 0 | } |
821 | | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
822 | | |
823 | | static struct sshkey * |
824 | | pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, |
825 | | CK_OBJECT_HANDLE *obj) |
826 | 0 | { |
827 | 0 | CK_ATTRIBUTE key_attr[3]; |
828 | 0 | CK_SESSION_HANDLE session; |
829 | 0 | CK_FUNCTION_LIST *f = NULL; |
830 | 0 | CK_RV rv; |
831 | 0 | RSA *rsa = NULL; |
832 | 0 | BIGNUM *rsa_n, *rsa_e; |
833 | 0 | struct sshkey *key = NULL; |
834 | 0 | int i; |
835 | |
|
836 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
837 | 0 | key_attr[0].type = CKA_ID; |
838 | 0 | key_attr[1].type = CKA_MODULUS; |
839 | 0 | key_attr[2].type = CKA_PUBLIC_EXPONENT; |
840 | |
|
841 | 0 | session = p->slotinfo[slotidx].session; |
842 | 0 | f = p->function_list; |
843 | | |
844 | | /* figure out size of the attributes */ |
845 | 0 | rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); |
846 | 0 | if (rv != CKR_OK) { |
847 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
848 | 0 | return (NULL); |
849 | 0 | } |
850 | | |
851 | | /* |
852 | | * Allow CKA_ID (always first attribute) to be empty, but |
853 | | * ensure that none of the others are zero length. |
854 | | * XXX assumes CKA_ID is always first. |
855 | | */ |
856 | 0 | if (key_attr[1].ulValueLen == 0 || |
857 | 0 | key_attr[2].ulValueLen == 0) { |
858 | 0 | error("invalid attribute length"); |
859 | 0 | return (NULL); |
860 | 0 | } |
861 | | |
862 | | /* allocate buffers for attributes */ |
863 | 0 | for (i = 0; i < 3; i++) |
864 | 0 | if (key_attr[i].ulValueLen > 0) |
865 | 0 | key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen); |
866 | | |
867 | | /* retrieve ID, modulus and public exponent of RSA key */ |
868 | 0 | rv = f->C_GetAttributeValue(session, *obj, key_attr, 3); |
869 | 0 | if (rv != CKR_OK) { |
870 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
871 | 0 | goto fail; |
872 | 0 | } |
873 | | |
874 | 0 | rsa = RSA_new(); |
875 | 0 | if (rsa == NULL) { |
876 | 0 | error("RSA_new failed"); |
877 | 0 | goto fail; |
878 | 0 | } |
879 | | |
880 | 0 | rsa_n = BN_bin2bn(key_attr[1].pValue, key_attr[1].ulValueLen, NULL); |
881 | 0 | rsa_e = BN_bin2bn(key_attr[2].pValue, key_attr[2].ulValueLen, NULL); |
882 | 0 | if (rsa_n == NULL || rsa_e == NULL) { |
883 | 0 | error("BN_bin2bn failed"); |
884 | 0 | goto fail; |
885 | 0 | } |
886 | 0 | if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) |
887 | 0 | fatal_f("set key"); |
888 | 0 | rsa_n = rsa_e = NULL; /* transferred */ |
889 | |
|
890 | 0 | if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa)) |
891 | 0 | goto fail; |
892 | | |
893 | 0 | key = sshkey_new(KEY_UNSPEC); |
894 | 0 | if (key == NULL) { |
895 | 0 | error("sshkey_new failed"); |
896 | 0 | goto fail; |
897 | 0 | } |
898 | | |
899 | 0 | key->rsa = rsa; |
900 | 0 | key->type = KEY_RSA; |
901 | 0 | key->flags |= SSHKEY_FLAG_EXT; |
902 | 0 | rsa = NULL; /* now owned by key */ |
903 | |
|
904 | 0 | fail: |
905 | 0 | for (i = 0; i < 3; i++) |
906 | 0 | free(key_attr[i].pValue); |
907 | 0 | RSA_free(rsa); |
908 | |
|
909 | 0 | return (key); |
910 | 0 | } |
911 | | |
912 | | static int |
913 | | pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, |
914 | | CK_OBJECT_HANDLE *obj, struct sshkey **keyp, char **labelp) |
915 | 0 | { |
916 | 0 | CK_ATTRIBUTE cert_attr[3]; |
917 | 0 | CK_SESSION_HANDLE session; |
918 | 0 | CK_FUNCTION_LIST *f = NULL; |
919 | 0 | CK_RV rv; |
920 | 0 | X509 *x509 = NULL; |
921 | 0 | X509_NAME *x509_name = NULL; |
922 | 0 | EVP_PKEY *evp; |
923 | 0 | RSA *rsa = NULL; |
924 | 0 | #ifdef OPENSSL_HAS_ECC |
925 | 0 | EC_KEY *ec = NULL; |
926 | 0 | #endif |
927 | 0 | struct sshkey *key = NULL; |
928 | 0 | int i; |
929 | 0 | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
930 | 0 | int nid; |
931 | 0 | #endif |
932 | 0 | const u_char *cp; |
933 | 0 | char *subject = NULL; |
934 | |
|
935 | 0 | *keyp = NULL; |
936 | 0 | *labelp = NULL; |
937 | |
|
938 | 0 | memset(&cert_attr, 0, sizeof(cert_attr)); |
939 | 0 | cert_attr[0].type = CKA_ID; |
940 | 0 | cert_attr[1].type = CKA_SUBJECT; |
941 | 0 | cert_attr[2].type = CKA_VALUE; |
942 | |
|
943 | 0 | session = p->slotinfo[slotidx].session; |
944 | 0 | f = p->function_list; |
945 | | |
946 | | /* figure out size of the attributes */ |
947 | 0 | rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); |
948 | 0 | if (rv != CKR_OK) { |
949 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
950 | 0 | return -1; |
951 | 0 | } |
952 | | |
953 | | /* |
954 | | * Allow CKA_ID (always first attribute) to be empty, but |
955 | | * ensure that none of the others are zero length. |
956 | | * XXX assumes CKA_ID is always first. |
957 | | */ |
958 | 0 | if (cert_attr[1].ulValueLen == 0 || |
959 | 0 | cert_attr[2].ulValueLen == 0) { |
960 | 0 | error("invalid attribute length"); |
961 | 0 | return -1; |
