Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Broken pkcs11 sign and verify in SDK SE05x-MW-v04.03.00

1,264件の閲覧回数
vishwanchandapu
Contributor III

Hi 


In latest SDK SE05x-MW-v04.03.00 pkcs11 sign and verify functionalities are broken.

Steps to re-produce,

pkcs11-tool --module /usr/lib/libsss_pkcs11.so --keypairgen --key-type rsa:1024 --label "sss:20202020"
pkcs11-tool --module /usr/lib/libsss_pkcs11.so --sign --label sss:20202020 -m SHA256-RSA-PKCS --slot 1 -i in.der -o rsa-signature.der 

Regards
Vishwa

 

 

 

0 件の賞賛
返信
6 返答(返信)

1,206件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

I just got the latest MW v04.03.01 and tried your example with it, and looks like this issue got fixed in the latest version. Please kindly refer to the following for details.

Kan_Li_0-1678847944692.png

but I don't have the in.der file for further verification, maybe you can share it with me or tell me how to generate this file?

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

 

0 件の賞賛
返信

1,187件の閲覧回数
vishwanchandapu
Contributor III

Hi,


Look like in latest build it is NOT fixed. 

Regarding "in.der" that is any dummy input file. 

You can create using linux command.
cat "Test 1234" >  in.der

 

Regards

Vishwa

0 件の賞賛
返信

1,171件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

No, such kind of mutiple sign operation has not been supported but will be implemented in the future, for now you may split it into separate steps – first generate the digest, then do the signing, which may avoid using C_SignUpdate. Please kindly refer to the attachment for details.

 

Hope that makes sense,

 

Have a great day,

Kan

 

 

-------------------------------------------------------------------------------

Note:

- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored

Please open a new thread and refer to the closed one, if you have a related question at a later point in time.

-------------------------------------------------------------------------------

0 件の賞賛
返信

1,232件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Would you please specify the platform as well as the se05x variant used in your tests? I may try to reproduce this issue here.

 

Thanks for your patience!

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信

1,230件の閲覧回数
vishwanchandapu
Contributor III

Hi @Kan_Li 

Thank for your response.
Platform: linux 
Variant :0x051C.

I think we have fix this, is there any way we can submit the patch?

Regards

Vishwa

 

 

0 件の賞賛
返信

1,226件の閲覧回数
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @vishwanchandapu ,

 

Good to know that! Yes, you may submit a private ticket for that topic, please refer to the following for details.

https://www.nxp.com/video/tutorial-for-nxp-support-case-portal:NCP-VIDEO

 

I also noticed you has posted another thread in https://community.nxp.com/t5/Secure-Authentication/C-GetAttributeValue-EC-PARAMS-failed-for-EC-secp5... , and if that is also the case, you may create a private ticket for it as well.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 件の賞賛
返信