Menu
▾
▴
opensc-devel
|
From: <Joe...@we...> - 2016-02-19 15:09:02
|
$ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -binary -sha256 > dgst.txt $ OPENSC_DEBUG=9 tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 2016-02-19 11:54:23.686 =================================== 2016-02-19 11:54:23.686 opensc version: 0.15.0 2016-02-19 11:54:23.686 PC/SC options: connect_exclusive=0 disconnect_action=1 transaction_end_action=0 reconnect_action=0 enable_pinpad=1 enable_pace=1 2016-02-19 11:54:23.686 [pkcs15-crypt] reader-pcsc.c:956:pcsc_detect_readers: called 2016-02-19 11:54:23.686 Probing PC/SC readers 2016-02-19 11:54:23.686 Establish PC/SC context 2016-02-19 11:54:23.691 Found new PC/SC reader 'Broadcom Corp Contacted SmartCard 0' 2016-02-19 11:54:23.691 Broadcom Corp Contacted SmartCard 0 check 2016-02-19 11:54:23.691 current state: 0x01700012 2016-02-19 11:54:23.691 previous state: 0x00000000 2016-02-19 11:54:23.691 card absent 2016-02-19 11:54:23.691 Requesting reader features ... 2016-02-19 11:54:23.691 Broadcom Corp Contacted SmartCard 0:SCardConnect(DIRECT): 0x00000000 2016-02-19 11:54:23.691 [pkcs15-crypt] reader-pcsc.c:831:detect_reader_features: called 2016-02-19 11:54:23.692 Broadcom Corp Contacted SmartCard 0:SCardControl failed: 0x00000001 2016-02-19 11:54:23.693 Found new PC/SC reader 'Gemalto USB SmartCard Reader 0' 2016-02-19 11:54:23.693 Gemalto USB SmartCard Reader 0 check 2016-02-19 11:54:23.693 current state: 0x00010422 2016-02-19 11:54:23.693 previous state: 0x00000000 2016-02-19 11:54:23.693 card present, changed 2016-02-19 11:54:23.693 Requesting reader features ... 2016-02-19 11:54:23.868 Gemalto USB SmartCard Reader 0:SCardConnect(SHARED): 0x00000000 2016-02-19 11:54:23.868 [pkcs15-crypt] reader-pcsc.c:831:detect_reader_features: called 2016-02-19 11:54:23.870 Gemalto USB SmartCard Reader 0:SCardControl failed: 0x00000001 2016-02-19 11:54:23.871 [pkcs15-crypt] reader-pcsc.c:1122:pcsc_detect_readers: returning with: 0 (Success) 2016-02-19 11:54:23.871 [pkcs15-crypt] sc.c:251:sc_detect_card_presence: called 2016-02-19 11:54:23.871 [pkcs15-crypt] reader-pcsc.c:372:pcsc_detect_card_presence: called 2016-02-19 11:54:23.871 Gemalto USB SmartCard Reader 0 check 2016-02-19 11:54:23.871 current state: 0x00010022 2016-02-19 11:54:23.871 previous state: 0x00010422 2016-02-19 11:54:23.871 card present 2016-02-19 11:54:23.871 [pkcs15-crypt] reader-pcsc.c:377:pcsc_detect_card_presence: returning with: 1 2016-02-19 11:54:23.872 [pkcs15-crypt] sc.c:256:sc_detect_card_presence: returning with: 1 2016-02-19 11:54:23.872 [pkcs15-crypt] card.c:148:sc_connect_card: called 2016-02-19 11:54:23.872 [pkcs15-crypt] reader-pcsc.c:452:pcsc_connect: called 2016-02-19 11:54:23.872 Gemalto USB SmartCard Reader 0 check 2016-02-19 11:54:23.872 [pkcs15-crypt] reader-pcsc.c:301:refresh_attributes: returning with: 0 (Success) 2016-02-19 11:54:23.873 Initial protocol: T=1 2016-02-19 11:54:23.873 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.873 ATR try : 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.873 ATR try : 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR try : 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR try : 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR try : 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.873 ATR try : 3b:6e:00:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR try : 3b:fe:94:00:ff:80:b1:fa:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:43 2016-02-19 11:54:23.873 ignored - wrong length 2016-02-19 11:54:23.873 ATR try : 3b:5e:11:ff:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:de:18:ff:c0:80:b1:fe:45:1f:03:45:73:74:45:49:44:20:76:65:72:20:31:2e:30:2b 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:6e:00:00:45:73:74:45:49:44:20:76:65:72:20:31:2e:30 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:ff:94:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:23 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:ff:11:00:ff:80:b1:fe:45:1f:03:00:68:d2:76:00:00:28:ff:05:1e:31:80:00:90:00:a6 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 matching configured ATRs 2016-02-19 11:54:23.874 trying driver 'authentic' 2016-02-19 11:54:23.874 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.874 ATR try : 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:00:70:0A:90:00:8B 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 trying driver 'iasecc' 2016-02-19 11:54:23.874 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.874 ATR try : 3B:7F:96:00:00:00:31:B9:64:40:70:14:10:73:94:01:80:82:90:00 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 matching built-in ATRs 2016-02-19 11:54:23.874 trying driver 'cardos' 2016-02-19 11:54:23.874 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.874 ATR try : 3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:d2:18:02:c1:0a:31:fe:58:c8:0d:51 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3b:d2:18:00:81:31:fe:58:c9:01:14 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 trying driver 'flex' 2016-02-19 11:54:23.874 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.874 ATR try : 3b:95:15:40:20:68:01:02:00:00 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:95:15:40:FF:68:01:02:02:01 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:95:15:40:FF:68:01:02:02:04 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:85:40:20:68:01:01:05:01 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:95:94:40:FF:63:01:01:02:01 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:95:15:40:FF:63:01:01:02:01 2016-02-19 11:54:23.874 ignored - wrong length 2016-02-19 11:54:23.874 ATR try : 3B:95:18:40:FF:64:02:01:01:02 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:01:01:00:00 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:01:02:01:04 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:04:01:01:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3b:95:15:40:ff:68:01:02:45:47 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:06 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:07 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:85:40:20:68:01:01:03:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:02:14:50 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:19:14:55:90:01:02:01:00:05:04:B0 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:32:15:00:06:80 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:32:15:00:06:95 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:19:14:59:01:01:0F:01:00:05:08:B0 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:19:14:55:90:01:01:01:00:05:08:B0 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:16:94:81:10:06:01:81:3F 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:16:94:81:10:06:01:81:2F 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 trying driver 'cyberflex' 2016-02-19 11:54:23.875 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.875 ATR try : 3b:95:15:40:20:68:01:02:00:00 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:15:40:FF:68:01:02:02:01 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:15:40:FF:68:01:02:02:04 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:85:40:20:68:01:01:05:01 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:94:40:FF:63:01:01:02:01 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:15:40:FF:63:01:01:02:01 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:64:02:01:01:02 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:01:01:00:00 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:01:02:01:04 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:95:18:40:FF:62:04:01:01:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3b:95:15:40:ff:68:01:02:45:47 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:06 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:E2:00:00:40:20:49:07 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.875 ATR try : 3B:85:40:20:68:01:01:03:05 2016-02-19 11:54:23.875 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:02:14:50 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:19:14:55:90:01:02:01:00:05:04:B0 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:32:15:00:06:80 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:32:15:00:06:95 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:19:14:59:01:01:0F:01:00:05:08:B0 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:19:14:55:90:01:01:01:00:05:08:B0 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:16:94:81:10:06:01:81:3F 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:16:94:81:10:06:01:81:2F 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 trying driver 'gpk' 2016-02-19 11:54:23.876 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.876 ATR try : 3B:27:00:80:65:A2:04:01:01:37 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:27:00:80:65:A2:05:01:01:37 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:27:00:80:65:A2:0C:01:01:37 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:A7:00:40:14:80:65:A2:14:01:01:37 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:A7:00:40:18:80:65:A2:08:01:01:52 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:A7:00:40:18:80:65:A2:09:01:01:52 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:A7:00:40:18:80:65:A2:09:01:02:52 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:A7:00:40:18:80:65:A2:09:01:03:52 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 trying driver 'gemsafeV1' 2016-02-19 11:54:23.876 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.876 ATR try : 3B:7B:94:00:00:80:65:B0:83:01:01:74:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:6B:00:00:80:65:B0:83:01:01:74:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3b:6d:00:00:80:31:80:65:b0:83:01:02:90:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:6B:00:00:80:65:B0:83:01:03:74:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7A:94:00:00:80:65:A2:01:01:01:3D:72:D6:43 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:94:00:00:80:31:80:65:B0:83:01:01:90:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:96:00:00:80:31:80:65:B0:83:11:48:C8:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:C0:A9:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:95:00:00:80:31:80:65:B0:83:11:00:C8:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:7D:96:00:00:80:31:80:65:B0:83:11:00:C8:83:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 trying driver 'miocos' 2016-02-19 11:54:23.876 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.876 ATR try : 3B:9D:94:40:23:00:68:10:11:4D:69:6F:43:4F:53:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 ATR try : 3B:9D:94:40:23:00:68:20:01:4D:69:6F:43:4F:53:00:90:00 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.876 trying driver 'asepcos' 2016-02-19 11:54:23.876 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.876 ATR try : 3b:d6:18:00:81:b1:80:7d:1f:03:80:51:00:61:10:30:8f 2016-02-19 11:54:23.876 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3b:d6:18:00:81:b1:fe:7d:1f:03:41:53:45:37:35:35:01 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 trying driver 'starcos' 2016-02-19 11:54:23.877 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.877 ATR try : 3B:B7:94:00:c0:24:31:fe:65:53:50:4b:32:33:90:00:b4 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:B7:94:00:81:31:fe:65:53:50:4b:32:33:90:00:d1 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3b:b7:18:00:c0:3e:31:fe:65:53:50:4b:32:34:90:00:25 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 trying driver 'tcos' 2016-02-19 11:54:23.877 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.877 ATR try : 3B:BA:13:00:81:31:86:5D:00:64:05:0A:02:01:31:80:90:00:8B 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:BA:14:00:81:31:86:5D:00:64:05:14:02:02:31:80:90:00:91 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:BA:96:00:81:31:86:5D:00:64:05:60:02:03:31:80:90:00:66 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:BA:96:00:81:31:86:5D:00:64:05:7B:02:03:31:80:90:00:7D 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:BF:96:00:81:31:FE:5D:00:64:04:11:03:01:31:C0:73:F7:01:D0:00:90:00:7D 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3B:BF:B6:00:81:31:FE:5D:00:64:04:28:03:02:31:C0:73:F7:01:D0:00:90:00:67 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 trying driver 'openpgp' 2016-02-19 11:54:23.877 ATR : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.877 ATR try : 3b:fa:13:00:ff:81:31:80:45:00:31:c1:73:c0:01:00:00:90:00:b1 2016-02-19 11:54:23.877 ignored - wrong length 2016-02-19 11:54:23.877 ATR try : 3b:da:18:ff:81:b1:fe:75:1f:03:00:31:c5:73:c0:01:40:00:90:00:0c 2016-02-19 11:54:23.877 matched: OpenPGP card 2016-02-19 11:54:23.877 [pkcs15-crypt] apdu.c:563:sc_transmit_apdu: called 2016-02-19 11:54:23.877 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.877 [pkcs15-crypt] reader-pcsc.c:519:pcsc_lock: called 2016-02-19 11:54:23.877 [pkcs15-crypt] apdu.c:530:sc_transmit: called 2016-02-19 11:54:23.877 [pkcs15-crypt] apdu.c:384:sc_single_transmit: called 2016-02-19 11:54:23.877 CLA:0, INS:A4, P1:4, P2:0, data(6) 0025FBD4 2016-02-19 11:54:23.877 reader 'Gemalto USB SmartCard Reader 0' 2016-02-19 11:54:23.877 Outgoing APDU data [ 12 bytes] ===================================== 00 A4 04 00 06 D2 76 00 01 24 01 00 ......v..$.. ====================================================================== 2016-02-19 11:54:23.877 [pkcs15-crypt] reader-pcsc.c:184:pcsc_internal_transmit: called 2016-02-19 11:54:23.894 Incoming APDU data [ 25 bytes] ===================================== 62 15 84 10 D2 76 00 01 24 01 02 01 00 05 00 00 b....v..$....... 2D C0 00 00 8A 01 05 90 00 -........ ====================================================================== 2016-02-19 11:54:23.894 [pkcs15-crypt] apdu.c:399:sc_single_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.894 [pkcs15-crypt] apdu.c:552:sc_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.894 [pkcs15-crypt] card.c:392:sc_unlock: called 2016-02-19 11:54:23.894 [pkcs15-crypt] reader-pcsc.c:556:pcsc_unlock: called 2016-02-19 11:54:23.894 processing FCI bytes 2016-02-19 11:54:23.894 File name: D2 76 00 01 24 01 02 01 00 05 00 00 2D C0 00 00 .v..$.......-... 2016-02-19 11:54:23.895 called, tag=5f52 2016-02-19 11:54:23.895 [pkcs15-crypt] card-openpgp.c:1138:pgp_get_data: called 2016-02-19 11:54:23.895 [pkcs15-crypt] apdu.c:563:sc_transmit_apdu: called 2016-02-19 11:54:23.895 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.895 [pkcs15-crypt] reader-pcsc.c:519:pcsc_lock: called 2016-02-19 11:54:23.895 [pkcs15-crypt] apdu.c:530:sc_transmit: called 2016-02-19 11:54:23.895 [pkcs15-crypt] apdu.c:384:sc_single_transmit: called 2016-02-19 11:54:23.895 CLA:0, INS:CA, P1:5F, P2:52, data(0) 00000000 2016-02-19 11:54:23.895 reader 'Gemalto USB SmartCard Reader 0' 2016-02-19 11:54:23.895 Outgoing APDU data [ 7 bytes] ===================================== 00 CA 5F 52 00 08 00 .._R... ====================================================================== 2016-02-19 11:54:23.895 [pkcs15-crypt] reader-pcsc.c:184:pcsc_internal_transmit: called 2016-02-19 11:54:23.901 Incoming APDU data [ 12 bytes] ===================================== 00 31 C5 73 C0 01 40 05 90 00 90 00 .1.s..@..... ====================================================================== 2016-02-19 11:54:23.901 [pkcs15-crypt] apdu.c:399:sc_single_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.901 [pkcs15-crypt] apdu.c:552:sc_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.901 [pkcs15-crypt] card.c:392:sc_unlock: called 2016-02-19 11:54:23.901 [pkcs15-crypt] reader-pcsc.c:556:pcsc_unlock: called 2016-02-19 11:54:23.901 [pkcs15-crypt] card-openpgp.c:1151:pgp_get_data: returning with: 10 2016-02-19 11:54:23.901 [pkcs15-crypt] card.c:691:sc_get_data: returning with: 10 2016-02-19 11:54:23.901 called, tag=006e 2016-02-19 11:54:23.901 [pkcs15-crypt] card-openpgp.c:1138:pgp_get_data: called 2016-02-19 11:54:23.901 [pkcs15-crypt] apdu.c:563:sc_transmit_apdu: called 2016-02-19 11:54:23.901 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.901 [pkcs15-crypt] reader-pcsc.c:519:pcsc_lock: called 2016-02-19 11:54:23.901 [pkcs15-crypt] apdu.c:530:sc_transmit: called 2016-02-19 11:54:23.901 [pkcs15-crypt] apdu.c:384:sc_single_transmit: called 2016-02-19 11:54:23.901 CLA:0, INS:CA, P1:0, P2:6E, data(0) 00000000 2016-02-19 11:54:23.901 reader 'Gemalto USB SmartCard Reader 0' 2016-02-19 11:54:23.901 Outgoing APDU data [ 7 bytes] ===================================== 00 CA 00 6E 00 08 00 ...n... ====================================================================== 2016-02-19 11:54:23.901 [pkcs15-crypt] reader-pcsc.c:184:pcsc_internal_transmit: called 2016-02-19 11:54:23.959 Incoming APDU data [ 219 bytes] ===================================== 4F 10 D2 76 00 01 24 01 02 01 00 05 00 00 2D C0 O..v..$.......-. 00 00 5F 52 0A 00 31 C5 73 C0 01 40 05 90 00 73 .._R..1.s..@...s 81 B7 C0 0A 7C 00 08 00 08 00 08 00 08 00 C1 06 ....|........... 01 10 00 00 20 00 C2 06 01 08 00 00 20 00 C3 06 .... ....... ... 01 08 00 00 20 00 C4 07 00 20 20 20 03 00 03 C5 .... .... .... 3C EB 7C 72 9A 91 E3 02 16 EF CD 35 DB 6D 2E 4B <.|r.......5.m.K 95 3C C0 A8 BB 00 00 00 00 00 00 00 00 00 00 00 .<.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 C6 3C 00 ..............<. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 CD 0C 56 C6 DC .............V.. 75 00 00 00 00 00 00 00 00 90 00 u.......... ====================================================================== 2016-02-19 11:54:23.959 [pkcs15-crypt] apdu.c:399:sc_single_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.959 [pkcs15-crypt] apdu.c:552:sc_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:392:sc_unlock: called 2016-02-19 11:54:23.959 [pkcs15-crypt] reader-pcsc.c:556:pcsc_unlock: called 2016-02-19 11:54:23.959 [pkcs15-crypt] card-openpgp.c:1151:pgp_get_data: returning with: 217 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:691:sc_get_data: returning with: 217 2016-02-19 11:54:23.959 card info name:'CryptoStick v1.2 (OpenPGP v2.0)', type:9002, flags:0x0, max_send/recv_size:2048/2048 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:1290:sc_card_sm_check: called 2016-02-19 11:54:23.959 card->sm_ctx.ops.open 00000000 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:1296:sc_card_sm_check: returning with: 0 (Success) 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:277:sc_connect_card: returning with: 0 (Success) 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.959 [pkcs15-crypt] reader-pcsc.c:519:pcsc_lock: called 2016-02-19 11:54:23.959 [pkcs15-crypt] pkcs15.c:1186:sc_pkcs15_bind: called 2016-02-19 11:54:23.959 application(aid:'empty') 2016-02-19 11:54:23.959 PKCS#15 options: use_file_cache=0 use_pin_cache=1 pin_cache_counter=10 pin_cache_ignore_user_consent=0 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.959 PKCS#15 emulation enabled 2016-02-19 11:54:23.959 [pkcs15-crypt] pkcs15-syn.c:140:sc_pkcs15_bind_synthetic: called 2016-02-19 11:54:23.959 no emulator list in config file, trying all builtin emulators 2016-02-19 11:54:23.959 trying westcos 2016-02-19 11:54:23.959 sc_pkcs15_init_func_ex westcos 2016-02-19 11:54:23.959 westcos_detect_card (CryptoStick v1.2 (OpenPGP v2.0)) 2016-02-19 11:54:23.959 trying openpgp 2016-02-19 11:54:23.959 called; type=2, path=00655f2d 2016-02-19 11:54:23.959 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.959 called, tag=0065 2016-02-19 11:54:23.959 [pkcs15-crypt] card-openpgp.c:1138:pgp_get_data: called 2016-02-19 11:54:23.959 [pkcs15-crypt] apdu.c:563:sc_transmit_apdu: called 2016-02-19 11:54:23.959 [pkcs15-crypt] card.c:352:sc_lock: called 2016-02-19 11:54:23.959 [pkcs15-crypt] apdu.c:530:sc_transmit: called 2016-02-19 11:54:23.959 [pkcs15-crypt] apdu.c:384:sc_single_transmit: called 2016-02-19 11:54:23.959 CLA:0, INS:CA, P1:0, P2:65, data(0) 00000000 2016-02-19 11:54:23.959 reader 'Gemalto USB SmartCard Reader 0' 2016-02-19 11:54:23.959 Outgoing APDU data [ 7 bytes] ===================================== 00 CA 00 65 00 08 00 ...e... ====================================================================== 2016-02-19 11:54:23.959 [pkcs15-crypt] reader-pcsc.c:184:pcsc_internal_transmit: called 2016-02-19 11:54:23.971 Incoming APDU data [ 13 bytes] ===================================== 5B 00 5F 2D 02 64 65 5F 35 01 39 90 00 [._-.de_5.9.. ====================================================================== 2016-02-19 11:54:23.971 [pkcs15-crypt] apdu.c:399:sc_single_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.971 [pkcs15-crypt] apdu.c:552:sc_transmit: returning with: 0 (Success) 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:392:sc_unlock: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1151:pgp_get_data: returning with: 11 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:691:sc_get_data: returning with: 11 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 called; 2 bytes at index 0 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1029:pgp_read_binary: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1050:pgp_read_binary: returning with: 2 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:525:sc_read_binary: returning with: 2 2016-02-19 11:54:23.971 called; type=2, path=006e007300c4 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 called; 7 bytes at index 0 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1029:pgp_read_binary: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1050:pgp_read_binary: returning with: 7 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:525:sc_read_binary: returning with: 7 2016-02-19 11:54:23.971 called; type=2, path=006e007300c5 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.971 called; 60 bytes at index 0 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1029:pgp_read_binary: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:1050:pgp_read_binary: returning with: 60 2016-02-19 11:54:23.971 [pkcs15-crypt] card.c:525:sc_read_binary: returning with: 60 2016-02-19 11:54:23.971 called; type=2, path=006e007300c1 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.971 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.972 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.972 called; 6 bytes at index 0 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:1029:pgp_read_binary: called 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:1050:pgp_read_binary: returning with: 6 2016-02-19 11:54:23.972 [pkcs15-crypt] card.c:525:sc_read_binary: returning with: 6 2016-02-19 11:54:23.972 called; type=2, path=006e007300c2 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.972 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.972 called; 6 bytes at index 0 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:1029:pgp_read_binary: called 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:1050:pgp_read_binary: returning with: 6 2016-02-19 11:54:23.972 [pkcs15-crypt] card.c:525:sc_read_binary: returning with: 6 2016-02-19 11:54:23.972 called; type=2, path=006e007300c3 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:914:pgp_select_file: called 2016-02-19 11:54:23.972 [pkcs15-crypt] card-openpgp.c:981:pgp_select_file: returning with: 0 (Success) 2016-02-19 11:54:23.972 [pkcs15-crypt] card.c:678:sc_select_file: returning with: 0 (Succe... [truncated message content] |
|
From: Douglas E E. <dee...@gm...> - 2016-02-19 20:52:57
|
I don't think you are doing anything wrong, but the openpgp card is. Using your private key: echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -sign privkey.pem -sha256 > sig.a /tmp$ od -t x1 sig.a 0000000 00 8c f6 db 29 a7 d7 bd b3 63 4c fe d6 a9 fb a5 0000020 e0 38 7a ca a8 d4 9c 36 99 ab f6 2e 81 45 26 a7 0000040 60 4b 25 91 67 7e 86 31 10 5a db b4 86 d3 98 4d 0000060 34 94 0e 5e 0a ba 00 e0 47 2b e6 d2 1a d8 8a 61 0000100 d1 d1 69 c1 3c 02 ac 9d 2a af 23 0d cb 4f 40 a7 0000120 42 38 62 4b 6c b6 47 9d 36 80 f7 7c 17 60 49 46 0000140 a3 a9 92 73 44 0a 3f 6b ed de ff 85 76 f3 f2 32 0000160 6f 56 f3 1d dd c6 0d fe d0 99 e2 bd 1e 33 ea de 0000200 f1 00 a1 35 2c 80 e2 b9 cc da 23 fc c5 25 f1 05 0000220 7c 42 2b 99 3c ea a8 be 9d 00 da bc b1 da 6f 4d ... 0000660 a8 46 f4 46 c9 b2 ad 8d bf 9f 55 35 00 aa d9 5c 0000700 a2 29 7b c0 00 d0 dc d3 82 4c a9 18 55 f0 c0 74 0000720 bb 7d 6e 4b e0 b7 0f 84 c5 49 e2 92 f3 9c 9d 1c 0000740 9c 58 f4 12 d5 4b 36 db b2 3f d2 a2 ff 49 fb 7e 0000760 cd 94 33 4e f6 fd 78 cb 2c 7d a2 55 01 d4 7b 48 The signatire is 512 bytes with the first byte being 0x00 in bad_signature.txt lines 597-612 return 513 bytes, signature + 9000 *BUT* the card is tot returning the leading 0x00! It appears it is a problem with the card, not with OpenSC. On 2/19/2016 9:08 AM, Joe...@we... wrote: > Hi everyone, > I am using the Gemalto Open GPG dongle v2.1 with a RSA 4096 bit key to generate signatures for relatively short ID-strings. In general the process I set up runs fine, but I get a bad signature for > about 2% of my inputs. Bad means the data is 1 byte short and fails verification with openssl. But is not just truncated, comparing to a valid signature generated with openssl it looks completely > different. > I am doing the following: > $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -binary -sha256 > dgst.txt > $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 > $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt > Verification Failure > Doing the same with slightly altered input data runs fine: > $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -binary -sha256 > dgst.txt > $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 > $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt > Verified OK > This is reproducible with different keys (each key fails for different input data though), I saw the same issue when generating rsa signatures with pkcs11-tool (using parameters -s -m RSA-PKCS -i > dgst.txt -o sig.txt) , again the bad signatures happen for different input data, so to me it seems that certain key/data combinations may have an issue, or I am doing something wrong... > Please find attached the logs of both runs I mentioned above with OPENSC_DEBUG=9 set (you can see the good run returned 512 bytes as signature, whereas the bad one only returned 511), and the public > and private key stored on the card I used for this example (which I explicitly generated for this test ;-) ) > I have no idea what I might be doing wrong, any help would be highly appreciated! > Thanks > Jörg > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
|
From: Douglas E E. <dee...@gm...> - 2016-02-20 15:41:35
|
Some one who knows the card-openpgp.c code needs to look at this. One more comment. Mathematically, the RSA signature is a large integer. But when used in certificates it is stored as an ASN.1 BIT STRING with leading 0 (because signature is multiple of 8 bits) followed by the 512 bytes of the signature for the 4096 bit key. So there is a 1/256 chance the first byte of the actual signature being zero. (I have one such certificate.) Your card is dropping the leading zero. I would have assumed that if all openpgp cards dropped a leading zero byte, that this would have showed up long ago as a bug in the OpenSC openpgp driver. I could be wrong. But code could be added to the driver to handle this. It may be OpenPGP does not care, but when used within OpenSC, the leading byte should be there. On 2/19/2016 9:08 AM, Joe...@we... wrote: > Hi everyone, > I am using the Gemalto Open GPG dongle v2.1 with a RSA 4096 bit key to generate signatures for relatively short ID-strings. In general the process I set up runs fine, but I get a bad signature for > about 2% of my inputs. Bad means the data is 1 byte short and fails verification with openssl. But is not just truncated, comparing to a valid signature generated with openssl it looks completely > different. > I am doing the following: > $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -binary -sha256 > dgst.txt > $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 > $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt > Verification Failure > Doing the same with slightly altered input data runs fine: > $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -binary -sha256 > dgst.txt > $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 > $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt > Verified OK > This is reproducible with different keys (each key fails for different input data though), I saw the same issue when generating rsa signatures with pkcs11-tool (using parameters -s -m RSA-PKCS -i > dgst.txt -o sig.txt) , again the bad signatures happen for different input data, so to me it seems that certain key/data combinations may have an issue, or I am doing something wrong... > Please find attached the logs of both runs I mentioned above with OPENSC_DEBUG=9 set (you can see the good run returned 512 bytes as signature, whereas the bad one only returned 511), and the public > and private key stored on the card I used for this example (which I explicitly generated for this test ;-) ) > I have no idea what I might be doing wrong, any help would be highly appreciated! > Thanks > Jörg > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
|
From: Joerg K. <joe...@we...> - 2016-02-21 09:54:09
|
Thanks for your quick reply! I would also have thought that if this is a general issue with the card it would have shown up a long time ago... But if I understood your comment correctly it is really "just" a missing leading zero, right? In that case it would be relatively straight forward and a valid workaround to detect and correct this from opensc without introducing some security issue? I am obviously not familiar with the source code in card-openpgp and not an expert in this area, but if someone points me to the right functions I'd need to look at I'd be happy to help adding this. On 20.02.2016 16:41, Douglas E Engert wrote: > Some one who knows the card-openpgp.c code needs to look at this. > > > One more comment. Mathematically, the RSA signature is a large integer. But when used in certificates it is stored as > an ASN.1 BIT STRING with leading 0 (because signature is multiple of 8 bits) followed by the 512 bytes of the signature for the 4096 bit key. > So there is a 1/256 chance the first byte of the actual signature being zero. (I have one such certificate.) > Your card is dropping the leading zero. > > I would have assumed that if all openpgp cards dropped a leading zero byte, that this would have showed up long ago > as a bug in the OpenSC openpgp driver. I could be wrong. But code could be added to the driver to handle this. > It may be OpenPGP does not care, but when used within OpenSC, the leading byte should be there. > > > On 2/19/2016 9:08 AM, Joe...@we... wrote: >> Hi everyone, >> I am using the Gemalto Open GPG dongle v2.1 with a RSA 4096 bit key to generate signatures for relatively short ID-strings. In general the process I set up runs fine, but I get a bad signature for >> about 2% of my inputs. Bad means the data is 1 byte short and fails verification with openssl. But is not just truncated, comparing to a valid signature generated with openssl it looks completely >> different. >> I am doing the following: >> $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -binary -sha256 > dgst.txt >> $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 >> $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt >> Verification Failure >> Doing the same with slightly altered input data runs fine: >> $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -binary -sha256 > dgst.txt >> $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 >> $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt >> Verified OK >> This is reproducible with different keys (each key fails for different input data though), I saw the same issue when generating rsa signatures with pkcs11-tool (using parameters -s -m RSA-PKCS -i >> dgst.txt -o sig.txt) , again the bad signatures happen for different input data, so to me it seems that certain key/data combinations may have an issue, or I am doing something wrong... >> Please find attached the logs of both runs I mentioned above with OPENSC_DEBUG=9 set (you can see the good run returned 512 bytes as signature, whereas the bad one only returned 511), and the public >> and private key stored on the card I used for this example (which I explicitly generated for this test ;-) ) >> I have no idea what I might be doing wrong, any help would be highly appreciated! >> Thanks >> Jörg >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 >> >> >> >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> |
|
From: Douglas E E. <dee...@gm...> - 2016-02-21 13:54:03
Attachments:
openpgp-short-signature.txt
|
Try the attache patch. It is against http:/github.com/OpenSC/OpenSC Using the data and key thea produces the short signature you should see in debug log: Incoming APDU data [ 513 bytes] ===================================== ... card-openpgp.c:XXXX:pgp_compute_signature: returning with: 512 where it used to say 511 On 2/21/2016 3:53 AM, Joerg Kesten wrote: > Thanks for your quick reply! > > I would also have thought that if this is a general issue with the card > it would have shown up a long time ago... > > But if I understood your comment correctly it is really "just" a missing > leading zero, right? In that case it would be relatively straight > forward and a valid workaround to detect and correct this from opensc > without introducing some security issue? > > I am obviously not familiar with the source code in card-openpgp and not > an expert in this area, but if someone points me to the right functions > I'd need to look at I'd be happy to help adding this. > > > On 20.02.2016 16:41, Douglas E Engert wrote: >> Some one who knows the card-openpgp.c code needs to look at this. >> >> >> One more comment. Mathematically, the RSA signature is a large integer. But when used in certificates it is stored as >> an ASN.1 BIT STRING with leading 0 (because signature is multiple of 8 bits) followed by the 512 bytes of the signature for the 4096 bit key. >> So there is a 1/256 chance the first byte of the actual signature being zero. (I have one such certificate.) >> Your card is dropping the leading zero. >> >> I would have assumed that if all openpgp cards dropped a leading zero byte, that this would have showed up long ago >> as a bug in the OpenSC openpgp driver. I could be wrong. But code could be added to the driver to handle this. >> It may be OpenPGP does not care, but when used within OpenSC, the leading byte should be there. >> >> >> On 2/19/2016 9:08 AM, Joe...@we... wrote: >>> Hi everyone, >>> I am using the Gemalto Open GPG dongle v2.1 with a RSA 4096 bit key to generate signatures for relatively short ID-strings. In general the process I set up runs fine, but I get a bad signature for >>> about 2% of my inputs. Bad means the data is 1 byte short and fails verification with openssl. But is not just truncated, comparing to a valid signature generated with openssl it looks completely >>> different. >>> I am doing the following: >>> $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -binary -sha256 > dgst.txt >>> $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 >>> $ echo -ne "CgABEQS/SUEAAAAAAAAINA==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt >>> Verification Failure >>> Doing the same with slightly altered input data runs fine: >>> $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -binary -sha256 > dgst.txt >>> $ tools/pkcs15-crypt.exe -s -k 1 -r 1 -i dgst.txt -o sig.txt --sha-256 --pkcs1 -p 123456 >>> $ echo -ne "CgABEQS/SUEAAAAAAAAINB==" | openssl dgst -sha256 -verify pubkey.pem -signature sig.txt >>> Verified OK >>> This is reproducible with different keys (each key fails for different input data though), I saw the same issue when generating rsa signatures with pkcs11-tool (using parameters -s -m RSA-PKCS -i >>> dgst.txt -o sig.txt) , again the bad signatures happen for different input data, so to me it seems that certain key/data combinations may have an issue, or I am doing something wrong... >>> Please find attached the logs of both runs I mentioned above with OPENSC_DEBUG=9 set (you can see the good run returned 512 bytes as signature, whereas the bad one only returned 511), and the public >>> and private key stored on the card I used for this example (which I explicitly generated for this test ;-) ) >>> I have no idea what I might be doing wrong, any help would be highly appreciated! >>> Thanks >>> Jörg >>> >>> >>> ------------------------------------------------------------------------------ >>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>> Monitor end-to-end web transactions and take corrective actions now >>> Troubleshoot faster and improve end-user experience. Signup Now! >>> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 >>> >>> >>> >>> _______________________________________________ >>> Opensc-devel mailing list >>> Ope...@li... >>> https://lists.sourceforge.net/lists/listinfo/opensc-devel >>> > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
|
From: Douglas E E. <dee...@gm...> - 2016-02-21 19:54:31
|
The patch I sent you has a bug: memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */ should be: memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */ I have not tried the patch. On 2/21/2016 7:53 AM, Douglas E Engert wrote: > Try the attache patch. It is against http:/github.com/OpenSC/OpenSC > -- Douglas E. Engert <DEE...@gm...> |
|
From: <Joe...@we...> - 2016-02-22 15:51:51
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>
<div>Thanks for providing this patch, with this I got it _almost_ working :-)</div>
<div> </div>
<div>I ran into one real and two minor issues:</div>
<div>1) The real issue is that the outlen does not seem to be the expected signature length,</div>
<div>but the size of the buffer with some extra space. In my case it is 1024 and not the expected</div>
<div>512, so this does not work. But I guess it would be possible to compute the expected signature</div>
<div>length in a general way?</div>
<div> </div>
<div>2) Minor techical issues: the apdu was not updated in the end to return the new length,</div>
<div>and src and dest were mixed up in the memmove</div>
<div> </div>
<div>With this hacked up version of your patch I was able to get a valid signature :-) , but obviously it works only</div>
<div>for exactly my usecase with at most one leading zero:</div>
<div> </div>
<div>
<div>--- a/src/libopensc/card-openpgp.c<br/>
+++ b/src/libopensc/card-openpgp.c<br/>
@@ -1656,6 +1656,13 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,<br/>
r = sc_check_sw(card, apdu.sw1, apdu.sw2);<br/>
LOG_TEST_RET(card->ctx, r, "Card returned error");<br/>
<br/>
+ /* some cards may drop leading 0x00 byte on a signature */<br/>
+ if (apdu.resplen < 512) {<br/>
+ memmove(out + 1 , out, apdu.resplen); /* overlaping */<br/>
+ memset(out, 0, 1);<br/>
+ apdu.resplen = 512;<br/>
+ }<br/>
+</div>
<div> </div>
</div>
<div> </div>
<div>
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Gesendet:</b> Sonntag, 21. Februar 2016 um 20:54 Uhr<br/>
<b>Von:</b> "Douglas E Engert" <dee...@gm...><br/>
<b>An:</b> ope...@li...<br/>
<b>Betreff:</b> Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?</div>
<div name="quoted-content">The patch I sent you has a bug:<br/>
<br/>
memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */<br/>
should be:<br/>
<br/>
memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */<br/>
<br/>
<br/>
I have not tried the patch.<br/>
<br/>
On 2/21/2016 7:53 AM, Douglas E Engert wrote:<br/>
<br/>
> Try the attache patch. It is against http:/github.com/OpenSC/OpenSC<br/>
><br/>
<br/>
<br/>
--<br/>
<br/>
Douglas E. Engert <DEE...@gm...><br/>
<br/>
<br/>
------------------------------------------------------------------------------<br/>
Site24x7 APM Insight: Get Deep Visibility into Application Performance<br/>
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month<br/>
Monitor end-to-end web transactions and take corrective actions now<br/>
Troubleshoot faster and improve end-user experience. Signup Now!<br/>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140</a><br/>
_______________________________________________<br/>
Opensc-devel mailing list<br/>
Ope...@li...<br/>
<a href="https://lists.sourceforge.net/lists/listinfo/opensc-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/opensc-devel</a></div>
</div>
</div>
</div></div></body></html>
|
|
From: Douglas E E. <dee...@gm...> - 2016-02-22 18:17:01
|
On 2/22/2016 9:51 AM, Joe...@we... wrote:
> Thanks for providing this patch, with this I got it _almost_ working :-)
> I ran into one real and two minor issues:
> 1) The real issue is that the outlen does not seem to be the expected signature length,
> but the size of the buffer with some extra space. In my case it is 1024 and not the expected
> 512, so this does not work. But I guess it would be possible to compute the expected signature
> length in a general way?
sc_pkcs15_compute_signature set modlen lines 324-336 from the type of key and its size, then tests if outlen is big enough:
339 if (inlen > sizeof(buf) || outlen < modlen)
But then it passes to lower levels, it passes outlen:
434 r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen,
435 out, outlen);
In all cases other then the card you have this is not a problem.
So one possible fix is to set line 435 to:
out, modlen);
then do the memmove stuff if its too short.
BUT THIS IS A GLOBAL CHANGE, and would need testing for other cards. I don't see why it would be an issue,
but you never know...
If you try and do an openpgp only fix, it looks like by the time pgp_set_security_env and pgp_compute_signature
are called, they size of the key is not known, just the outlen. Som info cold be saved in the
Another way: card-openpgp.c only supports RSA. And only 4K, 2K and maybe 1K keys are used.
So if apdu.resplen within 4 bytes of one of these values, assume it is dropped 1, 2, 3 or 4 bytes,
and do the memmove stuff then. (Not perfect, but chance of failure to catch a short signature is 1/2^32)
There may be more info in the OpenPGP documents that would show how to save the key size internally
in one of the card-openpgp.c internal structures.
> 2) Minor techical issues: the apdu was not updated in the end to return the new length,
> and src and dest were mixed up in the memmove
OK, I never tested the code. good to here you got it working.
> With this hacked up version of your patch I was able to get a valid signature :-) , but obviously it works only
> for exactly my usecase with at most one leading zero:
> --- a/src/libopensc/card-openpgp.c
> +++ b/src/libopensc/card-openpgp.c
> @@ -1656,6 +1656,13 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
> r = sc_check_sw(card, apdu.sw1, apdu.sw2);
> LOG_TEST_RET(card->ctx, r, "Card returned error");
>
> + /* some cards may drop leading 0x00 byte on a signature */
> + if (apdu.resplen < 512) {
> + memmove(out + 1 , out, apdu.resplen); /* overlaping */
> + memset(out, 0, 1);
> + apdu.resplen = 512;
> + }
> +
> *Gesendet:* Sonntag, 21. Februar 2016 um 20:54 Uhr
> *Von:* "Douglas E Engert" <dee...@gm...>
> *An:* ope...@li...
> *Betreff:* Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?
> The patch I sent you has a bug:
>
> memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */
> should be:
>
> memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */
>
>
> I have not tried the patch.
>
> On 2/21/2016 7:53 AM, Douglas E Engert wrote:
>
> > Try the attache patch. It is against http:/github.com/OpenSC/OpenSC
> >
>
>
> --
>
> Douglas E. Engert <DEE...@gm...>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
--
Douglas E. Engert <DEE...@gm...>
|
|
From: <Joe...@we...> - 2016-02-24 17:17:47
|
Hi again,
thanks for your suggestions!
I took another look at this, but I did not find a nice solution to pass the information of the modlen
to the lower layers without having to change the API, which would probably be too much of a hazzle for everyone else.
But what about checking the returned length in sc_pkcs15_compute_signature itself? By this we'd still make the
entire outlen available to the drivers (in case someone needs more than modlen e.g. for temporary data), and would only
alter something if the retured data is less than modlen (but no error code), which to my understanding would
always be unwanted behavior.
The modified patch looks like this:
diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c
index 019d8a1..9c78acb
--- a/src/libopensc/pkcs15-sec.c
+++ b/src/libopensc/pkcs15-sec.c
@@ -433,6 +433,14 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card,
r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen,
out, outlen);
+
+ if (r >= 0 && (size_t)r < modlen) // returned size smaller than expected, add leading zeros
+ {
+ memmove(out + (modlen -r ), out, r); /* overlapping */
+ memset(out, 0, modlen -r );
+ r = modlen;
+ }
+
LOG_TEST_RET(ctx, r, "use_key() failed");
This is working fine for me, I tested it with about 10000 different input strings, but obviously just with my card and
with this one use case.
Gesendet: Montag, 22. Februar 2016 um 19:16 Uhr
Von: "Douglas E Engert" <dee...@gm...>
An: ope...@li...
Betreff: Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?
On 2/22/2016 9:51 AM, Joe...@we... wrote:
> Thanks for providing this patch, with this I got it _almost_ working :-)
> I ran into one real and two minor issues:
> 1) The real issue is that the outlen does not seem to be the expected signature length,
> but the size of the buffer with some extra space. In my case it is 1024 and not the expected
> 512, so this does not work. But I guess it would be possible to compute the expected signature
> length in a general way?
sc_pkcs15_compute_signature set modlen lines 324-336 from the type of key and its size, then tests if outlen is big enough:
339 if (inlen > sizeof(buf) || outlen < modlen)
But then it passes to lower levels, it passes outlen:
434 r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen,
435 out, outlen);
In all cases other then the card you have this is not a problem.
So one possible fix is to set line 435 to:
out, modlen);
then do the memmove stuff if its too short.
BUT THIS IS A GLOBAL CHANGE, and would need testing for other cards. I don't see why it would be an issue,
but you never know...
If you try and do an openpgp only fix, it looks like by the time pgp_set_security_env and pgp_compute_signature
are called, they size of the key is not known, just the outlen. Som info cold be saved in the
Another way: card-openpgp.c only supports RSA. And only 4K, 2K and maybe 1K keys are used.
So if apdu.resplen within 4 bytes of one of these values, assume it is dropped 1, 2, 3 or 4 bytes,
and do the memmove stuff then. (Not perfect, but chance of failure to catch a short signature is 1/2^32)
There may be more info in the OpenPGP documents that would show how to save the key size internally
in one of the card-openpgp.c internal structures.
> 2) Minor techical issues: the apdu was not updated in the end to return the new length,
> and src and dest were mixed up in the memmove
OK, I never tested the code. good to here you got it working.
> With this hacked up version of your patch I was able to get a valid signature :-) , but obviously it works only
> for exactly my usecase with at most one leading zero:
> --- a/src/libopensc/card-openpgp.c
> +++ b/src/libopensc/card-openpgp.c
> @@ -1656,6 +1656,13 @@ pgp_compute_signature(sc_card_t *card, const u8 *data,
> r = sc_check_sw(card, apdu.sw1, apdu.sw2);
> LOG_TEST_RET(card->ctx, r, "Card returned error");
>
> + /* some cards may drop leading 0x00 byte on a signature */
> + if (apdu.resplen < 512) {
> + memmove(out + 1 , out, apdu.resplen); /* overlaping */
> + memset(out, 0, 1);
> + apdu.resplen = 512;
> + }
> +
> *Gesendet:* Sonntag, 21. Februar 2016 um 20:54 Uhr
> *Von:* "Douglas E Engert" <dee...@gm...>
> *An:* ope...@li...
> *Betreff:* Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ?
> The patch I sent you has a bug:
>
> memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */
> should be:
>
> memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */
>
>
> I have not tried the patch.
>
> On 2/21/2016 7:53 AM, Douglas E Engert wrote:
>
> > Try the attache patch. It is against http:/github.com/OpenSC/OpenSC
> >
>
>
> --
>
> Douglas E. Engert <DEE...@gm...>
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel]
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140[http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140]
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel]
>
--
Douglas E. Engert <DEE...@gm...>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140[http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140]
_______________________________________________
Opensc-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel]
|
|
From: Douglas E E. <dee...@gm...> - 2016-02-24 17:45:03
|
Look OK to me for RSA, but may have issues with EC or GOST. So should only be done for RSA. Others need to comment on this. Can you submit this to github.com/OpenSC/OpenSC as a issue or pull request? https://github.com/OpenSC/OpenSC/issues https://github.com/OpenSC/OpenSC/pulls On 2/24/2016 11:17 AM, Joe...@we... wrote: > Hi again, > > thanks for your suggestions! > I took another look at this, but I did not find a nice solution to pass the information of the modlen > to the lower layers without having to change the API, which would probably be too much of a hazzle for everyone else. > > But what about checking the returned length in sc_pkcs15_compute_signature itself? By this we'd still make the > entire outlen available to the drivers (in case someone needs more than modlen e.g. for temporary data), and would only > alter something if the retured data is less than modlen (but no error code), which to my understanding would > always be unwanted behavior. > > The modified patch looks like this: > > diff --git a/src/libopensc/pkcs15-sec.c b/src/libopensc/pkcs15-sec.c > index 019d8a1..9c78acb > --- a/src/libopensc/pkcs15-sec.c > +++ b/src/libopensc/pkcs15-sec.c > @@ -433,6 +433,14 @@ int sc_pkcs15_compute_signature(struct sc_pkcs15_card *p15card, > > r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen, > out, outlen); > + > + if (r >= 0 && (size_t)r < modlen) // returned size smaller than expected, add leading zeros > + { > + memmove(out + (modlen -r ), out, r); /* overlapping */ > + memset(out, 0, modlen -r ); > + r = modlen; > + } > + > LOG_TEST_RET(ctx, r, "use_key() failed"); > > > This is working fine for me, I tested it with about 10000 different input strings, but obviously just with my card and > with this one use case. > > > > Gesendet: Montag, 22. Februar 2016 um 19:16 Uhr > Von: "Douglas E Engert" <dee...@gm...> > An: ope...@li... > Betreff: Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ? > On 2/22/2016 9:51 AM, Joe...@we... wrote: >> Thanks for providing this patch, with this I got it _almost_ working :-) >> I ran into one real and two minor issues: >> 1) The real issue is that the outlen does not seem to be the expected signature length, >> but the size of the buffer with some extra space. In my case it is 1024 and not the expected >> 512, so this does not work. But I guess it would be possible to compute the expected signature >> length in a general way? > > sc_pkcs15_compute_signature set modlen lines 324-336 from the type of key and its size, then tests if outlen is big enough: > > 339 if (inlen > sizeof(buf) || outlen < modlen) > > But then it passes to lower levels, it passes outlen: > > 434 r = use_key(p15card, obj, &senv, sc_compute_signature, tmp, inlen, > 435 out, outlen); > > In all cases other then the card you have this is not a problem. > > So one possible fix is to set line 435 to: > out, modlen); > then do the memmove stuff if its too short. > > BUT THIS IS A GLOBAL CHANGE, and would need testing for other cards. I don't see why it would be an issue, > but you never know... > > If you try and do an openpgp only fix, it looks like by the time pgp_set_security_env and pgp_compute_signature > are called, they size of the key is not known, just the outlen. Som info cold be saved in the > > Another way: card-openpgp.c only supports RSA. And only 4K, 2K and maybe 1K keys are used. > So if apdu.resplen within 4 bytes of one of these values, assume it is dropped 1, 2, 3 or 4 bytes, > and do the memmove stuff then. (Not perfect, but chance of failure to catch a short signature is 1/2^32) > > There may be more info in the OpenPGP documents that would show how to save the key size internally > in one of the card-openpgp.c internal structures. > > >> 2) Minor techical issues: the apdu was not updated in the end to return the new length, >> and src and dest were mixed up in the memmove > > OK, I never tested the code. good to here you got it working. > >> With this hacked up version of your patch I was able to get a valid signature :-) , but obviously it works only >> for exactly my usecase with at most one leading zero: >> --- a/src/libopensc/card-openpgp.c >> +++ b/src/libopensc/card-openpgp.c >> @@ -1656,6 +1656,13 @@ pgp_compute_signature(sc_card_t *card, const u8 *data, >> r = sc_check_sw(card, apdu.sw1, apdu.sw2); >> LOG_TEST_RET(card->ctx, r, "Card returned error"); >> >> + /* some cards may drop leading 0x00 byte on a signature */ >> + if (apdu.resplen < 512) { >> + memmove(out + 1 , out, apdu.resplen); /* overlaping */ >> + memset(out, 0, 1); >> + apdu.resplen = 512; >> + } >> + >> *Gesendet:* Sonntag, 21. Februar 2016 um 20:54 Uhr >> *Von:* "Douglas E Engert" <dee...@gm...> >> *An:* ope...@li... >> *Betreff:* Re: [Opensc-devel] Bad signature generated by pkcs15-crypt ? >> The patch I sent you has a bug: >> >> memmove(out, out -(outlen - apdu.resplen), apdu.resplen); /* overlaping */ >> should be: >> >> memmove(out, out + (outlen - apdu.resplen), apdu.resplen); /* overlaping */ >> >> >> I have not tried the patch. >> >> On 2/21/2016 7:53 AM, Douglas E Engert wrote: >> >>> Try the attache patch. It is against http:/github.com/OpenSC/OpenSC >>> >> >> >> -- >> >> Douglas E. Engert <DEE...@gm...> >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel] >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140[http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140] >> >> >> >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel] >> > > -- > > Douglas E. Engert <DEE...@gm...> > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140[http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140] > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel[https://lists.sourceforge.net/lists/listinfo/opensc-devel] > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- Douglas E. Engert <DEE...@gm...> |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X