Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

1,848 次查看
vishwanchandapu
Contributor III

Hi 


In latest SDK SE05x-MW-v04.03.00 pkcs11 sign and verify functionalities are broken.

Steps to re-produce,

pkcs11-tool --module /usr/lib/libsss_pkcs11.so --keypairgen --key-type rsa:1024 --label "sss:20202020"
pkcs11-tool --module /usr/lib/libsss_pkcs11.so --sign --label sss:20202020 -m SHA256-RSA-PKCS --slot 1 -i in.der -o rsa-signature.der 

Regards
Vishwa

 

 

 

0 项奖励
回复
6 回复数

1,790 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

I just got the latest MW v04.03.01 and tried your example with it, and looks like this issue got fixed in the latest version. Please kindly refer to the following for details.

Kan_Li_0-1678847944692.png

but I don't have the in.der file for further verification, maybe you can share it with me or tell me how to generate this file?

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 项奖励
回复

1,771 次查看
vishwanchandapu
Contributor III

Hi,


Look like in latest build it is NOT fixed. 

Regarding "in.der" that is any dummy input file. 

You can create using linux command.
cat "Test 1234" >  in.der

 

Regards

Vishwa

0 项奖励
回复

1,755 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

No, such kind of mutiple sign operation has not been supported but will be implemented in the future, for now you may split it into separate steps – first generate the digest, then do the signing, which may avoid using C_SignUpdate. Please kindly refer to the attachment for details.

 

Hope that makes sense,

 

Have a great day,

Kan

 

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

-------------------------------------------------------------------------------

0 项奖励
回复

1,816 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Would you please specify the platform as well as the se05x variant used in your tests? I may try to reproduce this issue here.

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复

1,814 次查看
vishwanchandapu
Contributor III

Hi @Kan_Li 

Thank for your response.
Platform: linux 
Variant :0x051C.

I think we have fix this, is there any way we can submit the patch?

Regards

Vishwa

 

 

0 项奖励
回复

1,810 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Good to know that! Yes, you may submit a private ticket for that topic, please refer to the following for details.

https://www.nxp.com/video/tutorial-for-nxp-support-case-portal:NCP-VIDEO

 

I also noticed you has posted another thread in https://community.nxp.com/t5/Secure-Authentication/C-GetAttributeValue-EC-PARAMS-failed-for-EC-secp5... , and if that is also the case, you may create a private ticket for it as well.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复