On Jun 28, 2010, at 12:53 , Emmanuel Dreyfus wrote:
> I tried pam_p11 and I cannot get it working because the ASEkey does not
> want to sign. Here is the log message on PMA failure;
Please enable debugging in opensc.conf and send the full log of the pam_p11 failure.
> su: fatal: pkcs11_sign failed
> I tried pkcs11-tool -s to see how it goes. I get more debug messages:
> $ echo "buz" | /usr/pkg//bin/pkcs11-tool -s
> Please enter User PIN:
> Using signature algorithm RSA-X-509
> [opensc-pkcs11] card-asepcos.c:553:asepcos_compute_signature: error
> creating signature
> [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Wrong length
> [opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: Wrong length
> [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature:
> sc_compute_signature() failed: Wrong length
> error: PKCS11 function C_SignFinal failed: rv = CKR_DATA_LEN_RANGE (0x21)
This is a very simplistic method that is prone to errors, which takes the first reported and supposedly working method and tries to sign with it, in this case RSA-X-509 which is described as follows in PKCS#11 spec:
The X.509 (raw) RSA mechanism, denoted CKM_RSA_X_509, is a multi-purpose
mechanism based on the RSA public-key cryptosystem. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. All these operations are based on so- called “raw” RSA, as assumed in X.509.
“Raw” RSA as defined here encrypts a byte string by converting it to an integer, most- significant byte first, applying “raw” RSA exponentiation, and converting the result to a byte string, most-significant byte first. The input string, considered as an integer, must be less than the modulus; the output string is also less than the modulus.
Without checking further and without seeing the full log (what version of OpenSC are you using? If you compile from source, could you try the latest svn snapshot?) I suspect that the "buz" is sent verbatim to the card and of course, it does not match the key length and card replies with the given error.
I don't know by heart what pam_p11 tries to do, please send the log by modifying opensc.config when trying to use pam_p11 (and also when using pkcs11-tool -s, as separate clean log files if possible).
> suspect that the "buz" is sent verbatim to the card and of course, it
> does not match the key length and card replies with the given error.
Indeed this was the problem: if the input is the same length as the key,
there is no error.
dd if=/dev/zero bs=128 count=1|/usr/local/bin/pkcs11-tool --sign
1+0 records in
1+0 records out
128 bytes transferred in 0.000071 secs (1801580 bytes/sec)
Please enter User PIN:
Using signature algorithm RSA-X-509
Reading the sources, pam_p11 sends 128 bytes of data (does that means it
only work with a 1024 bit key?)
Am Dienstag 29 Juni 2010, um 05:08:59 schrieb Emmanuel Dreyfus:
> Reading the sources, pam_p11 sends 128 bytes of data (does that means it
> only work with a 1024 bit key?)
> #define RANDOM_SIZE 128
> rv = PKCS11_sign(NID_sha1, rand_bytes, RANDOM_SIZE, signature, &siglen,
> I'll investigate further later today.
yes, I guess it is propably broken. since the NID_sha1 is used, it should use
instead a size that is typical for sha-1 (20 bytes IIRC), and the rest should
be padded. some cards might allow certain sizes for signature (hash) data
only, and "128 bytes" doesn't fit any hash I know, so it is a bogus value
and should be changed.
but it worked for some cards that I tested in the past.
On Tue, Jun 29, 2010 at 07:23:14AM +0200, Andreas Jellinghaus wrote:
> yes, I guess it is propably broken. since the NID_sha1 is used, it should use
> instead a size that is typical for sha-1 (20 bytes IIRC)
Here is a patch that fixes the problem. It also addresses minor
build problems with OpenPAM and NetBSD.
/* We have to make this definitions before we include the pam header files! */
@@ -43,9 +49,9 @@
#define LOGNAME "pam_p11" /* name for log-file entries */