Closed c3ph3us closed 5 years ago
It looks like the problem comes from C_SignInit() failed: 0x00000063
In that case you should report the problem to the PKCS#11 library used with pam-pkcs11. In your case OpenSC.
@LudovicRousseau this is the key loaded in smard card is it ok ?
Private EC Key [PIV AUTH key]
Object Flags : [0x1], private
Usage : [0x4], sign
Access Flags : [0x1D], sensitive, alwaysSensitive, neverExtract, local
FieldLength : 256
Key ref : 154 (0x9A)
Native : yes
Auth ID : 01
ID : 01
MD:guid : 0x'30
Looks like pam_pkcs11 in pkcs11_lib.c only supports RSA and sha1.
sign_value() routine at line 1722 has:
Line 1726 only defines sha1 Line 1739 only supports CKK_RSA But not clear why line 1743 and 1744 did not return -1; line 1746 : SHA1(data, length, &hash[15]);
line 1752: set_error("C_SignInit() failed: 0x%08lX", rv);
@dengert so there is no support for ecdsa -sha256 :D ?
also i cant add keys to ssh agent (using PIN)
$ ssh-add -s /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so
Enter passphrase for PKCS#11:
Could not add card "/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so": agent refused operation
and i have two files (debian sid)
/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
how i can determine version of those libs (excluding dpkg) some headr md5 sha?
could be a curve related issue ? i have gen private key with openssl as:
ecparam -param_enc named_curve -name prime256v1
on yubico site there are witting
"Follow the notes and try to use brew SSH and explicitly use those binaries not the default ssh.
Alternatively, try using YKCS11 https://developers.yubico.com/yubico-pi ... notes.html"
@LudovicRousseau can i use YKCS11 with pam pkcs11?
https://developers.yubico.com/yubico-piv-tool/YKCS11_release_notes.html
could problem lie in -param_enc explicit vs named_curve ??
ps using explicit i cant upload key to yubikey as
Unknown EC curve 0
Unable to import private key
The issue appears to be with the pam_pkcs11 that pre-dates ECDSA or SHA256 and only has support for RSA and SHA1. The sign_value() routine is computing the signature hash then calling C_SignInit and c_Sign to sign the hash which includes the OID of the hash algroithm and the hash.
For RSA, PKCS#11 defines many mechanisms that do the hash, padding and signature, internally but for ECDSA there is only CKM_ECDSA (no hash) and CKM_ECDSA_SHA1 (do the SHA1 then do the ECDSA internally) So for other hashes, the applications has to do the hash using OpenSSL for example or use PKCS#11 or one of the CKM_SHA* mechanisms, then pass this hash to the CKM_ECDSA. There is no requirement that a PKCS#11 implementation implement these hash only mechanisms. (OpenSC pkcs11 does if compiled with OpenSSL which is normally done) I don't know if the YKCS11 does or not.
pkcs11-tool -M can be used to see what mechanisms are supported for the card.
pkcs11_lib.c contains two versions of many routines including sign_value, one if using NSS and one if using OpenSSL. Both sign-value routines should be rewritten to support ECDSA. The OpenSSL version could use the OpenSSL digest routines to produce the hashes. Note unlike RSA signatures which include the OID of the hash algorithm, ECDSA does not.
The problem is not with the yubikey.
@danger @LudovicRousseau I do not "sit" (don't know if there is an idiom in English for what i want tray to say :) ) in cryptography and c .. I know at most Java so I can not help much & second i have no time ... I miss additional 48 hours a day ;/ but it would be nice for someone to make use of EC maybe @a-dma or @klali could provide some help :P
https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__6__ECDSA__WITHOUT__HASHING.html
Using slot 0 with a present token (0x0)
Supported mechanisms:
SHA-1, digest
SHA256, digest
SHA384, digest
SHA512, digest
MD5, digest
RIPEMD160, digest
GOSTR3411, digest
**ECDSA, keySize={256,384}, hw, sign, other flags=0x1800000**
ECDH1-COFACTOR-DERIVE, keySize={256,384}, hw, derive, other flags=0x1800000
ECDH1-DERIVE, keySize={256,384}, hw, derive, other flags=0x1800000
RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify
RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify
SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify
SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify
SHA384-RSA-PKCS, keySize={1024,3072}, sign, verify
SHA512-RSA-PKCS, keySize={1024,3072}, sign, verify
MD5-RSA-PKCS, keySize={1024,3072}, sign, verify
RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify
related:
https://bitbucket.org/PyKCS11/pykcs11/issues/23/ckm-ecdsa-creating-signatures https://github.com/Yubico/yubico-piv-tool/issues/83 http://osxr.org/android/ident?_i=CKM_ECDSA https://bugzilla.mozilla.org/show_bug.cgi?id=327667 https://www.oasis-open.org/committees/download.php/50265/CKM_ECDSA_FIPS_186_4_v02.pdf https://sourceforge.net/p/opencryptoki/opencryptoki/ci/3400be830fade6f2ea3c80d044f88f9d240ef9b0/tree/usr/lib/pkcs11/cca_stdll/sign_mgr.c?diff=12a8280869bcc2a96a4acd175db166bde6f255ae https://bugzilla.mozilla.org/show_bug.cgi?id=613496 http://nullege.com/projects/show/27986 https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-October/034440.html http://markmail.org/message/37ihqvplwwaicpmk https://chromium.googlesource.com/chromiumos/third_party/opencryptoki/+/3400be830fade6f2ea3c80d044f88f9d240ef9b0%5E!/
Ran into this issue (and the somewhat confusing error message), so i did a quick patch to v0.6.10 to get things working with openssl for me atleast:
01_priv_key_type.patch.txt 02_ecdsa_sha256.patch.txt 03_signature_length.patch.txt
Thanks @sovaeta I used your 3 patches. I also modified the second one to add support of OpenSSL 1.1 in addition to 1.0.
This issue should be closed now. Please test the current git code and open a new issue if needed.
Latest git working nicely for me, thanks!
in short:
full explanations here
http://crypto.stackexchange.com/questions/40277/ec-signing-using-pkcs11-failed-c-signinit-failed-0x00000063