Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

1,849 Views
vishwanchandapu
Contributor III

Hi 


In latest SDK SE05x-MW-v04.03.00 pkcs11 sign and verify functionalities are broken.

Steps to re-produce,

pkcs11-tool --module /usr/lib/libsss_pkcs11.so --keypairgen --key-type rsa:1024 --label "sss:20202020"
pkcs11-tool --module /usr/lib/libsss_pkcs11.so --sign --label sss:20202020 -m SHA256-RSA-PKCS --slot 1 -i in.der -o rsa-signature.der 

Regards
Vishwa

 

 

 

0 Kudos
Reply
6 Replies

1,791 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

I just got the latest MW v04.03.01 and tried your example with it, and looks like this issue got fixed in the latest version. Please kindly refer to the following for details.

Kan_Li_0-1678847944692.png

but I don't have the in.der file for further verification, maybe you can share it with me or tell me how to generate this file?

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos
Reply

1,772 Views
vishwanchandapu
Contributor III

Hi,


Look like in latest build it is NOT fixed. 

Regarding "in.der" that is any dummy input file. 

You can create using linux command.
cat "Test 1234" >  in.der

 

Regards

Vishwa

0 Kudos
Reply

1,756 Views
Kan_Li
NXP TechSupport
NXP TechSupport

No, such kind of mutiple sign operation has not been supported but will be implemented in the future, for now you may split it into separate steps – first generate the digest, then do the signing, which may avoid using C_SignUpdate. Please kindly refer to the attachment for details.

 

Hope that makes sense,

 

Have a great day,

Kan

 

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

-------------------------------------------------------------------------------

0 Kudos
Reply

1,817 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Would you please specify the platform as well as the se05x variant used in your tests? I may try to reproduce this issue here.

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply

1,815 Views
vishwanchandapu
Contributor III

Hi @Kan_Li 

Thank for your response.
Platform: linux 
Variant :0x051C.

I think we have fix this, is there any way we can submit the patch?

Regards

Vishwa

 

 

0 Kudos
Reply

1,811 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Good to know that! Yes, you may submit a private ticket for that topic, please refer to the following for details.

https://www.nxp.com/video/tutorial-for-nxp-support-case-portal:NCP-VIDEO

 

I also noticed you has posted another thread in https://community.nxp.com/t5/Secure-Authentication/C-GetAttributeValue-EC-PARAMS-failed-for-EC-secp5... , and if that is also the case, you may create a private ticket for it as well.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos
Reply