summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-06-28 21:55:29 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-06-28 21:55:29 +0000
commit3cd0d5dbf024a731fc4eda5f2c3c41613e258ef0 (patch)
tree28b0a1eb21109142f71a628fb2a840df4e1b80f0
parentf2e831c4d2a600425660afd03356c507b554f4c8 (diff)
ssh java cardlet for smartcard support (source and uuencoded binary)
-rw-r--r--usr.bin/ssh/Makefile4
-rw-r--r--usr.bin/ssh/scard/Makefile21
-rw-r--r--usr.bin/ssh/scard/Ssh.bin.uu17
-rw-r--r--usr.bin/ssh/scard/Ssh.java156
4 files changed, 196 insertions, 2 deletions
diff --git a/usr.bin/ssh/Makefile b/usr.bin/ssh/Makefile
index eea6f141579..3cd0837d8aa 100644
--- a/usr.bin/ssh/Makefile
+++ b/usr.bin/ssh/Makefile
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.8 2001/02/04 11:11:53 djm Exp $
+# $OpenBSD: Makefile,v 1.9 2001/06/28 21:55:27 markus Exp $
.include <bsd.own.mk>
SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \
- ssh-keyscan sftp
+ ssh-keyscan sftp scard
distribution:
install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \
diff --git a/usr.bin/ssh/scard/Makefile b/usr.bin/ssh/scard/Makefile
new file mode 100644
index 00000000000..481cd90ed9e
--- /dev/null
+++ b/usr.bin/ssh/scard/Makefile
@@ -0,0 +1,21 @@
+# $OpenBSD: Makefile,v 1.1 2001/06/28 21:55:28 markus Exp $
+
+.PATH: ${.CURDIR}/..
+
+CARDLET= Ssh.bin
+DATADIR= /usr/libdata/ssh
+
+all: ${CARDLET}
+
+clean:
+ rm -f ${CARDLET}
+
+install: ${CARDLET}
+ echo "installing ${CARDLET} into ${DESTDIR}${DATADIR}"; \
+ install -c -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \
+ ${CARDLET} ${DESTDIR}${DATADIR}
+
+Ssh.bin: ${.CURDIR}/Ssh.bin.uu
+ uudecode ${.CURDIR}/$@.uu
+
+.include <bsd.prog.mk>
diff --git a/usr.bin/ssh/scard/Ssh.bin.uu b/usr.bin/ssh/scard/Ssh.bin.uu
new file mode 100644
index 00000000000..9af0adf04a8
--- /dev/null
+++ b/usr.bin/ssh/scard/Ssh.bin.uu
@@ -0,0 +1,17 @@
+begin 644 Ssh.bin
+M`P)!#``:01\`A``!`F@"`$$,014!_F#P!0!!#$$?`4$,01X!00Q!'0%!#$$<
+M`4$,01L!00Q!&@'^H?`%`$$,01@!_J#P!0!!#$$7`?YX\P$!00Q!&0'^<]4`
+M`OYP\Q<!_D/3$0'^8/`4`$$,L`4`_F'3``!!#$$6`?YATP4`_G/5"P7^8=,'
+M`OZAT`$!_J#0$@0``$$,"@$$`/Y@`=```$$5\`H(`$$6\`H``$$7\@\``$$8
+M\B$``$$9\A```$$:__0"`$$;__8"`$$<__8"`$$=__8"`$$>__8"`$$?__8"
+M`/`0__(#`@8!`,H``!-@`%]=`&037`!D!!D)I$L`"0J0`&``4!-<`&0$&58`
+M````H@````3____`````H0```!`````J````(````(T````P````:A-<`&0#
+M&0A*``D*;@!@`%`37`!D!QD*`/\](&``:1%*``D*9P!@`%`37`!!$UP`9`@1
+M$UP`9`A>`&X($6``<UD*/P!@`'@K"G-H8`!X*Q-<`&0#`PH`@&``?2L#"@"`
+M8`!S61-<`&0#!R@37`!D!`,H`P5@`'-960IM`&``4%D```#P$__R`0$!"0`(
+M``!B00Q?`%I9`+`%__(!`00"`&P``!-?``43"%T`"A,)$%T`#Q,)(%T`%!,)
+M,%T`&1,)P%T`'A,*!`!=`",38OZA+5\`*%T`+1-B_J`M7P`R70`W$V+^>"T*
+M!`!?`#Q=`$$37`!!"@#("1!>`$8*!`!@`$M%``D*9P!@`%`37@!56?`&__(`
+?``0(`!0```9C""T#"<(H+00$*"T%""A;``!9``````!@
+`
+end
diff --git a/usr.bin/ssh/scard/Ssh.java b/usr.bin/ssh/scard/Ssh.java
new file mode 100644
index 00000000000..05e2b487283
--- /dev/null
+++ b/usr.bin/ssh/scard/Ssh.java
@@ -0,0 +1,156 @@
+/*
+ * copyright 1997, 2000
+ * the regents of the university of michigan
+ * all rights reserved
+ *
+ * permission is granted to use, copy, create derivative works
+ * and redistribute this software and such derivative works
+ * for any purpose, so long as the name of the university of
+ * michigan is not used in any advertising or publicity
+ * pertaining to the use or distribution of this software
+ * without specific, written prior authorization. if the
+ * above copyright notice or any other identification of the
+ * university of michigan is included in any copy of any
+ * portion of this software, then the disclaimer below must
+ * also be included.
