ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Emmanuel Dreyfus
Hello

I tried pam_p11 and I cannot get it working because the ASEkey does not
want to sign. Here is the log message on PMA failure;

su: fatal: pkcs11_sign failed

I tried pkcs11-tool -s to see how it goes. I get more debug messages:

$ echo "buz" | /usr/pkg//bin/pkcs11-tool -s          
Please enter User PIN:
Using signature algorithm RSA-X-509
[opensc-pkcs11] card-asepcos.c:553:asepcos_compute_signature: error
creating signature
[opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Wrong length
[opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: Wrong length
[opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature:
sc_compute_signature() failed: Wrong length
error: PKCS11 function C_SignFinal failed: rv = CKR_DATA_LEN_RANGE (0x21)

Aborting.

Is that known? Any workaround?

--
Emmanuel Dreyfus
[hidden email]
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Andreas Jellinghaus-2
how long is the key?

try a different value of RANDOM_SIZE in the source.
maybe we should simply use only 128 bits or something
like that as input (plus padding), 128 bytes?

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Martin Paljak-2
In reply to this post by Emmanuel Dreyfus
Hello,

On Jun 28, 2010, at 12:53 , Emmanuel Dreyfus wrote:
> I tried pam_p11 and I cannot get it working because the ASEkey does not
> want to sign. Here is the log message on PMA failure;
Please enable debugging in opensc.conf and send the full log of the pam_p11 failure.

> su: fatal: pkcs11_sign failed
>
> I tried pkcs11-tool -s to see how it goes. I get more debug messages:
>
> $ echo "buz" | /usr/pkg//bin/pkcs11-tool -s          
> Please enter User PIN:
> Using signature algorithm RSA-X-509
> [opensc-pkcs11] card-asepcos.c:553:asepcos_compute_signature: error
> creating signature
> [opensc-pkcs11] iso7816.c:99:iso7816_check_sw: Wrong length
> [opensc-pkcs11] sec.c:53:sc_compute_signature: returning with: Wrong length
> [opensc-pkcs11] pkcs15-sec.c:273:sc_pkcs15_compute_signature:
> sc_compute_signature() failed: Wrong length
> error: PKCS11 function C_SignFinal failed: rv = CKR_DATA_LEN_RANGE (0x21)
This is a very simplistic method that is prone to errors, which takes the first reported and supposedly working method and tries to sign with it, in this case RSA-X-509 which is described as follows in PKCS#11 spec:


"""
The X.509 (raw) RSA mechanism, denoted CKM_RSA_X_509, is a multi-purpose
mechanism based on the RSA public-key cryptosystem. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. All these operations are based on so- called “raw” RSA, as assumed in X.509.

“Raw” RSA as defined here encrypts a byte string by converting it to an integer, most- significant byte first, applying “raw” RSA exponentiation, and converting the result to a byte string, most-significant byte first. The input string, considered as an integer, must be less than the modulus; the output string is also less than the modulus.
"""

Without checking further  and without seeing the full log (what version of OpenSC are you using? If you compile from source, could you try the latest svn snapshot?) I suspect that the "buz" is sent verbatim to the card and of course, it does not match the key length and card replies with the given error.

I don't know by heart what pam_p11 tries to do, please send the log by modifying opensc.config when trying to use pam_p11 (and also when using pkcs11-tool -s, as separate clean log files if possible).


--
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Emmanuel Dreyfus
Martin Paljak <[hidden email]> wrote:

>  suspect that the "buz" is sent verbatim to the card and of course, it
> does not match the key length and card replies with the given error.

Indeed this was the problem: if the input is the same length as the key,
there is no error.

dd if=/dev/zero bs=128 count=1|/usr/local/bin/pkcs11-tool --sign
1+0 records in
1+0 records out
128 bytes transferred in 0.000071 secs (1801580 bytes/sec)
Please enter User PIN:
(binary stuff)
Using signature algorithm RSA-X-509


Reading the sources, pam_p11 sends 128 bytes of data (does that means it
only work with a 1024 bit key?)

#define RANDOM_SIZE 128
(...)
rv = PKCS11_sign(NID_sha1, rand_bytes, RANDOM_SIZE, signature, &siglen,
                         authkey);

I'll investigate further later today.

--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
[hidden email]
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Andreas Jellinghaus-2
Am Dienstag 29 Juni 2010, um 05:08:59 schrieb Emmanuel Dreyfus:
> Reading the sources, pam_p11 sends 128 bytes of data (does that means it
> only work with a 1024 bit key?)
>
> #define RANDOM_SIZE 128
> (...)
> rv = PKCS11_sign(NID_sha1, rand_bytes, RANDOM_SIZE, signature, &siglen,
>                          authkey);
>
> I'll investigate further later today.

yes, I guess it is propably broken. since the NID_sha1 is used, it should use
instead a size that is typical for sha-1 (20 bytes IIRC), and the rest should
be padded. some cards might allow certain sizes for signature (hash) data
only, and "128 bytes" doesn't fit any hash I know, so it is a bogus value
and should be changed.

but it worked for some cards that I tested in the past.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

[SOLVED][PATCH] Re: ASEkey cannot sign: "sc_compute_signature() failed: Wrong length"

Emmanuel Dreyfus
On Tue, Jun 29, 2010 at 07:23:14AM +0200, Andreas Jellinghaus wrote:
> yes, I guess it is propably broken. since the NID_sha1 is used, it should use
> instead a size that is typical for sha-1 (20 bytes IIRC)

Here is a patch that fixes the problem. It also addresses minor
build problems with OpenPAM and NetBSD.

--- src/pam_p11.c.orig  2010-06-29 08:56:07.000000000 +0200
+++ src/pam_p11.c       2010-06-29 09:05:03.000000000 +0200
@@ -21,10 +21,16 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 
+#include <openssl/sha.h>
+
 #include <libp11.h>
 
+#ifdef __NetBSD__
+#define NO_STATIC_MODULES
+#endif
+
 /* We have to make this definitions before we include the pam header files! */
 #define PAM_SM_AUTH
 #define PAM_SM_ACCOUNT
 #define PAM_SM_SESSION
@@ -43,9 +49,9 @@
 
 #define LOGNAME   "pam_p11"    /* name for log-file entries */
 
 #define RANDOM_SOURCE "/dev/urandom"
-#define RANDOM_SIZE 128
+#define RANDOM_SIZE SHA_DIGEST_LENGTH
 #define MAX_SIGSIZE 256
 
 extern int match_user(X509 * x509, const char *login);

--- src/test.c.orig     2010-06-25 16:25:28.000000000 +0200
+++ src/test.c  2010-06-25 16:25:39.000000000 +0200
@@ -1,9 +1,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 
 #include <security/pam_appl.h>
+#ifndef OPENPAM
 #include <security/pam_misc.h>
+#endif /* OPENPAM */
 #include <security/pam_modules.h>
 
 int main(int argc, char **argv)
 {



--
Emmanuel Dreyfus
[hidden email]
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user