OpenSSH / Smartcard Integration Proposal

[Naomaru Itoi]

Hello, 

Some OpenSSH folks asked us about how a smartcard can be integrated
into OpenSSH, so we looked into the OpenSSH code and designed how the 
integration can be done.  This document explains the design.  If you
think it benefits OpenSSH (which we think it does), we can start
implementing it.  Please send us questions, comments, etc.   

We know Tommaso Cucinotta is wokring on this topic, so please excuse
us if there are duplicated efforts.


OpenSSH / Smartcard Integration Proposal

Naomaru Itoi (itoi at eecs.umich.edu)
Oct. 29, 2000

1. Objective

This document proposes a way to integrate a smartcard into OpenSSH.
The objective of this work is to move a user's private key to the
smartcard, and to carry out all the cryptographic operations (i.e.,
sign a challenge) on the smartcard.  This enhances the security of
OpenSSH because the private key stays in the smartcard, which is a
more secure storage device than a workstation.  

This proposal is applied only to SSH Version 1 protocol because the 
smartcard we use, Schlumberger Cyberflex Access, has RSA but not DSA. 


2. SSH Modification Proposal

This section proposes modification on two SSH components: SSH agent
and ssh-add.  

2.1. SSH Agent Modification

In ssh-agent.c, process_authentication_challenge1() decrypts a
challenge with a smartcard.  The decryption function,
rsa_private_decrypt(), will be replaced with a call to RSA function
of a smartcard.  

lookup_private_key() will be skipped because the smartcard has the
private key in it.

process_add_identity() will not read a public / private key pair
from a socket.  Instead, this will read the public key from the
smartcard and sets it to the identity table entry.

2.2. ssh-add modification

When ssh-add is invoked with -s option (as in smartcard), it will tell
the SSH agent to use the key in the smartcard.  It will also tell the
smartcard reader number.  ssh_add_identity() will be modified to do
this.  

When ssh-add adds an identity, it sends the
SSH_AGENTC_ADD_RSA_IDENTITY message.  This message must be modified
to tell the SSH agent to use the smartcard.  We have two options here: 

- One is to create another message type, e.g.,
  SSH_AGENTC_ADD_RSA_IDENTITY_WITH_SMARTCARD.  When ssh-add is invoked
  with a special option, it sends this message instead of the
  SSH_AGENTC_ADD_RSA_IDENTITY.

    SSH_AGENTC_ADD_RSA_IDENTITY_WITH_SMARTCARD

      32-bit int    reader number

- The other is to use the SSH_AGENTC_ADD_RSA_IDENTITY.  For example,
  We can set the lengths of all the RSA parameter fields to zero to
  indicate that we use the smartcard.  This message has to contain the
  reader number.  We can use one of the parameter fields, or the
  comment field to transmit this information. 

The former is a cleaner approach, but adds a new message type to the
SSH Agent Protocol.  In contrast, the other does not add a message
type, but is not very clean.  Please give us some feedback on this. 


3. Smartcard Interface

There exist several ways of talking to a smartcard from a
workstation.  We suggest using our sc7816 library which runs on top of
IFD handlers.  The sc7816 library is an UNIX file system like API for
smartcards, e.g., scopen(), scclose(), scread(), scwrite().  This
library uses an IFD handler internally.  The IFD handler is a
smartcard reader communication interface, used in the PC/SC
framework (http://www.pcscworkgroup.com/).  The IFD interface is well
accepted that there exist drivers for more than 20 readers 
(http://www.linuxnet.com/drivers.html).

The advantage of this approach over the PC/SC framework is that it 
is simpler, does not require a smartcard reader access daemon, and
provides convenient interface.


Thank you, 

--
/--------------------\
|              	     |
| ##		     |
| ##  Naomaru Itoi   |
|                    |
\--------------------/
CITI Smartcard Group
http://www-personal.engin.umich.edu/~itoi
http://www.citi.umich.edu