search

idf3d / podpisfree

Free alternative for the PodpisGOV application.
GNU General Public License v3.0
2 stars 0 forks source link

CardOS V5.3 fails with eu.europa.esig.dss.model.DSSException: Unable to sign : no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXXX #1

Open saper opened 6 months ago

saper commented 6 months ago

Hello, cała Polska czekała na ten projekt :poland: :credit_card: :poland:

I know you are working only with KIR card, but I have tried to use this with an EuroCert card and using opensc-pkcs11.so PKCS#11 driver that seem to support those cards just fine:

PKCS#15 Card [CardOS V5.3 | EC00XXXXXX]:
    Version        : 0
    Serial number  : 31
    Manufacturer ID: Atos IT Solutions and Services GmbH

An attempt to sign a login document from https://pz.gov.pl fails because the card does not support CKM_SHA256_RSA_PKCS and results in the following exception:

[qtp2121926899-17] INFO eu.europa.esig.dss.validation.CommonCertificateVerifier - + New CommonCertificateVerifier created.
[qtp2121926899-17] INFO eu.europa.esig.dss.token.AbstractSignatureTokenConnection - Signature algorithm : SHA256withRSA
[qtp2121926899-17] ERROR pl.podpisfree.api.Server - Can not process 'sign' api request.
pl.podpisfree.crypto.XMLSigner$XMLSignerException: Unable to sign
        at pl.podpisfree.crypto.XMLSigner.sign(XMLSigner.java:92)
        at pl.podpisfree.api.Server.lambda$run$5(Server.java:137)
        at spark.RouteImpl$1.handle(RouteImpl.java:72)
        at spark.http.matching.Routes.execute(Routes.java:61)
        at spark.http.matching.MatcherFilter.doFilter(MatcherFilter.java:134)
        at spark.embeddedserver.jetty.JettyHandler.doHandle(JettyHandler.java:50)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1598)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
        at org.eclipse.jetty.server.Server.handle(Server.java:516)
        at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
        at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
        at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
        at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
        at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
        at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
        at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: eu.europa.esig.dss.model.DSSException: Unable to sign : no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXX
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:88)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:66)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:58)
        at pl.podpisfree.crypto.CryptoCard.sign(CryptoCard.java:85)
        at pl.podpisfree.crypto.XMLSigner.sign(XMLSigner.java:82)
        ... 28 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: SHA256withRSA for provider SunPKCS11-SmartCardXXX
        at java.base/sun.security.jca.GetInstance.getService(GetInstance.java:101)
        at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
        at java.base/java.security.Signature.getInstance(Signature.java:450)
        at eu.europa.esig.dss.token.Pkcs11SignatureToken.getSignatureInstance(Pkcs11SignatureToken.java:360)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:136)
        at eu.europa.esig.dss.token.AbstractSignatureTokenConnection.sign(AbstractSignatureTokenConnection.java:82)
        ... 32 more

Here is what my PKCS#11 driver reports: 

> pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,4096}, sign, verify
  RSA-PKCS-PSS, keySize={512,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={512,4096}, sign, verify
  RSA-PKCS-OAEP, keySize={512,4096}, hw, decrypt

In theory, the solution is easy - hash first in the software and use CKM_RSA_PKCS mechanism as a fall back. But with Java, the questions is which layer should detect this and change the mechanism used.

Big thanks for putting this out - it's a new hope for me!

idf3d commented 6 months ago

Hi @saper,

Quick search shows that OpenSC for CardOS V5.3 should support SHA256-RSA-PKCS. So first of all verify if you use newest version of OpenSC. Some OSes/distros/package managers can have old version so that is possible that you will need to build newest version of OpenSC manually.

Secondly: I'm not familiar with that card, but it is possible that different slots have different capabilities. Are you sure your QES is in slot 0? Consider to verify is there other available slots pkcs11-tool -L and what is supported by it pkcs11-tool --slot-index <0...N > -M

saper commented 5 months ago

It turns out I was running https://github.com/OpenSC/OpenSC/commit/9dd5a8bd62a356091bb8e67492ca9171c4deba34 (plus some WIP patches unrelated to this patch) which is between 0.23.0 and 0.24.0 (over a year old at the time of writing this). I have re-tried with 0.25.0 and the list of mechanisms is as follows:

> pkcs11-tool -M
Using slot 0 with a present token (0x0)
Supported mechanisms:
  SHA-1, digest
  SHA224, digest
  SHA256, digest
  SHA384, digest
  SHA512, digest
  MD5, digest
  RIPEMD160, digest
  GOSTR3411, digest
  RSA-X-509, keySize={512,4096}, hw, decrypt, sign, verify
  RSA-PKCS, keySize={512,4096}, hw, decrypt, sign, verify
  SHA1-RSA-PKCS, keySize={512,4096}, sign, verify
  RSA-PKCS-PSS, keySize={512,4096}, hw, sign, verify
  SHA1-RSA-PKCS-PSS, keySize={512,4096}, sign, verify
  RSA-PKCS-OAEP, keySize={512,4096}, hw, decrypt

There is only one slot:

> /usr/local/bin/pkcs11-tool -L
Available slots:
Slot 0 (0x0): Gemalto USB Shell Token V2 (4FFFFFFF) 00 00
  token label        : CardOS V5.3 | EC00FFFFF
  token manufacturer : Atos IT Solutions and Service...
  token model        : PKCS#15 emulated
  token flags        : login required, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : 31
  pin min/max        : 4/16

and any attempt to go beyond 0 results in Slot with index 1 (counting from 0) is not available.

saper commented 5 months ago

Just managed to extract their PKCS#15 EF(TokenInfo) which describes the token on the card:

$ /usr/local/bin/pkcs15-tool --list-info # serial numbers redacted
PKCS#15 Card [CardOS V5.3 | EC00FFFFF]:
    Version        : 0
    Serial number  : 31
    Manufacturer ID: Atos IT Solutions and Services GmbH
    Flags          : Login required, PRN generation
         sc_supported_algo_info[0]:
             reference  : 1 (0x01)
             mechanism  : [0x01] CKM_RSA_PKCS                 
             operations : [0xa2], compute_signature, decipher, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x0c]
         sc_supported_algo_info[1]:
             reference  : 2 (0x02)
             mechanism  : [0x01] CKM_RSA_PKCS                 
             operations : [0x82], compute_signature, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x88]
         sc_supported_algo_info[2]:
             reference  : 3 (0x03)
             mechanism  : [0x01] CKM_RSA_PKCS                 
             operations : [0xa0], decipher, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x08]
         sc_supported_algo_info[3]:
             reference  : 4 (0x04)
             mechanism  : [0x06] CKM_SHA1_RSA_PKCS            
             operations : [0x02], compute_signature
             algo_id    : 1.2.840.113549.1.1.5
             algo_ref   : [0x88]
         sc_supported_algo_info[4]:
             reference  : 17 (0x11)
             mechanism  : [0x03] CKM_RSA_X_509                
             operations : [0xa2], compute_signature, decipher, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x0a]
         sc_supported_algo_info[5]:
             reference  : 18 (0x12)
             mechanism  : [0x03] CKM_RSA_X_509                
             operations : [0x82], compute_signature, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x86]
         sc_supported_algo_info[6]:
             reference  : 19 (0x13)
             mechanism  : [0x03] CKM_RSA_X_509                
             operations : [0xa0], decipher, generate/derive_key
             algo_id    : 1.2.840.113549.1.1.1
             algo_ref   : [0x06]
         sc_supported_algo_info[7]:
             reference  : 20 (0x14)
             mechanism  : [0x06] CKM_SHA1_RSA_PKCS            
             operations : [0x02], compute_signature
             algo_id    : 1.2.840.113549.1.1.5
             algo_ref   : [0x86]