xmlsec from <https://www.aleksey.com/xmlsec/> is a library to verify XML
signatures (and more). It has a number of backends, one of them being
NSS. Currently only the openssl backend of xmlsec supports ECDSA, and
I'm trying to add support for ECDSA in its NSS backend. My first goal
would be verifying a signature I know is valid (since openssl accepts

Here is my work-in-progress code:


If you ignore the boilerplate code, it maps the xmlsec ECDSA key type to
ecKey, the xmlsec ECDSA-SHA256 combined type to

If you clone that repo, and built it like (on Linux):

./configure --with-pic --disable-shared --disable-crypto-dl --without-libxslt 
--without-gnutls --without-gcrypt --without-openssl --enable-debugging
cd tests/aleksey-xmldsig-01
../../apps/xmlsec1 verify --trusted-der ../keys/cacert.der --enabled-key-data 
x509 enveloping-sha256-ecdsa-sha256.xml

is a reproduce for the problem I have. Here are the details I figured
out so far:

- NSS wants the signature data (64 bytes) as a der-encoded pairs of
  integers, so need to encode them before handing over the SECItem to
  NSS in my client code (the above patch already does that).
- Once this is solved, VFY_EndWithSignature() fails with (end of my gdb

397         crv = PK11_GETTAB(slot)->C_CreateObject(rwsession,
383         SECStatus rv = SECSuccess;
397         crv = PK11_GETTAB(slot)->C_CreateObject(rwsession,
400         if (crv != CKR_OK) {
(gdb) print /x crv
$1 = 0x130
(gdb) bt
#0  PK11_CreateNewObject (slot=slot@entry=0x6929a0, session=session@entry=0, 
theTemplate=theTemplate@entry=0x7fffffffd0a0, count=count@entry=7, 
    objectID=objectID@entry=0x7fffffffd098) at pk11obj.c:400
#1  0x00007ffff7675c15 in PK11_ImportPublicKey (slot=slot@entry=0x6929a0, 
pubKey=pubKey@entry=0x6ae8d0, isToken=isToken@entry=0) at pk11akey.c:232
#2  0x00007ffff768e872 in PK11_VerifyWithMechanism (key=0x6ae8d0, 
mechanism=<optimized out>, param=param@entry=0x0, sig=sig@entry=0x7fffffffd2a0, 
    wincx=<optimized out>) at pk11obj.c:736
#3  0x00007ffff768e99e in PK11_Verify (key=<optimized out>, 
sig=sig@entry=0x7fffffffd2a0, hash=hash@entry=0x7fffffffd280, wincx=<optimized 
out>) at pk11obj.c:690
#4  0x00007ffff7673722 in VFY_EndWithSignature (cx=0x6a2d70, 
sig=sig@entry=0x7fffffffd360) at secvfy.c:596
#5  0x0000000000418c31 in xmlSecNssSignatureVerify (transform=0x6ab4d0, 
    dataSize=64, transformCtx=<optimized out>) at signatures.c:347
#6  0x0000000000443b9a in xmlSecTransformVerifyNodeContent (transform=0x6ab4d0, 
node=<optimized out>, transformCtx=transformCtx@entry=0x7fffffffd710) at 
#7  0x000000000044e0f4 in xmlSecDSigCtxVerify 
(dsigCtx=dsigCtx@entry=0x7fffffffd450, node=<optimized out>) at xmldsig.c:353
#8  0x000000000040929c in xmlSecAppVerifyFile (filename=<optimized out>) at 
#9  0x000000000040737d in main (argc=7, argv=0x7fffffffd9e8) at xmlsec.c:1058


Needless to say, if I do the RSA equivalent of this (the name of the
test file in the same directory is enveloping-sha256-rsa-sha256.xml),
then verification works fine.

Any idea what can be the problem here? At least with the distro-provided
nss (which is build with optimization enabled) I can't step into
C_CreateObject() in gdb.

But maybe there is something more fundamental here. :-)

If there is anything above that is not enough for reproducing the
problem, please let me know.

Thanks a lot,

dev-tech-crypto mailing list

Reply via email to