Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

1,118 Views
vishwanchandapu
Contributor III

Hi 


In latest SDK SE05x-MW-v04.03.00 pkcs11 sign and verify functionalities are broken.

Steps to re-produce,

pkcs11-tool --module /usr/lib/libsss_pkcs11.so --keypairgen --key-type rsa:1024 --label "sss:20202020"
pkcs11-tool --module /usr/lib/libsss_pkcs11.so --sign --label sss:20202020 -m SHA256-RSA-PKCS --slot 1 -i in.der -o rsa-signature.der 

Regards
Vishwa

 

 

 

0 Kudos
6 Replies

1,060 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

I just got the latest MW v04.03.01 and tried your example with it, and looks like this issue got fixed in the latest version. Please kindly refer to the following for details.

Kan_Li_0-1678847944692.png

but I don't have the in.der file for further verification, maybe you can share it with me or tell me how to generate this file?

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 Kudos

1,041 Views
vishwanchandapu
Contributor III

Hi,


Look like in latest build it is NOT fixed. 

Regarding "in.der" that is any dummy input file. 

You can create using linux command.
cat "Test 1234" >  in.der

 

Regards

Vishwa

0 Kudos

1,025 Views
Kan_Li
NXP TechSupport
NXP TechSupport

No, such kind of mutiple sign operation has not been supported but will be implemented in the future, for now you may split it into separate steps – first generate the digest, then do the signing, which may avoid using C_SignUpdate. Please kindly refer to the attachment for details.

 

Hope that makes sense,

 

Have a great day,

Kan

 

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

-------------------------------------------------------------------------------

0 Kudos

1,086 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Would you please specify the platform as well as the se05x variant used in your tests? I may try to reproduce this issue here.

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos

1,084 Views
vishwanchandapu
Contributor III

Hi @Kan_Li 

Thank for your response.
Platform: linux 
Variant :0x051C.

I think we have fix this, is there any way we can submit the patch?

Regards

Vishwa

 

 

0 Kudos

1,080 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Good to know that! Yes, you may submit a private ticket for that topic, please refer to the following for details.

https://www.nxp.com/video/tutorial-for-nxp-support-case-portal:NCP-VIDEO

 

I also noticed you has posted another thread in https://community.nxp.com/t5/Secure-Authentication/C-GetAttributeValue-EC-PARAMS-failed-for-EC-secp5... , and if that is also the case, you may create a private ticket for it as well.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 Kudos