When configuring the ECCP256 algorithm certificate, XShell directly crashes when using PKCS11 for authentication connection.

[geihob]

Problem Description

I am using yubikey 5 key for ssh connection.
When configuring the ECCP256 algorithm certificate, XShell directly crashes when using PKCS11 for authentication connection.
But in the same environment, everything works fine when configuring the RSA2048 certificate.

Proposed Resolution

Support ECCP256 algorithm for PKCS11.

Steps to reproduce

Steps like SSH Connections with YubiKey PKCS#11 User Authentication(PIV).
The difference is that yubikey generates the key.
RSA2045 :

ykman piv keys generate -a RSA2048 --pin-policy=once --touch-policy=always 9a pubkey.pem
ykman piv certificates generate --subject "yubico" 9a pubkey.pem

ECCP256 :

ykman piv keys generate -a ECCP256 --pin-policy=once --touch-policy=always 9a pubkey.pem
ykman piv certificates generate --subject "yubico" 9a pubkey.pem

Using ECCP256 will directly crash or become unresponsive when xshell connects.

Logs

[dengert]

PIV type cards determine the type and size of a key from the certificate that is stored on the card in the Subject PublicKeyInfo. Some possible problems:

• ykman has not updated the certificate if one is already present.
• OpenSC's certificate cache on disk is being used and it is out of date and cert has the wrong SPKI. See man opensc.conf "use_file_caching"
• The SSH host has the wrong public key.

An OpenSC debug log would help as would ./pkcs15-tool --read-certificate 01 | openssl x509 -text -noout

[geihob]

PIV type cards determine the type and size of a key from the certificate that is stored on the card in the Subject PublicKeyInfo. Some possible problems:

• ykman has not updated the certificate if one is already present.
• OpenSC's certificate cache on disk is being used and it is out of date and cert has the wrong SPKI. See man opensc.conf "use_file_caching"
• The SSH host has the wrong public key.

An OpenSC debug log would help as would ./pkcs15-tool --read-certificate 01 | openssl x509 -text -noout

 pkcs15-tool  --read-certificate  01 | openssl x509 -text -noout
Using reader with a card: Yubico YubiKey FIDO+CCID 0
Warning: Reading certificate from stdin since no -in or -new option is given
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:

        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN=yubico
        Validity
            Not Before: Mar 18 04:42:21 2024 GMT
            Not After : Mar 18 04:42:21 2025 GMT
        Subject: CN=yubico
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:

                ASN1 OID: prime256v1
                NIST CURVE: P-256
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:

[geihob]

certutil -scinfo: https://gist.github.com/Z1Turn0/ef37fc2fd3807c91d2ba4ddae7ecc924
some log: https://gist.github.com/Z1Turn0/9387f073729ef3894e327034dcbcb623

[Jakuje]

OpenSC 0.20.0 is some years old. Can you try with more recent version or master?

Do you have some backtrace from the crash? The operations look successful in all the examples you provided.

[dengert]

@Z1Turn0 in the output from #3073 (comment) did you blank out the "Serial Number", "pub:" and "Signature:" ? if not it looks like ykman only wrote the minimal information to let PIV driver know there is a private key.

What is output of pkcs15-tool.exe --read-ssh-key 01

https://netsarang.atlassian.net/wiki/spaces/ENSUP/pages/2086437094/SSH+access+via+PIV+smart+card+using+CAPI
says: "Select ‘RSA2048’ or ‘RSA1024’ as the algorithm. As of November 20, 2023, ECCP256 is not supported by Xshell", so testing using certutil (which uses CAPI) is not a part of this problem. Also Windows uses the Microsoft built-in PIV driver for CAPI.

Do you see any indications that XShell using PKCS11 supports using ECC keys? All examples I have seen are RSA.

[geihob]

OpenSC 0.20.0 is some years old. Can you try with more recent version or master?

Do you have some backtrace from the crash? The operations look successful in all the examples you provided.

Because I crashed using the latest release version, I finally changed to version 0.20.0 in the xshell document.