962 | 0 | } |
963 | | |
964 | | /* allocate buffers for attributes */ |
965 | 0 | for (i = 0; i < 3; i++) |
966 | 0 | if (cert_attr[i].ulValueLen > 0) |
967 | 0 | cert_attr[i].pValue = xcalloc(1, cert_attr[i].ulValueLen); |
968 | | |
969 | | /* retrieve ID, subject and value of certificate */ |
970 | 0 | rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3); |
971 | 0 | if (rv != CKR_OK) { |
972 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
973 | 0 | goto out; |
974 | 0 | } |
975 | | |
976 | | /* Decode DER-encoded cert subject */ |
977 | 0 | cp = cert_attr[1].pValue; |
978 | 0 | if ((x509_name = d2i_X509_NAME(NULL, &cp, |
979 | 0 | cert_attr[1].ulValueLen)) == NULL || |
980 | 0 | (subject = X509_NAME_oneline(x509_name, NULL, 0)) == NULL) |
981 | 0 | subject = xstrdup("invalid subject"); |
982 | 0 | X509_NAME_free(x509_name); |
983 | |
|
984 | 0 | cp = cert_attr[2].pValue; |
985 | 0 | if ((x509 = d2i_X509(NULL, &cp, cert_attr[2].ulValueLen)) == NULL) { |
986 | 0 | error("d2i_x509 failed"); |
987 | 0 | goto out; |
988 | 0 | } |
989 | | |
990 | 0 | if ((evp = X509_get_pubkey(x509)) == NULL) { |
991 | 0 | error("X509_get_pubkey failed"); |
992 | 0 | goto out; |
993 | 0 | } |
994 | | |
995 | 0 | if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { |
996 | 0 | if (EVP_PKEY_get0_RSA(evp) == NULL) { |
997 | 0 | error("invalid x509; no rsa key"); |
998 | 0 | goto out; |
999 | 0 | } |
1000 | 0 | if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) { |
1001 | 0 | error("RSAPublicKey_dup failed"); |
1002 | 0 | goto out; |
1003 | 0 | } |
1004 | | |
1005 | 0 | if (pkcs11_rsa_wrap(p, slotidx, &cert_attr[0], rsa)) |
1006 | 0 | goto out; |
1007 | | |
1008 | 0 | key = sshkey_new(KEY_UNSPEC); |
1009 | 0 | if (key == NULL) { |
1010 | 0 | error("sshkey_new failed"); |
1011 | 0 | goto out; |
1012 | 0 | } |
1013 | | |
1014 | 0 | key->rsa = rsa; |
1015 | 0 | key->type = KEY_RSA; |
1016 | 0 | key->flags |= SSHKEY_FLAG_EXT; |
1017 | 0 | rsa = NULL; /* now owned by key */ |
1018 | 0 | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
1019 | 0 | } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { |
1020 | 0 | if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { |
1021 | 0 | error("invalid x509; no ec key"); |
1022 | 0 | goto out; |
1023 | 0 | } |
1024 | 0 | if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) { |
1025 | 0 | error("EC_KEY_dup failed"); |
1026 | 0 | goto out; |
1027 | 0 | } |
1028 | | |
1029 | 0 | nid = sshkey_ecdsa_key_to_nid(ec); |
1030 | 0 | if (nid < 0) { |
1031 | 0 | error("couldn't get curve nid"); |
1032 | 0 | goto out; |
1033 | 0 | } |
1034 | | |
1035 | 0 | if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec)) |
1036 | 0 | goto out; |
1037 | | |
1038 | 0 | key = sshkey_new(KEY_UNSPEC); |
1039 | 0 | if (key == NULL) { |
1040 | 0 | error("sshkey_new failed"); |
1041 | 0 | goto out; |
1042 | 0 | } |
1043 | | |
1044 | 0 | key->ecdsa = ec; |
1045 | 0 | key->ecdsa_nid = nid; |
1046 | 0 | key->type = KEY_ECDSA; |
1047 | 0 | key->flags |= SSHKEY_FLAG_EXT; |
1048 | 0 | ec = NULL; /* now owned by key */ |
1049 | 0 | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
1050 | 0 | } else { |
1051 | 0 | error("unknown certificate key type"); |
1052 | 0 | goto out; |
1053 | 0 | } |
1054 | 0 | out: |
1055 | 0 | for (i = 0; i < 3; i++) |
1056 | 0 | free(cert_attr[i].pValue); |
1057 | 0 | X509_free(x509); |
1058 | 0 | RSA_free(rsa); |
1059 | 0 | #ifdef OPENSSL_HAS_ECC |
1060 | 0 | EC_KEY_free(ec); |
1061 | 0 | #endif |
1062 | 0 | if (key == NULL) { |
1063 | 0 | free(subject); |
1064 | 0 | return -1; |
1065 | 0 | } |
1066 | | /* success */ |
1067 | 0 | *keyp = key; |
1068 | 0 | *labelp = subject; |
1069 | 0 | return 0; |
1070 | 0 | } |
1071 | | |
1072 | | #if 0 |
1073 | | static int |
1074 | | have_rsa_key(const RSA *rsa) |
1075 | | { |
1076 | | const BIGNUM *rsa_n, *rsa_e; |
1077 | | |
1078 | | RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL); |
1079 | | return rsa_n != NULL && rsa_e != NULL; |
1080 | | } |
1081 | | #endif |
1082 | | |
1083 | | static void |
1084 | | note_key(struct pkcs11_provider *p, CK_ULONG slotidx, const char *context, |
1085 | | struct sshkey *key) |
1086 | 0 | { |
1087 | 0 | char *fp; |
1088 | |
|
1089 | 0 | if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, |
1090 | 0 | SSH_FP_DEFAULT)) == NULL) { |
1091 | 0 | error_f("sshkey_fingerprint failed"); |
1092 | 0 | return; |
1093 | 0 | } |
1094 | 0 | debug2("%s: provider %s slot %lu: %s %s", context, p->name, |
1095 | 0 | (u_long)slotidx, sshkey_type(key), fp); |
1096 | 0 | free(fp); |
1097 | 0 | } |
1098 | | |
1099 | | /* |
1100 | | * lookup certificates for token in slot identified by slotidx, |
1101 | | * add 'wrapped' public keys to the 'keysp' array and increment nkeys. |
1102 | | * keysp points to an (possibly empty) array with *nkeys keys. |
1103 | | */ |
1104 | | static int |
