search

polhenarejos / pico-hsm

Hardware Security Module (HSM) for Raspberry Pico and ESP32
https://www.picokeys.com
GNU General Public License v3.0
246 stars 30 forks source link

CKR_GENERAL_ERROR (0x5) on object read #69

Open fastchain opened 1 day ago

fastchain commented 1 day ago

Version: current state of development branch Board: Pico

Pico-hsm with enabled SecureLock and unlocked.

Output on /usr/local/bin/pkcs11-tool -O

hw  | Using slot 2 with a present token (0x8)
hw  | Public Key Object; EC  EC_POINT 256 bits
hw  |   EC_POINT:   044104d2ab4fd55170dc931ef40c5e21e2bc74a4ab99fad358ffe5cc580dbe226d1b9de310e0c47903be3b1ea1c9b27977ae9ae2084451d85532b527df21ad13ca8c5b
hw  |   EC_PARAMS:  06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
hw  |   label:      ESPICOHSMTR
hw  |   ID:         0000000000000000000000000000000000000000
hw  |   Usage:      verify, derive
hw  |   Access:     none
hw  | Public Key Object; EC  EC_POINT 256 bits
hw  |   EC_POINT:   04410420b871f3ced029e14472ec4ebc3c0448164942b123aa6af91a3386c1c403e0ebd3b4a5752a2b6c49e574619e6aa0549eb9ccd036b9bbc507e1f7f9712a236092
hw  |   EC_PARAMS:  06052b8104000a (OID 1.3.132.0.10)
hw  |   label:      
hw  |   ID:         01
hw  |   Usage:      verify, derive
hw  |   Access:     none
hw  | Profile object 1949634128
hw  |   profile_id:          CKP_PUBLIC_CERTIFICATES_TOKEN (4)

when I try to read public key with 

pkcs11-tool --read-object --pin 3760328958 --id 1 --type pubkey > tmp/1pub.der

I get this (log with APDU commands)

hw  | pkcs11-tool --read-object --pin 3760328958 --id 1 --type pubkey > tmp/1pub.der
hw  | 00941928 ifdwrapper.c:477:IFDControl() Card not transacted: 606
hw  | 00000104 ifdwrapper.c:477:IFDControl() Card not transacted: 606
hw  | 00006039 APDU: 00 A4 04 00 07 62 76 01 FF 00 00 00 
hw  | 00000500 SW: 6A 82 
hw  | 00000052 APDU: 00 A4 04 00 06 A0 00 00 00 01 01 
hw  | 00000280 SW: 6A 82 
hw  | 00000042 APDU: 00 A4 04 00 0B E8 2B 06 01 04 01 81 C3 1F 02 01 00 
hw  | 00060565 SW: 62 22 81 02 00 00 82 01 01 83 02 00 00 84 0B 2B 06 01 04 01 81 C3 1F 02 01 49 8A 01 05 85 05 04 01 FF 05 00 90 00 
hw  | 00000310 APDU: 00 A4 08 00 02 2F 00 00 
hw  | 00000577 SW: 62 0E 81 02 00 19 82 01 01 83 02 2F 00 8A 01 05 90 00 
hw  | 00000457 APDU: 00 B1 00 00 04 54 02 00 00 19 
hw  | 00000493 SW: 61 17 4F 0B E8 2B 06 01 04 01 81 C3 1F 02 01 50 08 50 69 63 6F 2D 48 53 4D 90 00 
hw  | 00000278 APDU: 00 A4 00 00 02 2F 02 00 
hw  | 00000352 SW: 62 0E 81 02 03 AC 82 01 01 83 02 2F 02 8A 01 05 90 00 
hw  | 00000072 APDU: 00 B1 00 00 00 00 04 54 02 00 00 04 00 
hw  | 00002522 SW: 67 82 01 ED 7F 21 82 01 93 7F 4E 82 01 4B 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 B4 60 AD 65 46 D8 AA FF F0 67 EC 76 56 21 AF 84 B0 4C 8E A8 7B 3B F6 1E 05 2F C7 67 72 EC 6F 54 7A DD 9B CE EB 92 35 2F 40 70 3A C5 00 47 B8 D6 E8 E4 FE 64 16 BE 81 6F 3F EE BA AB 07 85 47 89 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 78 06 15 48 04 4E E6 0D B9 CA 7C 2F 5C BF 23 4A E8 FE DE 33 4C FB 58 82 16 C9 3A 8C 67 6C 31 15 80 75 53 0E DF 10 44 3B 8E E8 B2 0F 91 8B 5B F1 3D 01 A8 19 CF 5E 6F 02 0E F2 13 5B 7B B8 FE 4C 7F 21 82 01 B6 7F 4E 82 01 6E 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 4C 0E 06 09 04 00 7F 00 07 03 01 02 02 53 01 00 5F 25 06 02 03 00 03 02 01 5F 24 06 07 00 01 02 03 01 5F 37 40 0C EB C6 5F 63 1B 52 1B 34 EC 61 BB 10 50 71 E8 0A F6 54 B5 E6 06 49 9F D2 8F 2E 6C EA 1D AC F7 07 F9 F3 08 EE 3E 91 C8 BF 9B 32 B6 80 F6 B7 7A 5D AA 35 61 D3 CC 90 C6 10 FD E8 32 39 67 B4 3B 90 00 
hw  | 00000109 APDU: 00 B1 00 00 04 54 02 03 AC 54 
hw  | 00000340 SW: 90 00 
hw  | 00000021 APDU: 00 A4 00 00 02 2F 03 00 
hw  | 00000310 SW: 62 0E 81 02 00 2C 82 01 01 83 02 2F 03 8A 01 05 90 00 
hw  | 00000009 APDU: 00 B1 00 00 00 00 04 54 02 00 00 02 00 
hw  | 00000371 SW: 30 2A 02 01 05 04 08 E6 61 24 83 CB 1F 93 2D 0C 0D 50 6F 6C 20 48 65 6E 61 72 65 6A 6F 73 80 08 50 69 63 6F 2D 48 53 4D 03 02 04 30 90 00 
hw  | 00000011 APDU: 00 B1 00 00 00 00 04 54 02 00 2C 01 D4 
hw  | 00000462 SW: 90 00 
hw  | 00000021 APDU: 00 20 00 81 
hw  | 00000288 SW: 63 C3 
hw  | 00000013 APDU: 00 20 00 88 
hw  | 00000313 SW: 63 CF 
hw  | 00000010 APDU: 00 20 00 85 
hw  | 00000355 SW: 90 00 
hw  | 00000071 APDU: 80 58 00 00 00 00 00 
hw  | 00000348 SW: C4 00 CC 00 CC 01 C4 01 90 00 
hw  | 00000064 APDU: 00 A4 00 00 02 C4 00 00 
hw  | 00000559 SW: 62 0E 81 02 00 3A 82 01 08 83 02 C4 00 8A 01 05 90 00 
hw  | 00000020 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00000467 SW: A0 38 30 0D 0C 0B 45 53 50 49 43 4F 48 53 4D 54 52 30 1B 04 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 03 07 20 80 A1 0A 30 08 30 02 04 00 02 02 01 00 90 00 
hw  | 00000017 APDU: 00 B1 00 00 00 00 04 54 02 00 3A 0F C6 
hw  | 00000454 SW: 90 00 
hw  | 00000020 APDU: 00 A4 00 00 02 CE 00 00 
