Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = point is not on curve #3164

Open
no-usernames-left opened this issue May 30, 2024 · 3 comments
Open

OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = point is not on curve #3164

no-usernames-left opened this issue May 30, 2024 · 3 comments

Comments

@no-usernames-left
Copy link

no-usernames-left commented May 30, 2024
edited

Problem Description

Having a brainpoolP256t1 key on a SmartCard-HSM (firmware 3.6, key created on-card using Smart Card Shell) results in the following errors being thrown when attempting to SSH into a machine and the keys on the card are retrieved, as well as when ssh-keygen -D /usr/lib/opensc-pkcs11.so -e is invoked:

ossl_error: o2i_ECPublicKey failed
ossl_error: libcrypto error: error:0800006B:elliptic curve routines::point is not on curve
ossl_error: libcrypto error: error:08080010:elliptic curve routines::EC lib
failed to fetch key

Is this actually a problem with OpenSSL or OpenSSH?
@Jakuje
Copy link
Member

Jakuje commented May 31, 2024

I think this is a problem of OpenSSH. There is no support for brainpool curves in SSH specification so it should just ignore the brainpool keys. I would open an issue for OpenSSH for that in https://bugzilla.mindrot.org/

@no-usernames-left
Copy link
Author

Interestingly, this error is only thrown against the twisted-curve brainpoolP256t1, not against any other brainpool key that's on the SC-HSM (brainpoolP512r1, brainpoolP384r1, brainpool320r1, brainpoolP256r1, brainpoolP224r1, brainpoolP192r1, all of which appear as ssh-unknown, which is fine for me because it's not throwing errors against them).

I should have shown you more of the output; my apologies. Here we go:

$ ssh-keygen -D /usr/lib/opensc-pkcs11.so -e -vv
debug1: provider /usr/lib/opensc-pkcs11.so: manufacturerID <OpenSC Project> cryptokiVersion 2.20 libraryDescription <OpenSC smartcard framework> libraryVersion 0.25
debug1: provider /usr/lib/opensc-pkcs11.so slot 0: label <DECCnnnnnnn (UserPIN)> manufacturerID <www.CardContact.de> model <PKCS#15 emulated> serial <DECCnnnnnnn> flags 0x50d
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 1 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 2 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 3 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 4 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 5 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug1: have 6 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 7 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: ECDSA SHA256:[snip]
debug1: have 8 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: ECDSA SHA256:[snip]
debug1: have 9 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: ECDSA SHA256:[snip]
debug1: have 10 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 11 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 12 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 13 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 14 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 15 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 16 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 17 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 18 keys
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 19 keys
ossl_error: o2i_ECPublicKey failed
ossl_error: libcrypto error: error:0800006B:elliptic curve routines::point is not on curve
ossl_error: libcrypto error: error:08080010:elliptic curve routines::EC lib
debug1: pkcs11_k11_free: parent 0x5fad4c6a5f40 ptr (nil) idx 1
failed to fetch key
debug2: pkcs11_fetch_keys: provider /usr/lib/opensc-pkcs11.so slot 0: unknown SHA256:[snip]
debug1: have 20 keys
debug2: pkcs11_fetch_certs: provider /usr/lib/opensc-pkcs11.so slot 0: RSA SHA256:[snip]
debug2: pkcs11_fetch_certs: key already included
debug1: pkcs11_k11_free: parent 0x5fad4c6b2790 ptr 0x5fad4c6b1f90 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 21
ssh-rsa [snip] DevNetCA/My Name Goes Here [Timestamp Goes Here]
debug1: pkcs11_k11_free: parent 0x5fad4c68dd90 ptr 0x5fad4c696050 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 21
ssh-rsa [snip] RSA4096
debug1: pkcs11_k11_free: parent 0x5fad4c68daf0 ptr 0x5fad4c69d490 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 20
ssh-rsa [snip] RSA3072
debug1: pkcs11_k11_free: parent 0x5fad4c68d850 ptr 0x5fad4c69dca0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 19
ssh-rsa [snip] RSA2048
debug1: pkcs11_k11_free: parent 0x5fad4c68d5b0 ptr 0x5fad4c69e180 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 18
ssh-rsa [snip] RSA1536
debug1: pkcs11_k11_free: parent 0x5fad4c68d310 ptr 0x5fad4c69e5f0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 17
ssh-rsa [snip] RSA1024
debug1: pkcs11_k11_free: parent 0x5fad4c677460 ptr 0x5fad4c69e960 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 16
ssh-unknown [snip] Group Signer
debug1: pkcs11_k11_free: parent 0x5fad4c69eb50 ptr 0x5fad4c69f8e0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 15
ecdsa-sha2-nistp521 [snip] secp521r1
debug1: pkcs11_k11_free: parent 0x5fad4c69f350 ptr 0x5fad4c69fef0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 14
ecdsa-sha2-nistp384 [snip] secp384r1
debug1: pkcs11_k11_free: parent 0x5fad4c69ecf0 ptr 0x5fad4c6a0c80 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 13
ecdsa-sha2-nistp256 [snip] secp256r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a05d0 ptr 0x5fad4c6a1550 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 12
ssh-unknown [snip] secp192r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a09b0 ptr 0x5fad4c6a0e10 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 11
ssh-unknown [snip] brainpoolP512r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a0c10 ptr 0x5fad4c6a28b0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 10
ssh-unknown [snip] brainpoolP384r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a1f10 ptr 0x5fad4c6a2010 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 9
ssh-unknown [snip] brainpoolP320r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a07a0 ptr 0x5fad4c6a3ba0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 8
ssh-unknown [snip] brainpoolP256r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a2100 ptr 0x5fad4c6a4300 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 7
ssh-unknown [snip] brainpoolP224r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a1c30 ptr 0x5fad4c6a4c10 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 6
ssh-unknown [snip] brainpoolP192r1
debug1: pkcs11_k11_free: parent 0x5fad4c6a4690 ptr 0x5fad4c6a52a0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 5
ssh-unknown [snip] secp256k1
debug1: pkcs11_k11_free: parent 0x5fad4c6a4f10 ptr 0x5fad4c6a5bc0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 4
ssh-unknown [snip] secp192k1
debug1: pkcs11_k11_free: parent 0x5fad4c6a56a0 ptr 0x5fad4c6a4700 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 3
ssh-unknown [snip] XKEK Exchange
debug1: pkcs11_k11_free: parent 0x5fad4c6a66d0 ptr 0x5fad4c6a6ce0 idx 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 2
debug1: pkcs11_provider_finalize: provider "/usr/lib/opensc-pkcs11.so" refcount 1 valid 1
debug1: pkcs11_provider_unref: provider "/usr/lib/opensc-pkcs11.so" refcount 1
$

To me, the fact that every line beginning with ssh- names every single key on the card except the brainpoolP256t1 is the smoking gun that the twisted-curve brainpool is what's being choked on.

List of relevant software installed:

linux-lts 6.6.32-1
opensc 0.25.1-1
openssh 9.7p1-2
openssl 3.3.0-1
ccid 1.5.5-1
pcsclite 2.2.3-1

I really don't think the problem is in OpenSSH because the errors in question start with ossl, but perhaps this is a red herring.

@Jakuje
Copy link
Member

Jakuje commented May 31, 2024

The error message in question comes from this line:

https://github.com/openssh/openssh-portable/blob/f1c8918cb98459910fb159373baea053ba4108c0/ssh-pkcs11.c#L787

Even though it might be that either OpenSSL or OpenSC presented the OpenSSH the key that is not valid for some reason, but unfortunately, this is where my experience with BP curves ends.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jakuje @no-usernames-left