1105 | | pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx, |
1106 | | struct sshkey ***keysp, char ***labelsp, int *nkeys) |
1107 | 0 | { |
1108 | 0 | struct sshkey *key = NULL; |
1109 | 0 | CK_OBJECT_CLASS key_class; |
1110 | 0 | CK_ATTRIBUTE key_attr[1]; |
1111 | 0 | CK_SESSION_HANDLE session; |
1112 | 0 | CK_FUNCTION_LIST *f = NULL; |
1113 | 0 | CK_RV rv; |
1114 | 0 | CK_OBJECT_HANDLE obj; |
1115 | 0 | CK_ULONG n = 0; |
1116 | 0 | int ret = -1; |
1117 | 0 | char *label; |
1118 | |
|
1119 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
1120 | 0 | memset(&obj, 0, sizeof(obj)); |
1121 | |
|
1122 | 0 | key_class = CKO_CERTIFICATE; |
1123 | 0 | key_attr[0].type = CKA_CLASS; |
1124 | 0 | key_attr[0].pValue = &key_class; |
1125 | 0 | key_attr[0].ulValueLen = sizeof(key_class); |
1126 | |
|
1127 | 0 | session = p->slotinfo[slotidx].session; |
1128 | 0 | f = p->function_list; |
1129 | |
|
1130 | 0 | rv = f->C_FindObjectsInit(session, key_attr, 1); |
1131 | 0 | if (rv != CKR_OK) { |
1132 | 0 | error("C_FindObjectsInit failed: %lu", rv); |
1133 | 0 | goto fail; |
1134 | 0 | } |
1135 | | |
1136 | 0 | while (1) { |
1137 | 0 | CK_CERTIFICATE_TYPE ck_cert_type; |
1138 | |
|
1139 | 0 | rv = f->C_FindObjects(session, &obj, 1, &n); |
1140 | 0 | if (rv != CKR_OK) { |
1141 | 0 | error("C_FindObjects failed: %lu", rv); |
1142 | 0 | goto fail; |
1143 | 0 | } |
1144 | 0 | if (n == 0) |
1145 | 0 | break; |
1146 | | |
1147 | 0 | memset(&ck_cert_type, 0, sizeof(ck_cert_type)); |
1148 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
1149 | 0 | key_attr[0].type = CKA_CERTIFICATE_TYPE; |
1150 | 0 | key_attr[0].pValue = &ck_cert_type; |
1151 | 0 | key_attr[0].ulValueLen = sizeof(ck_cert_type); |
1152 | |
|
1153 | 0 | rv = f->C_GetAttributeValue(session, obj, key_attr, 1); |
1154 | 0 | if (rv != CKR_OK) { |
1155 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
1156 | 0 | goto fail; |
1157 | 0 | } |
1158 | | |
1159 | 0 | key = NULL; |
1160 | 0 | label = NULL; |
1161 | 0 | switch (ck_cert_type) { |
1162 | 0 | case CKC_X_509: |
1163 | 0 | if (pkcs11_fetch_x509_pubkey(p, slotidx, &obj, |
1164 | 0 | &key, &label) != 0) { |
1165 | 0 | error("failed to fetch key"); |
1166 | 0 | continue; |
1167 | 0 | } |
1168 | 0 | break; |
1169 | 0 | default: |
1170 | 0 | error("skipping unsupported certificate type %lu", |
1171 | 0 | ck_cert_type); |
1172 | 0 | continue; |
1173 | 0 | } |
1174 | 0 | note_key(p, slotidx, __func__, key); |
1175 | 0 | if (pkcs11_key_included(keysp, nkeys, key)) { |
1176 | 0 | debug2_f("key already included");; |
1177 | 0 | sshkey_free(key); |
1178 | 0 | } else { |
1179 | | /* expand key array and add key */ |
1180 | 0 | *keysp = xrecallocarray(*keysp, *nkeys, |
1181 | 0 | *nkeys + 1, sizeof(struct sshkey *)); |
1182 | 0 | (*keysp)[*nkeys] = key; |
1183 | 0 | if (labelsp != NULL) { |
1184 | 0 | *labelsp = xrecallocarray(*labelsp, *nkeys, |
1185 | 0 | *nkeys + 1, sizeof(char *)); |
1186 | 0 | (*labelsp)[*nkeys] = xstrdup((char *)label); |
1187 | 0 | } |
1188 | 0 | *nkeys = *nkeys + 1; |
1189 | 0 | debug("have %d keys", *nkeys); |
1190 | 0 | } |
1191 | 0 | } |
1192 | | |
1193 | 0 | ret = 0; |
1194 | 0 | fail: |
1195 | 0 | rv = f->C_FindObjectsFinal(session); |
1196 | 0 | if (rv != CKR_OK) { |
1197 | 0 | error("C_FindObjectsFinal failed: %lu", rv); |
1198 | 0 | ret = -1; |
1199 | 0 | } |
1200 | |
|
1201 | 0 | return (ret); |
1202 | 0 | } |
1203 | | |
1204 | | /* |
1205 | | * lookup public keys for token in slot identified by slotidx, |
1206 | | * add 'wrapped' public keys to the 'keysp' array and increment nkeys. |
1207 | | * keysp points to an (possibly empty) array with *nkeys keys. |
1208 | | */ |
1209 | | static int |
1210 | | pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx, |
1211 | | struct sshkey ***keysp, char ***labelsp, int *nkeys) |
1212 | 0 | { |
1213 | 0 | struct sshkey *key = NULL; |
1214 | 0 | CK_OBJECT_CLASS key_class; |
1215 | 0 | CK_ATTRIBUTE key_attr[2]; |
1216 | 0 | CK_SESSION_HANDLE session; |
1217 | 0 | CK_FUNCTION_LIST *f = NULL; |
1218 | 0 | CK_RV rv; |
1219 | 0 | CK_OBJECT_HANDLE obj; |
1220 | 0 | CK_ULONG n = 0; |
1221 | 0 | int ret = -1; |
1222 | |
|
1223 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
1224 | 0 | memset(&obj, 0, sizeof(obj)); |
1225 | |
|
1226 | 0 | key_class = CKO_PUBLIC_KEY; |
1227 | 0 | key_attr[0].type = CKA_CLASS; |
1228 | 0 | key_attr[0].pValue = &key_class; |
1229 | 0 | key_attr[0].ulValueLen = sizeof(key_class); |
1230 | |
|
1231 | 0 | session = p->slotinfo[slotidx].session; |
1232 | 0 | f = p->function_list; |
1233 | |
|
1234 | 0 | rv = f->C_FindObjectsInit(session, key_attr, 1); |
1235 | 0 | if (rv != CKR_OK) { |
1236 | 0 | error("C_FindObjectsInit failed: %lu", rv); |
1237 | 0 | goto fail; |
1238 | 0 | } |
1239 | | |
1240 | 0 | while (1) { |
1241 | 0 | CK_KEY_TYPE ck_key_type; |
1242 | 0 | CK_UTF8CHAR label[256]; |
1243 | |
|
1244 | 0 | rv = f->C_FindObjects(session, &obj, 1, &n); |
1245 | 0 | if (rv != CKR_OK) { |
1246 | 0 | error("C_FindObjects failed: %lu", rv); |
1247 | 0 | goto fail; |
1248 | 0 | } |
1249 | 0 | if (n == 0) |
1250 | 0 | break; |
1251 | | |
1252 | 0 | memset(&ck_key_type, 0, sizeof(ck_key_type)); |
1253 | 0 | memset(&key_attr, 0, sizeof(key_attr)); |
1254 | 0 | key_attr[0].type = CKA_KEY_TYPE; |
1255 | 0 | key_attr[0].pValue = &ck_key_type; |
1256 | 0 | key_attr[0].ulValueLen = sizeof(ck_key_type); |
1257 | 0 | key_attr[1].type = CKA_LABEL; |
1258 | 0 | key_attr[1].pValue = &label; |
1259 | 0 | key_attr[1].ulValueLen = sizeof(label) - 1; |
1260 | |
|
1261 | 0 | rv = f->C_GetAttributeValue(session, obj, key_attr, 2); |
1262 | 0 | if (rv != CKR_OK) { |
1263 | 0 | error("C_GetAttributeValue failed: %lu", rv); |
1264 | 0 | goto fail; |
1265 | 0 | } |
1266 | | |
1267 | 0 | label[key_attr[1].ulValueLen] = '\0'; |
1268 | |
|
1269 | 0 | switch (ck_key_type) { |
1270 | 0 | case CKK_RSA: |
1271 | 0 | key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); |
1272 | 0 | break; |
1273 | 0 | #if defined(OPENSSL_HAS_ECC) && defined(HAVE_EC_KEY_METHOD_NEW) |
1274 | 0 | case CKK_ECDSA: |
1275 | 0 | key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); |
1276 | 0 | break; |
1277 | 0 | #endif /* OPENSSL_HAS_ECC && HAVE_EC_KEY_METHOD_NEW */ |
1278 | 0 | default: |
1279 | | /* XXX print key type? */ |
1280 | 0 | key = NULL; |
1281 | 0 | error("skipping unsupported key type"); |
1282 | 0 | } |
1283 | | |
1284 | 0 | if (key == NULL) { |
1285 | 0 | error("failed to fetch key"); |
1286 | 0 | continue; |
1287 | 0 | } |
1288 | 0 | note_key(p, slotidx, __func__, key); |
1289 | 0 | if (pkcs11_key_included(keysp, nkeys, key)) { |
1290 | 0 | debug2_f("key already included");; |
1291 | 0 | sshkey_free(key); |
1292 | 0 | } else { |
1293 | | /* expand key array and add key */ |
1294 | 0 | *keysp = xrecallocarray(*keysp, *nkeys, |
1295 | 0 | *nkeys + 1, sizeof(struct sshkey *)); |
1296 | 0 | (*keysp)[*nkeys] = key; |
1297 | 0 | if (labelsp != NULL) { |
1298 | 0 | *labelsp = xrecallocarray(*labelsp, *nkeys, |
1299 | 0 | *nkeys + 1, sizeof(char *)); |
1300 | 0 | (*labelsp)[*nkeys] = xstrdup((char *)label); |
1301 | 0 | } |
1302 | 0 | *nkeys = *nkeys + 1; |
1303 | 0 | debug("have %d keys", *nkeys); |
1304 | 0 | } |
1305 | 0 | } |
1306 | | |
1307 | 0 | ret = 0; |
1308 | 0 | fail: |
1309 | 0 | rv = f->C_FindObjectsFinal(session); |
1310 | 0 | if (rv != CKR_OK) { |
1311 | 0 | error("C_FindObjectsFinal failed: %lu", rv); |
1312 | 0 | ret = -1; |
1313 | 0 | } |
1314 | |
|
1315 | 0 | return (ret); |
1316 | 0 | } |
1317 | | |
1318 | | #ifdef WITH_PKCS11_KEYGEN |
1319 | | #define FILL_ATTR(attr, idx, typ, val, len) \ |
1320 | | { (attr[idx]).type=(typ); (attr[idx]).pValue=(val); (attr[idx]).ulValueLen=len; idx++; } |
1321 | | |
1322 | | static struct sshkey * |
1323 | | pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, |
1324 | | char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err) |
1325 | | { |
1326 | | struct pkcs11_slotinfo *si; |
1327 | | char *plabel = label ? label : ""; |
1328 | | int npub = 0, npriv = 0; |
1329 | | CK_RV rv; |
1330 | | CK_FUNCTION_LIST *f; |
1331 | | CK_SESSION_HANDLE session; |
1332 | | CK_BBOOL true_val = CK_TRUE, false_val = CK_FALSE; |
1333 | | CK_OBJECT_HANDLE pubKey, privKey; |
1334 | | CK_ATTRIBUTE tpub[16], tpriv[16]; |
1335 | | CK_MECHANISM mech = { |
1336 | | CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 |
1337 | | }; |
1338 | | CK_BYTE pubExponent[] = { |
1339 | | 0x01, 0x00, 0x01 /* RSA_F4 in bytes */ |
1340 | | }; |
1341 | | pubkey_filter[0].pValue = &pubkey_class; |
1342 | | cert_filter[0].pValue = &cert_class; |
1343 | | |
1344 | | *err = 0; |
1345 | | |
1346 | | FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val)); |
1347 | | FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel)); |
1348 | | FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val)); |
1349 | | FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val)); |
1350 | | FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val, |
1351 | | sizeof(false_val)); |
1352 | | FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val)); |
1353 | | FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val)); |
1354 | | FILL_ATTR(tpub, npub, CKA_MODULUS_BITS, &bits, sizeof(bits)); |
1355 | | FILL_ATTR(tpub, npub, CKA_PUBLIC_EXPONENT, pubExponent, |
1356 | | sizeof(pubExponent)); |
1357 | | FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid)); |
1358 | | |
1359 | | FILL_ATTR(tpriv, npriv, CKA_TOKEN, &true_val, sizeof(true_val)); |
1360 | | FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel)); |
1361 | | FILL_ATTR(tpriv, npriv, CKA_PRIVATE, &true_val, sizeof(true_val)); |
1362 | | FILL_ATTR(tpriv, npriv, CKA_SENSITIVE, &true_val, sizeof(true_val)); |
