From 8ce8296fd0c9d8b39467873952ac6c8e058d402a Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 22 May 2002 14:24:01 +1000
Subject: sync scard/

---
 ChangeLog        |  3 ++-
 scard/Ssh.bin.uu | 27 +++++++++++++-------------
 scard/Ssh.java   | 59 ++++++++++++++++++++++++++++++++++++++------------------
 3 files changed, 56 insertions(+), 33 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d1fa5de5..66b55b2c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 20020522
  - (djm) Fix spelling mistakes, spotted by Solar Designer i
    <solar@openwall.com>
+ - Sync scard/ (not sure when it drifted)
  - (djm) OpenBSD CVS Sync:
    [auth.c]
    Fix typo/thinko.  Pass in as to auth_approval(), not NULL.
@@ -670,4 +671,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2140 2002/05/22 04:14:54 djm Exp $
+$Id: ChangeLog,v 1.2141 2002/05/22 04:24:01 djm Exp $
diff --git a/scard/Ssh.bin.uu b/scard/Ssh.bin.uu
index 1062e21d..ea3986a6 100644
--- a/scard/Ssh.bin.uu
+++ b/scard/Ssh.bin.uu
@@ -1,16 +1,17 @@
 begin 644 Ssh.bin
-M`P)!%P`501P`;``!`C@"`/Y@\`4`_J'P!0!!%T$;`?Z@\`4`01=!&@'^>/,!
-M`4$701P!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$7L`4`_F'3``!!%T$9
-M`?YATP4`_G/5"P7^8=,'`OZAT`$!_J#0$@1!%T$8`0```$$7!`$&`/Y@`;@`
-M`$$8\`H(`$$9\`H``$$:\@\``$$;\B$``$$<\A```/`&__(```0(`!8```9C
-M""T#"<(H+00$*"T%""A;`&19``#P$/_R`P(&`0#(```38`!!70!&$UP`1@09
-M":1+``D*D`!@`"@37`!&!!E6`````*(````$____P````*$````0````*@``
-M`"````"-````,````&H37`!&`QD(2@`)"FX`8``H$UP`1@<9"@#_/2!@`$L1
-M2@`)"F<`8``H$UP`'A-<`$8($1-<`$8(7@!0"!%@`%59"C\`8`!:*PIS:&``
-M6BL37`!&`P,*`(!@`%\K`PH`@&``55D37`!&`P<H$UP`1@0#*`,%8`!565D*
-M;0!@`"A9`/`"__(!`0$)``@```J0`&``*%D`\!/_\@$!`@D`#```8D$7+5\`
-M/"M9````\!+_]@$!`P$`&```$UP`'EX`,D4`#Q-<`!X*`,@)$%X`-P17L`7_
-M\@$!!`(`/```$U\``!-B_J$M7P`%70`*$V+^H"U?``]=`!038OYX+0H$`%\`
-<&5T`'@H$`&``(T4`"0IG`&``*!->`"U9````````
+M`P)!&P`801X`>``!`E@"`/Y@\`4`_J'P!0!!&T$=`?Z@\`4`01M!'`'^>/,!
+M`4$;01X!_G#S%P'^0],1`?Y@\!0`_G/S'0#^<]4``D$;L`4`_F'3``#^8=,%
+M`/ZAT`$!_J#0)P'^H],*`?ZCTPD`_G/5"P7^8=,'`OZAT`H`_J#0$@3^:-,@
+M`T$;`P`%`/Y@`<P``$$<\@\``$$=\B$``$$>\A```/`0__(%`@8!`0H``&``
+M0205!!D)I$L`"0J0`&``*!4$&58``````.P````%____P````.D````0````
+M,P```"````#'````,````(T````R````V!4#&0A*``D*;@!@`"@5!QD*`/\]
+M(6``1A)*``D*9P!@`"@*/P!@`$LK"1)@`$LK!6``4!P$#00#2@`.#01@`%5@
+M`%I@`"@37``>%0@2%0A>`%\($F``9%(`:`H_`&``2RL*<VA@`$LK8`!I"1`U
+M(14#`Q)@`&X<!`T$`TL`"P,28`!D4@`.#01@`%5@`%I@`"A2`"X5`PH$`&``
+M<RL#!6``9%(`'14#"@$"8`!S*P,%8`!D4@`,4@`)"FT`8``H60``\`+_\@$!
+M`0D`"```"I``8``H60#P$__R`0$""0`,``!B01LM7P`\*UD```#P$O_V`0$#
+M`0`8```37``>7@`R10`/$UP`'@H`R`D07@`W!%>P!?_R`0$$`@`\```37P``
+M$V+^H2U?``5=``H38OZ@+5\`#UT`%!-B_G@M"@0`7P`970`>"@0`8``C10`)
+/"F<`8``H$UX`+5D`````
 `
 end
diff --git a/scard/Ssh.java b/scard/Ssh.java
index 9ca6da38..6418957c 100644
--- a/scard/Ssh.java
+++ b/scard/Ssh.java
@@ -1,4 +1,4 @@
-// $Id: Ssh.java,v 1.2 2001/09/15 10:58:47 djm Exp $
+// $Id: Ssh.java,v 1.3 2002/05/22 04:24:02 djm Exp $
 //
 // Ssh.java
 // SSH / smartcard integration project, smartcard side
@@ -42,6 +42,9 @@ import javacardx.crypto.*;
 
 public class Ssh extends javacard.framework.Applet
 {
+    // Change this when the applet changes; hi byte is major, low byte is minor
+    static final short applet_version = (short)0x0102;
+
     /* constants declaration */
     // code of CLA byte in the command APDU header
     static final byte Ssh_CLA =(byte)0x05;
@@ -50,20 +53,19 @@ public class Ssh extends javacard.framework.Applet
     static final byte DECRYPT = (byte) 0x10;
     static final byte GET_KEYLENGTH = (byte) 0x20;
     static final byte GET_PUBKEY = (byte) 0x30;
+    static final byte GET_VERSION = (byte) 0x32;
     static final byte GET_RESPONSE = (byte) 0xc0;
 
-    /* instance variables declaration */
     static final short keysize = 1024;
+    static final short root_fid = (short)0x3f00;
+    static final short privkey_fid = (short)0x0012;
+    static final short pubkey_fid = (short)(('s'<<8)|'h');
 
-    //RSA_CRT_PrivateKey rsakey;
+    /* instance variables declaration */
     AsymKey rsakey;
     CyberflexFile file;
     CyberflexOS os;
 
-    byte buffer[];
-
-    static byte[] keyHdr = {(byte)0xC2, (byte)0x01, (byte)0x05};
-
     private Ssh()
     {
 	file = new CyberflexFile();
@@ -98,7 +100,8 @@ public class Ssh extends javacard.framework.Applet
 	// APDU object carries a byte array (buffer) to
 	// transfer incoming and outgoing APDU header
 	// and data bytes between card and CAD
-	buffer = apdu.getBuffer();
+	byte buffer[] = apdu.getBuffer();
+	short size, st;
 
 	// verify that if the applet can accept this
 	// APDU message
@@ -111,29 +114,47 @@ public class Ssh extends javacard.framework.Applet
 	    if (buffer[ISO.OFFSET_CLA] != Ssh_CLA)
 		ISOException.throwIt(ISO.SW_CLA_NOT_SUPPORTED);
 	    //decrypt (apdu);
-	    short size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
+	    size = (short) (buffer[ISO.OFFSET_LC] & 0x00FF);
 
 	    if (apdu.setIncomingAndReceive() != size)
 		ISOException.throwIt (ISO.SW_WRONG_LENGTH);
 
+	    // check access; depends on bit 2 (x/a)
+	    file.selectFile(root_fid);
+	    file.selectFile(privkey_fid);
+	    st = os.checkAccess(ACL.EXECUTE);
+	    if (st != ST.ACCESS_CLEARED) {
+		CyberflexAPDU.prepareSW1SW2(st);
+		ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+	    }
+
 	    rsakey.cryptoUpdate (buffer, (short) ISO.OFFSET_CDATA, size,
 				 buffer, (short) ISO.OFFSET_CDATA);
 
 	    apdu.setOutgoingAndSend ((short) ISO.OFFSET_CDATA, size);
-	    return;
+	    break;
 	case GET_PUBKEY:
-	    file.selectFile((short)(0x3f<<8)); // select root
-	    file.selectFile((short)(('s'<<8)|'h')); // select public key file
-	    os.readBinaryFile (buffer, (short)0, (short)0, (short)(keysize/8));
-	    apdu.setOutgoingAndSend((short)0, (short)(keysize/8));
-	    return;
+	    file.selectFile(root_fid); // select root
+	    file.selectFile(pubkey_fid); // select public key file
+	    size = (short)(file.getFileSize() - 16);
+	    st = os.readBinaryFile(buffer, (short)0, (short)0, size);
+	    if (st == ST.SUCCESS)
+		apdu.setOutgoingAndSend((short)0, size);
+	    else {
+		CyberflexAPDU.prepareSW1SW2(st);
+		ISOException.throwIt(CyberflexAPDU.getSW1SW2());
+	    }
+	    break;
 	case GET_KEYLENGTH:
-	    buffer[0] = (byte)((keysize >> 8) & 0xff);
-	    buffer[1] = (byte)(keysize & 0xff);
+	    Util.setShort(buffer, (short)0, keysize);
+	    apdu.setOutgoingAndSend ((short)0, (short)2);
+	    break;
+	case GET_VERSION:
+	    Util.setShort(buffer, (short)0, applet_version);
 	    apdu.setOutgoingAndSend ((short)0, (short)2);
-	    return;
+	    break;
 	case GET_RESPONSE:
-	    return;
+	    break;
 	default:
 	    ISOException.throwIt (ISO.SW_INS_NOT_SUPPORTED);
 	}
-- 
cgit v1.2.3