Fwd: Bugs in pkcs11-tool and/or card-tcos.c

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Peter Koch-3
Hi all

I removed some bugs in card-tcos.c (see attached patch)

Now pkcs15-tool and pkcs15-crypt work as espected with
all kinds of TCOS cards.

There is still one problem with pkcs11-tool but I'm not
sure whether this one is caused by the card-driver or
by the pkcs11-layer.

Maybe you can help.

Here's output of pkcs15-tool -k

Private RSA Key [Signatur Schlüssel]
        Com. Flags  : 1
        Usage       : [0x204], sign, nonRepudiation
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
        ModLength   : 1024
        Key ref     : 128
        Native      : yes
        Path        : 8000DF015331
        Auth ID     : 05
        ID          : 0a

Private RSA Key [Authentifzierungs Schlüssel]
        Com. Flags  : 1
        Usage       : [0x7], encrypt, decrypt, sign
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
        ModLength   : 1024
        Key ref     : 128
        Native      : yes
        Path        : 800082008210
        Auth ID     : 06
        ID          : 0b

Private RSA Key [Verschlüsselungs Schlüssel]
        Com. Flags  : 1
        Usage       : [0x7], encrypt, decrypt, sign
        Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract,
local
        ModLength   : 1024
        Key ref     : 128
        Native      : yes
        Path        : 800083008310
        Auth ID     : 07
        ID          : 0c

Please notice that the first key can do signatures ONLY, while the
other one can do signatures AND encryption/decryption.

Now

pkcs11-tool -t --slot 0 --login

fails while both

pkcs11-tool -t --slot 1 --login
pkcs11-tool -t --slot 2 --login

work fine. This is due to the fact, that pkcs11-tool tries
to do a signature-computation for 128 bytes, but with
TCOS a signature-key can compute signatures for 48 bytes at
most. Hence we get a 6A87-error (Lc incompaible with P1/P2)

I assume that this restriction (Lc <= 48 for a 00 2A 9E 9A
PSO command) is NOT card specific. If that was the case
there would be a problem within the pkcs11-layer.

Peter Koch


Here's the relevant part of the debug-output from
pkcs11-tool -t --slot 0 --login

.....
framework-pkcs15.c:1785:pkcs15_prkey_sign: Initiating signing operation,
mechanism 0x3.
framework-pkcs15.c:1829:pkcs15_prkey_sign: Selected flags 1. Now computing
signature for 128 bytes. 1024 bytes reserved.
pkcs15-sec.c:162:sc_pkcs15_compute_signature: called
card.c:741:sc_select_file: called; type=2, path=8000df015331
card.c:254:sc_transmit_apdu: called
card.c:221:sc_transceive: Sending 12 bytes (resp. 258 bytes):
00 A4 08 00 06 80 00 DF 01 53 31 FF .........S1.
card.c:274:sc_transmit_apdu: Received 37 bytes (SW1=90 SW2=00)
6F 23 83 02 53 31 81 02 01 92 82 03 03 41 43 85 o#..S1.......AC.
06 01 C8 00 90 00 00 86 0C 2B 02 00 00 FF FF EF .........+......
00 00 00 FF FF                                  .....
card-tcos.c:494:hacked_iso7816_select_file: returning with: 0
card.c:763:sc_select_file: returning with: 0
sec.c:63:sc_set_security_env: called
card-tcos.c:630:tcos_set_security_env: Security Environment 1:80
card-tcos.c:634:tcos_set_security_env: Sign-Operation with Default Security
Environment
card.c:254:sc_transmit_apdu: called
card.c:221:sc_transceive: Sending 8 bytes (resp. 258 bytes):
00 22 C1 B8 03 84 01 80 ."......
card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=90 SW2=00)
sec.c:67:sc_set_security_env: returning with: 0
sec.c:49:sc_compute_signature: called
card.c:254:sc_transmit_apdu: called
card.c:221:sc_transceive: Sending 134 bytes (resp. 258 bytes, sensitive):
00 2A 9E 9A 80 00 01 05 08 8D E4 05 08 A2 E4 05 .*..............
08 28 99 06 08 10 02 00 00 20 02 00 00 40 02 00 .(....... ...@..
00 FF FF FF 00 8E 7F D6 77 F6 DA 2E 2F 7A E9 2F ........w.../z./
64 36 7D CB F4 23 D7 F0 42 00 00 00 00 00 00 00 d6}..#..B.......
00 06 00 00 00 10 BA 06 08 D8 9F 06 08 E0 B7 06 ................
08 C6 F0 27 40 90 AD 28 40 00 00 00 00 E8 F5 FF ...'@..(@.......
BF 2E F1 27 40 DA 79 A5 8F B8 83 3D 61 F6 32 16 ...'@.y....=a.2.
17 E3 FD F0 56 26 5F B7 CD 90 AD 28 40 08 F6 FF ....V&_....(@...
BF CA E3 27 40 00                               ...'@.
card.c:274:sc_transmit_apdu: Received 0 bytes (SW1=6A SW2=87)
iso7816.c:98:iso7816_check_sw: Lc inconsistent with P1-P2
card-tcos.c:742:tcos_compute_signature: returning with: Incorrect parameters
in APDU
sec.c:53:sc_compute_signature: returning with: Incorrect parameters in APDU
pkcs15-sec.c:331:sc_pkcs15_compute_signature: sc_compute_signature() failed:
Incorrect parameters in APDU
framework-pkcs15.c:1849:pkcs15_prkey_sign: Sign complete. Result -1205.
pkcs11-object.c:583:C_SignFinal: C_SignFinal returns 32
error: PKCS11 function C_SignFinal failed: rv = CKR_DATA_INVALID (0x20)