[geihob]

@Z1Turn0 in the output from #3073 (comment) did you blank out the "Serial Number", "pub:" and "Signature:" ? if not it looks like ykman only wrote the minimal information to let PIV driver know there is a private key.

What is output of pkcs15-tool.exe --read-ssh-key 01

https://netsarang.atlassian.net/wiki/spaces/ENSUP/pages/2086437094/SSH+access+via+PIV+smart+card+using+CAPI says: "Select ‘RSA2048’ or ‘RSA1024’ as the algorithm. As of November 20, 2023, ECCP256 is not supported by Xshell", so testing using certutil (which uses CAPI) is not a part of this problem. Also Windows uses the Microsoft built-in PIV driver for CAPI.

Do you see any indications that XShell using PKCS11 supports using ECC keys? All examples I have seen are RSA.

Yes, I deleted the printout the "Serial Number", "pub:" and "Signature:".

[geihob]

@Z1Turn0 in the output from #3073 (comment) did you blank out the "Serial Number", "pub:" and "Signature:" ? if not it looks like ykman only wrote the minimal information to let PIV driver know there is a private key.

What is output of pkcs15-tool.exe --read-ssh-key 01

https://netsarang.atlassian.net/wiki/spaces/ENSUP/pages/2086437094/SSH+access+via+PIV+smart+card+using+CAPI says: "Select ‘RSA2048’ or ‘RSA1024’ as the algorithm. As of November 20, 2023, ECCP256 is not supported by Xshell", so testing using certutil (which uses CAPI) is not a part of this problem. Also Windows uses the Microsoft built-in PIV driver for CAPI.

Do you see any indications that XShell using PKCS11 supports using ECC keys? All examples I have seen are RSA.

I thought that the certificate algorithm is handled by opensc middleware, so I didn't consider whether xshell supports ecc ...

[dengert]

What is output of pkcs15-tool.exe --read-ssh-key 01

Can you try using putty.

thought that the certificate algorithm is handled by opensc middleware, so I didn't consider whether xshell supports ecc ...

That is not clear.

Also try using OpenSC SPY to get trace of PKCS11 calls and get opensc debug log. See: https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC

[geihob]

................................................................
...............
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(630.33b4): Access violation - code c0000005 (first/second chance not available)
For analysis of this file, run !analyze -v
eax=00000000 ebx=00000000 ecx=00f5c034 edx=00f5c034 esi=00000000 edi=00000378
eip=77a7679c esp=0019da60 ebp=0019dacc iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200216
ntdll!NtWaitForSingleObject+0xc:
77a7679c c20c00          ret     0Ch
0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Analysis.CPU.mSec
    Value: 2546

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 1694018

    Key  : Analysis.Init.CPU.mSec
    Value: 202

    Key  : Analysis.Init.Elapsed.mSec
    Value: 34212

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 127

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 613

    Key  : Timeline.Process.Start.DeltaSec
    Value: 4

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Timestamp
    Value: 2022-05-06T12:50:00Z

    Key  : WER.OS.Version
    Value: 10.0.22621.1

    Key  : WER.Process.Version
    Value: 7.0.0.39


FILE_IN_CAB:  crashdump.dmp

CONTEXT:  (.ecxr)
eax=007b3000 ebx=00000000 ecx=00f5c034 edx=00f5c034 esi=007b3000 edi=007b0014
eip=00eb4baf esp=0019ee3c ebp=00000000 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
nsssh3!NSSSH_IsCheckInTimeModified+0xcaf:
00eb4baf f6401004        test    byte ptr [eax+10h],4       ds:002b:007b3010=??
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00eb4baf (nsssh3!NSSSH_IsCheckInTimeModified+0x00000caf)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 007b3010
Attempt to read from address 007b3010

PROCESS_NAME:  XshellCore.exe

READ_ADDRESS:  007b3010 

ERROR_CODE: (NTSTATUS) 0xc0000005 - 0x%p            0x%p                    %s

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  007b3010

STACK_TEXT:  
00000000 00000000     00000000 00000000 00000000 nsssh3!NSSSH_IsCheckInTimeModified+0xcaf