1363 | | FILL_ATTR(tpriv, npriv, CKA_DECRYPT, &false_val, sizeof(false_val)); |
1364 | | FILL_ATTR(tpriv, npriv, CKA_SIGN, &true_val, sizeof(true_val)); |
1365 | | FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER, &false_val, |
1366 | | sizeof(false_val)); |
1367 | | FILL_ATTR(tpriv, npriv, CKA_UNWRAP, &false_val, sizeof(false_val)); |
1368 | | FILL_ATTR(tpriv, npriv, CKA_DERIVE, &false_val, sizeof(false_val)); |
1369 | | FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid)); |
1370 | | |
1371 | | f = p->function_list; |
1372 | | si = &p->slotinfo[slotidx]; |
1373 | | session = si->session; |
1374 | | |
1375 | | if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, |
1376 | | &pubKey, &privKey)) != CKR_OK) { |
1377 | | error_f("key generation failed: error 0x%lx", rv); |
1378 | | *err = rv; |
1379 | | return NULL; |
1380 | | } |
1381 | | |
1382 | | return pkcs11_fetch_rsa_pubkey(p, slotidx, &pubKey); |
1383 | | } |
1384 | | |
1385 | | static int |
1386 | | pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen) |
1387 | | { |
1388 | | size_t i, len; |
1389 | | char ptr[3]; |
1390 | | |
1391 | | if (dest) |
1392 | | *dest = NULL; |
1393 | | if (rlen) |
1394 | | *rlen = 0; |
1395 | | |
1396 | | if ((len = strlen(hex)) % 2) |
1397 | | return -1; |
1398 | | len /= 2; |
1399 | | |
1400 | | *dest = xmalloc(len); |
1401 | | |
1402 | | ptr[2] = '\0'; |
1403 | | for (i = 0; i < len; i++) { |
1404 | | ptr[0] = hex[2 * i]; |
1405 | | ptr[1] = hex[(2 * i) + 1]; |
1406 | | if (!isxdigit(ptr[0]) || !isxdigit(ptr[1])) |
1407 | | return -1; |
1408 | | (*dest)[i] = (unsigned char)strtoul(ptr, NULL, 16); |
1409 | | } |
1410 | | |
1411 | | if (rlen) |
1412 | | *rlen = len; |
1413 | | |
1414 | | return 0; |
1415 | | } |
1416 | | |
1417 | | static struct ec_curve_info { |
1418 | | const char *name; |
1419 | | const char *oid; |
1420 | | const char *oid_encoded; |
1421 | | size_t size; |
1422 | | } ec_curve_infos[] = { |
1423 | | {"prime256v1", "1.2.840.10045.3.1.7", "06082A8648CE3D030107", 256}, |
1424 | | {"secp384r1", "1.3.132.0.34", "06052B81040022", 384}, |
1425 | | {"secp521r1", "1.3.132.0.35", "06052B81040023", 521}, |
1426 | | {NULL, NULL, NULL, 0}, |
1427 | | }; |
1428 | | |
1429 | | static struct sshkey * |
1430 | | pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx, |
1431 | | char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err) |
1432 | | { |
1433 | | struct pkcs11_slotinfo *si; |
1434 | | char *plabel = label ? label : ""; |
1435 | | int i; |
1436 | | size_t ecparams_size; |
1437 | | unsigned char *ecparams = NULL; |
1438 | | int npub = 0, npriv = 0; |
1439 | | CK_RV rv; |
1440 | | CK_FUNCTION_LIST *f; |
1441 | | CK_SESSION_HANDLE session; |
1442 | | CK_BBOOL true_val = CK_TRUE, false_val = CK_FALSE; |
1443 | | CK_OBJECT_HANDLE pubKey, privKey; |
1444 | | CK_MECHANISM mech = { |
1445 | | CKM_EC_KEY_PAIR_GEN, NULL_PTR, 0 |
1446 | | }; |
1447 | | CK_ATTRIBUTE tpub[16], tpriv[16]; |
1448 | | |
1449 | | *err = 0; |
1450 | | |
1451 | | for (i = 0; ec_curve_infos[i].name; i++) { |
1452 | | if (ec_curve_infos[i].size == bits) |
1453 | | break; |
1454 | | } |
1455 | | if (!ec_curve_infos[i].name) { |
1456 | | error_f("invalid key size %lu", bits); |
1457 | | return NULL; |
1458 | | } |
1459 | | if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams, |
1460 | | &ecparams_size) == -1) { |
1461 | | error_f("invalid oid"); |
1462 | | return NULL; |
1463 | | } |
1464 | | |
1465 | | FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val)); |
1466 | | FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel)); |
1467 | | FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val)); |
1468 | | FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val)); |
1469 | | FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val, |
1470 | | sizeof(false_val)); |
1471 | | FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val)); |
1472 | | FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val)); |
1473 | | FILL_ATTR(tpub, npub, CKA_EC_PARAMS, ecparams, ecparams_size); |
1474 | | FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid)); |
1475 | | |
1476 | | FILL_ATTR(tpriv, npriv, CKA_TOKEN, &true_val, sizeof(true_val)); |
1477 | | FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel)); |
1478 | | FILL_ATTR(tpriv, npriv, CKA_PRIVATE, &true_val, sizeof(true_val)); |
1479 | | FILL_ATTR(tpriv, npriv, CKA_SENSITIVE, &true_val, sizeof(true_val)); |
1480 | | FILL_ATTR(tpriv, npriv, CKA_DECRYPT, &false_val, sizeof(false_val)); |
1481 | | FILL_ATTR(tpriv, npriv, CKA_SIGN, &true_val, sizeof(true_val)); |
1482 | | FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER, &false_val, |
1483 | | sizeof(false_val)); |
1484 | | FILL_ATTR(tpriv, npriv, CKA_UNWRAP, &false_val, sizeof(false_val)); |
1485 | | FILL_ATTR(tpriv, npriv, CKA_DERIVE, &false_val, sizeof(false_val)); |
1486 | | FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid)); |
1487 | | |
1488 | | f = p->function_list; |
1489 | | si = &p->slotinfo[slotidx]; |
1490 | | session = si->session; |
1491 | | |
1492 | | if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv, |
1493 | | &pubKey, &privKey)) != CKR_OK) { |
1494 | | error_f("key generation failed: error 0x%lx", rv); |
1495 | | *err = rv; |
1496 | | return NULL; |
1497 | | } |
1498 | | |
1499 | | return pkcs11_fetch_ecdsa_pubkey(p, slotidx, &pubKey); |
1500 | | } |
1501 | | #endif /* WITH_PKCS11_KEYGEN */ |
1502 | | |
1503 | | /* |
1504 | | * register a new provider, fails if provider already exists. if |
1505 | | * keyp is provided, fetch keys. |
1506 | | */ |
1507 | | static int |
1508 | | pkcs11_register_provider(char *provider_id, char *pin, |
1509 | | struct sshkey ***keyp, char ***labelsp, |
1510 | | struct pkcs11_provider **providerp, CK_ULONG user) |
1511 | 0 | { |
1512 | 0 | int nkeys, need_finalize = 0; |
1513 | 0 | int ret = -1; |
1514 | 0 | struct pkcs11_provider *p = NULL; |
1515 | 0 | void *handle = NULL; |
1516 | 0 | CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **); |
1517 | 0 | CK_RV rv; |
1518 | 0 | CK_FUNCTION_LIST *f = NULL; |
1519 | 0 | CK_TOKEN_INFO *token; |
1520 | 0 | CK_ULONG i; |
1521 | |
|
1522 | 0 | if (providerp == NULL) |
1523 | 0 | goto fail; |
1524 | 0 | *providerp = NULL; |
1525 | |
|
1526 | 0 | if (keyp != NULL) |
1527 | 0 | *keyp = NULL; |
1528 | 0 | if (labelsp != NULL) |
1529 | 0 | *labelsp = NULL; |
1530 | |
|
1531 | 0 | if (pkcs11_provider_lookup(provider_id) != NULL) { |
1532 | 0 | debug_f("provider already registered: %s", provider_id); |
1533 | 0 | goto fail; |
1534 | 0 | } |
1535 | | /* open shared pkcs11-library */ |
1536 | 0 | if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) { |
1537 | 0 | error("dlopen %s failed: %s", provider_id, dlerror()); |
1538 | 0 | goto fail; |
1539 | 0 | } |
1540 | 0 | if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { |
1541 | 0 | error("dlsym(C_GetFunctionList) failed: %s", dlerror()); |
1542 | 0 | goto fail; |
1543 | 0 | } |
1544 | 0 | p = xcalloc(1, sizeof(*p)); |
1545 | 0 | p->name = xstrdup(provider_id); |
1546 | 0 | p->handle = handle; |
1547 | | /* setup the pkcs11 callbacks */ |
1548 | 0 | if ((rv = (*getfunctionlist)(&f)) != CKR_OK) { |
1549 | 0 | error("C_GetFunctionList for provider %s failed: %lu", |
1550 | 0 | provider_id, rv); |
1551 | 0 | goto fail; |
1552 | 0 | } |
1553 | 0 | p->function_list = f; |
1554 | 0 | if ((rv = f->C_Initialize(NULL)) != CKR_OK) { |
1555 | 0 | error("C_Initialize for provider %s failed: %lu", |
1556 | 0 | provider_id, rv); |
1557 | 0 | goto fail; |
1558 | 0 | } |
1559 | 0 | need_finalize = 1; |
1560 | 0 | if ((rv = f->C_GetInfo(&p->info)) != CKR_OK) { |
1561 | 0 | error("C_GetInfo for provider %s failed: %lu", |
1562 | 0 | provider_id, rv); |
1563 | 0 | goto fail; |
1564 | 0 | } |
1565 | 0 | rmspace(p->info.manufacturerID, sizeof(p->info.manufacturerID)); |
1566 | 0 | rmspace(p->info.libraryDescription, sizeof(p->info.libraryDescription)); |
1567 | 0 | debug("provider %s: manufacturerID <%s> cryptokiVersion %d.%d" |
1568 | 0 | " libraryDescription <%s> libraryVersion %d.%d", |
1569 | 0 | provider_id, |
1570 | 0 | p->info.manufacturerID, |
1571 | 0 | p->info.cryptokiVersion.major, |
1572 | 0 | p->info.cryptokiVersion.minor, |
1573 | 0 | p->info.libraryDescription, |
1574 | 0 | p->info.libraryVersion.major, |
1575 | 0 | p->info.libraryVersion.minor); |
1576 | 0 | if ((rv = f->C_GetSlotList(CK_TRUE, NULL, &p->nslots)) != CKR_OK) { |
1577 | 0 | error("C_GetSlotList failed: %lu", rv); |
1578 | 0 | goto fail; |
1579 | 0 | } |
1580 | 0 | if (p->nslots == 0) { |
1581 | 0 | debug_f("provider %s returned no slots", provider_id); |
1582 | 0 | ret = -SSH_PKCS11_ERR_NO_SLOTS; |
1583 | 0 | goto fail; |
1584 | 0 | } |
1585 | 0 | p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID)); |
1586 | 0 | if ((rv = f->C_GetSlotList(CK_TRUE, p->slotlist, &p->nslots)) |
1587 | 0 | != CKR_OK) { |
1588 | 0 | error("C_GetSlotList for provider %s failed: %lu", |
1589 | 0 | provider_id, rv); |
1590 | 0 | goto fail; |
1591 | 0 | } |
1592 | 0 | p->slotinfo = xcalloc(p->nslots, sizeof(struct pkcs11_slotinfo)); |
1593 | 0 | p->valid = 1; |
1594 | 0 | nkeys = 0; |
1595 | 0 | for (i = 0; i < p->nslots; i++) { |
1596 | 0 | token = &p->slotinfo[i].token; |
1597 | 0 | if ((rv = f->C_GetTokenInfo(p->slotlist[i], token)) |
1598 | 0 | != CKR_OK) { |
1599 | 0 | error("C_GetTokenInfo for provider %s slot %lu " |
1600 | 0 | "failed: %lu", provider_id, (u_long)i, rv); |
1601 | 0 | continue; |
1602 | 0 | } |
1603 | 0 | if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) { |
1604 | 0 | debug2_f("ignoring uninitialised token in " |
1605 | 0 | "provider %s slot %lu", provider_id, (u_long)i); |
1606 | 0 | continue; |
1607 | 0 | } |
1608 | 0 | rmspace(token->label, sizeof(token->label)); |
1609 | 0 | rmspace(token->manufacturerID, sizeof(token->manufacturerID)); |
1610 | 0 | rmspace(token->model, sizeof(token->model)); |
1611 | 0 | rmspace(token->serialNumber, sizeof(token->serialNumber)); |
1612 | 0 | debug("provider %s slot %lu: label <%s> manufacturerID <%s> " |
1613 | 0 | "model <%s> serial <%s> flags 0x%lx", |
1614 | 0 | provider_id, (unsigned long)i, |
1615 | 0 | token->label, token->manufacturerID, token->model, |
1616 | 0 | token->serialNumber, token->flags); |
1617 | | /* |
1618 | | * open session, login with pin and retrieve public |
1619 | | * keys (if keyp is provided) |
1620 | | */ |
1621 | 0 | if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 || |
1622 | 0 | keyp == NULL) |
1623 | 0 | continue; |
1624 | 0 | pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys); |
1625 | 0 | pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys); |
1626 | 0 | if (nkeys == 0 && !p->slotinfo[i].logged_in && |
1627 | 0 | pkcs11_interactive) { |
1628 | | /* |
1629 | | * Some tokens require login before they will |
1630 | | * expose keys. |
1631 | | */ |
1632 | 0 | if (pkcs11_login_slot(p, &p->slotinfo[i], |
1633 | 0 | CKU_USER) < 0) { |
1634 | 0 | error("login failed"); |
1635 | 0 | continue; |
1636 | 0 | } |
1637 | 0 | pkcs11_fetch_keys(p, i, keyp, labelsp, &nkeys); |
1638 | 0 | pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys); |
1639 | 0 | } |
1640 | 0 | } |
1641 | | |
1642 | | /* now owned by caller */ |
1643 | 0 | *providerp = p; |
1644 | |
|
1645 | 0 | TAILQ_INSERT_TAIL(&pkcs11_providers, p, next); |
1646 | 0 | p->refcount++; /* add to provider list */ |
1647 | |
|
1648 | 0 | return (nkeys); |
1649 | 0 | fail: |
1650 | 0 | if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK) |
1651 | 0 | error("C_Finalize for provider %s failed: %lu", |
1652 | 0 | provider_id, rv); |
1653 | 0 | if (p) { |
1654 | 0 | free(p->name); |
1655 | 0 | free(p->slotlist); |
1656 | 0 | free(p->slotinfo); |
1657 | 0 | free(p); |
1658 | 0 | } |
1659 | 0 | if (handle) |
1660 | 0 | dlclose(handle); |
1661 | 0 | if (ret > 0) |
1662 | 0 | ret = -1; |
1663 | 0 | return (ret); |
1664 | 0 | } |
1665 | | |
1666 | | /* |
1667 | | * register a new provider and get number of keys hold by the token, |
1668 | | * fails if provider already exists |
1669 | | */ |
1670 | | int |
1671 | | pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp, |
1672 | | char ***labelsp) |
1673 | 0 | { |
1674 | 0 | struct pkcs11_provider *p = NULL; |
1675 | 0 | int nkeys; |
1676 | |
|
1677 | 0 | nkeys = pkcs11_register_provider(provider_id, pin, keyp, labelsp, |
1678 | 0 | &p, CKU_USER); |
1679 | | |
1680 | | /* no keys found or some other error, de-register provider */ |
1681 | 0 | if (nkeys <= 0 && p != NULL) { |
1682 | 0 | TAILQ_REMOVE(&pkcs11_providers, p, next); |
1683 | 0 | pkcs11_provider_finalize(p); |
1684 | 0 | pkcs11_provider_unref(p); |
1685 | 0 | } |
1686 | 0 | if (nkeys == 0) |
1687 | 0 | debug_f("provider %s returned no keys", provider_id); |
1688 | |
|
1689 | 0 | return (nkeys); |
1690 | 0 | } |
1691 | | |
1692 | | #ifdef WITH_PKCS11_KEYGEN |
1693 | | struct sshkey * |
1694 | | pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label, |
1695 | | unsigned int type, unsigned int bits, unsigned char keyid, u_int32_t *err) |
1696 | | { |
1697 | | struct pkcs11_provider *p = NULL; |
1698 | | struct pkcs11_slotinfo *si; |
1699 | | CK_FUNCTION_LIST *f; |
1700 | | CK_SESSION_HANDLE session; |
1701 | | struct sshkey *k = NULL; |
1702 | | int ret = -1, reset_pin = 0, reset_provider = 0; |
1703 | | CK_RV rv; |
1704 | | |
1705 | | *err = 0; |
1706 | | |
1707 | | if ((p = pkcs11_provider_lookup(provider_id)) != NULL) |
1708 | | debug_f("provider \"%s\" available", provider_id); |
1709 | | else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL, |
1710 | | &p, CKU_SO)) < 0) { |
1711 | | debug_f("could not register provider %s", provider_id); |
1712 | | goto out; |
1713 | | } else |
1714 | | reset_provider = 1; |
1715 | | |
1716 | | f = p->function_list; |
1717 | | si = &p->slotinfo[slotidx]; |
1718 | | session = si->session; |
1719 | | |
1720 | | if ((rv = f->C_SetOperationState(session , pin, strlen(pin), |
1721 | | CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { |
1722 | | debug_f("could not supply SO pin: %lu", rv); |
1723 | | reset_pin = 0; |
1724 | | } else |
1725 | | reset_pin = 1; |
1726 | | |
1727 | | switch (type) { |
1728 | | case KEY_RSA: |
1729 | | if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label, |
1730 | | bits, keyid, err)) == NULL) { |
1731 | | debug_f("failed to generate RSA key"); |
1732 | | goto out; |
1733 | | } |
1734 | | break; |
1735 | | case KEY_ECDSA: |
1736 | | if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label, |
1737 | | bits, keyid, err)) == NULL) { |
