Issues verifying PIV signatures

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Issues verifying PIV signatures

Charlie Bancroft
Hi,
I am not sure if this is more of a question for the OpenSC-devel or for the OpenSSL lists but here it goes.

I have been working on integrating PIV cards into our software program architecture and have run into an issue verifying the signatures generated by PIV cards.  I have generated the signature using openssl through engine_pkcs11 and opensc-pkcs11 and I cannot get it to verify. No matter what I do the output from OpenSSL returns with:

139868424963728:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139868424963728:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:721:

The script I am using to sign and verify this is:

#!/bin/bash
# Usage: $0 <name of file to sign> <private key identifier for engine>

cat >asn1.conf <<EOF
asn1 = SEQUENCE:digest_info_and_digest

[digest_info_and_digest]
dinfo = SEQUENCE:digest_info
digest = FORMAT:HEX,OCT:`openssl dgst -sha1 $1 |cut -f 2 -d ' '`

[digest_info]
algid = OID:1.3.14.3.2.26
params = NULL

EOF

openssl << EOT
engine dynamic -vvvv -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
    -pre ID:pkcs11 -pre NO_VCHECK:1 \
    -pre LIST_ADD:1 -pre LOAD  \
    -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so

asn1parse -i -genconf asn1.conf -out $1.dgst.asn1
rsautl -engine pkcs11 -keyform engine -sign -in $1.dgst.asn1 -inkey $2 -out $1.sig.rsa
rsautl -engine pkcs11 -keyform engine -verify -in $1.sig.rsa -inkey $2 -out $1.dgst.asn1_v
EOT

Note that this script was created to replicate an issue being seen in our code trying to verify using the EVP_Verify* API calls once the signature was generated and uses the script from 

Am I doing something incorrect to generate the signature so that is can't be verified?  Or could there be an issue with the signature generation from the card??
Charles Bancroft
Software Engineer
Raytheon BBN Technologies

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Issues verifying PIV signatures

Markus Kötter
Hello,

I do not have a PIV card, but opensc compatible cards, a Dell Keyboard
with integrated reader, opensc 0.12 and openssl 1.0.1.

On 08/23/2013 05:27 PM, Charlie Bancroft wrote:
> I am not sure if this is more of a question for the OpenSC-devel or for
> the OpenSSL lists but here it goes.

The attached script works fine for me.
Basically I disabled pinpad in opensc.conf, added
     -pre VERBOSE \
     -pre PIN:$3

removed -pre NO_VCHECK:1

result is, it does not complain about anything and the resulting file is
verified.

./sign.sh sign.sh slot_1-id_23102b881918fc430affa651939f76520ea26169 823423
...
    13:d=1  hl=2 l=  20 prim: OCTET STRING      [HEX
DUMP]:B6716639213C8E94BD7F108F9498E0FB97726544

sha1sum sign.sh
b6716639213c8e94bd7f108f9498e0fb97726544  sign.sh

Maybe you got a public key on the card which does not match the private
key with the same id?
I'd format the card, recreate the key.
And - in case there were any changes, reset openssl.cnf


MfG
Markus


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

sign.sh (861 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Issues verifying PIV signatures

Douglas E. Engert
In reply to this post by Charlie Bancroft


On 8/23/2013 10:27 AM, Charlie Bancroft wrote:

> Hi,
> I am not sure if this is more of a question for the OpenSC-devel or for the OpenSSL lists but here it goes.
>
> I have been working on integrating PIV cards into our software program architecture and have run into an issue verifying the signatures generated by PIV cards.  I have generated the signature using
> openssl through engine_pkcs11 and opensc-pkcs11 and I cannot get it to verify. No matter what I do the output from OpenSSL returns with:
>
> 139868424963728:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
> 139868424963728:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:721:
>
> The script I am using to sign and verify this is:
>
> #!/bin/bash
> # Usage: $0 <name of file to sign> <private key identifier for engine>
>
> cat >asn1.conf <<EOF
> asn1 = SEQUENCE:digest_info_and_digest
>
> [digest_info_and_digest]
> dinfo = SEQUENCE:digest_info
> digest = FORMAT:HEX,OCT:`openssl dgst -sha1 $1 |cut -f 2 -d ' '`
>
> [digest_info]
> algid = OID:1.3.14.3.2.26
> params = NULL
>
> EOF
>
> openssl << EOT
> engine dynamic -vvvv -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
>      -pre ID:pkcs11 -pre NO_VCHECK:1 \
>      -pre LIST_ADD:1 -pre LOAD  \
>      -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
>
> asn1parse -i -genconf asn1.conf -out $1.dgst.asn1
> rsautl -engine pkcs11 -keyform engine -sign -in $1.dgst.asn1 -inkey $2 -out $1.sig.rsa
> rsautl -engine pkcs11 -keyform engine -verify -in $1.sig.rsa -inkey $2 -out $1.dgst.asn1_v
> EOT
>
> Note that this script was created to replicate an issue being seen in our code trying to verify using the EVP_Verify* API calls once the signature was generated and uses the script from
> http://stackoverflow.com/questions/9951559/difference-between-openssl-rsautl-and-dgst as reference material.
The above script was to show how rsautl has issues. Have your tried using the dgst
instead, which will create the hash and then sign it. See this example:

http://stackoverflow.com/questions/5140425/openssl-command-line-to-verify-the-signature

Also note that the PIV card has 4 certs and keys. The id=02 to use the 9C key and signature certificate.

Also see the attached test.sig.2.sh script that uses dgst and slot_1-id_02 to identify the cert to use.


If you want to see what is actually sent to and from the card. you
can use pcscd debugging: pcscd -f -d -a
or add to the opensc.conf something like:
  debug = 7;
  debug_file = /tmp/opensc.debug.txt;





>
> Am I doing something incorrect to generate the signature so that is can't be verified?  Or could there be an issue with the signature generation from the card??
> Charles Bancroft
> Software Engineer
> Raytheon BBN Technologies
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

test.sign.2.sh (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Issues verifying PIV signatures

Douglas E. Engert
In reply to this post by Charlie Bancroft


On 8/23/2013 10:27 AM, Charlie Bancroft wrote:

> Hi,
> I am not sure if this is more of a question for the OpenSC-devel or for the OpenSSL lists but here it goes.
>
> I have been working on integrating PIV cards into our software program architecture and have run into an issue verifying the signatures generated by PIV cards.  I have generated the signature using
> openssl through engine_pkcs11 and opensc-pkcs11 and I cannot get it to verify. No matter what I do the output from OpenSSL returns with:
>
> 139868424963728:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
> 139868424963728:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:721:
>
> The script I am using to sign and verify this is:
>
> #!/bin/bash
> # Usage: $0 <name of file to sign> <private key identifier for engine>
>
> cat >asn1.conf <<EOF
> asn1 = SEQUENCE:digest_info_and_digest
>
> [digest_info_and_digest]
> dinfo = SEQUENCE:digest_info
> digest = FORMAT:HEX,OCT:`openssl dgst -sha1 $1 |cut -f 2 -d ' '`
>
> [digest_info]
> algid = OID:1.3.14.3.2.26
> params = NULL
>
> EOF
>
> openssl << EOT
> engine dynamic -vvvv -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so \
>      -pre ID:pkcs11 -pre NO_VCHECK:1 \
>      -pre LIST_ADD:1 -pre LOAD  \
>      -pre MODULE_PATH:/usr/lib/opensc-pkcs11.so
>
> asn1parse -i -genconf asn1.conf -out $1.dgst.asn1
> rsautl -engine pkcs11 -keyform engine -sign -in $1.dgst.asn1 -inkey $2 -out $1.sig.rsa
> rsautl -engine pkcs11 -keyform engine -verify -in $1.sig.rsa -inkey $2 -out $1.dgst.asn1_v
> EOT
>
> Note that this script was created to replicate an issue being seen in our code trying to verify using the EVP_Verify* API calls once the signature was generated and uses the script from
> http://stackoverflow.com/questions/9951559/difference-between-openssl-rsautl-and-dgst as reference material.
The above script was to show how rsautl has issues. Have your tried using the dgst
instead, which will create the hash and then sign it. See this example:

http://stackoverflow.com/questions/5140425/openssl-command-line-to-verify-the-signature

Also note that the PIV card has 4 certs and keys. The id=02 to use the 9C key and signature certificate.

