CODEWITHSUNDEEP
encryptioncryptographyrsadigital-signaturepkcs#11
lasjan
lasjan

Reputation: 171

RSA with ISO/IEC 9796-2 scheme 2 in PKCS11

Is there a way to create RSA signature with ISO-9796 scheme 2 using PKCS11 interface? I know there is proper mechanism listed among definitions (or at least I think so): CKM_RSA_9796 0x00000002

But according to ISO Descrption schema 2 requires parameters (i.e salt and trailer), which seems to be conflicting with

6.1.11 ISO/IEC 9796 RSA The ISO/IEC 9796 RSA mechanism, denoted CKM_RSA_9796, is a mechanism for single-part signatures and verification with and without message recovery based on the RSA public-key cryptosystem and the block formats defined in ISO/IEC 9796 and its annex A.

This mechanism does not have a parameter.

I tried to create such signature with (PKCS11 exception is thrown) and without parameters (does not seem to be valid) using PKCS11Interop C# class and HSM simulator. Any help would be appreciated.

EDIT

Code I'm using:

using (Session session = slot[slotIndex].OpenSession(SessionType.ReadOnly))
                    {
                        session.Login(CKU.CKU_USER, callback.GetPassword());

                        List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
                        objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY));

                        var prm = new Net.Pkcs11Interop.HighLevelAPI.MechanismParams.CkRsaPkcsPssParams(Convert.ToUInt32(CKM.CKM_SHA256), Convert.ToUInt32(CKG.CKG_MGF1_SHA256),Convert.ToUInt32(20));   
                        Mechanism mchanism = new Mechanism(CKM.CKM_RSA_9796,prm);
                        List<ObjectHandle> foundObjects = session.FindAllObjects(objectAttributes);
                        if (foundObjects != null && foundObjects.Count > 0)
                        {
                            signature = session.SignRecover(mchanism, foundObjects[0], result);
                        }
                        else
                        {
                            throw new DSException("There was a problem with reading private key from token");
                        }
                        session.Logout();
                    }

Exception I'm receiving:

Method C_SignRecoverInit returned CKR_MECHANISM_PARAM_INVALID

Thanks.

Upvotes: 2

Views: 1455

Answers (1)

lasjan
lasjan

Reputation: 171

Yeah, so I finally figured this out, or at least I think so. Turns out that CKM_RSA_9796 mechanism implements old, not very safe RSA_9796 sign mechanism, which requires message to have length < k/2, where k is private key length. So this was something different that I was looking for. According to fgrieu user commenting on StackExchange:

https://crypto.stackexchange.com/questions/24294/how-do-signrecover-and-verifyrecover-work.

there is NO IMPLEMENTATION of ISO/IEC 9796-2 scheme 2 in PKCS11 at all. I was able to create signature by breaking this process into 2 sub-processes. First one creates MessageRepresentative (as presented in http://www.sarm.am/docs/ISO_IEC_9796-2_2002(E)-Character_PDF_document.pdf) and second one - creating signature using CKM.CKM_RSA_X_509 in PKCS#11 implementation (using MessageRepresentative as input). Hope this will help someone in future.

Thanks for everyone who commented my question.

Upvotes: 4

Related Questions