Hello Martin, On Oct 26, 2010, at 11:31 PM, Martin Boßlet wrote:
> I implemented computation of the hash on-device, and it works fine except for > one odd problem: What happened to your implementation? Is it available somewhere? Do you have a patch? It feels an important and interesting development. Unfortunately I'm not sure if I have hardware that can do the last round hashing on the card (need to check though...) > > I am using an Aladdin eToken for performing tests, and I call C_SignInit, > C_SignUpdate and finally C_SignFinal on the PKCS#11 level using mechanism > CKM_SHA1_RSA_PKCS for SHA-1 (similar for SHA-2 family). This works perfectly > fine unless the byte array I pass to C_SignUpdate is less than or equal to > the block size of the underlying hash algorithm, in the case of SHA-1, 64 > bytes. Any input longer than 64 bytes will be accepted, but for smaller input > buffers I receive an error from my eToken. > I don't get this behaviour, because the token should be perfectly capable of > padding a message shorter than 64 bytes correctly and then compute the hash > value for this padded block, as it does it anyway for the final block of any > message larger than 64 bytes. > > Has anyone encountered this before (probably with different hardware)? Even > better, can anyone explain this weird behavior? > > Regards, > Martin > > 2010/10/20 Martin Boßlet <martin.boss...@googlemail.com> > I looked into the SHA-1specification and into PKCS#11 to see how I could > perform the last round of the hash on-device and came up with the following > approach: > If e.g. the last block of the message digest calculation should be computed > on-device and the previous blocks in software, then I would have to transfer > the result of my last computation in software as the initial value of the > state variables on the card. There seems to be no way to do this with > PKCS#11. But then I thought about this and I figured that this optimization > will actually be done by the PKCS#11 driver when using mechanism > CKM_SHA1_RSA_PKCS, right? > Therefore I could use CKM_SHA1_RSA_PKCS directly and the driver would do the > trick? Did I understand this correctly? > > Regards, > Martin > > 2010/10/19 Martin Boßlet <martin.boss...@googlemail.com> > > As mentioned, computing the last round of the hash on the device and > the previous rounds in software would be the perfect thing to have. > Is it ok if I try to implement this for libp11 and submit the solution > for review? If the solution is accepted I could then move on to > integrate this feature into enginePkcs11! > -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
