Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TCOS: pkcs11-tool --login --test fails to sign #1869

Closed
jmastr opened this issue Nov 26, 2019 · 19 comments · Fixed by #1880
Closed

TCOS: pkcs11-tool --login --test fails to sign #1869

jmastr opened this issue Nov 26, 2019 · 19 comments · Fixed by #1880

Comments

@jmastr
Copy link

jmastr commented Nov 26, 2019
edited
Loading

Problem Description

OpenSC 0.20.0-rc3

$ pkcs11-tool --login --test
Using slot 0 with a present token (0x0)
Logging in to "IDKey Card".
Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (IDKey1) 
error: PKCS11 function C_SignFinal failed: rv = CKR_DATA_INVALID (0x20)
Aborting.

Proposed Resolution

Steps to reproduce

Logs

  testing key 0 (IDKey1)                                                                                                                       
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] framework-pkcs15.c:3675:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called                                    
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] framework-pkcs15.c:3675:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called      
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] mechanism.c:250:sc_pkcs11_sign_init: called                                                  
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] mechanism.c:256:sc_pkcs11_sign_init: mechanism 0x3, key-type 0x0                         
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] misc.c:268:session_start_operation: called                                               
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] misc.c:269:session_start_operation: Session 0x5570ec1c0a70, type 1                           
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] mechanism.c:376:sc_pkcs11_signature_init: called                                     
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] mechanism.c:430:sc_pkcs11_signature_init: returning with: 0 (Success)                                          
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] mechanism.c:283:sc_pkcs11_sign_init: returning with: 0 (Success)                       
P:14710; T:0x139761924822848 21:16:56.746 [opensc-pkcs11] pkcs11-object.c:679:C_SignInit: C_SignInit() = CKR_OK                                    
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] framework-pkcs15.c:3675:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called  
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] pkcs11-object.c:263:C_GetAttributeValue: Object 93943485813376: CKA_ALWAYS_AUTHENTICATE = FALSE                   
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] pkcs11-object.c:285:C_GetAttributeValue: C_GetAttributeValue(hSession=0x5570ec1c0a70, hObject=0x5570ec19d280) = CKR_OK
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:293:sc_pkcs11_sign_update: called                         
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] misc.c:290:session_get_operation: called                                         
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:439:sc_pkcs11_signature_update: called                                     
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:440:sc_pkcs11_signature_update: data part length 5                         
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:452:sc_pkcs11_signature_update: returning with: 0 (Success)              
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:309:sc_pkcs11_sign_update: returning with: 0 (Success)                   
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] pkcs11-object.c:749:C_SignUpdate: C_SignUpdate() = CKR_OK                                    
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:293:sc_pkcs11_sign_update: called                                          
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] misc.c:290:session_get_operation: called                                                 
P:14710; T:0x139761924822848 21:16:56.747 [opensc-pkcs11] mechanism.c:439:sc_pkcs11_signature_update: called                                       
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:440:sc_pkcs11_signature_update: data part length 10                          
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:452:sc_pkcs11_signature_update: returning with: 0 (Success)                                             
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:309:sc_pkcs11_sign_update: returning with: 0 (Success)    
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] pkcs11-object.c:749:C_SignUpdate: C_SignUpdate() = CKR_OK               
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:293:sc_pkcs11_sign_update: called                                          
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] misc.c:290:session_get_operation: called                                               
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:439:sc_pkcs11_signature_update: called                                           
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:440:sc_pkcs11_signature_update: data part length 241                          
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:452:sc_pkcs11_signature_update: returning with: 0 (Success)                                               
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] mechanism.c:309:sc_pkcs11_sign_update: returning with: 0 (Success)                     
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] pkcs11-object.c:749:C_SignUpdate: C_SignUpdate() = CKR_OK                                    
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] misc.c:290:session_get_operation: called                                                                              
P:14710; T:0x139761924822848 21:16:56.748 [opensc-pkcs11] framework-pkcs15.c:3675:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] framework-pkcs15.c:3675:pkcs15_prkey_get_attribute: pkcs15_prkey_get_attribute() called
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] mechanism.c:521:sc_pkcs11_signature_size: returning with: 0 (Success)                                                 
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] mechanism.c:361:sc_pkcs11_sign_size: returning with: 0 (Success)                                                                                
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] mechanism.c:319:sc_pkcs11_sign_final: called                                           
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] misc.c:290:session_get_operation: called                                                                              
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] mechanism.c:462:sc_pkcs11_signature_final: called                                            
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] framework-pkcs15.c:3919:pkcs15_prkey_sign: Initiating signing operation, mechanism 0x3.
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] card.c:473:sc_lock: called                                                                                            
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] reader-pcsc.c:652:pcsc_lock: called                                                    
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] framework-pkcs15.c:4050:pkcs15_prkey_sign: Selected flags 1. Now computing signature for 256 bytes. 1024 bytes reserved.
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] pkcs15-sec.c:565:sc_pkcs15_compute_signature: called
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] pkcs15-sec.c:613:sc_pkcs15_compute_signature: supported algorithm flags 0x103, private key usage 0x7
P:14710; T:0x139761924822848 21:16:56.749 [opensc-pkcs11] padding.c:470:sc_get_encoding_flags: called
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] padding.c:474:sc_get_encoding_flags: iFlags 0x1, card capabilities 0x103
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] padding.c:525:sc_get_encoding_flags: pad flags 0x0, secure algorithm flags 0x1
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] padding.c:526:sc_get_encoding_flags: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] pkcs15-sec.c:671:sc_pkcs15_compute_signature: DEE flags:0x00000001 alg_info->flags:0x00000103 pad:0x00000000 sec:0x00000001
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] card.c:473:sc_lock: called
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] pkcs15-sec.c:86:select_key_file: called
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] card.c:817:sc_select_file: called; type=2, path=df075349
P:14710; T:0x139761924822848 21:16:56.750 [opensc-pkcs11] apdu.c:546:sc_transmit_apdu: called
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] card.c:473:sc_lock: called
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] apdu.c:513:sc_transmit: called
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] apdu.c:370:sc_single_transmit: CLA:0, INS:A4, P1:8, P2:C, data(4) 0x7ffc9bd57e90
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] reader-pcsc.c:297:pcsc_transmit: reader 'Identiv SCR3500 C Contact Reader [CCID Interface] (55591830603542) 00 00'
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] reader-pcsc.c:298:pcsc_transmit: 
Outgoing APDU (9 bytes):
00 A4 08 0C 04 DF 07 53 49 .......SI
P:14710; T:0x139761924822848 21:16:56.751 [opensc-pkcs11] reader-pcsc.c:216:pcsc_internal_transmit: called
P:14710; T:0x139761924822848 21:16:56.792 [opensc-pkcs11] reader-pcsc.c:307:pcsc_transmit: 
Incoming APDU (2 bytes):
90 00 ..
P:14710; T:0x139761924822848 21:16:56.792 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.792 [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.792 [opensc-pkcs11] card.c:523:sc_unlock: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card-tcos.c:397:tcos_select_file: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card.c:852:sc_select_file: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] pkcs15-sec.c:123:select_key_file: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] sec.c:105:sc_set_security_env: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card-tcos.c:499:tcos_set_security_env: Key-Reference 84 (len=1)
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card-tcos.c:504:tcos_set_security_env: TCOS3:1 PKCS1:0
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] apdu.c:546:sc_transmit_apdu: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card.c:473:sc_lock: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] apdu.c:513:sc_transmit: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:14710; T:0x139761924822848 21:16:56.793 [opensc-pkcs11] apdu.c:370:sc_single_transmit: CLA:0, INS:22, P1:41, P2:B8, data(6) 0x7ffc9bd57ee0
P:14710; T:0x139761924822848 21:16:56.794 [opensc-pkcs11] reader-pcsc.c:297:pcsc_transmit: reader 'Identiv SCR3500 C Contact Reader [CCID Interface] (55591830603542) 00 00'
P:14710; T:0x139761924822848 21:16:56.794 [opensc-pkcs11] reader-pcsc.c:298:pcsc_transmit: 
Outgoing APDU (11 bytes):
00 22 41 B8 06 80 01 0A 84 01 84 ."A........
P:14710; T:0x139761924822848 21:16:56.794 [opensc-pkcs11] reader-pcsc.c:216:pcsc_internal_transmit: called
P:14710; T:0x139761924822848 21:16:56.833 [opensc-pkcs11] reader-pcsc.c:307:pcsc_transmit:
Incoming APDU (2 bytes):
6A 80 j.
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] card.c:525:sc_unlock: called
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters in the data field
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] card-tcos.c:532:tcos_set_security_env: returning with: -1205 (Incorrect parameters in APDU)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] sec.c:109:sc_set_security_env: returning with: -1205 (Incorrect parameters in APDU)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] card.c:525:sc_unlock: called
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] pkcs15-sec.c:707:sc_pkcs15_compute_signature: use_key() failed: -1205 (Incorrect parameters in APDU)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] card.c:525:sc_unlock: called
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] reader-pcsc.c:701:pcsc_unlock: called
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] framework-pkcs15.c:4067:pkcs15_prkey_sign: Sign complete. Result -1205.
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] misc.c:71:sc_to_cryptoki_error_common: libopensc return value: -1205 (Incorrect parameters in APDU)
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] mechanism.c:478:sc_pkcs11_signature_final: returning with: 32
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] mechanism.c:336:sc_pkcs11_sign_final: returning with: 32
P:2644; T:0x4391890368 15:47:08.487 [opensc-pkcs11] pkcs11-object.c:791:C_SignFinal: C_SignFinal() = CKR_DATA_INVALID
...
@jmastr
Copy link
Author

jmastr commented Nov 27, 2019

More debug log added

@jmastr jmastr mentioned this issue Nov 28, 2019
Closed
@Jakuje
Copy link
Member

Jakuje commented Dec 2, 2019

The instruction 22 is MANAGE SECURITY ENVIRONMENT and your card does not like it for some reason.

Is this key usable for signatures? What does pkcs11-tool -O --login list?

The documentation talks about different types of TCOS cards, but I do not seem to notice the IDKey cards here:
https://github.com/OpenSC/OpenSC/wiki/TCOS-based-preformatted-cards

There was some discussion about these cards in #712 and it provides also some specification. Checking through the section 7.3.6.3 shows that for signature, we should use different P2 parameter than is used now. Can you try with the following patch:

diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index 1bf67db8..2f98cac3 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -506,7 +506,8 @@ static int tcos_set_security_env(sc_card_t *card, const sc_security_env_t *env,
 	data->pad_flags = env->algorithm_flags;
 	data->next_sign = default_key;
 
-	sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, tcos3 ? 0x41 : 0xC1, 0xB8);
+	sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, tcos3 ? 0x41 : 0xC1,
+		env->operation == SC_SEC_OPERATION_SIGN ? 0xB6 : 0xB8);
 	p = sbuf;
 	*p++=0x80; *p++=0x01; *p++=tcos3 ? 0x0A : 0x10;
 	if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) {

@frankmorgner
Copy link
Member

complete log: https://gist.github.com/jmastr/70eea75add9f609f636e28d8761d5dfe

@frankmorgner
Copy link
Member

@jmastr, Do you know where to get developer documentation and/or test cards?

@Jakuje
Copy link
Member

Jakuje commented Dec 2, 2019

I found a docs here:

#712 (comment)

This looks like normal iso operation so I assume this is a bug.

@jmastr
Copy link
Author

jmastr commented Dec 2, 2019

@frankmorgner @Jakuje First of all, thank you very much for checking this issue. The IDKey card was mentioned in the commit message of c97fc2e:

commit c97fc2e719f33d6750e6c9d6ff4e5fa9a98a167b
Author: pk <pk@c6295689-39f2-0310-b995-f0e70906c6a9>
Date:   Sat May 28 14:24:27 2011 +0000

    support for TCOS3 IdKey cards and fix for bug #256
    
    git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5508 c6295689-39f2-0310-b995-f0e70906c6a9

But it dates back to 2011. I built OpenSC from that exact commit and a pkcs11-tool --module=... --login --test did not work.