Also see the attached test.sig.2.sh script that uses dgst and slot_1-id_02 to identify the cert to use.


If you want to see what is actually sent to and from the card. you
can use pcscd debugging: pcscd -f -d -a
or add to the opensc.conf something like:
   debug = 7;
   debug_file = /tmp/opensc.debug.txt;





>
> Am I doing something incorrect to generate the signature so that is can't be verified?  Or could there be an issue with the signature generation from the card??
> Charles Bancroft
> Software Engineer
> Raytheon BBN Technologies
>
>
> ------------------------------------------------------------------------------
> Introducing Performance Central, a new site from SourceForge and
> AppDynamics. Performance Central is your source for news, insights,
> analysis and resources for efficient Application Performance Management.
> Visit us today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--

   Douglas E. Engert  <[hidden email]>
   Argonne National Laboratory
   9700 South Cass Avenue
   Argonne, Illinois  60439
   (630) 252-5444


------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

test.sign.2.bash.txt (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Issues verifying PIV signatures

Charlie Bancroft
Ok, I finally tracked down the source of the issue.  Markus, you were dead on.  Thank you!  It turns out that the APDU on the wiki to erase the previous certificate was being rejected by the card when I provisioned it.  The response was swallowed by my provisioning script and never reported to me.  Because I reprovisioned the card without deleting the old cert, the public key was never updated for the new private key which caused all of these signing issues to pop up.  

My solution was to change the PUT DATA APDU for the 9A key to the following:
 piv-tool -A A:9B:03 -s 00:DB:3F:FF:07:5C:03:5F:C1:05:53:00

It seemed to like the 1 byte NULL instead of the 3 byte.  I am not sure if that happens to be a quirk of the card I am using or if that is something that is seen everywhere and the documentation needs to be updated.

Thanks again for helping out with this Markus and Douglas

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Issues verifying PIV signatures

Douglas E. Engert


On 8/26/2013 10:38 AM, Charlie Bancroft wrote:
> Ok, I finally tracked down the source of the issue.  Markus, you were dead on.  Thank you!  It turns out that the APDU on the wiki to erase the previous certificate was being rejected by the card when
> I provisioned it.  The response was swallowed by my provisioning script and never reported to me.  Because I reprovisioned the card without deleting the old cert, the public key was never updated for
> the new private key which caused all of these signing issues to pop up.
>
> My solution was to change the PUT DATA APDU for the 9A key to the following:
>   piv-tool -A A:9B:03 -s 00:DB:3F:FF:07:5C:03:5F:C1:05:53:00
>
> It seemed to like the 1 byte NULL instead of the 3 byte.  I am not sure if that happens to be a quirk of the card I am using or if that is something that is seen everywhere and the documentation needs
> to be updated.

NIST 800-73 does not specify how to delete an object on the card.
It only specifies there is a PUT DATA command.
Each vendor may have a different way to do it, and each vendor
may require different authentication before allowing a PUT DATA
command. That is why the piv-tool -A [A|M]:key:ref -s
is used to do it.

Some cards I have worked with required -s 00:DB:3F:FF:09:5C:03:5F:C1:05:53:00:00:00

Consult the card vendor's documentation as to how to delete
an object or replace the contents of an object.




>
> Thanks again for helping out with this Markus and Douglas

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and
AppDynamics. Performance Central is your source for news, insights,
analysis and resources for efficient Application Performance Management.
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel