Problem with multiple keys with the same ID in the token

[istepic]

I have a token with 2 keys that have the same ID but different labels. The uniqueness of key IDs is not enforced by the standard and having different labels should be sufficient to differentiate between 2 keys. This seems to be the problem when doing a simple ECDSA. This has been tested with: pkcs11-tool version 0.20.0-3 libp11 version 0.4.12 softhsm2 version 2.5.0

Steps to reproduce:

2 keys with the same ID but different token label - ECDSA fails

root@f020bfa14221:/tmp# cat input 1234 root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --so-pin 1234 --token-label token-label -O Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441046d9772b7709e7fdb3e3db3af19ffe2ea9c20c477a8ac400094a6c1443d23579a286a010897980b0ad4ab82df18407a375e55244bd0e93a7a73cd260075b1b709 EC_PARAMS: 06082a8648ce3d030107 label: ecc-key-label ID: 12 <---- 2 keys with the same ID but different labels Usage: encrypt, verify, wrap, derive Access: local Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441049a9dcfe997db80861ed1f1673c7991ed93e88d73d1f79edfaee6999cf951de6ab8623a6c71959494c1d569e522b19e95ee086e6144c9b3305348291302ef3d36 EC_PARAMS: 06082a8648ce3d030107 label: ID: 12 <---- 2 keys with the same ID but different labels Usage: encrypt, verify, wrap, derive Access: local Public Key Object; EC EC_POINT 256 bits EC_POINT: 0441042fafd91080237de85e50b6b52becbecd3da9fd296a6d70e26c04f3673a79ef058ac1d26436a2cc33441999a368610b85475afbdc2754b58bdd0aa9838e52c713 EC_PARAMS: 06082a8648ce3d030107 label: ID: 1256 Usage: encrypt, verify, wrap, derive Access: local root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --sign --mechanism ECDSA --so-pin 1234 --pin 1234 --login --token-label token-label --id 12 --label ecc-key-label -i input -o signature Using signature algorithm ECDSA <---- successful signing root@f020bfa14221:/tmp# cat signature \v2xsAHHD A}fmJd6B; root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --verify --mechanism ECDSA --so-pin 1234 --pin 1234 --login --token-label token-label --id 12 --label ecc-key-label -i input --signature-file signature Using signature algorithm ECDSA error: PKCS11 function C_VerifyUpdate failed: rv = CKR_OPERATION_NOT_INITIALIZED (0x91) Aborting. <----- Using the same key for verification fails

Positive case - generating new key with unique ID and using it for ECDSA

root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --so-pin 1234 --pin 1234 --login --token-label token-label -k --key-type EC:prime256v1 --id 44 --label ecc-key-label Key pair generated: Private Key Object; EC label: ecc-key-label ID: 44 Usage: decrypt, sign, unwrap, derive Access: sensitive, always sensitive, never extractable, local Public Key Object; EC EC_POINT 256 bits EC_POINT: 044104cb8252c9169eef1ff81d5fb45c7f6ed77bb976094d7882cb3b00193d237d7163cff8ce9593c125ebe66330897902bc4e22c65d2a73d36f227354aa0ab9e2e3a6 EC_PARAMS: 06082a8648ce3d030107 label: ecc-key-label ID: 44 Usage: encrypt, verify, wrap, derive Access: local root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --sign --mechanism ECDSA --so-pin 1234 --pin 1234 --login --token-label token-label --id 44 --label ecc-key-label -i input -o signature Using signature algorithm ECDSA root@f020bfa14221:/tmp# pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so --verify --mechanism ECDSA --so-pin 1234 --pin 1234 --login --token-label token-label --id 44 --label ecc-key-label -i input --signature-file signature Using signature algorithm ECDSA Signature is valid

[mouse07410]

Who (and why) assigns the same ID to different keys???

It's bound to hurt, as you found out.

[dengert]

pkcs11-base-v3.0-os:

• "CKA_LABEL RFC2279 stringDescription of the object (default empty)."
• "The CKA_LABEL attribute is intended to assist users in browsing"
• "The CKA_ID field is intended to distinguish among multiple keys. In the case of public and private keys this field assists in handling multiple keys held by the same subject; the key identifier for a public key and its corresponding private key should be the same. The key identifier should also be the same as for the corresponding certificate, if one exists. Cryptoki does not enforce these associations, however. (See Section 0 for further commentary.)"

It is general practice that the CKA_ID is used to associate the matching public key, private key and certificate on at least the same token. There is no assumption that the CKA_LABEL can be used for this assumption.

And it looks like /usr/lib/softhsm/libsofthsm2.so is having problems finding the correct public key.

A PKCS11 spy output would help show if the both CKA_ID and CKA_LABEL are passed to the pkcs11 module libsofthsm2.so. See: https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC

I don't see where libp11 is involved.