Can you try with the following patch:

I am currently not at my work laptop, but I'll check first thing in the morning.

@jmastr, Do you know where to get developer documentation and/or test cards?

I'll contact the card manufacture and ask them for documentation.

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019

Is this key usable for signatures? What does pkcs11-tool -O --login list?

$ pkcs11-tool -O --login
Using slot 0 with a present token (0x0)
Logging in to "IDKey Card".
Please enter User PIN: 
Private Key Object; RSA 
  label:      IDKey1
  ID:         45
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Certificate Object; type = X.509 cert
  label:      Signatur Zertifikat 1
  subject:    DN: O=DTAG, OU=Person, OU=Employee, OU=C-3721352, CN=Julian Strobl/[email protected]
  ID:         45
Public Key Object; RSA 2048 bits
  label:      Signatur Zertifikat 1
  ID:         45
  Usage:      encrypt, verify
  Access:     local
Certificate Object; type = X.509 cert
  label:      Signatur Zertifikat 2
  subject:    DN: O=DTAG, OU=Person, OU=Employee, OU=C-3721352, CN=Julian Strobl/[email protected]
  ID:         45
Public Key Object; RSA 2048 bits
  label:      Signatur Zertifikat 2
  ID:         45
  Usage:      encrypt, verify
  Access:     local
Private Key Object; RSA 
  label:      IDKey2
  ID:         46
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Private Key Object; RSA 
  label:      IDKey3
  ID:         47
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Private Key Object; RSA 
  label:      IDKey4
  ID:         48
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Private Key Object; RSA 
  label:      IDKey5
  ID:         49
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local
Private Key Object; RSA 
  label:      IDKey6
  ID:         4a
  Usage:      decrypt, sign
  Access:     sensitive, always sensitive, never extractable, local

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019

Can you try with the following patch:

@Jakuje with said patch I get Referenced data not found:

P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)                                                                                                                                                                                                          
P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success)                                                                                                                                                                                                                 
P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] card.c:523:sc_unlock: called                                                                                                                                                                                                                                        
P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] card-tcos.c:397:tcos_select_file: returning with: 0 (Success)                                                                                                                                                                                                       
P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] card.c:852:sc_select_file: returning with: 0 (Success)
P:30259; T:0x140299574458176 08:22:47.277 [opensc-pkcs11] pkcs15-sec.c:123:select_key_file: returning with: 0 (Success)
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] sec.c:105:sc_set_security_env: called
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] card-tcos.c:499:tcos_set_security_env: Key-Reference 84 (len=1)
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] card-tcos.c:504:tcos_set_security_env: TCOS3:1 PKCS1:0
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] apdu.c:546:sc_transmit_apdu: called
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] card.c:473:sc_lock: called
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success)
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] apdu.c:513:sc_transmit: called
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] apdu.c:363:sc_single_transmit: called
P:30259; T:0x140299574458176 08:22:47.278 [opensc-pkcs11] apdu.c:370:sc_single_transmit: CLA:0, INS:22, P1:41, P2:B6, data(6) 0x7ffd8dbbc870
P:30259; T:0x140299574458176 08:22:47.279 [opensc-pkcs11] reader-pcsc.c:297:pcsc_transmit: reader 'Identiv SCR3500 C Contact Reader [CCID Interface] (55591830603542) 00 00'
P:30259; T:0x140299574458176 08:22:47.279 [opensc-pkcs11] reader-pcsc.c:298:pcsc_transmit: 
Outgoing APDU (11 bytes):
00 22 41 B6 06 80 01 0A 84 01 84 ."A........
P:30259; T:0x140299574458176 08:22:47.279 [opensc-pkcs11] reader-pcsc.c:216:pcsc_internal_transmit: called
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] reader-pcsc.c:307:pcsc_transmit: 
Incoming APDU (2 bytes):
6A 88 j.
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success)
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] apdu.c:535:sc_transmit: returning with: 0 (Success)
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] card.c:523:sc_unlock: called
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] card-tcos.c:530:tcos_set_security_env: Detected Signature-Only key
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Referenced data not found
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] card-tcos.c:533:tcos_set_security_env: returning with: -1216 (Data object not found)
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] sec.c:109:sc_set_security_env: returning with: -1216 (Data object not found)
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] card.c:523:sc_unlock: called
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] pkcs15-sec.c:707:sc_pkcs15_compute_signature: use_key() failed: -1216 (Data object not found)
P:30259; T:0x140299574458176 08:22:47.319 [opensc-pkcs11] card.c:523:sc_unlock: called
P:30259; T:0x140299574458176 08:22:47.320 [opensc-pkcs11] reader-pcsc.c:709:pcsc_unlock: called
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] framework-pkcs15.c:4067:pkcs15_prkey_sign: Sign complete. Result -1216.
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] misc.c:71:sc_to_cryptoki_error_common: libopensc return value: -1216 (Data object not found)
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] mechanism.c:478:sc_pkcs11_signature_final: returning with: 5
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] mechanism.c:336:sc_pkcs11_sign_final: returning with: 5
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] pkcs11-object.c:791:C_SignFinal: C_SignFinal() = CKR_GENERAL_ERROR
P:30259; T:0x140299574458176 08:22:47.323 [opensc-pkcs11] pkcs11-global.c:365:C_Finalize: C_Finalize()

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019

@frankmorgner @Jakuje documentation is on its way. checking the history of card-tcos.c I found a line that somehow looked suspicious to me. Removing it gives me some more output, but I guess I just hide the real issue. Wanted to let you know anyway, because maybe it means something to you:

diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index 490ae312..9c83f923 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -508,7 +508,7 @@ static int tcos_set_security_env(sc_card_t *card, const sc_security_env_t *env,
 
        sc_format_apdu(card, &apdu, SC_APDU_CASE_3_SHORT, 0x22, tcos3 ? 0x41 : 0xC1, 0xB8);
        p = sbuf;
-       *p++=0x80; *p++=0x01; *p++=tcos3 ? 0x0A : 0x10;
        if (env->flags & SC_SEC_ENV_KEY_REF_PRESENT) {
                *p++ = (env->flags & SC_SEC_ENV_KEY_REF_SYMMETRIC) ? 0x83 : 0x84;
                *p++ = env->key_ref_len;
@@ -550,7 +550,8 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
        assert(card != NULL && data != NULL && out != NULL);
        tcos3=(card->type==SC_CARD_TYPE_TCOS_V3);
 
-       if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
+       // datalen is 256 here
+       //if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
 
        if(((tcos_data *)card->drv_data)->next_sign){
                if(datalen>48){

This diff yields to:

$ pkcs11-tool --login --test                                                                                                                                                                                                                                                                                          130 ↵
Using slot 0 with a present token (0x0)
Logging in to "IDKey Card".
Please enter User PIN: 
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (IDKey1) 
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
    SHA256-RSA-PKCS: OK
couldn't find the corresponding pubkey
  testing key 1 (0 bits, label=IDKey2) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 3 (0 bits, label=IDKey4) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 4 (0 bits, label=IDKey5) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 5 (0 bits, label=IDKey6) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
Verify (currently only for RSA)
  testing key 0 (IDKey1)
    RSA-X-509: OK
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
  testing key 1 (IDKey2) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 3 (IDKey4) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 4 (IDKey5) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 5 (IDKey6) with 1 mechanism -- can't find corresponding public key, skipping
Decryption (currently only for RSA)
  testing key 0 (IDKey1) 
    RSA-X-509: OK
    RSA-PKCS: OK
  testing key 1 (IDKey2) 
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS:   testing key 2 (IDKey3) 
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS:   testing key 3 (IDKey4) 
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS:   testing key 4 (IDKey5) 
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS:   testing key 5 (IDKey6) 
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
    RSA-X-509:     RSA-PKCS: No errors

@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

@Jakuje with said patch I get Referenced data not found:

It actually does not fix the problem, but it is certainly correct according tot he specification.

What you did also sounds correct according to the documentation. For the signature generation, there is no 0x80 tag defined so I think it should not be there. It could have worked with older cards, but new seems to bail out on that, I assume.

Looking to the second change you did, you allowed > 256 B of data to be signed. Few lines below, the code says it supports max 48 B. The first test is using the RSA_X_509 mechanism, which is RAW RSA and I think the card and driver really do not support that.

Reading through "7.3.12 PSO: Compute Digital Signature" section, it says that the input data is really "hash value", not the whole raw input to the RSA operation.

If I see right, the author of the driver wanted to implement the signatures using the decipher operation to get around this limitation, but it looks like it is no longer working.

I think something similar as I did for CardOS 5 in #1867 will be needed to disable RSA_X_509 mechanism advertisement.

Can you try the following branch:

https://github.com/Jakuje/OpenSC/commits/tcos

I would be interested also in the pkcs11-tool -M output, to check whether it still lists the raw RSA mechanism.

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019
edited
Loading

Being on your branch:

$ pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-PKCS, keySize={512,2048}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA224-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA256-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA384-RSA-PKCS, keySize={512,2048}, sign, verify
  SHA512-RSA-PKCS, keySize={512,2048}, sign, verify
  MD5-RSA-PKCS, keySize={512,2048}, sign, verify
  RIPEMD160-RSA-PKCS, keySize={512,2048}, sign, verify

So I needed to revert 5d2a2e3:

commit c2e343215ad1237837402a0282242667dfc37129 (HEAD -> tcos)
Author: Julian Strobl <[email protected]>
Date:   Tue Dec 3 11:30:41 2019 +0100

    Revert "tcos: Use correct P2 for signature operations in manage security environment"

    This reverts commit 5d2a2e3e446aa5841da8ac0275419daa52b7d57f.

Otherwise I would have gotten: CKR_GENERAL_ERROR

With the reverted patch I see again:

$ pkcs11-tool --login --test
Using slot 0 with a present token (0x0)
Logging in to "IDKey Card".
Please enter User PIN:
C_SeedRandom() and C_GenerateRandom():
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (IDKey1)
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
    SHA256-RSA-PKCS: OK
couldn't find the corresponding pubkey
  testing key 1 (0 bits, label=IDKey2) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 3 (0 bits, label=IDKey4) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 4 (0 bits, label=IDKey5) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 5 (0 bits, label=IDKey6) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
Verify (currently only for RSA)
  testing key 0 (IDKey1)
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
  testing key 1 (IDKey2) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 3 (IDKey4) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 4 (IDKey5) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 5 (IDKey6) with 1 mechanism -- can't find corresponding public key, skipping
Decryption (currently only for RSA)
  testing key 0 (IDKey1)
    RSA-PKCS: OK
  testing key 1 (IDKey2)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 4 (IDKey5)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 5 (IDKey6)
couldn't find the corresponding pubkey for validation
    RSA-PKCS: No errors

@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

Can you share the respective debug logs for the errors you get with at least the last two APDUs?

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019

@Jakuje This is all logs after verifying the PIN: https://gist.github.com/jmastr/72ce309a14f90377dff51628c002ab6c

@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

This already looks like the signature is provided correctly (see lines around 1944), but just the pkcs11-tool has problems finding the public key to verify signature. This is the key with ID 46. As you can see in your previous comment #1869 (comment) , it looks like the public key is really not there, but there are multiple with ID 45 ... this looks like something got messed up during the initialization. I will check the log posted earlier if there will be something suspicious.

@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

the initialization looks like it is using same IDs for all the certificates. Can you try my updated branch whether we will be able to move further (I dropped the problematic commit too)?