+ *
+ * this software is provided as is, without representation
+ * from the university of michigan as to its fitness for any
+ * purpose, and without warranty by the university of
+ * michigan of any kind, either express or implied, including
+ * without limitation the implied warranties of
+ * merchantability and fitness for a particular purpose. the
+ * regents of the university of michigan shall not be liable
+ * for any damages, including special, indirect, incidental, or
+ * consequential damages, with respect to any claim arising
+ * out of or in connection with the use of the software, even
+ * if it has been or is hereafter advised of the possibility of
+ * such damages.
+ *
+ * SSH / smartcard integration project, smartcard side
+ *
+ * Tomoko Fukuzawa, created, Feb., 2000
+ * Naomaru Itoi, modified, Apr., 2000
+ */
+
+import javacard.framework.*;
+import javacardx.framework.*;
+import javacardx.crypto.*;
+
+public class Ssh extends javacard.framework.Applet
+{
+ /* constants declaration */
+ // code of CLA byte in the command APDU header
+ private final byte Ssh_CLA =(byte)0x05;
+
+ // codes of INS byte in the command APDU header
+ private final byte DECRYPT = (byte) 0x10;
+ private final byte GET_KEYLENGTH = (byte) 0x20;
+ private final byte GET_PUBKEY = (byte) 0x30;
+ private final byte GET_RESPONSE = (byte) 0xc0;
+
+ /* instance variables declaration */
+ private final short keysize = 1024;
+
+ //RSA_CRT_PrivateKey rsakey;
+ AsymKey rsakey;
+ CyberflexFile file;
+ CyberflexOS os;
+
+ byte buffer[];
+ //byte pubkey[];
+
+ static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};
+
+ private Ssh()
+ {
+ file = new CyberflexFile();
+ os = new CyberflexOS();
+
+ rsakey = new RSA_CRT_PrivateKey (keysize);
+ rsakey.setKeyInstance ((short)0xc8, (short)0x10);
+
+ if ( ! rsakey.isSupportedLength (keysize) )
+ ISOException.throwIt (ISO.SW_WRONG_LENGTH);
+
+ /*
+ pubkey = new byte[keysize/8];
+ file.selectFile((short)(0x3f<<8)); // select root
+ file.selectFile((short)(('s'<<8)|'h')); // select public key file
+ os.readBinaryFile (pubkey, (short)0, (short)0, (short)(keysize/8));
+ */
+ register();
+ } // end of the constructor
+
+ public static void install(APDU apdu)
+ {
+ new Ssh(); // create a Ssh applet instance (card)
+ } // end of install method
+
+ public void process(APDU apdu)
+ {
+ // APDU object carries a byte array (buffer) to
+ // transfer incoming and outgoing APDU header
+ // and data bytes between card and CAD
+ buffer = apdu.getBuffer();
+
+ // verify that if the applet can accept this
+ // APDU message
+ // NI: change suggested by Wayne Dyksen, Purdue
+ if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT)
+ ISOException.throwIt(ISO.SW_NO_ERROR);
+
+ switch (buffer[ISO.OFFSET_INS]) {
+ case DECRYPT:
+ if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
+ ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
+ //decrypt (apdu);
+ short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
+
+ if (apdu.setIncomingAndReceive() != size)
+ ISOException.throwIt (ISO.SW_WRONG_LENGTH);
+
+ rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
+ buffer, (short) ISO.OFFSET_CDATA);
+ apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
+ return;
+ case GET_PUBKEY:
+ file.selectFile((short)(0x3f<<8)); // select root
+ file.selectFile((short)(('s'<<8)|'h')); // select public key file
+ os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
+ apdu.setOutgoingAndSend((short)0, (short)(keysize/8));
+ /*
+ apdu.setOutgoing();
+ apdu.setOutgoingLength((short)(keysize/8));
+ apdu.sendBytesLong(pubkey, (short)0, (short)(keysize/8));
+ */
+ return;
+ case GET_KEYLENGTH:
+ buffer[0] = (byte)((keysize >> 8) & 0xff);
+ buffer[1] = (byte)(keysize & 0xff);
+ apdu.setOutgoingAndSend ((short)0, (short)2);
+ return;
+ case GET_RESPONSE:
+ return;
+ default:
+ ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
+ }
+
+ } // end of process method
+
+ /*
+ private void decrypt (APDU apdu)
+ {
+ short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
+
+ if (apdu.setIncomingAndReceive() != size)
+ ISOException.throwIt (ISO.SW_WRONG_LENGTH);
+
+ //short offset = (short) ISO.OFFSET_CDATA;
+
+ rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, buffer,
+ (short) ISO.OFFSET_CDATA);
+ apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
+ }
+ */
+} // end of class Ssh