hw  | 00000323 SW: 62 0E 81 02 01 F1 82 01 08 83 02 CE 00 8A 01 05 90 00 
hw  | 00000028 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00001424 SW: 67 82 01 ED 7F 21 82 01 93 7F 4E 82 01 4B 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 B4 60 AD 65 46 D8 AA FF F0 67 EC 76 56 21 AF 84 B0 4C 8E A8 7B 3B F6 1E 05 2F C7 67 72 EC 6F 54 7A DD 9B CE EB 92 35 2F 40 70 3A C5 00 47 B8 D6 E8 E4 FE 64 16 BE 81 6F 3F EE BA AB 07 85 47 89 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 78 06 15 48 04 4E E6 0D B9 CA 7C 2F 5C BF 23 4A E8 FE DE 33 4C FB 58 82 16 C9 3A 8C 67 6C 31 15 80 75 53 0E DF 10 44 3B 8E E8 B2 0F 91 8B 5B F1 3D 01 A8 19 CF 5E 6F 02 0E F2 13 5B 7B B8 FE 4C 90 00 
hw  | 00000122 APDU: 00 B1 00 00 00 00 04 54 02 01 F1 0E 0F 
hw  | 00000559 SW: 90 00 
hw  | 00000035 APDU: 00 A4 00 00 02 C4 01 00 
hw  | 00000506 SW: 62 0E 81 02 00 28 82 01 01 83 02 C4 01 8A 01 05 90 00 
hw  | 00000010 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00000341 SW: A0 26 30 07 03 02 07 80 04 01 01 30 0F 04 01 01 03 03 07 20 80 03 02 03 B8 02 01 01 A1 0A 30 08 30 02 04 00 02 02 01 00 90 00 
hw  | 00000011 APDU: 00 B1 00 00 00 00 04 54 02 00 28 0F D8 
hw  | 00000293 SW: 90 00 
hw  | 00000014 APDU: 00 A4 00 00 02 CE 01 00 
hw  | 00000355 SW: 62 0E 81 02 01 B2 82 01 01 83 02 CE 01 8A 01 05 90 00 
hw  | 00000011 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00001361 SW: 67 82 01 AE 7F 21 82 01 54 7F 4E 82 01 0C 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 81 DF 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FE FF FF FC 2F 82 01 00 83 01 07 84 41 04 79 BE 66 7E F9 DC BB AC 55 A0 62 95 CE 87 0B 07 02 9B FC DB 2D CE 28 D9 59 F2 81 5B 16 F8 17 98 48 3A DA 77 26 A3 C4 65 5D A4 FB FC 0E 11 08 A8 FD 17 B4 48 A6 85 54 19 9C 47 D0 8F FB 10 D4 B8 85 20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FE BA AE DC E6 AF 48 A0 3B BF D2 5E 8C D0 36 41 41 86 41 04 20 B8 71 F3 CE D0 29 E1 44 72 EC 4E BC 3C 04 48 16 49 42 B1 23 AA 6A F9 1A 33 86 C1 C4 03 E0 EB D3 B4 A5 75 2A 2B 6C 49 E5 74 61 9E 6A A0 54 9E B9 CC D0 36 B9 BB C5 07 E1 F7 F9 71 2A 23 60 92 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 70 9D A6 F8 D6 B3 72 95 E7 C4 F3 F7 97 46 42 5C D5 9A 66 80 D5 AF B5 F0 77 8A 38 B0 23 63 2A 58 28 F7 17 4F 5B E7 97 55 5C EF 29 82 4C FE AF 26 53 66 C5 21 86 76 57 DE FD 99 0F E9 BF 18 34 3B 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 CB BE 2D 03 39 6F F6 17 60 07 39 8F 01 DC 8F 71 57 16 41 BC 43 9F EB C8 47 61 86 F1 72 D7 AB 21 3B 3C E1 8A 5C 3C 50 BE 8D 2F 21 15 32 DA 8A 9D DD 76 91 2B AB FF AC 33 B3 A1 02 55 85 C7 66 C0 90 00 
hw  | 00000099 APDU: 00 B1 00 00 00 00 04 54 02 01 B2 0E 4E 
hw  | 00000494 SW: 90 00 
hw  | Using slot 3 with a present token (0xc)
hw  | 00029752 APDU: 00 20 00 81 
hw  | 00000379 SW: 63 C3 
hw  | 00000025 APDU: 00 20 00 81 0A 33 37 36 30 33 32 38 39 35 38 
hw  | 00085827 SW: 90 00 
hw  | read EC key
hw  | writing EC key
hw  | read EC key
hw  | writing EC key
hw  | 00027402 ifdwrapper.c:477:IFDControl() Card not transacted: 606
hw  | 00000458 ifdwrapper.c:477:IFDControl() Card not transacted: 606
hw  | 00007525 APDU: 00 A4 04 00 07 62 76 01 FF 00 00 00 
hw  | 00001315 SW: 6A 82 
hw  | 00000211 APDU: 00 A4 04 00 06 A0 00 00 00 01 01 
hw  | 00000457 SW: 6A 82 
hw  | 00000763 APDU: 00 A4 04 00 0B E8 2B 06 01 04 01 81 C3 1F 02 01 00 
hw  | 00060622 SW: 62 22 81 02 00 00 82 01 01 83 02 00 00 84 0B 2B 06 01 04 01 81 C3 1F 02 01 49 8A 01 05 85 05 04 01 FF 05 00 90 00 
hw  | 00000933 APDU: 00 A4 08 00 02 2F 00 00 
hw  | 00000643 SW: 62 0E 81 02 00 19 82 01 01 83 02 2F 00 8A 01 05 90 00 
hw  | 00000727 APDU: 00 B1 00 00 04 54 02 00 00 19 
hw  | 00000464 SW: 61 17 4F 0B E8 2B 06 01 04 01 81 C3 1F 02 01 50 08 50 69 63 6F 2D 48 53 4D 90 00 
hw  | 00000465 APDU: 00 A4 00 00 02 2F 02 00 
hw  | 00000419 SW: 62 0E 81 02 03 AC 82 01 01 83 02 2F 02 8A 01 05 90 00 
hw  | 00000189 APDU: 00 B1 00 00 00 00 04 54 02 00 00 04 00 
hw  | 00002538 SW: 67 82 01 ED 7F 21 82 01 93 7F 4E 82 01 4B 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 B4 60 AD 65 46 D8 AA FF F0 67 EC 76 56 21 AF 84 B0 4C 8E A8 7B 3B F6 1E 05 2F C7 67 72 EC 6F 54 7A DD 9B CE EB 92 35 2F 40 70 3A C5 00 47 B8 D6 E8 E4 FE 64 16 BE 81 6F 3F EE BA AB 07 85 47 89 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 78 06 15 48 04 4E E6 0D B9 CA 7C 2F 5C BF 23 4A E8 FE DE 33 4C FB 58 82 16 C9 3A 8C 67 6C 31 15 80 75 53 0E DF 10 44 3B 8E E8 B2 0F 91 8B 5B F1 3D 01 A8 19 CF 5E 6F 02 0E F2 13 5B 7B B8 FE 4C 7F 21 82 01 B6 7F 4E 82 01 6E 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 4C 0E 06 09 04 00 7F 00 07 03 01 02 02 53 01 00 5F 25 06 02 03 00 03 02 01 5F 24 06 07 00 01 02 03 01 5F 37 40 0C EB C6 5F 63 1B 52 1B 34 EC 61 BB 10 50 71 E8 0A F6 54 B5 E6 06 49 9F D2 8F 2E 6C EA 1D AC F7 07 F9 F3 08 EE 3E 91 C8 BF 9B 32 B6 80 F6 B7 7A 5D AA 35 61 D3 CC 90 C6 10 FD E8 32 39 67 B4 3B 90 00 
hw  | 00000389 APDU: 00 B1 00 00 04 54 02 03 AC 54 
hw  | 00000533 SW: 90 00 
hw  | 00000202 APDU: 00 A4 00 00 02 2F 03 00 
hw  | 00000351 SW: 62 0E 81 02 00 2C 82 01 01 83 02 2F 03 8A 01 05 90 00 
hw  | 00000060 APDU: 00 B1 00 00 00 00 04 54 02 00 00 02 00 
hw  | 00000431 SW: 30 2A 02 01 05 04 08 E6 61 24 83 CB 1F 93 2D 0C 0D 50 6F 6C 20 48 65 6E 61 72 65 6A 6F 73 80 08 50 69 63 6F 2D 48 53 4D 03 02 04 30 90 00 
hw  | 00000051 APDU: 00 B1 00 00 00 00 04 54 02 00 2C 01 D4 
hw  | 00000324 SW: 90 00 
hw  | 00000096 APDU: 00 20 00 81 
hw  | 00000467 SW: 63 C3 
hw  | 00000054 APDU: 00 20 00 88 
hw  | 00000318 SW: 63 CF 
hw  | 00000046 APDU: 00 20 00 85 
hw  | 00000239 SW: 90 00 
hw  | 00000041 APDU: 80 58 00 00 00 00 00 
hw  | 00000387 SW: C4 00 CC 00 CC 01 C4 01 90 00 
hw  | 00000045 APDU: 00 A4 00 00 02 C4 00 00 
hw  | 00000355 SW: 62 0E 81 02 00 3A 82 01 08 83 02 C4 00 8A 01 05 90 00 
hw  | 00000050 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00000579 SW: A0 38 30 0D 0C 0B 45 53 50 49 43 4F 48 53 4D 54 52 30 1B 04 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 03 07 20 80 A1 0A 30 08 30 02 04 00 02 02 01 00 90 00 
hw  | 00000054 APDU: 00 B1 00 00 00 00 04 54 02 00 3A 0F C6 
hw  | 00000322 SW: 90 00 
hw  | 00000075 APDU: 00 A4 00 00 02 CE 00 00 
hw  | 00000448 SW: 62 0E 81 02 01 F1 82 01 08 83 02 CE 00 8A 01 05 90 00 
hw  | 00000049 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00001578 SW: 67 82 01 ED 7F 21 82 01 93 7F 4E 82 01 4B 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 82 01 1D 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 86 41 04 D2 AB 4F D5 51 70 DC 93 1E F4 0C 5E 21 E2 BC 74 A4 AB 99 FA D3 58 FF E5 CC 58 0D BE 22 6D 1B 9D E3 10 E0 C4 79 03 BE 3B 1E A1 C9 B2 79 77 AE 9A E2 08 44 51 D8 55 32 B5 27 DF 21 AD 13 CA 8C 5B 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 B4 60 AD 65 46 D8 AA FF F0 67 EC 76 56 21 AF 84 B0 4C 8E A8 7B 3B F6 1E 05 2F C7 67 72 EC 6F 54 7A DD 9B CE EB 92 35 2F 40 70 3A C5 00 47 B8 D6 E8 E4 FE 64 16 BE 81 6F 3F EE BA AB 07 85 47 89 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 78 06 15 48 04 4E E6 0D B9 CA 7C 2F 5C BF 23 4A E8 FE DE 33 4C FB 58 82 16 C9 3A 8C 67 6C 31 15 80 75 53 0E DF 10 44 3B 8E E8 B2 0F 91 8B 5B F1 3D 01 A8 19 CF 5E 6F 02 0E F2 13 5B 7B B8 FE 4C 90 00 
hw  | 00000124 APDU: 00 B1 00 00 00 00 04 54 02 01 F1 0E 0F 
hw  | 00000315 SW: 90 00 
hw  | 00000128 APDU: 00 A4 00 00 02 C4 01 00 
hw  | 00000377 SW: 62 0E 81 02 00 28 82 01 01 83 02 C4 01 8A 01 05 90 00 
hw  | 00000059 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00000407 SW: A0 26 30 07 03 02 07 80 04 01 01 30 0F 04 01 01 03 03 07 20 80 03 02 03 B8 02 01 01 A1 0A 30 08 30 02 04 00 02 02 01 00 90 00 
hw  | 00000133 APDU: 00 B1 00 00 00 00 04 54 02 00 28 0F D8 
hw  | 00000330 SW: 90 00 
hw  | 00000228 APDU: 00 A4 00 00 02 CE 01 00 
hw  | 00000383 SW: 62 0E 81 02 01 B2 82 01 01 83 02 CE 01 8A 01 05 90 00 
hw  | 00000182 APDU: 00 B1 00 00 00 00 04 54 02 00 00 10 00 
hw  | 00001428 SW: 67 82 01 AE 7F 21 82 01 54 7F 4E 82 01 0C 5F 29 01 00 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 7F 49 81 DF 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FE FF FF FC 2F 82 01 00 83 01 07 84 41 04 79 BE 66 7E F9 DC BB AC 55 A0 62 95 CE 87 0B 07 02 9B FC DB 2D CE 28 D9 59 F2 81 5B 16 F8 17 98 48 3A DA 77 26 A3 C4 65 5D A4 FB FC 0E 11 08 A8 FD 17 B4 48 A6 85 54 19 9C 47 D0 8F FB 10 D4 B8 85 20 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FE BA AE DC E6 AF 48 A0 3B BF D2 5E 8C D0 36 41 41 86 41 04 20 B8 71 F3 CE D0 29 E1 44 72 EC 4E BC 3C 04 48 16 49 42 B1 23 AA 6A F9 1A 33 86 C1 C4 03 E0 EB D3 B4 A5 75 2A 2B 6C 49 E5 74 61 9E 6A A0 54 9E B9 CC D0 36 B9 BB C5 07 E1 F7 F9 71 2A 23 60 92 87 01 01 5F 20 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 70 9D A6 F8 D6 B3 72 95 E7 C4 F3 F7 97 46 42 5C D5 9A 66 80 D5 AF B5 F0 77 8A 38 B0 23 63 2A 58 28 F7 17 4F 5B E7 97 55 5C EF 29 82 4C FE AF 26 53 66 C5 21 86 76 57 DE FD 99 0F E9 BF 18 34 3B 42 10 45 53 50 49 43 4F 48 53 4D 54 52 30 30 30 30 31 5F 37 40 CB BE 2D 03 39 6F F6 17 60 07 39 8F 01 DC 8F 71 57 16 41 BC 43 9F EB C8 47 61 86 F1 72 D7 AB 21 3B 3C E1 8A 5C 3C 50 BE 8D 2F 21 15 32 DA 8A 9D DD 76 91 2B AB FF AC 33 B3 A1 02 55 85 C7 66 C0 90 00 
hw  | 00000300 APDU: 00 B1 00 00 00 00 04 54 02 01 B2 0E 4E 
hw  | 00000372 SW: 90 00 
hw  | Using slot 3 with a present token (0xc)
hw  | 00036790 APDU: 00 20 00 81 
hw  | 00000542 SW: 63 C3 
hw  | 00000434 APDU: 00 20 00 81 
hw  | 00000438 SW: 63 C3 
hw  | 00000217 APDU: 00 20 00 81 0A 33 37 36 30 33 32 38 39 35 38 
hw  | 00084738 SW: 90 00 
hw  | Using signature algorithm ECDSA
hw  | 00000911 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001648 SW: 64 00 
hw  | 00000139 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001047 SW: 64 00 
hw  | 00000204 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001099 SW: 64 00 
hw  | 00000071 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00000819 SW: 64 00 
hw  | error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
hw  | Aborting.
polhenarejos commented 1 day ago