1738 | | debug_f("failed to generate ECDSA key"); |
1739 | | goto out; |
1740 | | } |
1741 | | break; |
1742 | | default: |
1743 | | *err = SSH_PKCS11_ERR_GENERIC; |
1744 | | debug_f("unknown type %d", type); |
1745 | | goto out; |
1746 | | } |
1747 | | |
1748 | | out: |
1749 | | if (reset_pin) |
1750 | | f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE, |
1751 | | CK_INVALID_HANDLE); |
1752 | | |
1753 | | if (reset_provider) |
1754 | | pkcs11_del_provider(provider_id); |
1755 | | |
1756 | | return (k); |
1757 | | } |
1758 | | |
1759 | | struct sshkey * |
1760 | | pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx, |
1761 | | unsigned char keyid, u_int32_t *err) |
1762 | | { |
1763 | | struct pkcs11_provider *p = NULL; |
1764 | | struct pkcs11_slotinfo *si; |
1765 | | struct sshkey *k = NULL; |
1766 | | int reset_pin = 0, reset_provider = 0; |
1767 | | CK_ULONG nattrs; |
1768 | | CK_FUNCTION_LIST *f; |
1769 | | CK_SESSION_HANDLE session; |
1770 | | CK_ATTRIBUTE attrs[16]; |
1771 | | CK_OBJECT_CLASS key_class; |
1772 | | CK_KEY_TYPE key_type; |
1773 | | CK_OBJECT_HANDLE obj = CK_INVALID_HANDLE; |
1774 | | CK_RV rv; |
1775 | | |
1776 | | *err = 0; |
1777 | | |
1778 | | if ((p = pkcs11_provider_lookup(provider_id)) != NULL) { |
1779 | | debug_f("using provider \"%s\"", provider_id); |
1780 | | } else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p, |
1781 | | CKU_SO) < 0) { |
1782 | | debug_f("could not register provider %s", |
1783 | | provider_id); |
1784 | | goto out; |
1785 | | } else |
1786 | | reset_provider = 1; |
1787 | | |
1788 | | f = p->function_list; |
1789 | | si = &p->slotinfo[slotidx]; |
1790 | | session = si->session; |
1791 | | |
1792 | | if ((rv = f->C_SetOperationState(session , pin, strlen(pin), |
1793 | | CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) { |
1794 | | debug_f("could not supply SO pin: %lu", rv); |
1795 | | reset_pin = 0; |
1796 | | } else |
1797 | | reset_pin = 1; |
1798 | | |
1799 | | /* private key */ |
1800 | | nattrs = 0; |
1801 | | key_class = CKO_PRIVATE_KEY; |
1802 | | FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class)); |
1803 | | FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid)); |
1804 | | |
1805 | | if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && |
1806 | | obj != CK_INVALID_HANDLE) { |
1807 | | if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { |
1808 | | debug_f("could not destroy private key 0x%hhx", |
1809 | | keyid); |
1810 | | *err = rv; |
1811 | | goto out; |
1812 | | } |
1813 | | } |
1814 | | |
1815 | | /* public key */ |
1816 | | nattrs = 0; |
1817 | | key_class = CKO_PUBLIC_KEY; |
1818 | | FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class)); |
1819 | | FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid)); |
1820 | | |
1821 | | if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 && |
1822 | | obj != CK_INVALID_HANDLE) { |
1823 | | |
1824 | | /* get key type */ |
1825 | | nattrs = 0; |
1826 | | FILL_ATTR(attrs, nattrs, CKA_KEY_TYPE, &key_type, |
1827 | | sizeof(key_type)); |
1828 | | rv = f->C_GetAttributeValue(session, obj, attrs, nattrs); |
1829 | | if (rv != CKR_OK) { |
1830 | | debug_f("could not get key type of public key 0x%hhx", |
1831 | | keyid); |
1832 | | *err = rv; |
1833 | | key_type = -1; |
1834 | | } |
1835 | | if (key_type == CKK_RSA) |
1836 | | k = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); |
1837 | | else if (key_type == CKK_ECDSA) |
1838 | | k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); |
1839 | | |
1840 | | if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) { |
1841 | | debug_f("could not destroy public key 0x%hhx", keyid); |
1842 | | *err = rv; |
1843 | | goto out; |
1844 | | } |
1845 | | } |
1846 | | |
1847 | | out: |
1848 | | if (reset_pin) |
1849 | | f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE, |
1850 | | CK_INVALID_HANDLE); |
1851 | | |
1852 | | if (reset_provider) |
1853 | | pkcs11_del_provider(provider_id); |
1854 | | |
1855 | | return (k); |
1856 | | } |
1857 | | #endif /* WITH_PKCS11_KEYGEN */ |
1858 | | #else /* ENABLE_PKCS11 */ |
1859 | | |
1860 | | #include <sys/types.h> |
1861 | | #include <stdarg.h> |
1862 | | #include <stdio.h> |
1863 | | |
1864 | | #include "log.h" |
1865 | | #include "sshkey.h" |
1866 | | |
1867 | | int |
1868 | | pkcs11_init(int interactive) |
1869 | | { |
1870 | | error("%s: dlopen() not supported", __func__); |
1871 | | return (-1); |
1872 | | } |
1873 | | |
1874 | | int |
1875 | | pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp, |
1876 | | char ***labelsp) |
1877 | | { |
1878 | | error("%s: dlopen() not supported", __func__); |
1879 | | return (-1); |
1880 | | } |
1881 | | |
1882 | | void |
1883 | | pkcs11_terminate(void) |
1884 | | { |
1885 | | error("%s: dlopen() not supported", __func__); |
1886 | | } |
1887 | | #endif /* ENABLE_PKCS11 */ |