--
Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Andreas Jellinghaus-2
Hi Peter,

Am Sonntag 16 Oktober 2005 15:26 schrieb Peter Koch:
> I removed some bugs in card-tcos.c (see attached patch)

thanks, commited.

> Now pkcs15-tool and pkcs15-crypt work as espected with
> all kinds of TCOS cards.

were already working fine for me, did not retest.

I tried pkcs11-tool, and it works fine for the second and third
key now. great! but same problem you have with pkcs11-tool
on the first key.

> work fine. This is due to the fact, that pkcs11-tool tries
> to do a signature-computation for 128 bytes, but with
> TCOS a signature-key can compute signatures for 48 bytes at
> most. Hence we get a 6A87-error (Lc incompaible with P1/P2)
>
> I assume that this restriction (Lc <= 48 for a 00 2A 9E 9A
> PSO command) is NOT card specific. If that was the case
> there would be a problem within the pkcs11-layer.

I changed line 2247 of pkcs11-tool.c, but that didn't help at
all. I guess there is more to it than this. If you want I can
send log files, but they look the same.

in pkcs15-sec.c sc_pkcs15_compute_signature
the flags are checked which padding is used,
and depending on that the size of the data to be signed
is set.

the fallback is RAW_RSA and then the length is set
to the key size (modulus_length / 8).

Is CM_RSA_X_509 raw rsa? does the card support that?
(if not is there a way for pkcs11-tool to detect?)

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Stef Hoeben-2
Hi,

Andreas Jellinghaus wrote:

>Hi Peter,
>
>Am Sonntag 16 Oktober 2005 15:26 schrieb Peter Koch:
>  
>
>>I removed some bugs in card-tcos.c (see attached patch)
>>    
>>
>
>thanks, commited.
>
>  
>
>>Now pkcs15-tool and pkcs15-crypt work as espected with
>>all kinds of TCOS cards.
>>    
>>
>
>were already working fine for me, did not retest.
>
>I tried pkcs11-tool, and it works fine for the second and third
>key now. great! but same problem you have with pkcs11-tool
>on the first key.
>
>  
>
>>work fine. This is due to the fact, that pkcs11-tool tries
>>to do a signature-computation for 128 bytes, but with
>>TCOS a signature-key can compute signatures for 48 bytes at
>>most. Hence we get a 6A87-error (Lc incompaible with P1/P2)
>>
>>I assume that this restriction (Lc <= 48 for a 00 2A 9E 9A
>>PSO command) is NOT card specific. If that was the case
>>there would be a problem within the pkcs11-layer.
>>    
>>
>
>I changed line 2247 of pkcs11-tool.c, but that didn't help at
>all. I guess there is more to it than this. If you want I can
>send log files, but they look the same.
>
>in pkcs15-sec.c sc_pkcs15_compute_signature
>the flags are checked which padding is used,
>and depending on that the size of the data to be signed
>is set.
>
>the fallback is RAW_RSA and then the length is set
>to the key size (modulus_length / 8).
>
>Is CM_RSA_X_509 raw rsa? does the card support that?
>  
>
Yes, it's raw rsa.

According to line 85 in card-tcos.c, the cards supports it:
    flags = SC_ALGORITHM_RSA_RAW

>(if not is there a way for pkcs11-tool to detect?)
>  
>
Sort of: the card flags are translated into pkcs11 mechanisms.

Cheers,
Stef
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Andreas Jellinghaus-2
In reply to this post by Peter Koch-3
good to see I can still read code :)

I changed card-tcos.c and remove the raw RSA flag,
and now pkcs11-tool works fine. Could you please check
if tcos supports raw rsa? or maybe the signature key was
modified to not allow raw rsa?

If I understand things right, you can also decrypt with raw
rsa and thus a "signature only" flag would be pretty
pointless, right?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Nils Larsch
In reply to this post by Stef Hoeben-2
Stef Hoeben wrote:

> Hi,
>
> Andreas Jellinghaus wrote:
>
>> Hi Peter,
>>
>> Am Sonntag 16 Oktober 2005 15:26 schrieb Peter Koch:
>>  
>>
>>> I removed some bugs in card-tcos.c (see attached patch)
>>>  
>>
>>
>> thanks, commited.
>>
>>  
>>
>>> Now pkcs15-tool and pkcs15-crypt work as espected with
>>> all kinds of TCOS cards.
>>>  
>>
>>
>> were already working fine for me, did not retest.
>>
>> I tried pkcs11-tool, and it works fine for the second and third
>> key now. great! but same problem you have with pkcs11-tool
>> on the first key.
>>
>>  
>>
>>> work fine. This is due to the fact, that pkcs11-tool tries
>>> to do a signature-computation for 128 bytes, but with
>>> TCOS a signature-key can compute signatures for 48 bytes at
>>> most. Hence we get a 6A87-error (Lc incompaible with P1/P2)
>>>
>>> I assume that this restriction (Lc <= 48 for a 00 2A 9E 9A
>>> PSO command) is NOT card specific. If that was the case
>>> there would be a problem within the pkcs11-layer.
>>>  
>>
>>
>> I changed line 2247 of pkcs11-tool.c, but that didn't help at
>> all. I guess there is more to it than this. If you want I can
>> send log files, but they look the same.
>>
>> in pkcs15-sec.c sc_pkcs15_compute_signature
>> the flags are checked which padding is used,
>> and depending on that the size of the data to be signed
>> is set.
>>
>> the fallback is RAW_RSA and then the length is set
>> to the key size (modulus_length / 8).
>>
>> Is CM_RSA_X_509 raw rsa? does the card support that?
>>  
>>
> Yes, it's raw rsa.
>
> According to line 85 in card-tcos.c, the cards supports it:
>    flags = SC_ALGORITHM_RSA_RAW

of course this somewhat inaccurate as the supported mech is
key specific (and not card) so a key may support rsa raw but
it's not guarantded.

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Nils Larsch
In reply to this post by Andreas Jellinghaus-2
Andreas Jellinghaus wrote:
...
> I changed card-tcos.c and remove the raw RSA flag,
> and now pkcs11-tool works fine. Could you please check
> if tcos supports raw rsa?

it depends on the key

> or maybe the signature key was
> modified to not allow raw rsa?

afaik does the PSO COMPUTE SIGNATURE command not support raw rsa
however one can also create signature with the decryption operation
and with this operation TCOS supports raw rsa.

>
> If I understand things right, you can also decrypt with raw
> rsa and

yep

> thus a "signature only" flag would be pretty
> pointless, right?

yep, that's why it's not allowed for signature key

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

RE: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Stef Hoeben-2
In reply to this post by Peter Koch-3
Hi,

It's pointless in the sense that it's technically indeed possible to decrypt
in that case;
_but_ our soft should still check if it's allowed to do this (by checking
the key usage
flags in the cert).

Cheers,
Stef

-----Original Message-----
From: Andreas Jellinghaus [mailto:[hidden email]]
Sent: maandag 17 oktober 2005 10:28
To: [hidden email]
Subject: Re: [opensc-devel] Fwd: Bugs in pkcs11-tool and/or card-tcos.c


good to see I can still read code :)

I changed card-tcos.c and remove the raw RSA flag,
and now pkcs11-tool works fine. Could you please check
if tcos supports raw rsa? or maybe the signature key was modified to not
allow raw rsa?

If I understand things right, you can also decrypt with raw
rsa and thus a "signature only" flag would be pretty
pointless, right?

Regards, Andreas _______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Andreas Jellinghaus-2
so, is this a showstopper for the release? I guess not.
the card works fine.

maybe we can also implement a way for pkcs11-tool to only
test some mechanism, not all? not sure if it is worth the
trouble.

will open a but report so we don't forget the issue.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bugs in pkcs11-tool and/or card-tcos.c

Nils Larsch
Andreas Jellinghaus wrote:
> so, is this a showstopper for the release? I guess not.
> the card works fine.

certainly not, it's just a minor annoyance

>
> maybe we can also implement a way for pkcs11-tool to only
> test some mechanism, not all? not sure if it is worth the
> trouble.

IMHO the better solution would be to test only the mech supported
by a specific key, however this would require some more changes in
libopensc ...

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel