Skip to content

Unable to perform ECDSA signature when field_size extension is not present #3236

New issue
New issue
Closed
#3248
#3240
Closed
Unable to perform ECDSA signature when field_size extension is not present#3236
#3248
#3240
@hamarituc

Description

@hamarituc
hamarituc
opened on Sep 18, 2024

Problem Description

I was about to implement the ECDSA signature for D-Trust 4.1 signature card and observed the following issue. I used the code in https://github.com/hamarituc/OpenSC/tree/dtrust-ecc. The hash to be signed is prepared by OpenSC and the card does the signature. The private key descriptor file doesn't contain the proprietary field_size extension. This leads to prkey->field_length beeing 0 in src/libopensc/pkcs15-sec.c:

/* PKCS#11 MECHANISMS V2.30: 6.3.1 EC Signatures
 * If the length of the hash value is larger than the bit length of n, only
 * the leftmost bits of the hash up to the length of n will be used. Any
 * truncation is done by the token.
 * But if card is going to do the hash, pass in all the data
 */
else if (senv.algorithm == SC_ALGORITHM_EC &&
                (senv.algorithm_flags & SC_ALGORITHM_ECDSA_HASHES) == 0) { 
        inlen = MIN(inlen, (prkey->field_length+7)/8);
}

The variable inlen initially contains the size of the hash to be signed, but now gets set to 0. This late issues a signing command with empty data later which fails.

This is the content of the cryptographic information application:

OpenSC [3F00/0104]> asn1 5032
30 SEQUENCE (68 bytes)
   02 INTEGER (1 byte): 1
   04 OCTET STRING (10 bytes)
      92 76 00 32 11 86 00 05 45 0F .v.2....E.
   0C UTF8String (16 bytes): D-TRUST GmbH (C)
   80 Context 0  (29 bytes)
      44 2D 54 52 55 53 54 20 43 61 72 64 20 34 2E 31 D-TRUST Card 4.1
      20 4D 31 30 30 20 45 43 43 20 32 63 61           M100 ECC 2ca
   03 BIT STRING (2 bytes): 110

This is the content of the private key directory:

OpenSC [3F00/0104]> asn1 5001
A0 Context 0  (62 bytes)
   30 SEQUENCE (35 bytes)
      0C UTF8String (26 bytes): Authentisierungsschluessel
      03 BIT STRING (2 bytes): 01
      04 OCTET STRING (1 byte): 03 .
   30 SEQUENCE (11 bytes)
      04 OCTET STRING (1 byte): 03 .
      03 BIT STRING (3 bytes): 100000100
      02 INTEGER (1 byte): 131
   A1 Context 1  (10 bytes)
      30 SEQUENCE (8 bytes)
         30 SEQUENCE (6 bytes)
            04 OCTET STRING (4 bytes): 3F 00 01 02 ?...
A0 Context 0  (57 bytes)
   30 SEQUENCE (30 bytes)
      0C UTF8String (18 bytes): Signaturschluessel
      03 BIT STRING (2 bytes): 01
      04 OCTET STRING (1 byte): 07 .
      02 INTEGER (1 byte): 100
   30 SEQUENCE (11 bytes)
      04 OCTET STRING (1 byte): 02 .
      03 BIT STRING (3 bytes): 1000000000
      02 INTEGER (1 byte): 130
   A1 Context 1  (10 bytes)
      30 SEQUENCE (8 bytes)
         30 SEQUENCE (6 bytes)
            04 OCTET STRING (4 bytes): 3F 00 01 01 ?...

Proposed Resolution

Commenting out the above cited C code, resolves the issue. But of course it is there for a specific reason, so this just demonstrates the error originates there. The case that the field_size extension is not present should be handled properly. But as I don't know how to do it, I chosen to open this issue to seeking for assistance.

Steps to reproduce

Execute the following command on the D-Trust 4.1/4.4 multisignature card.

$ echo "Sign me" | pkcs11-tool --slot 1 -a Signaturzertifikat -s -m ECDSA-SHA256 -p 1234567890

Logs

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions