[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit integration with smart card





malexander@kcp.com wrote:

> I think I just had a light bulb go off.  The hKey value isn't a key like a 
> symmetric key.  The hKey value is an object on the card, that is the 
> private key.  Is this right?

Sort of. Its a handle to pass to the PKCS#11 that it uses to find the
key on the card.

> 
> The hKey value is found in Mozilla with a FindObjectsInit using the 
> pTemplate[2]:
> [in] pTemplate[2]: 
>     CKA_ID                [size : 0x1 (1)]
>     00
>     CKA_CLASS             CKO_PRIVATE_KEY 
> 
> The object that matches is returned and used in the SignInit function.
> 
> In heimdal pkinit it looks like it sends the FindObjectsInit with just the 
> CKA_CLASS for the Private key. 

And what does the FindObject return? Just one key, or many keys.
Are the calls to the FindObject... and C_Sign all in the same session?
Are there any other calls between the two that would cause the PKCS#11
to get confused about what hKey was to be used with trhe C_Sign.

> Can I add the CKA_ID for 00 in the FindObjectsInit?


Maybe. But this may depend on how many keys are on the card,
and you need to use the key that matches the certificate.
The certificate should have a CKA_ID that can be used to find the
matching key. So the apliucation code should use this when it
is trying to find the key object.


Do you have a copy of the PKCS#11 douument? It can be found at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133
or Google for RSA PKCS#11  it "must" reading when debuging PKCS#11.


> 
> 
> 
> "Douglas E. Engert" <deengert@anl.gov> 
> Sent by: owner-heimdal-discuss@sics.se
> 09/01/2006 10:44 AM
> 
> To
> malexander@kcp.com
> cc
> heimdal-discuss@sics.se, owner-heimdal-discuss@sics.se
> Subject
> Re: pkinit integration with smart card
> 
> 
> 
> 
> 
> 
> 
> 
> malexander@kcp.com wrote:
> 
> 
>>Thanks for the response.  Complely new to these low level points with 
> 
> the 
> 
>>Smart Card so I've been looking up some terms, I appreciate the advice.
>>
>>I looked at the PKCS11-tool output first:
>>pkcs11-tool --module /usr/local/acgold/lib/libpkcs11.so  -M  Supported 
>>mechanisms:
> 
> 
> I am not sure what the other flags are, but I would expect the
> RSA-PKCS would have sign, verify, wrap, unwrap, and maybe decrypt.
> Note it did not say sign, which is the operation you are trying to do.
> 
> 
>>  RSA-PKCS, wrap, unwrap, other flags=0x20000
> 
> 
>>  SHA1-RSA-PKCS, sign, verify, wrap, unwrap, encrypt, decrypt, 
> 
> keypairgen, 
> 
>>other flags=0x2d000
>>
> 
> 
> The available mechanisum from PKCS11 are a combinatiuon of what can be 
> done
> in the software and the smartcard. For example the SHA1 hash might be done
> by sending the data to the card, or could be done by the pkcs11 software
> to produce the hash.
> 
> I am suprised if it can do SHA1_RSA_PKCS sign, it can't do
> RSA_PKCS as this just skips the hash set.
> 
> 
> 
> 
>>The length of the destination buffer is 128 bytes.  The length of the 
>>signature in pData is 35 bytes.  Is the CKM_RSA_X_509 mechanism a tool 
> 
> of 
> 
>>the Card?  Should/could the pData for signature be padded to 128 with a 
>>method external to the card?
> 
> 
> A sign with RSA_PKCS says take the input and pad with PKCS padding 01 then
> do an RSA encrypt using the private key. The data must be less then
> keysize-11 so normally the data sent is a hash of the data you really want
> to sign.
> 
> A sign with SHA1_RSA_PKCS says pass the data (any length) to the C_Sign or
> (C_SignUpdate...+C_SignFinal) then do the padding and encrypt with RSA.
> 
> So as Love pointed out, the Heimdal applicaiton could send the data
> pre hashed data to the PKCS11 using SHA1_RSA_PKCS.
> 
> 
>>
>>
>>
>>
>>"Douglas E. Engert" <deengert@anl.gov> 
>>Sent by: owner-heimdal-discuss@sics.se
>>08/31/2006 01:41 PM
>>
>>To
>>malexander@kcp.com
>>cc
>>heimdal-discuss@sics.se
>>Subject
>>Re: pkinit integration with smart card
>>
>>
>>
>>
>>
>>
>>I have gotten the Heimdal to work with other OpenSC supported cards.
>>
>>It could be that the card says it has the CKM_RSA_PKCS but really does
>>not or the pkcs11 lib is simulating CKM_RSA_PKCS and is having problems
>>doing the padding.  It might be possible to use the CKM_RSA_X_509 (raw)
>>mechanisum, by doing the PKCS padding first, then calling the C_Sign
>>functions.
>>
>>Could also be that the pkcs11 is expecting the pSignature and 
>>pSignatureLen
>>to be set correctly, i.e. for a 1024 key, to a 128 byte buffer, and it 
> 
> is
> 
>>returing the wrong error code.
>>
>>If you can use the OpenSC spy, can you use the pkcs11-tool as well
>>pointing it at your PKCS11( -module <sharedlib>)? What mechanisums does
>>it say it has?
>>
>>
>>
>>malexander@kcp.com wrote:
>>
>>
>>
>>>Any idea as to why I would receive a CKR_FUNCTION_FAILED error on the 
>>>C_Sign operation from PKCS11 module? 
>>>
>>>I'm getting to the signature operation on the smart card for PKINIT when 
> 
> 
>>
>>>the kinit segment faults.  I used the pkcs11 spy library from OpenSC and 
> 
> 
>>
>>>the final operations it records with the card are:
>>>33: C_OpenSession
>>>[in] slotID = 0x1
>>>[in] flags = 0x4
>>>pApplication=(nil)
>>>Notify=(nil)
>>>[out] *phSession = 0x806b860
>>>Returned:  0 CKR_OK
>>>
>>>
>>>34: C_SignInit
>>>[in] hSession = 0x806b860
>>>pMechanism->type=CKM_RSA_PKCS
>>>[in] hKey = 0x8052508
>>>Returned:  0 CKR_OK
>>>
>>>
>>>35: C_Sign
>>>[in] hSession = 0x806b860
>>>[in] pData[ulDataLen] [size : 0x23 (35)]
>>>   30213009 06052B0E 03021A05 00041496 9A0A7A5A 74DA942D CA0160DF 
>>>CEABACB2
>>>   EB2E3F
>>>Returned:  6 CKR_FUNCTION_FAILED
>>>
>>>I've been trying to get the pkinit functionality to work with the 
>>>ActivCard Gold middleware product.  They provide the pkcs11 module; 
>>
>>using 
>>
>>
>>>this module I'm able to get it to work with SSH using a patch, but I 
>>
>>have 
>>
>>
>>>not had success with heimdal.
>>>
>>>The module does not implement the CKA_PUBLIC_EXPONENT class. Originally, 
> 
> 
>>
>>>the kinit aborts due to the missing exponent and so that's manually 
>>>inserted to the value from the certificates on the Smart Card in the 
>>>ks_p11.c.
>>>
>>>rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT);
>>>if (rsa->e == NULL)
>>>       BN_dec2bn(&rsa->e, "65537");
>>>if (rsa->e == NULL)
>>>       _hx509_abort("CKA_PUBLIC_EXPONENT missing");
>>>
>>>I've also changed the rsa->e to any number with the same results, so I'm 
> 
> 
>>
>>>wondering if I'm doing it right.
>>>
>>
>>
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444