Integration with IoT-SAFE on ZARIOT SIMs

cpswan commented 1 year ago

Is your feature request related to a problem? Please describe.

This ticket is to track specific work on SIM cards relating to #756

Describe the solution you'd like

Create keys in the SIM and then use them for signing operations.

murali-shris commented 1 year ago

Below set of steps have been automated through dart

Open a logical channel
Select IOTsafe by application id
Generate random challenge to check whether application id is selected correctly
Query file storage
Get file data
Generate key pair

Currently facing an issue with signing data using private key on SIM. Issue occurs both in minicom and dart code.

Below email sent to Jeremy from Zariot.

Hello Jeremy,

I am currently trying the compute signature init command. These are the list of command I have executed before trying the compute signature command.

open channel AT+CSIM=10, "0070000000" +CSIM: 6,"019000" OK
select IOTSafe app id AT+CSIM=24,"01A4040007A0000005590010" +CSIM: 4,"9000" OK
Generate keypair AT+CSIM=20,"81B90000058403303031" +CSIM: 4,"6151" OK AT+CSIM=10,"81C0000051" +CSIM: 166,"84033030318503303032344549438641048782CB263ACF47DB6EF7EB9C4369828C5F74E7FAB1719A0AD2036712CA58D936789A264ACB413A1599115D16457D694F AF2B3E763C3F049679E8256DFE53D64F9000" OK
Compute signature AT+CSIM=24,"812A00000784033030319204" +CSIM: 4,"6A80" // this error code corresponds to "Issue in tags number or format"

I tried to get metadata about the private key using the below command AT+CSIM=20,"81CBC100058403303031" AT+CSIM=10,"81C000002B"

Response: +CSIM: 90,"C1297410636C69656E7473657373696F6E4B657984033030316001004A01014B01144E01016101066F01019000"

61 --> cryptographic function. value 06.Does the value denote key agreement and doesn't support signature operation ?

murali-shris commented 1 year ago

Code checked into private repo https://github.com/atsign-company/murali-snippets/blob/master/iotsafe/lib/src/uicc_sim_command.dart Once signing data works, will integrate in mwcc demo code.

murali-shris commented 1 year ago

Zariot have given us new set of cards along with instructions for data signing. Have to try the steps.

cpswan commented 1 year ago

@murali-shris just bear in mind that I haven't yet received the new SIMs. I'll let you know when I have one in place on the Pi.

murali-shris commented 1 year ago

Progress in PR 53:

Able to use the operational keys on new SIM cards to sign the data
Currently investigating the procedure to generate AT command to verify signature. Taking help from Zariot since this step is not straightforward

murali-shris commented 1 year ago

// open channel
AT+CSIM=10, "0070000000"
+CSIM: 6,"019000"

OK
//select by app id
AT+CSIM=24,"01A4040007A0000005590010"
+CSIM: 4,"9000"

OK
// compute signature init
AT+CSIM=40,"812A00010F8403303036A1010191020001920104"
+CSIM: 4,"9000"

// compute signature update - “hello world” string AT+CSIM=520,"812B0001FF9BFD000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068656C6C6F20776F726C64"
+CSIM: 4,"9000"

// create separate session AT+CSIM=24,"812B8001079B050000863340"
+CSIM: 4,"6143"

// signature of "hello world" AT+CSIM=10,"81C0000043"
+CSIM: 138,"3300409BDE5C5D126DB31A06C2FA90A94C2FF29F14171881D6512104316BB5118967 E45D8E743146ADEAADFEA7A92CB6CB30D9C1554905FAE0DA9CD439E967EB1371029000"

// verify signature init
AT+CSIM=40,"812C00010F8503303037A1010191020001920104"

// verify signature update TODO

murali-shris commented 1 year ago

Below code snippet is taken from wolfssl implementation. It hashes data externally and passes it to the SIM card for compute signature. Even though in our use case we have to hash inside the applet since private key is not accessible outside, this code helps in better understanding on how AT commands are constructed for verify and compute signature.

#include <stdio.h>
#include <stdint.h>
#include <string.h>
//iotsafe_sign_hash

#define IOTSAFE_CMDSIZE_MAX 512

#define IOTSAFE_MOO_SIGN_ONLY      0x03
#define IOTSAFE_CLASS 0x81
#define IOTSAFE_INS_SIGN_INIT     0x2A
#define IOTSAFE_INS_SIGN_UPDATE   0x2B
#define IOTSAFE_INS_VERIFY_INIT   0x2C
#define IOTSAFE_INS_VERIFY_UPDATE 0x2D
#define IOTSAFE_DATA_LAST         0x80
#define IOTSAFE_TAG_PRIVKEY_ID          0x84
#define IOTSAFE_TAG_MODE_OF_OPERATION   0xA1
#define IOTSAFE_TAG_HASH_ALGO           0x91
#define IOTSAFE_TAG_SIGN_ALGO           0x92
#define IOTSAFE_TAG_HASH_FIELD          0x9E
/* 2.5.1 Algorithms for hash */
#define IOTSAFE_HASH_SHA256 0x0001
#define IOTSAFE_HASH_SHA384 0x0002
#define IOTSAFE_HASH_SHA512 0x0004

/* 2.5.2 Algorithms for signature */
#define IOTSAFE_SIGN_RSA_PKCS15 0x01
#define IOTSAFE_SIGN_RSA_PSS    0x02
#define IOTSAFE_SIGN_ECDSA      0x04
#define AT_CSIM_CMD_SIZE 13
#define AT_CMD_HDR_SIZE  10
#define AT_CMD_INS_POS (AT_CMD_HDR_SIZE - 8)
#define AT_CMD_P1_POS  (AT_CMD_HDR_SIZE - 6)
#define AT_CMD_P2_POS  (AT_CMD_HDR_SIZE - 4)
#define AT_CMD_LC_POS  (AT_CMD_HDR_SIZE - 2)
#define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
#define XMEMSET(b,c,l)    memset((b),(c),(l))
#define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
#define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
#define XSTRLEN(s1) strlen((s1))
#define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
#define CSIM_CMD_ENDSTR_SIZE 4
#define IOTSAFE_ID_SIZE (2)
#define XHTONS(a) ((((a) >> 8) & 0xff) | (((a) & 0xff) << 8))
typedef unsigned int  word32;
typedef unsigned char  byte;
static char csim_cmd[IOTSAFE_CMDSIZE_MAX];

enum {
    MEMORY_E           = -125,
     BAD_FUNC_ARG       = -173
};

static char ByteToHex(byte in)
{
    static const char kHexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
                                     '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
    return (char)(kHexChar[in & 0xF]);
}

static int ByteToHexStr(byte in, char* out)
{
    if (out == NULL)
        return -1;

    out[0] = ByteToHex(in >> 4);
    out[1] = ByteToHex(in & 0xf);
    return 0;
}

static int bytes_to_hex(byte *bytes, char *hex, unsigned long sz)
{
    word32 i;
    for (i = 0; i < sz; i++) {
        ByteToHexStr(bytes[i], &hex[2 * i]);
    }
    return (int)(2 * sz);
}

static int iotsafe_cmd_start(char *cmd, byte cmd_class, byte ins, byte p1, byte p2)
{
    byte lc = 0;
    char *out;
    XMEMSET(cmd, 0, IOTSAFE_CMDSIZE_MAX);
    XSTRNCPY(cmd, "AT+CSIM= 10,\"", IOTSAFE_CMDSIZE_MAX - 1);
    out = cmd + AT_CSIM_CMD_SIZE;
    bytes_to_hex(&cmd_class, out, 1);
    bytes_to_hex(&ins, out + AT_CMD_INS_POS, 1);
    bytes_to_hex(&p1, out + AT_CMD_P1_POS, 1);
    bytes_to_hex(&p2, out + AT_CMD_P2_POS, 1);
    bytes_to_hex(&lc, out + AT_CMD_LC_POS, 1);
    out[10] = 0;
    return (int)XSTRLEN(cmd);
}

static signed char HexCharToByte(char ch)
{
    signed char ret = (signed char)ch;
    if (ret >= '0' && ret <= '9')
        ret -= '0';
    else if (ret >= 'A' && ret <= 'F')
        ret -= 'A' - 10;
    else if (ret >= 'a' && ret <= 'f')
        ret -= 'a' - 10;
    else
        ret = -1; /* error case - return code must be signed */
    return ret;
}

static int hex_to_bytes(const char *hex, unsigned char *output, unsigned long sz)
{
    word32 i;
    for (i = 0; i < sz; i++) {
        signed char ch1, ch2;
        ch1 = HexCharToByte(hex[i * 2]);
        ch2 = HexCharToByte(hex[i * 2 + 1]);
        if ((ch1 < 0) || (ch2 < 0)) {
            printf("hex_to_bytes: syntax error");
            return -1;
        }
        output[i] = (unsigned char)((ch1 << 4) + ch2);
    }
    return (int)sz;
}

static int iotsafe_cmd_add_tlv_ex(char *cmd, byte tag, uint16_t len,
        const byte *val, int taglen_size)
{
    word32 cur_csim_len;
    word32 off;
    byte cur_lc;
    char *out;
    int ret;
    byte *len_b = (byte *)&len;
    char *len_csim_str = (cmd + AT_CSIM_CMD_SIZE - 5);
    word32 cmdlen;

    cmdlen = (word32)XSTRLEN(cmd);
    if (cmdlen < AT_CSIM_CMD_SIZE) {
        return BAD_FUNC_ARG;
    }

    if ((taglen_size < 1) || (taglen_size > 2)) {
        return BAD_FUNC_ARG;
    }

    /* Read out current CSIM len from the existing string.
     * The generated command may have the format:
     *  "AT+CSIM= 68" (< 100: leading space)
     *   or
     *  "AT+CSIM=212" (>=100: same positions, leading hundreds)
     *
     */
    cur_csim_len = (word32)len_csim_str[2] - '0';
    cur_csim_len += (len_csim_str[1] - '0') * 10;
    if (len_csim_str[0] >= '0' &&
            len_csim_str[0] <= '9') {
        cur_csim_len += (len_csim_str[0] - '0') * 100;
    } else if (len_csim_str[0] != ' ') {
        return BAD_FUNC_ARG;
    }

    if ((cmdlen + cur_csim_len + CSIM_CMD_ENDSTR_SIZE) > IOTSAFE_CMDSIZE_MAX) {
        return MEMORY_E;
    }

    /* Read out current Lc parameter in the CSIM command, last byte in the
     * header
     */
    if (hex_to_bytes(cmd + AT_CSIM_CMD_SIZE + AT_CMD_LC_POS, &cur_lc, 1) < 0) {
        return BAD_FUNC_ARG;
    }

    /* Increase Lc and CSIM length according to the TLV len */
    cur_lc += 1 + taglen_size + len;
    cur_csim_len += 2 + (2 * taglen_size) + 2*len;

    /* Position the out buffer to the current end of string */
    out = cmd + XSTRLEN(cmd);
    off = 0;

    /* Write Tag */
    bytes_to_hex(&tag, out, 1);
    off += 2;

    /* Write Len */
    if (taglen_size == 2) {
        bytes_to_hex(&len_b[1], out + 2, 1);
        bytes_to_hex(&len_b[0], out + 4, 1);
        off += 4;
    } else {
        bytes_to_hex(&len_b[0], out + 2, 1);
        off += 2;
    }

    /* Write Val */
    ret = bytes_to_hex(val, out + off, len);
    off += ret;

    /* Terminate string */
    out[off] = 0;

    /* Write new CSIM command size */
    if (cur_csim_len > 99)
        len_csim_str[0] = (cur_csim_len / 100) + '0';
    else
        len_csim_str[0] = ' ';
    len_csim_str[1] = ((cur_csim_len % 100) / 10) + '0';
    len_csim_str[2] = (cur_csim_len % 10) + '0';

    /* Write new Lc value */
    bytes_to_hex(&cur_lc, cmd + AT_CSIM_CMD_SIZE + AT_CMD_LC_POS, 1);
    return off;
}

static int iotsafe_cmd_add_tlv(char *cmd, byte tag, byte len, const byte *val)
{
    return iotsafe_cmd_add_tlv_ex(cmd, tag, len, val, 1);
}

static void iotsafe_cmd_complete(char *cmd)
{
    word32 cmdlen = (word32)XSTRLEN(cmd);
    char *out;
    if (cmdlen + CSIM_CMD_ENDSTR_SIZE > IOTSAFE_CMDSIZE_MAX) {
        return;
    }
    out = cmd + cmdlen;
    out[0] = '"';
    out[1] = '\r';
    out[2] = '\n';
    out[3] = 0;
}

int main() {
    printf("Step 1. compute signature - init\n");
    byte mode_of_operation = IOTSAFE_MOO_SIGN_ONLY;
    uint16_t hash_algo_be = XHTONS(IOTSAFE_HASH_SHA256);
    uint8_t sign_algo = IOTSAFE_SIGN_ECDSA;
    iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS, IOTSAFE_INS_SIGN_INIT, 0, 1);
    iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_PRIVKEY_ID, 2, (byte *)"303036");
    iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_MODE_OF_OPERATION, 1,
            &mode_of_operation);
    iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_HASH_ALGO, 2,(byte *)&hash_algo_be);
    iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_SIGN_ALGO, 1,&sign_algo);
    iotsafe_cmd_complete(csim_cmd);
    printf(csim_cmd);
    printf("\nStep 2. compute signature - update\n");
    iotsafe_cmd_start(csim_cmd, IOTSAFE_CLASS,
                IOTSAFE_INS_SIGN_UPDATE,
                IOTSAFE_DATA_LAST,
                0x01);
    iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_HASH_FIELD, hashLen, hash);
    printf(csim_cmd);

    return 0;
}

murali-shris commented 1 year ago

message sent to Fabrice from Orange I am currently working on a proof of concept for a client for signing and verifying data. I have a SIM card with IOT Safe applet installed on the sim card holder of a raspberry pi. I am able to open a serial port to the modem through minicom and run the below AT commands. // open channel

AT+CSIM=10, "0070000000"

+CSIM: 6,"019000"

OK

//select by app id

AT+CSIM=24,"01A4040007A0000005590010"

+CSIM: 4,"9000"

OK

// compute signature init

AT+CSIM=40,"812A00010F8403303036A1010191020001920104"

+CSIM: 4,"9000"

// compute signature update - “hello world” string

AT+CSIM=520,"812B0001FF9BFD000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068656C6C6F20776F726C64"

+CSIM: 4,"9000"

// create separate session

AT+CSIM=24,"812B8001079B050000863340"

+CSIM: 4,"6143"

// retrieve signature - hello world AT+CSIM=10,"81C0000043"

+CSIM: 138,"3300409BDE5C5D126DB31A06C2FA90A94C2FF29F14171881D6512104316BB5118967

E45D8E743146ADEAADFEA7A92CB6CB30D9C1554905FAE0DA9CD439E967EB1371029000"

// verify signature init

AT+CSIM=40,"812C00010F8503303037A1010191020001920104"

I am currently blocked at the step for verify signature - update. I don't know how to exactly construct the input for verify signature from the signature output. I am trying to run the test https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/blob/master/examples/basic_test.c to see the AT command for verify signature - update.

The above test sends the APDU command to the card reader. How can i modify the test to run on the modem on raspberry pi?

Thanks, Murali

murali-shris commented 1 year ago

message sent to Fabrice from Orange I am currently working on a proof of concept for a client for signing and verifying data. I have a SIM card with IOT Safe applet installed on the sim card holder of a raspberry pi. I am able to open a serial port to the modem through minicom and run the below AT commands. // open channel

AT+CSIM=10, "0070000000"

+CSIM: 6,"019000"

OK

//select by app id

AT+CSIM=24,"01A4040007A0000005590010"

+CSIM: 4,"9000"

OK

// compute signature init

AT+CSIM=40,"812A00010F8403303036A1010191020001920104"

+CSIM: 4,"9000"

// compute signature update - “hello world” string

AT+CSIM=520,"812B0001FF9BFD000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068656C6C6F20776F726C64"

+CSIM: 4,"9000"

// create separate session

AT+CSIM=24,"812B8001079B050000863340"

+CSIM: 4,"6143"

// retrieve signature - hello world AT+CSIM=10,"81C0000043"

+CSIM: 138,"3300409BDE5C5D126DB31A06C2FA90A94C2FF29F14171881D6512104316BB5118967

E45D8E743146ADEAADFEA7A92CB6CB30D9C1554905FAE0DA9CD439E967EB1371029000"

// verify signature init

AT+CSIM=40,"812C00010F8503303037A1010191020001920104"

I am currently blocked at the step for verify signature - update. I don't know how to exactly construct the input for verify signature from the signature output. I am trying to run the test https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/blob/master/examples/basic_test.c to see the AT command for verify signature - update.

The above test sends the APDU command to the card reader. How can i modify the test to run on the modem on raspberry pi?

Thanks, Murali

Hello,

basic_test.c has been tested with an USB card reader thanks to PCSC Lite, see:

https://github.com/Orange-OpenSource/IoT-SAFE-APDU-library/blob/89d124c123acf1ed4895f220c244e42285f95997/src/iot_safe_internal.c#L51

If there is no USB card reader, you should update iot_safe_internal.c and write your own iot_safe_xxx_sendAT function to send your AT command to the modem through /dev/ttyXXX or using any other available API.

You can look on what was done for Arduino.

Finally, concerning your AT command, I think you should send (hand-written):

// verify signature update - “hello world” string

AT+CSIM=520,"812D0001FF9BFD000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000068656C6C6F20776F726C64"

+CSIM: 4,"9000"

// send the end of “hello world” string and hash returned by compute signature

AT+CSIM=158,"812D80014A9B0500008633403300409BDE5C5D126DB31A06C2FA90A94C2FF29F14171881D6512104316BB5118967E45D8E743146ADEAADFEA7A92CB6CB30D9C1554905FAE0DA9CD439E967EB137102”

Finally, an additional remark: you’re sending a lot of zeros before “hello world”, I don’t know if this is really needed.

Moreover, you can also compute the hash of “hello world” on the Raspberry Pi and ask the applet to only sign the hash by using the “9E” mode instead of “9B”.

Best Regards,

Fabrice

murali-shris commented 1 year ago

I am currently getting an issue in the final step AT+CSIM=158,"812D80014A9B050000863341330040A588FEF29D084EAFD3CBB04BD3DCB3F4171B1A72BC0C952F139471CABF6ED5 1DA1E34251788E4FB40ADEE1C20A42F0B71569063496072071D2D644F1BF1C8127 " +CSIM: 4,"6985"

6985 response from spec - length of the data to hash, length of the final hash, or length of the signature are not compatible with the requested operation

I am having a conversation with Jeremy from Zariot in resolving this error

murali-shris commented 1 year ago

I am currently getting an issue in the final step AT+CSIM=158,"812D80014A9B050000863341330040A588FEF29D084EAFD3CBB04BD3DCB3F4171B1A72BC0C952F139471CABF6ED5 1DA1E34251788E4FB40ADEE1C20A42F0B71569063496072071D2D644F1BF1C8127 " +CSIM: 4,"6985"

6985 response from spec - length of the data to hash, length of the final hash, or length of the signature are not compatible with the requested operation

I am having a conversation with Jeremy from Zariot in resolving this error

First of all apologies for the late response we have the IoTWC this week and we were focused on getting code working for it.

The best way to go about this is to use the Orange code as an example on how to interface, when I did, it, it was just to give an example on how to do a signature verify using your example.

AT+CSIM=158,"812D80014A9B050000863340330040C582760B98EF49D40DF063C01FC1C8A938E0778F544A0C4486B3E484AB0805D0FCC0688696F8297837019245925B4FC2BB3041784206164D5C2248236D0966DF"

+CSIM: 4,"6985"

81

2D

80 – last mode so this is the final part of the verify

01 – Session 01

4A - Length

9B 05 00 00 86 33 40 - Is this the full text of the request and are you using padding and sign in the signature?

33 0040 C582760B98EF49D40DF063C01FC1C8A938E0778F544A0C4486B3E484AB0805D0FCC0688696F8297837019245925B4FC2BB3041784206164D5C2248236D0966DF – Signature and length

The Error 69 85 implies that the coding of the command is incorrect in terms of coding, I know it isn’t that helpful in sims and IoTSafe though.

So, looking at the Init because this is probably the issue for the Verify:

81 2C - Init

00 – Open Session

01 – Session 1

0F - Length

8503303037 – Using Operational key 7 Key ID 007

A1 01 01

91 02 00 01 – SHA 256

92 01 04 – ECDSA, Correct

Quick check of the key used in Signing:

81 2A 00 01 0F

84 03 30 30 36 – Private Key – Checked my config of the keyset, correctly configured for signing and key agreement

A1 01 01 -

91 02 00 01 – Hash algorithm configuration – SHA256

92 01 04 – Signature ECDSA, Correct

Now questions with the sample from Orange:

Did you hash the message prior to the functions above? Is the original data this “00 00 86 33 40”

Finally the code from Orange is very good and a very good example of how to implement from a general perspective, but the test code is suspect looking at the code..

This is very useful for understanding Signatures and Elliptic curve:

https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages

If then you look at the code from Orange importantly the test code exercising the driver:

static const uint8_t HASH_VALUE[] = {0xAB, 0xCD, 0xEF };

This looks a bit contrived and test data? The best way to do this is probably to generate the HASH of the message and pass the data into the command to verify.

The data Orange is using you’d need to create a Hash of it as a message.

Final note on the test code:

iot_safe_get_random(channel, random, sizeof(random), &length);

Why is it doing this? It never uses it in the code. The hash code doesn’t seem right? The rest of the code it correct in the driver the test code doesn’t look right.

Best Regards

Jerry

murali-shris commented 1 year ago

I am currently getting an issue in the final step AT+CSIM=158,"812D80014A9B050000863341330040A588FEF29D084EAFD3CBB04BD3DCB3F4171B1A72BC0C952F139471CABF6ED5 1DA1E34251788E4FB40ADEE1C20A42F0B71569063496072071D2D644F1BF1C8127 " +CSIM: 4,"6985" 6985 response from spec - length of the data to hash, length of the final hash, or length of the signature are not compatible with the requested operation I am having a conversation with Jeremy from Zariot in resolving this error

First of all apologies for the late response we have the IoTWC this week and we were focused on getting code working for it.

The best way to go about this is to use the Orange code as an example on how to interface, when I did, it, it was just to give an example on how to do a signature verify using your example.

AT+CSIM=158,"812D80014A9B050000863340330040C582760B98EF49D40DF063C01FC1C8A938E0778F544A0C4486B3E484AB0805D0FCC0688696F8297837019245925B4FC2BB3041784206164D5C2248236D0966DF"

+CSIM: 4,"6985"

81

2D

80 – last mode so this is the final part of the verify

01 – Session 01

4A - Length

9B 05 00 00 86 33 40 - Is this the full text of the request and are you using padding and sign in the signature?

33 0040 C582760B98EF49D40DF063C01FC1C8A938E0778F544A0C4486B3E484AB0805D0FCC0688696F8297837019245925B4FC2BB3041784206164D5C2248236D0966DF – Signature and length

The Error 69 85 implies that the coding of the command is incorrect in terms of coding, I know it isn’t that helpful in sims and IoTSafe though.

So, looking at the Init because this is probably the issue for the Verify:

81 2C - Init

00 – Open Session

01 – Session 1

0F - Length

8503303037 – Using Operational key 7 Key ID 007

A1 01 01

91 02 00 01 – SHA 256

92 01 04 – ECDSA, Correct

Quick check of the key used in Signing:

81 2A 00 01 0F

84 03 30 30 36 – Private Key – Checked my config of the keyset, correctly configured for signing and key agreement

A1 01 01 -

91 02 00 01 – Hash algorithm configuration – SHA256

92 01 04 – Signature ECDSA, Correct

Now questions with the sample from Orange:

Did you hash the message prior to the functions above? Is the original data this “00 00 86 33 40”

Finally the code from Orange is very good and a very good example of how to implement from a general perspective, but the test code is suspect looking at the code..

This is very useful for understanding Signatures and Elliptic curve:

https://cryptobook.nakov.com/digital-signatures/ecdsa-sign-verify-messages

If then you look at the code from Orange importantly the test code exercising the driver:

static const uint8_t HASH_VALUE[] = {0xAB, 0xCD, 0xEF };

This looks a bit contrived and test data? The best way to do this is probably to generate the HASH of the message and pass the data into the command to verify.

The data Orange is using you’d need to create a Hash of it as a message.

Final note on the test code:

iot_safe_get_random(channel, random, sizeof(random), &length);

Why is it doing this? It never uses it in the code. The hash code doesn’t seem right? The rest of the code it correct in the driver the test code doesn’t look right.

Best Regards

Jerry

Did you hash the message prior to the functions above? No. I tried this after your email today. Please see the commands below Is the original data this “00 00 86 33 40” No. I am not sure how to store sample data as reference inside the applet.

Steps I tried for computing hash externally and passing it to applet. I am getting the same error code as before "6985"

pi@mwc-gary:~ $ echo -n "hello world" | openssl dgst -sha256 (stdin)= b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9 Open channel

AT+CSIM=10, "0070000000"

+CSIM: 6,"019000"

select IoT safe by app id

AT+CSIM=24,"01A4040007A0000005590010"

+CSIM: 4,"9000"

// compute signature init

AT+CSIM=40,"812A00010F8403303036A1010391020001920104"

+CSIM: 4,"9000” 03 - mode of operation. Text is hashed externally

// compute signature update.

AT+CSIM=78,"812B8001229E20B94D27B9934D3E08A52E52D7DA7DABFAC484EFE37A5380EE9088F7

ACE2EFCDE9" +CSIM: 4,"6143" In this step is it ok if the hash generated externally is converted to upper case? With lower case hash, I am getting “ERROR” response.

// Get the signature

AT+CSIM=10,"81C0000043"

+CSIM: 138,"330040B8C1B660CCDDC80071BFA3D05AA0853A792E3F8FD6C260301DA28F8DF16FE3

0547D1C2FC5EA02421AF52BD11420D0DB53AE307EFC90E7CEDDA47B401854858489000"

// Verify signature init AT+CSIM=40,"812C00010F8503303037A1010391020001920104"

    +CSIM: 4,"9000"

// Verify signature update

AT+CSIM=218,"812D8001689E01229E20B94D27B9934D3E08A52E52D7DA7DABFAC484EFE37A5380E

E9088F7ACE2EFCDE9330040B8C1B660CCDDC80071BFA3D05AA0853A792E3F8FD6C260301DA28F8DF

16FE30547D1C2FC5EA02421AF52BD11420D0DB53AE307EFC90E7CEDDA47B40185485848"

+CSIM: 4,"6985"

murali-shris commented 1 year ago

verify signature update command finally works. AT+CSIM=212,"812D8001659E20B94D27B9934D3E08A52E52D7DA7DABFAC484EFE37A5380EE9088F 7ACE2EFCDE9330040B44ECA47A83C9D4A6CA80FECF5405F8BDE882EBA0AD94C2D6D22AFA3F830DAB 6D12034DC257056319507FF5D4BD30C26EC96E6B566DB92F42AA742ED8D95AA7B"
+CSIM: 4,"9000"

murali-shris commented 1 year ago

Steps of all the commands tried and important instructions from Zariot https://docs.google.com/document/d/15njkbEzIUXnMxRlINzaadJ1DgOnYTct47ye9ZAhEkLo/

atsign-foundation / at_client_sdk

Integration with IoT-SAFE on ZARIOT SIMs #850

Is your feature request related to a problem? Please describe.

Describe the solution you'd like