libp11 uses 128 random bytes as "SHA1 hash"

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

libp11 uses 128 random bytes as "SHA1 hash"

Mikael Magnusson-5
Is this mailing list the preferred way to discuss the opensc libraries?
I thought I should ask since the list is not mentioned on OpenSC wiki on
github, at least I cannot find it.

I am trying to use a myeid card with pam-p11 (pam_p11_openssh.so), but
the card rejects the sign requests  with error CKR_DATA_LEN_RANGE.
During my debugging I have found that pam-p11 calls PKCS11_sign with
NID_sha1 and 128 random bytes as "m". Shouldn't a hash digest be
computed of the data and used in the call to PKCS11_sign?

>From pam_p11.c in pam-p11:

    #define RANDOM_SIZE 128
    ...
    rv = PKCS11_sign(NID_sha1, rand_bytes, RANDOM_SIZE, signature,
&siglen, authkey);

After reducing RANDOM_SIZE from 128 to 64 it works with MyEID.

/Mikael


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel