unable to sign using ecdsa-with-SHA256 about pam_pkcs11 HOT 10 CLOSED

It looks like the problem comes from C_SignInit() failed: 0x00000063
In that case you should report the problem to the PKCS#11 library used with pam-pkcs11. In your case OpenSC.

from pam_pkcs11.

@LudovicRousseau this is the key loaded in smard card is it ok ?

 Private EC Key [PIV AUTH key]
Object Flags   : [0x1], private
Usage          : [0x4], sign
Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
FieldLength    : 256
Key ref        : 154 (0x9A)
Native         : yes
Auth ID        : 01
ID             : 01
MD:guid        : 0x'30

from pam_pkcs11.

Looks like pam_pkcs11 in pkcs11_lib.c only supports RSA and sha1.

sign_value() routine at line 1722 has:

Line 1726 only defines sha1
Line 1739 only supports CKK_RSA But not clear why line 1743 and 1744 did not return -1;
line 1746 : SHA1(data, length, &hash[15]);

line 1752: set_error("C_SignInit() failed: 0x%08lX", rv);

from pam_pkcs11.

@dengert so there is no support for ecdsa -sha256 :D ?

also i cant add keys to ssh agent (using PIN)

   $ ssh-add -s /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so 
  Enter passphrase for PKCS#11: 
  Could not add card "/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so": agent refused operation

and i have two files (debian sid)

   /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so 
   /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so 

how i can determine version of those libs (excluding dpkg) some headr md5 sha?

could be a curve related issue ?
i have gen private key with openssl as:

   ecparam -param_enc named_curve  -name prime256v1 

on yubico site there are witting

 "Follow the notes and try to use brew SSH and explicitly use those binaries not the default ssh.
 Alternatively, try using YKCS11 https://developers.yubico.com/yubico-pi ... notes.html"

@LudovicRousseau can i use YKCS11 with pam pkcs11?

https://developers.yubico.com/yubico-piv-tool/YKCS11_release_notes.html

from pam_pkcs11.

could problem lie in -param_enc
explicit vs named_curve ??

ps using explicit i cant upload key to yubikey as

 Unknown EC curve 0
 Unable to import private key

from pam_pkcs11.

The issue appears to be with the pam_pkcs11 that pre-dates ECDSA or SHA256 and only has support for RSA and SHA1. The sign_value() routine is computing the signature hash then calling C_SignInit and c_Sign to sign the hash which includes the OID of the hash algroithm and the hash.

For RSA, PKCS#11 defines many mechanisms that do the hash, padding and signature, internally but for ECDSA there is only CKM_ECDSA (no hash) and CKM_ECDSA_SHA1 (do the SHA1 then do the ECDSA internally) So for other hashes, the applications has to do the hash using OpenSSL for example or use PKCS#11 or one of the CKM_SHA* mechanisms, then pass this hash to the CKM_ECDSA. There is no requirement that a PKCS#11 implementation implement these hash only mechanisms. (OpenSC pkcs11 does if compiled with OpenSSL which is normally done) I don't know if the YKCS11 does or not.

pkcs11-tool -M can be used to see what mechanisms are supported for the card.

pkcs11_lib.c contains two versions of many routines including sign_value, one if using NSS and one if using OpenSSL. Both sign-value routines should be rewritten to support ECDSA. The OpenSSL version could use the OpenSSL digest routines to produce the hashes. Note unlike RSA signatures which include the OID of the hash algorithm, ECDSA does not.

The problem is not with the yubikey.

from pam_pkcs11.

@danger @LudovicRousseau
I do not "sit" (don't know if there is an idiom in English for what i want tray to say :) ) in cryptography and c .. I know at most Java so I can not help much & second i have no time ... I miss additional 48 hours a day ;/ but it would be nice for someone to make use of EC maybe @a-dma or @klali could provide some help :P

https://www.cryptsoft.com/pkcs11doc/v220/group__SEC__12__3__6__ECDSA__WITHOUT__HASHING.html

 Using slot 0 with a present token (0x0)
 Supported mechanisms:
   SHA-1, digest
   SHA256, digest
   SHA384, digest
   SHA512, digest
   MD5, digest
   RIPEMD160, digest
   GOSTR3411, digest
   **ECDSA, keySize={256,384}, hw, sign, other flags=0x1800000**
   ECDH1-COFACTOR-DERIVE, keySize={256,384}, hw, derive, other flags=0x1800000
   ECDH1-DERIVE, keySize={256,384}, hw, derive, other flags=0x1800000
   RSA-X-509, keySize={1024,3072}, hw, decrypt, sign, verify
   RSA-PKCS, keySize={1024,3072}, hw, decrypt, sign, verify
   SHA1-RSA-PKCS, keySize={1024,3072}, sign, verify
   SHA256-RSA-PKCS, keySize={1024,3072}, sign, verify
   SHA384-RSA-PKCS, keySize={1024,3072}, sign, verify
   SHA512-RSA-PKCS, keySize={1024,3072}, sign, verify
   MD5-RSA-PKCS, keySize={1024,3072}, sign, verify
   RIPEMD160-RSA-PKCS, keySize={1024,3072}, sign, verify

related:

https://bitbucket.org/PyKCS11/pykcs11/issues/23/ckm-ecdsa-creating-signatures
Yubico/yubico-piv-tool#83
http://osxr.org/android/ident?_i=CKM_ECDSA
https://bugzilla.mozilla.org/show_bug.cgi?id=327667
https://www.oasis-open.org/committees/download.php/50265/CKM_ECDSA_FIPS_186_4_v02.pdf
https://sourceforge.net/p/opencryptoki/opencryptoki/ci/3400be830fade6f2ea3c80d044f88f9d240ef9b0/tree/usr/lib/pkcs11/cca_stdll/sign_mgr.c?diff=12a8280869bcc2a96a4acd175db166bde6f255ae
https://bugzilla.mozilla.org/show_bug.cgi?id=613496
http://nullege.com/projects/show/27986
https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-October/034440.html
http://markmail.org/message/37ihqvplwwaicpmk
https://chromium.googlesource.com/chromiumos/third_party/opencryptoki/+/3400be830fade6f2ea3c80d044f88f9d240ef9b0%5E!/

from pam_pkcs11.

Ran into this issue (and the somewhat confusing error message), so i did a quick patch to v0.6.10 to get things working with openssl for me atleast:

01_priv_key_type.patch.txt
02_ecdsa_sha256.patch.txt
03_signature_length.patch.txt

from pam_pkcs11.

Thanks @sovaeta I used your 3 patches.
I also modified the second one to add support of OpenSSL 1.1 in addition to 1.0.

This issue should be closed now.
Please test the current git code and open a new issue if needed.

from pam_pkcs11.

Latest git working nicely for me, thanks!

from pam_pkcs11.