arekinath / PivApplet

PIV applet for JavaCard 2.2.2 and 3.0.4+ with full ECDSA/ECDH support
111 stars 37 forks source link

Signing failure for an imported cert and key. #44

Open snlgaba opened 3 years ago

snlgaba commented 3 years ago

I am running this Applet on a VM, overall i am able to query data from the applet etc. However, test-sign action from yubico-piv-tool.exe is failing.

I looked into it further and here is my understanding. ----test-sign-logs on yubico-piv-tool --- < 90 00 Successfully verified PIN. Now processing for action 'test-signature'. Test data hashes as: a4 cc 65 b3 a2 50 3e 9a 77 05 ef 48 10 22 45 cd e9 33 3c b1 f7 c8 e1 60 e5 8e 43 da 55 2c a3 31 Going to send 255 bytes in this go.

10 87 07 9a ff 7c 82 01 06 82 00 81 82 01 00 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 a4 cc 65 b3 a2 50 3e 9a 77 05 ef 48 10 22 45 cd e9 33 3c b1 f7 < 90 00 Going to send 11 bytes in this go. 00 87 07 9a 0b c8 e1 60 e5 8e 43 da 55 2c a3 31 < 00 05 Sign command failed with code 5. Failed signing test data. Disconnect card #3510058635.


Sign command failed with code 5.

This points to:

javacard.security.CryptoException at javacard.security.CryptoException.throwIt(Unknown Source) at com.licel.jcardsim.crypto.AsymmetricCipherImpl.update(AsymmetricCipherImpl.java:115) at com.licel.jcardsim.crypto.AsymmetricCipherImpl.doFinal(AsymmetricCipherImpl.java:92) at net.cooperi.pivapplet.PivApplet.processGenAuthRsa(PivApplet.java:2034) at net.cooperi.pivapplet.PivApplet.processGeneralAuth(PivApplet.java:2453) at net.cooperi.pivapplet.PivApplet.process(PivApplet.java:542) at com.licel.jcardsim.base.SimulatorRuntime.transmitCommand(SimulatorRuntime.java:301) at com.licel.jcardsim.base.Simulator.transmitCommand(Simulator.java:262) at com.licel.jcardsim.base.CardManager.dispatchApdu(CardManager.java:57) at com.licel.jcardsim.remote.BixVReaderCard$IOThread.run(BixVReaderCard.java:121)

Which points to: https://github.com/shobanagms/jcardsim/blob/master/src/main/java/com/licel/jcardsim/crypto/AssymetricCipherImpl.java#L114

It seems like, we are sending the entire test-sign input to this method but based on how it is initialized: https://github.com/shobanagms/jcardsim/blob/master/src/main/java/com/licel/jcardsim/crypto/AssymetricCipherImpl.java#L46 it might be expecting data which is given in block sizes equal to key-size-1.

Is that the bug in TLVReader or my understanding is incorrect.

Could you please guide. Thanks.

dengert commented 3 years ago

You may be misinterpreting the Yubico-piv-tool command. PIV standards allow a vendor to provision a token using their own commands, and this does not appear to be a PIV standard RSA signature command.

"NIST sp800-73-4 Part 2" "3.2.4 GENERAL AUTHENTICATE Card Command" defines all the options of a GENERAL AUTHENTICATE command '87'
"A.4.1 RSA" gives an example, "Command 1: (General Authenticate - first chain): "Data Field 7C' – L1 { '82' '00' '81' L2 {first part of the PKCS #1 v1.5 or PSS padded message hash value }}"

The first part of the PKCS # v1.5 in you example starts with 00 01 ff ff ff ff ff ff and is 256 bytes long.
For a normal RSA signature this would be proceeded by 82 00 81 82 01 00 .i.e '82' L=00 expect a response, '81 82 01 00' sending a challenge to be signed, with 2 byte length of '0100`= 256 bytes.

In the above command there is an leading TLV "82 01 06" in the data you are sending, For an RSA signature, and the Le is thus off by 3 bytes too.

dengert commented 3 years ago

Please disregard previous comment. Too many 82 and 81 used for both tags and length.