search

Twuk / eid-mw

Automatically exported from code.google.com/p/eid-mw
0 stars 0 forks source link

PKCS11 C_Sign reports wrong size for SHA1 signauture with 2048 bit modulus #87

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. Given the following:

   mechanism = CKM_SHA1_RSA_PKCS
   private key modulus lenth = 2048 bit 

2. use the following code sequence:

   CheckCKR(C_Sign_Init(hSession, pMechanism, hKey));
   CheckCKR(C_Sign(hSession, pData, udlen, null, &size));
   BYTE *pSig = malloc(size);
   CheckCKR(C_Sign(hSession, pData, udlen, psig, &size));

What is the expected output? What do you see instead?

Expected: the first call to C_Sign returns 256 in the size parameter.
Actual: it returns 128 in size.
The second C_Sign correctly returns 256 in size *and* a 256 byte signature 
(CKR_OK).

What version of the product are you using? On what operating system?

- Eid Middleware: Unofficial Windows 4.0.0.7142 QI
- OS: Windows 7 Enterprise 64 bit

Please provide any additional information below.

Discovered when testing the prototype applet V1.7 cards with middleware 3.5 and 
4.0.

See also issue # 80, where the 3.5.6 CSP showed the same problem.

Original issue reported on code.google.com by Danny.He...@gmail.com on 24 Jan 2012 at 11:11

GoogleCodeExporter commented 9 years ago 
Checked this in pkcs11 : pkcs15 parser

Looks like a card issue: the prkDF reports 0x400 (1024 bits) as modulus, which 
is the value we return before a signature is made.

Original comment by frederik...@gmail.com on 21 Feb 2012 at 9:24

GoogleCodeExporter commented 9 years ago 
Who should report this issue, and to whom?

Original comment by Danny.He...@gmail.com on 21 Feb 2012 at 3:26

GoogleCodeExporter commented 9 years ago 
Hello Danny,

We'll report this issue.

Original comment by frederik...@gmail.com on 21 Feb 2012 at 3:50

GoogleCodeExporter commented 9 years ago 
OK thanks, I sent the link to this issue to a couple of people I know at Zetes 
but I'm not sure if that is the correct channel.

Danny

Original comment by Danny.He...@gmail.com on 21 Feb 2012 at 4:50

GoogleCodeExporter commented 9 years ago 
It was the correct  channel, and it will be fixed!

Danny

Original comment by Danny.He...@gmail.com on 21 Feb 2012 at 7:11

GoogleCodeExporter commented 9 years ago 
Thanks Danny,

Frederik

Original comment by frederik...@gmail.com on 22 Feb 2012 at 9:37