https://github.com/Jakuje/OpenSC/commits/tcos

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019 

$ pkcs11-tool --test --pin ${PIN}                                                                                                                                                                             
Using slot 0 with a present token (0x0)                                                                                                                                                                         
C_SeedRandom() and C_GenerateRandom():                                                                                                                                                                          
  seeding (C_SeedRandom) not supported
  seems to be OK
Digests:
  all 4 digest functions seem to work
  MD5: OK
  SHA-1: OK
  RIPEMD160: OK
Signatures (currently only for RSA)
  testing key 0 (IDKey1)
  all 4 signature functions seem to work
  testing signature mechanisms:
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
    SHA256-RSA-PKCS: OK
  testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
    RSA-PKCS: OK
couldn't find the corresponding pubkey
  testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 3 (0 bits, label=IDKey4) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 4 (0 bits, label=IDKey5) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
couldn't find the corresponding pubkey
  testing key 5 (0 bits, label=IDKey6) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
Verify (currently only for RSA)
  testing key 0 (IDKey1)
    RSA-PKCS: OK
    SHA1-RSA-PKCS: OK
    MD5-RSA-PKCS: OK
    RIPEMD160-RSA-PKCS: OK
  testing key 1 (IDKey2) with 1 mechanism
    RSA-PKCS: OK
  testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 3 (IDKey4) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 4 (IDKey5) with 1 mechanism -- can't find corresponding public key, skipping
  testing key 5 (IDKey6) with 1 mechanism -- can't find corresponding public key, skipping
Decryption (currently only for RSA)
  testing key 0 (IDKey1)
    RSA-PKCS: OK
  testing key 1 (IDKey2)
    RSA-PKCS: OK
  testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 4 (IDKey5)
couldn't find the corresponding pubkey for validation
    RSA-PKCS:   testing key 5 (IDKey6)
couldn't find the corresponding pubkey for validation
    RSA-PKCS: No errors

https://gist.github.com/jmastr/c2d3673a47e22803d16e5adbdd60f6b0

@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

If I read the diff right, this fixed the tests with the IDKey2:

- couldn't find the corresponding pubkey for validation
-  testing key 1 (0 bits, label=IDKey2) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
+  testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
+    RSA-PKCS: OK
...
-  testing key 1 (IDKey2) with 1 mechanism -- can't find corresponding public key, skipping
+  testing key 1 (IDKey2) with 1 mechanism
+    RSA-PKCS: OK
...
   testing key 1 (IDKey2)
-couldn't find the corresponding pubkey for validation
-    RSA-PKCS:   testing key 2 (IDKey3)
+    RSA-PKCS: OK
+  testing key 2 (IDKey3)

Are the other keys also supposed to be working? The third certificate was not found on the card if I read the initial log correctly:

P:80108; T:0x123145355624448 10:58:07.861 [cryptotokenkit] card.c:841:sc_select_file: 'SELECT' error: -1201 (File not found)
P:80108; T:0x123145355624448 10:58:07.861 [cryptotokenkit] pkcs15-tcos.c:62:insert_cert: Select(DF074333) failed

I can probably try to expand the list to try to read 6 certs, if they are supposed to be there and working. Not sure what to do with the keys without certificates and where to get the public key material for them.

@jmastr
Copy link
Author

jmastr commented Dec 3, 2019
edited
Loading

@Jakuje You are completely right to ask that question. I don't know, if the other certificates/keys are supposed to work. For my very use case, which is also related to #1865, I need to have Signatur Zertifikat 2 and IDKey1 (after your patch it is probably IDKey2) working. So I guess we can close this ticket with your commits:

1ad3d27 tcos: Use unique IDs for certificates
04c7fe3 tcos: Drop undocumented tags from security environment data
992ed48 tcos: Do not advertize non-functional RSA RAW algorithms
23342c4 tcos: Remove duplicate lines

The only potential problem I see is 04c7fe3 where we might introduce a regression. I think the author put this line for a reason, although it clearly does not work with my card. I mean, I am good with removing that line obviously. What do you think?

@Jakuje Jakuje mentioned this issue Dec 3, 2019
Merged
3 tasks
@Jakuje
Copy link
Member

Jakuje commented Dec 3, 2019

Filled as #1880

I do not think 04c7fe3 will cause problems with older cards as it was introduced with TCOS3 support without any reasoning nor comments. I will try to pull into the PR some previous contributors to this driver.

@Jakuje Jakuje mentioned this issue Dec 16, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix TCOS IDKey support Jakuje/OpenSC
3 participants
@frankmorgner @Jakuje @jmastr