RSA-PSS signature fails with --salt-len  0 or -2

### Problem Description

```
pkcs11-tool --sign --mechanism SHA256-RSA-PKCS-PSS --salt-len 0 --id 02 -o ~/src/s.sig -i ~/src/s
Using slot 1 with a present token (0x4)
Logging in to "<my token>".
Please enter User PIN: 
Using signature algorithm SHA256-RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=0 B
error: PKCS11 function C_SignInit failed: rv = CKR_MECHANISM_PARAM_INVALID (0x71)
Aborting.

$ pkcs11-tool --sign --mechanism SHA256-RSA-PKCS-PSS --salt-len -2 --id 02 -o ~/src/s.sig -i ~/src/s
Using slot 1 with a present token (0x4)
Logging in to "<my token>".
Please enter User PIN: 
Using signature algorithm SHA256-RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=222 B
error: PKCS11 function C_SignInit failed: rv = CKR_MECHANISM_PARAM_INVALID (0x71)
Aborting.
```

Needless to say:
```
$ pkcs11-tool --sign --mechanism SHA256-RSA-PKCS-PSS --salt-len -1 --id 02 -o ~/src/s.sig -i ~/src/s
Using slot 1 with a present token (0x4)
Logging in to "<my token>".
Please enter User PIN: 
Using signature algorithm SHA256-RSA-PKCS-PSS
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=32 B
$ 
```

### Proposed Resolution

Haven't figured yet.

### Steps to reproduce

See above.

### Logs

```
pkcs11-tool --module /Library/OpenSC/lib/pkcs11-spy.so --sign --mechanism SHA256-RSA-PKCS-PSS --salt-len 0 --id 02 -o ~/src/s.sig -i ~/src/s


*************** OpenSC PKCS#11 spy *****************
Loaded: "/Library/OpenSC/lib/opensc-pkcs11.so"

0: C_GetInterface
2021-12-26 22:34:30.822
[in] pInterfaceName 0000000105ad9d57 / 7
    00000000  50 4B 43 53 20 31 31                             PKCS 11         
[in] pVersion = NULL
[in] flags = 
Returned:  0 CKR_OK

1: C_Initialize
2021-12-26 22:34:30.823
[in] pInitArgs = 0x0
Returned:  0 CKR_OK

2: C_GetSlotList
2021-12-26 22:34:31.286
[in] tokenPresent = 0x0
[out] pSlotList: 
Count is 2
[out] *pulCount = 0x2
Returned:  0 CKR_OK

3: C_GetSlotList
2021-12-26 22:34:31.288
[in] tokenPresent = 0x0
[out] pSlotList: 
Slot 0
Slot 4
[out] *pulCount = 0x2
Returned:  0 CKR_OK

4: C_GetSlotInfo
2021-12-26 22:34:31.289
[in] slotID = 0x0
[out] pInfo: 
      slotDescription:        'SCR3310 Smart Card Reader       '
                              '                                '
      manufacturerID:         'Identiv                         '
      hardwareVersion:         6.0
      firmwareVersion:         0.0
      flags:                   6
        CKF_REMOVABLE_DEVICE             
        CKF_HW_SLOT                      
Returned:  0 CKR_OK

5: C_GetSlotInfo
2021-12-26 22:34:31.290
[in] slotID = 0x4
[out] pInfo: 
      slotDescription:        'Yubico YubiKey OTP+FIDO+CCID    '
                              '                                '
      manufacturerID:         'Yubico                          '
      hardwareVersion:         4.55
      firmwareVersion:         0.0
      flags:                   7
        CKF_TOKEN_PRESENT                
        CKF_REMOVABLE_DEVICE             
        CKF_HW_SLOT                      
Returned:  0 CKR_OK
Using slot 1 with a present token (0x4)
.  .  .
9: C_Login
2021-12-26 22:34:33.807
[in] hSession = 0x7fb159d08f30
[in] userType = CKU_USER
.  .  .
Returned:  0 CKR_OK

10: C_FindObjectsInit
2021-12-26 22:34:33.818
[in] hSession = 0x7fb159d08f30
[in] pTemplate[2]: 
    CKA_CLASS             CKO_PRIVATE_KEY      
.  .  .
Returned:  0 CKR_OK
.  .  .
17: C_FindObjectsFinal
2021-12-26 22:34:33.818
[in] hSession = 0x7fb159d08f30
Returned:  0 CKR_OK

18: C_GetAttributeValue
2021-12-26 22:34:33.818
[in] hSession = 0x7fb159d08f30
.  .  .   
Returned:  0 CKR_OK
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=0 B

19: C_SignInit
2021-12-26 22:34:33.818
[in] hSession = 0x7fb159d08f30
[in] pMechanism->type = CKM_SHA256_RSA_PKCS_PSS      
[in] pMechanism->pParameter->hashAlg = CKM_SHA256                   
[in] pMechanism->pParameter->mgf = CKG_MGF1_SHA256
[in] pMechanism->pParameter->sLen = 0
[in] hKey = 0x7fb169d067b0
Returned:  113 CKR_MECHANISM_PARAM_INVALID

20: C_Finalize
2021-12-26 22:34:33.818
Returned:  0 CKR_OK
error: PKCS11 function C_SignInit failed: rv = CKR_MECHANISM_PARAM_INVALID (0x71)
Aborting.
```

Same with `--salt-len -2`:
```
18: C_GetAttributeValue
2021-12-26 22:36:50.904
[in] hSession = 0x7facb8531080
.  .  .
Returned:  0 CKR_OK
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=222 B

19: C_SignInit
2021-12-26 22:36:50.904
[in] hSession = 0x7facb8531080
[in] pMechanism->type = CKM_SHA256_RSA_PKCS_PSS      
[in] pMechanism->pParameter->hashAlg = CKM_SHA256                   
[in] pMechanism->pParameter->mgf = CKG_MGF1_SHA256
[in] pMechanism->pParameter->sLen = 222
[in] hKey = 0x7facb852d6d0
Returned:  113 CKR_MECHANISM_PARAM_INVALID

20: C_Finalize
2021-12-26 22:36:50.904
Returned:  0 CKR_OK
error: PKCS11 function C_SignInit failed: rv = CKR_MECHANISM_PARAM_INVALID (0x71)
Aborting.
```

### Update

To show that the token seems to accept the PKCS#11 commands from `libykcs11.dylib` that seem to get rejected when `opensc-pkcs11.so` sends them:

```*************** OpenSC PKCS#11 spy *****************
Loaded: "/usr/local/lib/libykcs11.dylib"

0: C_GetInterface
2021-12-27 14:39:32.596
[compat]
[in] pInterfaceName 0000000109778d57 / 7
    00000000  50 4B 43 53 20 31 31                             PKCS 11         
[in] pVersion = NULL
[in] flags = 
Returned:  0 CKR_OK

1: C_Initialize
2021-12-27 14:39:32.596
[in] pInitArgs = 0x0
Returned:  0 CKR_OK

.   .   .

16: C_FindObjectsFinal
2021-12-27 14:39:36.924
[in] hSession = 0x1
Returned:  0 CKR_OK

17: C_GetAttributeValue
2021-12-27 14:39:36.924
[in] hSession = 0x1
[in] hObject = 0x70
[in] pTemplate[1]: 
    CKA_MODULUS_BITS      00007ffee66511a8 / 8
[out] pTemplate[1]: 
    CKA_MODULUS_BITS      00007ffee66511a8 / 8
    .  .  .  .  .
Returned:  0 CKR_OK
PSS parameters: hashAlg=SHA256, mgf=MGF1-SHA256, salt_len=0 B

18: C_SignInit
2021-12-27 14:39:36.924
[in] hSession = 0x1
[in] pMechanism->type = CKM_SHA256_RSA_PKCS_PSS      
[in] pMechanism->pParameter->hashAlg = CKM_SHA256                   
[in] pMechanism->pParameter->mgf = CKG_MGF1_SHA256
[in] pMechanism->pParameter->sLen = 0
[in] hKey = 0x57
Returned:  0 CKR_OK

19: C_GetAttributeValue
2021-12-27 14:39:36.924
[in] hSession = 0x1
[in] hObject = 0x57
[in] pTemplate[1]: 
    CKA_ALWAYS_AUTHENTICATE  00007ffee66529e0 / 1
[out] pTemplate[1]: 
    CKA_ALWAYS_AUTHENTICATE  False
Returned:  0 CKR_OK

20: C_SignUpdate
2021-12-27 14:39:36.924
[in] hSession = 0x1
[in] pPart[ulPartLen] 00007ffee66517a0 / 1025
    00000000  CF FA ED FE 07 00 00 01 03 00 00 00 02 00 00 00  ................
    00000010  11 00 00 00 D8 05 00 00 85 80 21 00 00 00 00 00  ..........!.....
    00000020  19 00 00 00 48 00 00 00 5F 5F 50 41 47 45 5A 45  ....H...__PAGEZE
    .   .   .   .   .
    000002B0  00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00  .@.......@......
    000002C0  00 40 00 00 00 00 00 00 03 00 00 00 03 00 00 00  .@..............
    000002D0  01 00 00 00 10 00 00 00 5F 5F 67 6F 74 00 00 00  ........__got...
    000002E0  00 00 00 00 00 00 00 00 5F 5F 44 41 54 41 5F 43  ........__DATA_C
    000002F0  4F 4E 53 54 00 00 00 00 00 40 00 00 01 00 00 00  ONST.....@......
    00000300  10 00 00 00 00 00 00 00 00 40 00 00 03 00 00 00  .........@......
    00000310  00 00 00 00 00 00 00 00 06 00 00 00 02 00 00 00  ................
    00000320  00 00 00 00 00 00 00 00 19 00 00 00 E8 00 00 00  ................
    00000330  5F 5F 44 41 54 41 00 00 00 00 00 00 00 00 00 00  __DATA..........
    00000340  00 80 00 00 01 00 00 00 00 40 00 00 00 00 00 00  .........@......
    00000350  00 80 00 00 00 00 00 00 00 40 00 00 00 00 00 00  .........@......
    00000360  03 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00  ................
    00000370  5F 5F 6C 61 5F 73 79 6D 62 6F 6C 5F 70 74 72 00  __la_symbol_ptr.
    00000380  5F 5F 44 41 54 41 00 00 00 00 00 00 00 00 00 00  __DATA..........
    00000390  00 80 00 00 01 00 00 00 10 00 00 00 00 00 00 00  ................
    000003A0  00 80 00 00 03 00 00 00 00 00 00 00 00 00 00 00  ................
    000003B0  07 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00  ................
    000003C0  5F 5F 64 61 74 61 00 00 00 00 00 00 00 00 00 00  __data..........
    000003D0  5F 5F 44 41 54 41 00 00 00 00 00 00 00 00 00 00  __DATA..........
    000003E0  10 80 00 00 01 00 00 00 08 00 00 00 00 00 00 00  ................
    000003F0  10 80 00 00 03 00 00 00 00 00 00 00 00 00 00 00  ................
    00000400  00                                               .               
Returned:  0 CKR_OK


```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RSA-PSS signature fails with --salt-len 0 or -2 #2474

Problem Description

Proposed Resolution

Steps to reproduce

Logs

Update

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

RSA-PSS signature fails with --salt-len 0 or -2 #2474

Description

Problem Description

Proposed Resolution

Steps to reproduce

Logs

Update

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions