diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-28 21:55:29 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-28 21:55:29 +0000 |
commit | 3cd0d5dbf024a731fc4eda5f2c3c41613e258ef0 (patch) | |
tree | 28b0a1eb21109142f71a628fb2a840df4e1b80f0 | |
parent | f2e831c4d2a600425660afd03356c507b554f4c8 (diff) |
ssh java cardlet for smartcard support (source and uuencoded binary)
-rw-r--r-- | usr.bin/ssh/Makefile | 4 | ||||
-rw-r--r-- | usr.bin/ssh/scard/Makefile | 21 | ||||
-rw-r--r-- | usr.bin/ssh/scard/Ssh.bin.uu | 17 | ||||
-rw-r--r-- | usr.bin/ssh/scard/Ssh.java | 156 |
4 files changed, 196 insertions, 2 deletions
diff --git a/usr.bin/ssh/Makefile b/usr.bin/ssh/Makefile index eea6f141579..3cd0837d8aa 100644 --- a/usr.bin/ssh/Makefile +++ b/usr.bin/ssh/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.8 2001/02/04 11:11:53 djm Exp $ +# $OpenBSD: Makefile,v 1.9 2001/06/28 21:55:27 markus Exp $ .include <bsd.own.mk> SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \ - ssh-keyscan sftp + ssh-keyscan sftp scard distribution: install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ diff --git a/usr.bin/ssh/scard/Makefile b/usr.bin/ssh/scard/Makefile new file mode 100644 index 00000000000..481cd90ed9e --- /dev/null +++ b/usr.bin/ssh/scard/Makefile @@ -0,0 +1,21 @@ +# $OpenBSD: Makefile,v 1.1 2001/06/28 21:55:28 markus Exp $ + +.PATH: ${.CURDIR}/.. + +CARDLET= Ssh.bin +DATADIR= /usr/libdata/ssh + +all: ${CARDLET} + +clean: + rm -f ${CARDLET} + +install: ${CARDLET} + echo "installing ${CARDLET} into ${DESTDIR}${DATADIR}"; \ + install -c -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \ + ${CARDLET} ${DESTDIR}${DATADIR} + +Ssh.bin: ${.CURDIR}/Ssh.bin.uu + uudecode ${.CURDIR}/$@.uu + +.include <bsd.prog.mk> diff --git a/usr.bin/ssh/scard/Ssh.bin.uu b/usr.bin/ssh/scard/Ssh.bin.uu new file mode 100644 index 00000000000..9af0adf04a8 --- /dev/null +++ b/usr.bin/ssh/scard/Ssh.bin.uu @@ -0,0 +1,17 @@ +begin 644 Ssh.bin +M`P)!#``:01\`A``!`F@"`$$,014!_F#P!0!!#$$?`4$,01X!00Q!'0%!#$$< +M`4$,01L!00Q!&@'^H?`%`$$,01@!_J#P!0!!#$$7`?YX\P$!00Q!&0'^<]4` +M`OYP\Q<!_D/3$0'^8/`4`$$,L`4`_F'3``!!#$$6`?YATP4`_G/5"P7^8=,' +M`OZAT`$!_J#0$@0``$$,"@$$`/Y@`=```$$5\`H(`$$6\`H``$$7\@\``$$8 +M\B$``$$9\A```$$:__0"`$$;__8"`$$<__8"`$$=__8"`$$>__8"`$$?__8" +M`/`0__(#`@8!`,H``!-@`%]=`&037`!D!!D)I$L`"0J0`&``4!-<`&0$&58` +M````H@````3____`````H0```!`````J````(````(T````P````:A-<`&0# +M&0A*``D*;@!@`%`37`!D!QD*`/\](&``:1%*``D*9P!@`%`37`!!$UP`9`@1 +M$UP`9`A>`&X($6``<UD*/P!@`'@K"G-H8`!X*Q-<`&0#`PH`@&``?2L#"@"` +M8`!S61-<`&0#!R@37`!D!`,H`P5@`'-960IM`&``4%D```#P$__R`0$!"0`( +M``!B00Q?`%I9`+`%__(!`00"`&P``!-?``43"%T`"A,)$%T`#Q,)(%T`%!,) +M,%T`&1,)P%T`'A,*!`!=`",38OZA+5\`*%T`+1-B_J`M7P`R70`W$V+^>"T* +M!`!?`#Q=`$$37`!!"@#("1!>`$8*!`!@`$M%``D*9P!@`%`37@!56?`&__(` +?``0(`!0```9C""T#"<(H+00$*"T%""A;``!9``````!@ +` +end diff --git a/usr.bin/ssh/scard/Ssh.java b/usr.bin/ssh/scard/Ssh.java new file mode 100644 index 00000000000..05e2b487283 --- /dev/null +++ b/usr.bin/ssh/scard/Ssh.java @@ -0,0 +1,156 @@ +/* + * copyright 1997, 2000 + * the regents of the university of michigan + * all rights reserved + * + * permission is granted to use, copy, create derivative works + * and redistribute this software and such derivative works + * for any purpose, so long as the name of the university of + * michigan is not used in any advertising or publicity + * pertaining to the use or distribution of this software + * without specific, written prior authorization. if the + * above copyright notice or any other identification of the + * university of michigan is included in any copy of any + * portion of this software, then the disclaimer below must + * also be included. + * + * this software is provided as is, without representation + * from the university of michigan as to its fitness for any + * purpose, and without warranty by the university of + * michigan of any kind, either express or implied, including + * without limitation the implied warranties of + * merchantability and fitness for a particular purpose. the + * regents of the university of michigan shall not be liable + * for any damages, including special, indirect, incidental, or + * consequential damages, with respect to any claim arising + * out of or in connection with the use of the software, even + * if it has been or is hereafter advised of the possibility of + * such damages. + * + * SSH / smartcard integration project, smartcard side + * + * Tomoko Fukuzawa, created, Feb., 2000 + * Naomaru Itoi, modified, Apr., 2000 + */ + +import javacard.framework.*; +import javacardx.framework.*; +import javacardx.crypto.*; + +public class Ssh extends javacard.framework.Applet +{ + /* constants declaration */ + // code of CLA byte in the command APDU header + private final byte Ssh_CLA =(byte)0x05; + + // codes of INS byte in the command APDU header + private final byte DECRYPT = (byte) 0x10; + private final byte GET_KEYLENGTH = (byte) 0x20; + private final byte GET_PUBKEY = (byte) 0x30; + private final byte GET_RESPONSE = (byte) 0xc0; + + /* instance variables declaration */ + private final short keysize = 1024; + + //RSA_CRT_PrivateKey rsakey; + AsymKey rsakey; + CyberflexFile file; + CyberflexOS os; + + byte buffer[]; + //byte pubkey[]; + + static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05}; + + private Ssh() + { + file = new CyberflexFile(); + os = new CyberflexOS(); + + rsakey = new RSA_CRT_PrivateKey (keysize); + rsakey.setKeyInstance ((short)0xc8, (short)0x10); + + if ( ! rsakey.isSupportedLength (keysize) ) + ISOException.throwIt (ISO.SW_WRONG_LENGTH); + + /* + pubkey = new byte[keysize/8]; + file.selectFile((short)(0x3f<<8)); // select root + file.selectFile((short)(('s'<<8)|'h')); // select public key file + os.readBinaryFile (pubkey, (short)0, (short)0, (short)(keysize/8)); + */ + register(); + } // end of the constructor + + public static void install(APDU apdu) + { + new Ssh(); // create a Ssh applet instance (card) + } // end of install method + + public void process(APDU apdu) + { + // APDU object carries a byte array (buffer) to + // transfer incoming and outgoing APDU header + // and data bytes between card and CAD + buffer = apdu.getBuffer(); + + // verify that if the applet can accept this + // APDU message + // NI: change suggested by Wayne Dyksen, Purdue + if (buffer[ISO.OFFSET_INS] == ISO.INS_SELECT) + ISOException.throwIt(ISO.SW_NO_ERROR); + + switch (buffer[ISO.OFFSET_INS]) { + case DECRYPT: + if (buffer[ISO.OFFSET_CLA] != Ssh_CLA) + ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED); + //decrypt (apdu); + short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF); + + if (apdu.setIncomingAndReceive() != size) + ISOException.throwIt (ISO.SW_WRONG_LENGTH); + + rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, + buffer, (short) ISO.OFFSET_CDATA); + apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size); + return; + case GET_PUBKEY: + file.selectFile((short)(0x3f<<8)); // select root + file.selectFile((short)(('s'<<8)|'h')); // select public key file + os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8)); + apdu.setOutgoingAndSend((short)0, (short)(keysize/8)); + /* + apdu.setOutgoing(); + apdu.setOutgoingLength((short)(keysize/8)); + apdu.sendBytesLong(pubkey, (short)0, (short)(keysize/8)); + */ + return; + case GET_KEYLENGTH: + buffer[0] = (byte)((keysize >> 8) & 0xff); + buffer[1] = (byte)(keysize & 0xff); + apdu.setOutgoingAndSend ((short)0, (short)2); + return; + case GET_RESPONSE: + return; + default: + ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED); + } + + } // end of process method + + /* + private void decrypt (APDU apdu) + { + short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF); + + if (apdu.setIncomingAndReceive() != size) + ISOException.throwIt (ISO.SW_WRONG_LENGTH); + + //short offset = (short) ISO.OFFSET_CDATA; + + rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size, buffer, + (short) ISO.OFFSET_CDATA); + apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size); + } + */ +} // end of class Ssh |