How is the key generated?

Edit: seems an outdated version of OpenSC. Try to use version 0.26

fastchain commented 15 hours ago

@polhenarejos

How is the key generated?

It was imported following the method described in this comment

Here is key itself, if needed

7c852118294e51e653712a81e05800f419141751be58f605c371e15141b007a6

Edit: seems an outdated version of OpenSC. Try to use version 0.26

didn't help.

polhenarejos commented 13 hours ago

I am using this script and it works:

from picohsm import PicoHSM
from cryptography.hazmat.primitives.asymmetric import ec
from binascii import unhexlify

curve=ec.SECP256K1
secret_key=unhexlify('7c852118294e51e653712a81e05800f419141751be58f605c371e15141b007a6')
pkey = ec.derive_private_key(
    int.from_bytes(secret_key, byteorder='big'),
    curve(),  # Curve used in Ethereum
)
DEFAULT_DKEK = bytes([0x1] * 32)
print(pkey)
device = PicoHSM()
device.initialize(dkek_shares=1)

device.import_dkek(DEFAULT_DKEK)
key_id = device.import_key(pkey, dkek=DEFAULT_DKEK)
print(key_id)
pubkey = device.public_key(key_id, param=curve().name)
print(pubkey)

Also pkcs11-tool:

~/Devel/pico/pico-hsm/build_pico_2040 % pkcs11-tool -O
Using slot 2 with a present token (0x8)
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   04410420b871f3ced029e14472ec4ebc3c0448164942b123aa6af91a3386c1c403e0ebd3b4a5752a2b6c49e574619e6aa0549eb9ccd036b9bbc507e1f7f9712a236092
  EC_PARAMS:  06052b8104000a (OID 1.3.132.0.10)
  label:      
  ID:         31
  Usage:      verify, derive
  Access:     none
  uri:        pkcs11:model=PKCS%2315%20emulated;manufacturer=Pol%20Henarejos;serial=ESPICOHSMTR;token=Pico-HSM;id=%31;object=;type=public
Profile object 16073104
  profile_id:          CKP_PUBLIC_CERTIFICATES_TOKEN (4)
~/Devel/pico/pico-hsm/build_pico_2040 % pkcs11-tool --read-object --pin 648219 --id 31 --type pubkey
Using slot 2 with a present token (0x8)
0V0*?H?=+?
B ?q???)?Dr?N?<HIB?#?j?3?????Ӵ?u*+lI?ta?j?T????6??????q*#`?%
fastchain commented 12 hours ago

@polhenarejos interesting. Was the SecureLock enabled on init and the and unlocked before read?

polhenarejos commented 12 hours ago

No, it wasn't. Can you try the snippet? To isolate the problem. Perhaps it's the securelock.

polhenarejos commented 6 hours ago

I updated the script with SecureLock2 and still works. Can you try it? It is the same as the other comment.

from picohsm import PicoHSM
from cryptography.hazmat.primitives.asymmetric import ec
from binascii import unhexlify
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
import platform
import sys

class SecureLock2:
    def __init__(self, picohsm, secretkey):
        self.picohsm = picohsm
        self.secretkey = secretkey

    def mse(self):
        sk = ec.generate_private_key(ec.SECP256R1())
        pn = sk.public_key().public_numbers()
        self.__pb = sk.public_key().public_bytes(Encoding.X962, PublicFormat.UncompressedPoint)

        ret = self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x01, data=list(self.__pb))

        pk = ec.EllipticCurvePublicKey.from_encoded_point(ec.SECP256R1(), bytes(ret))
        shared_key = sk.exchange(ec.ECDH(), pk)

        xkdf = HKDF(
            algorithm=hashes.SHA256(),
            length=12+32,
            salt=None,
            info=self.__pb
        )
        kdf_out = xkdf.derive(shared_key)
        self.__key_enc = kdf_out[12:]
        self.__iv = kdf_out[:12]

    def encrypt_chacha(self, data):
        chacha = ChaCha20Poly1305(self.__key_enc)
        ct = chacha.encrypt(self.__iv, data, self.__pb)
        return ct

    def unlock_device(self):

        ct = self.get_skey()

        self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x03, data=list(ct))

    def _get_key_device(self):
        return self.secretkey

    def get_skey(self):
        self.mse()
        ct = self.encrypt_chacha(self._get_key_device())
        return ct

    def enable_device_aut(self):
        ct = self.get_skey()
        self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x02, data=list(ct))

    def disable_device_aut(self):
        ct = self.get_skey()
        self.picohsm.send(cla=0x80, command=0x64, p1=0x3A, p2=0x04, p3=list(ct))

curve=ec.SECP256K1
secret_key=unhexlify('7c852118294e51e653712a81e05800f419141751be58f605c371e15141b007a6')
pkey = ec.derive_private_key(
    int.from_bytes(secret_key, byteorder='big'),
    curve(),  # Curve used in Ethereum
)
DEFAULT_DKEK = bytes([0x1] * 32)
print(pkey)
device = PicoHSM()
device.initialize(dkek_shares=1)

device.import_dkek(DEFAULT_DKEK)
key_id = device.import_key(pkey, dkek=DEFAULT_DKEK)
print(key_id)
pubkey = device.public_key(key_id, param=curve().name)
print(pubkey)
slck = SecureLock2(device,secret_key)
slck.enable_device_aut()
slck.unlock_device()
pubkey = device.public_key(key_id, param=curve().name)
print(pubkey)

BTW, note that the log you posted is doing an ECDSA signature (4 attempts), nothing related with getting the pubkey. So what is failing in the log is the signature command.

hw  | Using signature algorithm ECDSA
hw  | 00000911 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001648 SW: 64 00 
hw  | 00000139 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001047 SW: 64 00 
hw  | 00000204 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00001099 SW: 64 00 
hw  | 00000071 APDU: 80 68 01 70 00 00 20 33 F4 34 0C E7 2D CB 30 E5 E9 11 49 F6 22 C5 CA 5A A5 8C E8 FF A3 6A 75 8D 31 2C 72 73 9A CD 71 02 00 
hw  | 00000819 SW: 64 00 
hw  | error: PKCS11 function C_SignFinal failed: rv = CKR_GENERAL_ERROR (0x5)
hw  | Aborting.

If you want the log generated by pkcs11-tool, prepend OPENSC_DEBUG=9:

OPENSC_DEBUG=9 pkcs11-tool --read-object --pin 648219 --id 31 --type pubkey