STACK_COMMAND:  ~0s; .ecxr ; kb

SYMBOL_NAME:  nsssh3+caf

MODULE_NAME: nsssh3

IMAGE_NAME:  nsssh3.dll

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_nsssh3.dll!Unknown

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x86

OSNAME:  Windows 10

IMAGE_VERSION:  7.0.0.38

FAILURE_ID_HASH:  {1ae78aa9-17ac-96e3-4b03-e7f816e7ff60}

Followup:     MachineOwner
---------

0:000> ~0s; .ecxr ; kb
eax=00000000 ebx=00000000 ecx=00f5c034 edx=00f5c034 esi=00000000 edi=00000378
eip=77a7679c esp=0019da60 ebp=0019dacc iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200216
ntdll!NtWaitForSingleObject+0xc:
77a7679c c20c00          ret     0Ch
eax=007b3000 ebx=00000000 ecx=00f5c034 edx=00f5c034 esi=007b3000 edi=007b0014
eip=00eb4baf esp=0019ee3c ebp=00000000 iopl=0         nv up ei pl nz na pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210206
nsssh3!NSSSH_IsCheckInTimeModified+0xcaf:
00eb4baf f6401004        test    byte ptr [eax+10h],4       ds:002b:007b3010=??
  *** Stack trace for last set context - .thread/.cxr resets it
 # ChildEBP RetAddr      Args to Child              
WARNING: Stack unwind information not available. Following frames may be wrong.
00 00000000 00000000     00000000 00000000 00000000 nsssh3!NSSSH_IsCheckInTimeModified+0xcaf

@dengert @Jakuje

[geihob]

的输出是什么pkcs15-tool.exe --read-ssh-key 01

你可以尝试使用腻子吗？

以为证书算法是opensc中间件处理的，所以没有考虑xshell是否支持ecc...

这还不清楚。

还可以尝试使用 OpenSC SPY 来获取 PKCS11 调用的跟踪并获取 opensc 调试日志。请参阅： https: //github.com/OpenSC/OpenSC/wiki/Using-OpenSC

pkcs15-tool.exe --read-ssh-key 01
Using reader with a card: Yubico YubiKey FIDO+CCID 0
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCbFQO09NGnBtLwqgMpKTi3NNroOtAw74pIOsGaU1kDC5OtxgJm0lQ1Otg9MEmZR+cVEvVIYPHhDMQvD/yIbF5c= PIV AUTH pubkey

[Jakuje]

I would say its a bug in the xshell. I do not see any indication of opensc functions in the backtrace and as the key can be used ok with the pkcs15-tool, there is not much we can do, except for recommending to use other ssh client. There is Putty-CAC, which (regardless of the name), should work with any smart cards and PKCS#11.

[geihob]

I would say its a bug in the xshell. I do not see any indication of opensc functions in the backtrace and as the key can be used ok with the pkcs15-tool, there is not much we can do, except for recommending to use other ssh client. There is Putty-CAC, which (regardless of the name), should work with any smart cards and PKCS#11.

I just tested Putty-CAC x86 , it becomes unresponsive for a while and then an error pops up.

[Jakuje]

This looks more promissing. Can you get a OpenSC debug log from this operation?

[dengert]

Also run pkcs11-tool -O look for usage on each key. (And please provide a OpenSC debug log from the failing operation.)

https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-piv.c#L534 list the default usage for the 01 cert i.e. 9A key.

If this is a non government PIV then here is where the certificate's keyUsage is obtained:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-piv.c#L812-L827
Here is where the usage is set for EC keys:
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/pkcs15-piv.c#L888-L927

You may also want to try Yubico's PKCS11 module:
https://developers.yubico.com/yubico-piv-tool/Releases/
https://support.yubico.com/hc/en-us/articles/360021606180-Using-YubiKey-PIV-with-Windows-native-SSH-client
https://developers.yubico.com/yubico-piv-tool/YKCS11/

Yubico/yubico-piv-tool#223 it is old but points out you may need to generate a CSR, have it signed by a CA so it has the correct correct keyUsage.

[geihob]

@dengert @Jakuje
I finally found that I still need to touch yubikey, Putty-CAC works normally, it should be a problem with xshell.