p11_list_keys() cycles through the classes.
and uses the iterate_entries() method is used to find the objects.
First i opens a session for login the
uses that session to search:
8: C_FindObjectsInit
[in] hSession = 0x8052438
[in] pTemplate[1]:
CKA_CLASS
CKO_PRIVATE_KEY
Returned: 0 CKR_OK
That finds 1 object then that object
has GetAttributeValue run through CKA_ID/CKA_VALUE, CKA_MODULUS, CKA_PUBLIC_EXPONENT
(fails, note below manually populated the rsa->e value with the exponent
from the certficate). All the values are reqeusted with a 0 buffer
to get the size, then with a second request with the proper buffer allocations.
Another FindObjects is called, this
returns an objects and the GetAttributeValues are run through as before.
This is the object that is used for the hKey value in CKA_SignInit
later.
Then the FindObjectsFinal is sent.
The FindObjectsInit is sent again;
23: C_FindObjectsInit
[in] hSession = 0x8052438
[in] pTemplate[1]:
CKA_CLASS
CKO_CERTIFICATE
Returned: 0 CKR_OK
That finds 1 object and then the GetAttributevalues
are run same as before for CKA_ID/CKA_VALUE,
then FindObjects is called again, a
different objects matches and GetAttributes are called for CKA_ID/CKA_VALUE
FindObjects is called again, with no
returned and findObjectsFinal, then the session is closed.
Next the applications Opens a new session
and does the C_SignInit with the hkey value of from the second object found
in the PRIVATE_KEY search. Then the C_Sign function fails.
I copied the PKCS11-spy module output
below in case I read this wrong:
*************** OpenSC PKCS#11 spy ***************** Loaded: "/usr/local/acgold/lib/libpkcs11.so"
> I think I just had a light bulb go off. The hKey value isn't
a key like a
> symmetric key. The hKey value is an object on the card, that
is the
> private key. Is this right?
Sort of. Its a handle to pass to the PKCS#11 that it uses to find the
key on the card.
>
> The hKey value is found in Mozilla with a FindObjectsInit using the
> pTemplate[2]:
> [in] pTemplate[2]:
> CKA_ID
[size : 0x1 (1)]
> 00
> CKA_CLASS
CKO_PRIVATE_KEY
>
> The object that matches is returned and used in the SignInit function.
>
> In heimdal pkinit it looks like it sends the FindObjectsInit with
just the
> CKA_CLASS for the Private key.
And what does the FindObject return? Just one key, or many keys.
Are the calls to the FindObject... and C_Sign all in the same session?
Are there any other calls between the two that would cause the PKCS#11
to get confused about what hKey was to be used with trhe C_Sign.
> Can I add the CKA_ID for 00 in the FindObjectsInit?
Maybe. But this may depend on how many keys are on the card,
and you need to use the key that matches the certificate.
The certificate should have a CKA_ID that can be used to find the
matching key. So the apliucation code should use this when it
is trying to find the key object.
Do you have a copy of the PKCS#11 douument? It can be found at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133
or Google for RSA PKCS#11 it "must" reading when debuging
PKCS#11.
>
>
>
> "Douglas E. Engert" <deengert@anl.gov>
> Sent by: owner-heimdal-discuss@sics.se
> 09/01/2006 10:44 AM
>
> To
> malexander@kcp.com
> cc
> heimdal-discuss@sics.se, owner-heimdal-discuss@sics.se
> Subject
> Re: pkinit integration with smart card
>
>
>
>
>
>
>
>
> malexander@kcp.com wrote:
>
>
>>Thanks for the response. Complely new to these low level
points with
>
> the
>
>>Smart Card so I've been looking up some terms, I appreciate the
advice.
>>
>>I looked at the PKCS11-tool output first:
>>pkcs11-tool --module /usr/local/acgold/lib/libpkcs11.so -M
Supported
>>mechanisms:
>
>
> I am not sure what the other flags are, but I would expect the
> RSA-PKCS would have sign, verify, wrap, unwrap, and maybe decrypt.
> Note it did not say sign, which is the operation you are trying to
do.
>
>
>> RSA-PKCS, wrap, unwrap, other flags=0x20000
>
>
>> SHA1-RSA-PKCS, sign, verify, wrap, unwrap, encrypt, decrypt,
>
> keypairgen,
>
>>other flags=0x2d000
>>
>
>
> The available mechanisum from PKCS11 are a combinatiuon of what can
be
> done
> in the software and the smartcard. For example the SHA1 hash might
be done
> by sending the data to the card, or could be done by the pkcs11 software
> to produce the hash.
>
> I am suprised if it can do SHA1_RSA_PKCS sign, it can't do
> RSA_PKCS as this just skips the hash set.
>
>
>
>
>>The length of the destination buffer is 128 bytes. The length
of the
>>signature in pData is 35 bytes. Is the CKM_RSA_X_509 mechanism
a tool
>
> of
>
>>the Card? Should/could the pData for signature be padded
to 128 with a
>>method external to the card?
>
>
> A sign with RSA_PKCS says take the input and pad with PKCS padding
01 then
> do an RSA encrypt using the private key. The data must be less then
> keysize-11 so normally the data sent is a hash of the data you really
want
> to sign.
>
> A sign with SHA1_RSA_PKCS says pass the data (any length) to the C_Sign
or
> (C_SignUpdate...+C_SignFinal) then do the padding and encrypt with
RSA.
>
> So as Love pointed out, the Heimdal applicaiton could send the data
> pre hashed data to the PKCS11 using SHA1_RSA_PKCS.
>
>
>>
>>
>>
>>
>>"Douglas E. Engert" <deengert@anl.gov>
>>Sent by: owner-heimdal-discuss@sics.se
>>08/31/2006 01:41 PM
>>
>>To
>>malexander@kcp.com
>>cc
>>heimdal-discuss@sics.se
>>Subject
>>Re: pkinit integration with smart card
>>
>>
>>
>>
>>
>>
>>I have gotten the Heimdal to work with other OpenSC supported cards.
>>
>>It could be that the card says it has the CKM_RSA_PKCS but really
does
>>not or the pkcs11 lib is simulating CKM_RSA_PKCS and is having
problems
>>doing the padding. It might be possible to use the CKM_RSA_X_509
(raw)
>>mechanisum, by doing the PKCS padding first, then calling the C_Sign
>>functions.
>>
>>Could also be that the pkcs11 is expecting the pSignature and
>>pSignatureLen
>>to be set correctly, i.e. for a 1024 key, to a 128 byte buffer,
and it
>
> is
>
>>returing the wrong error code.
>>
>>If you can use the OpenSC spy, can you use the pkcs11-tool as well
>>pointing it at your PKCS11( -module <sharedlib>)? What mechanisums
does
>>it say it has?
>>
>>
>>
>>malexander@kcp.com wrote:
>>
>>
>>
>>>Any idea as to why I would receive a CKR_FUNCTION_FAILED error
on the
>>>C_Sign operation from PKCS11 module?
>>>
>>>I'm getting to the signature operation on the smart card for
PKINIT when
>
>
>>
>>>the kinit segment faults. I used the pkcs11 spy library
from OpenSC and
>
>
>>
>>>the final operations it records with the card are:
>>>33: C_OpenSession
>>>[in] slotID = 0x1
>>>[in] flags = 0x4
>>>pApplication=(nil)
>>>Notify=(nil)
>>>[out] *phSession = 0x806b860
>>>Returned: 0 CKR_OK
>>>
>>>
>>>34: C_SignInit
>>>[in] hSession = 0x806b860
>>>pMechanism->type=CKM_RSA_PKCS
>>>[in] hKey = 0x8052508
>>>Returned: 0 CKR_OK
>>>
>>>
>>>35: C_Sign
>>>[in] hSession = 0x806b860
>>>[in] pData[ulDataLen] [size : 0x23 (35)]
>>> 30213009 06052B0E 03021A05 00041496 9A0A7A5A 74DA942D
CA0160DF
>>>CEABACB2
>>> EB2E3F
>>>Returned: 6 CKR_FUNCTION_FAILED
>>>
>>>I've been trying to get the pkinit functionality to work with
the
>>>ActivCard Gold middleware product. They provide the pkcs11
module;
>>
>>using
>>
>>
>>>this module I'm able to get it to work with SSH using a patch,
but I
>>
>>have
>>
>>
>>>not had success with heimdal.
>>>
>>>The module does not implement the CKA_PUBLIC_EXPONENT class.
Originally,
>
>
>>
>>>the kinit aborts due to the missing exponent and so that's
manually
>>>inserted to the value from the certificates on the Smart Card
in the
>>>ks_p11.c.
>>>
>>>rsa->e = getattr_bn(p, slot, session, object, CKA_PUBLIC_EXPONENT);
>>>if (rsa->e == NULL)
>>> BN_dec2bn(&rsa->e, "65537");
>>>if (rsa->e == NULL)
>>> _hx509_abort("CKA_PUBLIC_EXPONENT
missing");
>>>
>>>I've also changed the rsa->e to any number with the same
results, so I'm
>
>
>>
>>>wondering if I'm doing it right.
>>>
>>
>>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444