Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0.20.0-rc4: sc_pkcs15_compute_signature not called from OpenSCToken #20

Closed
jmastr opened this issue Dec 14, 2019 · 20 comments
Closed

0.20.0-rc4: sc_pkcs15_compute_signature not called from OpenSCToken #20

jmastr opened this issue Dec 14, 2019 · 20 comments

Comments

@jmastr
Copy link

jmastr commented Dec 14, 2019
edited

@frankmorgner Thank you for uploading the dmg file for OpenSC-0.20.0-rc4! With the new release candidate I encounter a strange behaviour:

signData (which itself calls sc_pkcs15_compute_signature) from TokenSessions.m is not called, when I try to log in into a webpage via certificate.

On the same machine downgrading from OpenSC-0.20.0-rc4 to OpenSC-0.20.0-rc3 gives me the expected log output (but fails to sign the request due to another issue with TCOS, which was fixed in OpenSC-0.20.0-rc4).

Here is some logs. First OpenSC-0.20.0-rc3:

P:2170; T:0x123145461694464 17:03:39.894 [cryptotokenkit] pkcs15-pubkey.c:1339:sc_pkcs15_pubkey_from_spki_fields: sc_pkcs15_pubkey_from_spki_fields() called: 0x7f9d06802752:291
300D06092A864886F70D010101050003 820110003082010B02820101009B42E5 475FDAF6F71D5FF09D33DDEA33B03F13
B76A039612852BBFC34C3830D070B826 3BF90B17308ADB5A801ABA3F7A50D6C9 19F8D88B7D67069B71D330F31DB80EDB
FDA29616CE56CB4DF64301C3A6990E45 8BE81D6A96BB2FE4CCD0482E06265135 627EC349CCC25183967A45ADE8836269
0F5604F35EC62AC4C957410E4714950D 22C1D01B83BE43C2D828009C1DB1101E 01E7D0515DE7C40684C04977A04C9388
B8DFB4D499E65592105EF887B125E4FA 5CD0462AFA4A997229B700AB3F72E1F8 7B82257657FABA97EE7BB2A278F447CE
05B6EC1190F1C2450B0A24D93D64F45E E7D95FE027C2A7ED9670481AD020BE5C 4038BD326247707A66BB72262D020440
000081
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.1'
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:1376:sc_pkcs15_pubkey_from_spki_fields: DEE pk_alg.algorithm=0
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:590:sc_pkcs15_decode_pubkey_rsa: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:601:sc_pkcs15_decode_pubkey_rsa: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-pubkey.c:1423:sc_pkcs15_pubkey_from_spki_fields: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.11'
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:39.895 [cryptotokenkit] pkcs15-cert.c:399:sc_pkcs15_read_certificate: returning with: 0 (Success)
P:2170; T:0x123145461694464 17:03:48.489 [cryptotokenkit] pkcs15-sec.c:565:sc_pkcs15_compute_signature: called
P:2170; T:0x123145461694464 17:03:48.489 [cryptotokenkit] pkcs15-sec.c:613:sc_pkcs15_compute_signature: supported algorithm flags 0x103, private key usage 0x7
...

Here from OpenSC-0.20.0-rc4, where is just hangs:

P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-pubkey.c:1343:sc_pkcs15_pubkey_from_spki_fields: sc_pkcs15_pubkey_from_spki_fields() called: 0x7f82f2802d52:291
300D06092A864886F70D010101050003 820110003082010B02820101009B42E5 475FDAF6F71D5FF09D33DDEA33B03F13
B76A039612852BBFC34C3830D070B826 3BF90B17308ADB5A801ABA3F7A50D6C9 19F8D88B7D67069B71D330F31DB80EDB
FDA29616CE56CB4DF64301C3A6990E45 8BE81D6A96BB2FE4CCD0482E06265135 627EC349CCC25183967A45ADE8836269
0F5604F35EC62AC4C957410E4714950D 22C1D01B83BE43C2D828009C1DB1101E 01E7D0515DE7C40684C04977A04C9388
B8DFB4D499E65592105EF887B125E4FA 5CD0462AFA4A997229B700AB3F72E1F8 7B82257657FABA97EE7BB2A278F447CE
05B6EC1190F1C2450B0A24D93D64F45E E7D95FE027C2A7ED9670481AD020BE5C 4038BD326247707A66BB72262D020440
000081
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.1'
P:2606; T:0x123145499041792 13:18:23.106 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:1380:sc_pkcs15_pubkey_from_spki_fields: DEE pk_alg.algorithm=0
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:594:sc_pkcs15_decode_pubkey_rsa: called
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:605:sc_pkcs15_decode_pubkey_rsa: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-pubkey.c:1427:sc_pkcs15_pubkey_from_spki_fields: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:487:sc_asn1_decode_algorithm_id: called
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:495:sc_asn1_decode_algorithm_id: decoded OID '1.2.840.113549.1.1.11'
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-algo.c:512:sc_asn1_decode_algorithm_id: returning with: 0 (Success)
P:2606; T:0x123145499041792 13:18:23.107 [cryptotokenkit] pkcs15-cert.c:399:sc_pkcs15_read_certificate: returning with: 0 (Success)

The strange thing is, even building OpenSC-0.20.0-rc3 on my local machine and trying different commits from OpenSCToken yield to the same result. Have there been any updates to the build environment? How does signData get called?

Thank you for your help!
@frankmorgner
Copy link
Owner

Why do you think it hangs, are you sure to present the correct certificate to the website? Does client authentication work on Firefox?

@jmastr
Copy link
Author

jmastr commented Dec 15, 2019

Does client authentication work on Firefox?

Unfortunately I cannot test that, because I can only access the page via Chrome.

Why do you think it hangs, are you sure to present the correct certificate to the website?

Maybe hangs is not wrong wording. The log output just stops, where in rc3 I could a call to sc_pkcs15_compute_signature. I compared the serial numbers of the certificates. It is the same in both cases.

Could keychain and token interfere with each other?

OpenSC-0.20.0-rc3:

% system_profiler SPSmartCardsDataType
SmartCards:

    Readers:

      #01: Identiv SCR3500 C Contact Reader (ATR:{length = 24, bytes = 0x3bbfb6008131fe5d00640428030231c073f701d000900067})

    Reader Drivers:

      #01: org.debian.alioth.pcsclite.smartcardccid:1.4.31 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
      #02: com.scmmicro.drivers.scmccid:(null) (/usr/local/libexec/SmartCardServices/drivers/scmccid.bundle)

    Tokend Drivers:

    SmartCard Drivers:

      #01: org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:1.1.1 (/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex)
      #02: com.apple.CryptoTokenKit.pivtoken:1.0(disabled) (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)

    Available SmartCards (keychain):

        com.apple.setoken:

        com.apple.setoken:aks:

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:8949017360005891279:

          #01: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x743f677bb2476541d4fae546bab5e01d161f0da1}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:21 +0000 to: 2021-05-01 06:55:21 +0000, SSL trust: YES, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

          #02: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x743f677bb2476541d4fae546bab5e01d161f0da1}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:21 +0000 to: 2021-05-01 06:55:21 +0000, SSL trust: YES, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----


    Available SmartCards (token):

        com.apple.setoken:

        com.apple.setoken:aks:

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:8949017360005891279:

          #01: Kind: private RSA 2048-bit, Certificate: no, Usage: Sign Decrypt Unwrap 
Valid from: N/A to: N/A, SSL trust: N/A, X509 trust: N/A

          #02: Certificate {length = 20, bytes = 0x849f4a16434720fb25500ac0597a1954d38f78e9}

OpenSC-0.20.0-rc4:

% system_profiler SPSmartCardsDataType
SmartCards:

    Readers:

      #01: Identiv SCR3500 C Contact Reader (ATR:{length = 24, bytes = 0x3bbfb6008131fe5d00640428030231c073f701d000900067})

    Reader Drivers:

      #01: org.debian.alioth.pcsclite.smartcardccid:1.4.31 (/usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle)
      #02: com.scmmicro.drivers.scmccid:(null) (/usr/local/libexec/SmartCardServices/drivers/scmccid.bundle)

    Tokend Drivers:

    SmartCard Drivers:

      #01: org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:1.1.1 (/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex)
      #02: com.apple.CryptoTokenKit.pivtoken:1.0(disabled) (/System/Library/Frameworks/CryptoTokenKit.framework/PlugIns/pivtoken.appex)

    Available SmartCards (keychain):

        com.apple.setoken:

        com.apple.setoken:aks:

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:8949017360005891279:

          #01: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x743f677bb2476541d4fae546bab5e01d161f0da1}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:21 +0000 to: 2021-05-01 06:55:21 +0000, SSL trust: YES, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

          #02: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x849f4a16434720fb25500ac0597a1954d38f78e9}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:24 +0000 to: 2021-05-01 06:55:24 +0000, SSL trust: NO, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----


    Available SmartCards (token):

        com.apple.setoken:

        com.apple.setoken:aks:

        org.opensc-project.mac.opensctoken.OpenSCTokenApp.OpenSCToken:8949017360005891279:

          #01: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x743f677bb2476541d4fae546bab5e01d161f0da1}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:21 +0000 to: 2021-05-01 06:55:21 +0000, SSL trust: YES, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

          #02: Kind: private RSA 2048-bit, Certificate: {length = 20, bytes = 0x849f4a16434720fb25500ac0597a1954d38f78e9}, Usage: Sign Decrypt Unwrap 
Valid from: 2018-05-02 06:55:24 +0000 to: 2021-05-01 06:55:24 +0000, SSL trust: NO, X509 trust: YES 

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

I am goind to upgrade from 10.15.1 to 10.15.2. Maybe that helps... I keep you posted.

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019
edited

@frankmorgner So I did a lot of digging yesterday and I made it work! :) However before commiting a patch I would like to discuss some things.

First of all, this is the code line my card cannot pass:

OpenSCToken/OpenSCToken/TokenSession.m

Lines 202 to 203 in d508acf

if (!alg_info || ((alg_info->flags & minimum_flags) != minimum_flags))
return NO;

Adding some debug log it was shown that algorithmToFlags(TKTokenKeyAlgorithm * algorithm) would return SC_ALGORITHM_RSA_RAW or (unsigned int) -1 (I was not able to find which alogrithm the OS/Browser request) for minimum_flags.

For SC_ALGORITHM_RSA_RAW: it was removed in OpenSC/OpenSC@bee5c6d. The only signature scheme left is SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE. Can we be sure that my card does not support SC_ALGORITHM_RSA_RAW?

Last but not least in my case it wants to calculate a signature with datalen = 256, so it cannot pass this line: https://github.com/OpenSC/OpenSC/blob/ee78b0b80514460936c585c3ff5fc477338ae371/src/libopensc/card-tcos.c#L554. Replacing:

-	if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
+	if (datalen > 256) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);

works. Could this be an "off-by-one" error?

Thank you for your help!

@frankmorgner
Copy link
Owner

Maybe, @Jakuje, can look at the TCOS properties...

Here is a list of Apple's security mechanisms: https://developer.apple.com/documentation/security/seckeyalgorithm?language=objc In OpenSCToken, I don't check for kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw, which could maybe be translated to SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE, which would be possible with the current TCOS flags. Apple's flags, however, aren't specified very well, so I'm not sure.

@frankmorgner
Copy link
Owner

Just to be exact, what would be the exact patch to make client authentication work for you?

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019
edited

Possible solution 1 (known working):

diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index c2476a37..82533fbf 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -95,9 +95,7 @@ static int tcos_init(sc_card_t *card)
        card->drv_data = (void *)data;
        card->cla = 0x00;
 
-        if (card->type != SC_CARD_TYPE_TCOS_V3) {
-                flags |= SC_ALGORITHM_RSA_RAW;
-        }
+        flags = SC_ALGORITHM_RSA_RAW;
         flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
         flags |= SC_ALGORITHM_RSA_HASH_NONE;
 
@@ -551,7 +549,7 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
        assert(card != NULL && data != NULL && out != NULL);
        tcos3=(card->type==SC_CARD_TYPE_TCOS_V3);
 
-       if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
+       if (datalen > 256) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
 
        if(((tcos_data *)card->drv_data)->next_sign){
                if(datalen>48){

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019

Possible solution 2 (untested):

diff --git a/OpenSCToken/TokenSession.m b/OpenSCToken/TokenSession.m
index 442011c..a4af6ab 100644
--- a/OpenSCToken/TokenSession.m
+++ b/OpenSCToken/TokenSession.m
@@ -34,6 +34,8 @@ static unsigned int algorithmToFlags(TKTokenKeyAlgorithm * algorithm)
     if ([algorithm isAlgorithm:kSecKeyAlgorithmRSAEncryptionRaw]
         || [algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureRaw])
         return SC_ALGORITHM_RSA_RAW;
+    if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw])
+        return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE;
     if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1])
         return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1;
     if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224])
diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index c2476a37..82533fbf 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -551,7 +549,7 @@ static int tcos_compute_signature(sc_card_t *card, const u8 * data, size_t datal
        assert(card != NULL && data != NULL && out != NULL);
        tcos3=(card->type==SC_CARD_TYPE_TCOS_V3);
 
-       if (datalen > 255) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
+       if (datalen > 256) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_VERBOSE, SC_ERROR_INVALID_ARGUMENTS);
 
        if(((tcos_data *)card->drv_data)->next_sign){
                if(datalen>48){

@Jakuje
Copy link
Contributor

Jakuje commented Dec 16, 2019

With rc3, the card is still using RAW signature operation emulated with TCOS decryption operation, which is not completely fine. This gets selected by next_sign switch for some key ids. Indeed, in that case you need to bump the 255 to 256 to fit the whole padded input for your key size (and bump it again when the supported key size will increase).

From the input data in tcos_compute_signature(), we could see whether it is PKCS1 padded data from browser (does start with 0x00 0x01 or 0x00 0x02) or RSA-PSS (does it end with 0xbc?), but if you are using something reasonably new, negotiating TLS 1.3 it will already have to be RSA-PSS (not sure how this gets supported through the OSX stack).

In any way, misusing this works only as long as these padding checks will not be performed by card.

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019

@Jakuje I kind of understand what your are writing. I put in all the debug output I could and here is what's requested by the OS (for pairing):

kSecKeyAlgorithmRSAEncryptionOAEPSHA256
kSecKeyAlgorithmRSAEncryptionOAEPSHA256AESGCM
kSecKeyAlgorithmRSAEncryptionRaw

and by the Browser (for signing):

kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1
kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256
kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384
kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512
kSecKeyAlgorithmRSASignatureDigestPSSSHA256
kSecKeyAlgorithmRSASignatureDigestPSSSHA384
kSecKeyAlgorithmRSASignatureDigestPSSSHA512
kSecKeyAlgorithmRSASignatureRaw

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019

It always comes back to kSecKeyAlgorithmRSA{Encryption|Signature}Raw :(

@Jakuje
Copy link
Contributor

Jakuje commented Dec 16, 2019

Yes. The OAEP is not supported natively by your driver and then it falls back to raw operation while doing the OAEP internally. Not sure what is the pairing for though.

But the kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1 (RSA-PKCS1.5 with SHA1) should work just fine as it should be advertised by the OpenSC known algorithm (If I remember well from the previous logs). Wondering why it was not selected/used in your case. This does not look like TLS 1.3 mechanisms.

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019
edited

pairing

One can pair his/her MacOS user with the smartcard or what do you mean?

kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1

card-tcos.c only advertises: SC_ALGORITHM_RSA_PAD_PKCS1 and SC_ALGORITHM_RSA_HASH_NONE, no? So SHA1 is not supported by the card? Sorry for my lack of knowledge...

@Jakuje
Copy link
Contributor

Jakuje commented Dec 16, 2019

In OpenSC/OpenSC#1869 (comment) you reported that the SHA1-RSA-PKCS worked with the testing key 1. And this mechanism should correspond to the kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, if I am right.

http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html#_Toc441850418

@jmastr
Copy link
Author

jmastr commented Dec 16, 2019
edited

That is true. However in: https://github.com/OpenSC/OpenSC/blob/ee78b0b80514460936c585c3ff5fc477338ae371/src/libopensc/card-tcos.c#L98-L102 those SC_ALGORITHM_RSA_* flags are set and checked against:

OpenSCToken/OpenSCToken/TokenSession.m

Lines 32 to 63 in 84e0052

static unsigned int algorithmToFlags(TKTokenKeyAlgorithm * algorithm)
{
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSAEncryptionRaw]
|| [algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureRaw])
return SC_ALGORITHM_RSA_RAW;
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1])
return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA1;
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224])
return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA224;
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256])
return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA256;
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384])
return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA384;
if ([algorithm isAlgorithm:kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512])
return SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_SHA512;
if ([algorithm isAlgorithm:kSecKeyAlgorithmECDSASignatureDigestX962SHA1])
return SC_ALGORITHM_ECDSA_HASH_SHA1;
if ([algorithm isAlgorithm:kSecKeyAlgorithmECDSASignatureMessageX962SHA224])
return SC_ALGORITHM_ECDSA_HASH_SHA224;
if ([algorithm isAlgorithm:kSecKeyAlgorithmECDSASignatureDigestX962SHA256])
return SC_ALGORITHM_ECDSA_HASH_SHA256;
if ([algorithm isAlgorithm:kSecKeyAlgorithmECDSASignatureDigestX962SHA384])
return SC_ALGORITHM_ECDSA_HASH_SHA384;
if ([algorithm isAlgorithm:kSecKeyAlgorithmECDSASignatureDigestX962SHA512])
return SC_ALGORITHM_ECDSA_HASH_SHA512;
if ([algorithm supportsAlgorithm:kSecKeyAlgorithmRSAEncryptionPKCS1])
return SC_ALGORITHM_RSA_PAD_PKCS1;
return (unsigned int) -1;
}
.

Meaning to support SHA1 I would need to add SC_ALGORITHM_RSA_HASH_SHA1 in card-tcos.c. Would that be okay? I am not sure where pkcs11-tool gets that information from.

@Jakuje
Copy link
Contributor

Jakuje commented Dec 17, 2019

The important question is whether it will work.

See the commend in https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/opensc.h#L126 -- for RSA PKCS1.5 the NONE value means that the hashing is not done by the card. But it does not mean that the hashing can not be done by the OpenSC.

@jmastr
Copy link
Author

jmastr commented Dec 17, 2019

With:

diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
index c2476a37..ea26d99b 100644
--- a/src/libopensc/card-tcos.c
+++ b/src/libopensc/card-tcos.c
@@ -100,6 +100,9 @@ static int tcos_init(sc_card_t *card)
         }
         flags |= SC_ALGORITHM_RSA_PAD_PKCS1;
         flags |= SC_ALGORITHM_RSA_HASH_NONE;
+        if (card->type == SC_CARD_TYPE_TCOS_V3) {
+                flags |= SC_ALGORITHM_RSA_HASH_SHA1;
+        }
 
         _sc_card_add_rsa_alg(card, 512, flags, 0);
         _sc_card_add_rsa_alg(card, 768, flags, 0);

I receive tcos_compute_signature: returning with: -1211 (Security status not satisfied)

Log: https://gist.github.com/jmastr/0076aba4fc6392a8b7c7e53652501ab0

@frankmorgner
Copy link
Owner

I don't know whether we can solve this issue in a satisfactory manner...

@jmastr
Copy link
Author

jmastr commented Dec 17, 2019

The thing is that SC_ALGORITHM_RSA_RAW for TCOS was introduced back in 2002 by Werner Koch with OpenSC/OpenSC@d9a7883 and afaik it worked for people.

we really need more documentation and an active developer

I asked again for more documentation.

Can we revert OpenSC/OpenSC@992ed48 and put a comment to it?

@Jakuje
Copy link
Contributor

Jakuje commented Dec 17, 2019

No problem. Go ahead.

@frankmorgner
Copy link
Owner

OK, @jmastr please make a PR with the suggested changes. Please also run pkcs11-tool --test with it.

jmastr pushed a commit to jmastr/OpenSC that referenced this issue Dec 17, 2019
Revert "tcos: Do not advertize non-functional RSA RAW algorithms"
ffacaa0 
This reverts commit bee5c6d.

See frankmorgner/OpenSCToken#20 (comment)
jmastr pushed a commit to jmastr/OpenSC that referenced this issue Dec 17, 2019
tcos: allow correct input length when signing
22af232 
For 2048 bit keys the padded input is 256 bytes long.

Fixes frankmorgner/OpenSCToken#20
frankmorgner pushed a commit to OpenSC/OpenSC that referenced this issue Dec 19, 2019
@frankmorgner
Revert "tcos: Do not advertize non-functional RSA RAW algorithms"
55b7a6f 
This reverts commit bee5c6d.

See frankmorgner/OpenSCToken#20 (comment)
@frankmorgner frankmorgner mentioned this issue Jan 3, 2020
Closed
@frankmorgner frankmorgner mentioned this issue Jan 24, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frankmorgner @Jakuje @jmastr