Re: [opensc-devel] PIV: signature output format

Mon, 25 Jun 2012 12:22:36 -0700 

Just back from vacation...

On 6/21/2012 9:50 AM, Viktor TARASOV wrote:
> Hi Douglas,
>
> I'm trying to get signature with the PIV card and verify it with the 'openssl 
> pkeyutl'.
> I use EC key #04 "CARD AUTH Key".
>
> It fails because of the 'raw' output format of the signature produced by 
> OpenSC.
> OpenSSL expects the signature as a ASN1 sequence of two integers.
>
> I've seen in card-piv.c your comments:
> https://github.com/OpenSC/OpenSC/blob/staging/src/libopensc/card-piv.c#L2023
>>          /* The PIV returns a DER SEQUENCE{INTEGER, INTEGER}
>>           * Which may have leading 00 to force positive
>>           * TODO: -DEE should check if PKCS15 want the same
>
> It seems that PKCS#15 really wants it.
>
>>           * But PKCS11 just wants 2* filed_length in bytes
> Can you explain more? Why it wants 'raw' data?

PKCS#11 v2.30: says:

    6.3.1 EC Signatures
    For the purposes of these mechanisms, an ECDSA signature is an octet string 
of even
    length which is at most two times nLen octets, where nLen is the length in 
octets of the
    base point order n. The signature octets correspond to the concatenation of 
the ECDSA
    values r and s, both represented as an octet string of equal length of at 
most nLen with the
    most significant byte first. If r and s have different octet length, the 
shorter of both must
    be padded with leading zero octets such that both have the same octet 
length.

PKCS#11 2.20 in Section 12.3.1 says the same as above.

PKCS#11 2.01 11.4.3 says basically the same thing, but assumes a fixed size of  
nLen=20.

So PKCS#11 is not returning ASN1 but just the concatenation of r and s.

>
>>           * So we have to strip out the integers
>>           * if present and pad on left if too short.
>>           */
>
>
> I would propose to keep the ASN1 encoded data at the PKCS#15 level,
> and, if needed, to convert it to the 'raw' format by dedicated procedure in 
> the pkcs15 framework of pkcs11.

Where do you see in PKCS#15 that a ECDSA signature is in ANS1?

If it needs to be ASN1, then yes the conversion could be done in the framework.


>
> Kind regards,
> Viktor.
>
>
>
>
>
>
>
>
>
>

-- 

  Douglas E. Engert  <deeng...@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to