Re: {Spam?} Invalid signature with PKCS11

2010-06-05 Thread Fares Gianluca 
Thanks TIM, it works as expected.



On 6/5/10 2:20 AM, Tim Hudson t...@cryptsoft.com wrote:

 On 5/06/2010 12:56 AM, Fares Gianluca wrote:
 Hi all,
 I¹m try to figure out why my X509_REQ signature is always not verified.
 I¹m using openssl-1.0.0 and gclib.dll provided by gemalto.
 
 It is helpful to actually provide a complete working example rather than just
 a 
 subset. However in this case the simple fix to the code is to pass in the
 correct information to C_Sign:
 
 just change:
 if ((rv = (C_Sign(hSession, m, m_len, buf_out, outl))) != CKR_OK) {
 to the following:
 if ((rv = (C_Sign(hSession, p, inl, buf_out, outl))) != CKR_OK) {
 
 You can remove the manual digest calls in the block before that as they are
 not 
 required.
 
 Basically the C_Sign operation wants the whole data passed to it (the request)
 and not a pre-calculated digest.
 
 After doing that the code will work on devices where that template is
 accepted.
 Generally you require additional information in the template when creating
 keys 
 making it clear which of the various operations are permitted.
 
 http://www.cryptsoft.com/pkcs11doc/v220/ contains the documentation for the
 current version of the PKCS#11 standard which also helps when working with
 various vendor devices.
 
 The bad signature is a rather accurate and precise error return - you were
 presenting a signature for different data (a digest) for verification against
 the request.
 
 Tim.
 
 


__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Invalid signature with PKCS11

2010-06-04 Thread Fares Gianluca 
Hi all,
I¹m try to figure out why my X509_REQ signature is always not verified. I¹m
using openssl-1.0.0 and gclib.dll provided by gemalto.

Here is my code:

// Some declarations are omitted
CK_BYTE data[2][1024];
CK_ATTRIBUTE keyAttr[] = {
{CKA_MODULUS, (void *)data[0], 1024},
{CKA_PUBLIC_EXPONENT, (void *)data[1], 1024},
};
CK_MECHANISM Mechanism = { CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0 };
CK_MECHANISM sMechanism = { 0, NULL_PTR, 0 };
CK_ATTRIBUTE GenPubTemplate[] = {
{CKA_MODULUS_BITS, mod_bits, sizeof(CK_ULONG)} ,
{CKA_PUBLIC_EXPONENT, (char *)\x01\x00\x01, 3} ,
{CKA_TOKEN, bTrue, sizeof(CK_BBOOL)} ,
{CKA_ID, keyID, strlen(keyID)}
};
CK_ATTRIBUTE GenPrivTemplate[] = {
{CKA_TOKEN, bTrue, sizeof(CK_BBOOL)} ,
{CKA_PRIVATE, bTrue, sizeof(CK_BBOOL)} ,
{CKA_SENSITIVE, bTrue, sizeof(CK_BBOOL)} ,
{CKA_ID, keyID, strlen(keyID)}
};


CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

// Create key pair
if ((rv = C_GenerateKeyPair(hSession, Mechanism, GenPubTemplate,
4, GenPrivTemplate, 4, hPublicKey, hPrivateKey)) !=
CKR_OK) {
return rv;
}
// Get modulus and public exponent
if ((rv = C_GetAttributeValue(hSession, hPublicKey, keyAttr,
sizeof(keyAttr)/sizeof(CK_ATTRIBUTE))) != CKR_OK) {
return rv;
}

// Setup RSA structure
rsa = RSA_new();
rsa-n = BN_bin2bn(data[0], keyAttr[0].ulValueLen, NULL); // MODULUS
rsa-e = BN_bin2bn(data[1], keyAttr[1].ulValueLen, NULL); // PUBLIC
EXPONENT

// Create X509 request for CSR
req = X509_REQ_new();
pkey = EVP_PKEY_new();

EVP_PKEY_assign_RSA(pkey, rsa );

X509_REQ_set_pubkey(req, pkey);

// Setup subject
name = X509_REQ_get_subject_name(req);

X509_NAME_add_entry_by_txt(name, C, MBSTRING_ASC, IT, -1, -1, 0);
X509_NAME_add_entry_by_txt(name, O, MBSTRING_ASC, Organization, -1,
-1, 0);
X509_NAME_add_entry_by_txt(name, OU, MBSTRING_ASC, Organization
Unit, -1, -1, 0);
X509_NAME_add_entry_by_txt(name, CN, MBSTRING_ASC, Common Name, -1,
-1, 0);

// Prepare the digest
digest=EVP_sha1();

inl=i2d_X509_REQ_INFO(req-req_info,NULL);
buf_in=(unsigned char *)MEMORY_ALLOC(inl);
p = buf_in;
i2d_X509_REQ_INFO(req-req_info,buf_in);

outl=EVP_PKEY_size(pkey);

// Create message digest
EVP_MD_CTX_init(ctx);
EVP_DigestInit(ctx,digest);
EVP_DigestUpdate(ctx,p,inl)
EVP_DigestFinal(ctx,m,m_len);

// Sign the digest with the private key using pkcs11 functions
sMechanism.mechanism = CKM_SHA1_RSA_PKCS;
if ((rv = (C_SignInit(hSession, sMechanism, hPrivateKey))) != CKR_OK) {
return rv;
}
if ((rv = (C_Sign(hSession, m, m_len, buf_out, outl))) != CKR_OK) {
return rv;
}

MEMORY_FREE(p);

// Setup request signature data
req-sig_alg-algorithm= OBJ_nid2obj(digest-pkey_type);
req-signature-data=buf_out;
req-signature-length=outl;

// Print formatted request to stdout
X509_REQ_print_fp(stdout, req);

// Print CSR in PEM format
fp = fopen(c:\\cert.csr, w);
PEM_write_X509_REQ(fp, req);
fclose(fp);


³Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IT, O=Organization, OU=Organization Unit, CN=Common Name
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (512 bit)
Modulus:
00:bc:f3:d2:65:6a:9d:5a:fe:c1:9e:5b:a3:ed:b2:
40:94:ae:db:b7:83:ce:eb:eb:3f:9c:27:75:9a:fe:
b9:5c:43:01:2c:36:22:d4:3a:d3:bb:79:f6:18:1c:
cb:3b:14:04:4e:ce:3b:99:6e:e8:cb:ad:04:55:ba:
d8:c4:b6:f8:d1
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
17:0a:b0:13:7e:b5:1a:d9:da:f6:76:91:b5:9d:40:91:01:7f:
57:e4:7d:16:16:a5:da:b3:18:a7:9f:6e:cf:c9:88:70:ca:45:
44:d7:4b:72:f2:21:ac:55:1c:5a:3d:97:24:63:69:92:4d:cd:
33:03:2a:2f:a1:34:63:2f:82:ea²


But if i run openssl req ­verify ­text ­modulus ­in c:\cert-csr I receive:

verify failure
3020:error:04077068:rsa routines:RSA_verify:bad
signature:.\crypto\rsa\rsa_sign.c:255:
3020:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:.\crypto\asn1\a_verify.c:173:
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IT, O=Organization, OU=Organization Unit, CN=Common Name
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:bc:f3:d2:65:6a:9d:5a:fe:c1:9e:5b:a3:ed:b2:
40:94:ae:db:b7:83:ce:eb:eb:3f:9c:27:75:9a:fe:
b9:5c:43:01:2c:36:22:d4:3a:d3:bb:79:f6:18:1c: